Connect to the internet and play songs from a web app

Dependencies:   mbed Socket lwip-eth lwip-sys lwip

Files at this revision

API Documentation at this revision

Comitter:
maclobdell
Date:
Wed May 18 19:06:32 2016 +0000
Commit message:
clean version

Changed in this revision

MACROS.txt Show annotated file Show diff for this revision Revisions of this file
main.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/EthernetInterface/EthernetInterface.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/EthernetInterface/EthernetInterface.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/EthernetInterface/Socket.lib Show annotated file Show diff for this revision Revisions of this file
mbed-client/EthernetInterface/eth_arch.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/EthernetInterface/lwip-eth.lib Show annotated file Show diff for this revision Revisions of this file
mbed-client/EthernetInterface/lwip-sys.lib Show annotated file Show diff for this revision Revisions of this file
mbed-client/EthernetInterface/lwip.lib Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/LICENSE Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/README.txt Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/apache-2.0.txt Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/eh.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/nsdl-c/sn_coap_header.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/nsdl-c/sn_coap_protocol.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/nsdl-c/sn_nsdl.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/nsdl-c/sn_nsdl_lib.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libCoap/src/include/sn_coap_header_internal.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libCoap/src/include/sn_coap_protocol_internal.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libCoap/src/sn_coap_builder.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libCoap/src/sn_coap_header_check.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libCoap/src/sn_coap_parser.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libCoap/src/sn_coap_protocol.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libNsdl/src/include/sn_grs.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libNsdl/src/sn_grs.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-c/source/libNsdl/src/sn_nsdl.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-classic/eh.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-classic/mbed-client-classic/m2mconnectionhandlerpimpl.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-classic/mbed-client-classic/m2mtimerpimpl.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-classic/mbed-client-classic/threadwrapper.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-classic/source/m2mconnectionhandler.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-classic/source/m2mconnectionhandlerpimpl.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-classic/source/m2mtimer.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-classic/source/m2mtimerpimpl.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-mbedtls/LICENSE Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-mbedtls/README.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-mbedtls/apache-2.0.txt Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-mbedtls/eh.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-mbedtls/mbed-client-mbedtls/m2mconnectionsecuritypimpl.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-mbedtls/source/m2mconnectionsecurity.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client-mbedtls/source/m2mconnectionsecuritypimpl.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/LICENSE Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/README.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/docs/Howto.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/docs/Introduction.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/docs/index.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/docs/known-issues-mbed-client1511.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/docs/porting-guide.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/docs/release-note-mbed-client-1511.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/doxygen/mbedclient_doxy Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/eh.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/functionpointer.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mbase.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mconfig.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mconnectionhandler.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mconnectionobserver.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mconnectionsecurity.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mconstants.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mdevice.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mfirmware.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2minterface.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2minterfacefactory.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2minterfaceobserver.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mobject.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mobjectinstance.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mobservationhandler.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mreportobserver.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mresource.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mresourceinstance.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2msecurity.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mserver.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mstring.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mtimer.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mtimerobserver.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/mbed-client/m2mvector.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/eventdata.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/m2minterfaceimpl.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/m2mnsdlinterface.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/m2mnsdlobserver.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/m2mreporthandler.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/m2mtlvdeserializer.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/m2mtlvserializer.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/nsdlaccesshelper.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/nsdllinker.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/include/smartpointer.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mbase.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mconstants.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mdevice.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mfirmware.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2minterfacefactory.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2minterfaceimpl.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mnsdlinterface.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mobject.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mobjectinstance.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mreporthandler.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mresource.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mresourceinstance.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2msecurity.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mserver.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mstring.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mtlvdeserializer.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/m2mtlvserializer.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-client/source/nsdlaccesshelper.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/Mail.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/MemoryPool.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/Mutex.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/Mutex.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/Queue.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/RtosTimer.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/RtosTimer.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/Semaphore.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/Semaphore.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/Thread.cpp Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/Thread.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtos/rtos.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/ARM7/TOOLCHAIN_GCC/HAL_CM0.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/ARM7/TOOLCHAIN_GCC/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/HAL_CM.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/RTX_CM_lib.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/RTX_Conf.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/RTX_Conf_CM.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/cmsis_os.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/os_tcb.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_CMSIS.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Event.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Event.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_HAL_CM.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_List.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_List.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Mailbox.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Mailbox.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_MemBox.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_MemBox.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Mutex.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Mutex.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Robin.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Robin.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Semaphore.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Semaphore.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_System.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_System.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Task.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Task.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Time.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Time.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_TypeDef.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/HAL_CA.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/RTX_CM_lib.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/RTX_Conf_CA.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/RTX_Config.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_ARM/HAL_CA9.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_ARM/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_GCC/HAL_CA9.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_GCC/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_IAR/HAL_CA9.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_IAR/HAL_CA9_asm.s Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_IAR/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/cmsis_os.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_CMSIS.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Event.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Event.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_HAL_CA.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_HAL_CM.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_List.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_List.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Mailbox.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Mailbox.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_MemBox.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_MemBox.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Memory.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Memory.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Mutex.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Mutex.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Robin.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Robin.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Semaphore.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Semaphore.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_System.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_System.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Task.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Task.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Time.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Time.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Timer.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_TypeDef.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/HAL_CM.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/RTX_CM_lib.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/RTX_Conf.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/RTX_Conf_CM.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_ARM/HAL_CM0.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_ARM/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_GCC/HAL_CM0.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_GCC/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_IAR/HAL_CM0.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_IAR/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_ARM/HAL_CM0.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_ARM/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_GCC/HAL_CM0.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_GCC/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_IAR/HAL_CM0.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_IAR/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_ARM/HAL_CM3.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_ARM/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_GCC/HAL_CM3.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_GCC/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_IAR/HAL_CM3.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_IAR/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_ARM/HAL_CM4.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_ARM/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_GCC/HAL_CM4.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_GCC/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_IAR/HAL_CM4.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_IAR/SVC_Table.S Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/cmsis_os.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/os_tcb.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_CMSIS.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Event.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Event.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_HAL_CM.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_List.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_List.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Mailbox.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Mailbox.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_MemBox.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_MemBox.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Mutex.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Mutex.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Robin.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Robin.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Semaphore.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Semaphore.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_System.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_System.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Task.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Task.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Time.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Time.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_TypeDef.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/LICENSE Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/README.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/apache-2.0.txt Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/eh.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/aes.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/aesni.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/arc4.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/asn1.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/asn1write.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/base64.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/bignum.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/blowfish.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/bn_mul.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/camellia.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ccm.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/certs.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/check_config.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/cipher.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/cipher_internal.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/compat-1.3.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/config.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ctr_drbg.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/debug.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/des.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/dhm.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ecdh.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ecdsa.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ecjpake.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ecp.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/entropy.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/entropy_poll.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/error.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/gcm.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/havege.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/hmac_drbg.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/md.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/md2.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/md4.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/md5.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/md_internal.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/memory_buffer_alloc.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/net.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/oid.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/padlock.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/pem.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/pk.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/pk_internal.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/pkcs11.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/pkcs12.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/pkcs5.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/platform.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ripemd160.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/rsa.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/sha1.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/sha256.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/sha512.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ssl.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ssl_cache.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ssl_ciphersuites.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ssl_cookie.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ssl_internal.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/ssl_ticket.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/target_config.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/threading.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/timing.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/version.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/x509.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/x509_crl.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/x509_crt.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/x509_csr.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/mbedtls/xtea.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/aes.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/aesni.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/arc4.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/asn1parse.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/asn1write.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/base64.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/bignum.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/blowfish.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/camellia.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ccm.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/certs.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/cipher.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/cipher_wrap.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ctr_drbg.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/debug.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/des.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/dhm.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ecdh.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ecdsa.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ecjpake.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ecp.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ecp_curves.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/entropy.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/entropy_hardware_poll.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/entropy_poll.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/error.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/gcm.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/havege.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/hmac_drbg.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/md.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/md2.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/md4.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/md5.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/md_wrap.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/memory_buffer_alloc.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/net.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/oid.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/padlock.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/pem.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/pk.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/pk_wrap.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/pkcs11.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/pkcs12.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/pkcs5.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/pkparse.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/pkwrite.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/platform.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ripemd160.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/rsa.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/sha1.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/sha256.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/sha512.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ssl_cache.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ssl_ciphersuites.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ssl_cli.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ssl_cookie.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ssl_srv.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ssl_ticket.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/ssl_tls.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/threading.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/timing.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/version.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/version_features.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/x509.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/x509_create.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/x509_crl.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/x509_crt.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/x509_csr.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/x509write_crt.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/x509write_csr.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/mbedtls/source/xtea.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/LICENSE Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/README.md Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/apache-2.0.txt Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/eh.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/mbed-client-libservice/common_functions.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/mbed-client-libservice/ip6string.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/mbed-client-libservice/ip_fsc.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/mbed-client-libservice/ns_list.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/mbed-client-libservice/ns_trace.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/mbed-client-libservice/ns_types.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/mbed-client-libservice/nsdynmemLIB.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/mbed-client-libservice/platform/arm_hal_interrupt.h Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/source/IPv6_fcf_lib/ip_fsc.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/source/libBits/common_functions.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/source/libList/ns_list.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/source/libTrace/ns_trace.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/source/libTrace/scripts/fetch_groups.sh Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/source/libip6string/ip6tos.c Show annotated file Show diff for this revision Revisions of this file
mbed-client/nanostack-libservice/source/libip6string/stoip6.c Show annotated file Show diff for this revision Revisions of this file
mbed.bld Show annotated file Show diff for this revision Revisions of this file
security.h Show annotated file Show diff for this revision Revisions of this file
simpleclient.h Show annotated file Show diff for this revision Revisions of this file
tones.h Show annotated file Show diff for this revision Revisions of this file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/MACROS.txt	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,4 @@
+YOTTA_CFG
+YOTTA_CONFIG
+TARGET_LIKE_MBED
+TARGET_LIKE_CORTEX_M4
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/main.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,241 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+#include "mbed.h"       // this tells us to load mbed OS related functions
+#include "tones.h"                   // list of all the tones and their frequencies
+#include "simpleclient.h"
+#include <string>
+#include <sstream>
+#include <vector>
+
+Serial output(USBTX, USBRX);
+
+PwmOut buzzer(D3);                   // our buzzer is a PWM output (pulse-width modulation)
+
+static int BPM = 35;
+
+EthernetInterface eth;
+
+// These are example resource values for the Device Object
+struct MbedClientDevice device = {
+    "Manufacturer_String",      // Manufacturer
+    "Type_String",              // Type
+    "ModelNumber_String",       // ModelNumber
+    "SerialNumber_String"       // SerialNumber
+};
+
+// Instantiate the class which implements LWM2M Client API (from simpleclient.h)
+MbedClient mbed_client(device);
+
+// this is our function that plays a tone. 
+// Takes in a tone frequency, and after duration (in ms.) we stop playing again
+static void playTone(int tone, int duration) {
+
+    buzzer.period_us(1000000/tone);  //period in us
+    buzzer.write(0.10f); // 10% duty cycle, otherwise it's too loud
+    wait_us(1000*duration/2);  //play for half the length
+    buzzer.write(0.0f);
+    wait_us(1000*duration/2);  //silence for half the length
+
+}
+
+static void play_song(std::vector<int>* melody, std::vector<int>* duration) {
+    
+	output.printf("play_song\n\r");
+	for (int i = 0; i < melody->size(); i++) {
+        int tone = melody->at(0);
+        // BPM is quarter notes per minute, so length in milliseconds is:
+        int length = static_cast<int>(static_cast<float>(1000 / duration->at(0)) * (60000.0f / static_cast<float>(BPM * 1000)));
+        
+        // printf("tone %d, length %d, duration %d\r\n", tone, length, duration->at(0));
+        
+        if (melody->at(i) != 0) {
+            playTone(melody->at(i), length);
+        }
+        else {
+            buzzer = 0.0f;
+            wait_ms(length);
+        }
+    }
+}
+
+
+/*
+ * The buzzer contains two properties (notes, duration) and a function (play).
+ * When the function play_song_from_cloud is executed, the notes and duration patterns are read,
+ * and the song will be played.
+ */
+class BuzzerResource {
+public:
+    BuzzerResource() {
+        // create ObjectID with metadata tag of 'buzzer', which is not defined by the LWM2M standard but we can use it for this demo
+        buzzer_object = M2MInterfaceFactory::create_object("buzzer");
+        M2MObjectInstance* buzzer_inst = buzzer_object->create_object_instance();
+
+        // notes resource
+        M2MResource* notes_res = buzzer_inst->create_dynamic_resource("notes", "",
+            M2MResourceInstance::STRING, true); //observable
+
+        // read and write
+        notes_res->set_operation(M2MBase::GET_PUT_ALLOWED);
+        
+		// set initial pattern
+        char notes_buffer[100];
+        int notes_size = sprintf(notes_buffer,"262:277");
+                    
+        notes_res->set_value((const uint8_t*)notes_buffer,
+                             (uint32_t)notes_size);
+    
+        // duration resource
+        M2MResource* duration_res = buzzer_inst->create_dynamic_resource("duration", "",
+            M2MResourceInstance::STRING, true);  //observable
+
+        duration_res->set_operation(M2MBase::GET_PUT_ALLOWED);
+        
+		// set initial pattern
+        char dur_buffer[100];
+        int dur_size = sprintf(dur_buffer,"4:4");
+                                
+        duration_res->set_value((const uint8_t*)dur_buffer,
+                                (uint32_t)dur_size);
+
+        // play resource
+	    M2MResource* play_res = buzzer_inst->create_dynamic_resource("play", "",
+	        M2MResourceInstance::STRING, false);  //not observable
+
+        play_res->set_operation(M2MBase::POST_ALLOWED);
+                    
+		play_res->set_execute_function(execute_callback(this, &BuzzerResource::play_song_cloud));
+
+
+}
+
+    M2MObject* get_object() {
+        return buzzer_object;
+    }
+
+	/*TODO - move the actual call to play_song_cloud to the main function, to avoid
+	  running it in interrupt context.  Use a flag or semaphore set by the callback and checked for
+	  in the main function */
+	  
+    void play_song_cloud(void *) {
+
+		output.printf("play song cloud triggered!\r\n");
+
+        // read the object storing resources 'notes' and 'duration'
+        M2MObjectInstance* inst = buzzer_object->object_instance();
+
+        M2MResource* n_res = inst->resource("notes");
+
+        // values in mbed Client are all buffers, and we need a vector of int's
+        uint8_t* n_buffIn = NULL;
+        uint32_t n_sizeIn;
+        n_res->get_value(n_buffIn, n_sizeIn);
+
+		output.printf("notes = %s\n\r",n_buffIn);
+		
+    	std::stringstream notesPattern((char*)n_buffIn, n_sizeIn);
+    	
+    	std::vector<int>* notes = new std::vector<int>;
+    	{
+        	std::string n_item;
+        	while (std::getline(notesPattern, n_item, ':')) {
+            	notes->push_back(atoi((const char*)n_item.c_str()));
+         	}
+     	}
+    
+        M2MResource* d_res = inst->resource("duration");
+
+        // values in mbed Client are all buffers, and we need a vector of int's
+        uint8_t* d_buffIn = NULL;
+        uint32_t d_sizeIn;
+        
+        d_res->get_value(d_buffIn, d_sizeIn);
+        
+		output.printf("durations = %s\n\r",d_buffIn);
+        
+        //TODO: investigate why passing in d_sizeIn causes it to think there are always 0 durations 
+    	//std::stringstream durationPattern((char*)d_buffIn, d_sizeIn);
+    	std::stringstream durationPattern((char*)d_buffIn, 100);
+    	    		
+    	std::vector<int>* durations = new std::vector<int>;
+    	{
+        	std::string d_item;
+           	while (std::getline(durationPattern, d_item, ':')) {
+            	durations->push_back(atoi((const char*)d_item.c_str()));
+        	}
+    	}
+   	
+    	if (notes->size() != durations->size()) {
+        	output.printf("Notes and duration have different sizes (%d vs %d), abort!\r\n", notes->size(), durations->size());
+        	return;
+    	}
+    
+    	play_song(notes, durations);
+	}
+
+private:
+    M2MObject* buzzer_object;
+
+
+};
+
+// Entry point to the program
+int main() {
+ 
+    green = 1; // turn green off
+    
+    // This sets up the network interface configuration which will be used
+    // by LWM2M Client API to communicate with mbed Device server.
+    eth.init(); //Use DHCP
+    eth.connect();
+
+    output.printf("[ETH] IP address %s\r\n", eth.getIPAddress());
+    output.printf("[ETH] Device name %s\r\n", MBED_ENDPOINT_NAME);
+
+    // Create LWM2M Client API interface to manage register and unregister
+    mbed_client.create_interface();
+
+	// Create resource for interactions between the device and server
+	BuzzerResource * buzzer_resource = new BuzzerResource();
+
+    // Create LWM2M server object specifying mbed device server
+    // information.
+    M2MSecurity* register_object = mbed_client.create_register_object();
+
+    // Add all the objects that you would like to register
+    // into the list and pass the list for register API.
+    M2MObjectList object_list;
+    object_list.push_back(buzzer_resource->get_object());
+
+    mbed_client.set_register_object(register_object);
+
+    // Register with mbed Device Connector
+    mbed_client.test_register(register_object, object_list);
+
+    //TODO: should check for play command received and play song from main
+    //      to avoid doing too much in interrupt context.
+    	
+    while (true) {
+    	
+    	wait_ms(25000);  //wait 25 seconds
+    	output.printf("Updating registration\n\r");
+    	mbed_client.test_update_register();  //update registration
+    	
+    }
+      
+ }
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/EthernetInterface/EthernetInterface.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,156 @@
+/* EthernetInterface.cpp */
+/* Copyright (C) 2012 mbed.org, MIT License
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software
+ * and associated documentation files (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge, publish, distribute,
+ * sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
+ * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "EthernetInterface.h"
+
+#include "lwip/inet.h"
+#include "lwip/netif.h"
+#include "netif/etharp.h"
+#include "lwip/dhcp.h"
+#include "eth_arch.h"
+#include "lwip/tcpip.h"
+
+#include "mbed.h"
+
+/* TCP/IP and Network Interface Initialisation */
+static struct netif netif;
+
+static char mac_addr[19];
+static char ip_addr[17] = "\0";
+static char gateway[17] = "\0";
+static char networkmask[17] = "\0";
+static bool use_dhcp = false;
+
+static Semaphore tcpip_inited(0);
+static Semaphore netif_linked(0);
+static Semaphore netif_up(0);
+
+static void tcpip_init_done(void *arg) {
+    tcpip_inited.release();
+}
+
+static void netif_link_callback(struct netif *netif) {
+    if (netif_is_link_up(netif)) {
+        netif_linked.release();
+    }
+}
+
+static void netif_status_callback(struct netif *netif) {
+    if (netif_is_up(netif)) {
+        strcpy(ip_addr, inet_ntoa(netif->ip_addr));
+        strcpy(gateway, inet_ntoa(netif->gw));
+        strcpy(networkmask, inet_ntoa(netif->netmask));
+        netif_up.release();
+    }
+}
+
+static void init_netif(ip_addr_t *ipaddr, ip_addr_t *netmask, ip_addr_t *gw) {
+    tcpip_init(tcpip_init_done, NULL);
+    tcpip_inited.wait();
+    
+    memset((void*) &netif, 0, sizeof(netif));
+    netif_add(&netif, ipaddr, netmask, gw, NULL, eth_arch_enetif_init, tcpip_input);
+    netif_set_default(&netif);
+    
+    netif_set_link_callback  (&netif, netif_link_callback);
+    netif_set_status_callback(&netif, netif_status_callback);
+}
+
+static void set_mac_address(void) {
+#if (MBED_MAC_ADDRESS_SUM != MBED_MAC_ADDR_INTERFACE)
+    snprintf(mac_addr, 19, "%02x:%02x:%02x:%02x:%02x:%02x", MBED_MAC_ADDR_0, MBED_MAC_ADDR_1, MBED_MAC_ADDR_2,
+             MBED_MAC_ADDR_3, MBED_MAC_ADDR_4, MBED_MAC_ADDR_5);
+#else
+    char mac[6];
+    mbed_mac_address(mac);
+    snprintf(mac_addr, 19, "%02x:%02x:%02x:%02x:%02x:%02x", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
+#endif
+}
+
+int EthernetInterface::init() {
+    use_dhcp = true;
+    set_mac_address();
+    init_netif(NULL, NULL, NULL);
+    return 0;
+}
+
+int EthernetInterface::init(const char* ip, const char* mask, const char* gateway) {
+    use_dhcp = false;
+    
+    set_mac_address();
+    strcpy(ip_addr, ip);
+    
+    ip_addr_t ip_n, mask_n, gateway_n;
+    inet_aton(ip, &ip_n);
+    inet_aton(mask, &mask_n);
+    inet_aton(gateway, &gateway_n);
+    init_netif(&ip_n, &mask_n, &gateway_n);
+    
+    return 0;
+}
+
+int EthernetInterface::connect(unsigned int timeout_ms) {
+    eth_arch_enable_interrupts();
+
+    int inited;
+    if (use_dhcp) {
+        dhcp_start(&netif);
+        
+        // Wait for an IP Address
+        // -1: error, 0: timeout
+        inited = netif_up.wait(timeout_ms);
+    } else {
+        netif_set_up(&netif);
+        
+        // Wait for the link up
+        inited = netif_linked.wait(timeout_ms);
+    }
+    
+    return (inited > 0) ? (0) : (-1);
+}
+
+int EthernetInterface::disconnect() {
+    if (use_dhcp) {
+        dhcp_release(&netif);
+        dhcp_stop(&netif);
+    } else {
+        netif_set_down(&netif);
+    }
+    
+    eth_arch_disable_interrupts();
+    
+    return 0;
+}
+
+char* EthernetInterface::getMACAddress() {
+    return mac_addr;
+}
+
+char* EthernetInterface::getIPAddress() {
+    return ip_addr;
+}
+
+char* EthernetInterface::getGateway() {
+    return gateway;
+}
+
+char* EthernetInterface::getNetworkMask() {
+    return networkmask;
+}
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/EthernetInterface/EthernetInterface.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,90 @@
+/* EthernetInterface.h */
+/* Copyright (C) 2012 mbed.org, MIT License
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software
+ * and associated documentation files (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge, publish, distribute,
+ * sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
+ * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+ 
+#ifndef ETHERNETINTERFACE_H_
+#define ETHERNETINTERFACE_H_
+
+#if !defined(TARGET_LPC1768) && !defined(TARGET_LPC4088) && !defined(TARGET_LPC4088_DM) && !defined(TARGET_K64F) && !defined(TARGET_RZ_A1H) && !defined(TARGET_STM32F4)
+#error The Ethernet Interface library is not supported on this target
+#endif
+
+#include "rtos.h"
+#include "lwip/netif.h"
+
+ /** Interface using Ethernet to connect to an IP-based network
+ *
+ */
+class EthernetInterface {
+public:
+  /** Initialize the interface with DHCP.
+  * Initialize the interface and configure it to use DHCP (no connection at this point).
+  * \return 0 on success, a negative number on failure
+  */
+  static int init(); //With DHCP
+
+  /** Initialize the interface with a static IP address.
+  * Initialize the interface and configure it with the following static configuration (no connection at this point).
+  * \param ip the IP address to use
+  * \param mask the IP address mask
+  * \param gateway the gateway to use
+  * \return 0 on success, a negative number on failure
+  */
+  static int init(const char* ip, const char* mask, const char* gateway);
+
+  /** Connect
+  * Bring the interface up, start DHCP if needed.
+  * \param   timeout_ms  timeout in ms (default: (15)s).
+  * \return 0 on success, a negative number on failure
+  */
+  static int connect(unsigned int timeout_ms=15000);
+  
+  /** Disconnect
+  * Bring the interface down
+  * \return 0 on success, a negative number on failure
+  */
+  static int disconnect();
+  
+  /** Get the MAC address of your Ethernet interface
+   * \return a pointer to a string containing the MAC address
+   */
+  static char* getMACAddress();
+  
+  /** Get the IP address of your Ethernet interface
+   * \return a pointer to a string containing the IP address
+   */
+  static char* getIPAddress();
+
+  /** Get the Gateway address of your Ethernet interface
+   * \return a pointer to a string containing the Gateway address
+   */
+  static char* getGateway();
+
+  /** Get the Network mask of your Ethernet interface
+   * \return a pointer to a string containing the Network mask
+   */
+  static char* getNetworkMask();
+};
+
+#include "TCPSocketConnection.h"
+#include "TCPSocketServer.h"
+
+#include "Endpoint.h"
+#include "UDPSocket.h"
+
+#endif /* ETHERNETINTERFACE_H_ */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/EthernetInterface/Socket.lib	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1 @@
+http://mbed.org/users/mbed_official/code/Socket/#434906b5b977
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/EthernetInterface/eth_arch.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,41 @@
+/* EthernetInterface.h */
+/* Copyright (C) 2012 mbed.org, MIT License
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software
+ * and associated documentation files (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge, publish, distribute,
+ * sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
+ * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+// Architecture specific Ethernet interface
+// Must be implemented by each target
+
+#ifndef ETHARCH_H_
+#define ETHARCH_H_
+
+#include "lwip/netif.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void eth_arch_enable_interrupts(void);
+void eth_arch_disable_interrupts(void);
+err_t eth_arch_enetif_init(struct netif *netif);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // #ifndef ETHARCHINTERFACE_H_
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/EthernetInterface/lwip-eth.lib	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1 @@
+http://mbed.org/users/mbed_official/code/lwip-eth/#4380f0749039
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/EthernetInterface/lwip-sys.lib	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1 @@
+http://mbed.org/users/mbed_official/code/lwip-sys/#12e78a2462d0
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/EthernetInterface/lwip.lib	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1 @@
+http://mbed.org/users/mbed_official/code/lwip/#1046f8be4d44
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/LICENSE	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2 @@
+Unless specifically indicated otherwise in a file, files are licensed
+under the Apache 2.0 license, as can be found in: apache-2.0.txt
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/README.txt	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2 @@
+The mbed Device C Client Library provides a simple and efficient way to create mbed Device Client in 
+C.
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/apache-2.0.txt	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+    You must give any other recipients of the Work or Derivative Works a copy of this License; and
+    You must cause any modified files to carry prominent notices stating that You changed the files; and
+    You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+    If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+    You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/nsdl-c/sn_coap_header.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,323 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file sn_coap_header.h
+ *
+ * \brief CoAP C-library User header interface header file
+ */
+
+#ifndef SN_COAP_HEADER_H_
+#define SN_COAP_HEADER_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Handle structure */
+struct coap_s;
+
+/* * * * * * * * * * * * * * */
+/* * * * ENUMERATIONS  * * * */
+/* * * * * * * * * * * * * * */
+
+/**
+ * \brief Enumeration for CoAP Version
+ */
+typedef enum coap_version_ {
+    COAP_VERSION_1          = 0x40,
+    COAP_VERSION_UNKNOWN    = 0xFF
+} coap_version_e;
+
+/**
+ * \brief Enumeration for CoAP Message type, used in CoAP Header
+ */
+typedef enum sn_coap_msg_type_ {
+    COAP_MSG_TYPE_CONFIRMABLE       = 0x00, /**< Reliable Request messages */
+    COAP_MSG_TYPE_NON_CONFIRMABLE   = 0x10, /**< Non-reliable Request and Response messages */
+    COAP_MSG_TYPE_ACKNOWLEDGEMENT   = 0x20, /**< Response to a Confirmable Request  */
+    COAP_MSG_TYPE_RESET             = 0x30  /**< Answer a Bad Request */
+} sn_coap_msg_type_e;
+
+/**
+ * \brief Enumeration for CoAP Message code, used in CoAP Header
+ */
+typedef enum sn_coap_msg_code_ {
+    COAP_MSG_CODE_EMPTY                                 = 0,
+    COAP_MSG_CODE_REQUEST_GET                           = 1,
+    COAP_MSG_CODE_REQUEST_POST                          = 2,
+    COAP_MSG_CODE_REQUEST_PUT                           = 3,
+    COAP_MSG_CODE_REQUEST_DELETE                        = 4,
+
+    COAP_MSG_CODE_RESPONSE_CREATED                      = 65,
+    COAP_MSG_CODE_RESPONSE_DELETED                      = 66,
+    COAP_MSG_CODE_RESPONSE_VALID                        = 67,
+    COAP_MSG_CODE_RESPONSE_CHANGED                      = 68,
+    COAP_MSG_CODE_RESPONSE_CONTENT                      = 69,
+    COAP_MSG_CODE_RESPONSE_BAD_REQUEST                  = 128,
+    COAP_MSG_CODE_RESPONSE_UNAUTHORIZED                 = 129,
+    COAP_MSG_CODE_RESPONSE_BAD_OPTION                   = 130,
+    COAP_MSG_CODE_RESPONSE_FORBIDDEN                    = 131,
+    COAP_MSG_CODE_RESPONSE_NOT_FOUND                    = 132,
+    COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED           = 133,
+    COAP_MSG_CODE_RESPONSE_NOT_ACCEPTABLE               = 134,
+    COAP_MSG_CODE_RESPONSE_REQUEST_ENTITY_INCOMPLETE    = 136,
+    COAP_MSG_CODE_RESPONSE_PRECONDITION_FAILED          = 140,
+    COAP_MSG_CODE_RESPONSE_REQUEST_ENTITY_TOO_LARGE     = 141,
+    COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT   = 143,
+    COAP_MSG_CODE_RESPONSE_INTERNAL_SERVER_ERROR        = 160,
+    COAP_MSG_CODE_RESPONSE_NOT_IMPLEMENTED              = 161,
+    COAP_MSG_CODE_RESPONSE_BAD_GATEWAY                  = 162,
+    COAP_MSG_CODE_RESPONSE_SERVICE_UNAVAILABLE          = 163,
+    COAP_MSG_CODE_RESPONSE_GATEWAY_TIMEOUT              = 164,
+    COAP_MSG_CODE_RESPONSE_PROXYING_NOT_SUPPORTED       = 165
+} sn_coap_msg_code_e;
+
+/**
+ * \brief Enumeration for CoAP Option number, used in CoAP Header
+ */
+typedef enum sn_coap_option_numbers_ {
+    COAP_OPTION_IF_MATCH        = 1,
+    COAP_OPTION_URI_HOST        = 3,
+    COAP_OPTION_ETAG            = 4,
+    COAP_OPTION_IF_NONE_MATCH   = 5,
+    COAP_OPTION_OBSERVE         = 6,
+    COAP_OPTION_URI_PORT        = 7,
+    COAP_OPTION_LOCATION_PATH   = 8,
+    COAP_OPTION_URI_PATH        = 11,
+    COAP_OPTION_CONTENT_FORMAT  = 12,
+    COAP_OPTION_MAX_AGE         = 14,
+    COAP_OPTION_URI_QUERY       = 15,
+    COAP_OPTION_ACCEPT          = 17,
+    COAP_OPTION_LOCATION_QUERY  = 20,
+    COAP_OPTION_BLOCK2          = 23,
+    COAP_OPTION_BLOCK1          = 27,
+    COAP_OPTION_PROXY_URI       = 35,
+    COAP_OPTION_PROXY_SCHEME    = 39,
+    COAP_OPTION_SIZE1           = 60
+//  128 =   (Reserved)
+//  132 =   (Reserved)
+//  136 =   (Reserved)
+} sn_coap_option_numbers_e;
+
+/**
+ * \brief Enumeration for CoAP Content Format codes
+ */
+typedef enum sn_coap_content_format_ {
+    COAP_CT_NONE                = -1,
+    COAP_CT_TEXT_PLAIN          = 0,
+    COAP_CT_LINK_FORMAT         = 40,
+    COAP_CT_XML                 = 41,
+    COAP_CT_OCTET_STREAM        = 42,
+    COAP_CT_EXI                 = 47,
+    COAP_CT_JSON                = 50
+} sn_coap_content_format_e;
+
+/**
+ * \brief Enumeration for CoAP status, used in CoAP Header
+ */
+typedef enum sn_coap_status_ {
+    COAP_STATUS_OK                             = 0, /**< Default value is OK */
+    COAP_STATUS_PARSER_ERROR_IN_HEADER         = 1, /**< CoAP will send Reset message to invalid message sender */
+    COAP_STATUS_PARSER_DUPLICATED_MSG          = 2, /**< CoAP will send Acknowledgement message to duplicated message sender */
+    COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVING = 3, /**< User will get whole message after all message blocks received.
+                                                         User must release messages with this status. */
+    COAP_STATUS_PARSER_BLOCKWISE_ACK           = 4, /**< Acknowledgement for sent Blockwise message received */
+    COAP_STATUS_PARSER_BLOCKWISE_MSG_REJECTED  = 5, /**< Blockwise message received but not supported by compiling switch */
+    COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED  = 6, /**< Blockwise message fully received and returned to app.
+                                                         User must take care of releasing whole payload of the blockwise messages */
+    COAP_STATUS_BUILDER_MESSAGE_SENDING_FAILED = 7  /**< When re-transmissions have been done and ACK not received, CoAP library calls
+                                                         RX callback with this status */
+} sn_coap_status_e;
+
+
+/* * * * * * * * * * * * * */
+/* * * * STRUCTURES  * * * */
+/* * * * * * * * * * * * * */
+
+/**
+ * \brief Structure for CoAP Options
+ */
+typedef struct sn_coap_options_list_ {
+
+    uint8_t     max_age_len;        /**< 0-4 bytes. */
+    uint8_t    *max_age_ptr;        /**< Must be set to NULL if not used */
+
+    uint16_t    proxy_uri_len;      /**< 1-1034 bytes. */
+    uint8_t    *proxy_uri_ptr;      /**< Must be set to NULL if not used */
+
+    uint8_t     etag_len;           /**< 1-8 bytes. Repeatable */
+    uint8_t    *etag_ptr;           /**< Must be set to NULL if not used */
+
+    uint16_t    uri_host_len;       /**< 1-255 bytes. */
+    uint8_t    *uri_host_ptr;       /**< Must be set to NULL if not used */
+
+    uint16_t    location_path_len;  /**< 0-255 bytes. Repeatable */
+    uint8_t    *location_path_ptr;  /**< Must be set to NULL if not used */
+
+    uint8_t     uri_port_len;       /**< 0-2 bytes. */
+    uint8_t    *uri_port_ptr;       /**< Must be set to NULL if not used */
+
+    uint16_t    location_query_len; /**< 0-255 bytes. Repeatable */
+    uint8_t    *location_query_ptr; /**< Must be set to NULL if not used */
+
+    uint8_t     observe;
+    uint8_t     observe_len;        /**< 0-2 bytes. */
+    uint8_t    *observe_ptr;        /**< Must be set to NULL if not used */
+
+    uint8_t     accept_len;         /**< 0-2 bytes. Repeatable */
+    uint8_t     *accept_ptr;        /**< Must be set to NULL if not used */
+
+    uint16_t    uri_query_len;      /**< 1-255 bytes. Repeatable */
+    uint8_t    *uri_query_ptr;      /**< Must be set to NULL if not used */
+
+    uint8_t     block1_len;         /**< 0-3 bytes. */
+    uint8_t    *block1_ptr;         /**< Not for User */
+
+    uint8_t     block2_len;         /**< 0-3 bytes. */
+    uint8_t    *block2_ptr;         /**< Not for User */
+} sn_coap_options_list_s;
+
+
+/* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+/* !!! Main CoAP message struct !!! */
+/* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+
+/**
+ * \brief Main CoAP message struct
+ */
+typedef struct sn_coap_hdr_ {
+    sn_coap_status_e        coap_status;        /**< Used for telling to User special cases when parsing message */
+
+    /* * * * * * * * * * * */
+    /* * * * Header  * * * */
+    /* * * * * * * * * * * */
+
+    sn_coap_msg_type_e      msg_type;           /**< Confirmable, Non-Confirmable, Acknowledgement or Reset */
+    sn_coap_msg_code_e      msg_code;           /**< Empty: 0; Requests: 1-31; Responses: 64-191 */
+    uint16_t                msg_id;             /**< Message ID. Parser sets parsed message ID, builder sets message ID of built coap message */
+
+    /* * * * * * * * * * * */
+    /* * * * Options * * * */
+    /* * * * * * * * * * * */
+
+    /* Here are most often used Options */
+
+    uint16_t                uri_path_len;       /**< 0-255 bytes. Repeatable. */
+    uint8_t                *uri_path_ptr;       /**< Must be set to NULL if not used. E.g: temp1/temp2 */
+
+    uint8_t                 token_len;          /**< 1-8 bytes. */
+    uint8_t                *token_ptr;          /**< Must be set to NULL if not used */
+
+    uint8_t                 content_type_len;   /**< 0-2 bytes. */
+    uint8_t                *content_type_ptr;   /**< Must be set to NULL if not used */
+
+    /* Here are not so often used Options */
+    sn_coap_options_list_s *options_list_ptr;   /**< Must be set to NULL if not used */
+
+    /* * * * * * * * * * * */
+    /* * * * Payload * * * */
+    /* * * * * * * * * * * */
+
+    uint16_t                payload_len;        /**< Must be set to zero if not used */
+    uint8_t                *payload_ptr;        /**< Must be set to NULL if not used */
+} sn_coap_hdr_s;
+
+/* * * * * * * * * * * * * * * * * * * * * * */
+/* * * * EXTERNAL FUNCTION PROTOTYPES  * * * */
+/* * * * * * * * * * * * * * * * * * * * * * */
+/**
+ * \fn sn_coap_hdr_s *sn_coap_parser(struct coap_s *handle, uint16_t packet_data_len, uint8_t *packet_data_ptr, coap_version_e *coap_version_ptr)
+ *
+ * \brief Parses CoAP message from given Packet data
+ *
+ * \param *handle Pointer to CoAP library handle
+ *
+ * \param packet_data_len is length of given Packet data to be parsed to CoAP message
+ *
+ * \param *packet_data_ptr is source for Packet data to be parsed to CoAP message
+ *
+ * \param *coap_version_ptr is destination for parsed CoAP specification version
+ *
+ * \return Return value is pointer to parsed CoAP message.\n
+ *         In following failure cases NULL is returned:\n
+ *          -Failure in given pointer (= NULL)\n
+ *          -Failure in memory allocation (malloc() returns NULL)
+ */
+extern sn_coap_hdr_s *sn_coap_parser(struct coap_s *handle, uint16_t packet_data_len, uint8_t *packet_data_ptr, coap_version_e *coap_version_ptr);
+
+/**
+ * \fn void sn_coap_parser_release_allocated_coap_msg_mem(struct coap_s *handle, sn_coap_hdr_s *freed_coap_msg_ptr)
+ *
+ * \brief Releases memory of given CoAP message
+ *
+ *        Note!!! Does not release Payload part
+ *
+ * \param *handle Pointer to CoAP library handle
+ *
+ * \param *freed_coap_msg_ptr is pointer to released CoAP message
+ */
+extern void sn_coap_parser_release_allocated_coap_msg_mem(struct coap_s *handle, sn_coap_hdr_s *freed_coap_msg_ptr);
+
+/**
+ * \fn int16_t sn_coap_builder(uint8_t *dst_packet_data_ptr, sn_coap_hdr_s *src_coap_msg_ptr)
+ *
+ * \brief Builds an outgoing message buffer from a CoAP header structure.
+ *
+ * \param *dst_packet_data_ptr is pointer to allocated destination to built CoAP packet
+ *
+ * \param *src_coap_msg_ptr is pointer to source structure for building Packet data
+ *
+ * \return Return value is byte count of built Packet data. In failure cases:\n
+ *          -1 = Failure in given CoAP header structure\n
+ *          -2 = Failure in given pointer (= NULL)
+ */
+extern int16_t        sn_coap_builder(uint8_t *dst_packet_data_ptr, sn_coap_hdr_s *src_coap_msg_ptr);
+
+/**
+ * \fn uint16_t sn_coap_builder_calc_needed_packet_data_size(sn_coap_hdr_s *src_coap_msg_ptr)
+ *
+ * \brief Calculates needed Packet data memory size for given CoAP message
+ *
+ * \param *src_coap_msg_ptr is pointer to data which needed Packet
+ *          data length is calculated
+ *
+ * \return Return value is count of needed memory as bytes for build Packet data
+ *          Null if failed
+ */
+extern uint16_t sn_coap_builder_calc_needed_packet_data_size(sn_coap_hdr_s *src_coap_msg_ptr);
+
+/**
+ * \fn sn_coap_hdr_s *sn_coap_build_response(struct coap_s *handle, sn_coap_hdr_s *coap_packet_ptr, uint8_t msg_code)
+ *
+ * \brief Prepares generic response packet from a request packet. This function allocates memory for the resulting sn_coap_hdr_s
+ *
+ * \param *handle Pointer to CoAP library handle
+ * \param *coap_packet_ptr The request packet pointer
+ * \param msg_code response messages code
+ *
+ * \return *coap_packet_ptr The allocated and pre-filled response packet pointer
+ *          NULL    Error in parsing the request
+ *
+ */
+extern sn_coap_hdr_s *sn_coap_build_response(struct coap_s *handle, sn_coap_hdr_s *coap_packet_ptr, uint8_t msg_code);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SN_COAP_HEADER_H_ */
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/nsdl-c/sn_coap_protocol.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,196 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file sn_coap_protocol.h
+ *
+ * \brief CoAP C-library User protocol interface header file
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef SN_COAP_PROTOCOL_H_
+#define SN_COAP_PROTOCOL_H_
+
+#include "sn_coap_header.h"
+
+/**
+ * \fn struct coap_s *sn_coap_protocol_init(void* (*used_malloc_func_ptr)(uint16_t), void (*used_free_func_ptr)(void*),
+        uint8_t (*used_tx_callback_ptr)(sn_nsdl_capab_e , uint8_t *, uint16_t, sn_nsdl_addr_s *),
+        int8_t (*used_rx_callback_ptr)(sn_coap_hdr_s *, sn_nsdl_addr_s *)
+ *
+ * \brief Initializes CoAP Protocol part. When using libNsdl, sn_nsdl_init() calls this function.
+ *
+ * \param *used_malloc_func_ptr is function pointer for used memory allocation function.
+ *
+ * \param *used_free_func_ptr is function pointer for used memory free function.
+ *
+ * \param *used_tx_callback_ptr function callback pointer to tx function for sending coap messages
+ *
+ * \param *used_rx_callback_ptr used to return CoAP header struct with status COAP_STATUS_BUILDER_MESSAGE_SENDING_FAILED
+ *        when re-sendings exceeded. If set to NULL, no error message is returned.
+ *
+ * \return  Pointer to handle when success
+ *          Null if failed
+ */
+
+extern struct coap_s *sn_coap_protocol_init(void *(*used_malloc_func_ptr)(uint16_t), void (*used_free_func_ptr)(void *),
+        uint8_t (*used_tx_callback_ptr)(uint8_t *, uint16_t, sn_nsdl_addr_s *, void *),
+        int8_t (*used_rx_callback_ptr)(sn_coap_hdr_s *, sn_nsdl_addr_s *, void *));
+
+/**
+ * \fn int8_t sn_coap_protocol_destroy(void)
+ *
+ * \brief Frees all memory from CoAP protocol part
+ *
+ * \param *handle Pointer to CoAP library handle
+ *
+ * \return Return value is always 0
+ */
+extern int8_t sn_coap_protocol_destroy(struct coap_s *handle);
+
+/**
+ * \fn int16_t sn_coap_protocol_build(struct coap_s *handle, sn_nsdl_addr_s *dst_addr_ptr, uint8_t *dst_packet_data_ptr, sn_coap_hdr_s *src_coap_msg_ptr)
+ *
+ * \brief Builds Packet data from given CoAP header structure to be sent
+ *
+ * \param *dst_addr_ptr is pointer to destination address where CoAP message
+ *        will be sent (CoAP builder needs that information for message resending purposes)
+ *
+ * \param *dst_packet_data_ptr is pointer to destination of built Packet data
+ *
+ * \param *src_coap_msg_ptr is pointer to source of built Packet data
+ *
+ * \param param void pointer that will be passed to tx/rx function callback when those are called.
+ *
+ * \return Return value is byte count of built Packet data.\n
+ *         Note: If message is blockwised, all payload is not sent at the same time\n
+ *         In failure cases:\n
+ *          -1 = Failure in CoAP header structure\n
+ *          -2 = Failure in given pointer (= NULL)\n
+ *          -3 = Failure in Reset message\ŋ
+ *         If there is not enough memory (or User given limit exceeded) for storing
+ *         resending messages, situation is ignored.
+ */
+extern int16_t sn_coap_protocol_build(struct coap_s *handle, sn_nsdl_addr_s *dst_addr_ptr, uint8_t *dst_packet_data_ptr, sn_coap_hdr_s *src_coap_msg_ptr, void *param);
+
+/**
+ * \fn sn_coap_hdr_s *sn_coap_protocol_parse(struct coap_s *handle, sn_nsdl_addr_s *src_addr_ptr, uint16_t packet_data_len, uint8_t *packet_data_ptr)
+ *
+ * \brief Parses received CoAP message from given Packet data
+ *
+ * \param *src_addr_ptr is pointer to source address of received CoAP message
+ *        (CoAP parser needs that information for Message acknowledgement)
+ *
+ * \param *handle Pointer to CoAP library handle
+ *
+ * \param packet_data_len is length of given Packet data to be parsed to CoAP message
+ *
+ * \param *packet_data_ptr is pointer to source of Packet data to be parsed to CoAP message
+ *
+ * \param param void pointer that will be passed to tx/rx function callback when those are called.
+ *
+ * \return Return value is pointer to parsed CoAP message structure. This structure includes also coap_status field.\n
+ *         In following failure cases NULL is returned:\n
+ *          -Given NULL pointer\n
+ *          -Failure in parsed header of non-confirmable message\ŋ
+ *          -Out of memory (malloc() returns NULL)
+ */
+extern sn_coap_hdr_s *sn_coap_protocol_parse(struct coap_s *handle, sn_nsdl_addr_s *src_addr_ptr, uint16_t packet_data_len, uint8_t *packet_data_ptr, void *);
+
+/**
+ * \fn int8_t sn_coap_protocol_exec(struct coap_s *handle, uint32_t current_time)
+ *
+ * \brief Sends CoAP messages from re-sending queue, if there is any.
+ *        Cleans also old messages from the duplication list and from block receiving list
+ *
+ *        This function can be called e.g. once in a second but also more frequently.
+ *
+ * \param *handle Pointer to CoAP library handle
+ *
+ * \param current_time is System time in seconds. This time is
+ *        used for message re-sending timing and to identify old saved data.
+ *
+ * \return  0 if success
+ *          -1 if failed
+ */
+
+extern int8_t sn_coap_protocol_exec(struct coap_s *handle, uint32_t current_time);
+
+/**
+ * \fn int8_t sn_coap_protocol_set_block_size(uint16_t block_size)
+ *
+ * \brief If block transfer is enabled, this function changes the block size.
+ *
+ * \param uint16_t block_size maximum size of CoAP payload. Valid sizes are 16, 32, 64, 128, 256, 512 and 1024 bytes
+ * \return  0 = success
+ *          -1 = failure
+ */
+extern int8_t              sn_coap_protocol_set_block_size(uint16_t block_size);
+
+/**
+ * \fn int8_t sn_coap_protocol_set_duplicate_buffer_size(uint8_t message_count)
+ *
+ * \brief If dublicate message detection is enabled, this function changes buffer size.
+ *
+ * \param uint8_t message_count max number of messages saved for duplicate control
+ * \return  0 = success
+ *          -1 = failure
+ */
+extern int8_t              sn_coap_protocol_set_duplicate_buffer_size(uint8_t message_count);
+
+/**
+ * \fn int8_t sn_coap_protocol_set_retransmission_parameters(uint8_t resending_count, uint8_t resending_intervall)
+ *
+ * \brief  If re-transmissions are enabled, this function changes resending count and interval.
+ *
+ * \param uint8_t resending_count max number of resendings for message
+ * \param uint8_t resending_intervall message resending intervall in seconds
+ * \return  0 = success
+ *          -1 = failure
+ */
+extern int8_t              sn_coap_protocol_set_retransmission_parameters(uint8_t resending_count, uint8_t resending_interval);
+
+/**
+ * \fn int8_t sn_coap_protocol_set_retransmission_buffer(uint8_t buffer_size_messages, uint16_t buffer_size_bytes)
+ *
+ * \brief If re-transmissions are enabled, this function changes message retransmission queue size.
+ *  Set size to '0' to disable feature. If both are set to '0', then re-sendings are disabled.
+ *
+ * \param uint8_t buffer_size_messages queue size - maximum number of messages to be saved to queue
+ * \param uint8_t buffer_size_bytes queue size - maximum size of messages saved to queue
+ * \return  0 = success
+ *          -1 = failure
+ */
+extern int8_t              sn_coap_protocol_set_retransmission_buffer(uint8_t buffer_size_messages, uint16_t buffer_size_bytes);
+
+/**
+ * \fn void sn_coap_protocol_clear_retransmission_buffer(struct coap_s *handle)
+ *
+ * \param *handle Pointer to CoAP library handle
+ *
+ * \brief If re-transmissions are enabled, this function removes all messages from the retransmission queue.
+ */
+extern void                sn_coap_protocol_clear_retransmission_buffer(struct coap_s *handle);
+
+#endif /* SN_COAP_PROTOCOL_H_ */
+
+#ifdef __cplusplus
+}
+#endif
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/nsdl-c/sn_nsdl.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+* \file sn_nsdl.h
+*
+* \brief libNsdl generic header file
+*
+*/
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef SN_NSDL_H_
+#define SN_NSDL_H_
+
+/* * * Common * * */
+
+#define SN_NSDL_SUCCESS  0
+#define SN_NSDL_FAILURE (-1)
+
+/* * * * * * * * * * * * * * */
+/* * * * ENUMERATIONS  * * * */
+/* * * * * * * * * * * * * * */
+
+
+/**
+ * \brief Used protocol
+ */
+typedef enum sn_nsdl_capab_ {
+    SN_NSDL_PROTOCOL_HTTP           = 0x01,         /**< Unsupported */
+    SN_NSDL_PROTOCOL_HTTPS          = 0x02,         /**< Unsupported */
+    SN_NSDL_PROTOCOL_COAP           = 0x04          /**< Supported */
+} sn_nsdl_capab_e;
+
+/**
+ * \brief Address type of given address
+ */
+typedef enum sn_nsdl_addr_type_ {
+    SN_NSDL_ADDRESS_TYPE_IPV6       = 0x01,         /**< Supported */
+    SN_NSDL_ADDRESS_TYPE_IPV4       = 0x02,         /**< Supported */
+    SN_NSDL_ADDRESS_TYPE_HOSTNAME   = 0x03,         /**< Unsupported */
+    SN_NSDL_ADDRESS_TYPE_NONE       = 0xFF
+} sn_nsdl_addr_type_e;
+
+
+#define SN_NDSL_RESOURCE_NOT_REGISTERED 0
+#define SN_NDSL_RESOURCE_REGISTERING    1
+#define SN_NDSL_RESOURCE_REGISTERED     2
+
+
+/* * * * * * * * * * * * * */
+/* * * * STRUCTURES  * * * */
+/* * * * * * * * * * * * * */
+
+/**
+ * \brief Address structure of Packet data
+ */
+typedef struct sn_nsdl_addr_ {
+    sn_nsdl_addr_type_e     type;
+
+    uint8_t                 addr_len;
+    uint8_t                *addr_ptr;
+
+    uint16_t                port;
+
+} sn_nsdl_addr_s;
+
+/**
+ * \brief Used for creating manually registration message with sn_coap_register()
+ */
+typedef struct registration_info_ {
+    uint8_t *endpoint_ptr;          /**< Endpoint name */
+    uint8_t endpoint_len;
+
+    uint8_t *endpoint_type_ptr;     /**< Endpoint type */
+    uint8_t endpoint_type_len;
+
+    uint8_t *links_ptr;             /**< Resource registration string */
+    uint16_t links_len;
+
+} registration_info_t;
+
+#endif /* SN_NSDL_H_ */
+
+#ifdef __cplusplus
+}
+#endif
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/nsdl-c/sn_nsdl_lib.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,598 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+* \file sn_nsdl_lib.h
+*
+* \brief NanoService Devices Library header file
+*
+*
+*/
+
+#ifndef SN_NSDL_LIB_H_
+#define SN_NSDL_LIB_H_
+
+#include "ns_list.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SN_NSDL_ENDPOINT_NOT_REGISTERED  0
+#define SN_NSDL_ENDPOINT_IS_REGISTERED   1
+
+/* Handle structure */
+struct nsdl_s;
+
+/**
+ * \brief Received device server security
+ */
+typedef enum omalw_server_security_ {
+    SEC_NOT_SET = -1,
+    PSK = 0,
+    RPK = 1,
+    CERTIFICATE = 2,
+    NO_SEC = 3
+} omalw_server_security_t;
+
+/**
+ * \brief Endpoint binding and mode
+ */
+typedef enum sn_nsdl_oma_binding_and_mode_ {
+    BINDING_MODE_NOT_SET = 0,
+    BINDING_MODE_U = 0x01,
+    BINDING_MODE_Q = 0x02,
+    BINDING_MODE_S = 0x04
+} sn_nsdl_oma_binding_and_mode_t;
+
+/**
+ * \brief Endpoint registration mode.
+ *      If REGISTER_WITH_RESOURCES, endpoint sends list of all resources during registration.
+ *      If REGISTER_WITH_TEMPLATE, endpoint sends registration without resource list. Device server must have
+ *      correctly configured template.
+ */
+typedef enum sn_nsdl_registration_mode_ {
+    REGISTER_WITH_RESOURCES = 0,
+    REGISTER_WITH_TEMPLATE
+} sn_nsdl_registration_mode_t;
+
+
+typedef struct omalw_certificate_list_ {
+    uint8_t certificate_chain_len;
+    uint8_t *certificate_ptr[2];
+    uint16_t certificate_len[2];
+    uint8_t *own_private_key_ptr;
+    uint16_t own_private_key_len;
+} omalw_certificate_list_t;
+
+/**
+ * \brief Endpoint registration parameters
+ */
+typedef struct sn_nsdl_ep_parameters_ {
+    uint8_t     *endpoint_name_ptr;                     /**< Endpoint name */
+    uint8_t     endpoint_name_len;
+
+    uint8_t     *domain_name_ptr;                       /**< Domain to register. If null, NSP uses default domain */
+    uint8_t     domain_name_len;
+
+    uint8_t     *type_ptr;                              /**< Endpoint type */
+    uint8_t     type_len;
+
+    uint8_t     *lifetime_ptr;                          /**< Endpoint lifetime in seconds. eg. "1200" = 1200 seconds */
+    uint8_t     lifetime_len;
+
+    sn_nsdl_registration_mode_t ds_register_mode;       /**< Defines registration mode */
+    sn_nsdl_oma_binding_and_mode_t binding_and_mode;    /**< Defines endpoints binding and mode */
+
+    uint8_t     *location_ptr;                          /**< Endpoint location in server, optional parameter,default is NULL */
+    uint8_t     location_len;
+
+} sn_nsdl_ep_parameters_s;
+
+/**
+ * \brief For internal use
+ */
+typedef struct sn_nsdl_sent_messages_ {
+    uint16_t    msg_id_number;
+    uint8_t     message_type;
+    ns_list_link_t  link;
+} sn_nsdl_sent_messages_s;
+
+/**
+ * \brief Includes resource path
+ */
+typedef struct sn_grs_resource_ {
+    uint8_t pathlen;
+    uint8_t *path;
+} sn_grs_resource_s;
+
+/**
+ * \brief Table of created resources
+ */
+typedef struct sn_grs_resource_list_ {
+    uint8_t res_count;                  /**< Number of resources */
+    sn_grs_resource_s *res;
+} sn_grs_resource_list_s;
+
+/**
+ * \brief Resource access rights
+ */
+typedef enum sn_grs_resource_acl_ {
+    SN_GRS_GET_ALLOWED  = 0x01 ,
+    SN_GRS_PUT_ALLOWED  = 0x02,
+    SN_GRS_POST_ALLOWED = 0x04,
+    SN_GRS_DELETE_ALLOWED   = 0x08
+} sn_grs_resource_acl_e;
+
+
+typedef enum sn_nsdl_oma_device_error_ {
+    NO_ERROR = 0,
+    LOW_BATTERY_POWER = 1,
+    EXTERNAL_POWER_SUPPLY_OFF = 2,
+    GPS_MODULE_FAILURE = 3,
+    LOW_RECEIVED_SIGNAL_STRENGTH = 4,
+    OUT_OF_MEMORY = 5,
+    SMS_FAILURE = 6,
+    IP_CONN_FAILURE = 7,
+    PERIPHERAL_MALFUNCTION = 8
+} sn_nsdl_oma_device_error_t;
+
+/**
+ * \brief Defines the resource mode
+ */
+typedef enum sn_nsdl_resource_mode_ {
+    SN_GRS_STATIC,                      /**< Static resources have some value that doesn't change */
+    SN_GRS_DYNAMIC,                     /**< Dynamic resources are handled in application. Therefore one must give function callback pointer to them */
+    SN_GRS_DIRECTORY                    /**< Directory resources are unused and unsupported */
+} sn_nsdl_resource_mode_e;
+
+/**
+ * \brief Resource registration parameters
+ */
+typedef struct sn_nsdl_resource_parameters_ {
+    uint8_t     *resource_type_ptr;
+    uint16_t    resource_type_len;
+
+    uint8_t     *interface_description_ptr;
+    uint16_t    interface_description_len;
+
+    uint8_t     coap_content_type;
+
+    uint8_t     mime_content_type;
+
+    uint8_t     observable;
+
+    uint8_t     registered;
+
+} sn_nsdl_resource_parameters_s;
+
+/**
+ * \brief Defines parameters for the resource.
+ */
+typedef struct sn_nsdl_resource_info_ {
+    sn_nsdl_resource_parameters_s   *resource_parameters_ptr;
+
+    sn_nsdl_resource_mode_e         mode;                       /**< STATIC etc.. */
+
+    uint16_t                        pathlen;                    /**< Address */
+    uint8_t                         *path;
+
+    uint16_t                        resourcelen;                /**< 0 if dynamic resource, resource information in static resource */
+    uint8_t                         *resource;                  /**< NULL if dynamic resource */
+
+    sn_grs_resource_acl_e           access;
+
+    uint8_t (*sn_grs_dyn_res_callback)(struct nsdl_s *, sn_coap_hdr_s *, sn_nsdl_addr_s *, sn_nsdl_capab_e);
+
+    ns_list_link_t                  link;
+
+} sn_nsdl_resource_info_s;
+
+/**
+ * \brief Defines OMA device object parameters.
+ */
+typedef struct sn_nsdl_oma_device_ {
+    sn_nsdl_oma_device_error_t error_code;                                                                          /**< Error code. Mandatory. Can be more than one */
+    uint8_t (*sn_oma_device_boot_callback)(struct nsdl_s *, sn_coap_hdr_s *, sn_nsdl_addr_s *, sn_nsdl_capab_e);    /**< Device boot callback function. If defined, this is called when reset request is received */
+
+} sn_nsdl_oma_device_t;
+
+/**
+ * \brief Defines OMAlw server information
+ */
+typedef struct sn_nsdl_oma_server_info_ {
+    sn_nsdl_addr_s *omalw_address_ptr;
+    omalw_server_security_t omalw_server_security;
+
+} sn_nsdl_oma_server_info_t;
+
+/**
+ * \brief Defines endpoint parameters to OMA bootstrap.
+ */
+typedef struct sn_nsdl_bs_ep_info_ {
+    void (*oma_bs_status_cb)(sn_nsdl_oma_server_info_t *);  /**< Callback for OMA bootstrap status */
+    sn_nsdl_oma_device_t *device_object;                    /**< OMA LWM2M mandatory device resources */
+} sn_nsdl_bs_ep_info_t;
+
+
+
+
+/**
+ * \fn struct nsdl_s *sn_nsdl_init  (uint8_t (*sn_nsdl_tx_cb)(sn_nsdl_capab_e , uint8_t *, uint16_t, sn_nsdl_addr_s *),
+ *                          uint8_t (*sn_nsdl_rx_cb)(sn_coap_hdr_s *, sn_nsdl_addr_s *),
+ *                          sn_nsdl_mem_s *sn_memory)
+ *
+ * \brief Initialization function for NSDL library. Initializes NSDL, GRS, HTTP and CoAP.
+ *
+ * \param *sn_nsdl_tx_callback  A callback function for sending messages.
+ *
+ * \param *sn_nsdl_rx_callback  A callback function for parsed messages. If received message is not CoAP protocol message (eg. ACK), message for GRS (GET, PUT, POST, DELETE) or
+ *                              reply for some DS messages (register message etc.), rx callback will be called.
+ *
+ * \param *sn_memory            Memory structure which includes function pointers to the allocation and free functions.
+ *
+ * \return  pointer to created handle structure. NULL if failed
+ */
+struct nsdl_s *sn_nsdl_init(uint8_t (*sn_nsdl_tx_cb)(struct nsdl_s *, sn_nsdl_capab_e , uint8_t *, uint16_t, sn_nsdl_addr_s *),
+                            uint8_t (*sn_nsdl_rx_cb)(struct nsdl_s *, sn_coap_hdr_s *, sn_nsdl_addr_s *),
+                            void *(*sn_nsdl_alloc)(uint16_t), void (*sn_nsdl_free)(void *));
+
+/**
+ * \fn extern uint16_t sn_nsdl_register_endpoint(struct nsdl_s *handle, sn_nsdl_ep_parameters_s *endpoint_info_ptr);
+ *
+ * \brief Registers endpoint to mbed Device Server.
+ * \param *handle               Pointer to nsdl-library handle
+ * \param *endpoint_info_ptr    Contains endpoint information.
+ *
+ * \return registration message ID, 0 if failed
+ */
+extern uint16_t sn_nsdl_register_endpoint(struct nsdl_s *handle, sn_nsdl_ep_parameters_s *endpoint_info_ptr);
+
+/**
+ * \fn extern uint16_t sn_nsdl_unregister_endpoint(struct nsdl_s *handle)
+ *
+ * \brief Sends unregister-message to mbed Device Server.
+ *
+ * \param *handle               Pointer to nsdl-library handle
+ *
+ * \return  unregistration message ID, 0 if failed
+ */
+extern uint16_t sn_nsdl_unregister_endpoint(struct nsdl_s *handle);
+
+/**
+ * \fn extern uint16_t sn_nsdl_update_registration(struct nsdl_s *handle, uint8_t *lt_ptr, uint8_t lt_len);
+ *
+ * \brief Update the registration with mbed Device Server.
+ *
+ * \param *handle   Pointer to nsdl-library handle
+ * \param *lt_ptr   Pointer to lifetime value string in ascii form, eg. "1200"
+ * \param lt_len    Length of the lifetime string
+ *
+ * \return  registration update message ID, 0 if failed
+ */
+extern uint16_t sn_nsdl_update_registration(struct nsdl_s *handle, uint8_t *lt_ptr, uint8_t lt_len);
+
+/**
+ * \fn extern int8_t sn_nsdl_set_endpoint_location(struct nsdl_s *handle, uint8_t *location_ptr, uint8_t location_len);
+ *
+ * \brief Sets the location receievd from Device Server.
+ *
+ * \param *handle   Pointer to nsdl-library handle
+ * \param *lt_ptr   Pointer to location value string , eg. "s322j4k"
+ * \param lt_len    Length of the location string
+ *
+ * \return  success, 0 if failed -1
+ */
+extern int8_t sn_nsdl_set_endpoint_location(struct nsdl_s *handle, uint8_t *location_ptr, uint8_t location_len);
+
+
+/**
+ * \fn extern int8_t sn_nsdl_is_ep_registered(struct nsdl_s *handle)
+ *
+ * \brief Checks if endpoint is registered.
+ *
+ * \param *handle   Pointer to nsdl-library handle
+ *
+ * \return 1 Endpoint registration is done successfully
+ * \return 0 Endpoint is not registered
+ */
+extern int8_t sn_nsdl_is_ep_registered(struct nsdl_s *handle);
+
+/**
+ * \fn extern void sn_nsdl_nsp_lost(struct nsdl_s *handle);
+ *
+ * \brief A function to inform mbed Device C client library if application detects a fault in mbed Device Server registration.
+ *
+ * \param *handle   Pointer to nsdl-library handle
+ *
+ * After calling this function sn_nsdl_is_ep_registered() will return "not registered".
+ */
+extern void sn_nsdl_nsp_lost(struct nsdl_s *handle);
+
+/**
+ * \fn extern uint16_t sn_nsdl_send_observation_notification(struct nsdl_s *handle, uint8_t *token_ptr, uint8_t token_len,
+ *                                                  uint8_t *payload_ptr, uint16_t payload_len,
+ *                                                  uint8_t *observe_ptr, uint8_t observe_len,
+ *                                                  sn_coap_msg_type_e message_type, uint8_t content_type)
+ *
+ *
+ * \brief Sends observation message to mbed Device Server
+ *
+ * \param   *handle         Pointer to nsdl-library handle
+ * \param   *token_ptr      Pointer to token to be used
+ * \param   token_len       Token length
+ * \param   *payload_ptr    Pointer to payload to be sent
+ * \param   payload_len     Payload length
+ * \param   *observe_ptr    Pointer to observe number to be sent
+ * \param   observe_len     Observe number len
+ * \param   message_type    Observation message type (confirmable or non-confirmable)
+ * \param   contetnt_type   Observation message payload contetnt type
+ *
+ * \return  !0  Success, observation messages message ID
+ * \return  0   Failure
+ */
+extern uint16_t sn_nsdl_send_observation_notification(struct nsdl_s *handle, uint8_t *token_ptr, uint8_t token_len,
+        uint8_t *payload_ptr, uint16_t payload_len,
+        uint8_t *observe_ptr, uint8_t observe_len,
+        sn_coap_msg_type_e message_type, uint8_t content_type);
+
+/**
+ * \fn extern uint32_t sn_nsdl_get_version(void)
+ *
+ * \brief Version query function.
+ *
+ * Used to retrieve the version information from the mbed Device C Client library.
+ *
+ * \return Pointer to library version string
+*/
+extern char *sn_nsdl_get_version(void);
+
+/**
+ * \fn extern int8_t sn_nsdl_process_coap(struct nsdl_s *handle, uint8_t *packet, uint16_t packet_len, sn_nsdl_addr_s *src)
+ *
+ * \brief To push CoAP packet to mbed Device C Client library
+ *
+ * Used to push an CoAP packet to mbed Device C Client library for processing.
+ *
+ * \param   *handle     Pointer to nsdl-library handle
+ *
+ * \param   *packet     Pointer to a uint8_t array containing the packet (including the CoAP headers).
+ *      After successful execution this array may contain the response packet.
+ *
+ * \param   *packet_len Pointer to length of the packet. After successful execution this array may contain the length
+ *      of the response packet.
+ *
+ * \param   *src        Pointer to packet source address information. After successful execution this array may contain
+ *      the destination address of the response packet.
+ *
+ * \return  0   Success
+ * \return  -1  Failure
+ */
+extern int8_t sn_nsdl_process_coap(struct nsdl_s *handle, uint8_t *packet, uint16_t packet_len, sn_nsdl_addr_s *src);
+
+/**
+ * \fn extern int8_t sn_nsdl_exec(struct nsdl_s *handle, uint32_t time);
+ *
+ * \brief CoAP retransmission function.
+ *
+ * Used to give execution time for the mbed Device C Client library for retransmissions.
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ *
+ * \param  time Time in seconds.
+ *
+ * \return  0   Success
+ * \return  -1  Failure
+ */
+extern int8_t sn_nsdl_exec(struct nsdl_s *handle, uint32_t time);
+
+/**
+ * \fn  extern int8_t sn_nsdl_create_resource(struct nsdl_s *handle, sn_nsdl_resource_info_s *res);
+ *
+ * \brief Resource creating function.
+ *
+ * Used to create a static or dynamic CoAP resource.
+ *
+ * \param   *res    Pointer to a structure of type sn_nsdl_resource_info_t that contains the information
+ *     about the resource.
+ *
+ * \return  0   Success
+ * \return  -1  Failure
+ * \return  -2  Resource already exists
+ * \return  -3  Invalid path
+ * \return  -4  List adding failure
+ */
+extern int8_t sn_nsdl_create_resource(struct nsdl_s *handle, sn_nsdl_resource_info_s *res);
+
+/**
+ * \fn extern int8_t sn_nsdl_update_resource(sn_nsdl_resource_info_s *res)
+ *
+ * \brief Resource updating function.
+ *
+ * Used to update the direct value of a static resource, the callback function pointer of a dynamic resource
+ * and access rights of the recource.
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ * \param   *res    Pointer to a structure of type sn_nsdl_resource_info_t that contains the information
+ *     about the resource. Only the pathlen and path elements are evaluated along with
+ *     either resourcelen and resource or the function pointer.
+ *
+ * \return  0   Success
+ * \return  -1  Failure
+ */
+extern int8_t sn_nsdl_update_resource(struct nsdl_s *handle, sn_nsdl_resource_info_s *res);
+
+/**
+ * \fn extern int8_t sn_nsdl_delete_resource(struct nsdl_s *handle, uint8_t pathlen, uint8_t *path)
+ *
+ * \brief Resource delete function.
+ *
+ * Used to delete a resource. If resource has a subresources, these all must also be removed.
+ *
+ * \param   *handle     Pointer to nsdl-library handle
+ * \param   pathlen     Contains the length of the path that is to be deleted (excluding possible trailing "\0").
+ * \param   *path_ptr   A pointer to an array containing the path.
+ *
+ * \return  0   Success
+ * \return  -1  Failure (No such resource)
+ */
+extern int8_t sn_nsdl_delete_resource(struct nsdl_s *handle, uint16_t pathlen, uint8_t *path);
+
+/**
+ * \fn extern sn_nsdl_resource_info_s *sn_nsdl_get_resource(struct nsdl_s *handle, uint16_t pathlen, uint8_t *path)
+ *
+ * \brief Resource get function.
+ *
+ * Used to get a resource.
+ *
+ * \param   *handle     Pointer to nsdl-library handle
+ * \param   pathlen Contains the length of the path that is to be returned (excluding possible trailing '\0').
+ * \param   *path   A pointer to an array containing the path.
+ *
+ * \return  !NULL   Success, pointer to a sn_nsdl_resource_info_s that contains the resource information\n
+ * \return  NULL    Failure
+ */
+extern sn_nsdl_resource_info_s *sn_nsdl_get_resource(struct nsdl_s *handle, uint16_t pathlen, uint8_t *path);
+
+/**
+ * \fn extern sn_grs_resource_list_s *sn_nsdl_list_resource(struct nsdl_s *handle, uint16_t pathlen, uint8_t *path)
+ *
+ * \brief Resource list function.
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ * \param   pathlen Contains the length of the target path (excluding possible trailing '\0').
+ *     The length value is not examined if the path itself is a NULL pointer.
+ * \param   *path   A pointer to an array containing the path or a NULL pointer.
+ *
+ * \return  !NULL   A pointer to a sn_grs_resource_list_s structure containing the resource listing.
+ * \return  NULL    Failure with an unspecified error
+ */
+sn_grs_resource_list_s *sn_nsdl_list_resource(struct nsdl_s *handle, uint16_t pathlen, uint8_t *path);
+
+/**
+ * \fn extern void sn_nsdl_free_resource_list(struct nsdl_s *handle, sn_grs_resource_list_s *list)
+ *
+ * \brief Free a resource list obtained from sn_nsdl_list_resource()
+ *
+ * \param   list    The list to free, or NULL.
+ */
+void sn_nsdl_free_resource_list(struct nsdl_s *handle, sn_grs_resource_list_s *list);
+
+/**
+ * \fn extern int8_t sn_nsdl_send_coap_message(struct nsdl_s *handle, sn_nsdl_addr_s *address_ptr, sn_coap_hdr_s *coap_hdr_ptr);
+ *
+ * \brief Send an outgoing CoAP request.
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ * \param   *address_ptr    Pointer to source address struct
+ * \param   *coap_hdr_ptr   Pointer to CoAP message to be sent
+ *
+ * \return  0   Success
+ * \return  -1  Failure
+ */
+extern int8_t sn_nsdl_send_coap_message(struct nsdl_s *handle, sn_nsdl_addr_s *address_ptr, sn_coap_hdr_s *coap_hdr_ptr);
+
+/**
+ * \fn extern int8_t set_NSP_address(struct nsdl_s *handle, uint8_t *NSP_address, uint16_t port, sn_nsdl_addr_type_e address_type);
+ *
+ * \brief This function is used to set the mbed Device Server address given by an application.
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ * \return  0   Success
+ * \return  -1  Failed to indicate that internal address pointer is not allocated (call nsdl_init() first).
+ */
+extern int8_t set_NSP_address(struct nsdl_s *handle, uint8_t *NSP_address, uint16_t port, sn_nsdl_addr_type_e address_type);
+
+/**
+ * \fn extern int8_t sn_nsdl_destroy(struct nsdl_s *handle);
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ * \brief This function releases all allocated memory in mbed Device C Client library.
+ */
+extern int8_t sn_nsdl_destroy(struct nsdl_s *handle);
+
+/**
+ * \fn extern uint16_t sn_nsdl_oma_bootstrap(struct nsdl_s *handle, sn_nsdl_addr_s *bootstrap_address_ptr, sn_nsdl_ep_parameters_s *endpoint_info_ptr, sn_nsdl_bs_ep_info_t *bootstrap_endpoint_info_ptr);
+ *
+ * \brief Starts OMA bootstrap process
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ *
+ * \return bootstrap message ID, 0 if failed
+ */
+extern uint16_t sn_nsdl_oma_bootstrap(struct nsdl_s *handle, sn_nsdl_addr_s *bootstrap_address_ptr, sn_nsdl_ep_parameters_s *endpoint_info_ptr, sn_nsdl_bs_ep_info_t *bootstrap_endpoint_info_ptr);
+
+/**
+ * \fn extern omalw_certificate_list_t *sn_nsdl_get_certificates(struct nsdl_s *handle);
+ *
+ * \brief Get pointer to received device server certificates
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ */
+extern omalw_certificate_list_t *sn_nsdl_get_certificates(struct nsdl_s *handle);
+
+/**
+ * \fn extern int8_t sn_nsdl_update_certificates(struct nsdl_s *handle, omalw_certificate_list_t* certificate_ptr, uint8_t certificate_chain);
+ *
+ * \brief Updates certificate pointers to resource server.
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ */
+extern int8_t sn_nsdl_update_certificates(struct nsdl_s *handle, omalw_certificate_list_t *certificate_ptr, uint8_t certificate_chain);
+
+/**
+ * \fn extern int8_t sn_nsdl_create_oma_device_object(struct nsdl_s *handle, sn_nsdl_oma_device_t *device_object_ptr);
+ *
+ * \brief Creates new device object resource
+ *
+ * \param   *handle Pointer to nsdl-library handle
+ */
+extern int8_t sn_nsdl_create_oma_device_object(struct nsdl_s *handle, sn_nsdl_oma_device_t *device_object_ptr);
+
+/**
+ * \fn sn_coap_hdr_s *sn_nsdl_build_response(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr, uint8_t msg_code)
+ *
+ * \brief Prepares generic response packet from a request packet. This function allocates memory for the resulting sn_coap_hdr_s
+ *
+ * \param *handle Pointer to library handle
+ * \param *coap_packet_ptr The request packet pointer
+ * \param msg_code response messages code
+ *
+ * \return *coap_packet_ptr The allocated and pre-filled response packet pointer
+ *          NULL    Error in parsing the request
+ *
+ */
+extern sn_coap_hdr_s *sn_nsdl_build_response(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr, uint8_t msg_code);
+
+/**
+ * \fn void sn_nsdl_release_allocated_coap_msg_mem(struct nsdl_s *handle, sn_coap_hdr_s *freed_coap_msg_ptr)
+ *
+ * \brief Releases memory of given CoAP message
+ *
+ *        Note!!! Does not release Payload part
+ *
+ * \param *handle Pointer to CoAP library handle
+ *
+ * \param *freed_coap_msg_ptr is pointer to released CoAP message
+ */
+extern void sn_nsdl_release_allocated_coap_msg_mem(struct nsdl_s *handle, sn_coap_hdr_s *freed_coap_msg_ptr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SN_NSDL_LIB_H_ */
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libCoap/src/include/sn_coap_header_internal.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file sn_coap_header_internal.h
+ *
+ * \brief Header file for CoAP Header part
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef SN_COAP_HEADER_INTERNAL_H_
+#define SN_COAP_HEADER_INTERNAL_H_
+
+
+/* * * * * * * * * * * */
+/* * * * DEFINES * * * */
+/* * * * * * * * * * * */
+
+#define COAP_VERSION                                COAP_VERSION_1 /* Tells which IETF CoAP specification version the CoAP message supports. */
+/* This value is written to CoAP message header part. */
+
+/* CoAP Header defines */
+#define COAP_HEADER_LENGTH                          4   /* Fixed Header length of CoAP message as bytes */
+#define COAP_HEADER_VERSION_MASK                    0xC0
+#define COAP_HEADER_MSG_TYPE_MASK                   0x30
+#define COAP_HEADER_TOKEN_LENGTH_MASK               0x0F
+#define COAP_HEADER_MSG_ID_MSB_SHIFT                8
+
+/* CoAP Options defines */
+#define COAP_OPTIONS_OPTION_NUMBER_SHIFT            4
+
+/* * * * * * * * * * * * * * */
+/* * * * ENUMERATIONS  * * * */
+/* * * * * * * * * * * * * * */
+
+/* * * * * * * * * * * * * */
+/* * * * STRUCTURES  * * * */
+/* * * * * * * * * * * * * */
+
+/**
+ * \brief This structure is returned by sn_coap_exec() for sending
+ */
+typedef struct sn_nsdl_transmit_ {
+    sn_nsdl_addr_s         *dst_addr_ptr;
+
+    sn_nsdl_capab_e         protocol;
+
+    uint16_t                packet_len;
+    uint8_t                *packet_ptr;
+} sn_nsdl_transmit_s;
+
+/* * * * * * * * * * * * * * * * * * * * * * */
+/* * * * EXTERNAL FUNCTION PROTOTYPES  * * * */
+/* * * * * * * * * * * * * * * * * * * * * * */
+extern int8_t           sn_coap_header_validity_check(sn_coap_hdr_s *src_coap_msg_ptr, coap_version_e coap_version);
+
+#endif /* SN_COAP_HEADER_INTERNAL_H_ */
+
+#ifdef __cplusplus
+}
+#endif
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libCoap/src/include/sn_coap_protocol_internal.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file sn_coap_protocol_internal.h
+ *
+ * \brief Header file for CoAP Protocol part
+ *
+ */
+
+#ifndef SN_COAP_PROTOCOL_INTERNAL_H_
+#define SN_COAP_PROTOCOL_INTERNAL_H_
+
+#include "ns_list.h"
+#include "sn_coap_header_internal.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct coap_s {
+    void *(*sn_coap_protocol_malloc)(uint16_t);
+    void (*sn_coap_protocol_free)(void *);
+
+    uint8_t (*sn_coap_tx_callback)(uint8_t *, uint16_t, sn_nsdl_addr_s *, void *);
+    int8_t (*sn_coap_rx_callback)(sn_coap_hdr_s *, sn_nsdl_addr_s *, void *);
+};
+
+/* * * * * * * * * * * */
+/* * * * DEFINES * * * */
+/* * * * * * * * * * * */
+
+/* * For Message resending * */
+#define ENABLE_RESENDINGS                               1   /**< Enable / Disable resending from library in building */
+
+#define SN_COAP_RESENDING_MAX_COUNT                     3   /**< Default number of re-sendings  */
+#define SN_COAP_RESENDING_QUEUE_SIZE_MSGS               2   /**< Default re-sending queue size - defines how many messages can be stored. Setting this to 0 disables feature */
+#define SN_COAP_RESENDING_QUEUE_SIZE_BYTES              0   /**< Default re-sending queue size - defines size of the re-sending buffer. Setting this to 0 disables feature */
+#define DEFAULT_RESPONSE_TIMEOUT                        10  /**< Default re-sending timeout as seconds */
+
+/* These parameters sets maximum values application can set with API */
+#define SN_COAP_MAX_ALLOWED_RESENDING_COUNT             6   /**< Maximum allowed count of re-sending */
+#define SN_COAP_MAX_ALLOWED_RESENDING_BUFF_SIZE_MSGS    6   /**< Maximum allowed number of saved re-sending messages */
+#define SN_COAP_MAX_ALLOWED_RESENDING_BUFF_SIZE_BYTES   512 /**< Maximum allowed size of re-sending buffer */
+#define SN_COAP_MAX_ALLOWED_RESPONSE_TIMEOUT            40  /**< Maximum allowed re-sending timeout */
+
+#define RESPONSE_RANDOM_FACTOR                          1   /**< Resending random factor, value is specified in IETF CoAP specification */
+
+/* * For Message duplication detecting * */
+
+/* Init value for the maximum count of messages to be stored for duplication detection          */
+/* Setting of this value to 0 will disable duplication check, also reduce use of ROM memory     */
+#ifndef SN_COAP_DUPLICATION_MAX_MSGS_COUNT
+#define SN_COAP_DUPLICATION_MAX_MSGS_COUNT              0
+#endif
+/* Maximum allowed number of saved messages for duplicate searching */
+#define SN_COAP_MAX_ALLOWED_DUPLICATION_MESSAGE_COUNT   6
+
+/* Maximum time in seconds of messages to be stored for duplication detection */
+#define SN_COAP_DUPLICATION_MAX_TIME_MSGS_STORED    60 /* RESPONSE_TIMEOUT * RESPONSE_RANDOM_FACTOR * (2 ^ MAX_RETRANSMIT - 1) + the expected maximum round trip time */
+
+/* * For Message blockwising * */
+
+/* Init value for the maximum payload size to be sent and received at one blockwise message                         */
+/* Setting of this value to 0 will disable this feature, and also reduce use of ROM memory                          */
+/* Note: Current Coap implementation supports Blockwise transfers specification version draft-ietf-core-block-03    */
+/* Note: This define is common for both received and sent Blockwise messages                                        */
+#ifndef SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE
+#define SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE          0 /**< Must be 2^x and x is at least 4. Suitable values: 0, 16, 32, 64, 128, 256, 512 and 1024 */
+#endif
+
+#ifndef SN_COAP_BLOCKWISE_MAX_TIME_DATA_STORED
+#define SN_COAP_BLOCKWISE_MAX_TIME_DATA_STORED      10 /**< Maximum time in seconds of data (messages and payload) to be stored for blockwising */
+#endif
+
+
+/* * * * * * * * * * * * * * */
+/* * * * ENUMERATIONS  * * * */
+/* * * * * * * * * * * * * * */
+
+/* * * * * * * * * * * * * */
+/* * * * STRUCTURES  * * * */
+/* * * * * * * * * * * * * */
+
+
+/* Structure which is stored to Linked list for message sending purposes */
+typedef struct coap_send_msg_ {
+    uint8_t             resending_counter;  /* Tells how many times message is still tried to resend */
+    uint32_t            resending_time;     /* Tells next resending time */
+
+    sn_nsdl_transmit_s *send_msg_ptr;
+
+    struct coap_s       *coap;              /* CoAP library handle */
+    void                *param;             /* Extra parameter that will be passed to TX/RX callback functions */
+
+    ns_list_link_t      link;
+} coap_send_msg_s;
+
+typedef NS_LIST_HEAD(coap_send_msg_s, link) coap_send_msg_list_t;
+
+/* Structure which is stored to Linked list for message duplication detection purposes */
+typedef struct coap_duplication_info_ {
+    uint32_t            timestamp; /* Tells when duplication information is stored to Linked list */
+
+    uint8_t             addr_len;
+    uint8_t            *addr_ptr;
+    uint16_t            port;
+
+    uint16_t            msg_id;
+
+    struct coap_s       *coap;  /* CoAP library handle */
+
+    ns_list_link_t     link;
+} coap_duplication_info_s;
+
+typedef NS_LIST_HEAD(coap_duplication_info_s, link) coap_duplication_info_list_t;
+
+/* Structure which is stored to Linked list for blockwise messages sending purposes */
+typedef struct coap_blockwise_msg_ {
+    uint32_t            timestamp;  /* Tells when Blockwise message is stored to Linked list */
+
+    sn_coap_hdr_s       *coap_msg_ptr;
+    struct coap_s       *coap;      /* CoAP library handle */
+
+    ns_list_link_t     link;
+} coap_blockwise_msg_s;
+
+typedef NS_LIST_HEAD(coap_blockwise_msg_s, link) coap_blockwise_msg_list_t;
+
+/* Structure which is stored to Linked list for blockwise messages receiving purposes */
+typedef struct coap_blockwise_payload_ {
+    uint32_t            timestamp; /* Tells when Payload is stored to Linked list */
+
+    uint8_t             addr_len;
+    uint8_t             *addr_ptr;
+    uint16_t            port;
+
+    uint16_t            payload_len;
+    uint8_t             *payload_ptr;
+    struct coap_s       *coap;  /* CoAP library handle */
+
+    ns_list_link_t     link;
+} coap_blockwise_payload_s;
+
+typedef NS_LIST_HEAD(coap_blockwise_payload_s, link) coap_blockwise_payload_list_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SN_COAP_PROTOCOL_INTERNAL_H_ */
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libCoap/src/sn_coap_builder.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1102 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file sn_coap_builder.c
+ *
+ * \brief CoAP Message builder
+ *
+ * Functionality: Builds CoAP message
+ *
+ */
+
+/* * * * * * * * * * * * * * */
+/* * * * INCLUDE FILES * * * */
+/* * * * * * * * * * * * * * */
+
+#include <string.h> /* For memset() and memcpy() */
+
+#include "ns_types.h"
+#include "sn_nsdl.h"
+#include "sn_coap_header.h"
+#include "sn_coap_header_internal.h"
+#include "sn_coap_protocol_internal.h"
+
+/* * * * LOCAL FUNCTION PROTOTYPES * * * */
+static int8_t   sn_coap_builder_header_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr);
+static int8_t   sn_coap_builder_options_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr);
+static uint16_t sn_coap_builder_options_calc_option_size(uint16_t query_len, uint8_t *query_ptr, sn_coap_option_numbers_e option);
+static int16_t  sn_coap_builder_options_build_add_one_option(uint8_t **dst_packet_data_pptr, uint16_t option_len, uint8_t *option_ptr, sn_coap_option_numbers_e option_number);
+static int16_t  sn_coap_builder_options_build_add_zero_length_option(uint8_t **dst_packet_data_pptr, uint8_t option_length, uint8_t option_exist, sn_coap_option_numbers_e option_number);
+static int16_t  sn_coap_builder_options_build_add_multiple_option(uint8_t **dst_packet_data_pptr, uint8_t **src_pptr, uint16_t *src_len_ptr, sn_coap_option_numbers_e option);
+static uint8_t  sn_coap_builder_options_get_option_part_count(uint16_t query_len, uint8_t *query_ptr, sn_coap_option_numbers_e option);
+static uint16_t sn_coap_builder_options_get_option_part_length_from_whole_option_string(uint16_t query_len, uint8_t *query_ptr, uint8_t query_index, sn_coap_option_numbers_e option);
+static int16_t  sn_coap_builder_options_get_option_part_position(uint16_t query_len, uint8_t *query_ptr, uint8_t query_index, sn_coap_option_numbers_e option);
+static void     sn_coap_builder_payload_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr);
+static uint8_t  sn_coap_builder_options_calculate_jump_need(sn_coap_hdr_s *src_coap_msg_ptr, uint8_t block_option);
+
+/* * * * GLOBAL DECLARATIONS * * * */
+static uint16_t global_previous_option_number = 0;      /* Previous Option number in CoAP message */
+
+/* * * * EXTERN VARIABLES * * * */
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE
+extern uint16_t     sn_coap_block_data_size;                /* From sn_coap_protocol_ieft_draft_12.c */
+#endif
+
+sn_coap_hdr_s *sn_coap_build_response(struct coap_s *handle, sn_coap_hdr_s *coap_packet_ptr, uint8_t msg_code)
+{
+    sn_coap_hdr_s *coap_res_ptr;
+
+    if (!coap_packet_ptr || !handle) {
+        return NULL;
+    }
+
+    coap_res_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_hdr_s));
+    if (!coap_res_ptr) {
+        return NULL;
+    }
+
+    memset(coap_res_ptr, 0x00, sizeof(sn_coap_hdr_s));
+
+    if (coap_packet_ptr->msg_type == COAP_MSG_TYPE_CONFIRMABLE) {
+        coap_res_ptr->msg_type = COAP_MSG_TYPE_ACKNOWLEDGEMENT;
+        coap_res_ptr->msg_code = (sn_coap_msg_code_e)msg_code;
+        coap_res_ptr->msg_id = coap_packet_ptr->msg_id;
+    }
+
+    else if (coap_packet_ptr->msg_type == COAP_MSG_TYPE_NON_CONFIRMABLE) {
+        coap_res_ptr->msg_type = COAP_MSG_TYPE_NON_CONFIRMABLE;
+        coap_res_ptr->msg_code = (sn_coap_msg_code_e)msg_code;
+        /* msg_id needs to be set by the caller in this case */
+    }
+
+    else {
+        handle->sn_coap_protocol_free( coap_res_ptr );
+        return NULL;
+    }
+
+    if (coap_packet_ptr->token_ptr) {
+        coap_res_ptr->token_len = coap_packet_ptr->token_len;
+        coap_res_ptr->token_ptr = handle->sn_coap_protocol_malloc(coap_res_ptr->token_len);
+        if (!coap_res_ptr->token_ptr) {
+            handle->sn_coap_protocol_free(coap_res_ptr);
+            return NULL;
+        }
+        memcpy(coap_res_ptr->token_ptr, coap_packet_ptr->token_ptr, coap_res_ptr->token_len);
+    }
+    return coap_res_ptr;
+}
+
+int16_t sn_coap_builder(uint8_t *dst_packet_data_ptr, sn_coap_hdr_s *src_coap_msg_ptr)
+{
+    uint8_t *base_packet_data_ptr = NULL;
+
+    /* * * * Check given pointers  * * * */
+    if (dst_packet_data_ptr == NULL || src_coap_msg_ptr == NULL) {
+        return -2;
+    }
+
+    /* Initialize given Packet data memory area with zero values */
+    uint16_t dst_byte_count_to_be_built = sn_coap_builder_calc_needed_packet_data_size(src_coap_msg_ptr);
+
+    if (!dst_byte_count_to_be_built) {
+        return -1;
+    }
+
+    memset(dst_packet_data_ptr, 0, dst_byte_count_to_be_built);
+
+    /* * * * Store base (= original) destination Packet data pointer for later usage * * * */
+    base_packet_data_ptr = dst_packet_data_ptr;
+
+    /* * * * * * * * * * * * * * * * * * */
+    /* * * * Header part building  * * * */
+    /* * * * * * * * * * * * * * * * * * */
+    if (sn_coap_builder_header_build(&dst_packet_data_ptr, src_coap_msg_ptr) != 0) {
+        /* Header building failed */
+        return -1;
+    }
+
+    /* If else than Reset message because Reset message must be empty */
+    if (src_coap_msg_ptr->msg_type != COAP_MSG_TYPE_RESET) {
+        /* * * * * * * * * * * * * * * * * * */
+        /* * * * Options part building * * * */
+        /* * * * * * * * * * * * * * * * * * */
+        sn_coap_builder_options_build(&dst_packet_data_ptr, src_coap_msg_ptr);
+
+        /* * * * * * * * * * * * * * * * * * */
+        /* * * * Payload part building * * * */
+        /* * * * * * * * * * * * * * * * * * */
+        sn_coap_builder_payload_build(&dst_packet_data_ptr, src_coap_msg_ptr);
+    }
+
+    /* * * * Return built Packet data length * * * */
+    return (dst_packet_data_ptr - base_packet_data_ptr);
+}
+
+uint16_t sn_coap_builder_calc_needed_packet_data_size(sn_coap_hdr_s *src_coap_msg_ptr)
+{
+    uint16_t returned_byte_count = 0;
+
+    if (!src_coap_msg_ptr) {
+        return 0;
+    }
+
+    /* * * * *  HEADER * * * * */
+
+    /* Header size is fixed */
+    returned_byte_count = COAP_HEADER_LENGTH;
+
+    /* * * * * OPTIONS * * * * */
+
+    /* If else than Reset message because Reset message must be empty */
+    if (src_coap_msg_ptr->msg_type != COAP_MSG_TYPE_RESET) {
+        uint16_t repeatable_option_size = 0;
+
+        /* TOKEN - Length is 1-8 bytes */
+        if (src_coap_msg_ptr->token_ptr != NULL) {
+            if (src_coap_msg_ptr->token_len > 8 || src_coap_msg_ptr->token_len < 1) { /* Check that option is not longer than defined */
+                return 0;
+            }
+
+            returned_byte_count += src_coap_msg_ptr->token_len;
+        }
+
+        /* URI PATH - Repeatable option. Length of one option is 0-255 */
+        if (src_coap_msg_ptr->uri_path_ptr != NULL) {
+            repeatable_option_size = sn_coap_builder_options_calc_option_size(src_coap_msg_ptr->uri_path_len,
+                                     src_coap_msg_ptr->uri_path_ptr, COAP_OPTION_URI_PATH);
+            if (repeatable_option_size) {
+                returned_byte_count += repeatable_option_size;
+            } else {
+                return 0;
+            }
+        }
+
+        /* CONTENT TYPE - Length of this option is 0-2 bytes */
+        if (src_coap_msg_ptr->content_type_ptr != NULL) {
+            returned_byte_count++;
+            if (src_coap_msg_ptr->content_type_len > 2) {
+                return 0;
+            }
+
+            returned_byte_count += src_coap_msg_ptr->content_type_len;
+        }
+
+        /* If options list pointer exists */
+        if (src_coap_msg_ptr->options_list_ptr != NULL) {
+            /* ACCEPT - Repeatable option. Length of this option is 0-2 bytes */
+            if (src_coap_msg_ptr->options_list_ptr->accept_ptr != NULL) {
+                repeatable_option_size = sn_coap_builder_options_calc_option_size(src_coap_msg_ptr->options_list_ptr->accept_len,
+                                         src_coap_msg_ptr->options_list_ptr->accept_ptr, COAP_OPTION_ACCEPT);
+                if (repeatable_option_size) {
+                    returned_byte_count += repeatable_option_size;
+                } else {
+                    return 0;
+                }
+            }
+
+            /* MAX AGE - Length of this option is 0-4 bytes */
+            if (src_coap_msg_ptr->options_list_ptr->max_age_ptr != NULL) {
+                returned_byte_count++;
+                if (src_coap_msg_ptr->options_list_ptr->max_age_len > 4) {
+                    return 0;
+                }
+
+                returned_byte_count += src_coap_msg_ptr->options_list_ptr->max_age_len;
+            }
+
+            /* PROXY URI - Length of this option is  1-1034 bytes */
+            if (src_coap_msg_ptr->options_list_ptr->proxy_uri_ptr != NULL) {
+                if (src_coap_msg_ptr->options_list_ptr->proxy_uri_len >= 1 && src_coap_msg_ptr->options_list_ptr->proxy_uri_len <= 12) {            /* Add option header byte(s) - depending of option length */
+                    returned_byte_count++;
+                }
+
+                else if (src_coap_msg_ptr->options_list_ptr->proxy_uri_len >= 13 && src_coap_msg_ptr->options_list_ptr->proxy_uri_len <= 269) {
+                    returned_byte_count += 2;
+                }
+
+                else if (src_coap_msg_ptr->options_list_ptr->proxy_uri_len >= 270 && src_coap_msg_ptr->options_list_ptr->proxy_uri_len <= 1034) {
+                    returned_byte_count += 3;
+                }
+
+                else {
+                    return 0;
+                }
+
+                /* Add needed memory for Option value */
+                returned_byte_count += src_coap_msg_ptr->options_list_ptr->proxy_uri_len;
+            }
+
+            /* ETAG - Repeatable option. Length of this option is 1-8 bytes*/
+            if (src_coap_msg_ptr->options_list_ptr->etag_ptr != NULL) {
+                repeatable_option_size = sn_coap_builder_options_calc_option_size(src_coap_msg_ptr->options_list_ptr->etag_len,
+                                         src_coap_msg_ptr->options_list_ptr->etag_ptr, COAP_OPTION_ETAG);
+                if (repeatable_option_size) {
+                    returned_byte_count += repeatable_option_size;
+                } else {
+                    return 0;
+                }
+            }
+
+            /* URI HOST - Length of this option is 1-255 bytes */
+            if (src_coap_msg_ptr->options_list_ptr->uri_host_ptr != NULL) {
+                if (src_coap_msg_ptr->options_list_ptr->uri_host_len > 0 && src_coap_msg_ptr->options_list_ptr->uri_host_len <= 12) {
+                    returned_byte_count++;
+                }
+
+                else if (src_coap_msg_ptr->options_list_ptr->uri_host_len >= 13 && src_coap_msg_ptr->options_list_ptr->uri_host_len <= 255) {
+                    returned_byte_count += 2;
+                }
+
+                else {
+                    return 0;
+                }
+
+                returned_byte_count += src_coap_msg_ptr->options_list_ptr->uri_host_len;
+            }
+
+            /* LOCATION PATH - Repeatable option. Length of this option is 0-255 bytes*/
+            if (src_coap_msg_ptr->options_list_ptr->location_path_ptr != NULL) {
+                repeatable_option_size = sn_coap_builder_options_calc_option_size(src_coap_msg_ptr->options_list_ptr->location_path_len,
+                                         src_coap_msg_ptr->options_list_ptr->location_path_ptr, COAP_OPTION_LOCATION_PATH);
+                if (repeatable_option_size) {
+                    returned_byte_count += repeatable_option_size;
+                } else {
+                    return 0;
+                }
+            }
+
+            /* URI PORT - Length of this option is 0-2 bytes */
+            if (src_coap_msg_ptr->options_list_ptr->uri_port_ptr != NULL) {
+                returned_byte_count++;
+                if (src_coap_msg_ptr->options_list_ptr->uri_port_len > 2) {
+                    return 0;
+                }
+
+                returned_byte_count += src_coap_msg_ptr->options_list_ptr->uri_port_len;
+            }
+
+            /* lOCATION QUERY - Repeatable option. Length of this option is 0-255 bytes */
+            if (src_coap_msg_ptr->options_list_ptr->location_query_ptr != NULL) {
+                repeatable_option_size = sn_coap_builder_options_calc_option_size(src_coap_msg_ptr->options_list_ptr->location_query_len,
+                                         src_coap_msg_ptr->options_list_ptr->location_query_ptr, COAP_OPTION_LOCATION_QUERY);
+                if (repeatable_option_size) {
+                    returned_byte_count += repeatable_option_size;
+                } else {
+                    return 0;
+                }
+            }
+
+            /* OBSERVE - Length of this option is 0-3 bytes */
+            if (src_coap_msg_ptr->options_list_ptr->observe_ptr != NULL) {
+                returned_byte_count++;
+                if (src_coap_msg_ptr->options_list_ptr->observe_len > 3) {
+                    return 0;
+                }
+
+                returned_byte_count += src_coap_msg_ptr->options_list_ptr->observe_len;
+            } else if (src_coap_msg_ptr->options_list_ptr->observe) {
+                returned_byte_count++;
+            }
+
+            /* URI QUERY - Repeatable option. Length of this option is 1-255 */
+            if (src_coap_msg_ptr->options_list_ptr->uri_query_ptr != NULL) {
+                repeatable_option_size = sn_coap_builder_options_calc_option_size(src_coap_msg_ptr->options_list_ptr->uri_query_len,
+                                         src_coap_msg_ptr->options_list_ptr->uri_query_ptr, COAP_OPTION_URI_QUERY);
+                if (repeatable_option_size) {
+                    returned_byte_count += repeatable_option_size;
+                } else {
+                    return 0;
+                }
+            }
+
+            /* BLOCK 1 - Length of this option is 1-3 bytes*/
+            if (src_coap_msg_ptr->options_list_ptr->block2_ptr != NULL) {
+                returned_byte_count++;
+                if (src_coap_msg_ptr->options_list_ptr->block2_len > 3 || src_coap_msg_ptr->options_list_ptr->block2_len < 1) {
+                    return 0;
+                }
+
+                returned_byte_count += src_coap_msg_ptr->options_list_ptr->block2_len;
+            }
+
+            /* BLOCK 2 - Length of this option is 1-3 bytes*/
+            if (src_coap_msg_ptr->options_list_ptr->block1_ptr != NULL) {
+                returned_byte_count++;
+
+                if (src_coap_msg_ptr->options_list_ptr->block1_len > 3 || src_coap_msg_ptr->options_list_ptr->block1_len < 1) {
+                    return 0;
+                }
+
+                returned_byte_count += src_coap_msg_ptr->options_list_ptr->block1_len;
+            }
+        }
+
+        /* * * * * PAYLOAD * * * * */
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwising is not used at all, this part of code will not be compiled */
+        if ((src_coap_msg_ptr->payload_len > sn_coap_block_data_size) && (sn_coap_block_data_size > 0)) {
+            /* Two bytes for Block option */
+            returned_byte_count += 2;
+
+            if (src_coap_msg_ptr->msg_code < COAP_MSG_CODE_RESPONSE_CREATED) {
+                returned_byte_count += sn_coap_builder_options_calculate_jump_need(src_coap_msg_ptr, 1);
+            } else { /* Response message */
+                returned_byte_count += sn_coap_builder_options_calculate_jump_need(src_coap_msg_ptr, 2);
+            }
+            /* Add maximum payload at one Blockwise message */
+            returned_byte_count += sn_coap_block_data_size;
+            returned_byte_count ++;                 /* For payload marker */
+        } else {
+            returned_byte_count += sn_coap_builder_options_calculate_jump_need(src_coap_msg_ptr, 0);
+            /* Add wanted payload */
+
+            returned_byte_count += src_coap_msg_ptr->payload_len;
+
+            if (src_coap_msg_ptr->payload_len) {
+                returned_byte_count ++;    /* For payload marker */
+            }
+
+        }
+#else
+        returned_byte_count += src_coap_msg_ptr->payload_len;
+        if (src_coap_msg_ptr->payload_len) {
+            returned_byte_count ++;    /* For payload marker */
+        }
+        returned_byte_count += sn_coap_builder_options_calculate_jump_need(src_coap_msg_ptr, 0);
+#endif
+    }
+
+    return returned_byte_count;
+}
+
+/**
+ * \fn static uint8_t sn_coap_builder_options_calculate_jump_need(sn_coap_hdr_s *src_coap_msg_ptr, uint8_t block_option)
+ *
+ * \brief Checks if there is need for option jump
+ *
+ * \param  *src_coap_msg_ptr is source of checked CoAP message
+ *
+ * \param  block option marks if block option is to be added to message later. 0 = no block option, 1 = block1 and 2 = block2
+ *
+ * \return Returns bytes needed for jumping
+ */
+
+static uint8_t sn_coap_builder_options_calculate_jump_need(sn_coap_hdr_s *src_coap_msg_ptr, uint8_t block_option)
+{
+    uint8_t previous_option_number = 0;
+    uint8_t needed_space           = 0;
+
+    if (src_coap_msg_ptr->options_list_ptr != NULL) {
+        /* If option numbers greater than 12 is not used, then jumping is not needed */
+        if (!src_coap_msg_ptr->options_list_ptr->uri_query_ptr       &&
+                !src_coap_msg_ptr->options_list_ptr->accept_ptr         &&
+                !src_coap_msg_ptr->options_list_ptr->location_query_ptr &&
+                !src_coap_msg_ptr->options_list_ptr->block2_ptr         &&
+                !src_coap_msg_ptr->options_list_ptr->block1_ptr         &&
+                !src_coap_msg_ptr->options_list_ptr->proxy_uri_ptr      &&
+                !block_option                                           &&
+                !src_coap_msg_ptr->options_list_ptr->max_age_ptr) {
+            return 0;
+        }
+
+        if (src_coap_msg_ptr->options_list_ptr->uri_host_ptr != NULL) {
+            previous_option_number = (COAP_OPTION_URI_HOST);
+        }
+
+        if (src_coap_msg_ptr->options_list_ptr->etag_ptr != NULL) {
+            previous_option_number = (COAP_OPTION_ETAG);
+        }
+
+        if ((src_coap_msg_ptr->options_list_ptr->observe_ptr != NULL) || (src_coap_msg_ptr->options_list_ptr->observe)) {
+            previous_option_number = (COAP_OPTION_OBSERVE);
+        }
+
+        if (src_coap_msg_ptr->options_list_ptr->uri_port_ptr != NULL) {
+            previous_option_number = (COAP_OPTION_URI_PORT);
+        }
+
+        if (src_coap_msg_ptr->options_list_ptr->location_path_ptr != NULL) {
+            previous_option_number = (COAP_OPTION_LOCATION_PATH);
+        }
+
+        if (src_coap_msg_ptr->uri_path_ptr != NULL) {
+            previous_option_number = (COAP_OPTION_URI_PATH);
+        }
+        if (src_coap_msg_ptr->content_type_ptr != NULL) {
+            previous_option_number = (COAP_OPTION_CONTENT_FORMAT);
+        }
+        if (src_coap_msg_ptr->options_list_ptr->max_age_ptr != NULL) {
+            if ((COAP_OPTION_MAX_AGE - previous_option_number) > 12) {
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_MAX_AGE);
+        }
+
+        if (src_coap_msg_ptr->options_list_ptr->uri_query_ptr != NULL) {
+            if ((COAP_OPTION_URI_QUERY - previous_option_number) > 12) {
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_URI_QUERY);
+        }
+        if (src_coap_msg_ptr->options_list_ptr->accept_ptr != NULL) {
+            if ((COAP_OPTION_ACCEPT - previous_option_number) > 12) {
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_ACCEPT);
+        }
+        if (src_coap_msg_ptr->options_list_ptr->location_query_ptr != NULL) {
+            if ((COAP_OPTION_LOCATION_QUERY - previous_option_number) > 12) {
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_LOCATION_QUERY);
+        }
+        if (src_coap_msg_ptr->options_list_ptr->block2_ptr != NULL) {
+            if ((COAP_OPTION_BLOCK2 - previous_option_number) > 12 || (block_option == 2 && (COAP_OPTION_BLOCK2 - previous_option_number) > 12)) {
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_BLOCK2);
+        }
+        if (src_coap_msg_ptr->options_list_ptr->block1_ptr != NULL) {
+            if ((COAP_OPTION_BLOCK1 - previous_option_number) > 12 || (block_option == 1 && (COAP_OPTION_BLOCK1 - previous_option_number) > 12)) {
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_BLOCK1);
+        }
+        if (src_coap_msg_ptr->options_list_ptr->proxy_uri_ptr != NULL) {
+            if ((COAP_OPTION_PROXY_URI - previous_option_number) > 12) {
+                needed_space += 1;
+            }
+            if ((COAP_OPTION_PROXY_URI - previous_option_number) > 269) { //Can not happen
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_PROXY_URI);
+        }
+    }
+
+    else {
+        if (src_coap_msg_ptr->uri_path_ptr != 0) {
+            previous_option_number = (COAP_OPTION_URI_PATH);
+        }
+
+        if (src_coap_msg_ptr->content_type_ptr != 0) {
+            previous_option_number = (COAP_OPTION_CONTENT_FORMAT);
+        }
+
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE //block_option 1 & 2 only used if this maro is defined
+        if (block_option == 2) {
+            if ((COAP_OPTION_BLOCK2 - previous_option_number) > 12) {
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_BLOCK2);
+        }
+        if (block_option == 1) {
+            if ((COAP_OPTION_BLOCK1 - previous_option_number) > 12) {
+                needed_space += 1;
+            }
+            previous_option_number = (COAP_OPTION_BLOCK1);
+        }
+#endif
+    }
+    return needed_space;
+}
+
+/**
+ * \fn static int8_t sn_coap_builder_header_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr)
+ *
+ * \brief Builds Header part of Packet data
+ *
+ * \param **dst_packet_data_pptr is destination for built Packet data
+ *
+ * \param *src_coap_msg_ptr is source for building Packet data
+ *
+ * \return Return value is 0 in ok case and -1 in failure case
+ **************************************************************************** */
+static int8_t sn_coap_builder_header_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr)
+{
+    /* * * * Check validity of Header values * * * */
+    if (sn_coap_header_validity_check(src_coap_msg_ptr, COAP_VERSION) != 0) {
+        return -1;
+    }
+
+    /* * * Add CoAP Version * * */
+    **dst_packet_data_pptr += COAP_VERSION;
+
+    /* * * Add Message type * * */
+    **dst_packet_data_pptr += src_coap_msg_ptr->msg_type;
+
+    /* * * Add Token length * * */
+    **dst_packet_data_pptr += (src_coap_msg_ptr->token_len);
+
+    (*dst_packet_data_pptr) ++;
+    /* * * Add Message code * * */
+    **dst_packet_data_pptr = src_coap_msg_ptr->msg_code;
+    (*dst_packet_data_pptr) ++;
+
+    /* * * Add Message ID * * */
+    **dst_packet_data_pptr = (uint8_t)(src_coap_msg_ptr->msg_id >> COAP_HEADER_MSG_ID_MSB_SHIFT); /* MSB part */
+    (*dst_packet_data_pptr) ++;
+    **dst_packet_data_pptr = (uint8_t)src_coap_msg_ptr->msg_id;                                   /* LSB part */
+    (*dst_packet_data_pptr) ++;
+
+    /* Success */
+    return 0;
+}
+
+/**
+ * \fn static int8_t sn_coap_builder_options_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr)
+ *
+ * \brief Builds Options part of Packet data
+ *
+ * \param **dst_packet_data_pptr is destination for built Packet data
+ *
+ * \param *src_coap_msg_ptr is source for building Packet data
+ *
+ * \return Return value is 0 in every case
+ */
+static int8_t sn_coap_builder_options_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr)
+{
+    int16_t ret_status = 0;
+
+    /* * * * Check if Options are used at all  * * * */
+    if (src_coap_msg_ptr->uri_path_ptr == NULL && src_coap_msg_ptr->token_ptr == NULL &&
+            src_coap_msg_ptr->content_type_ptr == NULL && src_coap_msg_ptr->options_list_ptr == NULL) {
+        return 0;
+    }
+
+    /* * * * First add Token option  * * * */
+    if (src_coap_msg_ptr->token_len && src_coap_msg_ptr->token_ptr) {
+        memcpy(*dst_packet_data_pptr, src_coap_msg_ptr->token_ptr, src_coap_msg_ptr->token_len);
+    }
+    (*dst_packet_data_pptr) += src_coap_msg_ptr->token_len;
+
+    /* Then build rest of the options */
+
+    /* * * * Initialize previous Option number for new built message * * * */
+    global_previous_option_number = 0;
+
+    //missing: COAP_OPTION_IF_MATCH, COAP_OPTION_IF_NONE_MATCH, COAP_OPTION_SIZE
+
+    /* Check if less used options are used at all */
+    if (src_coap_msg_ptr->options_list_ptr != NULL) {
+        /* * * * Build Uri-Host option * * * */
+        sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, src_coap_msg_ptr->options_list_ptr->uri_host_len,
+                     src_coap_msg_ptr->options_list_ptr->uri_host_ptr, COAP_OPTION_URI_HOST);
+
+        /* * * * Build ETag option  * * * */
+        sn_coap_builder_options_build_add_multiple_option(dst_packet_data_pptr, &src_coap_msg_ptr->options_list_ptr->etag_ptr,
+                     (uint16_t *)&src_coap_msg_ptr->options_list_ptr->etag_len, COAP_OPTION_ETAG);
+
+        /* * * * Build Observe option  * * * * */
+        ret_status = sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, src_coap_msg_ptr->options_list_ptr->observe_len,
+                     src_coap_msg_ptr->options_list_ptr->observe_ptr, COAP_OPTION_OBSERVE);
+        if (ret_status == 0) {
+            sn_coap_builder_options_build_add_zero_length_option(dst_packet_data_pptr, src_coap_msg_ptr->options_list_ptr->observe_len, src_coap_msg_ptr->options_list_ptr->observe, COAP_OPTION_OBSERVE);
+        }
+
+        /* * * * Build Uri-Port option * * * */
+        sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, src_coap_msg_ptr->options_list_ptr->uri_port_len,
+                     src_coap_msg_ptr->options_list_ptr->uri_port_ptr, COAP_OPTION_URI_PORT);
+
+        /* * * * Build Location-Path option  * * * */
+        sn_coap_builder_options_build_add_multiple_option(dst_packet_data_pptr, &src_coap_msg_ptr->options_list_ptr->location_path_ptr,
+                     &src_coap_msg_ptr->options_list_ptr->location_path_len, COAP_OPTION_LOCATION_PATH);
+    }
+    /* * * * Build Uri-Path option * * * */
+    sn_coap_builder_options_build_add_multiple_option(dst_packet_data_pptr, &src_coap_msg_ptr->uri_path_ptr,
+                 &src_coap_msg_ptr->uri_path_len, COAP_OPTION_URI_PATH);
+
+    /* * * * Build Content-Type option * * * */
+    sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, src_coap_msg_ptr->content_type_len,
+                 src_coap_msg_ptr->content_type_ptr, COAP_OPTION_CONTENT_FORMAT);
+
+    if (src_coap_msg_ptr->options_list_ptr != NULL) {
+        /* * * * Build Max-Age option  * * * */
+        sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, src_coap_msg_ptr->options_list_ptr->max_age_len,
+                     src_coap_msg_ptr->options_list_ptr->max_age_ptr, COAP_OPTION_MAX_AGE);
+
+        /* * * * Build Uri-Query option  * * * * */
+        sn_coap_builder_options_build_add_multiple_option(dst_packet_data_pptr, &src_coap_msg_ptr->options_list_ptr->uri_query_ptr,
+                     &src_coap_msg_ptr->options_list_ptr->uri_query_len, COAP_OPTION_URI_QUERY);
+
+        /* * * * Build Accept option  * * * * */
+        sn_coap_builder_options_build_add_multiple_option(dst_packet_data_pptr, &src_coap_msg_ptr->options_list_ptr->accept_ptr,
+                     (uint16_t *)&src_coap_msg_ptr->options_list_ptr->accept_len, COAP_OPTION_ACCEPT);
+    }
+
+    if (src_coap_msg_ptr->options_list_ptr != NULL) {
+        /* * * * Build Location-Query option * * * */
+        sn_coap_builder_options_build_add_multiple_option(dst_packet_data_pptr, &src_coap_msg_ptr->options_list_ptr->location_query_ptr,
+                     &src_coap_msg_ptr->options_list_ptr->location_query_len, COAP_OPTION_LOCATION_QUERY);
+
+        /* * * * Build Block2 option * * * * */
+        sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, src_coap_msg_ptr->options_list_ptr->block2_len,
+                     src_coap_msg_ptr->options_list_ptr->block2_ptr, COAP_OPTION_BLOCK2);
+
+        /* * * * Build Block1 option * * * * */
+        sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, src_coap_msg_ptr->options_list_ptr->block1_len,
+                     src_coap_msg_ptr->options_list_ptr->block1_ptr, COAP_OPTION_BLOCK1);
+
+        /* * * * Build Proxy-Uri option * * * */
+        sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, src_coap_msg_ptr->options_list_ptr->proxy_uri_len,
+                     src_coap_msg_ptr->options_list_ptr->proxy_uri_ptr, COAP_OPTION_PROXY_URI);
+    }
+
+    /* Success */
+    return 0;
+}
+
+/**
+ * \fn static int16_t sn_coap_builder_options_build_add_one_option(uint8_t **dst_packet_data_pptr, uint16_t option_value_len, uint8_t *option_value_ptr, sn_coap_option_numbers_e option_number)
+ *
+ * \brief Adds Options part of Packet data
+ *
+ * \param **dst_packet_data_pptr is destination for built Packet data
+ *
+ * \param option_value_len is Option value length to be added
+ *
+ * \param *option_value_ptr is pointer to Option value data to be added
+ *
+ * \param option_number is Option number to be added
+ *
+ * \return Return value is 0 if option was not added, 1 if added
+ */
+static int16_t sn_coap_builder_options_build_add_one_option(uint8_t **dst_packet_data_pptr, uint16_t option_len,
+        uint8_t *option_ptr, sn_coap_option_numbers_e option_number)
+{
+    /* Check if there is option at all */
+    if (option_ptr != NULL) {
+        uint16_t option_delta;
+
+        option_delta = (option_number - global_previous_option_number);
+
+        /* * * Build option header * * */
+
+        /* First option length without extended part */
+        if (option_len <= 12) {
+            **dst_packet_data_pptr = option_len;
+        }
+
+        else if (option_len > 12 && option_len < 269) {
+            **dst_packet_data_pptr = 0x0D;
+        }
+
+        else if (option_len >= 269) {
+            **dst_packet_data_pptr = 0x0E;
+        }
+
+        /* Then option delta with extensions, and move pointer */
+        if (option_delta <= 12) {
+            **dst_packet_data_pptr += (option_delta << 4);
+            *dst_packet_data_pptr += 1;
+        }
+
+        else if (option_delta > 12 && option_delta < 269) {
+            **dst_packet_data_pptr += 0xD0;
+            option_delta -= 13;
+
+            *(*dst_packet_data_pptr + 1) = (uint8_t)option_delta;
+            *dst_packet_data_pptr += 2;
+        }
+        //This is currently dead code (but possibly needed in future)
+        else if (option_delta >= 269) {
+            **dst_packet_data_pptr += 0xE0;
+            option_delta -= 269;
+
+            *(*dst_packet_data_pptr + 2) = (uint8_t)option_delta;
+            *(*dst_packet_data_pptr + 1) = (option_delta >> 8);
+            *dst_packet_data_pptr += 3;
+        }
+
+        /* Now option length extensions, if needed */
+        if (option_len > 12 && option_len < 269) {
+            **dst_packet_data_pptr = (uint8_t)(option_len - 13);
+            *dst_packet_data_pptr += 1;
+        }
+
+        else if (option_len >= 269) {
+            *(*dst_packet_data_pptr + 1) = (uint8_t)(option_len - 269);
+            **dst_packet_data_pptr = ((option_len - 269) >> 8);
+            *dst_packet_data_pptr += 2;
+        }
+
+        global_previous_option_number = option_number;
+
+        /* Write Option value */
+        memcpy(*dst_packet_data_pptr, option_ptr, option_len);
+
+        /* Increase destination Packet data pointer */
+        (*dst_packet_data_pptr) += option_len;
+
+        return 1;
+    }
+
+    /* Success */
+    return 0;
+}
+
+/*
+ * @return 1 if was added 0 otherwise
+*/
+int16_t sn_coap_builder_options_build_add_zero_length_option(uint8_t **dst_packet_data_pptr, uint8_t option_length, uint8_t option_exist, sn_coap_option_numbers_e option_number)
+{
+    if ((option_exist != 0) && (option_length == 0)) {
+        uint16_t option_delta;
+
+        option_delta = (option_number - global_previous_option_number);
+
+        /* * * Build option header * * */
+
+        /* First option length without extended part */
+        **dst_packet_data_pptr = 0;
+
+        /* Then option delta with extensions, and move pointer */
+        if (option_delta <= 12) {
+            **dst_packet_data_pptr += (option_delta << 4);
+            *dst_packet_data_pptr += 1;
+        }
+        //Cannot happen currently -->
+        else if (option_delta > 12 && option_delta < 269) {
+            **dst_packet_data_pptr += 0xD0;
+            option_delta -= 13;
+
+            *(*dst_packet_data_pptr + 1) = (uint8_t)option_delta;
+            *dst_packet_data_pptr += 2;
+        }
+
+        else if (option_delta >= 269) {
+            **dst_packet_data_pptr += 0xE0;
+            option_delta -= 269;
+
+            *(*dst_packet_data_pptr + 2) = (uint8_t)option_delta;
+            *(*dst_packet_data_pptr + 1) = (option_delta >> 8);
+            *dst_packet_data_pptr += 3;
+        }
+        //<-- Cannot happen currently
+
+        global_previous_option_number = option_number;
+
+        return 1;
+    }
+    return 0;
+}
+
+/**
+ * \fn static int16_t sn_coap_builder_options_build_add_multiple_option(uint8_t **dst_packet_data_pptr, uint8_t **src_pptr, uint16_t *src_len_ptr, sn_coap_option_numbers_e option)
+ *
+ * \brief Builds Option Uri-Query from given CoAP Header structure to Packet data
+ *
+ * \param **dst_packet_data_pptr is destination for built Packet data
+ *
+ * \param uint8_t **src_pptr
+ *
+ *  \param uint16_t *src_len_ptr
+ *
+ *  \paramsn_coap_option_numbers_e option option to be added
+ *
+ * \return Return value is 0 always
+ */
+static int16_t sn_coap_builder_options_build_add_multiple_option(uint8_t **dst_packet_data_pptr, uint8_t **src_pptr, uint16_t *src_len_ptr, sn_coap_option_numbers_e option)
+{
+    /* Check if there is option at all */
+    if (*src_pptr != NULL) {
+        uint8_t    *query_ptr               = *src_pptr;
+        uint8_t     query_part_count        = 0;
+        uint16_t    query_len               = *src_len_ptr;
+        uint8_t     i                       = 0;
+        uint16_t    query_part_offset       = 0;
+
+        /* Get query part count */
+        query_part_count = sn_coap_builder_options_get_option_part_count(query_len, query_ptr, option);
+
+        /* * * * Options by adding all parts to option * * * */
+        for (i = 0; i < query_part_count; i++) {
+            /* Get length of query part */
+            uint16_t one_query_part_len = sn_coap_builder_options_get_option_part_length_from_whole_option_string(query_len, query_ptr, i, option);
+
+            /* Get position of query part */
+            query_part_offset = sn_coap_builder_options_get_option_part_position(query_len, query_ptr, i, option);
+
+            /* Add Uri-query's one part to Options */
+            sn_coap_builder_options_build_add_one_option(dst_packet_data_pptr, one_query_part_len, *src_pptr + query_part_offset, option);
+        }
+    }
+    /* Success */
+    return 0;
+}
+
+
+/**
+ * \fn static uint16_t sn_coap_builder_options_calc_option_size(uint16_t query_len, uint8_t *query_ptr, sn_coap_option_numbers_e option)
+ *
+ * \brief Calculates needed Packet data memory size for option
+ *
+ * \param path_len is length of calculated strting(s)
+ *
+ * \param *path_ptr is pointer to calculated options
+ *
+ * \return Return value is count of needed memory as bytes for Uri-query option
+ */
+static uint16_t sn_coap_builder_options_calc_option_size(uint16_t query_len, uint8_t *query_ptr, sn_coap_option_numbers_e option)
+{
+    uint8_t     query_part_count    = sn_coap_builder_options_get_option_part_count(query_len, query_ptr, option);
+    uint8_t     i                   = 0;
+    uint16_t    ret_value           = 0;
+
+    /* * * * * * * * * * * * * * * * * * * * * * * * */
+    /* * * * Calculate Uri-query options length  * * */
+    /* * * * * * * * * * * * * * * * * * * * * * * * */
+    for (i = 0; i < query_part_count; i++) {
+        /* * * Length of Option number and Option value length * * */
+
+        /* Get length of Query part */
+        uint16_t one_query_part_len = sn_coap_builder_options_get_option_part_length_from_whole_option_string(query_len, query_ptr, i, option);
+
+        /* Check option length */
+        switch (option) {
+            case (COAP_OPTION_ETAG):            /* Length 1-8 */
+                if (one_query_part_len < 1 || one_query_part_len > 8) {
+                    return 0;
+                }
+                break;
+            case (COAP_OPTION_LOCATION_PATH):   /* Length 0-255 */
+            case (COAP_OPTION_URI_PATH):        /* Length 0-255 */
+            case (COAP_OPTION_LOCATION_QUERY):  /* Length 0-255 */
+                if (one_query_part_len > 255) {
+                    return 0;
+                }
+                break;
+            case (COAP_OPTION_URI_QUERY):       /* Length 1-255 */
+                if (one_query_part_len < 1 || one_query_part_len > 255) {
+                    return 0;
+                }
+                break;
+            case (COAP_OPTION_ACCEPT):          /* Length 0-2 */
+                if (one_query_part_len > 2) {
+                    return 0;
+                }
+                break;
+            default:
+                break; //impossible scenario currently
+        }
+
+        /* Check if 4 bits are enough for writing Option value length */
+        if (one_query_part_len <= 12) {
+            /* 4 bits are enough for Option value length */
+            ret_value++;
+        } else if (one_query_part_len >= 13 && one_query_part_len < 269) {
+            /* Extra byte for Option value length is needed */
+            ret_value += 2;
+        }
+        //This can only happen if we are in default case above, currently is not happening
+        else if (one_query_part_len >= 270 && one_query_part_len < 1034) {
+            /* Extra bytes for Option value length is needed */
+            ret_value += 3;
+        }
+
+
+        /* * * Length of Option value * * */
+
+        /* Increase options length */
+        ret_value += one_query_part_len;
+    }
+
+    /* Success */
+    return ret_value;
+}
+
+
+
+/**
+ * \fn static uint8_t sn_coap_builder_options_get_option_part_count(uint16_t query_len, uint8_t *query_ptr, sn_coap_option_numbers_e option)
+ *
+ * \brief Gets query part count from whole option string
+ *
+ * \param query_len is length of whole Path
+ *
+ * \param *query_ptr is pointer to the start of whole Path
+ *
+ * \return Return value is count of query parts
+ */
+static uint8_t sn_coap_builder_options_get_option_part_count(uint16_t query_len, uint8_t *query_ptr, sn_coap_option_numbers_e option)
+{
+    uint8_t  returned_query_count = 0;
+    uint16_t query_len_index      = 0;
+    uint8_t  char_to_search       = '&';
+
+    if (option == COAP_OPTION_URI_PATH || option == COAP_OPTION_LOCATION_PATH) {
+        char_to_search = '/';
+    }
+
+    /* Loop whole query and search '\0' characters (not first and last char) */
+    for (query_len_index = 1; query_len_index < query_len - 1; query_len_index++) {
+        /* If new query part starts */
+        if (*(query_ptr + query_len_index) == char_to_search) { /* If match */
+            returned_query_count++;
+        }
+    }
+
+    returned_query_count++;
+
+    return returned_query_count;
+}
+
+/**
+ * \fn static uint16_t sn_coap_builder_options_get_option_part_length_from_whole_option_string(uint16_t query_len,
+                                                                             uint8_t *query_ptr,
+                                                                             uint8_t query_index, sn_coap_option_numbers_e option)
+ *
+ * \brief Gets one's query part length from whole query string
+ *
+ * \param query_len is length of whole string
+ *
+ * \param *query_ptr is pointer to the start of whole string
+ *
+ * \param query_index is query part index to be found
+ *
+ * \param sn_coap_option_numbers_e option is option number of the option
+ *
+ * \return Return value is length of query part
+ */
+static uint16_t sn_coap_builder_options_get_option_part_length_from_whole_option_string(uint16_t query_len, uint8_t *query_ptr,
+        uint8_t query_index, sn_coap_option_numbers_e option)
+{
+    uint16_t returned_query_part_len = 0;
+    uint8_t  temp_query_index        = 0;
+    uint16_t query_len_index         = 0;
+    uint8_t  char_to_search          = '&';
+
+    if (option == COAP_OPTION_URI_PATH || option == COAP_OPTION_LOCATION_PATH) {
+        char_to_search = '/';
+    }
+
+    /* Loop whole query and search '\0' characters */
+    for (query_len_index = 0; query_len_index < query_len; query_len_index++) {
+        /* Store character to temp_char for helping debugging */
+        uint8_t temp_char = *query_ptr;
+
+        /* If new query part starts */
+        if (temp_char == char_to_search && returned_query_part_len > 0) { /* returned_query_part_len > 0 is for querys which start with "\0" */
+            /* If query part index is wanted */
+            if (temp_query_index == query_index) {
+                /* Return length of query part */
+                return returned_query_part_len;
+            } else {
+                /* Reset length of query part because wanted query part finding continues*/
+                returned_query_part_len = 0;
+            }
+
+            /* Next query part is looped */
+            temp_query_index++;
+        } else if (temp_char != char_to_search) { /* Else if query part continues */
+            /* Increase query part length */
+            returned_query_part_len++;
+        }
+
+        query_ptr++;
+    }
+
+    /* Return length of query part in cases that query part does not finish to '\0' character (last query part can be like that) */
+    return returned_query_part_len;
+}
+
+/**
+ * \fn static uint16_t sn_coap_builder_options_get_option_part_position(uint16_t query_len,
+                                                               uint8_t *query_ptr,
+                                                               uint8_t query_index, sn_coap_option_numbers_e option)
+ *
+ * \brief Gets query part position in whole query
+ *
+ * \param query_len is length of whole query
+ *
+ * \param *query_ptr is pointer to the start of whole query
+ *
+ * \param query_index is query part index to be found
+ *
+ * \return Return value is position (= offset) of query part in whole query. In
+ *         fail cases -1 is returned.
+ */
+static int16_t sn_coap_builder_options_get_option_part_position(uint16_t query_len, uint8_t *query_ptr,
+        uint8_t query_index, sn_coap_option_numbers_e option)
+{
+    uint16_t returned_query_part_offset = 0;
+    uint8_t  temp_query_index           = 0;
+    uint16_t query_len_index            = 0;
+    uint8_t  char_to_search             = '&';
+
+    if (option == COAP_OPTION_URI_PATH || option == COAP_OPTION_LOCATION_PATH) {
+        char_to_search = '/';
+    }
+
+    if (query_index == 0) {
+        if (*query_ptr == 0 || *query_ptr == char_to_search) {
+            return 1;
+        } else {
+            return 0;
+        }
+    }
+
+    /* Loop whole query and search separator characters */
+    for (query_len_index = 0; query_len_index < query_len; query_len_index++) {
+        /* Store character to temp_char for helping debugging */
+        uint8_t temp_char = *query_ptr;
+
+        /* If new query part starts */
+        if (temp_char == char_to_search && returned_query_part_offset > 0) { /* returned_query_part_offset > 0 is for querys which start with searched char */
+            /* If query part index is wanted */
+            if (temp_query_index == (query_index - 1)) {
+                /* Return offset of query part */
+                return (returned_query_part_offset + 1); /* Plus one is for passing separator */
+            }
+
+            /* Next query part is looped */
+            temp_query_index++;
+        }
+
+        returned_query_part_offset++;
+
+        query_ptr++;
+    }
+
+    return -1; //Dead code?
+}
+
+
+/**
+ * \fn static void sn_coap_builder_payload_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr)
+ *
+ * \brief Builds Options part of Packet data
+ *
+ * \param **dst_packet_data_pptr is destination for built Packet data
+ *
+ * \param *src_coap_msg_ptr is source for building Packet data
+ */
+static void sn_coap_builder_payload_build(uint8_t **dst_packet_data_pptr, sn_coap_hdr_s *src_coap_msg_ptr)
+{
+    /* Check if Payload is used at all */
+    if (src_coap_msg_ptr->payload_ptr != NULL) {
+        /* Write Payload marker */
+
+        **dst_packet_data_pptr = 0xff;
+        (*dst_packet_data_pptr)++;
+
+        /* Write Payload */
+        memcpy(*dst_packet_data_pptr, src_coap_msg_ptr->payload_ptr, src_coap_msg_ptr->payload_len);
+
+        /* Increase destination Packet data pointer */
+        (*dst_packet_data_pptr) += src_coap_msg_ptr->payload_len;
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libCoap/src/sn_coap_header_check.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file sn_coap_header_check.c
+ *
+ * \brief CoAP Header validity checker
+ *
+ * Functionality: Checks validity of CoAP Header
+ *
+ */
+
+/* * * * INCLUDE FILES * * * */
+#include "ns_types.h"
+#include "sn_nsdl.h"
+#include "sn_coap_header.h"
+#include "sn_coap_protocol.h"
+#include "sn_coap_header_internal.h"
+#include "sn_coap_protocol_internal.h"
+
+/**
+ * \fn int8_t sn_coap_header_validity_check(sn_coap_hdr_s *src_coap_msg_ptr, coap_version_e coap_version)
+ *
+ * \brief Checks validity of given Header
+ *
+ * \param *src_coap_msg_ptr is source for building Packet data
+ * \param coap_version is version of used CoAP specification
+ *
+ * \return Return value is status of validity check. In ok cases 0 and in
+ *         failure cases -1
+ */
+int8_t sn_coap_header_validity_check(sn_coap_hdr_s *src_coap_msg_ptr, coap_version_e coap_version)
+{
+    /* * Check validity of CoAP Version * */
+    if (coap_version != COAP_VERSION_1) {
+        return -1;
+    }
+
+    /* * Check validity of Message type * */
+    switch (src_coap_msg_ptr->msg_type) {
+        case COAP_MSG_TYPE_CONFIRMABLE:
+        case COAP_MSG_TYPE_NON_CONFIRMABLE:
+        case COAP_MSG_TYPE_ACKNOWLEDGEMENT:
+        case COAP_MSG_TYPE_RESET:
+            break;      /* Ok cases */
+        default:
+            return -1;      /* Failed case */
+    }
+
+    /* * Check validity of Message code * */
+    switch (src_coap_msg_ptr->msg_code) {
+        case COAP_MSG_CODE_EMPTY:
+        case COAP_MSG_CODE_REQUEST_GET:
+        case COAP_MSG_CODE_REQUEST_POST:
+        case COAP_MSG_CODE_REQUEST_PUT:
+        case COAP_MSG_CODE_REQUEST_DELETE:
+        case COAP_MSG_CODE_RESPONSE_CREATED:
+        case COAP_MSG_CODE_RESPONSE_DELETED:
+        case COAP_MSG_CODE_RESPONSE_VALID:
+        case COAP_MSG_CODE_RESPONSE_CHANGED:
+        case COAP_MSG_CODE_RESPONSE_CONTENT:
+        case COAP_MSG_CODE_RESPONSE_BAD_REQUEST:
+        case COAP_MSG_CODE_RESPONSE_UNAUTHORIZED:
+        case COAP_MSG_CODE_RESPONSE_BAD_OPTION:
+        case COAP_MSG_CODE_RESPONSE_FORBIDDEN:
+        case COAP_MSG_CODE_RESPONSE_NOT_FOUND:
+        case COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED:
+        case COAP_MSG_CODE_RESPONSE_NOT_ACCEPTABLE:
+        case COAP_MSG_CODE_RESPONSE_REQUEST_ENTITY_INCOMPLETE:
+        case COAP_MSG_CODE_RESPONSE_PRECONDITION_FAILED:
+        case COAP_MSG_CODE_RESPONSE_REQUEST_ENTITY_TOO_LARGE:
+        case COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT:
+        case COAP_MSG_CODE_RESPONSE_INTERNAL_SERVER_ERROR:
+        case COAP_MSG_CODE_RESPONSE_NOT_IMPLEMENTED:
+        case COAP_MSG_CODE_RESPONSE_BAD_GATEWAY:
+        case COAP_MSG_CODE_RESPONSE_SERVICE_UNAVAILABLE:
+        case COAP_MSG_CODE_RESPONSE_GATEWAY_TIMEOUT:
+        case COAP_MSG_CODE_RESPONSE_PROXYING_NOT_SUPPORTED:
+            break;      /* Ok cases */
+        default:
+            return -1;      /* Failed case */
+    }
+
+    /* Success */
+    return 0;
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libCoap/src/sn_coap_parser.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,750 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ *\file sn_coap_parser.c
+ *
+ * \brief CoAP Header parser
+ *
+ * Functionality: Parses CoAP Header
+ *
+ */
+
+/* * * * * * * * * * * * * * */
+/* * * * INCLUDE FILES * * * */
+/* * * * * * * * * * * * * * */
+
+#include <stdio.h>
+#include <string.h> /* For memset() and memcpy() */
+
+#include "ns_types.h"
+#include "sn_nsdl.h"
+#include "sn_coap_header.h"
+#include "sn_coap_protocol.h"
+#include "sn_coap_header_internal.h"
+#include "sn_coap_protocol_internal.h"
+
+/* * * * * * * * * * * * * * * * * * * * */
+/* * * * LOCAL FUNCTION PROTOTYPES * * * */
+/* * * * * * * * * * * * * * * * * * * * */
+
+static void     sn_coap_parser_header_parse(uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr, coap_version_e *coap_version_ptr);
+static int8_t   sn_coap_parser_options_parse(struct coap_s *handle, uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr, uint8_t *packet_data_start_ptr, uint16_t packet_len);
+static int8_t   sn_coap_parser_options_parse_multiple_options(struct coap_s *handle, uint8_t **packet_data_pptr, uint16_t packet_left_len,  uint8_t **dst_pptr, uint16_t *dst_len_ptr, sn_coap_option_numbers_e option, uint16_t option_number_len);
+static int16_t  sn_coap_parser_options_count_needed_memory_multiple_option(uint8_t *packet_data_ptr, uint16_t packet_left_len, sn_coap_option_numbers_e option, uint16_t option_number_len);
+static int8_t   sn_coap_parser_payload_parse(uint16_t packet_data_len, uint8_t *packet_data_start_ptr, uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr);
+
+sn_coap_hdr_s *sn_coap_parser(struct coap_s *handle, uint16_t packet_data_len, uint8_t *packet_data_ptr, coap_version_e *coap_version_ptr)
+{
+    uint8_t       *data_temp_ptr                    = packet_data_ptr;
+    sn_coap_hdr_s *parsed_and_returned_coap_msg_ptr = NULL;
+
+    /* * * * Check given pointer * * * */
+    if (packet_data_ptr == NULL || packet_data_len < 4 || handle == NULL) {
+        return NULL;
+    }
+
+    /* * * * Allocate memory for parsed and returned CoAP message and initialize allocated memory with with zero values  * * * */
+    parsed_and_returned_coap_msg_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_hdr_s));
+
+    if (parsed_and_returned_coap_msg_ptr == NULL) {
+        return NULL;
+    }
+
+    memset(parsed_and_returned_coap_msg_ptr, 0x00, sizeof(sn_coap_hdr_s));
+
+
+    /* * * * Header parsing, move pointer over the header...  * * * */
+    sn_coap_parser_header_parse(&data_temp_ptr, parsed_and_returned_coap_msg_ptr, coap_version_ptr);
+
+
+    /* * * * Options parsing, move pointer over the options... * * * */
+    if (sn_coap_parser_options_parse(handle, &data_temp_ptr, parsed_and_returned_coap_msg_ptr, packet_data_ptr, packet_data_len) != 0) {
+        /* Release memory of CoAP message */
+        sn_coap_parser_release_allocated_coap_msg_mem(handle, parsed_and_returned_coap_msg_ptr);
+        return NULL;
+    }
+
+    /* * * * Payload parsing * * * */
+    if (sn_coap_parser_payload_parse(packet_data_len, packet_data_ptr, &data_temp_ptr, parsed_and_returned_coap_msg_ptr) == -1) {
+        /* Release memory of CoAP message */
+        sn_coap_parser_release_allocated_coap_msg_mem(handle, parsed_and_returned_coap_msg_ptr);
+        return NULL;
+    }
+    /* * * * Return parsed CoAP message  * * * * */
+    return parsed_and_returned_coap_msg_ptr;
+}
+
+void sn_coap_parser_release_allocated_coap_msg_mem(struct coap_s *handle, sn_coap_hdr_s *freed_coap_msg_ptr)
+{
+    if (handle == NULL) {
+        return;
+    }
+
+    if (freed_coap_msg_ptr != NULL) {
+        if (freed_coap_msg_ptr->uri_path_ptr != NULL) {
+            handle->sn_coap_protocol_free(freed_coap_msg_ptr->uri_path_ptr);
+        }
+
+        if (freed_coap_msg_ptr->token_ptr != NULL) {
+            handle->sn_coap_protocol_free(freed_coap_msg_ptr->token_ptr);
+        }
+
+        if (freed_coap_msg_ptr->content_type_ptr != NULL) {
+            handle->sn_coap_protocol_free(freed_coap_msg_ptr->content_type_ptr);
+        }
+
+        if (freed_coap_msg_ptr->options_list_ptr != NULL) {
+            if (freed_coap_msg_ptr->options_list_ptr->max_age_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->max_age_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->proxy_uri_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->proxy_uri_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->etag_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->etag_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->uri_host_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->uri_host_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->location_path_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->location_path_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->uri_port_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->uri_port_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->location_query_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->location_query_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->observe_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->observe_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->uri_query_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->uri_query_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->block2_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->block2_ptr);
+            }
+
+            if (freed_coap_msg_ptr->options_list_ptr->block1_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->block1_ptr);
+            }
+            if (freed_coap_msg_ptr->options_list_ptr->accept_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr->accept_ptr);
+            }
+
+            handle->sn_coap_protocol_free(freed_coap_msg_ptr->options_list_ptr);
+        }
+
+        handle->sn_coap_protocol_free(freed_coap_msg_ptr);
+    }
+}
+
+/**
+ * \fn static void sn_coap_parser_header_parse(uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr, coap_version_e *coap_version_ptr)
+ *
+ * \brief Parses CoAP message's Header part from given Packet data
+ *
+ * \param **packet_data_ptr is source for Packet data to be parsed to CoAP message
+ *
+ * \param *dst_coap_msg_ptr is destination for parsed CoAP message
+ *
+ * \param *coap_version_ptr is destination for parsed CoAP specification version
+ */
+static void sn_coap_parser_header_parse(uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr, coap_version_e *coap_version_ptr)
+{
+    /* Parse CoAP Version and message type*/
+    *coap_version_ptr = (coap_version_e)(**packet_data_pptr & COAP_HEADER_VERSION_MASK);
+    dst_coap_msg_ptr->msg_type = (sn_coap_msg_type_e)(**packet_data_pptr & COAP_HEADER_MSG_TYPE_MASK);
+    (*packet_data_pptr) += 1;
+
+    /* Parse Message code */
+    dst_coap_msg_ptr->msg_code = (sn_coap_msg_code_e) **packet_data_pptr;
+    (*packet_data_pptr) += 1;
+
+    /* Parse Message ID */
+    dst_coap_msg_ptr->msg_id = *(*packet_data_pptr + 1);
+    dst_coap_msg_ptr->msg_id += **packet_data_pptr << COAP_HEADER_MSG_ID_MSB_SHIFT;
+    (*packet_data_pptr) += 2;
+
+}
+
+/**
+ * \fn static uint8_t sn_coap_parser_options_parse(uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr)
+ *
+ * \brief Parses CoAP message's Options part from given Packet data
+ *
+ * \param **packet_data_pptr is source of Packet data to be parsed to CoAP message
+ * \param *dst_coap_msg_ptr is destination for parsed CoAP message
+ *
+ * \return Return value is 0 in ok case and -1 in failure case
+ */
+static int8_t sn_coap_parser_options_parse(struct coap_s *handle, uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr, uint8_t *packet_data_start_ptr, uint16_t packet_len)
+{
+    uint8_t previous_option_number = 0;
+    uint8_t i                      = 0;
+    int8_t  ret_status             = 0;
+    uint16_t message_left          = 0;
+
+    /*  Parse token, if exists  */
+    dst_coap_msg_ptr->token_len = *packet_data_start_ptr & COAP_HEADER_TOKEN_LENGTH_MASK;
+
+    if (dst_coap_msg_ptr->token_len) {
+        if ((dst_coap_msg_ptr->token_len > 8) || dst_coap_msg_ptr->token_ptr) {
+            return -1;
+        }
+
+        dst_coap_msg_ptr->token_ptr = handle->sn_coap_protocol_malloc(dst_coap_msg_ptr->token_len);
+
+        if (dst_coap_msg_ptr->token_ptr == NULL) {
+            return -1;
+        }
+
+        memcpy(dst_coap_msg_ptr->token_ptr, *packet_data_pptr, dst_coap_msg_ptr->token_len);
+        (*packet_data_pptr) += dst_coap_msg_ptr->token_len;
+    }
+
+    message_left = packet_len - ((*packet_data_pptr) - packet_data_start_ptr);
+
+    /* Loop all Options */
+    while (message_left && (**packet_data_pptr != 0xff)) {
+
+        /* Get option length WITHOUT extensions */
+        uint16_t option_len = (**packet_data_pptr & 0x0F);
+
+        /* Option number length 15 is reserved for the future use - ERROR */
+        if (option_len == 15) {
+            return -1;
+        }
+
+        /* Resolve option delta */
+        uint16_t  option_number = (**packet_data_pptr >> COAP_OPTIONS_OPTION_NUMBER_SHIFT);
+
+        if (option_number == 13) {
+            option_number = *(*packet_data_pptr + 1) + 13;
+            (*packet_data_pptr)++;
+        } else if (option_number == 14) {
+            option_number = *(*packet_data_pptr + 2);
+            option_number += (*(*packet_data_pptr + 1) << 8) + 269;
+            (*packet_data_pptr) += 2;
+        }
+        /* Option number 15 reserved for payload marker. This is handled as a error! */
+        else if (option_number == 15) {
+            return -1;
+        }
+
+        /* Add previous option to option delta and get option number */
+        option_number += previous_option_number;
+
+        /* Add possible option length extension to resolve full length of the option */
+        if (option_len == 13) {
+            option_len = *(*packet_data_pptr + 1) + 13;
+            (*packet_data_pptr)++;
+        } else if (option_len == 14) {
+            option_len = *(*packet_data_pptr + 2);
+            option_len += (*(*packet_data_pptr + 1) << 8) + 269;
+            (*packet_data_pptr) += 2;
+        }
+
+
+        /* * * Parse option itself * * */
+        /* Some options are handled independently in own functions */
+        previous_option_number = option_number;
+
+        /* Allocate options_list_ptr if needed */
+        switch (option_number) {
+            case COAP_OPTION_MAX_AGE:
+            case COAP_OPTION_PROXY_URI:
+            case COAP_OPTION_ETAG:
+            case COAP_OPTION_URI_HOST:
+            case COAP_OPTION_LOCATION_PATH:
+            case COAP_OPTION_URI_PORT:
+            case COAP_OPTION_LOCATION_QUERY:
+            case COAP_OPTION_OBSERVE:
+            case COAP_OPTION_URI_QUERY:
+            case COAP_OPTION_BLOCK2:
+            case COAP_OPTION_BLOCK1:
+            case COAP_OPTION_ACCEPT:
+                if (dst_coap_msg_ptr->options_list_ptr == NULL) {
+                    dst_coap_msg_ptr->options_list_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_options_list_s));
+                    if (NULL == dst_coap_msg_ptr->options_list_ptr) {
+                        return -1;
+                    }
+                    memset(dst_coap_msg_ptr->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+                }
+                break;
+        }
+
+        /* Parse option */
+        switch (option_number) {
+            case COAP_OPTION_CONTENT_FORMAT:
+                if ((option_len > 2) || (dst_coap_msg_ptr->content_type_ptr)) {
+                    return -1;
+                }
+                dst_coap_msg_ptr->content_type_len = option_len;
+                (*packet_data_pptr)++;
+
+                if (option_len) {
+                    dst_coap_msg_ptr->content_type_ptr = handle->sn_coap_protocol_malloc(option_len);
+
+                    if (dst_coap_msg_ptr->content_type_ptr == NULL) {
+                        return -1;
+                    }
+
+                    memcpy(dst_coap_msg_ptr->content_type_ptr, *packet_data_pptr, option_len);
+                    (*packet_data_pptr) += option_len;
+                }
+                break;
+
+            case COAP_OPTION_MAX_AGE:
+                if ((option_len > 4) || dst_coap_msg_ptr->options_list_ptr->max_age_ptr) {
+                    return -1;
+                }
+                dst_coap_msg_ptr->options_list_ptr->max_age_len = option_len;
+                (*packet_data_pptr)++;
+
+                if (option_len) {
+                    dst_coap_msg_ptr->options_list_ptr->max_age_ptr = handle->sn_coap_protocol_malloc(option_len);
+
+                    if (dst_coap_msg_ptr->options_list_ptr->max_age_ptr == NULL) {
+                        return -1;
+                    }
+
+                    memcpy(dst_coap_msg_ptr->options_list_ptr->max_age_ptr, *packet_data_pptr, option_len);
+                    (*packet_data_pptr) += option_len;
+                }
+                break;
+
+            case COAP_OPTION_PROXY_URI:
+                if ((option_len > 1034) || (option_len < 1) || dst_coap_msg_ptr->options_list_ptr->proxy_uri_ptr) {
+                    return -1;
+                }
+                dst_coap_msg_ptr->options_list_ptr->proxy_uri_len = option_len;
+                (*packet_data_pptr)++;
+
+                dst_coap_msg_ptr->options_list_ptr->proxy_uri_ptr = handle->sn_coap_protocol_malloc(option_len);
+
+                if (dst_coap_msg_ptr->options_list_ptr->proxy_uri_ptr == NULL) {
+                    return -1;
+                }
+                memcpy(dst_coap_msg_ptr->options_list_ptr->proxy_uri_ptr, *packet_data_pptr, option_len);
+                (*packet_data_pptr) += option_len;
+
+                break;
+
+            case COAP_OPTION_ETAG:
+                /* This is managed independently because User gives this option in one character table */
+
+                ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr,
+                             message_left,
+                             &dst_coap_msg_ptr->options_list_ptr->etag_ptr,
+                             (uint16_t *)&dst_coap_msg_ptr->options_list_ptr->etag_len,
+                             COAP_OPTION_ETAG, option_len);
+                if (ret_status >= 0) {
+                    i += (ret_status - 1); /* i += is because possible several Options are handled by sn_coap_parser_options_parse_multiple_options() */
+                } else {
+                    return -1;
+                }
+                break;
+
+            case COAP_OPTION_URI_HOST:
+                if ((option_len > 255) || (option_len < 1) || dst_coap_msg_ptr->options_list_ptr->uri_host_ptr) {
+                    return -1;
+                }
+                dst_coap_msg_ptr->options_list_ptr->uri_host_len = option_len;
+                (*packet_data_pptr)++;
+
+                dst_coap_msg_ptr->options_list_ptr->uri_host_ptr = handle->sn_coap_protocol_malloc(option_len);
+
+                if (dst_coap_msg_ptr->options_list_ptr->uri_host_ptr == NULL) {
+                    return -1;
+                }
+                memcpy(dst_coap_msg_ptr->options_list_ptr->uri_host_ptr, *packet_data_pptr, option_len);
+                (*packet_data_pptr) += option_len;
+
+                break;
+
+            case COAP_OPTION_LOCATION_PATH:
+                if (dst_coap_msg_ptr->options_list_ptr->location_path_ptr) {
+                    return -1;
+                }
+                /* This is managed independently because User gives this option in one character table */
+                ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left,
+                             &dst_coap_msg_ptr->options_list_ptr->location_path_ptr, &dst_coap_msg_ptr->options_list_ptr->location_path_len,
+                             COAP_OPTION_LOCATION_PATH, option_len);
+                if (ret_status >= 0) {
+                    i += (ret_status - 1); /* i += is because possible several Options are handled by sn_coap_parser_options_parse_multiple_options() */
+                } else {
+                    return -1;
+                }
+
+                break;
+
+
+            case COAP_OPTION_URI_PORT:
+                if ((option_len > 2) || dst_coap_msg_ptr->options_list_ptr->uri_port_ptr) {
+                    return -1;
+                }
+                dst_coap_msg_ptr->options_list_ptr->uri_port_len = option_len;
+                (*packet_data_pptr)++;
+
+                if (option_len) {
+                    dst_coap_msg_ptr->options_list_ptr->uri_port_ptr = handle->sn_coap_protocol_malloc(option_len);
+
+                    if (dst_coap_msg_ptr->options_list_ptr->uri_port_ptr == NULL) {
+                        return -1;
+                    }
+                    memcpy(dst_coap_msg_ptr->options_list_ptr->uri_port_ptr, *packet_data_pptr, option_len);
+                    (*packet_data_pptr) += option_len;
+                }
+                break;
+
+            case COAP_OPTION_LOCATION_QUERY:
+                ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left,
+                             &dst_coap_msg_ptr->options_list_ptr->location_query_ptr, &dst_coap_msg_ptr->options_list_ptr->location_query_len,
+                             COAP_OPTION_LOCATION_QUERY, option_len);
+                if (ret_status >= 0) {
+                    i += (ret_status - 1); /* i += is because possible several Options are handled by sn_coap_parser_options_parse_multiple_options() */
+                } else {
+                    return -1;
+                }
+
+                break;
+
+            case COAP_OPTION_URI_PATH:
+                ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left,
+                             &dst_coap_msg_ptr->uri_path_ptr, &dst_coap_msg_ptr->uri_path_len,
+                             COAP_OPTION_URI_PATH, option_len);
+                if (ret_status >= 0) {
+                    i += (ret_status - 1); /* i += is because possible several Options are handled by sn_coap_parser_options_parse_multiple_options() */
+                } else {
+                    return -1;
+                }
+
+                break;
+
+            case COAP_OPTION_OBSERVE:
+                if ((option_len > 2) || dst_coap_msg_ptr->options_list_ptr->observe_ptr) {
+                    return -1;
+                }
+
+                dst_coap_msg_ptr->options_list_ptr->observe = 1;
+                (*packet_data_pptr)++;
+
+                if (option_len) {
+
+                    dst_coap_msg_ptr->options_list_ptr->observe_len = option_len;
+
+                    dst_coap_msg_ptr->options_list_ptr->observe_ptr = handle->sn_coap_protocol_malloc(option_len);
+
+                    if (dst_coap_msg_ptr->options_list_ptr->observe_ptr == NULL) {
+                        return -1;
+                    }
+
+                    memcpy(dst_coap_msg_ptr->options_list_ptr->observe_ptr, *packet_data_pptr, option_len);
+                    (*packet_data_pptr) += option_len;
+                }
+
+                break;
+
+            case COAP_OPTION_URI_QUERY:
+                ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left,
+                             &dst_coap_msg_ptr->options_list_ptr->uri_query_ptr, &dst_coap_msg_ptr->options_list_ptr->uri_query_len,
+                             COAP_OPTION_URI_QUERY, option_len);
+                if (ret_status >= 0) {
+                    i += (ret_status - 1); /* i += is because possible several Options are handled by sn_coap_parser_options_parse_multiple_options() */
+                } else {
+                    return -1;
+                }
+
+                break;
+
+            case COAP_OPTION_BLOCK2:
+                if ((option_len > 4) || dst_coap_msg_ptr->options_list_ptr->block2_ptr) {
+                    return -1;
+                }
+                dst_coap_msg_ptr->options_list_ptr->block2_len = option_len;
+                (*packet_data_pptr)++;
+
+                dst_coap_msg_ptr->options_list_ptr->block2_ptr = handle->sn_coap_protocol_malloc(option_len);
+
+                if (dst_coap_msg_ptr->options_list_ptr->block2_ptr == NULL) {
+                    return -1;
+                }
+
+                memcpy(dst_coap_msg_ptr->options_list_ptr->block2_ptr, *packet_data_pptr, option_len);
+                (*packet_data_pptr) += option_len;
+
+                break;
+
+            case COAP_OPTION_BLOCK1:
+                if ((option_len > 4) || dst_coap_msg_ptr->options_list_ptr->block1_ptr) {
+                    return -1;
+                }
+                dst_coap_msg_ptr->options_list_ptr->block1_len = option_len;
+                (*packet_data_pptr)++;
+
+                dst_coap_msg_ptr->options_list_ptr->block1_ptr = handle->sn_coap_protocol_malloc(option_len);
+
+                if (dst_coap_msg_ptr->options_list_ptr->block1_ptr == NULL) {
+                    return -1;
+                }
+
+                memcpy(dst_coap_msg_ptr->options_list_ptr->block1_ptr, *packet_data_pptr, option_len);
+                (*packet_data_pptr) += option_len;
+
+                break;
+
+            case COAP_OPTION_ACCEPT:
+                ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left,
+                             &dst_coap_msg_ptr->options_list_ptr->accept_ptr, (uint16_t *)&dst_coap_msg_ptr->options_list_ptr->accept_len,
+                             COAP_OPTION_ACCEPT, option_len);
+                if (ret_status >= 0) {
+                    i += (ret_status - 1); /* i += is because possible several Options are handled by sn_coap_parser_options_parse_multiple_options() */
+                } else {
+                    return -1;
+                }
+
+                break;
+
+            default:
+                return -1;
+        }
+
+        /* Check for overflow */
+        if ((*packet_data_pptr - packet_data_start_ptr) > packet_len) {
+            return -1;
+        }
+
+        message_left = packet_len - (*packet_data_pptr - packet_data_start_ptr);
+
+
+    }
+
+    return 0;
+}
+
+
+/**
+ * \fn static int8_t sn_coap_parser_options_parse_multiple_options(uint8_t **packet_data_pptr, uint8_t options_count_left, uint8_t *previous_option_number_ptr, uint8_t **dst_pptr,
+ *                                                                  uint16_t *dst_len_ptr, sn_coap_option_numbers_e option, uint16_t option_number_len)
+ *
+ * \brief Parses CoAP message's Uri-query options
+ *
+ * \param **packet_data_pptr is source for Packet data to be parsed to CoAP message
+ *
+ * \param *dst_coap_msg_ptr is destination for parsed CoAP message
+ *
+ * \param options_count_left tells how many options are unhandled in Packet data
+ *
+ * \param *previous_option_number_ptr is pointer to used and returned previous Option number
+ *
+ * \return Return value is count of Uri-query optios parsed. In failure case -1 is returned.
+*/
+static int8_t sn_coap_parser_options_parse_multiple_options(struct coap_s *handle, uint8_t **packet_data_pptr, uint16_t packet_left_len,  uint8_t **dst_pptr, uint16_t *dst_len_ptr, sn_coap_option_numbers_e option, uint16_t option_number_len)
+{
+    int16_t     uri_query_needed_heap       = sn_coap_parser_options_count_needed_memory_multiple_option(*packet_data_pptr, packet_left_len, option, option_number_len);
+    uint8_t    *temp_parsed_uri_query_ptr   = NULL;
+    uint8_t     returned_option_counter     = 0;
+
+    if (uri_query_needed_heap == -1) {
+        return -1;
+    }
+
+    if (uri_query_needed_heap) {
+        *dst_pptr = (uint8_t *) handle->sn_coap_protocol_malloc(uri_query_needed_heap);
+
+        if (*dst_pptr == NULL) {
+            return -1;
+        }
+    }
+
+    *dst_len_ptr = uri_query_needed_heap;
+
+    temp_parsed_uri_query_ptr = *dst_pptr;
+
+    /* Loop all Uri-Query options */
+    while ((temp_parsed_uri_query_ptr - *dst_pptr) < uri_query_needed_heap) {
+        /* Check if this is first Uri-Query option */
+        if (returned_option_counter > 0) {
+            /* Uri-Query is modified to following format: temp1'\0'temp2'\0'temp3 i.e.  */
+            /* Uri-Path is modified to following format: temp1\temp2\temp3 i.e.  */
+            if (option == COAP_OPTION_URI_QUERY || option == COAP_OPTION_LOCATION_QUERY || option == COAP_OPTION_ETAG || option == COAP_OPTION_ACCEPT) {
+                memset(temp_parsed_uri_query_ptr, '&', 1);
+            } else if (option == COAP_OPTION_URI_PATH || option == COAP_OPTION_LOCATION_PATH) {
+                memset(temp_parsed_uri_query_ptr, '/', 1);
+            }
+
+            temp_parsed_uri_query_ptr++;
+        }
+
+        returned_option_counter++;
+
+        (*packet_data_pptr)++;
+
+        if (((temp_parsed_uri_query_ptr - *dst_pptr) + option_number_len) > uri_query_needed_heap) {
+            return -1;
+        }
+
+        memcpy(temp_parsed_uri_query_ptr, *packet_data_pptr, option_number_len);
+
+        (*packet_data_pptr) += option_number_len;
+        temp_parsed_uri_query_ptr += option_number_len;
+
+        if ((temp_parsed_uri_query_ptr - *dst_pptr) >= uri_query_needed_heap || ((**packet_data_pptr >> COAP_OPTIONS_OPTION_NUMBER_SHIFT) != 0)) {
+            return returned_option_counter;
+        }
+
+        option_number_len = (**packet_data_pptr & 0x0F);
+        if (option_number_len == 13) {
+            option_number_len = *(*packet_data_pptr + 1) + 13;
+            (*packet_data_pptr)++;
+        } else if (option_number_len == 14) {
+            option_number_len = *(*packet_data_pptr + 2);
+            option_number_len += (*(*packet_data_pptr + 1) << 8) + 269;
+            (*packet_data_pptr) += 2;
+        }
+    }
+
+    return returned_option_counter;
+}
+
+
+
+
+/**
+ * \fn static uint16_t sn_coap_parser_options_count_needed_memory_multiple_option(uint8_t *packet_data_ptr, uint8_t options_count_left, uint8_t previous_option_number, sn_coap_option_numbers_e option, uint16_t option_number_len)
+ *
+ * \brief Counts needed memory for uri query option
+ *
+ * \param *packet_data_ptr is start of source for Packet data to be parsed to CoAP message
+ *
+ * \param options_count_left tells how many options are unhandled in Packet data
+ *
+ * \param previous_option_number is previous Option number
+ *
+ * \param sn_coap_option_numbers_e option option number to be calculated
+ *
+ * \param uint16_t option_number_len length of the first option part
+ */
+static int16_t sn_coap_parser_options_count_needed_memory_multiple_option(uint8_t *packet_data_ptr, uint16_t packet_left_len, sn_coap_option_numbers_e option, uint16_t option_number_len)
+{
+    uint16_t ret_value              = 0;
+    uint16_t i                      = 1;
+
+    /* Loop all Uri-Query options */
+    while (i < packet_left_len) {
+        if (option == COAP_OPTION_LOCATION_PATH && option_number_len > 255) {
+            return -1;
+        }
+        if (option == COAP_OPTION_URI_PATH && option_number_len > 255) {
+            return -1;
+        }
+        if (option == COAP_OPTION_URI_QUERY && option_number_len > 255) {
+            return -1;
+        }
+        if (option == COAP_OPTION_LOCATION_QUERY && option_number_len > 255) {
+            return -1;
+        }
+        if (option == COAP_OPTION_ACCEPT && option_number_len > 2) {
+            return -1;
+        }
+        if (option == COAP_OPTION_ETAG && option_number_len > 8) {
+            return -1;
+        }
+
+        i += option_number_len;
+        ret_value += option_number_len + 1; /* + 1 is for separator */
+        if(ret_value >= packet_left_len)
+            break;
+
+        if(ret_value >= packet_left_len)
+            break;
+
+        if ((*(packet_data_ptr + i) >> COAP_OPTIONS_OPTION_NUMBER_SHIFT) != 0) {
+            return (ret_value - 1);    /* -1 because last Part path does not include separator */
+        }
+
+        option_number_len = (*(packet_data_ptr + i) & 0x0F);
+
+        if (option_number_len == 13) {
+            i++;
+            option_number_len = *(packet_data_ptr + i) + 13;
+        } else if (option_number_len == 14) {
+            option_number_len = *(packet_data_ptr + i + 2);
+            option_number_len += (*(packet_data_ptr + i + 1) << 8) + 269;
+            i += 2;
+        } else if (option_number_len == 15) {
+            return -1;
+        }
+        i++;
+
+    }
+
+    if (ret_value != 0) {
+        return (ret_value - 1);    /* -1 because last Part path does not include separator */
+    } else {
+        return 0;
+    }
+}
+
+/**
+ * \fn static void sn_coap_parser_payload_parse(uint16_t packet_data_len, uint8_t *packet_data_ptr, uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr)
+ *
+ * \brief Parses CoAP message's Payload part from given Packet data
+ *
+ * \param packet_data_len is length of given Packet data to be parsed to CoAP message
+ *
+ * \param *packet_data_ptr is start of source for Packet data to be parsed to CoAP message
+ *
+ * \param **packet_data_pptr is source for Packet data to be parsed to CoAP message
+ *
+ * \param *dst_coap_msg_ptr is destination for parsed CoAP message
+ *****************************************************************************/
+static int8_t sn_coap_parser_payload_parse(uint16_t packet_data_len, uint8_t *packet_data_start_ptr, uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr)
+{
+    /* If there is payload */
+    if ((*packet_data_pptr - packet_data_start_ptr) < packet_data_len) {
+        if (**packet_data_pptr == 0xff) {
+            (*packet_data_pptr)++;
+            /* Parse Payload length */
+            dst_coap_msg_ptr->payload_len = packet_data_len - (*packet_data_pptr - packet_data_start_ptr);
+
+            /* The presence of a marker followed by a zero-length payload MUST be processed as a message format error */
+            if (dst_coap_msg_ptr->payload_len == 0) {
+                return -1;
+            }
+
+            /* Parse Payload by setting CoAP message's payload_ptr to point Payload in Packet data */
+            dst_coap_msg_ptr->payload_ptr = *packet_data_pptr;
+        }
+        /* No payload marker.. */
+        else {
+            return -1;
+        }
+    }
+    return 0;
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libCoap/src/sn_coap_protocol.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2288 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file sn_coap_protocol.c
+ *
+ * \brief CoAP Protocol implementation
+ *
+ * Functionality: CoAP Protocol
+ *
+ */
+
+
+/* * * * * * * * * * * * * * */
+/* * * * INCLUDE FILES * * * */
+/* * * * * * * * * * * * * * */
+
+#include <stdio.h>
+#include <stdlib.h> /* For libary malloc() */
+#include <string.h> /* For memset() and memcpy() */
+#ifdef __linux__
+#include <time.h>
+#endif
+
+#include "ns_types.h"
+#include "sn_nsdl.h"
+#include "sn_coap_protocol.h"
+#include "sn_coap_header_internal.h"
+#include "sn_coap_protocol_internal.h"
+
+/* * * * * * * * * * * * * * * * * * * * */
+/* * * * LOCAL FUNCTION PROTOTYPES * * * */
+/* * * * * * * * * * * * * * * * * * * * */
+
+static void                  sn_coap_protocol_send_rst(struct coap_s *handle, uint16_t msg_id, sn_nsdl_addr_s *addr_ptr, void *param);
+#if SN_COAP_DUPLICATION_MAX_MSGS_COUNT /* If Message duplication detection is not used at all, this part of code will not be compiled */
+static void                  sn_coap_protocol_linked_list_duplication_info_store(struct coap_s *handle, sn_nsdl_addr_s *src_addr_ptr, uint16_t msg_id);
+static int8_t                sn_coap_protocol_linked_list_duplication_info_search(sn_nsdl_addr_s *scr_addr_ptr, uint16_t msg_id);
+static void                  sn_coap_protocol_linked_list_duplication_info_remove(struct coap_s *handle, uint8_t *scr_addr_ptr, uint16_t port, uint16_t msg_id);
+static void                  sn_coap_protocol_linked_list_duplication_info_remove_old_ones(struct coap_s *handle);
+#endif
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwising is not used at all, this part of code will not be compiled */
+static void                  sn_coap_protocol_linked_list_blockwise_msg_remove(struct coap_s *handle, coap_blockwise_msg_s *removed_msg_ptr);
+static void                  sn_coap_protocol_linked_list_blockwise_payload_store(struct coap_s *handle, sn_nsdl_addr_s *addr_ptr, uint16_t stored_payload_len, uint8_t *stored_payload_ptr);
+static uint8_t              *sn_coap_protocol_linked_list_blockwise_payload_search(sn_nsdl_addr_s *src_addr_ptr, uint16_t *payload_length);
+static void                  sn_coap_protocol_linked_list_blockwise_payload_remove(struct coap_s *handle, coap_blockwise_payload_s *removed_payload_ptr);
+static void                  sn_coap_protocol_linked_list_blockwise_payload_remove_oldest(struct coap_s *handle);
+static uint16_t              sn_coap_protocol_linked_list_blockwise_payloads_get_len(sn_nsdl_addr_s *src_addr_ptr);
+static void                  sn_coap_protocol_linked_list_blockwise_remove_old_data(struct coap_s *handle);
+static sn_coap_hdr_s        *sn_coap_handle_blockwise_message(struct coap_s *handle, sn_nsdl_addr_s *src_addr_ptr, sn_coap_hdr_s *received_coap_msg_ptr, void *param);
+static int8_t                sn_coap_convert_block_size(uint16_t block_size);
+static sn_coap_hdr_s        *sn_coap_protocol_copy_header(struct coap_s *handle, sn_coap_hdr_s *source_header_ptr);
+#endif
+#if ENABLE_RESENDINGS
+static void                  sn_coap_protocol_linked_list_send_msg_store(struct coap_s *handle, sn_nsdl_addr_s *dst_addr_ptr, uint16_t send_packet_data_len, uint8_t *send_packet_data_ptr, uint32_t sending_time, void *param);
+static sn_nsdl_transmit_s   *sn_coap_protocol_linked_list_send_msg_search(sn_nsdl_addr_s *src_addr_ptr, uint16_t msg_id);
+static void                  sn_coap_protocol_linked_list_send_msg_remove(struct coap_s *handle, sn_nsdl_addr_s *src_addr_ptr, uint16_t msg_id);
+static coap_send_msg_s      *sn_coap_protocol_allocate_mem_for_msg(struct coap_s *handle, sn_nsdl_addr_s *dst_addr_ptr, uint16_t packet_data_len);
+static void                  sn_coap_protocol_release_allocated_send_msg_mem(struct coap_s *handle, coap_send_msg_s *freed_send_msg_ptr);
+static uint16_t              sn_coap_count_linked_list_size(const coap_send_msg_list_t *linked_list_ptr);
+#endif
+
+/* * * * * * * * * * * * * * * * * */
+/* * * * GLOBAL DECLARATIONS * * * */
+/* * * * * * * * * * * * * * * * * */
+static uint16_t message_id;
+
+#if ENABLE_RESENDINGS /* If Message resending is not used at all, this part of code will not be compiled */
+static coap_send_msg_list_t          NS_LIST_NAME_INIT(global_linked_list_resent_msgs); /* Active resending messages are stored to this Linked list */
+static uint16_t                      global_count_resent_msgs                = 0;
+#endif
+#if SN_COAP_DUPLICATION_MAX_MSGS_COUNT /* If Message duplication detection is not used at all, this part of code will not be compiled */
+static coap_duplication_info_list_t  NS_LIST_NAME_INIT(global_linked_list_duplication_msgs); /* Messages for duplicated messages detection is stored to this Linked list */
+static uint16_t                      global_count_duplication_msgs           = 0;
+
+#endif
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwise is not used at all, this part of code will not be compiled */
+static coap_blockwise_msg_list_t     NS_LIST_NAME_INIT(global_linked_list_blockwise_sent_msgs); /* Blockwise message to to be sent is stored to this Linked list */
+static coap_blockwise_payload_list_t NS_LIST_NAME_INIT(global_linked_list_blockwise_received_payloads); /* Blockwise payload to to be received is stored to this Linked list */
+#endif
+
+static uint32_t          global_system_time                                 = 0;    /* System time seconds */
+
+uint16_t                sn_coap_block_data_size                             = 0;
+
+uint8_t                 sn_coap_resending_queue_msgs                        = 0;
+uint8_t                 sn_coap_resending_queue_bytes                       = 0;
+uint8_t                 sn_coap_resending_count                             = 0;
+uint8_t                 sn_coap_resending_intervall                         = 0;
+
+uint8_t                 sn_coap_duplication_buffer_size                     = 0;
+
+
+int8_t sn_coap_protocol_destroy(struct coap_s *handle)
+{
+    if (handle == NULL) {
+        return -1;
+    }
+#if ENABLE_RESENDINGS /* If Message resending is not used at all, this part of code will not be compiled */
+
+    sn_coap_protocol_clear_retransmission_buffer(handle);
+
+#endif
+
+#if SN_COAP_DUPLICATION_MAX_MSGS_COUNT /* If Message duplication detection is not used at all, this part of code will not be compiled */
+    ns_list_foreach_safe(coap_duplication_info_s, tmp, &global_linked_list_duplication_msgs) {
+        if (tmp->coap == handle) {
+            if (tmp->addr_ptr) {
+                handle->sn_coap_protocol_free(tmp->addr_ptr);
+                tmp->addr_ptr = 0;
+            }
+            ns_list_remove(&global_linked_list_duplication_msgs, tmp);
+            global_count_duplication_msgs--;
+            handle->sn_coap_protocol_free(tmp);
+            tmp = 0;
+        }
+    }
+#endif
+
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwise is not used at all, this part of code will not be compiled */
+    ns_list_foreach_safe(coap_blockwise_msg_s, tmp, &global_linked_list_blockwise_sent_msgs) {
+        if (tmp->coap == handle) {
+            if (tmp->coap_msg_ptr) {
+                if (tmp->coap_msg_ptr->payload_ptr) {
+                    handle->sn_coap_protocol_free(tmp->coap_msg_ptr->payload_ptr);
+                    tmp->coap_msg_ptr->payload_ptr = 0;
+                }
+                sn_coap_parser_release_allocated_coap_msg_mem(tmp->coap, tmp->coap_msg_ptr);
+            }
+            ns_list_remove(&global_linked_list_blockwise_sent_msgs, tmp);
+            handle->sn_coap_protocol_free(tmp);
+            tmp = 0;
+        }
+    }
+    ns_list_foreach_safe(coap_blockwise_payload_s, tmp, &global_linked_list_blockwise_received_payloads) {
+        if (tmp->coap == handle) {
+            if (tmp->addr_ptr) {
+                handle->sn_coap_protocol_free(tmp->addr_ptr);
+                tmp->addr_ptr = 0;
+            }
+            if (tmp->payload_ptr) {
+                handle->sn_coap_protocol_free(tmp->payload_ptr);
+                tmp->payload_ptr = 0;
+            }
+            ns_list_remove(&global_linked_list_blockwise_received_payloads, tmp);
+            handle->sn_coap_protocol_free(tmp);
+            tmp = 0;
+        }
+    }
+#endif
+
+    handle->sn_coap_protocol_free(handle);
+    handle = 0;
+    return 0;
+}
+
+struct coap_s *sn_coap_protocol_init(void *(*used_malloc_func_ptr)(uint16_t), void (*used_free_func_ptr)(void *),
+                                     uint8_t (*used_tx_callback_ptr)(uint8_t *, uint16_t, sn_nsdl_addr_s *, void *),
+                                     int8_t (*used_rx_callback_ptr)(sn_coap_hdr_s *, sn_nsdl_addr_s *, void *param))
+{
+    /* Check paramters */
+    if ((used_malloc_func_ptr == NULL) || (used_free_func_ptr == NULL) || (used_tx_callback_ptr == NULL)) {
+        return NULL;
+    }
+
+    struct coap_s *handle;
+    handle = used_malloc_func_ptr(sizeof(struct coap_s));
+    if (handle == NULL) {
+        return NULL;
+    }
+
+    memset(handle, 0, sizeof(struct coap_s));
+
+    /* * * Handle tx callback * * */
+    handle->sn_coap_tx_callback = used_tx_callback_ptr;
+
+    handle->sn_coap_protocol_free = used_free_func_ptr;
+    handle->sn_coap_protocol_malloc = used_malloc_func_ptr;
+
+    /* * * Handle rx callback * * */
+    /* If pointer = 0, then re-sending does not return error when failed */
+    handle->sn_coap_rx_callback = used_rx_callback_ptr;
+
+#if ENABLE_RESENDINGS  /* If Message resending is not used at all, this part of code will not be compiled */
+
+    /* * * * Create Linked list for storing active resending messages  * * * */
+    sn_coap_resending_queue_msgs = SN_COAP_RESENDING_QUEUE_SIZE_MSGS;
+    sn_coap_resending_queue_bytes = SN_COAP_RESENDING_QUEUE_SIZE_BYTES;
+    sn_coap_resending_intervall = DEFAULT_RESPONSE_TIMEOUT;
+    sn_coap_resending_count = SN_COAP_RESENDING_MAX_COUNT;
+
+#endif /* ENABLE_RESENDINGS */
+
+#if SN_COAP_DUPLICATION_MAX_MSGS_COUNT /* If Message duplication detection is not used at all, this part of code will not be compiled */
+    /* * * * Create Linked list for storing Duplication info * * * */
+    sn_coap_duplication_buffer_size = SN_COAP_DUPLICATION_MAX_MSGS_COUNT;
+#endif
+
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwising is not used at all, this part of code will not be compiled */
+
+    sn_coap_block_data_size = SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE;
+
+#endif /* ENABLE_RESENDINGS */
+
+    /* Randomize global message ID */
+#if defined __linux__ || defined TARGET_LIKE_MBED
+    srand(rand()^time(NULL));
+
+    message_id = rand() % 400 + 100;
+#else
+    message_id = 100;
+#endif
+
+    return handle;
+}
+
+int8_t sn_coap_protocol_set_block_size(uint16_t block_size)
+{
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE
+    switch (block_size) {
+        case 0:
+        case 16:
+        case 32:
+        case 64:
+        case 128:
+        case 256:
+        case 512:
+        case 1024:
+            sn_coap_block_data_size = block_size;
+            return 0;
+        default:
+            break;
+    }
+#endif
+    return -1;
+
+}
+
+int8_t sn_coap_protocol_set_duplicate_buffer_size(uint8_t message_count)
+{
+#if SN_COAP_DUPLICATION_MAX_MSGS_COUNT
+    if (message_count <= SN_COAP_MAX_ALLOWED_DUPLICATION_MESSAGE_COUNT) {
+        sn_coap_duplication_buffer_size = message_count;
+        return 0;
+    }
+#endif
+    return -1;
+}
+
+int8_t sn_coap_protocol_set_retransmission_parameters(uint8_t resending_count, uint8_t resending_intervall)
+{
+#if ENABLE_RESENDINGS
+    if (resending_count <= SN_COAP_MAX_ALLOWED_RESENDING_COUNT &&
+            resending_intervall <= SN_COAP_MAX_ALLOWED_RESPONSE_TIMEOUT) {
+        sn_coap_resending_count = resending_count;
+
+        if (resending_intervall == 0) {
+            sn_coap_resending_intervall = 1;
+        } else {
+            sn_coap_resending_intervall = resending_intervall;
+        }
+        return 0;
+    }
+#endif
+    return -1;
+}
+
+int8_t sn_coap_protocol_set_retransmission_buffer(uint8_t buffer_size_messages, uint16_t buffer_size_bytes)
+{
+#if ENABLE_RESENDINGS
+    if (buffer_size_bytes <= SN_COAP_MAX_ALLOWED_RESENDING_BUFF_SIZE_BYTES &&
+        buffer_size_messages <= SN_COAP_MAX_ALLOWED_RESENDING_BUFF_SIZE_MSGS ) {
+        sn_coap_resending_queue_bytes = buffer_size_bytes;
+        sn_coap_resending_queue_msgs = buffer_size_messages;
+        return 0;
+    }
+
+#endif
+    return -1;
+
+}
+
+void sn_coap_protocol_clear_retransmission_buffer(struct coap_s *handle)
+{
+#if ENABLE_RESENDINGS /* If Message resending is not used at all, this part of code will not be compiled */
+    ns_list_foreach_safe(coap_send_msg_s, tmp, &global_linked_list_resent_msgs) {
+        if (tmp->send_msg_ptr) {
+            if (tmp->send_msg_ptr->dst_addr_ptr) {
+                if (tmp->send_msg_ptr->dst_addr_ptr->addr_ptr) {
+                    handle->sn_coap_protocol_free(tmp->send_msg_ptr->dst_addr_ptr->addr_ptr);
+                    tmp->send_msg_ptr->dst_addr_ptr->addr_ptr = 0;
+                }
+                handle->sn_coap_protocol_free(tmp->send_msg_ptr->dst_addr_ptr);
+                tmp->send_msg_ptr->dst_addr_ptr = 0;
+            }
+            if (tmp->send_msg_ptr->packet_ptr) {
+                handle->sn_coap_protocol_free(tmp->send_msg_ptr->packet_ptr);
+                tmp->send_msg_ptr->packet_ptr = 0;
+            }
+            handle->sn_coap_protocol_free(tmp->send_msg_ptr);
+            tmp->send_msg_ptr = 0;
+        }
+        ns_list_remove(&global_linked_list_resent_msgs, tmp);
+        --global_count_resent_msgs;
+        handle->sn_coap_protocol_free(tmp);
+        tmp = 0;
+    }
+#endif
+}
+
+
+int16_t sn_coap_protocol_build(struct coap_s *handle, sn_nsdl_addr_s *dst_addr_ptr,
+                               uint8_t *dst_packet_data_ptr, sn_coap_hdr_s *src_coap_msg_ptr, void *param)
+{
+    int16_t  byte_count_built     = 0;
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwising is not used at all, this part of code will not be compiled */
+    uint16_t original_payload_len = 0;
+#endif
+
+    /* * * * Check given pointers  * * * */
+    if ((dst_addr_ptr == NULL) || (dst_packet_data_ptr == NULL) || (src_coap_msg_ptr == NULL) || handle == NULL) {
+        return -2;
+    }
+
+    if (dst_addr_ptr->addr_ptr == NULL) {
+        return -2;
+    }
+
+    /* Check if built Message type is else than Acknowledgement or Reset i.e. message type is Confirmable or Non-confirmable */
+    /* (for Acknowledgement and  Reset messages is written same Message ID than was in the Request message) */
+    if (src_coap_msg_ptr->msg_type != COAP_MSG_TYPE_ACKNOWLEDGEMENT &&
+            src_coap_msg_ptr->msg_type != COAP_MSG_TYPE_RESET &&
+            src_coap_msg_ptr->msg_id == 0) {
+        /* * * * Generate new Message ID and increase it by one  * * * */
+        src_coap_msg_ptr->msg_id = message_id;
+        message_id++;
+        if (message_id == 0) {
+            message_id = 1;
+        }
+    }
+
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwising is not used at all, this part of code will not be compiled */
+
+    /* If blockwising needed */
+    if ((src_coap_msg_ptr->payload_len > sn_coap_block_data_size) && (sn_coap_block_data_size > 0)) {
+        /* * * * Add Blockwise option to send CoAP message * * */
+
+        if (src_coap_msg_ptr->options_list_ptr == NULL) {
+            /* Allocate memory for less used options */
+            src_coap_msg_ptr->options_list_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_options_list_s));
+
+            if (src_coap_msg_ptr->options_list_ptr == NULL) {
+                return -2;
+            }
+            memset(src_coap_msg_ptr->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+        }
+
+
+        /* Check if Request message */
+        if (src_coap_msg_ptr->msg_code < COAP_MSG_CODE_RESPONSE_CREATED) {
+            /* Add Blockwise option, use Block1 because Request payload */
+            src_coap_msg_ptr->options_list_ptr->block1_len = 1;
+            if( src_coap_msg_ptr->options_list_ptr->block1_ptr ){
+                handle->sn_coap_protocol_free(src_coap_msg_ptr->options_list_ptr->block1_ptr);
+                src_coap_msg_ptr->options_list_ptr->block1_ptr = 0;
+            }
+            src_coap_msg_ptr->options_list_ptr->block1_ptr = handle->sn_coap_protocol_malloc(1);
+
+            if (src_coap_msg_ptr->options_list_ptr->block1_ptr == NULL) {
+                handle->sn_coap_protocol_free(src_coap_msg_ptr->options_list_ptr);
+                src_coap_msg_ptr->options_list_ptr = 0;
+                return -2;
+            }
+
+            *(src_coap_msg_ptr->options_list_ptr->block1_ptr) = 0x08;       /* First block  (BLOCK NUMBER, 4 MSB bits) + More to come (MORE, 1 bit) */
+            *(src_coap_msg_ptr->options_list_ptr->block1_ptr) |= sn_coap_convert_block_size(sn_coap_block_data_size);
+
+        } else { /* Response message */
+            /* Add Blockwise option, use Block2 because Response payload */
+            src_coap_msg_ptr->options_list_ptr->block2_len = 1;
+            if( src_coap_msg_ptr->options_list_ptr->block2_ptr ){
+                handle->sn_coap_protocol_free(src_coap_msg_ptr->options_list_ptr->block2_ptr);
+                src_coap_msg_ptr->options_list_ptr->block2_ptr = 0;
+            }
+
+            src_coap_msg_ptr->options_list_ptr->block2_ptr = handle->sn_coap_protocol_malloc(1);
+
+            if (src_coap_msg_ptr->options_list_ptr->block2_ptr == NULL) {
+                handle->sn_coap_protocol_free(src_coap_msg_ptr->options_list_ptr);
+                src_coap_msg_ptr->options_list_ptr = 0;
+                return -2;
+            }
+
+            *(src_coap_msg_ptr->options_list_ptr->block2_ptr) = 0x08;       /* First block  (BLOCK NUMBER, 4 MSB bits) + More to come (MORE, 1 bit) */
+            *(src_coap_msg_ptr->options_list_ptr->block2_ptr) |= sn_coap_convert_block_size(sn_coap_block_data_size);
+        }
+
+        /* Store original Payload length */
+        original_payload_len = src_coap_msg_ptr->payload_len;
+
+        /* Change Payload length of send message because Payload is blockwised */
+        src_coap_msg_ptr->payload_len = sn_coap_block_data_size;
+    }
+
+#endif
+    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+    /* * * * Build Packet data from CoAP message by using CoAP Header builder  * * * */
+    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+    byte_count_built = sn_coap_builder(dst_packet_data_ptr, src_coap_msg_ptr);
+
+    if (byte_count_built < 0) {
+        return byte_count_built;
+    }
+
+#if ENABLE_RESENDINGS /* If Message resending is not used at all, this part of code will not be compiled */
+
+    /* Check if built Message type was confirmable, only these messages are resent */
+    if (src_coap_msg_ptr->msg_type == COAP_MSG_TYPE_CONFIRMABLE) {
+        /* Store message to Linked list for resending purposes */
+        sn_coap_protocol_linked_list_send_msg_store(handle, dst_addr_ptr, byte_count_built, dst_packet_data_ptr,
+                global_system_time + (uint32_t)(sn_coap_resending_intervall * RESPONSE_RANDOM_FACTOR),
+                param);
+    }
+
+#endif /* ENABLE_RESENDINGS */
+
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwising is not used at all, this part of code will not be compiled */
+
+    /* If blockwising needed */
+    if ((original_payload_len > sn_coap_block_data_size) && (sn_coap_block_data_size > 0)) {
+
+        /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+        /* * * * Manage rest blockwise messages sending by storing them to Linked list * * * */
+        /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+        coap_blockwise_msg_s *stored_blockwise_msg_ptr;
+
+        stored_blockwise_msg_ptr = handle->sn_coap_protocol_malloc(sizeof(coap_blockwise_msg_s));
+        if (!stored_blockwise_msg_ptr) {
+            //block paylaod save failed, only first block can be build. Perhaps we should return error.
+            return byte_count_built;
+        }
+        memset(stored_blockwise_msg_ptr, 0, sizeof(coap_blockwise_msg_s));
+
+        /* Fill struct */
+        stored_blockwise_msg_ptr->timestamp = global_system_time;
+
+        stored_blockwise_msg_ptr->coap_msg_ptr = sn_coap_protocol_copy_header(handle, src_coap_msg_ptr);
+        if( stored_blockwise_msg_ptr->coap_msg_ptr == NULL ){
+            handle->sn_coap_protocol_free(stored_blockwise_msg_ptr);
+            stored_blockwise_msg_ptr = 0;
+            return -2;
+        }
+
+        stored_blockwise_msg_ptr->coap_msg_ptr->payload_len = original_payload_len;
+        stored_blockwise_msg_ptr->coap_msg_ptr->payload_ptr = handle->sn_coap_protocol_malloc(stored_blockwise_msg_ptr->coap_msg_ptr->payload_len);
+
+        if (!stored_blockwise_msg_ptr->coap_msg_ptr->payload_ptr) {
+            //block payload save failed, only first block can be build. Perhaps we should return error.
+            sn_coap_parser_release_allocated_coap_msg_mem(handle, stored_blockwise_msg_ptr->coap_msg_ptr);
+            handle->sn_coap_protocol_free(stored_blockwise_msg_ptr);
+            stored_blockwise_msg_ptr = 0;
+            return byte_count_built;
+        }
+        memcpy(stored_blockwise_msg_ptr->coap_msg_ptr->payload_ptr, src_coap_msg_ptr->payload_ptr, stored_blockwise_msg_ptr->coap_msg_ptr->payload_len);
+
+        stored_blockwise_msg_ptr->coap = handle;
+
+        ns_list_add_to_end(&global_linked_list_blockwise_sent_msgs, stored_blockwise_msg_ptr);
+    }
+
+    else if (src_coap_msg_ptr->msg_code == COAP_MSG_CODE_REQUEST_GET) {
+        /* Add message to linked list - response can be in blocks and we need header to build response.. */
+        coap_blockwise_msg_s *stored_blockwise_msg_ptr;
+
+        stored_blockwise_msg_ptr = handle->sn_coap_protocol_malloc(sizeof(coap_blockwise_msg_s));
+        if (!stored_blockwise_msg_ptr) {
+            return byte_count_built;
+        }
+        memset(stored_blockwise_msg_ptr, 0, sizeof(coap_blockwise_msg_s));
+
+        /* Fill struct */
+        stored_blockwise_msg_ptr->timestamp = global_system_time;
+
+        stored_blockwise_msg_ptr->coap_msg_ptr = sn_coap_protocol_copy_header(handle, src_coap_msg_ptr);
+        if( stored_blockwise_msg_ptr->coap_msg_ptr == NULL ){
+            handle->sn_coap_protocol_free(stored_blockwise_msg_ptr);
+            stored_blockwise_msg_ptr = 0;
+            return -2;
+        }
+
+        stored_blockwise_msg_ptr->coap = handle;
+
+        ns_list_add_to_end(&global_linked_list_blockwise_sent_msgs, stored_blockwise_msg_ptr);
+    }
+
+#endif /* SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE */
+
+    /* * * * Return built CoAP message Packet data length  * * * */
+    return byte_count_built;
+}
+
+sn_coap_hdr_s *sn_coap_protocol_parse(struct coap_s *handle, sn_nsdl_addr_s *src_addr_ptr, uint16_t packet_data_len, uint8_t *packet_data_ptr, void *param)
+{
+    sn_coap_hdr_s   *returned_dst_coap_msg_ptr = NULL;
+    coap_version_e   coap_version              = COAP_VERSION_UNKNOWN;
+
+    /* * * * Check given pointer * * * */
+    if (src_addr_ptr == NULL || src_addr_ptr->addr_ptr == NULL ||
+        packet_data_ptr == NULL || handle == NULL) {
+        return NULL;
+    }
+
+    /* * * * Parse Packet data to CoAP message by using CoAP Header parser * * * */
+    returned_dst_coap_msg_ptr = sn_coap_parser(handle, packet_data_len, packet_data_ptr, &coap_version);
+
+    /* Check status of returned pointer */
+    if (returned_dst_coap_msg_ptr == NULL) {
+        /* Memory allocation error in parser */
+        return NULL;
+    }
+
+    /* * * * Check validity of parsed Header values  * * * */
+    if (sn_coap_header_validity_check(returned_dst_coap_msg_ptr, coap_version) != 0) {
+        /* If message code is in a reserved class (1, 6 or 7), send reset. Message code class is 3 MSB of the message code byte     */
+        if (((returned_dst_coap_msg_ptr->msg_code >> 5) == 1) ||        // if class == 1
+                ((returned_dst_coap_msg_ptr->msg_code >> 5) == 6) ||    // if class == 6
+                ((returned_dst_coap_msg_ptr->msg_code >> 5) == 7)) {    // if class == 7
+            sn_coap_protocol_send_rst(handle, returned_dst_coap_msg_ptr->msg_id, src_addr_ptr, handle);
+        }
+
+        /* Release memory of CoAP message */
+        sn_coap_parser_release_allocated_coap_msg_mem(handle, returned_dst_coap_msg_ptr);
+
+        /* Return NULL because Header validity check failed */
+        return NULL;
+    }
+
+    /* Check if we need to send reset message */
+    /*  A recipient MUST acknowledge a Confirmable message with an Acknowledgement
+        message or, if it lacks context to process the message properly
+        (including the case where the message is Empty, uses a code with a
+        reserved class (1, 6 or 7), or has a message format error), MUST
+        reject it; rejecting a Confirmable message is effected by sending a
+        matching Reset message and otherwise ignoring it. */
+    if (returned_dst_coap_msg_ptr->msg_type == COAP_MSG_TYPE_CONFIRMABLE) {
+        /* CoAP ping */
+        if (returned_dst_coap_msg_ptr->msg_code == COAP_MSG_CODE_EMPTY) {
+            sn_coap_protocol_send_rst(handle, returned_dst_coap_msg_ptr->msg_id, src_addr_ptr, param);
+
+            /* Release memory of CoAP message */
+            sn_coap_parser_release_allocated_coap_msg_mem(handle, returned_dst_coap_msg_ptr);
+
+            /* Return NULL because Header validity check failed */
+            return NULL;
+        }
+    }
+
+#if !SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwising is used, this part of code will not be compiled */
+    /* If blockwising used in received message */
+    if (returned_dst_coap_msg_ptr->options_list_ptr != NULL &&
+            (returned_dst_coap_msg_ptr->options_list_ptr->block1_ptr != NULL ||
+             returned_dst_coap_msg_ptr->options_list_ptr->block2_ptr != NULL)) {
+        /* Set returned status to User */
+        returned_dst_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_BLOCKWISE_MSG_REJECTED;
+        //todo: send response -> not implemented
+        return returned_dst_coap_msg_ptr;
+    }
+#endif /* !SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE */
+
+#if SN_COAP_DUPLICATION_MAX_MSGS_COUNT /* If Message duplication is used, this part of code will not be compiled */
+
+    /* * * * Manage received CoAP message duplicate detection  * * * */
+
+    /* If no message duplication detected */
+    if (sn_coap_protocol_linked_list_duplication_info_search(src_addr_ptr, returned_dst_coap_msg_ptr->msg_id) == -1) {
+        /* * * No Message duplication: Store received message for detecting later duplication * * */
+
+        /* Get count of stored duplication messages */
+        uint16_t stored_duplication_msgs_count = global_count_duplication_msgs;
+
+        /* Check if there is no room to store message for duplication detection purposes */
+        if (stored_duplication_msgs_count >= sn_coap_duplication_buffer_size) {
+            /* Get oldest stored duplication message */
+            coap_duplication_info_s *stored_duplication_info_ptr = ns_list_get_first(&global_linked_list_duplication_msgs);
+
+            /* Remove oldest stored duplication message for getting room for new duplication message */
+            sn_coap_protocol_linked_list_duplication_info_remove(handle, stored_duplication_info_ptr->addr_ptr, stored_duplication_info_ptr->port, stored_duplication_info_ptr->msg_id);
+        }
+
+        /* Store Duplication info to Linked list */
+        sn_coap_protocol_linked_list_duplication_info_store(handle, src_addr_ptr, returned_dst_coap_msg_ptr->msg_id);
+    } else { /* * * Message duplication detected * * */
+        /* Set returned status to User */
+        returned_dst_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_DUPLICATED_MSG;
+
+        /* Because duplicate message, return with coap_status set */
+        return returned_dst_coap_msg_ptr;
+    }
+#endif
+
+    /*** And here we check if message was block message ***/
+    /*** If so, we call own block handling function and ***/
+    /*** return to caller.                              ***/
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE
+
+    if (returned_dst_coap_msg_ptr->options_list_ptr != NULL &&
+            (returned_dst_coap_msg_ptr->options_list_ptr->block1_ptr != NULL ||
+             returned_dst_coap_msg_ptr->options_list_ptr->block2_ptr != NULL)) {
+        returned_dst_coap_msg_ptr = sn_coap_handle_blockwise_message(handle, src_addr_ptr, returned_dst_coap_msg_ptr, param);
+    } else {
+        /* Get ... */
+        coap_blockwise_msg_s *stored_blockwise_msg_temp_ptr = NULL;
+
+        ns_list_foreach(coap_blockwise_msg_s, msg, &global_linked_list_blockwise_sent_msgs) {
+            if (returned_dst_coap_msg_ptr->msg_id == msg->coap_msg_ptr->msg_id) {
+                stored_blockwise_msg_temp_ptr = msg;
+                break;
+            }
+        }
+
+        if (stored_blockwise_msg_temp_ptr) {
+            ns_list_remove(&global_linked_list_blockwise_sent_msgs, stored_blockwise_msg_temp_ptr);
+
+            if (stored_blockwise_msg_temp_ptr->coap_msg_ptr) {
+                if(stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr){
+                    handle->sn_coap_protocol_free(stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr);
+                    stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr = 0;
+                }
+                sn_coap_parser_release_allocated_coap_msg_mem(stored_blockwise_msg_temp_ptr->coap, stored_blockwise_msg_temp_ptr->coap_msg_ptr);
+            }
+
+            handle->sn_coap_protocol_free(stored_blockwise_msg_temp_ptr);
+            stored_blockwise_msg_temp_ptr = 0;
+        }
+    }
+
+    if (!returned_dst_coap_msg_ptr) {
+        return NULL;
+    }
+
+#endif
+
+
+#if ENABLE_RESENDINGS  /* If Message resending is not used at all, this part of code will not be compiled */
+
+    /* Check if received Message type was acknowledgement */
+    if ((returned_dst_coap_msg_ptr->msg_type == COAP_MSG_TYPE_ACKNOWLEDGEMENT) || (returned_dst_coap_msg_ptr->msg_type == COAP_MSG_TYPE_RESET)) {
+        /* * * * Manage CoAP message resending by removing active resending message from Linked list * * */
+
+        /* Get node count i.e. count of active resending messages */
+        uint16_t stored_resending_msgs_count = global_count_resent_msgs;
+
+        /* Check if there is ongoing active message resendings */
+        if (stored_resending_msgs_count > 0) {
+            sn_nsdl_transmit_s *removed_msg_ptr = NULL;
+
+            /* Check if received message was confirmation for some active resending message */
+
+            removed_msg_ptr = sn_coap_protocol_linked_list_send_msg_search(src_addr_ptr, returned_dst_coap_msg_ptr->msg_id);
+
+            if (removed_msg_ptr != NULL) {
+                /* Remove resending message from active message resending Linked list */
+                sn_coap_protocol_linked_list_send_msg_remove(handle, src_addr_ptr, returned_dst_coap_msg_ptr->msg_id);
+            }
+        }
+    }
+#endif /* ENABLE_RESENDINGS */
+
+    /* * * * Return parsed CoAP message  * * * */
+    return (returned_dst_coap_msg_ptr);
+}
+
+
+int8_t sn_coap_protocol_exec(struct coap_s *handle, uint32_t current_time)
+{
+    /* * * * Store current System time * * * */
+    global_system_time = current_time;
+
+    if( !handle ){
+       return -1;
+    }
+
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE
+    /* * * * Remove old blocwise data * * * */
+    sn_coap_protocol_linked_list_blockwise_remove_old_data(handle);
+#endif
+
+
+#if SN_COAP_DUPLICATION_MAX_MSGS_COUNT
+    /* * * * Remove old duplication messages * * * */
+    sn_coap_protocol_linked_list_duplication_info_remove_old_ones(handle);
+#endif
+
+#if ENABLE_RESENDINGS
+    /* Check if there is ongoing active message sendings */
+    ns_list_foreach_safe(coap_send_msg_s, stored_msg_ptr, &global_linked_list_resent_msgs) {
+        // First check that msg belongs to handle
+        if( stored_msg_ptr->coap == handle ){
+            /* Check if it is time to send this message */
+            if (current_time >= stored_msg_ptr->resending_time) {
+                /* * * Increase Resending counter  * * */
+                stored_msg_ptr->resending_counter++;
+
+                /* Check if all re-sendings have been done */
+                if (stored_msg_ptr->resending_counter > sn_coap_resending_count) {
+                    coap_version_e coap_version = COAP_VERSION_UNKNOWN;
+
+                    /* Get message ID from stored sending message */
+                    uint16_t temp_msg_id = (stored_msg_ptr->send_msg_ptr->packet_ptr[2] << 8);
+                    temp_msg_id += (uint16_t)stored_msg_ptr->send_msg_ptr->packet_ptr[3];
+
+                    /* If RX callback have been defined.. */
+                    if (stored_msg_ptr->coap->sn_coap_rx_callback != 0) {
+                        sn_coap_hdr_s *tmp_coap_hdr_ptr;
+                        /* Parse CoAP message, set status and call RX callback */
+                        tmp_coap_hdr_ptr = sn_coap_parser(stored_msg_ptr->coap, stored_msg_ptr->send_msg_ptr->packet_len, stored_msg_ptr->send_msg_ptr->packet_ptr, &coap_version);
+
+                        if (tmp_coap_hdr_ptr != 0) {
+                            tmp_coap_hdr_ptr->coap_status = COAP_STATUS_BUILDER_MESSAGE_SENDING_FAILED;
+
+                            stored_msg_ptr->coap->sn_coap_rx_callback(tmp_coap_hdr_ptr, stored_msg_ptr->send_msg_ptr->dst_addr_ptr, stored_msg_ptr->param);
+
+                            sn_coap_parser_release_allocated_coap_msg_mem(stored_msg_ptr->coap, tmp_coap_hdr_ptr);
+                        }
+                    }
+                    /* Remove message from Linked list */
+                    sn_coap_protocol_linked_list_send_msg_remove(handle, stored_msg_ptr->send_msg_ptr->dst_addr_ptr, temp_msg_id);
+                } else {
+                    /* Send message  */
+                    stored_msg_ptr->coap->sn_coap_tx_callback(stored_msg_ptr->send_msg_ptr->packet_ptr,
+                            stored_msg_ptr->send_msg_ptr->packet_len, stored_msg_ptr->send_msg_ptr->dst_addr_ptr, stored_msg_ptr->param);
+
+                    /* * * Count new Resending time  * * */
+                    stored_msg_ptr->resending_time = current_time + (((uint32_t)(sn_coap_resending_intervall * RESPONSE_RANDOM_FACTOR)) <<
+                                                     stored_msg_ptr->resending_counter);
+                }
+
+            }
+        }
+    }
+
+#endif /* ENABLE_RESENDINGS */
+
+    return 0;
+}
+
+#if ENABLE_RESENDINGS  /* If Message resending is not used at all, this part of code will not be compiled */
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_send_msg_store(sn_nsdl_addr_s *dst_addr_ptr, uint16_t send_packet_data_len, uint8_t *send_packet_data_ptr, uint32_t sending_time)
+ *
+ * \brief Stores message to Linked list for sending purposes.
+
+ * \param *dst_addr_ptr is pointer to destination address where CoAP message will be sent
+ *
+ * \param send_packet_data_len is length of Packet data to be stored
+ *
+ * \param *send_packet_data_ptr is Packet data to be stored
+ *
+ * \param sending_time is stored sending time
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_send_msg_store(struct coap_s *handle, sn_nsdl_addr_s *dst_addr_ptr, uint16_t send_packet_data_len,
+        uint8_t *send_packet_data_ptr, uint32_t sending_time, void *param)
+{
+
+    coap_send_msg_s *stored_msg_ptr              = NULL;
+
+    /* If both queue parameters are "0" or resending count is "0", then re-sending is disabled */
+    if (((sn_coap_resending_queue_msgs == 0) && (sn_coap_resending_queue_bytes == 0)) || (sn_coap_resending_count == 0)) {
+        return;
+    }
+
+    if (sn_coap_resending_queue_msgs > 0) {
+        if (global_count_resent_msgs >= sn_coap_resending_queue_msgs) {
+            return;
+        }
+    }
+
+    /* Count resending queue size, if buffer size is defined */
+    if (sn_coap_resending_queue_bytes > 0) {
+        if ((sn_coap_count_linked_list_size(&global_linked_list_resent_msgs) + send_packet_data_len) > sn_coap_resending_queue_bytes) {
+            return;
+        }
+    }
+
+    /* Allocating memory for stored message */
+    stored_msg_ptr = sn_coap_protocol_allocate_mem_for_msg(handle, dst_addr_ptr, send_packet_data_len);
+
+    if (stored_msg_ptr == 0) {
+        return;
+    }
+
+    /* Filling of coap_send_msg_s with initialization values */
+    stored_msg_ptr->resending_counter = 0;
+    stored_msg_ptr->resending_time = sending_time;
+
+    /* Filling of sn_nsdl_transmit_s */
+    stored_msg_ptr->send_msg_ptr->protocol = SN_NSDL_PROTOCOL_COAP;
+    stored_msg_ptr->send_msg_ptr->packet_len = send_packet_data_len;
+    memcpy(stored_msg_ptr->send_msg_ptr->packet_ptr, send_packet_data_ptr, send_packet_data_len);
+
+    /* Filling of sn_nsdl_addr_s */
+    stored_msg_ptr->send_msg_ptr->dst_addr_ptr->type = dst_addr_ptr->type;
+    stored_msg_ptr->send_msg_ptr->dst_addr_ptr->addr_len = dst_addr_ptr->addr_len;
+    memcpy(stored_msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr, dst_addr_ptr->addr_ptr, dst_addr_ptr->addr_len);
+    stored_msg_ptr->send_msg_ptr->dst_addr_ptr->port = dst_addr_ptr->port;
+
+    stored_msg_ptr->coap = handle;
+    stored_msg_ptr->param = param;
+
+    /* Storing Resending message to Linked list */
+    ns_list_add_to_end(&global_linked_list_resent_msgs, stored_msg_ptr);
+    ++global_count_resent_msgs;
+}
+
+/**************************************************************************//**
+ * \fn static sn_nsdl_transmit_s *sn_coap_protocol_linked_list_send_msg_search(sn_nsdl_addr_s *src_addr_ptr, uint16_t msg_id)
+ *
+ * \brief Searches stored resending message from Linked list
+ *
+ * \param *src_addr_ptr is searching key for searched message
+ *
+ * \param msg_id is searching key for searched message
+ *
+ * \return Return value is pointer to found stored resending message in Linked
+ *         list or NULL if message not found
+ *****************************************************************************/
+
+static sn_nsdl_transmit_s *sn_coap_protocol_linked_list_send_msg_search(sn_nsdl_addr_s *src_addr_ptr, uint16_t msg_id)
+{
+    /* Loop all stored resending messages Linked list */
+    ns_list_foreach(coap_send_msg_s, stored_msg_ptr, &global_linked_list_resent_msgs) {
+        /* Get message ID from stored resending message */
+        uint16_t temp_msg_id = (stored_msg_ptr->send_msg_ptr->packet_ptr[2] << 8);
+        temp_msg_id += (uint16_t)stored_msg_ptr->send_msg_ptr->packet_ptr[3];
+
+        /* If message's Message ID is same than is searched */
+        if (temp_msg_id == msg_id) {
+            /* If message's Source address is same than is searched */
+            if (0 == memcmp(src_addr_ptr->addr_ptr, stored_msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr, src_addr_ptr->addr_len)) {
+                /* If message's Source address port is same than is searched */
+                if (stored_msg_ptr->send_msg_ptr->dst_addr_ptr->port == src_addr_ptr->port) {
+                    /* * * Message found, return pointer to that stored resending message * * * */
+                    return stored_msg_ptr->send_msg_ptr;
+                }
+            }
+        }
+    }
+
+    /* Message not found */
+    return NULL;
+}
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_send_msg_remove(sn_nsdl_addr_s *src_addr_ptr, uint16_t msg_id)
+ *
+ * \brief Removes stored resending message from Linked list
+ *
+ * \param *src_addr_ptr is searching key for searched message
+ * \param msg_id is searching key for removed message
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_send_msg_remove(struct coap_s *handle, sn_nsdl_addr_s *src_addr_ptr, uint16_t msg_id)
+{
+    /* Loop all stored resending messages in Linked list */
+    ns_list_foreach(coap_send_msg_s, stored_msg_ptr, &global_linked_list_resent_msgs) {
+        /* Get message ID from stored resending message */
+        uint16_t temp_msg_id = (stored_msg_ptr->send_msg_ptr->packet_ptr[2] << 8);
+        temp_msg_id += (uint16_t)stored_msg_ptr->send_msg_ptr->packet_ptr[3];
+
+        /* If message's Message ID is same than is searched */
+        if (temp_msg_id == msg_id) {
+            /* If message's Source address is same than is searched */
+            if (0 == memcmp(src_addr_ptr->addr_ptr, stored_msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr, src_addr_ptr->addr_len)) {
+                /* If message's Source address port is same than is searched */
+                if (stored_msg_ptr->send_msg_ptr->dst_addr_ptr->port == src_addr_ptr->port) {
+                    /* * * Message found * * */
+
+                    /* Remove message from Linked list */
+                    ns_list_remove(&global_linked_list_resent_msgs, stored_msg_ptr);
+                    --global_count_resent_msgs;
+
+                    /* Free memory of stored message */
+                    sn_coap_protocol_release_allocated_send_msg_mem(handle, stored_msg_ptr);
+
+                    return;
+                }
+            }
+        }
+    }
+}
+#endif /* ENABLE_RESENDINGS */
+
+
+static void sn_coap_protocol_send_rst(struct coap_s *handle, uint16_t msg_id, sn_nsdl_addr_s *addr_ptr, void *param)
+{
+    uint8_t packet_ptr[4];
+
+    /* Add CoAP version and message type */
+    packet_ptr[0] = COAP_VERSION_1;
+    packet_ptr[0] |= COAP_MSG_TYPE_RESET;
+
+    /* Add message code */
+    packet_ptr[1] = COAP_MSG_CODE_EMPTY;
+
+    /* Add message ID */
+    packet_ptr[2] = msg_id >> 8;
+    packet_ptr[3] = (uint8_t)msg_id;
+
+    /* Send RST */
+    handle->sn_coap_tx_callback(packet_ptr, 4, addr_ptr, param);
+
+}
+#if SN_COAP_DUPLICATION_MAX_MSGS_COUNT /* If Message duplication detection is not used at all, this part of code will not be compiled */
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_duplication_info_store(sn_nsdl_addr_s *addr_ptr, uint16_t msg_id)
+ *
+ * \brief Stores Duplication info to Linked list
+ *
+ * \param msg_id is Message ID to be stored
+ * \param *addr_ptr is pointer to Address information to be stored
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_duplication_info_store(struct coap_s *handle, sn_nsdl_addr_s *addr_ptr,
+        uint16_t msg_id)
+{
+    coap_duplication_info_s *stored_duplication_info_ptr = NULL;
+
+    /* * * * Allocating memory for stored Duplication info * * * */
+
+    /* Allocate memory for stored Duplication info's structure */
+    stored_duplication_info_ptr = handle->sn_coap_protocol_malloc(sizeof(coap_duplication_info_s));
+
+    if (stored_duplication_info_ptr == NULL) {
+        return;
+    }
+
+    /* Allocate memory for stored Duplication info's address */
+    stored_duplication_info_ptr->addr_ptr = handle->sn_coap_protocol_malloc(addr_ptr->addr_len);
+
+    if (stored_duplication_info_ptr->addr_ptr == NULL) {
+        handle->sn_coap_protocol_free(stored_duplication_info_ptr);
+        stored_duplication_info_ptr = 0;
+        return;
+    }
+
+    /* * * * Filling fields of stored Duplication info * * * */
+
+    stored_duplication_info_ptr->timestamp = global_system_time;
+    stored_duplication_info_ptr->addr_len = addr_ptr->addr_len;
+    memcpy(stored_duplication_info_ptr->addr_ptr, addr_ptr->addr_ptr, addr_ptr->addr_len);
+    stored_duplication_info_ptr->port = addr_ptr->port;
+    stored_duplication_info_ptr->msg_id = msg_id;
+
+    stored_duplication_info_ptr->coap = handle;
+
+    /* * * * Storing Duplication info to Linked list * * * */
+
+    ns_list_add_to_end(&global_linked_list_duplication_msgs, stored_duplication_info_ptr);
+    ++global_count_duplication_msgs;
+}
+
+/**************************************************************************//**
+ * \fn static int8_t sn_coap_protocol_linked_list_duplication_info_search(sn_nsdl_addr_s *addr_ptr, uint16_t msg_id)
+ *
+ * \brief Searches stored message from Linked list (Address and Message ID as key)
+ *
+ * \param *addr_ptr is pointer to Address key to be searched
+ * \param msg_id is Message ID key to be searched
+ *
+ * \return Return value is 0 when message found and -1 if not found
+ *****************************************************************************/
+
+static int8_t sn_coap_protocol_linked_list_duplication_info_search(sn_nsdl_addr_s *addr_ptr,
+        uint16_t msg_id)
+{
+    /* Loop all nodes in Linked list for searching Message ID */
+    ns_list_foreach(coap_duplication_info_s, stored_duplication_info_ptr, &global_linked_list_duplication_msgs) {
+        /* If message's Message ID is same than is searched */
+        if (stored_duplication_info_ptr->msg_id == msg_id) {
+            /* If message's Source address is same than is searched */
+            if (0 == memcmp(addr_ptr->addr_ptr, stored_duplication_info_ptr->addr_ptr, addr_ptr->addr_len)) {
+                /* If message's Source address port is same than is searched */
+                if (stored_duplication_info_ptr->port == addr_ptr->port) {
+                    /* * * Correct Duplication info found * * * */
+                    return 0;
+                }
+            }
+        }
+    }
+
+    return -1;
+}
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_duplication_info_remove(struct coap_s *handle, uint8_t *addr_ptr, uint16_t port, uint16_t msg_id)
+ *
+ * \brief Removes stored Duplication info from Linked list
+ *
+ * \param *addr_ptr is pointer to Address key to be removed
+ *
+ * \param port is Port key to be removed
+ *
+ * \param msg_id is Message ID key to be removed
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_duplication_info_remove(struct coap_s *handle, uint8_t *addr_ptr, uint16_t port, uint16_t msg_id)
+{
+    /* Loop all stored duplication messages in Linked list */
+    ns_list_foreach(coap_duplication_info_s, removed_duplication_info_ptr, &global_linked_list_duplication_msgs) {
+        /* If message's Address is same than is searched */
+        if (handle == removed_duplication_info_ptr->coap && 0 == memcmp(addr_ptr, removed_duplication_info_ptr->addr_ptr, removed_duplication_info_ptr->addr_len)) {
+            /* If message's Address prt is same than is searched */
+            if (removed_duplication_info_ptr->port == port) {
+                /* If Message ID is same than is searched */
+                if (removed_duplication_info_ptr->msg_id == msg_id) {
+                    /* * * * Correct Duplication info found, remove it from Linked list * * * */
+                    ns_list_remove(&global_linked_list_duplication_msgs, removed_duplication_info_ptr);
+                    --global_count_duplication_msgs;
+
+                    /* Free memory of stored Duplication info */
+                    handle->sn_coap_protocol_free(removed_duplication_info_ptr->addr_ptr);
+                    removed_duplication_info_ptr->addr_ptr = 0;
+                    handle->sn_coap_protocol_free(removed_duplication_info_ptr);
+                    removed_duplication_info_ptr = 0;
+
+                    return;
+                }
+            }
+        }
+    }
+}
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_duplication_info_remove_old_ones(struct coap_s *handle)
+ *
+ * \brief Removes old stored Duplication detection infos from Linked list
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_duplication_info_remove_old_ones(struct coap_s *handle)
+{
+    /* Loop all stored duplication messages in Linked list */
+    ns_list_foreach_safe(coap_duplication_info_s, removed_duplication_info_ptr, &global_linked_list_duplication_msgs) {
+        if ((global_system_time - removed_duplication_info_ptr->timestamp)  > SN_COAP_DUPLICATION_MAX_TIME_MSGS_STORED) {
+            /* * * * Old Duplication info found, remove it from Linked list * * * */
+            ns_list_remove(&global_linked_list_duplication_msgs, removed_duplication_info_ptr);
+            --global_count_duplication_msgs;
+
+            /* Free memory of stored Duplication info */
+            handle->sn_coap_protocol_free(removed_duplication_info_ptr->addr_ptr);
+            removed_duplication_info_ptr->addr_ptr = 0;
+            handle->sn_coap_protocol_free(removed_duplication_info_ptr);
+            removed_duplication_info_ptr = 0;
+        }
+    }
+}
+
+#endif /* SN_COAP_DUPLICATION_MAX_MSGS_COUNT */
+
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_blockwise_msg_remove(struct coap_s *handle, coap_blockwise_msg_s *removed_msg_ptr)
+ *
+ * \brief Removes stored blockwise message from Linked list
+ *
+ * \param removed_msg_ptr is message to be removed
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_blockwise_msg_remove(struct coap_s *handle, coap_blockwise_msg_s *removed_msg_ptr)
+{
+    if( removed_msg_ptr->coap == handle ){
+        ns_list_remove(&global_linked_list_blockwise_sent_msgs, removed_msg_ptr);
+
+        if( removed_msg_ptr->coap_msg_ptr ){
+            if (removed_msg_ptr->coap_msg_ptr->payload_ptr) {
+                handle->sn_coap_protocol_free(removed_msg_ptr->coap_msg_ptr->payload_ptr);
+                removed_msg_ptr->coap_msg_ptr->payload_ptr = 0;
+            }
+
+            sn_coap_parser_release_allocated_coap_msg_mem(handle, removed_msg_ptr->coap_msg_ptr);
+        }
+
+        handle->sn_coap_protocol_free(removed_msg_ptr);
+        removed_msg_ptr = 0;
+    }
+}
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_blockwise_payload_store(sn_nsdl_addr_s *addr_ptr, uint16_t stored_payload_len, uint8_t *stored_payload_ptr)
+ *
+ * \brief Stores blockwise payload to Linked list
+ *
+ * \param *addr_ptr is pointer to Address information to be stored
+ * \param stored_payload_len is length of stored Payload
+ * \param *stored_payload_ptr is pointer to stored Payload
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_blockwise_payload_store(struct coap_s *handle, sn_nsdl_addr_s *addr_ptr,
+        uint16_t stored_payload_len,
+        uint8_t *stored_payload_ptr)
+{
+    if (!addr_ptr || !stored_payload_len || !stored_payload_ptr) {
+        return;
+    }
+
+    coap_blockwise_payload_s *stored_blockwise_payload_ptr = NULL;
+
+    /* * * * Allocating memory for stored Payload  * * * */
+
+    /* Allocate memory for stored Payload's structure */
+    stored_blockwise_payload_ptr = handle->sn_coap_protocol_malloc(sizeof(coap_blockwise_payload_s));
+
+    if (stored_blockwise_payload_ptr == NULL) {
+        return;
+    }
+
+    /* Allocate memory for stored Payload's data */
+    stored_blockwise_payload_ptr->payload_ptr = handle->sn_coap_protocol_malloc(stored_payload_len);
+
+    if (stored_blockwise_payload_ptr->payload_ptr == NULL) {
+        handle->sn_coap_protocol_free(stored_blockwise_payload_ptr);
+        stored_blockwise_payload_ptr = 0;
+        return;
+    }
+
+    /* Allocate memory for stored Payload's address */
+    stored_blockwise_payload_ptr->addr_ptr = handle->sn_coap_protocol_malloc(addr_ptr->addr_len);
+
+    if (stored_blockwise_payload_ptr->addr_ptr == NULL) {
+        handle->sn_coap_protocol_free(stored_blockwise_payload_ptr->payload_ptr);
+        stored_blockwise_payload_ptr->payload_ptr = 0;
+        handle->sn_coap_protocol_free(stored_blockwise_payload_ptr);
+        stored_blockwise_payload_ptr = 0;
+
+        return;
+    }
+
+    /* * * * Filling fields of stored Payload  * * * */
+
+    stored_blockwise_payload_ptr->timestamp = global_system_time;
+
+    memcpy(stored_blockwise_payload_ptr->addr_ptr, addr_ptr->addr_ptr, addr_ptr->addr_len);
+    stored_blockwise_payload_ptr->port = addr_ptr->port;
+    memcpy(stored_blockwise_payload_ptr->payload_ptr, stored_payload_ptr, stored_payload_len);
+    stored_blockwise_payload_ptr->payload_len = stored_payload_len;
+
+    stored_blockwise_payload_ptr->coap = handle;
+
+    /* * * * Storing Payload to Linked list  * * * */
+
+    ns_list_add_to_end(&global_linked_list_blockwise_received_payloads, stored_blockwise_payload_ptr);
+}
+
+/**************************************************************************//**
+ * \fn static uint8_t *sn_coap_protocol_linked_list_blockwise_payload_search(sn_nsdl_addr_s *src_addr_ptr, uint16_t *payload_length)
+ *
+ * \brief Searches stored blockwise payload from Linked list (Address as key)
+ *
+ * \param *addr_ptr is pointer to Address key to be searched
+ * \param *payload_length is pointer to returned Payload length
+ *
+ * \return Return value is pointer to found stored blockwise payload in Linked
+ *         list or NULL if payload not found
+ *****************************************************************************/
+
+static uint8_t *sn_coap_protocol_linked_list_blockwise_payload_search(sn_nsdl_addr_s *src_addr_ptr, uint16_t *payload_length)
+{
+    /* Loop all stored blockwise payloads in Linked list */
+    ns_list_foreach(coap_blockwise_payload_s, stored_payload_info_ptr, &global_linked_list_blockwise_received_payloads) {
+        /* If payload's Source address is same than is searched */
+        if (0 == memcmp(src_addr_ptr->addr_ptr, stored_payload_info_ptr->addr_ptr, src_addr_ptr->addr_len)) {
+            /* If payload's Source address port is same than is searched */
+            if (stored_payload_info_ptr->port == src_addr_ptr->port) {
+                /* * * Correct Payload found * * * */
+                *payload_length = stored_payload_info_ptr->payload_len;
+
+                return stored_payload_info_ptr->payload_ptr;
+            }
+        }
+    }
+
+    return NULL;
+}
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_blockwise_payload_remove_oldest(struct coap_s *handle)
+ *
+ * \brief Removes current stored blockwise paylod from Linked list
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_blockwise_payload_remove_oldest(struct coap_s *handle)
+{
+    coap_blockwise_payload_s *removed_payload_ptr;
+
+    /* Remove oldest node in Linked list*/
+    removed_payload_ptr = ns_list_get_first(&global_linked_list_blockwise_received_payloads);
+
+    if (removed_payload_ptr != NULL) {
+        sn_coap_protocol_linked_list_blockwise_payload_remove(handle, removed_payload_ptr);
+    }
+}
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_blockwise_payload_remove(struct coap_s *handle,
+ *                                                      coap_blockwise_msg_s *removed_msg_ptr)
+ *
+ * \brief Removes stored blockwise payload from Linked list
+ *
+ * \param removed_payload_ptr is payload to be removed
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_blockwise_payload_remove(struct coap_s *handle,
+                                                                  coap_blockwise_payload_s *removed_payload_ptr)
+{
+    ns_list_remove(&global_linked_list_blockwise_received_payloads, removed_payload_ptr);
+
+    /* Free memory of stored payload */
+    if (removed_payload_ptr->addr_ptr != NULL) {
+        handle->sn_coap_protocol_free(removed_payload_ptr->addr_ptr);
+        removed_payload_ptr->addr_ptr = 0;
+    }
+
+    if (removed_payload_ptr->payload_ptr != NULL) {
+        handle->sn_coap_protocol_free(removed_payload_ptr->payload_ptr);
+        removed_payload_ptr->payload_ptr = 0;
+    }
+
+    handle->sn_coap_protocol_free(removed_payload_ptr);
+    removed_payload_ptr = 0;
+}
+
+/**************************************************************************//**
+ * \fn static uint16_t sn_coap_protocol_linked_list_blockwise_payloads_get_len(sn_nsdl_addr_s *src_addr_ptr)
+ *
+ * \brief Counts length of Payloads in Linked list (Address as key)
+ *
+ * \param *addr_ptr is pointer to Address key
+ *
+ * \return Return value is length of Payloads as bytes
+ *****************************************************************************/
+
+static uint16_t sn_coap_protocol_linked_list_blockwise_payloads_get_len(sn_nsdl_addr_s *src_addr_ptr)
+{
+    uint16_t                  ret_whole_payload_len           = 0;
+
+    /* Loop all stored blockwise payloads in Linked list */
+    ns_list_foreach(coap_blockwise_payload_s, searched_payload_info_ptr, &global_linked_list_blockwise_received_payloads) {
+        /* If payload's Source address is same than is searched */
+        if (0 == memcmp(src_addr_ptr->addr_ptr, searched_payload_info_ptr->addr_ptr, src_addr_ptr->addr_len)) {
+            /* If payload's Source address port is same than is searched */
+            if (searched_payload_info_ptr->port == src_addr_ptr->port) {
+                /* * * Correct Payload found * * * */
+                ret_whole_payload_len += searched_payload_info_ptr->payload_len;
+            }
+        }
+    }
+
+    return ret_whole_payload_len;
+}
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_linked_list_blockwise_remove_old_data(struct coap_s *handle)
+ *
+ * \brief Removes old stored Blockwise messages and payloads from Linked list
+ *****************************************************************************/
+
+static void sn_coap_protocol_linked_list_blockwise_remove_old_data(struct coap_s *handle)
+{
+    /* Loop all stored Blockwise messages in Linked list */
+    ns_list_foreach_safe(coap_blockwise_msg_s, removed_blocwise_msg_ptr, &global_linked_list_blockwise_sent_msgs) {
+        if ((global_system_time - removed_blocwise_msg_ptr->timestamp)  > SN_COAP_BLOCKWISE_MAX_TIME_DATA_STORED) {
+            //TODO: Check do we need to check handle == removed_blocwise_msg_ptr->coap here?
+
+            /* * * * Old Blockise message found, remove it from Linked list * * * */
+            if( removed_blocwise_msg_ptr->coap_msg_ptr ){
+                if(removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr){
+                    handle->sn_coap_protocol_free(removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr);
+                    removed_blocwise_msg_ptr->coap_msg_ptr->payload_ptr = 0;
+                }
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, removed_blocwise_msg_ptr->coap_msg_ptr);
+                removed_blocwise_msg_ptr->coap_msg_ptr = 0;
+            }
+            sn_coap_protocol_linked_list_blockwise_msg_remove(handle, removed_blocwise_msg_ptr);
+        }
+    }
+
+    /* Loop all stored Blockwise payloads in Linked list */
+    ns_list_foreach_safe(coap_blockwise_payload_s, removed_blocwise_payload_ptr, &global_linked_list_blockwise_received_payloads) {
+        if ((global_system_time - removed_blocwise_payload_ptr->timestamp)  > SN_COAP_BLOCKWISE_MAX_TIME_DATA_STORED) {
+            /* * * * Old Blockise payload found, remove it from Linked list * * * */
+            sn_coap_protocol_linked_list_blockwise_payload_remove(handle, removed_blocwise_payload_ptr);
+        }
+    }
+}
+
+#endif /* SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE */
+
+
+#if ENABLE_RESENDINGS  /* If Message resending is not used at all, this part of code will not be compiled */
+/***************************************************************************//**
+ * \fn int8_t sn_coap_protocol_allocate_mem_for_msg(sn_nsdl_addr_s *dst_addr_ptr, uint16_t packet_data_len, coap_send_msg_s *msg_ptr)
+ *
+ * \brief Allocates memory for given message (send or blockwise message)
+ *
+ * \param *dst_addr_ptr is pointer to destination address where message will be sent
+ * \param packet_data_len is length of allocated Packet data
+ *
+ * \return pointer to allocated struct
+ *****************************************************************************/
+
+coap_send_msg_s *sn_coap_protocol_allocate_mem_for_msg(struct coap_s *handle, sn_nsdl_addr_s *dst_addr_ptr, uint16_t packet_data_len)
+{
+
+    coap_send_msg_s *msg_ptr = handle->sn_coap_protocol_malloc(sizeof(coap_send_msg_s));
+
+    if (msg_ptr == NULL) {
+        return 0;
+    }
+
+    memset(msg_ptr, 0, sizeof(coap_send_msg_s));
+
+    msg_ptr->send_msg_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_nsdl_transmit_s));
+
+    if (msg_ptr->send_msg_ptr == NULL) {
+        sn_coap_protocol_release_allocated_send_msg_mem(handle, msg_ptr);
+        return 0;
+    }
+
+    memset(msg_ptr->send_msg_ptr, 0 , sizeof(sn_nsdl_transmit_s));
+
+    msg_ptr->send_msg_ptr->dst_addr_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_nsdl_addr_s));
+
+    if (msg_ptr->send_msg_ptr->dst_addr_ptr == NULL) {
+        sn_coap_protocol_release_allocated_send_msg_mem(handle, msg_ptr);
+        return 0;
+    }
+
+    memset(msg_ptr->send_msg_ptr->dst_addr_ptr, 0, sizeof(sn_nsdl_addr_s));
+
+    msg_ptr->send_msg_ptr->packet_ptr = handle->sn_coap_protocol_malloc(packet_data_len);
+
+    if (msg_ptr->send_msg_ptr->packet_ptr == NULL) {
+        sn_coap_protocol_release_allocated_send_msg_mem(handle, msg_ptr);
+        return 0;
+    }
+
+    msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr = handle->sn_coap_protocol_malloc(dst_addr_ptr->addr_len);
+
+    if (msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr == NULL) {
+        sn_coap_protocol_release_allocated_send_msg_mem(handle, msg_ptr);
+        return 0;
+    }
+
+    memset(msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr, 0, dst_addr_ptr->addr_len);
+
+    return msg_ptr;
+}
+
+
+/**************************************************************************//**
+ * \fn static void sn_coap_protocol_release_allocated_send_msg_mem(struct coap_s *handle, coap_send_msg_s *freed_send_msg_ptr)
+ *
+ * \brief Releases memory of given Sending message (coap_send_msg_s)
+ *
+ * \param *freed_send_msg_ptr is pointer to released Sending message
+ *****************************************************************************/
+
+static void sn_coap_protocol_release_allocated_send_msg_mem(struct coap_s *handle, coap_send_msg_s *freed_send_msg_ptr)
+{
+    if (freed_send_msg_ptr != NULL) {
+        if (freed_send_msg_ptr->send_msg_ptr != NULL) {
+            if (freed_send_msg_ptr->send_msg_ptr->dst_addr_ptr != NULL) {
+                if (freed_send_msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr != NULL) {
+                    handle->sn_coap_protocol_free(freed_send_msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr);
+                    freed_send_msg_ptr->send_msg_ptr->dst_addr_ptr->addr_ptr = 0;
+                }
+
+                handle->sn_coap_protocol_free(freed_send_msg_ptr->send_msg_ptr->dst_addr_ptr);
+                freed_send_msg_ptr->send_msg_ptr->dst_addr_ptr = 0;
+            }
+
+            if (freed_send_msg_ptr->send_msg_ptr->packet_ptr != NULL) {
+                handle->sn_coap_protocol_free(freed_send_msg_ptr->send_msg_ptr->packet_ptr);
+                freed_send_msg_ptr->send_msg_ptr->packet_ptr = 0;
+            }
+
+            handle->sn_coap_protocol_free(freed_send_msg_ptr->send_msg_ptr);
+            freed_send_msg_ptr->send_msg_ptr = 0;
+        }
+
+        handle->sn_coap_protocol_free(freed_send_msg_ptr);
+        freed_send_msg_ptr = 0;
+    }
+}
+
+/**************************************************************************//**
+ * \fn static uint16_t sn_coap_count_linked_list_size(const coap_send_msg_list_t *linked_list_ptr)
+ *
+ * \brief Counts total message size of all messages in linked list
+ *
+ * \param const coap_send_msg_list_t *linked_list_ptr pointer to linked list
+ *****************************************************************************/
+static uint16_t sn_coap_count_linked_list_size(const coap_send_msg_list_t *linked_list_ptr)
+{
+    uint16_t total_size = 0;
+
+    ns_list_foreach(coap_send_msg_s, stored_msg_ptr, linked_list_ptr) {
+        if (stored_msg_ptr->send_msg_ptr) {
+            total_size += stored_msg_ptr->send_msg_ptr->packet_len;
+        }
+    }
+
+    return total_size;
+}
+
+#endif
+#if SN_COAP_BLOCKWISE_MAX_PAYLOAD_SIZE /* If Message blockwising is not used at all, this part of code will not be compiled */
+
+/**************************************************************************//**
+ * \fn static int8_t sn_coap_handle_blockwise_message(void)
+ *
+ * \brief Handles all received blockwise messages
+ *
+ * \param *src_addr_ptr pointer to source address information struct
+ * \param *received_coap_msg_ptr pointer to parsed CoAP message structure
+ *****************************************************************************/
+
+static sn_coap_hdr_s *sn_coap_handle_blockwise_message(struct coap_s *handle, sn_nsdl_addr_s *src_addr_ptr, sn_coap_hdr_s *received_coap_msg_ptr, void *param)
+{
+    sn_coap_hdr_s *src_coap_blockwise_ack_msg_ptr = NULL;
+    uint16_t dst_packed_data_needed_mem = 0;
+    uint8_t *dst_ack_packet_data_ptr = NULL;
+    uint8_t block_temp = 0;
+
+    uint16_t original_payload_len = 0;
+    uint8_t *original_payload_ptr = NULL;
+
+    /* Block1 Option in a request (e.g., PUT or POST) */
+    // Blocked request sending, received ACK, sending next block..
+    if (received_coap_msg_ptr->options_list_ptr->block1_ptr) {
+        if (received_coap_msg_ptr->msg_code > COAP_MSG_CODE_REQUEST_DELETE) {
+            if (*(received_coap_msg_ptr->options_list_ptr->block1_ptr + (received_coap_msg_ptr->options_list_ptr->block1_len - 1)) & 0x08) {
+                coap_blockwise_msg_s *stored_blockwise_msg_temp_ptr = NULL;
+
+                /* Get  */
+                ns_list_foreach(coap_blockwise_msg_s, msg, &global_linked_list_blockwise_sent_msgs) {
+                    if (msg->coap_msg_ptr && received_coap_msg_ptr->msg_id == msg->coap_msg_ptr->msg_id) {
+                        stored_blockwise_msg_temp_ptr = msg;
+                        break;
+                    }
+                }
+
+                if (stored_blockwise_msg_temp_ptr) {
+                    /* Build response message */
+
+                    uint16_t block_size = 1;
+                    uint32_t block_number = 0;
+
+                    /* Get block option parameters from received message */
+                    if (received_coap_msg_ptr->options_list_ptr->block1_len == 3) {
+                        block_number = *(received_coap_msg_ptr->options_list_ptr->block1_ptr) << 12;
+                        block_number |= *(received_coap_msg_ptr->options_list_ptr->block1_ptr + 1) << 4;
+                        block_number |= (*(received_coap_msg_ptr->options_list_ptr->block1_ptr + 2)) >> 4;
+                    }
+
+                    else if (received_coap_msg_ptr->options_list_ptr->block1_len == 2) {
+                        block_number = *(received_coap_msg_ptr->options_list_ptr->block1_ptr) << 4;
+                        block_number |= (*(received_coap_msg_ptr->options_list_ptr->block1_ptr + 1)) >> 4;
+                    } else if (received_coap_msg_ptr->options_list_ptr->block1_len == 1) {
+                        block_number = (*received_coap_msg_ptr->options_list_ptr->block1_ptr) >> 4;
+                    }
+
+
+                    block_temp = *(received_coap_msg_ptr->options_list_ptr->block1_ptr + (received_coap_msg_ptr->options_list_ptr->block1_len - 1)) & 0x07;
+                    block_size = block_size << (block_temp + 4);
+
+
+                    /* Build next block message */
+                    src_coap_blockwise_ack_msg_ptr = stored_blockwise_msg_temp_ptr->coap_msg_ptr;
+
+                    if (src_coap_blockwise_ack_msg_ptr->options_list_ptr) {
+                        if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr) {
+                            handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr);
+                            src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr = 0;
+
+                        }
+                        if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr) {
+                            handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr);
+                            src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = 0;
+                        }
+                    } else {
+                        src_coap_blockwise_ack_msg_ptr->options_list_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_options_list_s));
+                        if (!src_coap_blockwise_ack_msg_ptr->options_list_ptr) {
+                            sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                            return 0;
+                        }
+                        memset(src_coap_blockwise_ack_msg_ptr->options_list_ptr, 0, (sizeof(sn_coap_options_list_s)));
+                    }
+
+                    block_number++;
+
+                    if (block_number <= 0x0f) {
+                        src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len = 1;
+                    } else if (block_number <= 0x0fff) {
+                        src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len = 2;
+                    } else if (block_number <= 0x0fffff) {
+                        src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len = 3;
+                    }
+
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr = handle->sn_coap_protocol_malloc(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len);
+
+                    if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr == 0) {
+                        sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                        return 0;
+                    }
+
+                    *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr + (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len - 1)) = block_temp;
+                    *src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr |= block_number << 4;
+
+
+                    if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len == 3) {
+                        *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr + 2) = block_number << 4;
+                        *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr + 1) |= block_number >> 4;
+                        *src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr |= block_number >> 12;
+                    } else if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len == 2) {
+                        *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr + 1) |= block_number << 4;
+                        *src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr |= block_number >> 4;
+                    } else {
+                        *src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr |= block_number << 4;
+                    }
+
+                    original_payload_len = stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len;
+                    original_payload_ptr = stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr;
+
+                    if ((block_size * (block_number + 1)) > stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len) {
+                        src_coap_blockwise_ack_msg_ptr->payload_len = stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len - (block_size * (block_number));
+                        src_coap_blockwise_ack_msg_ptr->payload_ptr = src_coap_blockwise_ack_msg_ptr->payload_ptr + (block_size * block_number);
+                    }
+
+                    /* Not last block */
+                    else {
+                        /* set more - bit */
+                        *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr + (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len - 1)) |= 0x08;
+                        src_coap_blockwise_ack_msg_ptr->payload_len = block_size;
+                        src_coap_blockwise_ack_msg_ptr->payload_ptr = src_coap_blockwise_ack_msg_ptr->payload_ptr + (block_size * block_number);
+                    }
+
+                    /* Build and send block message */
+                    dst_packed_data_needed_mem = sn_coap_builder_calc_needed_packet_data_size(src_coap_blockwise_ack_msg_ptr);
+
+                    dst_ack_packet_data_ptr = handle->sn_coap_protocol_malloc(dst_packed_data_needed_mem);
+                    if (!dst_ack_packet_data_ptr) {
+                        handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr);
+                        src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr = 0;
+                        handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                        src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                        handle->sn_coap_protocol_free(original_payload_ptr);
+                        original_payload_ptr = 0;
+                        handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                        src_coap_blockwise_ack_msg_ptr = 0;
+                        stored_blockwise_msg_temp_ptr->coap_msg_ptr = NULL;
+                        sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                        return NULL;
+                    }
+                    src_coap_blockwise_ack_msg_ptr->msg_id = message_id++;
+                    if (message_id == 0) {
+                        message_id = 1;
+                    }
+
+                    sn_coap_builder(dst_ack_packet_data_ptr, src_coap_blockwise_ack_msg_ptr);
+
+                    handle->sn_coap_tx_callback(dst_ack_packet_data_ptr, dst_packed_data_needed_mem, src_addr_ptr, param);
+
+                    handle->sn_coap_protocol_free(dst_ack_packet_data_ptr);
+                    dst_ack_packet_data_ptr = 0;
+
+                    stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len = original_payload_len;
+                    stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr = original_payload_ptr;
+
+                    received_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_BLOCKWISE_ACK;
+                }
+            } else {
+                // XXX what was this trying to free?
+                //sn_coap_protocol_linked_list_blockwise_msg_remove_current();
+                received_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_BLOCKWISE_ACK;
+            }
+        }
+
+        // Blocked request receiving
+        else {
+            if (received_coap_msg_ptr->payload_len > sn_coap_block_data_size) {
+                received_coap_msg_ptr->payload_len = sn_coap_block_data_size;
+            }
+
+            sn_coap_protocol_linked_list_blockwise_payload_store(handle, src_addr_ptr, received_coap_msg_ptr->payload_len, received_coap_msg_ptr->payload_ptr);
+            /* If not last block (more value is set) */
+            /* Block option length can be 1-3 bytes. First 4-20 bits are for block number. Last 4 bits are ALWAYS more bit + block size. */
+            if (*(received_coap_msg_ptr->options_list_ptr->block1_ptr + (received_coap_msg_ptr->options_list_ptr->block1_len - 1)) & 0x08) {
+                //send ack
+                src_coap_blockwise_ack_msg_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_hdr_s));
+
+                if (src_coap_blockwise_ack_msg_ptr == NULL) {
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    return NULL;
+                }
+
+                memset(src_coap_blockwise_ack_msg_ptr, 0, sizeof(sn_coap_hdr_s));
+
+                src_coap_blockwise_ack_msg_ptr->options_list_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_options_list_s));
+
+                if (src_coap_blockwise_ack_msg_ptr->options_list_ptr == NULL) {
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    src_coap_blockwise_ack_msg_ptr = 0;
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    return NULL;
+                }
+
+                memset(src_coap_blockwise_ack_msg_ptr->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+                if (received_coap_msg_ptr->msg_code == COAP_MSG_CODE_REQUEST_GET) {
+                    src_coap_blockwise_ack_msg_ptr->msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+                } else if (received_coap_msg_ptr->msg_code == COAP_MSG_CODE_REQUEST_POST) {
+                    src_coap_blockwise_ack_msg_ptr->msg_code = COAP_MSG_CODE_RESPONSE_CREATED;
+                } else if (received_coap_msg_ptr->msg_code == COAP_MSG_CODE_REQUEST_PUT) {
+                    src_coap_blockwise_ack_msg_ptr->msg_code = COAP_MSG_CODE_RESPONSE_CHANGED;
+                } else if (received_coap_msg_ptr->msg_code == COAP_MSG_CODE_REQUEST_DELETE) {
+                    src_coap_blockwise_ack_msg_ptr->msg_code = COAP_MSG_CODE_RESPONSE_DELETED;
+                }
+
+                src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len = received_coap_msg_ptr->options_list_ptr->block1_len;
+                src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr = handle->sn_coap_protocol_malloc(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len);
+                if (!src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr) {
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    src_coap_blockwise_ack_msg_ptr = NULL;
+                    return NULL;
+                }
+
+                src_coap_blockwise_ack_msg_ptr->msg_type = COAP_MSG_TYPE_ACKNOWLEDGEMENT;
+
+                memcpy(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr, received_coap_msg_ptr->options_list_ptr->block1_ptr, received_coap_msg_ptr->options_list_ptr->block1_len);
+
+                /* Check block size */
+                block_temp = (*(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr + (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len - 1)) & 0x07);
+                if (block_temp > sn_coap_convert_block_size(sn_coap_block_data_size)) {
+                    *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr + (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len - 1)) &= 0xF8;
+                    *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr + (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_len - 1)) |= sn_coap_convert_block_size(sn_coap_block_data_size);
+                }
+
+                src_coap_blockwise_ack_msg_ptr->msg_id = received_coap_msg_ptr->msg_id;
+
+                dst_packed_data_needed_mem = sn_coap_builder_calc_needed_packet_data_size(src_coap_blockwise_ack_msg_ptr);
+
+                dst_ack_packet_data_ptr = handle->sn_coap_protocol_malloc(dst_packed_data_needed_mem);
+                if (!dst_ack_packet_data_ptr) {
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    src_coap_blockwise_ack_msg_ptr = 0;
+                    return NULL;
+                }
+
+                sn_coap_builder(dst_ack_packet_data_ptr, src_coap_blockwise_ack_msg_ptr);
+
+                handle->sn_coap_tx_callback(dst_ack_packet_data_ptr, dst_packed_data_needed_mem, src_addr_ptr, param);
+
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, src_coap_blockwise_ack_msg_ptr);
+                handle->sn_coap_protocol_free(dst_ack_packet_data_ptr);
+                dst_ack_packet_data_ptr = 0;
+
+                received_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVING;
+
+            } else {
+                /* * * This is the last block when whole Blockwise payload from received * * */
+                /* * * blockwise messages is gathered and returned to User               * * */
+
+                /* Store last Blockwise payload to Linked list */
+                uint16_t payload_len            = 0;
+                uint8_t *payload_ptr            = sn_coap_protocol_linked_list_blockwise_payload_search(src_addr_ptr, &payload_len);
+                uint16_t whole_payload_len      = sn_coap_protocol_linked_list_blockwise_payloads_get_len(src_addr_ptr);
+                uint8_t *temp_whole_payload_ptr = NULL;
+
+                temp_whole_payload_ptr = handle->sn_coap_protocol_malloc(whole_payload_len);
+                if (!temp_whole_payload_ptr) {
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    return 0;
+                }
+
+                //TODO: This might cause crashes, but if not deleted leaks memory?
+                if( received_coap_msg_ptr->payload_ptr ){
+                    free(received_coap_msg_ptr->payload_ptr);
+                }
+                received_coap_msg_ptr->payload_ptr = temp_whole_payload_ptr;
+                received_coap_msg_ptr->payload_len = whole_payload_len;
+
+                /* Copy stored Blockwise payloads to returned whole Blockwise payload pointer */
+                while (payload_ptr != NULL) {
+                    memcpy(temp_whole_payload_ptr, payload_ptr, payload_len);
+
+                    temp_whole_payload_ptr += payload_len;
+
+                    sn_coap_protocol_linked_list_blockwise_payload_remove_oldest(handle);
+                    payload_ptr = sn_coap_protocol_linked_list_blockwise_payload_search(src_addr_ptr, &payload_len);
+                }
+                received_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED;
+            }
+        }
+    }
+
+
+    /* Block2 Option in a response (e.g., a 2.05 response for GET) */
+    /* Message ID must be same than in received message */
+    else {
+        //This is response to request we made
+        if (received_coap_msg_ptr->msg_code > COAP_MSG_CODE_REQUEST_DELETE) {
+            uint32_t block_number = 0;
+
+            /* Store blockwise payload to Linked list */
+            //todo: add block number to stored values - just to make sure all packets are in order
+            sn_coap_protocol_linked_list_blockwise_payload_store(handle, src_addr_ptr, received_coap_msg_ptr->payload_len, received_coap_msg_ptr->payload_ptr);
+
+            /* If not last block (more value is set) */
+            if (*(received_coap_msg_ptr->options_list_ptr->block2_ptr + (received_coap_msg_ptr->options_list_ptr->block2_len - 1)) & 0x08) {
+                coap_blockwise_msg_s *previous_blockwise_msg_ptr = NULL;
+
+                //build and send ack
+                received_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVING;
+
+                ns_list_foreach(coap_blockwise_msg_s, msg, &global_linked_list_blockwise_sent_msgs) {
+                    if (received_coap_msg_ptr->msg_id == msg->coap_msg_ptr->msg_id) {
+                        previous_blockwise_msg_ptr = msg;
+                        break;
+                    }
+                }
+
+                if (!previous_blockwise_msg_ptr || !previous_blockwise_msg_ptr->coap_msg_ptr) {
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    return 0;
+                }
+
+                src_coap_blockwise_ack_msg_ptr = (sn_coap_hdr_s*)handle->sn_coap_protocol_malloc(sizeof(sn_coap_hdr_s));
+                if( !src_coap_blockwise_ack_msg_ptr ){
+                    return 0;
+                }
+                memset(src_coap_blockwise_ack_msg_ptr,0,sizeof(sn_coap_hdr_s));
+
+                ns_list_remove(&global_linked_list_blockwise_sent_msgs, previous_blockwise_msg_ptr);
+                if( previous_blockwise_msg_ptr->coap_msg_ptr ){
+                    if(previous_blockwise_msg_ptr->coap_msg_ptr->payload_ptr){
+                        handle->sn_coap_protocol_free(previous_blockwise_msg_ptr->coap_msg_ptr->payload_ptr);
+                        previous_blockwise_msg_ptr->coap_msg_ptr->payload_ptr = 0;
+                    }
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, previous_blockwise_msg_ptr->coap_msg_ptr);
+                    previous_blockwise_msg_ptr->coap_msg_ptr = 0;
+                }
+                handle->sn_coap_protocol_free(previous_blockwise_msg_ptr);
+                previous_blockwise_msg_ptr = 0;
+
+//                if (src_coap_blockwise_ack_msg_ptr->payload_ptr) {
+
+//                    src_coap_blockwise_ack_msg_ptr->payload_ptr = 0;
+//                    src_coap_blockwise_ack_msg_ptr->payload_len = 0;
+//                }
+
+                /* * * Then build CoAP Acknowledgement message * * */
+
+                src_coap_blockwise_ack_msg_ptr->options_list_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_options_list_s));
+                if (!src_coap_blockwise_ack_msg_ptr->options_list_ptr) {
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    src_coap_blockwise_ack_msg_ptr = 0;
+                    return 0;
+                }
+                memset(src_coap_blockwise_ack_msg_ptr->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+                src_coap_blockwise_ack_msg_ptr->msg_id = message_id++;
+                if (message_id == 0) {
+                    message_id = 1;
+                }
+
+//                if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr) {
+//                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr);
+//                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = 0;
+//                }
+
+                /* Update block option */
+                block_temp = *(received_coap_msg_ptr->options_list_ptr->block2_ptr + (received_coap_msg_ptr->options_list_ptr->block2_len - 1)) & 0x07;
+
+                if (received_coap_msg_ptr->options_list_ptr->block2_len == 3) {
+                    block_number = *(received_coap_msg_ptr->options_list_ptr->block2_ptr) << 12;
+                    block_number |= *(received_coap_msg_ptr->options_list_ptr->block2_ptr + 1) << 4;
+                    block_number |= (*(received_coap_msg_ptr->options_list_ptr->block2_ptr + 2)) >> 4;
+                }
+
+                else if (received_coap_msg_ptr->options_list_ptr->block2_len == 2) {
+                    block_number = *(received_coap_msg_ptr->options_list_ptr->block2_ptr) << 4;
+                    block_number |= (*(received_coap_msg_ptr->options_list_ptr->block2_ptr + 1)) >> 4;
+                } else if (received_coap_msg_ptr->options_list_ptr->block2_len == 1) {
+                    block_number = (*received_coap_msg_ptr->options_list_ptr->block2_ptr) >> 4;
+                }
+
+                block_number ++;
+
+                if (block_number <= 0x0f) {
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len = 1;
+                } else if (block_number <= 0x0fff) {
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len = 2;
+                } else if (block_number <= 0x0fffff) {
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len = 3;
+                }
+
+                src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = handle->sn_coap_protocol_malloc(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len);
+
+                if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr == 0) {
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    src_coap_blockwise_ack_msg_ptr = 0;
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    return 0;
+                }
+
+                *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr + (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len - 1)) = block_temp;
+
+                if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len == 3) {
+                    *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr + 2) = block_number << 4;
+                    *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr + 1) |= block_number >> 4;
+                    *src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr |= block_number >> 12;
+                } else if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len == 2) {
+                    *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr + 1) = block_number << 4;
+                    *src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr |= block_number >> 4;
+                } else {
+                    *src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr |= block_number << 4;
+                }
+
+                /* Then get needed memory count for Packet data */
+                dst_packed_data_needed_mem = sn_coap_builder_calc_needed_packet_data_size(src_coap_blockwise_ack_msg_ptr);
+
+                /* Then allocate memory for Packet data */
+                dst_ack_packet_data_ptr = handle->sn_coap_protocol_malloc(dst_packed_data_needed_mem);
+
+                if (dst_ack_packet_data_ptr == NULL) {
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    src_coap_blockwise_ack_msg_ptr = 0;
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    return NULL;
+                }
+                memset(dst_ack_packet_data_ptr, 0, dst_packed_data_needed_mem);
+
+                /* * * Then build Acknowledgement message to Packed data * * */
+                if ((sn_coap_builder(dst_ack_packet_data_ptr, src_coap_blockwise_ack_msg_ptr)) < 0) {
+                    handle->sn_coap_protocol_free(dst_ack_packet_data_ptr);
+                    dst_ack_packet_data_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    src_coap_blockwise_ack_msg_ptr = 0;
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    return NULL;
+                }
+
+                /* * * Save to linked list * * */
+                coap_blockwise_msg_s *stored_blockwise_msg_ptr;
+
+                stored_blockwise_msg_ptr = handle->sn_coap_protocol_malloc(sizeof(coap_blockwise_msg_s));
+                if (!stored_blockwise_msg_ptr) {
+                    handle->sn_coap_protocol_free(dst_ack_packet_data_ptr);
+                    dst_ack_packet_data_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    src_coap_blockwise_ack_msg_ptr = 0;
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle, received_coap_msg_ptr);
+                    return 0;
+                }
+                memset(stored_blockwise_msg_ptr, 0, sizeof(coap_blockwise_msg_s));
+
+                stored_blockwise_msg_ptr->timestamp = global_system_time;
+
+                stored_blockwise_msg_ptr->coap_msg_ptr = src_coap_blockwise_ack_msg_ptr;
+                stored_blockwise_msg_ptr->coap = handle;
+
+                ns_list_add_to_end(&global_linked_list_blockwise_sent_msgs, stored_blockwise_msg_ptr);
+
+                /* * * Then release memory of CoAP Acknowledgement message * * */
+                handle->sn_coap_tx_callback(dst_ack_packet_data_ptr,
+                                            dst_packed_data_needed_mem, src_addr_ptr, param);
+
+#if ENABLE_RESENDINGS
+                sn_coap_protocol_linked_list_send_msg_store(handle, src_addr_ptr,
+                        dst_packed_data_needed_mem,
+                        dst_ack_packet_data_ptr,
+                        global_system_time + (uint32_t)(sn_coap_resending_intervall * RESPONSE_RANDOM_FACTOR), param);
+#endif
+                handle->sn_coap_protocol_free(dst_ack_packet_data_ptr);
+                dst_ack_packet_data_ptr = 0;
+            }
+
+            //Last block received
+            else {
+                /* * * This is the last block when whole Blockwise payload from received * * */
+                /* * * blockwise messages is gathered and returned to User               * * */
+
+                /* Store last Blockwise payload to Linked list */
+                uint16_t payload_len            = 0;
+                uint8_t *payload_ptr            = sn_coap_protocol_linked_list_blockwise_payload_search(src_addr_ptr, &payload_len);
+                uint16_t whole_payload_len      = sn_coap_protocol_linked_list_blockwise_payloads_get_len(src_addr_ptr);
+                uint8_t *temp_whole_payload_ptr = NULL;
+
+                temp_whole_payload_ptr = handle->sn_coap_protocol_malloc(whole_payload_len);
+                if (!temp_whole_payload_ptr) {
+                    return 0;
+                }
+
+                received_coap_msg_ptr->payload_ptr = temp_whole_payload_ptr;
+                received_coap_msg_ptr->payload_len = whole_payload_len;
+
+                /* Copy stored Blockwise payloads to returned whole Blockwise payload pointer */
+                while (payload_ptr != NULL) {
+                    memcpy(temp_whole_payload_ptr, payload_ptr, payload_len);
+
+                    temp_whole_payload_ptr += payload_len;
+
+                    sn_coap_protocol_linked_list_blockwise_payload_remove_oldest(handle);
+                    payload_ptr = sn_coap_protocol_linked_list_blockwise_payload_search(src_addr_ptr, &payload_len);
+                }
+                received_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED;
+
+                //todo: remove previous msg from list
+            }
+
+        }
+
+        //Now we send data to request
+        else {
+            //Get message by using block number
+            //NOTE: Getting the first from list might not be correct one
+            coap_blockwise_msg_s *stored_blockwise_msg_temp_ptr = ns_list_get_first(&global_linked_list_blockwise_sent_msgs);
+            if (stored_blockwise_msg_temp_ptr) {
+                uint16_t block_size = 1;
+                uint32_t block_number = 0;
+
+                /* Resolve block parameters */
+                if (received_coap_msg_ptr->options_list_ptr->block2_len == 3) {
+                    block_number = *(received_coap_msg_ptr->options_list_ptr->block2_ptr) << 12;
+                    block_number |= *(received_coap_msg_ptr->options_list_ptr->block2_ptr + 1) << 4;
+                    block_number |= (*(received_coap_msg_ptr->options_list_ptr->block2_ptr + 2)) >> 4;
+                }
+
+                else if (received_coap_msg_ptr->options_list_ptr->block2_len == 2) {
+                    block_number = *(received_coap_msg_ptr->options_list_ptr->block2_ptr) << 4;
+                    block_number |= (*(received_coap_msg_ptr->options_list_ptr->block2_ptr + 1)) >> 4;
+                } else if (received_coap_msg_ptr->options_list_ptr->block2_len == 1) {
+                    block_number = (*received_coap_msg_ptr->options_list_ptr->block2_ptr) >> 4;
+                }
+
+                block_temp = *(received_coap_msg_ptr->options_list_ptr->block2_ptr + (received_coap_msg_ptr->options_list_ptr->block2_len - 1)) & 0x07;
+                block_size = block_size << (block_temp + 4);
+
+                /* Build response message */
+                src_coap_blockwise_ack_msg_ptr = stored_blockwise_msg_temp_ptr->coap_msg_ptr;
+
+                if (src_coap_blockwise_ack_msg_ptr->options_list_ptr) {
+                    if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr) {
+                        handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr);
+                        src_coap_blockwise_ack_msg_ptr->options_list_ptr->block1_ptr = 0;
+
+                    }
+                    if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr) {
+                        handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr);
+                        src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = 0;
+                    }
+                } else {
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_options_list_s));
+                    if (!src_coap_blockwise_ack_msg_ptr->options_list_ptr) {
+                        return 0;
+                    }
+                    memset(src_coap_blockwise_ack_msg_ptr->options_list_ptr, 0, (sizeof(sn_coap_options_list_s)));
+                }
+
+
+                src_coap_blockwise_ack_msg_ptr->msg_id = received_coap_msg_ptr->msg_id;
+
+                src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len = received_coap_msg_ptr->options_list_ptr->block2_len;
+                src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = handle->sn_coap_protocol_malloc(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len);
+
+                if (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr == NULL) {
+                    if(src_coap_blockwise_ack_msg_ptr->payload_ptr){
+                        handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->payload_ptr);
+                    }
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    stored_blockwise_msg_temp_ptr->coap_msg_ptr = NULL;
+                    src_coap_blockwise_ack_msg_ptr = 0;
+                    return NULL;
+                }
+                memcpy(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr, received_coap_msg_ptr->options_list_ptr->block2_ptr, src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len);
+
+                /* * Payload part * */
+
+                /* Check if last block */
+
+                original_payload_len = stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len;
+                original_payload_ptr = stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr;
+
+                if ((block_size * (block_number + 1)) > stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len) {
+                    src_coap_blockwise_ack_msg_ptr->payload_len = stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len - (block_size * block_number);
+                    src_coap_blockwise_ack_msg_ptr->payload_ptr = stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr + (block_size * block_number);
+                }
+                /* Not last block */
+                else {
+                    /* set more - bit */
+                    *(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr + (src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_len - 1)) |= 0x08;
+                    src_coap_blockwise_ack_msg_ptr->payload_len = block_size;
+                    src_coap_blockwise_ack_msg_ptr->payload_ptr = stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr + (block_size * block_number);
+                }
+
+                /* Build and send block message */
+                dst_packed_data_needed_mem = sn_coap_builder_calc_needed_packet_data_size(src_coap_blockwise_ack_msg_ptr);
+
+                dst_ack_packet_data_ptr = handle->sn_coap_protocol_malloc(dst_packed_data_needed_mem);
+                if (!dst_ack_packet_data_ptr) {
+                    if(original_payload_ptr){
+                        handle->sn_coap_protocol_free(original_payload_ptr);
+                        original_payload_ptr = NULL;
+                    }
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr->block2_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr->options_list_ptr);
+                    src_coap_blockwise_ack_msg_ptr->options_list_ptr = 0;
+                    handle->sn_coap_protocol_free(src_coap_blockwise_ack_msg_ptr);
+                    stored_blockwise_msg_temp_ptr->coap_msg_ptr = NULL;
+                    return NULL;
+                }
+
+                sn_coap_builder(dst_ack_packet_data_ptr, src_coap_blockwise_ack_msg_ptr);
+
+                handle->sn_coap_tx_callback(dst_ack_packet_data_ptr, dst_packed_data_needed_mem, src_addr_ptr, param);
+
+                handle->sn_coap_protocol_free(dst_ack_packet_data_ptr);
+                dst_ack_packet_data_ptr = 0;
+
+                stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len = original_payload_len;
+                stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_ptr = original_payload_ptr;
+
+                if ((block_size * (block_number + 1)) > stored_blockwise_msg_temp_ptr->coap_msg_ptr->payload_len) {
+                    sn_coap_protocol_linked_list_blockwise_msg_remove(handle, stored_blockwise_msg_temp_ptr);
+                }
+
+                received_coap_msg_ptr->coap_status = COAP_STATUS_PARSER_BLOCKWISE_ACK;
+            }
+        }
+    }
+    return received_coap_msg_ptr;
+}
+
+static int8_t sn_coap_convert_block_size(uint16_t block_size)
+{
+    if (block_size == 16) {
+        return 0;
+    } else if (block_size == 32) {
+        return 1;
+    } else if (block_size == 64) {
+        return 2;
+    } else if (block_size == 128) {
+        return 3;
+    } else if (block_size == 256) {
+        return 4;
+    } else if (block_size == 512) {
+        return 5;
+    } else if (block_size == 1024) {
+        return 6;
+    }
+
+    return 0;
+}
+
+static sn_coap_hdr_s *sn_coap_protocol_copy_header(struct coap_s *handle, sn_coap_hdr_s *source_header_ptr)
+{
+    sn_coap_hdr_s *destination_header_ptr;
+
+    destination_header_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_hdr_s));
+    if (!destination_header_ptr) {
+        return 0;
+    }
+    memset(destination_header_ptr, 0, sizeof(sn_coap_hdr_s));
+
+    destination_header_ptr->coap_status = source_header_ptr->coap_status;
+    destination_header_ptr->msg_type = source_header_ptr->msg_type;
+    destination_header_ptr->msg_code = source_header_ptr->msg_code;
+    destination_header_ptr->msg_id = source_header_ptr->msg_id;
+
+    if (source_header_ptr->uri_path_ptr) {
+        destination_header_ptr->uri_path_len = source_header_ptr->uri_path_len;
+        destination_header_ptr->uri_path_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->uri_path_len);
+        if (!destination_header_ptr->uri_path_ptr) {
+            sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+            return 0;
+        }
+        memcpy(destination_header_ptr->uri_path_ptr, source_header_ptr->uri_path_ptr, source_header_ptr->uri_path_len);
+    }
+
+    if (source_header_ptr->token_ptr) {
+        destination_header_ptr->token_len = source_header_ptr->token_len;
+        destination_header_ptr->token_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->token_len);
+        if (!destination_header_ptr->token_ptr) {
+            sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+            return 0;
+        }
+        memcpy(destination_header_ptr->token_ptr, source_header_ptr->token_ptr, source_header_ptr->token_len);
+    }
+
+    if (source_header_ptr->content_type_ptr) {
+        destination_header_ptr->content_type_len = source_header_ptr->content_type_len;
+        destination_header_ptr->content_type_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->content_type_len);
+        if (!destination_header_ptr->content_type_ptr) {
+            sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+            return 0;
+        }
+        memcpy(destination_header_ptr->content_type_ptr, source_header_ptr->content_type_ptr, source_header_ptr->content_type_len);
+    }
+
+    /* Options list */
+    if (source_header_ptr->options_list_ptr) {
+        destination_header_ptr->options_list_ptr = handle->sn_coap_protocol_malloc(sizeof(sn_coap_options_list_s));
+        if (!destination_header_ptr->options_list_ptr) {
+            sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+            return 0;
+        }
+        memset(destination_header_ptr->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+
+        if (source_header_ptr->options_list_ptr->max_age_ptr) {
+            destination_header_ptr->options_list_ptr->max_age_len = source_header_ptr->options_list_ptr->max_age_len;
+            destination_header_ptr->options_list_ptr->max_age_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->max_age_len);
+            if (!destination_header_ptr->options_list_ptr->max_age_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->max_age_ptr, source_header_ptr->options_list_ptr->max_age_ptr, source_header_ptr->options_list_ptr->max_age_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->proxy_uri_ptr) {
+            destination_header_ptr->options_list_ptr->proxy_uri_len = source_header_ptr->options_list_ptr->proxy_uri_len;
+            destination_header_ptr->options_list_ptr->proxy_uri_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->proxy_uri_len);
+            if (!destination_header_ptr->options_list_ptr->proxy_uri_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->proxy_uri_ptr, source_header_ptr->options_list_ptr->proxy_uri_ptr, source_header_ptr->options_list_ptr->proxy_uri_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->etag_ptr) {
+            destination_header_ptr->options_list_ptr->etag_len = source_header_ptr->options_list_ptr->etag_len;
+            destination_header_ptr->options_list_ptr->etag_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->etag_len);
+            if (!destination_header_ptr->options_list_ptr->etag_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->etag_ptr, source_header_ptr->options_list_ptr->etag_ptr, source_header_ptr->options_list_ptr->etag_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->uri_host_ptr) {
+            destination_header_ptr->options_list_ptr->uri_host_len = source_header_ptr->options_list_ptr->uri_host_len;
+            destination_header_ptr->options_list_ptr->uri_host_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->uri_host_len);
+            if (!destination_header_ptr->options_list_ptr->uri_host_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->uri_host_ptr, source_header_ptr->options_list_ptr->uri_host_ptr, source_header_ptr->options_list_ptr->uri_host_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->location_path_ptr) {
+            destination_header_ptr->options_list_ptr->location_path_len = source_header_ptr->options_list_ptr->location_path_len;
+            destination_header_ptr->options_list_ptr->location_path_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->location_path_len);
+            if (!destination_header_ptr->options_list_ptr->location_path_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->location_path_ptr, source_header_ptr->options_list_ptr->location_path_ptr, source_header_ptr->options_list_ptr->location_path_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->uri_port_ptr) {
+            destination_header_ptr->options_list_ptr->uri_port_len = source_header_ptr->options_list_ptr->uri_port_len;
+            destination_header_ptr->options_list_ptr->uri_port_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->uri_port_len);
+            if (!destination_header_ptr->options_list_ptr->uri_port_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->uri_port_ptr, source_header_ptr->options_list_ptr->uri_port_ptr, source_header_ptr->options_list_ptr->uri_port_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->location_query_ptr) {
+            destination_header_ptr->options_list_ptr->location_query_len = source_header_ptr->options_list_ptr->location_query_len;
+            destination_header_ptr->options_list_ptr->location_query_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->location_query_len);
+            if (!destination_header_ptr->options_list_ptr->location_query_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->location_query_ptr, source_header_ptr->options_list_ptr->location_query_ptr, source_header_ptr->options_list_ptr->location_query_len);
+        }
+
+        destination_header_ptr->options_list_ptr->observe = source_header_ptr->options_list_ptr->observe;
+
+        if (source_header_ptr->options_list_ptr->observe_ptr) {
+            destination_header_ptr->options_list_ptr->observe_len = source_header_ptr->options_list_ptr->observe_len;
+            destination_header_ptr->options_list_ptr->observe_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->observe_len);
+            if (!destination_header_ptr->options_list_ptr->observe_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->observe_ptr, source_header_ptr->options_list_ptr->observe_ptr, source_header_ptr->options_list_ptr->observe_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->accept_ptr) {
+            destination_header_ptr->options_list_ptr->accept_len = source_header_ptr->options_list_ptr->accept_len;
+            destination_header_ptr->options_list_ptr->accept_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->accept_len);
+            if (!destination_header_ptr->options_list_ptr->accept_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->accept_ptr, source_header_ptr->options_list_ptr->accept_ptr, source_header_ptr->options_list_ptr->accept_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->uri_query_ptr) {
+            destination_header_ptr->options_list_ptr->uri_query_len = source_header_ptr->options_list_ptr->uri_query_len;
+            destination_header_ptr->options_list_ptr->uri_query_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->uri_query_len);
+            if (!destination_header_ptr->options_list_ptr->uri_query_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->uri_query_ptr, source_header_ptr->options_list_ptr->uri_query_ptr, source_header_ptr->options_list_ptr->uri_query_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->block1_ptr) {
+            destination_header_ptr->options_list_ptr->block1_len = source_header_ptr->options_list_ptr->block1_len;
+            destination_header_ptr->options_list_ptr->block1_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->block1_len);
+            if (!destination_header_ptr->options_list_ptr->block1_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->block1_ptr, source_header_ptr->options_list_ptr->block1_ptr, source_header_ptr->options_list_ptr->block1_len);
+        }
+
+        if (source_header_ptr->options_list_ptr->block2_ptr) {
+            destination_header_ptr->options_list_ptr->block2_len = source_header_ptr->options_list_ptr->block2_len;
+            destination_header_ptr->options_list_ptr->block2_ptr = handle->sn_coap_protocol_malloc(source_header_ptr->options_list_ptr->block2_len);
+            if (!destination_header_ptr->options_list_ptr->block2_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle, destination_header_ptr);
+                return 0;
+            }
+            memcpy(destination_header_ptr->options_list_ptr->block2_ptr, source_header_ptr->options_list_ptr->block2_ptr, source_header_ptr->options_list_ptr->block2_len);
+        }
+    }
+
+    return destination_header_ptr;
+}
+#endif
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libNsdl/src/include/sn_grs.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef GRS_H_
+#define GRS_H_
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define SN_GRS_RESOURCE_ALREADY_EXISTS  -2
+#define SN_GRS_INVALID_PATH             -3
+#define SN_GRS_LIST_ADDING_FAILURE      -4
+#define SN_GRS_RESOURCE_UPDATED     -5
+
+#define ACCESS_DENIED           -6
+
+#define SN_GRS_DELETE_METHOD    0
+#define SN_GRS_SEARCH_METHOD    1
+
+#define SN_GRS_DEFAULT_ACCESS   0x0F
+
+#define SN_NDSL_RESOURCE_NOT_REGISTERED 0
+#define SN_NDSL_RESOURCE_REGISTERING    1
+#define SN_NDSL_RESOURCE_REGISTERED     2
+
+/***** Structs *****/
+
+typedef struct sn_grs_version_ {
+    uint8_t major_version;
+    uint8_t minor_version;
+    uint8_t build;
+} sn_grs_version_s;
+
+typedef NS_LIST_HEAD(sn_nsdl_resource_info_s, link) resource_list_t;
+
+struct grs_s {
+    struct coap_s *coap;
+
+    uint16_t resource_root_count;
+    resource_list_t resource_root_list;
+
+    void    *(*sn_grs_alloc)(uint16_t);
+    void (*sn_grs_free)(void *);
+    uint8_t (*sn_grs_tx_callback)(struct nsdl_s *, sn_nsdl_capab_e , uint8_t *, uint16_t, sn_nsdl_addr_s *);
+    int8_t (*sn_grs_rx_callback)(struct nsdl_s *, sn_coap_hdr_s *, sn_nsdl_addr_s *);
+};
+
+
+struct nsdl_s {
+    struct grs_s *grs;
+
+    uint8_t *oma_bs_address_ptr;                                                /* Bootstrap address pointer. If null, no bootstrap in use */
+    uint8_t oma_bs_address_len;                                                 /* Bootstrap address length */
+    uint16_t oma_bs_port;                                                       /* Bootstrap port */
+    void (*sn_nsdl_oma_bs_done_cb)(sn_nsdl_oma_server_info_t *server_info_ptr); /* Callback to inform application when bootstrap is done */
+
+    sn_nsdl_ep_parameters_s *ep_information_ptr;    // Endpoint parameters, Name, Domain etc..
+    sn_nsdl_oma_server_info_t *nsp_address_ptr;     // NSP server address information
+    uint8_t sn_nsdl_endpoint_registered;
+
+    uint16_t register_msg_id;
+    uint16_t unregister_msg_id;
+
+    void *(*sn_nsdl_alloc)(uint16_t);
+    void (*sn_nsdl_free)(void *);
+    uint8_t (*sn_nsdl_tx_callback)(struct nsdl_s *, sn_nsdl_capab_e , uint8_t *, uint16_t, sn_nsdl_addr_s *);
+    uint8_t (*sn_nsdl_rx_callback)(struct nsdl_s *, sn_coap_hdr_s *, sn_nsdl_addr_s *);
+};
+
+/***** Function prototypes *****/
+/**
+ *  \fn extern grs_s *sn_grs_init   (uint8_t (*sn_grs_tx_callback_ptr)(sn_nsdl_capab_e , uint8_t *, uint16_t,
+ *                                  sn_nsdl_addr_s *), uint8_t (*sn_grs_rx_callback_ptr)(sn_coap_hdr_s *, sn_nsdl_addr_s *),
+ *                                  sn_grs_mem_s *sn_memory)
+ *
+ *  \brief GRS library initialize function.
+ *
+ *  This function initializes GRS and CoAP.
+ *
+ *  \param  sn_grs_tx_callback      A function pointer to a transmit callback function. Should return 1 when succeed, 0 when failed
+ *  \param  *sn_grs_rx_callback_ptr A function pointer to a receiving callback function. If received packet is not for GRS, it will be passed to
+ *                                  upper level (NSDL) to be proceed.
+ *  \param  sn_memory               A pointer to a structure containing the platform specific functions for memory allocation and free.
+ *
+ *  \return success pointer to handle, failure = NULL
+ *
+*/
+extern struct grs_s *sn_grs_init(uint8_t (*sn_grs_tx_callback_ptr)(struct nsdl_s *, sn_nsdl_capab_e , uint8_t *, uint16_t,
+                                 sn_nsdl_addr_s *), int8_t (*sn_grs_rx_callback_ptr)(struct nsdl_s *, sn_coap_hdr_s *, sn_nsdl_addr_s *), void *(*sn_grs_alloc)(uint16_t), void (*sn_grs_free)(void *));
+
+extern const sn_nsdl_resource_info_s    *sn_grs_get_first_resource(struct grs_s *handle);
+extern const sn_nsdl_resource_info_s    *sn_grs_get_next_resource(struct grs_s *handle, const sn_nsdl_resource_info_s *sn_grs_current_resource);
+extern int8_t                           sn_grs_process_coap(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr, sn_nsdl_addr_s *src);
+extern sn_nsdl_resource_info_s          *sn_grs_search_resource(struct grs_s *handle, uint16_t pathlen, uint8_t *path, uint8_t search_method);
+extern int8_t                           sn_grs_destroy(struct grs_s *handle);
+extern sn_grs_resource_list_s           *sn_grs_list_resource(struct grs_s *handle, uint16_t pathlen, uint8_t *path);
+extern void                             sn_grs_free_resource_list(struct grs_s *handle, sn_grs_resource_list_s *list);
+extern int8_t                           sn_grs_update_resource(struct grs_s *handle, sn_nsdl_resource_info_s *res);
+extern int8_t                           sn_grs_send_coap_message(struct nsdl_s *handle, sn_nsdl_addr_s *address_ptr, sn_coap_hdr_s *coap_hdr_ptr);
+extern int8_t                           sn_grs_create_resource(struct grs_s *handle, sn_nsdl_resource_info_s *res);
+extern int8_t                           sn_grs_delete_resource(struct grs_s *handle, uint16_t pathlen, uint8_t *path);
+extern void                             sn_grs_mark_resources_as_registered(struct nsdl_s *handle);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+
+
+#endif /* GRS_H_ */
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libNsdl/src/sn_grs.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1012 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ *
+ * \file sn_grs.c
+ *
+ * \brief General resource server.
+ *
+ */
+#include <string.h>
+#include <stdlib.h>
+
+#include "ns_list.h"
+#include "ns_types.h"
+#include "sn_nsdl.h"
+#include "sn_coap_header.h"
+#include "sn_coap_protocol.h"
+#include "sn_nsdl_lib.h"
+#include "sn_grs.h"
+
+
+/* Defines */
+#define WELLKNOWN_PATH_LEN              16
+#define WELLKNOWN_PATH                  (".well-known/core")
+
+/* Local static function prototypes */
+static int8_t                       sn_grs_resource_info_free(struct grs_s *handle, sn_nsdl_resource_info_s *resource_ptr);
+static uint8_t                     *sn_grs_convert_uri(uint16_t *uri_len, uint8_t *uri_ptr);
+static int8_t                       sn_grs_add_resource_to_list(struct grs_s *handle, sn_nsdl_resource_info_s *resource_ptr);
+static int8_t                       sn_grs_core_request(struct nsdl_s *handle, sn_nsdl_addr_s *src_addr_ptr, sn_coap_hdr_s *coap_packet_ptr);
+static uint8_t                      coap_tx_callback(uint8_t *, uint16_t, sn_nsdl_addr_s *, void *);
+static int8_t                       coap_rx_callback(sn_coap_hdr_s *coap_ptr, sn_nsdl_addr_s *address_ptr, void *param);
+
+/* Extern function prototypes */
+extern int8_t                       sn_nsdl_build_registration_body(struct nsdl_s *handle, sn_coap_hdr_s *message_ptr, uint8_t updating_registeration);
+
+/**
+ * \fn int8_t sn_grs_destroy(void)
+ * \brief This function may be used to flush GRS related stuff when a program exits.
+ * @return always 0.
+ */
+extern int8_t sn_grs_destroy(struct grs_s *handle)
+{
+    if( handle == NULL ){
+        return 0;
+    }
+    ns_list_foreach_safe(sn_nsdl_resource_info_s, tmp, &handle->resource_root_list) {
+        ns_list_remove(&handle->resource_root_list, tmp);
+        --handle->resource_root_count;
+        sn_grs_resource_info_free(handle, tmp);
+    }
+    handle->sn_grs_free(handle);
+
+    return 0;
+}
+
+static uint8_t coap_tx_callback(uint8_t *data_ptr, uint16_t data_len, sn_nsdl_addr_s *address_ptr, void *param)
+{
+    struct nsdl_s *handle = (struct nsdl_s *)param;
+
+    if (handle == NULL) {
+        return 0;
+    }
+
+    return handle->grs->sn_grs_tx_callback(handle, SN_NSDL_PROTOCOL_COAP, data_ptr, data_len, address_ptr);
+}
+
+static int8_t coap_rx_callback(sn_coap_hdr_s *coap_ptr, sn_nsdl_addr_s *address_ptr, void *param)
+{
+    struct nsdl_s *handle = (struct nsdl_s *)param;
+
+    if (handle == NULL) {
+        return 0;
+    }
+
+    return handle->sn_nsdl_rx_callback(handle, coap_ptr, address_ptr);
+}
+
+/**
+ * \fn int8_t sn_grs_init   (uint8_t (*sn_grs_tx_callback_ptr)(sn_nsdl_capab_e , uint8_t *, uint16_t,
+ *      sn_nsdl_addr_s *), int8_t (*sn_grs_rx_callback_ptr)(sn_coap_hdr_s *, sn_nsdl_addr_s *), sn_nsdl_mem_s *sn_memory)
+ *
+ * \brief GRS library initialize function.
+ *
+ * This function initializes GRS and CoAP libraries.
+ *
+ * \param   sn_grs_tx_callback      A function pointer to a transmit callback function.
+ * \param  *sn_grs_rx_callback_ptr A function pointer to a receiving callback function. If received packet is not for GRS, it will be passed to
+ *                                  upper level (NSDL) to be proceed.
+ * \param   sn_memory               A pointer to a structure containing the platform specific functions for memory allocation and free.
+ *
+ * \return success = 0, failure = -1
+ *
+*/
+extern struct grs_s *sn_grs_init(uint8_t (*sn_grs_tx_callback_ptr)(struct nsdl_s *, sn_nsdl_capab_e , uint8_t *, uint16_t,
+                                 sn_nsdl_addr_s *), int8_t (*sn_grs_rx_callback_ptr)(struct nsdl_s *, sn_coap_hdr_s *, sn_nsdl_addr_s *),
+                                 void *(*sn_grs_alloc)(uint16_t), void (*sn_grs_free)(void *))
+{
+
+    struct grs_s *handle_ptr = NULL;
+
+    /* Check parameters */
+    if (sn_grs_alloc == NULL || sn_grs_free == NULL ||
+        sn_grs_tx_callback_ptr == NULL || sn_grs_rx_callback_ptr == NULL) {
+        return NULL;
+    }
+
+    handle_ptr = sn_grs_alloc(sizeof(struct grs_s));
+
+    if (handle_ptr == NULL) {
+        return NULL;
+    }
+
+    memset(handle_ptr, 0, sizeof(struct grs_s));
+
+    /* Allocation and free - function pointers  */
+    handle_ptr->sn_grs_alloc = sn_grs_alloc;
+    handle_ptr->sn_grs_free = sn_grs_free;
+
+    /* TX callback function pointer */
+    handle_ptr->sn_grs_tx_callback = sn_grs_tx_callback_ptr;
+    handle_ptr->sn_grs_rx_callback = sn_grs_rx_callback_ptr;
+
+    /* Initialize CoAP protocol library */
+    handle_ptr->coap = sn_coap_protocol_init(sn_grs_alloc, sn_grs_free, coap_tx_callback, coap_rx_callback);
+
+    return handle_ptr;
+}
+
+
+extern sn_grs_resource_list_s *sn_grs_list_resource(struct grs_s *handle, uint16_t pathlen, uint8_t *path)
+{
+    sn_grs_resource_list_s *grs_resource_list_ptr = NULL;
+
+    if( handle == NULL || path == NULL){
+        return NULL;
+    }
+
+    /* Allocate memory for the resource list to be filled */
+    grs_resource_list_ptr = handle->sn_grs_alloc(sizeof(sn_grs_resource_list_s));
+    if (!grs_resource_list_ptr) {
+        goto fail;
+    }
+
+    /* Count resources to the resource list struct */
+    grs_resource_list_ptr->res_count = handle->resource_root_count;
+    grs_resource_list_ptr->res = NULL;
+
+    /**************************************/
+    /* Fill resource structs to the table */
+    /**************************************/
+
+    /* If resources in list */
+    if (grs_resource_list_ptr->res_count) {
+        int i;
+
+        /* Allocate memory for resources */
+        grs_resource_list_ptr->res = handle->sn_grs_alloc(grs_resource_list_ptr->res_count * sizeof(sn_grs_resource_s));
+        if (!grs_resource_list_ptr->res) {
+            goto fail;
+        }
+
+        /* Initialise the pointers to NULL to permit easy cleanup */
+        for (i = 0; i < grs_resource_list_ptr->res_count; i++) {
+            grs_resource_list_ptr->res[i].path = NULL;
+            grs_resource_list_ptr->res[i].pathlen = 0;
+        }
+
+        i = 0;
+        ns_list_foreach(sn_nsdl_resource_info_s, grs_resource_ptr, &handle->resource_root_list) {
+            /* Copy pathlen to resource list */
+            grs_resource_list_ptr->res[i].pathlen = grs_resource_ptr->pathlen;
+
+            /* Allocate memory for path string */
+            grs_resource_list_ptr->res[i].path = handle->sn_grs_alloc(grs_resource_list_ptr->res[i].pathlen);
+            if (!grs_resource_list_ptr->res[i].path) {
+                goto fail;
+            }
+
+            /* Copy pathstring to resource list */
+            memcpy(grs_resource_list_ptr->res[i].path, grs_resource_ptr->path, grs_resource_ptr->pathlen);
+
+            i++;
+        }
+    }
+    return grs_resource_list_ptr;
+
+fail:
+    sn_grs_free_resource_list(handle, grs_resource_list_ptr);
+    return NULL;
+}
+
+extern void sn_grs_free_resource_list(struct grs_s *handle, sn_grs_resource_list_s *list)
+{
+    if (!list || !handle) {
+        return;
+    }
+
+    if (list->res) {
+        for (int i = 0; i < list->res_count; i++) {
+            if (list->res[i].path) {
+                handle->sn_grs_free(list->res[i].path);
+                list->res[i].path = NULL;
+            }
+        }
+        handle->sn_grs_free(list->res);
+        list->res = NULL;
+    }
+
+    handle->sn_grs_free(list);
+}
+
+extern const sn_nsdl_resource_info_s *sn_grs_get_first_resource(struct grs_s *handle)
+{
+    if( !handle ){
+        return NULL;
+    }
+    return ns_list_get_first(&handle->resource_root_list);
+}
+
+extern const sn_nsdl_resource_info_s *sn_grs_get_next_resource(struct grs_s *handle, const sn_nsdl_resource_info_s *sn_grs_current_resource)
+{
+    if( !handle || !sn_grs_current_resource ){
+        return NULL;
+    }
+    return ns_list_get_next(&handle->resource_root_list, sn_grs_current_resource);
+}
+
+extern int8_t sn_grs_delete_resource(struct grs_s *handle, uint16_t pathlen, uint8_t *path)
+{
+    /* Local variables */
+    sn_nsdl_resource_info_s     *resource_temp  = NULL;
+
+    /* Search if resource found */
+    resource_temp = sn_grs_search_resource(handle, pathlen, path, SN_GRS_SEARCH_METHOD);
+
+    /* If not found */
+    if (resource_temp == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* If found, delete it and delete also subresources, if there is any */
+    do {
+        /* Remove from list */
+        ns_list_remove(&handle->resource_root_list, resource_temp);
+        --handle->resource_root_count;
+
+        /* Free */
+        sn_grs_resource_info_free(handle, resource_temp);
+
+        /* Search for subresources */
+        resource_temp = sn_grs_search_resource(handle, pathlen, path, SN_GRS_DELETE_METHOD);
+    } while (resource_temp != NULL);
+
+    return SN_NSDL_SUCCESS;
+}
+
+extern int8_t sn_grs_update_resource(struct grs_s *handle, sn_nsdl_resource_info_s *res)
+{
+    /* Local variables */
+    sn_nsdl_resource_info_s     *resource_temp  = NULL;
+
+    if( !res || !handle ){
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Search resource */
+    resource_temp = sn_grs_search_resource(handle, res->pathlen, res->path, SN_GRS_SEARCH_METHOD);
+    if (!resource_temp) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* If there is payload on resource, free it */
+    if (resource_temp->resource != NULL) {
+        handle->sn_grs_free(resource_temp->resource);
+        resource_temp->resource = 0;
+    }
+    /* Update resource len */
+    resource_temp->resourcelen = res->resourcelen;
+
+    /* If resource len >0, allocate memory and copy payload */
+    if (res->resourcelen) {
+        resource_temp->resource = handle->sn_grs_alloc(res->resourcelen);
+        if (resource_temp->resource == NULL) {
+
+            resource_temp->resourcelen = 0;
+            return SN_NSDL_FAILURE;
+
+        }
+
+        memcpy(resource_temp->resource, res->resource, resource_temp->resourcelen);
+    }
+
+    /* Update access rights and callback address */
+    resource_temp->access = res->access;
+    resource_temp->sn_grs_dyn_res_callback = res->sn_grs_dyn_res_callback;
+
+    /* TODO: resource_parameters_ptr not copied */
+
+    return SN_NSDL_SUCCESS;
+}
+
+extern int8_t sn_grs_create_resource(struct grs_s *handle, sn_nsdl_resource_info_s *res)
+{
+    if (!res || !handle) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Check path validity */
+    if (!res->pathlen || !res->path) {
+        return SN_GRS_INVALID_PATH;
+    }
+
+    /* Check if resource already exists */
+    if (sn_grs_search_resource(handle, res->pathlen, res->path, SN_GRS_SEARCH_METHOD) != (sn_nsdl_resource_info_s *)NULL) {
+        return SN_GRS_RESOURCE_ALREADY_EXISTS;
+    }
+
+    if (res->resource_parameters_ptr) {
+        res->resource_parameters_ptr->registered = SN_NDSL_RESOURCE_NOT_REGISTERED;
+    }
+
+    /* Create resource */
+    if (sn_grs_add_resource_to_list(handle, res) == SN_NSDL_SUCCESS) {
+        return SN_NSDL_SUCCESS;
+    }
+    return SN_GRS_LIST_ADDING_FAILURE;
+}
+
+
+
+/**
+ * \fn  extern int8_t sn_grs_process_coap(uint8_t *packet, uint16_t *packet_len, sn_nsdl_addr_s *src)
+ *
+ * \brief To push CoAP packet to GRS library
+ *
+ *  Used to push an CoAP packet to GRS library for processing.
+ *
+ *  \param  *packet     Pointer to a uint8_t array containing the packet (including the CoAP headers).
+ *                      After successful execution this array may contain the response packet.
+ *
+ *  \param  *packet_len Pointer to length of the packet. After successful execution this array may contain the length
+ *                      of the response packet.
+ *
+ *  \param  *src        Pointer to packet source address information. After successful execution this array may contain
+ *                      the destination address of the response packet.
+ *
+ *  \return             0 = success, -1 = failure
+*/
+extern int8_t sn_grs_process_coap(struct nsdl_s *nsdl_handle, sn_coap_hdr_s *coap_packet_ptr, sn_nsdl_addr_s *src_addr_ptr)
+{
+    if( !coap_packet_ptr || !nsdl_handle){
+        return SN_NSDL_FAILURE;
+    }
+
+    sn_nsdl_resource_info_s *resource_temp_ptr  = NULL;
+    sn_coap_msg_code_e      status              = COAP_MSG_CODE_EMPTY;
+    sn_coap_hdr_s           *response_message_hdr_ptr = NULL;
+    struct grs_s            *handle = nsdl_handle->grs;
+
+    if (coap_packet_ptr->msg_code <= COAP_MSG_CODE_REQUEST_DELETE) {
+        /* Check if .well-known/core */
+        if (coap_packet_ptr->uri_path_len == WELLKNOWN_PATH_LEN && memcmp(coap_packet_ptr->uri_path_ptr, WELLKNOWN_PATH, WELLKNOWN_PATH_LEN) == 0) {
+            return sn_grs_core_request(nsdl_handle, src_addr_ptr, coap_packet_ptr);
+        }
+
+        /* Get resource */
+        resource_temp_ptr = sn_grs_search_resource(handle, coap_packet_ptr->uri_path_len, coap_packet_ptr->uri_path_ptr, SN_GRS_SEARCH_METHOD);
+
+        /* * * * * * * * * * * */
+        /* If resource exists  */
+        /* * * * * * * * * * * */
+        if (resource_temp_ptr) {
+            /* If dynamic resource, go to callback */
+            if (resource_temp_ptr->mode == SN_GRS_DYNAMIC) {
+                /* Check accesses */
+                if (((coap_packet_ptr->msg_code == COAP_MSG_CODE_REQUEST_GET) && !(resource_temp_ptr->access & SN_GRS_GET_ALLOWED))          ||
+                        ((coap_packet_ptr->msg_code == COAP_MSG_CODE_REQUEST_POST) && !(resource_temp_ptr->access & SN_GRS_POST_ALLOWED))   ||
+                        ((coap_packet_ptr->msg_code == COAP_MSG_CODE_REQUEST_PUT) && !(resource_temp_ptr->access & SN_GRS_PUT_ALLOWED))     ||
+                        ((coap_packet_ptr->msg_code == COAP_MSG_CODE_REQUEST_DELETE) && !(resource_temp_ptr->access & SN_GRS_DELETE_ALLOWED))) {
+
+                    status = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                } else {
+                    /* Do not call null pointer.. */
+                    if (resource_temp_ptr->sn_grs_dyn_res_callback != NULL) {
+                        resource_temp_ptr->sn_grs_dyn_res_callback(nsdl_handle, coap_packet_ptr, src_addr_ptr, SN_NSDL_PROTOCOL_COAP);
+                    }
+
+                    if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+                        handle->sn_grs_free(coap_packet_ptr->payload_ptr);
+                        coap_packet_ptr->payload_ptr = 0;
+                    }
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, coap_packet_ptr);
+                    return SN_NSDL_SUCCESS;
+                }
+            } else {
+                /* Static resource handling */
+                switch (coap_packet_ptr->msg_code) {
+                    case (COAP_MSG_CODE_REQUEST_GET):
+                        if (resource_temp_ptr->access & SN_GRS_GET_ALLOWED) {
+                            status = COAP_MSG_CODE_RESPONSE_CONTENT;
+                        } else {
+                            status = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                        }
+                        break;
+                    case (COAP_MSG_CODE_REQUEST_POST):
+                        if (resource_temp_ptr->access & SN_GRS_POST_ALLOWED) {
+                            resource_temp_ptr->resourcelen = coap_packet_ptr->payload_len;
+                            handle->sn_grs_free(resource_temp_ptr->resource);
+                            resource_temp_ptr->resource = 0;
+                            if (resource_temp_ptr->resourcelen) {
+                                resource_temp_ptr->resource = handle->sn_grs_alloc(resource_temp_ptr->resourcelen);
+                                if (!resource_temp_ptr->resource) {
+                                    status = COAP_MSG_CODE_RESPONSE_INTERNAL_SERVER_ERROR;
+                                    break;
+                                }
+                                memcpy(resource_temp_ptr->resource, coap_packet_ptr->payload_ptr, resource_temp_ptr->resourcelen);
+                            }
+                            if (coap_packet_ptr->content_type_ptr) {
+                                if (resource_temp_ptr->resource_parameters_ptr) {
+                                    resource_temp_ptr->resource_parameters_ptr->coap_content_type = *coap_packet_ptr->content_type_ptr;
+                                }
+                            }
+                            status = COAP_MSG_CODE_RESPONSE_CHANGED;
+                        } else {
+                            status = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                        }
+                        break;
+                    case (COAP_MSG_CODE_REQUEST_PUT):
+                        if (resource_temp_ptr->access & SN_GRS_PUT_ALLOWED) {
+                            resource_temp_ptr->resourcelen = coap_packet_ptr->payload_len;
+                            handle->sn_grs_free(resource_temp_ptr->resource);
+                            resource_temp_ptr->resource = 0;
+                            if (resource_temp_ptr->resourcelen) {
+                                resource_temp_ptr->resource = handle->sn_grs_alloc(resource_temp_ptr->resourcelen);
+                                if (!resource_temp_ptr->resource) {
+                                    status = COAP_MSG_CODE_RESPONSE_INTERNAL_SERVER_ERROR;
+                                    break;
+                                }
+                                memcpy(resource_temp_ptr->resource, coap_packet_ptr->payload_ptr, resource_temp_ptr->resourcelen);
+                            }
+                            if (coap_packet_ptr->content_type_ptr) {
+                                if (resource_temp_ptr->resource_parameters_ptr) {
+                                    resource_temp_ptr->resource_parameters_ptr->coap_content_type = *coap_packet_ptr->content_type_ptr;
+                                }
+                            }
+                            status = COAP_MSG_CODE_RESPONSE_CHANGED;
+                        } else {
+                            status = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                        }
+                        break;
+
+                    case (COAP_MSG_CODE_REQUEST_DELETE):
+                        if (resource_temp_ptr->access & SN_GRS_DELETE_ALLOWED) {
+                            if (sn_grs_delete_resource(handle, coap_packet_ptr->uri_path_len, coap_packet_ptr->uri_path_ptr) == SN_NSDL_SUCCESS) {
+                                status = COAP_MSG_CODE_RESPONSE_DELETED;
+                            } else {
+                                //This is dead code (Currently only time delete fails is when resource is not found
+                                //and sn_grs_search_resource is used with same arguments above!)
+                                status = COAP_MSG_CODE_RESPONSE_INTERNAL_SERVER_ERROR;
+                            }
+                        } else {
+                            status = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                        }
+                        break;
+
+                    default:
+                        status = COAP_MSG_CODE_RESPONSE_FORBIDDEN;
+                        break;
+                }
+            }
+        }
+
+        /* * * * * * * * * * * * * * */
+        /* If resource was not found */
+        /* * * * * * * * * * * * * * */
+
+        else {
+            if (coap_packet_ptr->msg_code == COAP_MSG_CODE_REQUEST_POST) {
+                handle->sn_grs_rx_callback(nsdl_handle, coap_packet_ptr, src_addr_ptr);
+
+                if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+                    handle->sn_grs_free(coap_packet_ptr->payload_ptr);
+                    coap_packet_ptr->payload_ptr = 0;
+                }
+
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, coap_packet_ptr);
+                return SN_NSDL_SUCCESS;
+            } else {
+                status = COAP_MSG_CODE_RESPONSE_NOT_FOUND;
+            }
+        }
+
+    }
+
+
+    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+    /* If received packed was other than reset, create response  */
+    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+    if (coap_packet_ptr->msg_type != COAP_MSG_TYPE_RESET && coap_packet_ptr->msg_type != COAP_MSG_TYPE_ACKNOWLEDGEMENT) {
+
+        /* Allocate resopnse message  */
+        response_message_hdr_ptr = handle->sn_grs_alloc(sizeof(sn_coap_hdr_s));
+        if (!response_message_hdr_ptr) {
+            if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+                handle->sn_grs_free(coap_packet_ptr->payload_ptr);
+                coap_packet_ptr->payload_ptr = 0;
+            }
+            sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, coap_packet_ptr);
+            return SN_NSDL_FAILURE;
+        }
+        memset(response_message_hdr_ptr, 0, sizeof(sn_coap_hdr_s));
+
+        /* If status has not been defined, response internal server error */
+        if (status == COAP_MSG_CODE_EMPTY) {
+            status = COAP_MSG_CODE_RESPONSE_INTERNAL_SERVER_ERROR;
+        }
+
+        /* Fill header */
+        response_message_hdr_ptr->msg_code = status;
+
+        if (coap_packet_ptr->msg_type == COAP_MSG_TYPE_CONFIRMABLE) {
+            response_message_hdr_ptr->msg_type = COAP_MSG_TYPE_ACKNOWLEDGEMENT;
+        } else {
+            response_message_hdr_ptr->msg_type = COAP_MSG_TYPE_NON_CONFIRMABLE;
+        }
+
+        response_message_hdr_ptr->msg_id = coap_packet_ptr->msg_id;
+
+        if (coap_packet_ptr->token_ptr) {
+            response_message_hdr_ptr->token_len = coap_packet_ptr->token_len;
+            response_message_hdr_ptr->token_ptr = handle->sn_grs_alloc(response_message_hdr_ptr->token_len);
+            if (!response_message_hdr_ptr->token_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, response_message_hdr_ptr);
+
+                if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+                    handle->sn_grs_free(coap_packet_ptr->payload_ptr);
+                    coap_packet_ptr->payload_ptr = 0;
+                }
+
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, coap_packet_ptr);
+                return SN_NSDL_FAILURE;
+            }
+            memcpy(response_message_hdr_ptr->token_ptr, coap_packet_ptr->token_ptr, response_message_hdr_ptr->token_len);
+        }
+
+        if (status == COAP_MSG_CODE_RESPONSE_CONTENT) {
+            /* Add content type if other than default */
+            if (resource_temp_ptr->resource_parameters_ptr) {
+                if (resource_temp_ptr->resource_parameters_ptr->coap_content_type != 0) {
+                    response_message_hdr_ptr->content_type_len = 1;
+                    response_message_hdr_ptr->content_type_ptr = handle->sn_grs_alloc(response_message_hdr_ptr->content_type_len);
+                    if (!response_message_hdr_ptr->content_type_ptr) {
+                        sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, response_message_hdr_ptr);
+
+                        if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+                            handle->sn_grs_free(coap_packet_ptr->payload_ptr);
+                            coap_packet_ptr->payload_ptr = 0;
+                        }
+
+                        sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, coap_packet_ptr);
+                        return SN_NSDL_FAILURE;
+                    }
+                    memcpy(response_message_hdr_ptr->content_type_ptr, &resource_temp_ptr->resource_parameters_ptr->coap_content_type, response_message_hdr_ptr->content_type_len);
+                }
+            }
+
+            /* Add payload */
+            if (resource_temp_ptr->resourcelen != 0) {
+                response_message_hdr_ptr->payload_len = resource_temp_ptr->resourcelen;
+                response_message_hdr_ptr->payload_ptr = handle->sn_grs_alloc(response_message_hdr_ptr->payload_len);
+
+                if (!response_message_hdr_ptr->payload_ptr) {
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, response_message_hdr_ptr);
+
+                    if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+                        handle->sn_grs_free(coap_packet_ptr->payload_ptr);
+                        coap_packet_ptr->payload_ptr = 0;
+                    }
+
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, coap_packet_ptr);
+                    return SN_NSDL_FAILURE;
+                }
+
+                memcpy(response_message_hdr_ptr->payload_ptr, resource_temp_ptr->resource, response_message_hdr_ptr->payload_len);
+            }
+        }
+
+        sn_grs_send_coap_message(nsdl_handle, src_addr_ptr, response_message_hdr_ptr);
+
+        if (response_message_hdr_ptr->payload_ptr) {
+            handle->sn_grs_free(response_message_hdr_ptr->payload_ptr);
+            response_message_hdr_ptr->payload_ptr = 0;
+        }
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, response_message_hdr_ptr);
+    }
+
+    /* Free parsed CoAP message */
+    if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+        handle->sn_grs_free(coap_packet_ptr->payload_ptr);
+        coap_packet_ptr->payload_ptr = 0;
+    }
+    sn_coap_parser_release_allocated_coap_msg_mem(handle->coap, coap_packet_ptr);
+
+
+    return SN_NSDL_SUCCESS;
+}
+
+extern int8_t sn_grs_send_coap_message(struct nsdl_s *handle, sn_nsdl_addr_s *address_ptr, sn_coap_hdr_s *coap_hdr_ptr)
+{
+    uint8_t     *message_ptr = NULL;
+    uint16_t    message_len = 0;
+    uint8_t     ret_val = 0;
+
+    if( !handle ){
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Calculate message length */
+    message_len = sn_coap_builder_calc_needed_packet_data_size(coap_hdr_ptr);
+
+    /* Allocate memory for message and check was allocating successfully */
+    message_ptr = handle->grs->sn_grs_alloc(message_len);
+    if (message_ptr == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Build CoAP message */
+    if (sn_coap_protocol_build(handle->grs->coap, address_ptr, message_ptr, coap_hdr_ptr, (void *)handle) < 0) {
+        handle->grs->sn_grs_free(message_ptr);
+        message_ptr = 0;
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Call tx callback function to send message */
+    ret_val = handle->grs->sn_grs_tx_callback(handle, SN_NSDL_PROTOCOL_COAP, message_ptr, message_len, address_ptr);
+
+    /* Free allocated memory */
+    handle->grs->sn_grs_free(message_ptr);
+    message_ptr = 0;
+
+    if (ret_val == 0) {
+        return SN_NSDL_FAILURE;
+    } else {
+        return SN_NSDL_SUCCESS;
+    }
+}
+
+static int8_t sn_grs_core_request(struct nsdl_s *handle, sn_nsdl_addr_s *src_addr_ptr, sn_coap_hdr_s *coap_packet_ptr)
+{
+    sn_coap_hdr_s           *response_message_hdr_ptr = NULL;
+    sn_coap_content_format_e wellknown_content_format = COAP_CT_LINK_FORMAT;
+
+    /* Allocate response message  */
+    response_message_hdr_ptr = handle->grs->sn_grs_alloc(sizeof(sn_coap_hdr_s));
+    if (response_message_hdr_ptr == NULL) {
+        if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+            handle->grs->sn_grs_free(coap_packet_ptr->payload_ptr);
+            coap_packet_ptr->payload_ptr = 0;
+        }
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+        return SN_NSDL_FAILURE;
+    }
+    memset(response_message_hdr_ptr, 0, sizeof(sn_coap_hdr_s));
+
+    /* Build response */
+    response_message_hdr_ptr->msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+    response_message_hdr_ptr->msg_type = COAP_MSG_TYPE_ACKNOWLEDGEMENT;
+    response_message_hdr_ptr->msg_id = coap_packet_ptr->msg_id;
+    response_message_hdr_ptr->content_type_len = 1;
+    response_message_hdr_ptr->content_type_ptr = handle->grs->sn_grs_alloc(1);
+    if (!response_message_hdr_ptr->content_type_ptr) {
+        if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+            handle->grs->sn_grs_free(coap_packet_ptr->payload_ptr);
+            coap_packet_ptr->payload_ptr = 0;
+        }
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+        handle->grs->sn_grs_free(response_message_hdr_ptr);
+        return SN_NSDL_FAILURE;
+    }
+
+    *response_message_hdr_ptr->content_type_ptr = wellknown_content_format;
+
+    sn_nsdl_build_registration_body(handle, response_message_hdr_ptr, 0);
+
+    /* Send and free */
+    sn_grs_send_coap_message(handle, src_addr_ptr, response_message_hdr_ptr);
+
+    if (response_message_hdr_ptr->payload_ptr) {
+        handle->grs->sn_grs_free(response_message_hdr_ptr->payload_ptr);
+        response_message_hdr_ptr->payload_ptr = 0;
+    }
+    sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, response_message_hdr_ptr);
+
+    /* Free parsed CoAP message */
+    if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+        handle->grs->sn_grs_free(coap_packet_ptr->payload_ptr);
+        coap_packet_ptr->payload_ptr = 0;
+    }
+    sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+
+    return SN_NSDL_SUCCESS;
+}
+
+/**
+ * \fn  static sn_grs_resource_info_s *sn_grs_search_resource(uint16_t pathlen, uint8_t *path, uint8_t search_method)
+ *
+ * \brief Searches given resource from linked list
+ *
+ *  Search either precise path, or subresources, eg. dr/x -> returns dr/x/1, dr/x/2 etc...
+ *
+ *  \param  pathlen         Length of the path to be search
+ *
+ *  \param  *path           Pointer to the path string to be search
+ *
+ *  \param  search_method   Search method, SEARCH or DELETE
+ *
+ *  \return                 Pointer to the resource. If resource not found, return value is NULL
+ *
+*/
+
+sn_nsdl_resource_info_s *sn_grs_search_resource(struct grs_s *handle, uint16_t pathlen, uint8_t *path, uint8_t search_method)
+{
+    /* Local variables */
+    uint8_t                     *path_temp_ptr          = NULL;
+
+    /* Check parameters */
+    if (!handle || !pathlen || !path) {
+        return NULL;
+    }
+
+    /* Remove '/' - marks from the end and beginning */
+    path_temp_ptr = sn_grs_convert_uri(&pathlen, path);
+
+    /* Searchs exact path */
+    if (search_method == SN_GRS_SEARCH_METHOD) {
+        /* Scan all nodes on list */
+        ns_list_foreach(sn_nsdl_resource_info_s, resource_search_temp, &handle->resource_root_list) {
+            /* If length equals.. */
+            if (resource_search_temp->pathlen == pathlen) {
+                /* Compare paths, If same return node pointer*/
+                if (0 == memcmp(resource_search_temp->path, path_temp_ptr, pathlen)) {
+                    return resource_search_temp;
+                }
+            }
+        }
+    }
+    /* Search also subresources, eg. dr/x -> returns dr/x/1, dr/x/2 etc... */
+    else if (search_method == SN_GRS_DELETE_METHOD) {
+        /* Scan all nodes on list */
+        ns_list_foreach(sn_nsdl_resource_info_s, resource_search_temp, &handle->resource_root_list) {
+            uint8_t *temp_ptr = resource_search_temp->path;
+
+            /* If found, return pointer */
+            if ((*(temp_ptr + (uint8_t)pathlen) == '/')
+                    && !memcmp(resource_search_temp->path, path_temp_ptr, pathlen)) {
+                return resource_search_temp;
+            }
+        }
+    }
+
+    /* If there was not nodes we wanted, return NULL */
+    return NULL;
+}
+
+
+/**
+ * \fn  static int8_t sn_grs_add_resource_to_list(sn_grs_resource_info_s *resource_ptr)
+ *
+ * \brief Adds given resource to resource list
+ *
+ *  \param  *resource_ptr           Pointer to the path string to be search
+ *
+ *  \return 0 = SN_NSDL_SUCCESS, -1 = SN_NSDL_FAILURE
+ *
+*/
+static int8_t sn_grs_add_resource_to_list(struct grs_s *handle, sn_nsdl_resource_info_s *resource_ptr)
+{
+    /* Local variables */
+    uint8_t *path_start_ptr = NULL;
+    uint16_t path_len = 0;
+    sn_nsdl_resource_info_s *resource_copy_ptr = NULL;
+
+    /* Allocate memory for the resource info copy */
+    if (!resource_ptr->pathlen) { //Dead code
+        return SN_NSDL_FAILURE;
+    }
+    resource_copy_ptr = handle->sn_grs_alloc(sizeof(sn_nsdl_resource_info_s));
+    if (resource_copy_ptr == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Set everything to zero  */
+    memset(resource_copy_ptr, 0, sizeof(sn_nsdl_resource_info_s));
+
+    resource_copy_ptr->mode = resource_ptr->mode;
+    resource_copy_ptr->resourcelen = resource_ptr->resourcelen;
+    resource_copy_ptr->sn_grs_dyn_res_callback = resource_ptr->sn_grs_dyn_res_callback;
+    resource_copy_ptr->access = resource_ptr->access;
+
+    /* Remove '/' - chars from the beginning and from the end */
+
+    path_len = resource_ptr->pathlen;
+    path_start_ptr = sn_grs_convert_uri(&path_len, resource_ptr->path);
+
+    /* Allocate memory for the path */
+    resource_copy_ptr->path = handle->sn_grs_alloc(path_len);
+    if (!resource_copy_ptr->path) {
+        sn_grs_resource_info_free(handle, resource_copy_ptr);
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Update pathlen */
+    resource_copy_ptr->pathlen = path_len;
+
+    /* Copy path string to the copy */
+    memcpy(resource_copy_ptr->path, path_start_ptr, resource_copy_ptr->pathlen);
+
+    /* Allocate memory for the resource, and copy it to copy */
+    if (resource_ptr->resource) {
+        resource_copy_ptr->resource = handle->sn_grs_alloc(resource_ptr->resourcelen);
+        if (!resource_copy_ptr->resource) {
+            sn_grs_resource_info_free(handle, resource_copy_ptr);
+            return SN_NSDL_FAILURE;
+        }
+        memcpy(resource_copy_ptr->resource, resource_ptr->resource, resource_ptr->resourcelen);
+    }
+
+
+
+    /* If resource parameters exists, copy them */
+    if (resource_ptr->resource_parameters_ptr) {
+        resource_copy_ptr->resource_parameters_ptr = handle->sn_grs_alloc(sizeof(sn_nsdl_resource_parameters_s));
+        if (!resource_copy_ptr->resource_parameters_ptr) {
+            sn_grs_resource_info_free(handle, resource_copy_ptr);
+            return SN_NSDL_FAILURE;
+        }
+
+        memset(resource_copy_ptr->resource_parameters_ptr, 0, sizeof(sn_nsdl_resource_parameters_s));
+
+
+        resource_copy_ptr->resource_parameters_ptr->resource_type_len = resource_ptr->resource_parameters_ptr->resource_type_len;
+
+        resource_copy_ptr->resource_parameters_ptr->interface_description_len = resource_ptr->resource_parameters_ptr->interface_description_len;
+
+        resource_copy_ptr->resource_parameters_ptr->mime_content_type = resource_ptr->resource_parameters_ptr->mime_content_type;
+
+        resource_copy_ptr->resource_parameters_ptr->observable = resource_ptr->resource_parameters_ptr->observable;
+
+        if (resource_ptr->resource_parameters_ptr->resource_type_ptr) {
+            resource_copy_ptr->resource_parameters_ptr->resource_type_ptr = handle->sn_grs_alloc(resource_ptr->resource_parameters_ptr->resource_type_len);
+            if (!resource_copy_ptr->resource_parameters_ptr->resource_type_ptr) {
+                sn_grs_resource_info_free(handle, resource_copy_ptr);
+                return SN_NSDL_FAILURE;
+            }
+            memcpy(resource_copy_ptr->resource_parameters_ptr->resource_type_ptr, resource_ptr->resource_parameters_ptr->resource_type_ptr, resource_ptr->resource_parameters_ptr->resource_type_len);
+        }
+
+        if (resource_ptr->resource_parameters_ptr->interface_description_ptr) {
+            resource_copy_ptr->resource_parameters_ptr->interface_description_ptr = handle->sn_grs_alloc(resource_ptr->resource_parameters_ptr->interface_description_len);
+            if (!resource_copy_ptr->resource_parameters_ptr->interface_description_ptr) {
+                sn_grs_resource_info_free(handle, resource_copy_ptr);
+                return SN_NSDL_FAILURE;
+            }
+            memcpy(resource_copy_ptr->resource_parameters_ptr->interface_description_ptr, resource_ptr->resource_parameters_ptr->interface_description_ptr, resource_ptr->resource_parameters_ptr->interface_description_len);
+        }
+
+        /* Copy auto observation parameter */
+        /* todo: aobs not supported ATM - needs fixing */
+        /*      if(resource_ptr->resource_parameters_ptr->auto_obs_ptr && resource_ptr->resource_parameters_ptr->auto_obs_len)
+                {
+                    resource_copy_ptr->resource_parameters_ptr->auto_obs_ptr = sn_grs_alloc(resource_ptr->resource_parameters_ptr->auto_obs_len);
+                    if(!resource_copy_ptr->resource_parameters_ptr->auto_obs_ptr)
+                    {
+                        sn_grs_resource_info_free(resource_copy_ptr);
+                        return SN_NSDL_FAILURE;
+                    }
+                    memcpy(resource_copy_ptr->resource_parameters_ptr->auto_obs_ptr, resource_ptr->resource_parameters_ptr->auto_obs_ptr, resource_ptr->resource_parameters_ptr->auto_obs_len);
+                    resource_copy_ptr->resource_parameters_ptr->auto_obs_len = resource_ptr->resource_parameters_ptr->auto_obs_len;
+                }
+
+                resource_copy_ptr->resource_parameters_ptr->coap_content_type = resource_ptr->resource_parameters_ptr->coap_content_type;
+                */
+    }
+
+    /* Add copied resource to the linked list */
+    ns_list_add_to_start(&handle->resource_root_list, resource_copy_ptr);
+    ++handle->resource_root_count;
+
+    return SN_NSDL_SUCCESS;
+}
+
+
+/**
+ * \fn  static uint8_t *sn_grs_convert_uri(uint16_t *uri_len, uint8_t *uri_ptr)
+ *
+ * \brief Removes '/' from the beginning and from the end of uri string
+ *
+ *  \param  *uri_len            Pointer to the length of the path string
+ *
+ *  \param  *uri_ptr            Pointer to the path string
+ *
+ *  \return start pointer of the uri
+ *
+*/
+
+static uint8_t *sn_grs_convert_uri(uint16_t *uri_len, uint8_t *uri_ptr)
+{
+    /* Local variables */
+    uint8_t *uri_start_ptr = uri_ptr;
+
+    /* If '/' in the beginning, update uri start pointer and uri len */
+    if (*uri_ptr == '/') {
+        uri_start_ptr = uri_ptr + 1;
+        *uri_len = *uri_len - 1;
+    }
+
+    /* If '/' at the end, update uri len */
+    if (*(uri_start_ptr + *uri_len - 1) == '/') {
+        *uri_len = *uri_len - 1;
+    }
+
+    /* Return start pointer */
+    return uri_start_ptr;
+}
+
+/**
+ * \fn  static int8_t sn_grs_resource_info_free(sn_grs_resource_info_s *resource_ptr)
+ *
+ * \brief Frees resource info structure
+ *
+ *  \param *resource_ptr    Pointer to the resource
+ *
+ *  \return 0 if success, -1 if failed
+ *
+*/
+static int8_t sn_grs_resource_info_free(struct grs_s *handle, sn_nsdl_resource_info_s *resource_ptr)
+{
+    if (resource_ptr) {
+        if (resource_ptr->resource_parameters_ptr) {
+            if (resource_ptr->resource_parameters_ptr->interface_description_ptr) {
+                handle->sn_grs_free(resource_ptr->resource_parameters_ptr->interface_description_ptr);
+                resource_ptr->resource_parameters_ptr->interface_description_ptr = 0;
+            }
+
+            if (resource_ptr->resource_parameters_ptr->resource_type_ptr) {
+                handle->sn_grs_free(resource_ptr->resource_parameters_ptr->resource_type_ptr);
+                resource_ptr->resource_parameters_ptr->resource_type_ptr = 0;
+            }
+
+            /* Todo: aobs not supported ATM - needs fixing */
+            /*
+            if(resource_ptr->resource_parameters_ptr->auto_obs_ptr)
+            {
+                sn_grs_free(resource_ptr->resource_parameters_ptr->auto_obs_ptr);
+                resource_ptr->resource_parameters_ptr->auto_obs_ptr = 0;
+            }
+            */
+
+            handle->sn_grs_free(resource_ptr->resource_parameters_ptr);
+            resource_ptr->resource_parameters_ptr = 0;
+        }
+
+        if (resource_ptr->path) {
+            handle->sn_grs_free(resource_ptr->path);
+            resource_ptr->path = 0;
+        }
+        if (resource_ptr->resource) {
+            handle->sn_grs_free(resource_ptr->resource);
+            resource_ptr->resource = 0;
+        }
+        handle->sn_grs_free(resource_ptr);
+
+        return SN_NSDL_SUCCESS;
+    }
+    return SN_NSDL_FAILURE; //Dead code?
+}
+
+void sn_grs_mark_resources_as_registered(struct nsdl_s *handle)
+{
+    if( !handle ){
+        return;
+    }
+
+    const sn_nsdl_resource_info_s *temp_resource;
+
+    temp_resource = sn_grs_get_first_resource(handle->grs);
+
+    while (temp_resource) {
+        if (temp_resource->resource_parameters_ptr) {
+            if (temp_resource->resource_parameters_ptr->registered == SN_NDSL_RESOURCE_REGISTERING) {
+                temp_resource->resource_parameters_ptr->registered = SN_NDSL_RESOURCE_REGISTERED;
+            }
+        }
+        temp_resource = sn_grs_get_next_resource(handle->grs, temp_resource);
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-c/source/libNsdl/src/sn_nsdl.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2345 @@
+/*
+ * Copyright (c) 2011-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * \file sn_nsdl.c
+ *
+ * \brief Nano service device library
+ *
+ */
+
+#include <string.h>
+
+#include "ns_types.h"
+#include "sn_nsdl.h"
+#include "sn_coap_header.h"
+#include "sn_coap_protocol.h"
+#include "sn_nsdl_lib.h"
+#include "sn_grs.h"
+
+/* Defines */
+#define RESOURCE_DIR_LEN                2
+#define EP_NAME_PARAMETERS_LEN          3
+#define ET_PARAMETER_LEN                3
+#define LT_PARAMETER_LEN                3
+#define DOMAIN_PARAMETER_LEN            2
+#define RT_PARAMETER_LEN                3
+#define IF_PARAMETER_LEN                3
+#define OBS_PARAMETER_LEN               3
+#define AOBS_PARAMETER_LEN              8
+#define COAP_CON_PARAMETER_LEN          3
+#define BS_EP_PARAMETER_LEN             3
+#define BS_QUEUE_MODE_PARAMATER_LEN     2
+
+#define SN_NSDL_EP_REGISTER_MESSAGE     1
+#define SN_NSDL_EP_UPDATE_MESSAGE       2
+
+#define SN_NSDL_MSG_UNDEFINED           0
+#define SN_NSDL_MSG_REGISTER            1
+#define SN_NSDL_MSG_UNREGISTER          2
+#define SN_NSDL_MSG_UPDATE              3
+
+/* Constants */
+static uint8_t      ep_name_parameter_string[]  = {'e', 'p', '='};      /* Endpoint name. A unique name for the registering node in a domain.  */
+static uint8_t      resource_path_ptr[]         = {'r', 'd'};           /* For resource directory */
+static uint8_t      resource_type_parameter[]   = {'r', 't', '='};      /* Resource type. Only once for registration */
+static uint8_t      obs_parameter[]             = {'o', 'b', 's'};      /* Observable */
+//static uint8_t    aobs_parameter[]            = {'a','o','b','s',';','i','d','='};    /* Auto-observable - TBD */
+static uint8_t      if_description_parameter[]  = {'i', 'f', '='};      /* Interface description. Only once */
+static uint8_t      ep_lifetime_parameter[]     = {'l', 't', '='};      /* Lifetime. Number of seconds that this registration will be valid for. Must be updated within this time, or will be removed. */
+static uint8_t      ep_domain_parameter[]       = {'d', '='};           /* Domain name. If this parameter is missing, a default domain is assumed. */
+static uint8_t      coap_con_type_parameter[]   = {'c', 't', '='};      /* CoAP content type */
+/* * OMA BS parameters * */
+static uint8_t bs_uri[]                         = {'b', 's'};
+static uint8_t bs_ep_name[]                     = {'e', 'p', '='};
+static uint8_t et_parameter[]                   = {'e', 't', '='};      /* Endpoint type */
+static uint8_t bs_queue_mode[]                  = {'b', '='};
+
+/* Function prototypes */
+static uint16_t         sn_nsdl_internal_coap_send(struct nsdl_s *handle, sn_coap_hdr_s *coap_header_ptr, sn_nsdl_addr_s *dst_addr_ptr, uint8_t message_description);
+static void             sn_nsdl_resolve_nsp_address(struct nsdl_s *handle);
+int8_t                  sn_nsdl_build_registration_body(struct nsdl_s *handle, sn_coap_hdr_s *message_ptr, uint8_t updating_registeration);
+static uint16_t         sn_nsdl_calculate_registration_body_size(struct nsdl_s *handle, uint8_t updating_registeration);
+static uint8_t          sn_nsdl_calculate_uri_query_option_len(sn_nsdl_ep_parameters_s *endpoint_info_ptr, uint8_t msg_type);
+static int8_t           sn_nsdl_fill_uri_query_options(struct nsdl_s *handle, sn_nsdl_ep_parameters_s *parameter_ptr, sn_coap_hdr_s *source_msg_ptr, uint8_t msg_type);
+static int8_t           sn_nsdl_local_rx_function(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr, sn_nsdl_addr_s *address_ptr);
+static int8_t           sn_nsdl_resolve_ep_information(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr);
+static uint8_t          sn_nsdl_itoa_len(uint8_t value);
+static uint8_t          *sn_nsdl_itoa(uint8_t *ptr, uint8_t value);
+static int32_t          sn_nsdl_atoi(uint8_t *ptr, uint8_t len);
+static uint32_t         sn_nsdl_ahextoi(uint8_t *ptr, uint8_t len);
+static int8_t           sn_nsdl_resolve_lwm2m_address(struct nsdl_s *handle, uint8_t *uri, uint16_t uri_len);
+static int8_t           sn_nsdl_process_oma_tlv(struct nsdl_s *handle, uint8_t *data_ptr, uint16_t data_len);
+static void             sn_nsdl_check_oma_bs_status(struct nsdl_s *handle);
+static int8_t           sn_nsdl_create_oma_device_object_base(struct nsdl_s *handle, sn_nsdl_oma_device_t *oma_device_setup_ptr, sn_nsdl_oma_binding_and_mode_t binding_and_mode);
+static int8_t           set_endpoint_info(struct nsdl_s *handle, sn_nsdl_ep_parameters_s *endpoint_info_ptr);
+static bool             validateParameters(sn_nsdl_ep_parameters_s *parameter_ptr);
+static bool             validate(uint8_t* ptr, uint32_t len, char illegalChar);
+
+int8_t sn_nsdl_destroy(struct nsdl_s *handle)
+{
+    if (handle == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    if (handle->ep_information_ptr) {
+        if (handle->ep_information_ptr->endpoint_name_ptr) {
+            handle->sn_nsdl_free(handle->ep_information_ptr->endpoint_name_ptr);
+            handle->ep_information_ptr->endpoint_name_ptr = 0;
+        }
+        if (handle->ep_information_ptr->domain_name_ptr) {
+            handle->sn_nsdl_free(handle->ep_information_ptr->domain_name_ptr);
+            handle->ep_information_ptr->domain_name_ptr = 0;
+            handle->ep_information_ptr->domain_name_len = 0;
+        }
+        if (handle->ep_information_ptr->location_ptr) {
+            handle->sn_nsdl_free(handle->ep_information_ptr->location_ptr);
+            handle->ep_information_ptr->location_ptr = 0;
+            handle->ep_information_ptr->location_len = 0;
+        }
+        if (handle->ep_information_ptr->type_ptr) {
+            handle->sn_nsdl_free(handle->ep_information_ptr->type_ptr);
+            handle->ep_information_ptr->type_ptr = 0;
+        }
+
+        if (handle->ep_information_ptr->lifetime_ptr)
+
+        {
+            handle->sn_nsdl_free(handle->ep_information_ptr->lifetime_ptr);
+            handle->ep_information_ptr->lifetime_ptr = 0;
+        }
+
+        handle->sn_nsdl_free(handle->ep_information_ptr);
+        handle->ep_information_ptr = 0;
+    }
+
+    if (handle->nsp_address_ptr) {
+        if (handle->nsp_address_ptr->omalw_address_ptr) {
+            if (handle->nsp_address_ptr->omalw_address_ptr->addr_ptr) {
+                handle->sn_nsdl_free(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr);
+                handle->nsp_address_ptr->omalw_address_ptr->addr_ptr = 0;
+            }
+            handle->sn_nsdl_free(handle->nsp_address_ptr->omalw_address_ptr);
+        }
+
+        handle->sn_nsdl_free(handle->nsp_address_ptr);
+        handle->nsp_address_ptr = 0;
+    }
+
+    if (handle->oma_bs_address_ptr) {
+        handle->sn_nsdl_free(handle->oma_bs_address_ptr);
+    }
+
+    /* Destroy also libCoap and grs part of libNsdl */
+    sn_coap_protocol_destroy(handle->grs->coap);
+    sn_grs_destroy(handle->grs);
+    handle->sn_nsdl_free(handle);
+
+    return SN_NSDL_SUCCESS;
+}
+
+struct nsdl_s *sn_nsdl_init(uint8_t (*sn_nsdl_tx_cb)(struct nsdl_s *, sn_nsdl_capab_e , uint8_t *, uint16_t, sn_nsdl_addr_s *),
+                            uint8_t (*sn_nsdl_rx_cb)(struct nsdl_s *, sn_coap_hdr_s *, sn_nsdl_addr_s *),
+                            void *(*sn_nsdl_alloc)(uint16_t), void (*sn_nsdl_free)(void *))
+{
+    /* Check pointers and define function pointers */
+    if (!sn_nsdl_alloc || !sn_nsdl_free || !sn_nsdl_tx_cb || !sn_nsdl_rx_cb) {
+        return NULL;
+    }
+
+    struct nsdl_s *handle = NULL;
+
+    handle = sn_nsdl_alloc(sizeof(struct nsdl_s));
+
+    if (handle == NULL) {
+        return NULL;
+    }
+
+    memset(handle, 0, sizeof(struct nsdl_s));
+
+    /* Define function pointers */
+    handle->sn_nsdl_alloc = sn_nsdl_alloc;
+    handle->sn_nsdl_free = sn_nsdl_free;
+
+    handle->sn_nsdl_tx_callback = sn_nsdl_tx_cb;
+    handle->sn_nsdl_rx_callback = sn_nsdl_rx_cb;
+
+    /* Initialize ep parameters struct */
+    if (!handle->ep_information_ptr) {
+        handle->ep_information_ptr = handle->sn_nsdl_alloc(sizeof(sn_nsdl_ep_parameters_s));
+        if (!handle->ep_information_ptr) {
+            sn_nsdl_free(handle);
+            return NULL;
+        }
+        memset(handle->ep_information_ptr, 0, sizeof(sn_nsdl_ep_parameters_s));
+    }
+
+    handle->grs = sn_grs_init(sn_nsdl_tx_cb, &sn_nsdl_local_rx_function, sn_nsdl_alloc, sn_nsdl_free);
+
+    /* Initialize GRS */
+    if (handle->grs == NULL) {
+        handle->sn_nsdl_free(handle->ep_information_ptr);
+        handle->ep_information_ptr = 0;
+        sn_nsdl_free(handle);
+        return NULL;
+    }
+
+    sn_nsdl_resolve_nsp_address(handle);
+
+    handle->sn_nsdl_endpoint_registered = SN_NSDL_ENDPOINT_NOT_REGISTERED;
+
+    return handle;
+}
+
+uint16_t sn_nsdl_register_endpoint(struct nsdl_s *handle, sn_nsdl_ep_parameters_s *endpoint_info_ptr)
+{
+    /* Local variables */
+    sn_coap_hdr_s   *register_message_ptr;
+    uint16_t        message_id  = 0;
+
+    if (endpoint_info_ptr == NULL || handle == NULL) {
+        return 0;
+    }
+
+    /*** Build endpoint register message ***/
+
+    /* Allocate memory for header struct */
+    register_message_ptr = handle->sn_nsdl_alloc(sizeof(sn_coap_hdr_s));
+    if (register_message_ptr == NULL) {
+        return 0;
+    }
+
+    memset(register_message_ptr, 0, sizeof(sn_coap_hdr_s));
+
+    /* Fill message fields -> confirmable post to specified NSP path */
+    register_message_ptr->msg_type = COAP_MSG_TYPE_CONFIRMABLE;
+    register_message_ptr->msg_code = COAP_MSG_CODE_REQUEST_POST;
+
+    /* Allocate memory for the extended options list */
+    register_message_ptr->options_list_ptr = handle->sn_nsdl_alloc(sizeof(sn_coap_options_list_s));
+    if (register_message_ptr->options_list_ptr == NULL) {
+        handle->sn_nsdl_free(register_message_ptr);
+        register_message_ptr = 0;
+        return 0;
+    }
+
+    memset(register_message_ptr->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+    register_message_ptr->uri_path_len = sizeof(resource_path_ptr);
+    register_message_ptr->uri_path_ptr = resource_path_ptr;
+
+    /* Fill Uri-query options */
+    if( SN_NSDL_FAILURE == sn_nsdl_fill_uri_query_options(handle, endpoint_info_ptr,
+                                                          register_message_ptr, SN_NSDL_EP_REGISTER_MESSAGE) ){
+        register_message_ptr->uri_path_ptr = NULL;
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+        return 0;
+    }
+
+    if (endpoint_info_ptr->ds_register_mode == REGISTER_WITH_RESOURCES) {
+        /* Built body for message */
+        if (sn_nsdl_build_registration_body(handle, register_message_ptr, 0) == SN_NSDL_FAILURE) {
+            register_message_ptr->uri_path_ptr = NULL;
+            register_message_ptr->options_list_ptr->uri_host_ptr = NULL;
+            sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+            return 0;
+        }
+    }
+
+    /* Clean (possible) existing and save new endpoint info to handle */
+    if (set_endpoint_info(handle, endpoint_info_ptr) == -1) {
+        if (register_message_ptr->payload_ptr) {
+            handle->sn_nsdl_free(register_message_ptr->payload_ptr);
+            register_message_ptr->payload_ptr = NULL;
+        }
+
+        register_message_ptr->uri_path_ptr = NULL;
+        register_message_ptr->options_list_ptr->uri_host_ptr = NULL;
+
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+
+        return 0;
+    }
+
+    /* Build and send coap message to NSP */
+    message_id = sn_nsdl_internal_coap_send(handle, register_message_ptr, handle->nsp_address_ptr->omalw_address_ptr, SN_NSDL_MSG_REGISTER);
+
+    if (register_message_ptr->payload_ptr) {
+        handle->sn_nsdl_free(register_message_ptr->payload_ptr);
+        register_message_ptr->payload_ptr = NULL;
+    }
+
+    register_message_ptr->uri_path_ptr = NULL;
+    register_message_ptr->options_list_ptr->uri_host_ptr = NULL;
+
+    sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+
+    return message_id;
+}
+
+uint16_t sn_nsdl_unregister_endpoint(struct nsdl_s *handle)
+{
+    /* Local variables */
+    sn_coap_hdr_s   *unregister_message_ptr;
+    uint8_t         *temp_ptr = 0;
+    uint16_t        message_id = 0;
+
+    /* Check parameters */
+    if (handle == NULL) {
+        return 0;
+    }
+
+    /* Check that EP have been registered */
+    if (sn_nsdl_is_ep_registered(handle)) {
+
+        /* Memory allocation for unregister message */
+        unregister_message_ptr = handle->sn_nsdl_alloc(sizeof(sn_coap_hdr_s));
+        if (!unregister_message_ptr) {
+            return 0;
+        }
+
+        memset(unregister_message_ptr, 0, sizeof(sn_coap_hdr_s));
+
+        /* Fill unregister message */
+        unregister_message_ptr->msg_type = COAP_MSG_TYPE_CONFIRMABLE;
+        unregister_message_ptr->msg_code = COAP_MSG_CODE_REQUEST_DELETE;
+
+        if(handle->ep_information_ptr->location_ptr) {
+            unregister_message_ptr->uri_path_len = handle->ep_information_ptr->location_len;
+            unregister_message_ptr->uri_path_ptr = handle->sn_nsdl_alloc(unregister_message_ptr->uri_path_len);
+            if (!unregister_message_ptr->uri_path_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, unregister_message_ptr);
+                return 0;
+            }
+
+            temp_ptr = unregister_message_ptr->uri_path_ptr;
+
+            memcpy(temp_ptr , handle->ep_information_ptr->location_ptr, handle->ep_information_ptr->location_len);
+        } else {
+            unregister_message_ptr->uri_path_len = (RESOURCE_DIR_LEN + 1 + handle->ep_information_ptr->domain_name_len + 1 + handle->ep_information_ptr->endpoint_name_len);
+            unregister_message_ptr->uri_path_ptr = handle->sn_nsdl_alloc(unregister_message_ptr->uri_path_len);
+            if (!unregister_message_ptr->uri_path_ptr) {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, unregister_message_ptr);
+                return 0;
+            }
+
+            temp_ptr = unregister_message_ptr->uri_path_ptr;
+
+            memcpy(temp_ptr, resource_path_ptr, RESOURCE_DIR_LEN);
+            temp_ptr += RESOURCE_DIR_LEN;
+
+            *temp_ptr++ = '/';
+
+            memcpy(temp_ptr , handle->ep_information_ptr->domain_name_ptr, handle->ep_information_ptr->domain_name_len);
+            temp_ptr += handle->ep_information_ptr->domain_name_len;
+
+            *temp_ptr++ = '/';
+
+            memcpy(temp_ptr , handle->ep_information_ptr->endpoint_name_ptr, handle->ep_information_ptr->endpoint_name_len);
+        }
+
+        /* Send message */
+        message_id = sn_nsdl_internal_coap_send(handle, unregister_message_ptr, handle->nsp_address_ptr->omalw_address_ptr, SN_NSDL_MSG_UNREGISTER);
+
+        /* Free memory */
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, unregister_message_ptr);
+
+    }
+
+    return message_id;
+}
+
+uint16_t sn_nsdl_update_registration(struct nsdl_s *handle, uint8_t *lt_ptr, uint8_t lt_len)
+{
+    /* Local variables */
+    sn_coap_hdr_s   *register_message_ptr;
+    uint8_t         *temp_ptr;
+    sn_nsdl_ep_parameters_s temp_parameters;
+    uint16_t        message_id = 0;
+
+    /* Check parameters */
+    if (handle == NULL) {
+        return 0;
+    }
+
+    if (!sn_nsdl_is_ep_registered(handle)){
+        return 0;
+    }
+
+    memset(&temp_parameters, 0, sizeof(sn_nsdl_ep_parameters_s));
+
+    temp_parameters.lifetime_len = lt_len;
+    temp_parameters.lifetime_ptr = lt_ptr;
+
+    /*** Build endpoint register update message ***/
+
+    /* Allocate memory for header struct */
+    register_message_ptr = handle->sn_nsdl_alloc(sizeof(sn_coap_hdr_s));
+    if (register_message_ptr == NULL) {
+        return 0;
+    }
+
+    memset(register_message_ptr, 0, sizeof(sn_coap_hdr_s));
+
+    /* Fill message fields -> confirmable post to specified NSP path */
+    register_message_ptr->msg_type  =   COAP_MSG_TYPE_CONFIRMABLE;
+    register_message_ptr->msg_code  =   COAP_MSG_CODE_REQUEST_POST;
+
+    if(handle->ep_information_ptr->location_ptr) {
+        register_message_ptr->uri_path_len  =   handle->ep_information_ptr->location_len;    /* = Only location set by Device Server*/
+
+        register_message_ptr->uri_path_ptr  =   handle->sn_nsdl_alloc(register_message_ptr->uri_path_len);
+        if (!register_message_ptr->uri_path_ptr) {
+            sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+            return 0;
+        }
+
+        temp_ptr = register_message_ptr->uri_path_ptr;
+
+        /* location */
+        memcpy(temp_ptr, handle->ep_information_ptr->location_ptr, handle->ep_information_ptr->location_len);
+    } else {
+        register_message_ptr->uri_path_len  =   sizeof(resource_path_ptr) + handle->ep_information_ptr->domain_name_len + handle->ep_information_ptr->endpoint_name_len + 2;    /* = rd/domain/endpoint */
+
+        register_message_ptr->uri_path_ptr  =   handle->sn_nsdl_alloc(register_message_ptr->uri_path_len);
+        if (!register_message_ptr->uri_path_ptr) {
+            sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+            return 0;
+        }
+
+        temp_ptr = register_message_ptr->uri_path_ptr;
+
+        /* rd/ */
+        memcpy(temp_ptr, resource_path_ptr, sizeof(resource_path_ptr));
+        temp_ptr += sizeof(resource_path_ptr);
+        *temp_ptr++ = '/';
+
+        /* rd/DOMAIN/ */
+        memcpy(temp_ptr, handle->ep_information_ptr->domain_name_ptr, handle->ep_information_ptr->domain_name_len);
+        temp_ptr += handle->ep_information_ptr->domain_name_len;
+        *temp_ptr++ = '/';
+
+        /* rd/domain/ENDPOINT */
+        memcpy(temp_ptr, handle->ep_information_ptr->endpoint_name_ptr, handle->ep_information_ptr->endpoint_name_len);
+    }
+
+    /* Allocate memory for the extended options list */
+    register_message_ptr->options_list_ptr = handle->sn_nsdl_alloc(sizeof(sn_coap_options_list_s));
+    if (register_message_ptr->options_list_ptr == NULL) {
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+        return 0;
+    }
+
+    memset(register_message_ptr->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+    /* Fill Uri-query options */
+    sn_nsdl_fill_uri_query_options(handle, &temp_parameters, register_message_ptr, SN_NSDL_EP_UPDATE_MESSAGE);
+
+    /* Build payload */
+    if (handle->ep_information_ptr->ds_register_mode == REGISTER_WITH_RESOURCES) {
+
+        if (sn_nsdl_build_registration_body(handle, register_message_ptr, 1) == SN_NSDL_FAILURE) {
+            sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+            return 0;
+        }
+    }
+
+    /* Build and send coap message to NSP */
+    message_id = sn_nsdl_internal_coap_send(handle, register_message_ptr, handle->nsp_address_ptr->omalw_address_ptr, SN_NSDL_MSG_UPDATE);
+
+    if (register_message_ptr->payload_ptr) {
+        handle->sn_nsdl_free(register_message_ptr->payload_ptr);
+    }
+    sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, register_message_ptr);
+
+    return message_id;
+}
+
+int8_t sn_nsdl_set_endpoint_location(struct nsdl_s *handle, uint8_t *location_ptr, uint8_t location_len)
+{
+    if(!handle || !location_ptr || (location_len == 0)) {
+        return -1;
+    }
+    handle->ep_information_ptr->location_ptr = handle->sn_nsdl_alloc(location_len);
+    memcpy(handle->ep_information_ptr->location_ptr, location_ptr, location_len);
+    handle->ep_information_ptr->location_len = location_len;
+
+    return 0;
+}
+
+void sn_nsdl_nsp_lost(struct nsdl_s *handle)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return;
+    }
+
+    handle->sn_nsdl_endpoint_registered = SN_NSDL_ENDPOINT_NOT_REGISTERED;
+}
+
+int8_t sn_nsdl_is_ep_registered(struct nsdl_s *handle)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    return handle->sn_nsdl_endpoint_registered;
+}
+
+uint16_t sn_nsdl_send_observation_notification(struct nsdl_s *handle, uint8_t *token_ptr, uint8_t token_len,
+        uint8_t *payload_ptr, uint16_t payload_len,
+        uint8_t *observe_ptr, uint8_t observe_len,
+        sn_coap_msg_type_e message_type, uint8_t content_type)
+{
+    sn_coap_hdr_s   *notification_message_ptr;
+    uint16_t        return_msg_id = 0;
+
+    /* Check parameters */
+    if (handle == NULL) {
+        return 0;
+    }
+
+    /* Allocate and initialize memory for header struct */
+    notification_message_ptr = handle->sn_nsdl_alloc(sizeof(sn_coap_hdr_s));
+    if (notification_message_ptr == NULL) {
+        return 0;
+    }
+
+    memset(notification_message_ptr, 0, sizeof(sn_coap_hdr_s));
+
+    notification_message_ptr->options_list_ptr = handle->sn_nsdl_alloc(sizeof(sn_coap_options_list_s));
+    if (notification_message_ptr->options_list_ptr  == NULL) {
+        handle->sn_nsdl_free(notification_message_ptr);
+        return 0;
+    }
+
+    memset(notification_message_ptr->options_list_ptr , 0, sizeof(sn_coap_options_list_s));
+
+    /* Fill header */
+    notification_message_ptr->msg_type = message_type;
+    notification_message_ptr->msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+
+    /* Fill token */
+    notification_message_ptr->token_len = token_len;
+    notification_message_ptr->token_ptr = token_ptr;
+
+    /* Fill payload */
+    notification_message_ptr->payload_len = payload_len;
+    notification_message_ptr->payload_ptr = payload_ptr;
+
+    /* Fill observe */
+    notification_message_ptr->options_list_ptr->observe_len = observe_len;
+    notification_message_ptr->options_list_ptr->observe_ptr = observe_ptr;
+
+    /* Fill content type */
+    if (content_type) {
+        notification_message_ptr->content_type_len = 1;
+        notification_message_ptr->content_type_ptr = &content_type;
+    }
+
+    /* Send message */
+    if (sn_nsdl_send_coap_message(handle, handle->nsp_address_ptr->omalw_address_ptr, notification_message_ptr) == SN_NSDL_FAILURE) {
+        return_msg_id = 0;
+    } else {
+        return_msg_id = notification_message_ptr->msg_id;
+    }
+
+    /* Free memory */
+
+    notification_message_ptr->payload_ptr = NULL;
+    notification_message_ptr->options_list_ptr->observe_ptr = NULL;
+    notification_message_ptr->token_ptr = NULL;
+    notification_message_ptr->content_type_ptr = NULL;
+
+    sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, notification_message_ptr);
+
+    return return_msg_id;
+}
+
+/* * * * * * * * * * */
+/* ~ OMA functions ~ */
+/* * * * * * * * * * */
+
+uint16_t sn_nsdl_oma_bootstrap(struct nsdl_s *handle, sn_nsdl_addr_s *bootstrap_address_ptr, sn_nsdl_ep_parameters_s *endpoint_info_ptr, sn_nsdl_bs_ep_info_t *bootstrap_endpoint_info_ptr)
+{
+
+    /* Local variables */
+    sn_coap_hdr_s bootstrap_coap_header;
+    uint8_t *uri_query_tmp_ptr;
+    uint16_t message_id = 0;
+
+    /* Check parameters */
+    if (!bootstrap_address_ptr || !bootstrap_endpoint_info_ptr || !endpoint_info_ptr || !handle) {
+        return 0;
+    }
+
+    /* Create device object */
+    if (sn_nsdl_create_oma_device_object_base(handle, bootstrap_endpoint_info_ptr->device_object, endpoint_info_ptr->binding_and_mode) < 0) {
+        return 0;
+    }
+
+    handle->sn_nsdl_oma_bs_done_cb = bootstrap_endpoint_info_ptr->oma_bs_status_cb;
+
+    /* Init CoAP header struct */
+    memset(&bootstrap_coap_header, 0, sizeof(sn_coap_hdr_s));
+
+    bootstrap_coap_header.options_list_ptr = handle->sn_nsdl_alloc(sizeof(sn_coap_options_list_s));
+    if (!bootstrap_coap_header.options_list_ptr) {
+        return 0;
+    }
+
+    memset(bootstrap_coap_header.options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+    /* Build bootstrap start message */
+    bootstrap_coap_header.msg_code = COAP_MSG_CODE_REQUEST_POST;
+    bootstrap_coap_header.msg_type = COAP_MSG_TYPE_CONFIRMABLE;
+
+    bootstrap_coap_header.uri_path_ptr = bs_uri;
+    bootstrap_coap_header.uri_path_len = sizeof(bs_uri);
+
+    uri_query_tmp_ptr = handle->sn_nsdl_alloc(endpoint_info_ptr->endpoint_name_len + BS_EP_PARAMETER_LEN);
+    if (!uri_query_tmp_ptr) {
+        handle->sn_nsdl_free(bootstrap_coap_header.options_list_ptr);
+        return 0;
+    }
+
+    memcpy(uri_query_tmp_ptr, bs_ep_name, BS_EP_PARAMETER_LEN);
+    memcpy((uri_query_tmp_ptr + BS_EP_PARAMETER_LEN), endpoint_info_ptr->endpoint_name_ptr, endpoint_info_ptr->endpoint_name_len);
+
+    bootstrap_coap_header.options_list_ptr->uri_query_len = endpoint_info_ptr->endpoint_name_len + BS_EP_PARAMETER_LEN;
+    bootstrap_coap_header.options_list_ptr->uri_query_ptr = uri_query_tmp_ptr;
+
+    /* Save bootstrap server address */
+    handle->oma_bs_address_len = bootstrap_address_ptr->addr_len;       /* Length.. */
+    handle->oma_bs_address_ptr = handle->sn_nsdl_alloc(handle->oma_bs_address_len);     /* Address.. */
+    if (!handle->oma_bs_address_ptr) {
+        handle->sn_nsdl_free(bootstrap_coap_header.options_list_ptr);
+        handle->sn_nsdl_free(uri_query_tmp_ptr);
+        return 0;
+    }
+    memcpy(handle->oma_bs_address_ptr, bootstrap_address_ptr->addr_ptr, handle->oma_bs_address_len);
+    handle->oma_bs_port = bootstrap_address_ptr->port;                  /* And port */
+
+    /* Send message */
+    message_id = sn_nsdl_internal_coap_send(handle, &bootstrap_coap_header, bootstrap_address_ptr, SN_NSDL_MSG_UNDEFINED);
+
+    /* Free allocated memory */
+    handle->sn_nsdl_free(uri_query_tmp_ptr);
+    handle->sn_nsdl_free(bootstrap_coap_header.options_list_ptr);
+
+    return message_id;
+}
+
+omalw_certificate_list_t *sn_nsdl_get_certificates(struct nsdl_s *handle)
+{
+    sn_nsdl_resource_info_s *resource_ptr = 0;;
+    omalw_certificate_list_t *certi_list_ptr = 0;
+
+    /* Check parameters */
+    if (handle == NULL) {
+        return NULL;
+    }
+
+    certi_list_ptr = handle->sn_nsdl_alloc(sizeof(omalw_certificate_list_t));
+
+    if (!certi_list_ptr) {
+        return NULL;
+    }
+
+    /* Get private key resource */
+    resource_ptr = sn_nsdl_get_resource(handle, 5, (void *)"0/0/5");
+    if (!resource_ptr) {
+        handle->sn_nsdl_free(certi_list_ptr);
+        return NULL;
+    }
+    certi_list_ptr->own_private_key_ptr = resource_ptr->resource;
+    certi_list_ptr->own_private_key_len = resource_ptr->resourcelen;
+
+    /* Get client certificate resource */
+    resource_ptr = sn_nsdl_get_resource(handle, 5, (void *)"0/0/4");
+    if (!resource_ptr) {
+        handle->sn_nsdl_free(certi_list_ptr);
+        return NULL;
+    }
+    certi_list_ptr->certificate_ptr[0] = resource_ptr->resource;
+    certi_list_ptr->certificate_len[0] = resource_ptr->resourcelen;
+
+    /* Get root certificate resource */
+    resource_ptr = sn_nsdl_get_resource(handle, 5, (void *)"0/0/3");
+    if (!resource_ptr) {
+        handle->sn_nsdl_free(certi_list_ptr);
+        return NULL;
+    }
+    certi_list_ptr->certificate_ptr[1] = resource_ptr->resource;
+    certi_list_ptr->certificate_len[1] = resource_ptr->resourcelen;
+
+    /* return filled list */
+    return certi_list_ptr;
+
+}
+
+int8_t sn_nsdl_update_certificates(struct nsdl_s *handle, omalw_certificate_list_t *certificate_ptr, uint8_t certificate_chain)
+{
+    (void)certificate_chain;
+
+    /* Check pointers */
+    if (!certificate_ptr || !handle) {
+        return SN_NSDL_FAILURE;
+    }
+
+    sn_nsdl_resource_info_s *resource_ptr = 0;;
+
+    /* Get private key resource */
+    resource_ptr = sn_nsdl_get_resource(handle, 5, (void *)"0/0/5");
+    if (!resource_ptr) {
+        return SN_NSDL_FAILURE;
+    }
+    handle->sn_nsdl_free(resource_ptr->resource);
+    resource_ptr->resource = certificate_ptr->own_private_key_ptr;
+    resource_ptr->resourcelen = certificate_ptr->own_private_key_len;
+
+    /* Get client certificate resource */
+    resource_ptr = sn_nsdl_get_resource(handle, 5, (void *)"0/0/4");
+    if (!resource_ptr) {
+        return SN_NSDL_FAILURE;
+    }
+    handle->sn_nsdl_free(resource_ptr->resource);
+    resource_ptr->resource = certificate_ptr->certificate_ptr[0];
+    resource_ptr->resourcelen = certificate_ptr->certificate_len[0];
+
+    /* Get root certificate resource */
+    resource_ptr = sn_nsdl_get_resource(handle, 5, (void *)"0/0/3");
+    if (!resource_ptr) {
+        return SN_NSDL_FAILURE;
+    }
+    handle->sn_nsdl_free(resource_ptr->resource);
+    resource_ptr->resource = certificate_ptr->certificate_ptr[1];
+    resource_ptr->resourcelen = certificate_ptr->certificate_len[1];
+
+    return SN_NSDL_SUCCESS;
+}
+
+int8_t sn_nsdl_create_oma_device_object(struct nsdl_s *handle, sn_nsdl_oma_device_t *device_object_ptr)
+{
+    sn_nsdl_resource_info_s *resource_temp = 0;
+    uint8_t path[8] = "3/0/11/0";
+
+    if (!device_object_ptr || !handle) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* * Error code * */
+
+    /* Get first error message */
+    resource_temp = sn_grs_search_resource(handle->grs, 8, path, SN_GRS_SEARCH_METHOD);
+
+    while (resource_temp) {
+        if (resource_temp->resource) {
+            /* If no error code set */
+            if (*resource_temp->resource == 0) {
+                /* Set error code */
+                *resource_temp->resource = (uint8_t)device_object_ptr->error_code;
+                resource_temp->resourcelen = 1;
+
+                sn_nsdl_update_resource(handle, resource_temp);
+                return SN_NSDL_SUCCESS;
+            }
+            break;
+        }
+
+        if (path[7] == '9') {
+            return SN_NSDL_FAILURE;
+        }
+
+        path[7]++;
+        resource_temp = sn_grs_search_resource(handle->grs, 8, path, SN_GRS_SEARCH_METHOD);
+    }
+
+    /* Create new resource for this error */
+    resource_temp = handle->sn_nsdl_alloc(sizeof(sn_nsdl_resource_info_s));
+    if (!resource_temp) {
+        return SN_NSDL_FAILURE;
+    }
+
+    memset(resource_temp, 0, sizeof(sn_nsdl_resource_info_s));
+
+    resource_temp->access = SN_GRS_GET_ALLOWED;
+    resource_temp->mode = SN_GRS_DYNAMIC;
+
+    resource_temp->path = path;
+    resource_temp->pathlen = 8;
+
+    resource_temp->resource = handle->sn_nsdl_alloc(1);
+    if (!resource_temp->resource) {
+        handle->sn_nsdl_free(resource_temp);
+        return SN_NSDL_FAILURE;
+    }
+
+    *resource_temp->resource = (uint8_t)device_object_ptr->error_code;
+    resource_temp->resourcelen = 1;
+
+    resource_temp->resource_parameters_ptr = handle->sn_nsdl_alloc(sizeof(sn_nsdl_resource_parameters_s));
+
+    if (!resource_temp->resource_parameters_ptr) {
+        handle->sn_nsdl_free(resource_temp->resource);
+        handle->sn_nsdl_free(resource_temp);
+
+        return SN_NSDL_FAILURE;
+    }
+
+    memset(resource_temp->resource_parameters_ptr, 0, sizeof(sn_nsdl_resource_parameters_s));
+
+    sn_nsdl_create_resource(handle, resource_temp);
+
+    handle->sn_nsdl_free(resource_temp->resource);
+    handle->sn_nsdl_free(resource_temp->resource_parameters_ptr);
+    handle->sn_nsdl_free(resource_temp);
+
+    return SN_NSDL_SUCCESS;
+}
+
+char *sn_nsdl_get_version(void)
+{
+#if defined(YOTTA_MBED_CLIENT_C_VERSION_STRING)
+    return YOTTA_MBED_CLIENT_C_VERSION_STRING;
+#elif defined(VERSION)
+    return VERSION;
+#else
+    return "0.0.0";
+#endif
+}
+
+
+int8_t sn_nsdl_process_coap(struct nsdl_s *handle, uint8_t *packet_ptr, uint16_t packet_len, sn_nsdl_addr_s *src_ptr)
+{
+    sn_coap_hdr_s           *coap_packet_ptr    = NULL;
+    sn_coap_hdr_s           *coap_response_ptr  = NULL;
+
+    /* Check parameters */
+    if (handle == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Parse CoAP packet */
+    coap_packet_ptr = sn_coap_protocol_parse(handle->grs->coap, src_ptr, packet_len, packet_ptr, (void *)handle);
+
+    /* Check if parsing was successfull */
+    if (coap_packet_ptr == (sn_coap_hdr_s *)NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Check, if coap itself sends response, or block receiving is ongoing... */
+    if (coap_packet_ptr->coap_status != COAP_STATUS_OK && coap_packet_ptr->coap_status != COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED) {
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+        return SN_NSDL_SUCCESS;
+    }
+
+    /* If proxy options added, return not supported */
+    if (coap_packet_ptr->options_list_ptr) {
+        if (coap_packet_ptr->options_list_ptr->proxy_uri_len) {
+            coap_response_ptr = sn_coap_build_response(handle->grs->coap, coap_packet_ptr, COAP_MSG_CODE_RESPONSE_PROXYING_NOT_SUPPORTED);
+            if (coap_response_ptr) {
+                sn_nsdl_send_coap_message(handle, src_ptr, coap_response_ptr);
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_response_ptr);
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+                return SN_NSDL_SUCCESS;
+            } else {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+                return SN_NSDL_FAILURE;
+            }
+        }
+    }
+
+    /* * * * * * * * * * * * * * * * * * * * * * * * * * */
+    /* If message is response message, call RX callback  */
+    /* * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+    if ((coap_packet_ptr->msg_code > COAP_MSG_CODE_REQUEST_DELETE) || (coap_packet_ptr->msg_type == COAP_MSG_TYPE_ACKNOWLEDGEMENT)) {
+        int8_t retval = sn_nsdl_local_rx_function(handle, coap_packet_ptr, src_ptr);
+        if (coap_packet_ptr->coap_status == COAP_STATUS_PARSER_BLOCKWISE_MSG_RECEIVED && coap_packet_ptr->payload_ptr) {
+            handle->sn_nsdl_free(coap_packet_ptr->payload_ptr);
+            coap_packet_ptr->payload_ptr = 0;
+        }
+        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+        return retval;
+    }
+
+    /* * If OMA bootstrap message... * */
+    if (src_ptr && (handle->oma_bs_address_len == src_ptr->addr_len) && (handle->oma_bs_port == src_ptr->port) && !memcmp(handle->oma_bs_address_ptr, src_ptr->addr_ptr, handle->oma_bs_address_len)) {
+        /* TLV message. Parse message and check status of the OMA bootstrap  */
+        /* process. If ok, call cb function and return. Otherwise send error */
+        /* and return failure.                                               */
+
+        if (coap_packet_ptr->content_type_len == 1) { //todo check message type
+            if (*coap_packet_ptr->content_type_ptr == 99) {
+                /* TLV parsing failed. Send response to get non-tlv messages */
+                if (sn_nsdl_process_oma_tlv(handle, coap_packet_ptr->payload_ptr, coap_packet_ptr->payload_len) == SN_NSDL_FAILURE) {
+                    coap_response_ptr = sn_coap_build_response(handle->grs->coap, coap_packet_ptr, COAP_MSG_CODE_RESPONSE_NOT_ACCEPTABLE);
+                    if (coap_response_ptr) {
+                        sn_nsdl_send_coap_message(handle, src_ptr, coap_response_ptr);
+                        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_response_ptr);
+                    } else {
+                        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+                        return SN_NSDL_FAILURE;
+                    }
+                }
+                /* Success TLV parsing */
+                else {
+                    coap_response_ptr = sn_coap_build_response(handle->grs->coap, coap_packet_ptr, COAP_MSG_CODE_RESPONSE_CREATED);
+                    if (coap_response_ptr) {
+                        sn_nsdl_send_coap_message(handle, src_ptr, coap_response_ptr);
+                        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_response_ptr);
+
+                    } else {
+                        sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+                        return SN_NSDL_FAILURE;
+                    }
+                    sn_nsdl_check_oma_bs_status(handle);
+                }
+
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+                return SN_NSDL_SUCCESS;
+            }
+
+            /* Non - TLV message */
+            else if (*coap_packet_ptr->content_type_ptr == 97) {
+                sn_grs_process_coap(handle, coap_packet_ptr, src_ptr);
+
+                /* Todo: move this copying to sn_nsdl_check_oma_bs_status(), also from TLV parser */
+                /* Security mode */
+                if (*(coap_packet_ptr->uri_path_ptr + (coap_packet_ptr->uri_path_len - 1)) == '2') {
+                    handle->nsp_address_ptr->omalw_server_security = (omalw_server_security_t)sn_nsdl_atoi(coap_packet_ptr->payload_ptr, coap_packet_ptr->payload_len);
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+                }
+
+                /* NSP address */
+                else if (*(coap_packet_ptr->uri_path_ptr + (coap_packet_ptr->uri_path_len - 1)) == '0') {
+                    sn_nsdl_resolve_lwm2m_address(handle, coap_packet_ptr->payload_ptr, coap_packet_ptr->payload_len);
+                    sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+                }
+
+                sn_nsdl_check_oma_bs_status(handle);
+            } else {
+                sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+                return SN_NSDL_FAILURE;
+            }
+        } else {
+            sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, coap_packet_ptr);
+            return SN_NSDL_FAILURE;
+        }
+
+
+        return SN_NSDL_SUCCESS;
+    }
+
+
+    /* * * * * * * * * * * * * * * */
+    /* Other messages are for GRS  */
+    /* * * * * * * * * * * * * * * */
+
+    return sn_grs_process_coap(handle, coap_packet_ptr, src_ptr);
+}
+
+int8_t sn_nsdl_exec(struct nsdl_s *handle, uint32_t time)
+{
+    if(!handle || !handle->grs){
+        return SN_NSDL_FAILURE;
+    }
+    /* Call CoAP execution function */
+    return sn_coap_protocol_exec(handle->grs->coap, time);
+}
+
+sn_nsdl_resource_info_s *sn_nsdl_get_resource(struct nsdl_s *handle, uint16_t pathlen, uint8_t *path_ptr)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return NULL;
+    }
+
+    return sn_grs_search_resource(handle->grs, pathlen, path_ptr, SN_GRS_SEARCH_METHOD);
+}
+
+
+/**
+ * \fn static uint16_t sn_nsdl_internal_coap_send(struct nsdl_s *handle, sn_coap_hdr_s *coap_header_ptr, sn_nsdl_addr_s *dst_addr_ptr, uint8_t message_description)
+ *
+ *
+ * \brief To send NSDL messages. Stores message id?s and message description to catch response from NSP server
+ * \param   *handle             Pointer to nsdl-library handle
+ * \param   *coap_header_ptr    Pointer to the CoAP message header to be sent
+ * \param   *dst_addr_ptr       Pointer to the address structure that contains destination address information
+ * \param   message_description Message description to be stored to list for waiting response
+ *
+ * \return  message id, 0 if failed
+ */
+static uint16_t sn_nsdl_internal_coap_send(struct nsdl_s *handle, sn_coap_hdr_s *coap_header_ptr, sn_nsdl_addr_s *dst_addr_ptr, uint8_t message_description)
+{
+    uint8_t     *coap_message_ptr   = NULL;
+    uint16_t    coap_message_len    = 0;
+
+    coap_message_len = sn_coap_builder_calc_needed_packet_data_size(coap_header_ptr);
+
+    if (coap_message_len == 0) {
+        return 0;
+    }
+
+    coap_message_ptr = handle->sn_nsdl_alloc(coap_message_len);
+    if (!coap_message_ptr) {
+        return 0;
+    }
+
+    /* Build message */
+    if (sn_coap_protocol_build(handle->grs->coap, dst_addr_ptr, coap_message_ptr, coap_header_ptr, (void *)handle) < 0) {
+        handle->sn_nsdl_free(coap_message_ptr);
+        return 0;
+    }
+
+    /* If mesage type is confirmable, save it to list to wait for reply */
+    if (coap_header_ptr->msg_type == COAP_MSG_TYPE_CONFIRMABLE) {
+        if (message_description == SN_NSDL_MSG_REGISTER) {
+            handle->register_msg_id = coap_header_ptr->msg_id;
+        }
+        if (message_description == SN_NSDL_MSG_UNREGISTER) {
+            handle->unregister_msg_id = coap_header_ptr->msg_id;
+        }
+
+    }
+
+    handle->sn_nsdl_tx_callback(handle, SN_NSDL_PROTOCOL_COAP, coap_message_ptr, coap_message_len, dst_addr_ptr);
+    handle->sn_nsdl_free(coap_message_ptr);
+
+    return coap_header_ptr->msg_id;
+}
+
+/**
+ * \fn static void sn_nsdl_resolve_nsp_address(struct nsdl_s *handle)
+ *
+ * \brief Resolves NSP server address.
+ *
+ * \param *handle Pointer to nsdl-library handle
+ * \note Application must set NSP address with set_nsp_address
+ */
+static void sn_nsdl_resolve_nsp_address(struct nsdl_s *handle)
+{
+    /* Local variables */
+    if (!handle->nsp_address_ptr) {
+        //allocate only if previously not allocated
+        handle->nsp_address_ptr = handle->sn_nsdl_alloc(sizeof(sn_nsdl_oma_server_info_t));
+    }
+
+    if (handle->nsp_address_ptr) {
+        handle->nsp_address_ptr->omalw_server_security = SEC_NOT_SET;
+        handle->nsp_address_ptr->omalw_address_ptr = handle->sn_nsdl_alloc(sizeof(sn_nsdl_addr_s));
+        if (handle->nsp_address_ptr->omalw_address_ptr) {
+            memset(handle->nsp_address_ptr->omalw_address_ptr, 0, sizeof(sn_nsdl_addr_s));
+            handle->nsp_address_ptr->omalw_address_ptr->type = SN_NSDL_ADDRESS_TYPE_NONE;
+        }
+    }
+}
+
+static int8_t sn_nsdl_create_oma_device_object_base(struct nsdl_s *handle, sn_nsdl_oma_device_t *oma_device_setup_ptr, sn_nsdl_oma_binding_and_mode_t binding_and_mode)
+{
+    sn_nsdl_resource_info_s new_resource;
+    uint8_t object_path[8] = "3/0/11/0";
+    uint8_t resource_temp[3];
+    uint8_t x = 0;
+
+    if (!oma_device_setup_ptr) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* * Create resources. * */
+
+    /* These resources can be created multiple times. */
+    memset(&new_resource, 0, sizeof(sn_nsdl_resource_info_s));
+    new_resource.resource_parameters_ptr = handle->sn_nsdl_alloc(sizeof(sn_nsdl_resource_parameters_s));
+    if (!new_resource.resource_parameters_ptr) {
+        return SN_NSDL_FAILURE;
+    }
+
+    memset(new_resource.resource_parameters_ptr, 0, sizeof(sn_nsdl_resource_parameters_s));
+
+    /* Create error - resource */
+    new_resource.mode = SN_GRS_STATIC;
+    new_resource.access = SN_GRS_GET_ALLOWED;
+
+    new_resource.path = object_path;
+    new_resource.pathlen = 8;
+
+    sn_nsdl_itoa(resource_temp, (uint8_t)oma_device_setup_ptr->error_code);
+
+    new_resource.resource = resource_temp;
+    new_resource.resourcelen = 1;
+
+    if (sn_nsdl_create_resource(handle, &new_resource) != SN_NSDL_SUCCESS) {
+        handle->sn_nsdl_free(new_resource.resource_parameters_ptr);
+        return SN_NSDL_FAILURE;
+    }
+
+    /* These resources can be only once, during OMA bootstrap.. */
+    /* Create supported binding and modes */
+    object_path[5] = '6';
+    new_resource.path = object_path;
+    new_resource.pathlen = 6;
+
+    if (binding_and_mode & 0x01) {
+        resource_temp[x] = 'U';
+        x++;
+        if (binding_and_mode & 0x02) {
+            resource_temp[x] = 'Q';
+            x++;
+        }
+    }
+    if (binding_and_mode & 0x04) {
+        resource_temp[x] = 'S';
+        x++;
+        if ((binding_and_mode & 0x02) && !(binding_and_mode & 0x01)) {
+            resource_temp[x] = 'Q';
+            x++;
+        }
+    }
+
+    new_resource.resourcelen = x;
+
+    if (new_resource.resourcelen) {
+        new_resource.resource = resource_temp;
+    } else {
+        new_resource.resource = 0;
+    }
+
+
+    if (sn_nsdl_create_resource(handle, &new_resource) != SN_NSDL_SUCCESS) {
+        handle->sn_nsdl_free(new_resource.resource_parameters_ptr);
+        return SN_NSDL_FAILURE;
+    }
+
+
+    /* Create dynamic reboot object */
+    new_resource.mode = SN_GRS_DYNAMIC;
+
+    new_resource.access = SN_GRS_POST_ALLOWED;
+
+    object_path[4] = '4';
+
+    new_resource.path = object_path;
+    new_resource.pathlen = 5;
+
+    new_resource.resourcelen = 0;
+    new_resource.resource = 0;
+
+    new_resource.sn_grs_dyn_res_callback = oma_device_setup_ptr->sn_oma_device_boot_callback;
+
+    if (sn_nsdl_create_resource(handle, &new_resource) != SN_NSDL_SUCCESS) {
+        handle->sn_nsdl_free(new_resource.resource_parameters_ptr);
+        return SN_NSDL_FAILURE;
+    }
+
+    handle->sn_nsdl_free(new_resource.resource_parameters_ptr);
+    return SN_NSDL_SUCCESS;
+}
+
+/**
+ * \fn int8_t sn_nsdl_build_registration_body(struct nsdl_s *handle, sn_coap_hdr_s *message_ptr, uint8_t updating_registeration)
+ *
+ * \brief   To build GRS resources to registration message payload
+ * \param *handle Pointer to nsdl-library handle
+ * \param   *message_ptr Pointer to CoAP message header
+ *
+ * \return  SN_NSDL_SUCCESS = 0, Failed = -1
+ */
+int8_t sn_nsdl_build_registration_body(struct nsdl_s *handle, sn_coap_hdr_s *message_ptr, uint8_t updating_registeration)
+{
+    /* Local variables */
+    uint8_t                 *temp_ptr;
+    const sn_nsdl_resource_info_s   *resource_temp_ptr;
+
+
+    /* Calculate needed memory and allocate */
+    message_ptr->payload_len = sn_nsdl_calculate_registration_body_size(handle, updating_registeration);
+
+    /* If no resources to be registered, return SN_NSDL_SUCCESS */
+    if (!message_ptr->payload_len) {
+        return SN_NSDL_SUCCESS;
+    }
+
+    message_ptr->payload_ptr = handle->sn_nsdl_alloc(message_ptr->payload_len);
+    if (!message_ptr->payload_ptr) {
+        return SN_NSDL_FAILURE;
+    }
+
+    /* Build message */
+    temp_ptr = message_ptr->payload_ptr;
+
+    resource_temp_ptr = sn_grs_get_first_resource(handle->grs);
+
+    /* Loop trough all resources */
+    while (resource_temp_ptr) {
+        /* if resource needs to be registered */
+        if (resource_temp_ptr->resource_parameters_ptr) {
+            if (updating_registeration && resource_temp_ptr->resource_parameters_ptr->registered == SN_NDSL_RESOURCE_REGISTERED) {
+                resource_temp_ptr = sn_grs_get_next_resource(handle->grs, resource_temp_ptr);
+                continue;
+            } else {
+                resource_temp_ptr->resource_parameters_ptr->registered = SN_NDSL_RESOURCE_REGISTERED;
+            }
+
+            /* If not first resource, add '.' to separator */
+            if (temp_ptr != message_ptr->payload_ptr) {
+                *temp_ptr++ = ',';
+            }
+
+            *temp_ptr++ = '<';
+            *temp_ptr++ = '/';
+            memcpy(temp_ptr, resource_temp_ptr->path, resource_temp_ptr->pathlen);
+            temp_ptr += resource_temp_ptr->pathlen;
+            *temp_ptr++ = '>';
+
+            /* Resource attributes */
+            if (resource_temp_ptr->resource_parameters_ptr->resource_type_len) {
+                *temp_ptr++ = ';';
+                memcpy(temp_ptr, resource_type_parameter, RT_PARAMETER_LEN);
+                temp_ptr += RT_PARAMETER_LEN;
+                *temp_ptr++ = '"';
+                memcpy(temp_ptr, resource_temp_ptr->resource_parameters_ptr->resource_type_ptr, resource_temp_ptr->resource_parameters_ptr->resource_type_len);
+                temp_ptr += resource_temp_ptr->resource_parameters_ptr->resource_type_len;
+                *temp_ptr++ = '"';
+            }
+
+            if (resource_temp_ptr->resource_parameters_ptr->interface_description_len) {
+                *temp_ptr++ = ';';
+                memcpy(temp_ptr, if_description_parameter, IF_PARAMETER_LEN);
+                temp_ptr += IF_PARAMETER_LEN;
+                *temp_ptr++ = '"';
+                memcpy(temp_ptr, resource_temp_ptr->resource_parameters_ptr->interface_description_ptr, resource_temp_ptr->resource_parameters_ptr->interface_description_len);
+                temp_ptr += resource_temp_ptr->resource_parameters_ptr->interface_description_len;
+                *temp_ptr++ = '"';
+            }
+
+            if (resource_temp_ptr->resource_parameters_ptr->coap_content_type != 0) {
+                *temp_ptr++ = ';';
+                memcpy(temp_ptr, coap_con_type_parameter, COAP_CON_PARAMETER_LEN);
+                temp_ptr += COAP_CON_PARAMETER_LEN;
+                *temp_ptr++ = '"';
+                temp_ptr = sn_nsdl_itoa(temp_ptr, resource_temp_ptr->resource_parameters_ptr->coap_content_type);
+                *temp_ptr++ = '"';
+            }
+
+            /* ;obs */
+            if (resource_temp_ptr->resource_parameters_ptr->observable) {
+                *temp_ptr++ = ';';
+                memcpy(temp_ptr, obs_parameter, OBS_PARAMETER_LEN);
+                temp_ptr += OBS_PARAMETER_LEN;
+            }
+
+            /* ;aobs;id= */
+            /* todo: aosb not supported ATM */
+            /*
+            if((resource_temp_ptr->resource_parameters_ptr->auto_obs_len > 0 && resource_temp_ptr->resource_parameters_ptr->auto_obs_len <= 8) &&
+                    resource_temp_ptr->resource_parameters_ptr->auto_obs_ptr)
+            {
+                uint8_t i = 0;
+
+                *temp_ptr++ = ';';
+                memcpy(temp_ptr, aobs_parameter, AOBS_PARAMETER_LEN);
+                temp_ptr += AOBS_PARAMETER_LEN;
+
+                while(i < resource_temp_ptr->resource_parameters_ptr->auto_obs_len)
+                {
+                    temp_ptr = sn_nsdl_itoa(temp_ptr, *(resource_temp_ptr->resource_parameters_ptr->auto_obs_ptr + i));
+                    i++;
+                }
+            }
+            */
+
+        }
+
+        resource_temp_ptr = sn_grs_get_next_resource(handle->grs, resource_temp_ptr);
+    }
+
+    return SN_NSDL_SUCCESS;
+}
+
+/**
+ * \fn static uint16_t sn_nsdl_calculate_registration_body_size(struct nsdl_s *handle, uint8_t updating_registeration)
+ *
+ *
+ * \brief   Calculates registration message payload size
+ * \param   *handle                 Pointer to nsdl-library handle
+ * \param   *grs_resources_list_ptr Pointer to list of GRS resources
+ *
+ * \return  Needed payload size
+ */
+static uint16_t sn_nsdl_calculate_registration_body_size(struct nsdl_s *handle, uint8_t updating_registeration)
+{
+    /* Local variables */
+    uint16_t return_value = 0;
+    const sn_nsdl_resource_info_s *resource_temp_ptr;
+
+    /* check pointer */
+
+    resource_temp_ptr = sn_grs_get_first_resource(handle->grs);
+
+    while (resource_temp_ptr) {
+        if (resource_temp_ptr->resource_parameters_ptr) {
+            if (updating_registeration && resource_temp_ptr->resource_parameters_ptr->registered == SN_NDSL_RESOURCE_REGISTERED) {
+                resource_temp_ptr = sn_grs_get_next_resource(handle->grs, resource_temp_ptr);
+                continue;
+            }
+
+            /* If not first resource, then '.' will be added */
+            if (return_value) {
+                return_value++;
+            }
+
+            /* Count length for the resource path </path> */
+            return_value += (3 + resource_temp_ptr->pathlen);
+
+            /* Count lengths of the attributes */
+
+            /* Resource type parameter */
+            if (resource_temp_ptr->resource_parameters_ptr->resource_type_len) {
+                /* ;rt="restype" */
+                return_value += (6 + resource_temp_ptr->resource_parameters_ptr->resource_type_len);
+            }
+
+            /* Interface description parameter */
+            if (resource_temp_ptr->resource_parameters_ptr->interface_description_len) {
+                /* ;if="iftype" */
+                return_value += (6 + resource_temp_ptr->resource_parameters_ptr->interface_description_len);
+            }
+
+            if (resource_temp_ptr->resource_parameters_ptr->coap_content_type != 0) {
+                /* ;if="content" */
+                return_value += 6; // all but not content
+                return_value += sn_nsdl_itoa_len(resource_temp_ptr->resource_parameters_ptr->coap_content_type);
+            }
+
+            if (resource_temp_ptr->resource_parameters_ptr->observable) {
+                /* ;obs */
+                return_value += 4;
+            }
+            /*todo: aobs not supported ATM */
+            /*
+            if((resource_temp_ptr->resource_parameters_ptr->auto_obs_len > 0 && resource_temp_ptr->resource_parameters_ptr->auto_obs_len <= 8) &&
+                    resource_temp_ptr->resource_parameters_ptr->auto_obs_ptr)
+            {
+                uint8_t i = resource_temp_ptr->resource_parameters_ptr->auto_obs_len;
+                // ;aobs;id=
+                return_value += 9;
+                while(i--)
+                {
+                    return_value += sn_nsdl_itoa_len(*(resource_temp_ptr->resource_parameters_ptr->auto_obs_ptr + i));
+                }
+            }
+            */
+
+        }
+
+        resource_temp_ptr = sn_grs_get_next_resource(handle->grs, resource_temp_ptr);
+
+    }
+
+    return return_value;
+}
+
+/**
+ * \fn static uint8_t sn_nsdl_calculate_uri_query_option_len(sn_nsdl_ep_parameters_s *endpoint_info_ptr, uint8_t msg_type)
+ *
+ *
+ * \brief Calculates needed uri query option length
+ *
+ * \param *endpoint_info_ptr    Pointer to endpoint info structure
+ * \param msg_type              Message type
+ *
+ * \return  number of parameters in uri query
+ */
+static uint8_t sn_nsdl_calculate_uri_query_option_len(sn_nsdl_ep_parameters_s *endpoint_info_ptr, uint8_t msg_type)
+{
+    uint8_t return_value = 0;
+    uint8_t number_of_parameters = 0;
+
+
+    if ((endpoint_info_ptr->endpoint_name_len != 0) && (msg_type == SN_NSDL_EP_REGISTER_MESSAGE) && endpoint_info_ptr->endpoint_name_ptr != 0) {
+        return_value += endpoint_info_ptr->endpoint_name_len;
+        return_value += EP_NAME_PARAMETERS_LEN; //ep=
+        number_of_parameters++;
+    }
+
+    if ((endpoint_info_ptr->type_len != 0) && (msg_type == SN_NSDL_EP_REGISTER_MESSAGE) && (endpoint_info_ptr->type_ptr != 0)) {
+        return_value += endpoint_info_ptr->type_len;
+        return_value += ET_PARAMETER_LEN;       //et=
+        number_of_parameters++;
+    }
+
+    if ((endpoint_info_ptr->lifetime_len != 0) && (endpoint_info_ptr->lifetime_ptr != 0)) {
+        return_value += endpoint_info_ptr->lifetime_len;
+        return_value += LT_PARAMETER_LEN;       //lt=
+        number_of_parameters++;
+    }
+
+    if ((endpoint_info_ptr->domain_name_len != 0) && (msg_type == SN_NSDL_EP_REGISTER_MESSAGE) && (endpoint_info_ptr->domain_name_ptr != 0)) {
+        return_value += endpoint_info_ptr->domain_name_len;
+        return_value += DOMAIN_PARAMETER_LEN;       //d=
+        number_of_parameters++;
+    }
+
+    if (((endpoint_info_ptr->binding_and_mode & 0x04) || (endpoint_info_ptr->binding_and_mode & 0x01)) && (msg_type == SN_NSDL_EP_REGISTER_MESSAGE)) {
+        return_value += BS_QUEUE_MODE_PARAMATER_LEN;
+
+        if (endpoint_info_ptr->binding_and_mode & 0x01) {
+            return_value++;
+        }
+        if (endpoint_info_ptr->binding_and_mode & 0x04) {
+            return_value++;
+        }
+        if ((endpoint_info_ptr->binding_and_mode & 0x02) && ((endpoint_info_ptr->binding_and_mode & 0x04) || (endpoint_info_ptr->binding_and_mode & 0x01))) {
+            return_value++;
+        }
+
+        number_of_parameters++;
+    }
+
+    if (number_of_parameters != 0) {
+        return_value += (number_of_parameters - 1);
+    }
+
+    return return_value;
+}
+
+/**
+ * \fn static int8_t sn_nsdl_fill_uri_query_options(struct nsdl_s *handle, sn_nsdl_ep_parameters_s *parameter_ptr, sn_coap_hdr_s *source_msg_ptr, uint8_t msg_type)
+ *
+ *
+ * \brief Fills uri-query options to message header struct
+ * \param *handle           Pointer to nsdl-library handle
+ * \param *parameter_ptr    Pointer to endpoint parameters struct
+ * \param *source_msg_ptr   Pointer to CoAP header struct
+ * \param msg_type          Message type
+ *
+ * \return  SN_NSDL_SUCCESS = 0, Failed = -1
+ */
+static int8_t sn_nsdl_fill_uri_query_options(struct nsdl_s *handle, sn_nsdl_ep_parameters_s *parameter_ptr, sn_coap_hdr_s *source_msg_ptr, uint8_t msg_type)
+{
+    uint8_t *temp_ptr = NULL;
+    if( !validateParameters(parameter_ptr) ){
+        return SN_NSDL_FAILURE;
+    }
+    source_msg_ptr->options_list_ptr->uri_query_len  = sn_nsdl_calculate_uri_query_option_len(parameter_ptr, msg_type);
+    if (source_msg_ptr->options_list_ptr->uri_query_len == 0) {
+        return 0;
+    }
+
+    source_msg_ptr->options_list_ptr->uri_query_ptr     =   handle->sn_nsdl_alloc(source_msg_ptr->options_list_ptr->uri_query_len);
+
+    if (source_msg_ptr->options_list_ptr->uri_query_ptr == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+    memset(source_msg_ptr->options_list_ptr->uri_query_ptr,0,source_msg_ptr->options_list_ptr->uri_query_len);
+
+    temp_ptr = source_msg_ptr->options_list_ptr->uri_query_ptr;
+
+    /******************************************************/
+    /* If endpoint name is configured, fill needed fields */
+    /******************************************************/
+
+    if ((parameter_ptr->endpoint_name_len != 0) && (parameter_ptr->endpoint_name_ptr != 0) && (msg_type == SN_NSDL_EP_REGISTER_MESSAGE)) {
+        /* fill endpoint name, first ?ep=, then endpoint name */
+        memcpy(temp_ptr, ep_name_parameter_string, sizeof(ep_name_parameter_string));
+        temp_ptr += EP_NAME_PARAMETERS_LEN;
+        memcpy(temp_ptr, parameter_ptr->endpoint_name_ptr, parameter_ptr->endpoint_name_len);
+        temp_ptr += parameter_ptr->endpoint_name_len;
+    }
+
+    /******************************************************/
+    /* If endpoint type is configured, fill needed fields */
+    /******************************************************/
+
+    if ((parameter_ptr->type_len != 0) && (parameter_ptr->type_ptr != 0) && (msg_type == SN_NSDL_EP_REGISTER_MESSAGE)) {
+        if (temp_ptr != source_msg_ptr->options_list_ptr->uri_query_ptr) {
+            *temp_ptr++ = '&';
+        }
+
+        memcpy(temp_ptr, et_parameter, sizeof(et_parameter));
+        temp_ptr += ET_PARAMETER_LEN;
+        memcpy(temp_ptr, parameter_ptr->type_ptr, parameter_ptr->type_len);
+        temp_ptr += parameter_ptr->type_len;
+    }
+
+
+    /******************************************************/
+    /* If lifetime is configured, fill needed fields */
+    /******************************************************/
+
+    if ((parameter_ptr->lifetime_len != 0) && (parameter_ptr->lifetime_ptr != 0)) {
+        if (temp_ptr != source_msg_ptr->options_list_ptr->uri_query_ptr) {
+            *temp_ptr++ = '&';
+        }
+
+        memcpy(temp_ptr, ep_lifetime_parameter, sizeof(ep_lifetime_parameter));
+        temp_ptr += LT_PARAMETER_LEN;
+        memcpy(temp_ptr, parameter_ptr->lifetime_ptr, parameter_ptr->lifetime_len);
+        temp_ptr += parameter_ptr->lifetime_len;
+    }
+
+    /******************************************************/
+    /* If domain is configured, fill needed fields */
+    /******************************************************/
+
+    if ((parameter_ptr->domain_name_len != 0) && (parameter_ptr->domain_name_ptr != 0) && (msg_type == SN_NSDL_EP_REGISTER_MESSAGE)) {
+        if (temp_ptr != source_msg_ptr->options_list_ptr->uri_query_ptr) {
+            *temp_ptr++ = '&';
+        }
+
+        memcpy(temp_ptr, ep_domain_parameter, sizeof(ep_domain_parameter));
+        temp_ptr += DOMAIN_PARAMETER_LEN;
+        memcpy(temp_ptr, parameter_ptr->domain_name_ptr, parameter_ptr->domain_name_len);
+        temp_ptr += parameter_ptr->domain_name_len;
+    }
+
+    /******************************************************/
+    /* If queue-mode is configured, fill needed fields    */
+    /******************************************************/
+
+    if (((parameter_ptr->binding_and_mode & 0x01) || (parameter_ptr->binding_and_mode & 0x04)) && (msg_type == SN_NSDL_EP_REGISTER_MESSAGE)) {
+        if (temp_ptr != source_msg_ptr->options_list_ptr->uri_query_ptr) {
+            *temp_ptr++ = '&';
+        }
+
+        memcpy(temp_ptr, bs_queue_mode, sizeof(bs_queue_mode));
+        temp_ptr += BS_QUEUE_MODE_PARAMATER_LEN;
+
+        if (parameter_ptr->binding_and_mode & 0x01) {
+            *temp_ptr++ = 'U';
+            if (parameter_ptr->binding_and_mode & 0x02) {
+                *temp_ptr++ = 'Q';
+            }
+        }
+
+        if (parameter_ptr->binding_and_mode & 0x04) {
+            *temp_ptr++ = 'S';
+            if ((parameter_ptr->binding_and_mode & 0x02) && !(parameter_ptr->binding_and_mode & 0x01)) {
+                *temp_ptr++ = 'Q';
+            }
+        }
+    }
+
+    return SN_NSDL_SUCCESS;
+}
+
+static bool validateParameters(sn_nsdl_ep_parameters_s *parameter_ptr)
+{
+    if( !validate( parameter_ptr->domain_name_ptr, parameter_ptr->domain_name_len, '&' ) ){
+        return false;
+    }
+
+    if( !validate( parameter_ptr->endpoint_name_ptr, parameter_ptr->endpoint_name_len, '&' ) ){
+        return false;
+    }
+
+    if( !validate( parameter_ptr->lifetime_ptr, parameter_ptr->lifetime_len, '&' ) ){
+        return false;
+    }
+
+    if( !validate( parameter_ptr->type_ptr, parameter_ptr->type_len, '&' ) ){
+        return false;
+    }
+    return true;
+}
+
+static bool validate(uint8_t* ptr, uint32_t len, char illegalChar)
+{
+    if( ptr ){
+        for( int i=0; i < len; i++ ){
+            if( ptr[i] == illegalChar ){
+                return false;
+            }
+        }
+    }
+    return true;
+}
+
+/**
+ * \fn static int8_t sn_nsdl_local_rx_function(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr, sn_nsdl_addr_s *address_ptr)
+ *
+ * \brief If received message is reply for the message that NSDL has been sent, it is processed here. Else, packet will be sent to application.
+ * \param *handle           Pointer to nsdl-library handle
+ * \param *coap_packet_ptr  Pointer to received CoAP packet
+ * \param *address_ptr      Pointer to source address struct
+ *
+ * \return      SN_NSDL_SUCCESS = 0, Failed = -1
+ */
+static int8_t sn_nsdl_local_rx_function(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr, sn_nsdl_addr_s *address_ptr)
+{
+    if ((coap_packet_ptr == 0) || (address_ptr == 0)) {
+        return -1;
+    }
+
+    if (coap_packet_ptr->msg_id == handle->register_msg_id) {
+        if (coap_packet_ptr->msg_code == COAP_MSG_CODE_RESPONSE_CREATED) {
+            handle->sn_nsdl_endpoint_registered = SN_NSDL_ENDPOINT_IS_REGISTERED;
+            sn_grs_mark_resources_as_registered(handle);
+            if (sn_nsdl_resolve_ep_information(handle, coap_packet_ptr) != SN_NSDL_SUCCESS) {
+                return SN_NSDL_FAILURE;
+            }
+
+            handle->register_msg_id = 0;
+        }
+    }
+
+    if (coap_packet_ptr->msg_id == handle->unregister_msg_id) {
+        if (coap_packet_ptr->msg_code == COAP_MSG_CODE_RESPONSE_DELETED) {
+            if (handle->ep_information_ptr->endpoint_name_ptr) {
+                handle->sn_nsdl_free(handle->ep_information_ptr->endpoint_name_ptr);
+                handle->ep_information_ptr->endpoint_name_ptr = 0;
+                handle->ep_information_ptr->endpoint_name_len = 0;
+            }
+            if (handle->ep_information_ptr->domain_name_ptr) {
+                handle->sn_nsdl_free(handle->ep_information_ptr->domain_name_ptr);
+                handle->ep_information_ptr->domain_name_ptr = 0;
+                handle->ep_information_ptr->domain_name_len = 0;
+            }
+
+            handle->unregister_msg_id = 0;
+        }
+    }
+
+    /* No messages to wait for, or message was not response to our request */
+    return handle->sn_nsdl_rx_callback(handle, coap_packet_ptr, address_ptr);
+}
+
+/**
+ * \fn static int8_t sn_nsdl_resolve_ep_information(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr)
+ *
+ *
+ * \brief Resolves endpoint information from received CoAP message
+ * \param *handle           Pointer to nsdl-library handle
+ * \param *coap_packet_ptr  Pointer to received CoAP message
+ *
+ * \return  SN_NSDL_SUCCESS = 0, Failed = -1
+ */
+static int8_t sn_nsdl_resolve_ep_information(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr)
+{
+    uint8_t     *temp_ptr;
+    uint8_t     parameter_count     = 0;
+    uint16_t    parameter_len       = 0;
+
+    if (!coap_packet_ptr || !coap_packet_ptr->options_list_ptr ||
+        !coap_packet_ptr->options_list_ptr->location_path_ptr) {
+        return SN_NSDL_FAILURE;
+    }
+
+    temp_ptr = coap_packet_ptr->options_list_ptr->location_path_ptr;
+
+    while (temp_ptr <= (coap_packet_ptr->options_list_ptr->location_path_ptr + coap_packet_ptr->options_list_ptr->location_path_len)) {
+
+        if ((temp_ptr == (coap_packet_ptr->options_list_ptr->location_path_ptr + coap_packet_ptr->options_list_ptr->location_path_len)) || (*temp_ptr == '/')) {
+
+            parameter_count++;
+            if (parameter_count == 2) {
+                if (!handle->ep_information_ptr->domain_name_ptr) {
+                    handle->ep_information_ptr->domain_name_len = parameter_len - 1;
+                    handle->ep_information_ptr->domain_name_ptr = handle->sn_nsdl_alloc(handle->ep_information_ptr->domain_name_len);
+                    if (!handle->ep_information_ptr->domain_name_ptr) {
+                        return SN_NSDL_FAILURE;
+                    }
+                    memcpy(handle->ep_information_ptr->domain_name_ptr, temp_ptr - handle->ep_information_ptr->domain_name_len, handle->ep_information_ptr->domain_name_len);
+                }
+
+            }
+            if (parameter_count == 3) {
+                if (!handle->ep_information_ptr->endpoint_name_ptr) {
+                    handle->ep_information_ptr->endpoint_name_len = parameter_len - 1;
+                    handle->ep_information_ptr->endpoint_name_ptr = handle->sn_nsdl_alloc(handle->ep_information_ptr->endpoint_name_len);
+                    if (!handle->ep_information_ptr->endpoint_name_ptr) {
+                        if (handle->ep_information_ptr->domain_name_ptr) {
+                            handle->sn_nsdl_free(handle->ep_information_ptr->domain_name_ptr);
+                            handle->ep_information_ptr->domain_name_ptr = NULL;
+                            handle->ep_information_ptr->domain_name_len = 0;
+                        }
+
+                        return SN_NSDL_FAILURE;
+
+                    }
+                    memcpy(handle->ep_information_ptr->endpoint_name_ptr, temp_ptr - handle->ep_information_ptr->endpoint_name_len, handle->ep_information_ptr->endpoint_name_len);
+                }
+            }
+            parameter_len = 0;
+        }
+        parameter_len++;
+        temp_ptr++;
+    }
+
+
+    return SN_NSDL_SUCCESS;
+}
+
+int8_t set_NSP_address(struct nsdl_s *handle, uint8_t *NSP_address, uint16_t port, sn_nsdl_addr_type_e address_type)
+{
+
+    /* Check parameters and source pointers */
+    if (!handle || !handle->nsp_address_ptr || !handle->nsp_address_ptr->omalw_address_ptr || !NSP_address) {
+        return SN_NSDL_FAILURE;
+    }
+
+    handle->nsp_address_ptr->omalw_address_ptr->type = address_type;
+    handle->nsp_address_ptr->omalw_server_security = SEC_NOT_SET;
+
+    if (address_type == SN_NSDL_ADDRESS_TYPE_IPV4) {
+        if (handle->nsp_address_ptr->omalw_address_ptr->addr_ptr) {
+            handle->sn_nsdl_free(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr);
+        }
+
+        handle->nsp_address_ptr->omalw_address_ptr->addr_len = 4;
+
+        handle->nsp_address_ptr->omalw_address_ptr->addr_ptr = handle->sn_nsdl_alloc(handle->nsp_address_ptr->omalw_address_ptr->addr_len);
+        if (!handle->nsp_address_ptr->omalw_address_ptr->addr_ptr) {
+            return SN_NSDL_FAILURE;
+        }
+
+        memcpy(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr, NSP_address, handle->nsp_address_ptr->omalw_address_ptr->addr_len);
+        handle->nsp_address_ptr->omalw_address_ptr->port = port;
+    }
+
+    else if (address_type == SN_NSDL_ADDRESS_TYPE_IPV6) {
+        if (handle->nsp_address_ptr->omalw_address_ptr->addr_ptr) {
+            handle->sn_nsdl_free(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr);
+        }
+
+        handle->nsp_address_ptr->omalw_address_ptr->addr_len = 16;
+
+        handle->nsp_address_ptr->omalw_address_ptr->addr_ptr = handle->sn_nsdl_alloc(handle->nsp_address_ptr->omalw_address_ptr->addr_len);
+        if (!handle->nsp_address_ptr->omalw_address_ptr->addr_ptr) {
+            return SN_NSDL_FAILURE;
+        }
+
+        memcpy(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr, NSP_address, handle->nsp_address_ptr->omalw_address_ptr->addr_len);
+        handle->nsp_address_ptr->omalw_address_ptr->port = port;
+    }
+    return SN_NSDL_SUCCESS;
+}
+
+
+static uint8_t sn_nsdl_itoa_len(uint8_t value)
+{
+    uint8_t i = 0;
+
+    do {
+        i++;
+    } while ((value /= 10) > 0);
+
+    return i;
+}
+
+static uint8_t *sn_nsdl_itoa(uint8_t *ptr, uint8_t value)
+{
+
+    uint8_t start = 0;
+    uint8_t end = 0;
+    uint8_t i;
+
+    i = 0;
+
+    /* ITOA */
+    do {
+        ptr[i++] = (value % 10) + '0';
+    } while ((value /= 10) > 0);
+
+    end = i - 1;
+
+    /* reverse (part of ITOA) */
+    while (start < end) {
+        uint8_t chr;
+
+        chr = ptr[start];
+        ptr[start] = ptr[end];
+        ptr[end] = chr;
+
+        start++;
+        end--;
+
+    }
+    return (ptr + i);
+}
+
+static int32_t sn_nsdl_atoi(uint8_t *ptr, uint8_t len)
+{
+
+    int32_t result = 0;
+
+    while (len--) {
+
+        if (result) {
+            result *= 10;
+        }
+
+        if (*ptr >= '0' && *ptr <= '9') {
+            result += *ptr - '0';
+        } else{
+            return -1;
+        }
+
+        ptr++;
+
+    }
+    return result;
+
+}
+
+static uint32_t sn_nsdl_ahextoi(uint8_t *ptr, uint8_t len)
+{
+
+    uint32_t result = 0;
+
+    while (len--) {
+
+        if (result) {
+            result *= 16;
+        }
+
+        if (*ptr >= '0' && *ptr <= '9') {
+            result += *ptr - '0';
+        } else if (*ptr >= 'a' && *ptr <= 'f') {
+            result += *ptr - 87;
+        } else if (*ptr >= 'A' && *ptr <= 'F') {
+            result += *ptr - 55;
+        }
+
+        ptr++;
+
+    }
+    return result;
+
+}
+
+static int8_t sn_nsdl_resolve_lwm2m_address(struct nsdl_s *handle, uint8_t *uri, uint16_t uri_len)
+{
+    if( uri_len < 2 ){
+        return SN_NSDL_FAILURE;
+    }
+    uint8_t *temp_ptr = uri+2;
+    uint16_t i = 0;
+    uint8_t char_cnt = 0;
+
+    /* jump over coap// */
+    while ((*(temp_ptr - 2) != '/') || (*(temp_ptr - 1) != '/')) {
+        temp_ptr++;
+        if (temp_ptr - uri >= uri_len) {
+            return SN_NSDL_FAILURE;
+        }
+    }
+
+    /* Resolve address type */
+    /* Count semicolons */
+
+    int8_t endPos = -1;
+
+    while (i < (uri_len - (temp_ptr - uri))) {
+        if (*(temp_ptr + i) == ':') {
+            char_cnt++;
+        }else if(*(temp_ptr + i) == ']'){
+            endPos = i;
+        }
+        i++;
+    }
+
+    uint8_t *temp_pos = temp_ptr; //store starting point in case of IPv4 parsing fails
+
+    /* IPv6 */
+    if (char_cnt > 2) {
+        i = 0;
+
+        if( handle->nsp_address_ptr->omalw_address_ptr->addr_ptr ){
+            handle->sn_nsdl_free(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr);
+        }
+
+        handle->nsp_address_ptr->omalw_address_ptr->type = SN_NSDL_ADDRESS_TYPE_IPV6;
+        handle->nsp_address_ptr->omalw_address_ptr->addr_len = 16;
+        handle->nsp_address_ptr->omalw_address_ptr->addr_ptr = handle->sn_nsdl_alloc(16);
+        if (!handle->nsp_address_ptr->omalw_address_ptr->addr_ptr) {
+            return SN_NSDL_FAILURE;
+        }
+
+        memset(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr, 0, 16);
+        if (*temp_ptr == '[' && endPos > 0 && (temp_ptr - uri) + endPos < uri_len && *(temp_ptr + endPos + 1) == ':') {
+            temp_ptr++;
+            endPos--;
+        }else{
+            /* return failure, because port is mandatory */
+            return SN_NSDL_FAILURE;
+        }
+
+        int8_t loopbackPos = -1;
+        if( char_cnt != 8 ){
+            i = 0;
+            char_cnt -= 1;
+            while( i+1 < endPos ){
+                if(*(temp_ptr + i) == ':' && *(temp_ptr + i+1) == ':') {
+                    loopbackPos = i;
+                    break;
+                }
+                i++;
+            }
+        }
+        i = 0;
+
+        uint8_t numberOfZeros = 8 - char_cnt;
+        if(loopbackPos == 0){
+            numberOfZeros++;
+        }
+
+        if(loopbackPos == endPos-2){
+            numberOfZeros++;
+        }
+
+        /* Resolve address */
+        int8_t pos = loopbackPos == 0?0:-1;
+        while (i < 16 && ((temp_ptr - uri) + char_cnt) < uri_len) {
+            char_cnt = 0;
+            if( pos == loopbackPos ){
+                for( int k=0; k < numberOfZeros; k++ ){
+                    i+=2;
+                }
+                pos+=2;
+                temp_ptr += 2;
+                if( numberOfZeros == 8 ){
+                    temp_ptr++;
+                }
+                continue;
+            }
+            while (*(temp_ptr + char_cnt) != ':' && *(temp_ptr + char_cnt) != ']') {
+                char_cnt++;
+                pos++;
+            }
+            pos++;
+
+            if (char_cnt <= 2) {
+                i++;
+            }
+
+            while (char_cnt) {
+                if (char_cnt % 2) {
+                    *(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr + i) = (uint8_t)sn_nsdl_ahextoi(temp_ptr, 1);
+                    temp_ptr++;
+                    char_cnt --;
+                } else {
+                    *(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr + i) = (uint8_t)sn_nsdl_ahextoi(temp_ptr, 2);
+                    temp_ptr += 2;
+                    char_cnt -= 2;
+                }
+                i++;
+            }
+            temp_ptr++;
+        }
+
+        temp_ptr++;
+        uint16_t handled = (temp_ptr - uri);
+        if( handled < uri_len ){
+            if( *(temp_ptr + (uri_len - (temp_ptr - uri) -1)) == '/' ){
+                handle->nsp_address_ptr->omalw_address_ptr->port = sn_nsdl_atoi(temp_ptr, uri_len - (temp_ptr - uri) - 1);
+            }else{
+                handle->nsp_address_ptr->omalw_address_ptr->port = sn_nsdl_atoi(temp_ptr, uri_len - (temp_ptr - uri));
+            }
+        }
+    }
+    /* IPv4 or Hostname */
+    else if (char_cnt == 1) {
+        char_cnt = 0;
+        i = 0;
+
+        if( handle->nsp_address_ptr->omalw_address_ptr->addr_ptr ){
+            handle->sn_nsdl_free(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr);
+        }
+
+        /* Check address type */
+        while (i < (uri_len - (temp_ptr - uri))) {
+            if (*(temp_ptr + i) == '.') {
+                char_cnt++;
+            }
+            i++;
+        }
+
+        bool parseOk = true;
+
+        /* Try IPv4 first */
+        if (char_cnt == 3) {
+            i = 0;
+            char_cnt = 0;
+
+            handle->nsp_address_ptr->omalw_address_ptr->type = SN_NSDL_ADDRESS_TYPE_IPV4;
+            handle->nsp_address_ptr->omalw_address_ptr->addr_len = 4;
+            handle->nsp_address_ptr->omalw_address_ptr->addr_ptr = handle->sn_nsdl_alloc(4);
+            if (!handle->nsp_address_ptr->omalw_address_ptr->addr_ptr) {
+                return SN_NSDL_FAILURE;
+            }
+
+            while (parseOk && ((temp_ptr - uri) < uri_len) && *(temp_ptr - 1) != ':') {
+                i++;
+
+                if (*(temp_ptr + i) == ':' || *(temp_ptr + i) == '.') {
+                    int8_t value = (int8_t)sn_nsdl_atoi(temp_ptr, i);
+                    if( value == -1 ){
+                        parseOk = false;
+                        char_cnt = 3;
+                        handle->sn_nsdl_free(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr);
+                        handle->nsp_address_ptr->omalw_address_ptr->addr_ptr = NULL;
+                        break;
+                    }
+                    *(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr + char_cnt) = value;
+                    temp_ptr = temp_ptr + i + 1;
+                    char_cnt++;
+                    i = 0;
+                }
+            }
+            if(parseOk) {
+                if( *(temp_ptr + (uri_len - (temp_ptr - uri) -1)) == '/' ){
+                    handle->nsp_address_ptr->omalw_address_ptr->port = sn_nsdl_atoi(temp_ptr, uri_len - (temp_ptr - uri) - 1);
+                }else{
+                    handle->nsp_address_ptr->omalw_address_ptr->port = sn_nsdl_atoi(temp_ptr, uri_len - (temp_ptr - uri));
+                }
+            }
+        }else{
+            parseOk = false;
+        }
+
+        /* Then try Hostname */
+        if(!parseOk) {
+            i = 0;
+            temp_ptr = temp_pos;
+
+            handle->nsp_address_ptr->omalw_address_ptr->type = SN_NSDL_ADDRESS_TYPE_HOSTNAME;
+
+            /* Resolve address length */
+            if (uri_len > 0xff) {
+                return SN_NSDL_FAILURE;
+            }
+
+            while (((temp_ptr - uri) + i < uri_len) && *(temp_ptr + i) != ':') {
+                i++;
+            }
+
+            handle->nsp_address_ptr->omalw_address_ptr->addr_len = i;
+
+            /* Copy address */
+            handle->nsp_address_ptr->omalw_address_ptr->addr_ptr = handle->sn_nsdl_alloc(i);
+            if (!handle->nsp_address_ptr->omalw_address_ptr->addr_ptr) {
+                return SN_NSDL_FAILURE;
+            }
+
+            memcpy(handle->nsp_address_ptr->omalw_address_ptr->addr_ptr, temp_ptr, i);
+
+            temp_ptr += i + 1;
+
+            /* Set port */
+            if( *(temp_ptr + (uri_len - (temp_ptr - uri) - 1)) == '/' ){
+                handle->nsp_address_ptr->omalw_address_ptr->port = sn_nsdl_atoi(temp_ptr, uri_len - (temp_ptr - uri) - 1);
+            }else{
+                handle->nsp_address_ptr->omalw_address_ptr->port = sn_nsdl_atoi(temp_ptr, uri_len - (temp_ptr - uri));
+            }
+        }
+    } else {
+        return SN_NSDL_FAILURE;
+    }
+
+    return SN_NSDL_SUCCESS;
+}
+
+
+int8_t sn_nsdl_process_oma_tlv(struct nsdl_s *handle, uint8_t *data_ptr, uint16_t data_len)
+{
+    uint8_t *temp_ptr = data_ptr;
+    uint8_t type = 0;
+    uint16_t identifier = 0;
+    uint32_t length = 0;
+    uint8_t path_temp[5] = "0/0/x";
+
+    sn_nsdl_resource_info_s resource_temp = {
+        .resource_parameters_ptr = 0,
+        .mode = SN_GRS_STATIC,
+        .pathlen = 5,
+        .path = path_temp,
+        .resourcelen = 0,
+        .resource = 0,
+        .access = (sn_grs_resource_acl_e) 0x0f, /* All allowed */
+        .sn_grs_dyn_res_callback = 0
+    };
+
+    while ((temp_ptr - data_ptr) < data_len) {
+        /* Save type for future use */
+        type = *temp_ptr++;
+
+        /* * Bit 5: Indicates the Length of the Identifier. * */
+        if (type & 0x20) {
+            /* 1=The Identifier field of this TLV is 16 bits long */
+            identifier = (uint8_t)(*temp_ptr++) << 8;
+            identifier += (uint8_t) * temp_ptr++;
+        } else {
+            /* 0=The Identifier field of this TLV is 8 bits long */
+            identifier = (uint8_t) * temp_ptr++;
+        }
+
+        /* * Bit 4-3: Indicates the type of Length. * */
+        if ((type & 0x18) == 0) {
+            /* 00 = No length field, the value immediately follows the Identifier field in is of the length indicated by Bits 2-0 of this field */
+            length = (type & 0x07);
+        } else if ((type & 0x18) == 0x08) {
+            /* 01 = The Length field is 8-bits and Bits 2-0 MUST be ignored */
+            length = *temp_ptr++;
+        } else if ((type & 0x18) == 0x10) {
+            /* 10 = The Length field is 16-bits and Bits 2-0 MUST be ignored */
+            length = (uint8_t)(*temp_ptr++) << 8;
+            length += (uint8_t) * temp_ptr++;
+        } else if ((type & 0x18) == 0x18) {
+            /* 11 = The Length field is 24-bits and Bits 2-0 MUST be ignored */
+            length = (uint8_t)(*temp_ptr++);
+            length = length << 16;
+            length += (uint8_t)(*temp_ptr++) << 8;
+            length += (uint8_t) * temp_ptr++;
+        }
+
+        /* * Bits 7-6: Indicates the type of Identifier. * */
+        if ((type & 0xC0) == 0x00) {
+            /* 00 = Object Instance in which case the Value contains one or more Resource TLVs */
+            /* Not implemented, return failure */
+        } else if ((type & 0xC0) == 0xC0) {
+            /* 11 = Resource with Value */
+            switch (identifier) {
+                case 0:
+                    /* Resolve LWM2M Server URI */
+                    sn_nsdl_resolve_lwm2m_address(handle, temp_ptr, length);
+                    path_temp[4] = '0';
+                    resource_temp.resource = temp_ptr;
+                    resource_temp.resourcelen = length;
+                    if (sn_nsdl_create_resource(handle, &resource_temp) != SN_NSDL_SUCCESS) {
+                        return SN_NSDL_FAILURE;
+                    }
+                    break;
+                case 2:
+                    /* Resolve security Mode */
+                    handle->nsp_address_ptr->omalw_server_security = (omalw_server_security_t)sn_nsdl_atoi(temp_ptr, length);
+                    path_temp[4] = '2';
+                    resource_temp.resource = temp_ptr;
+                    resource_temp.resourcelen = length;
+                    if (sn_nsdl_create_resource(handle, &resource_temp) != SN_NSDL_SUCCESS) {
+                        return SN_NSDL_FAILURE;
+                    }
+
+                    break;
+                case 3:
+                    /* Public Key or Identity */
+                    path_temp[4] = '3';
+                    resource_temp.resource = temp_ptr;
+                    resource_temp.resourcelen = length;
+                    if (sn_nsdl_create_resource(handle, &resource_temp) != SN_NSDL_SUCCESS) {
+                        return SN_NSDL_FAILURE;
+                    }
+                    break;
+                case 4:
+                    /* Server Public Key or Identity */
+                    ;
+                    path_temp[4] = '4';
+                    resource_temp.resource = temp_ptr;
+                    resource_temp.resourcelen = length;
+                    if (sn_nsdl_create_resource(handle, &resource_temp) != SN_NSDL_SUCCESS) {
+                        return SN_NSDL_FAILURE;
+                    }
+
+                    break;
+                case 5:
+                    /* Secret Key */
+                    path_temp[4] = '5';
+                    resource_temp.resource = temp_ptr;
+                    resource_temp.resourcelen = length;
+                    if (sn_nsdl_create_resource(handle, &resource_temp) != SN_NSDL_SUCCESS) {
+                        return SN_NSDL_FAILURE;
+                    }
+                    break;
+                default:
+                    break;
+            }
+
+            /* Move pointer to next TLV message */
+            temp_ptr += length;
+        }
+    }
+
+    return SN_NSDL_SUCCESS;
+}
+
+static void sn_nsdl_check_oma_bs_status(struct nsdl_s *handle)
+{
+    /* Check OMA BS status */
+    if ((handle->nsp_address_ptr->omalw_server_security == PSK) && (handle->nsp_address_ptr->omalw_address_ptr->type != SN_NSDL_ADDRESS_TYPE_NONE)) {
+        /* call cb that oma bootstrap is done */
+        if(handle->sn_nsdl_oma_bs_done_cb != 0){
+            handle->sn_nsdl_oma_bs_done_cb(handle->nsp_address_ptr);
+        }
+    } else if ((handle->nsp_address_ptr->omalw_server_security == CERTIFICATE) && (handle->nsp_address_ptr->omalw_address_ptr->type != SN_NSDL_ADDRESS_TYPE_NONE) &&
+               ((sn_nsdl_get_resource(handle, 5, (void *)"0/0/5") != 0) &&
+                (sn_nsdl_get_resource(handle, 5, (void *)"0/0/4") != 0) &&
+                (sn_nsdl_get_resource(handle, 5, (void *)"0/0/3") != 0))) {
+        if( handle->sn_nsdl_oma_bs_done_cb ){
+            handle->sn_nsdl_oma_bs_done_cb(handle->nsp_address_ptr);
+        }
+    }
+}
+
+static int8_t set_endpoint_info(struct nsdl_s *handle, sn_nsdl_ep_parameters_s *endpoint_info_ptr)
+{
+    if (handle->ep_information_ptr->domain_name_ptr) {
+        handle->sn_nsdl_free(handle->ep_information_ptr->domain_name_ptr);
+        handle->ep_information_ptr->domain_name_ptr = 0;
+        handle->ep_information_ptr->domain_name_len = 0;
+    }
+
+    if (handle->ep_information_ptr->endpoint_name_ptr) {
+        handle->sn_nsdl_free(handle->ep_information_ptr->endpoint_name_ptr);
+        handle->ep_information_ptr->endpoint_name_ptr = 0;
+        handle->ep_information_ptr->endpoint_name_len = 0;
+    }
+
+    if (endpoint_info_ptr->domain_name_ptr && endpoint_info_ptr->domain_name_len) {
+        handle->ep_information_ptr->domain_name_ptr = handle->sn_nsdl_alloc(endpoint_info_ptr->domain_name_len);
+
+        if (!handle->ep_information_ptr->domain_name_ptr) {
+            return -1;
+        }
+
+        memcpy(handle->ep_information_ptr->domain_name_ptr, endpoint_info_ptr->domain_name_ptr, endpoint_info_ptr->domain_name_len);
+        handle->ep_information_ptr->domain_name_len = endpoint_info_ptr->domain_name_len;
+    }
+
+    if (endpoint_info_ptr->endpoint_name_ptr && endpoint_info_ptr->endpoint_name_len) {
+        handle->ep_information_ptr->endpoint_name_ptr = handle->sn_nsdl_alloc(endpoint_info_ptr->endpoint_name_len);
+
+        if (!handle->ep_information_ptr->endpoint_name_ptr) {
+            if (handle->ep_information_ptr->domain_name_ptr) {
+                handle->sn_nsdl_free(handle->ep_information_ptr->domain_name_ptr);
+                handle->ep_information_ptr->domain_name_ptr = 0;
+                handle->ep_information_ptr->domain_name_len = 0;
+            }
+            return -1;
+        }
+
+        memcpy(handle->ep_information_ptr->endpoint_name_ptr, endpoint_info_ptr->endpoint_name_ptr, endpoint_info_ptr->endpoint_name_len);
+        handle->ep_information_ptr->endpoint_name_len = endpoint_info_ptr->endpoint_name_len;
+    }
+
+    handle->ep_information_ptr->binding_and_mode = endpoint_info_ptr->binding_and_mode;
+    handle->ep_information_ptr->ds_register_mode = endpoint_info_ptr->ds_register_mode;
+
+    handle->ep_information_ptr->location_ptr = 0;
+    handle->ep_information_ptr->location_len = 0;
+
+    return 0;
+}
+
+/* Wrapper */
+sn_grs_resource_list_s *sn_nsdl_list_resource(struct nsdl_s *handle, uint16_t pathlen, uint8_t *path)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return NULL;
+    }
+
+    return sn_grs_list_resource(handle->grs, pathlen, path);
+}
+
+void sn_nsdl_free_resource_list(struct nsdl_s *handle, sn_grs_resource_list_s *list)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return;
+    }
+
+    sn_grs_free_resource_list(handle->grs, list);
+}
+
+extern int8_t sn_nsdl_update_resource(struct nsdl_s *handle, sn_nsdl_resource_info_s *res)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    return sn_grs_update_resource(handle->grs, res);
+}
+
+extern int8_t sn_nsdl_send_coap_message(struct nsdl_s *handle, sn_nsdl_addr_s *address_ptr, sn_coap_hdr_s *coap_hdr_ptr)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    return sn_grs_send_coap_message(handle, address_ptr, coap_hdr_ptr);
+}
+
+extern int8_t sn_nsdl_create_resource(struct nsdl_s *handle, sn_nsdl_resource_info_s *res)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    return sn_grs_create_resource(handle->grs, res);
+}
+
+extern int8_t sn_nsdl_delete_resource(struct nsdl_s *handle, uint16_t pathlen, uint8_t *path)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return SN_NSDL_FAILURE;
+    }
+
+    return sn_grs_delete_resource(handle->grs, pathlen, path);
+}
+extern const sn_nsdl_resource_info_s *sn_nsdl_get_first_resource(struct nsdl_s *handle)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return NULL;
+    }
+
+    return sn_grs_get_first_resource(handle->grs);
+}
+extern const sn_nsdl_resource_info_s *sn_nsdl_get_next_resource(struct nsdl_s *handle, const sn_nsdl_resource_info_s *resource)
+{
+    /* Check parameters */
+    if (handle == NULL) {
+        return NULL;
+    }
+
+    return sn_grs_get_next_resource(handle->grs, resource);
+}
+
+extern sn_coap_hdr_s *sn_nsdl_build_response(struct nsdl_s *handle, sn_coap_hdr_s *coap_packet_ptr, uint8_t msg_code)
+{
+    if (handle == NULL) {
+        return NULL;
+    }
+
+    return sn_coap_build_response(handle->grs->coap, coap_packet_ptr, msg_code);
+}
+
+extern void sn_nsdl_release_allocated_coap_msg_mem(struct nsdl_s *handle, sn_coap_hdr_s *freed_coap_msg_ptr)
+{
+    if (handle == NULL) {
+        return;
+    }
+
+    sn_coap_parser_release_allocated_coap_msg_mem(handle->grs->coap, freed_coap_msg_ptr);
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-classic/mbed-client-classic/m2mconnectionhandlerpimpl.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_CONNECTION_HANDLER_PIMPL_H__
+#define M2M_CONNECTION_HANDLER_PIMPL_H__
+
+#include "mbed-client/m2mconfig.h"
+#include "mbed-client/m2minterface.h"
+#include "mbed-client/m2mconnectionobserver.h"
+#include "mbed-client/m2mconnectionsecurity.h"
+#include "nsdl-c/sn_nsdl.h"
+
+#include "Socket/Socket.h"
+#include "Socket/Endpoint.h"
+#include "Socket/UDPSocket.h"
+#include "threadwrapper.h"
+#include "Thread.h"
+#include "Queue.h"
+#include <string>
+
+
+class M2MConnectionSecurity;
+class M2MConnectionHandler;
+class M2MSecurity;
+
+/**
+ * @brief M2MConnectionHandlerPimpl.
+ * This class handles the socket connection for LWM2M Client
+ */
+
+
+class M2MConnectionHandlerPimpl {
+public:
+
+    /**
+    * @brief Constructor
+    */
+    M2MConnectionHandlerPimpl(M2MConnectionHandler* base, M2MConnectionObserver &observer,
+                              M2MConnectionSecurity* sec,
+                              M2MInterface::BindingMode mode,
+                              M2MInterface::NetworkStack stack);
+
+    /**
+    * @brief Destructor
+    */
+    ~M2MConnectionHandlerPimpl();
+
+    /**
+    * @brief This binds the socket connection.
+    * @param listen_port Port to listen for incoming connection.
+    * @return true if successful else false.
+    */
+    bool bind_connection(const uint16_t listen_port);
+
+    /**
+    * @brief This resolves the server address. Output is
+    * returned through callback
+    * @param String server address.
+    * @param uint16_t Server port.
+    * @param ServerType, Server Type to be resolved.
+    * @return true if address is valid else false.
+    */
+    bool resolve_server_address(const String& server_address,
+                                const uint16_t server_port,
+                                M2MConnectionObserver::ServerType server_type,
+                                const M2MSecurity* security);
+
+    /**
+    * @brief Sends data, to the connected sent to server.
+    * @param data, Data to be sent.
+    */
+    bool send_data(uint8_t *data_ptr,
+                   uint16_t data_len,
+                   sn_nsdl_addr_s *address_ptr);
+
+    /**
+    * @brief Listens for incoming data from remote server
+    * @return true if successful else false.
+    */
+    bool start_listening_for_data();
+
+    /**
+    * @brief Stops listening for incoming data
+    */
+    void stop_listening();
+
+    /**
+     * @brief send_to_socket Sends directly to socket. This is used by
+     * security classes to send after data has been encrypted.
+     * @param buf Buffer to send
+     * @param len Length of a buffer
+     * @return Number of bytes sent or -1 if failed
+     */
+    int send_to_socket(const unsigned char *buf, size_t len);
+
+    /**
+     * @brief receive_from_socket Receives directly from a socket. This
+     * is used by security classes to receive raw data to be decrypted.
+     * @param buf Buffer to send
+     * @param len Length of a buffer
+     * @return Number of bytes read or -1 if failed.
+     */
+    int receive_from_socket(unsigned char *buf, size_t len);
+
+    /**
+    * @brief Error handling for DTLS connectivity.
+    * @param error, Error code from TLS library
+    */
+    void handle_connection_error(int error);
+
+private:
+    /**
+    * @brief Internal handler for recieving data
+    */
+    void listen_handler();
+    
+    /**
+    * @brief Internal handlers for managing the ethernet driver
+    */
+    void recv_handler();
+    void send_handler();
+
+private:
+    M2MConnectionHandler                        *_base;
+    M2MConnectionObserver                       &_observer;
+    M2MConnectionSecurity                       *_security_impl; //owned
+    bool                                        _use_secure_connection;
+    String                                      _server_address;
+    unsigned char                               _address_buffer[4];
+    M2MInterface::BindingMode                   _binding_mode;
+    M2MInterface::NetworkStack                  _network_stack;
+    M2MConnectionObserver::SocketAddress        _address;
+    bool                                        _resolved;
+    bool                                        _is_handshaking;
+    
+    Endpoint                                    _endpoint;
+    UDPSocket                                   _socket;
+    bool                                        _listening;
+    rtos::Thread                                *_listen_thread;
+    unsigned char                               _listen_buffer[1024];
+    
+    bool                                        _running;
+    unsigned char                               _recv_buffer[1024];
+    
+    rtos::Thread                                *_recv_thread;
+    rtos::Queue<std::string, 16>                _recv_queue;
+    rtos::Thread                                *_send_thread;
+    rtos::Queue<std::string, 16>                _send_queue;
+    
+
+friend class Test_M2MConnectionHandlerPimpl;
+friend class Test_M2MConnectionHandlerPimpl_mbed;
+friend class M2MConnection_TestObserver;
+};
+
+#endif //M2M_CONNECTION_HANDLER_PIMPL_H__
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-classic/mbed-client-classic/m2mtimerpimpl.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_TIMER_PIMPL_H__
+#define M2M_TIMER_PIMPL_H__
+
+#include <stdint.h>
+
+#include "mbed-client/m2mtimerobserver.h"
+#include "threadwrapper.h"
+
+
+class M2MTimerPimpl {
+private:
+    // Prevents the use of assignment operator
+    M2MTimerPimpl& operator=(const M2MTimerPimpl& other);
+
+    // Prevents the use of copy constructor
+    M2MTimerPimpl(const M2MTimerPimpl& other);
+
+    /**
+    * Constructor.
+    */
+    M2MTimerPimpl(M2MTimerObserver& observer);
+
+    /**
+    * Destructor.
+    */
+    virtual ~M2MTimerPimpl();
+
+    /**
+    * Starts timer
+    * @param interval Timer's interval in milliseconds
+    * @param single_shot defines if timer is ticked
+    * once or is it restarted everytime timer is expired.
+    */
+    void start_timer(uint64_t interval, M2MTimerObserver::Type type, bool single_shot = true);
+
+    /**
+    * @brief Starts timer in DTLS manner
+    * @param intermediate_interval Intermediate interval to use, must be smaller than tiotal (usually 1/4 of total)
+    * @param total_interval Total interval to use; This is the timeout value of a DTLS packet
+    * @param type Type of the timer
+    */
+    void start_dtls_timer(uint64_t intermediate_interval, uint64_t total_interval, M2MTimerObserver::Type type);
+
+    /**
+    * Stops timer.
+    * This cancels the ongoing timer.
+    */
+    void stop_timer();
+    
+    /**
+    * Callback function for timer completion.
+    */
+    //void timer_expired();
+
+    /**
+     * @brief Checks if the intermediate interval has passed
+     * @return true if interval has passed, false otherwise
+     */
+    bool is_intermediate_interval_passed();
+
+    /**
+     * @brief Checks if the total interval has passed
+     * @return true if interval has passed, false otherwise
+     */
+    bool is_total_interval_passed();
+
+private:
+    /**
+     * @brief Internal handler for timing
+     */
+    void timer_run();
+
+private:
+    M2MTimerObserver&   _observer;
+    bool                _single_shot;
+    uint64_t            _interval;
+    M2MTimerObserver::Type  _type;
+
+    uint64_t            _intermediate_interval;
+    uint64_t            _total_interval;
+    uint8_t             _status;
+    bool                _dtls_type;
+
+    rtos::Thread        *_thread;
+    bool                _running;
+
+    friend class M2MTimer;
+    friend class Test_M2MTimerPimpl_mbed;
+};
+
+#endif //M2M_TIMER_PIMPL_H__
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-classic/mbed-client-classic/threadwrapper.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_THREAD_WRAPPER_H__
+#define M2M_THREAD_WRAPPER_H__
+
+#include <Thread.h>
+
+namespace rtos {
+
+// Wrapper for more complex function as thread targets
+template <typename T, void (*F)(T *)>
+static void __thread_pointer_wrapper(const void *data)
+{
+    F((T*)data);
+}
+
+template <typename T, void (*F)(T *)>
+static Thread *create_thread(T *arg=NULL,
+                             osPriority priority=osPriorityNormal,
+                             uint32_t stack_size=DEFAULT_STACK_SIZE,
+                             unsigned char *stack_pointer=NULL)
+{
+    return new Thread(__thread_pointer_wrapper<F,T>, (void *)arg,
+                      priority, stack_size, stack_pointer);
+}
+
+template <class T, void (T::*M)()>
+static void __thread_class_wrapper(const void *data)
+{
+    (((T*)data)->*M)();
+}
+
+template <class T, void (T::*M)()>
+static Thread *create_thread(T *obj,
+                             osPriority priority=osPriorityNormal,
+                             uint32_t stack_size=DEFAULT_STACK_SIZE,
+                             unsigned char *stack_pointer=NULL)
+{
+    return new Thread(__thread_class_wrapper<T,M>, (void *)obj,
+                      priority, stack_size, stack_pointer);
+}
+
+}
+                                          
+
+#endif //M2M_OBJECT_THREAD_H__
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-classic/source/m2mconnectionhandler.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client-classic/m2mconnectionhandlerpimpl.h"
+#include "mbed-client/m2mconnectionobserver.h"
+#include "mbed-client/m2mconnectionhandler.h"
+#include "mbed-client/m2mconstants.h"
+
+M2MConnectionHandler::M2MConnectionHandler(M2MConnectionObserver &observer,
+                                           M2MConnectionSecurity* sec,
+                                           M2MInterface::BindingMode mode,
+                                           M2MInterface::NetworkStack stack)
+:_observer(observer)
+{
+    _private_impl = new M2MConnectionHandlerPimpl(this, observer, sec, mode, stack);
+}
+
+M2MConnectionHandler::~M2MConnectionHandler()
+{
+    delete _private_impl;
+}
+
+bool M2MConnectionHandler::bind_connection(const uint16_t listen_port)
+{
+
+    return _private_impl->bind_connection(listen_port);
+}
+
+bool M2MConnectionHandler::resolve_server_address(const String& server_address,
+                                                      const uint16_t server_port,
+                                                      M2MConnectionObserver::ServerType server_type,
+                                                      const M2MSecurity* security)
+{
+    return _private_impl->resolve_server_address(server_address, server_port,
+                                                 server_type, security);
+}
+
+bool M2MConnectionHandler::start_listening_for_data()
+{
+    return _private_impl->start_listening_for_data();
+}
+
+void M2MConnectionHandler::stop_listening()
+{
+    _private_impl->stop_listening();
+}
+
+int M2MConnectionHandler::send_to_socket(const unsigned char *buf, size_t len)
+{
+    return _private_impl->send_to_socket(buf, len);
+}
+
+int M2MConnectionHandler::receive_from_socket(unsigned char *buf, size_t len)
+{
+    return _private_impl->receive_from_socket(buf, len);
+}
+
+bool M2MConnectionHandler::send_data(uint8_t *data,
+                                     uint16_t data_len,
+                                     sn_nsdl_addr_s *address)
+{
+    return _private_impl->send_data(data, data_len, address);
+}
+
+void M2MConnectionHandler::handle_connection_error(int error)
+{
+    _private_impl->handle_connection_error(error);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-classic/source/m2mconnectionhandlerpimpl.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,253 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client-classic/m2mconnectionhandlerpimpl.h"
+#include "mbed-client/m2mconnectionobserver.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2msecurity.h"
+#include "mbed-client/m2mconnectionhandler.h"
+
+#include "Socket/TCPSocketConnection.h"
+#include "Socket/UDPSocket.h"
+#include "threadwrapper.h"
+#include "mbed_error.h"
+
+
+M2MConnectionHandlerPimpl::M2MConnectionHandlerPimpl(M2MConnectionHandler* base, M2MConnectionObserver &observer,
+                                                     M2MConnectionSecurity* sec,
+                                                     M2MInterface::BindingMode mode,
+                                                     M2MInterface::NetworkStack stack)
+:_base(base),
+ _observer(observer),
+ _security_impl(sec),
+ _use_secure_connection(false),
+ _binding_mode(mode),
+ _network_stack(stack),
+ _resolved(true),
+ _is_handshaking(false),
+ _listening(false),
+ _listen_thread(0),
+ _recv_thread(0),
+ _send_thread(0)
+{
+    memset(&_address_buffer, 0, sizeof _address_buffer);
+    memset(&_address, 0, sizeof _address);
+    _address._address = _address_buffer;
+
+    if (_network_stack != M2MInterface::LwIP_IPv4) {
+        error("ConnectionHandler: Unsupported network stack, only IPv4 is currently supported");
+    }
+    
+    if (_binding_mode == M2MInterface::TCP ||
+        _binding_mode == M2MInterface::TCP_QUEUE) {
+        error("ConnectionHandler: Unsupported binding mode, only UDP based modes are currently supported");
+    }
+    
+    _running = true;
+    _recv_thread = rtos::create_thread<
+        M2MConnectionHandlerPimpl,
+        &M2MConnectionHandlerPimpl::recv_handler>(this, osPriorityAboveNormal);
+    _send_thread = rtos::create_thread<
+        M2MConnectionHandlerPimpl,
+        &M2MConnectionHandlerPimpl::send_handler>(this);
+    _listen_thread = rtos::create_thread<
+        M2MConnectionHandlerPimpl,
+        &M2MConnectionHandlerPimpl::listen_handler>(this);    
+}
+
+M2MConnectionHandlerPimpl::~M2MConnectionHandlerPimpl()
+{
+    _listening = false;
+    _running = false;
+    
+    if (_listen_thread) {
+        delete _listen_thread;
+        _listen_thread = 0;
+    }
+    
+    if (_recv_thread) {
+        delete _recv_thread;
+        _recv_thread = 0;
+    }
+    
+    if (_send_thread) {
+        delete _send_thread;
+        _send_thread = 0;
+    }
+    
+    delete _security_impl;
+}
+
+bool M2MConnectionHandlerPimpl::bind_connection(const uint16_t listen_port)
+{
+    return !(_socket.bind(listen_port) < 0);
+}
+
+bool M2MConnectionHandlerPimpl::resolve_server_address(const String& server_address,
+                                                       const uint16_t server_port,
+                                                       M2MConnectionObserver::ServerType server_type,
+                                                       const M2MSecurity* security)
+{
+    if (_endpoint.set_address(server_address.c_str(), server_port) < 0) {
+        return false;
+    }
+
+    inet_aton(_endpoint.get_address(), _address._address);
+    _address._port = _endpoint.get_port();
+    _address._length = 4;
+    _address._stack = _network_stack;
+
+    if (security) {
+        if (security->resource_value_int(M2MSecurity::SecurityMode) == M2MSecurity::Certificate ||
+            security->resource_value_int(M2MSecurity::SecurityMode) == M2MSecurity::Psk) {
+            if (_security_impl != NULL) {
+                _security_impl->reset();
+                _security_impl->init(security);
+                
+                if (_security_impl->connect(_base) < 0) {
+                    return false;
+                }
+                
+                _use_secure_connection = true;
+            }
+        }
+    }
+    
+    _observer.address_ready(_address,
+                            server_type,
+                            _address._port);
+    
+    return true;
+}
+
+
+void M2MConnectionHandlerPimpl::recv_handler()
+{
+    while (_running) {
+        Endpoint recv_endpoint;
+        int size = _socket.receiveFrom(recv_endpoint,
+            (char*)_recv_buffer, sizeof _recv_buffer);
+    
+        if (size > 0) {
+            _recv_queue.put(new std::string(_recv_buffer, _recv_buffer+size));
+        } else {
+            rtos::Thread::wait(1000);
+        }
+    }
+}
+
+void M2MConnectionHandlerPimpl::send_handler()
+{    
+    while (_running) {
+        osEvent e = _send_queue.get();
+        if (e.status == osEventMessage) {
+            std::string *packet = (std::string*)e.value.p;
+            int size = _socket.sendTo(_endpoint, (char*)packet->data(), packet->size());
+            delete packet;
+        } else {
+            rtos::Thread::wait(1000);
+        }
+    }
+}
+
+bool M2MConnectionHandlerPimpl::send_data(uint8_t *data,
+                                          uint16_t data_len,
+                                          sn_nsdl_addr_s *address)
+{
+    if (address == NULL || data == NULL) {
+        return false;
+    }
+    
+    if (_use_secure_connection) {
+        if (_security_impl->send_message(data, data_len) < 0) {
+            return false;
+        }
+    } else {
+        if (send_to_socket(data, data_len) < 0) {
+            return false;
+        }
+    }
+    
+    _observer.data_sent();
+    return true;
+}
+
+bool M2MConnectionHandlerPimpl::start_listening_for_data()
+{
+    _listening = true;
+    return true;
+}
+
+void M2MConnectionHandlerPimpl::stop_listening()
+{
+    _listening = false;
+}
+
+void M2MConnectionHandlerPimpl::listen_handler()
+{
+    while (_running) {
+        if (_listening) {
+            memset(_listen_buffer, 0, sizeof _listen_buffer);
+            int size;
+            
+            if (_use_secure_connection) {
+                size = _security_impl->read(_listen_buffer, sizeof _listen_buffer);
+            } else {
+                size = receive_from_socket(_listen_buffer, sizeof _listen_buffer);
+            }
+            
+            if (size > 0) {
+                _observer.data_available((uint8_t*)_listen_buffer, size, _address);
+            } else if (size != 0) {
+                _listening = false;
+                _observer.socket_error(2);
+            }
+        } else {
+            rtos::Thread::wait(1000);
+        }
+    }
+}
+
+
+int M2MConnectionHandlerPimpl::send_to_socket(const unsigned char *buf, size_t len)
+{
+    if (_send_queue.put(new std::string(buf, buf+len)) != osOK) {
+        return M2MConnectionHandler::CONNECTION_ERROR_WANTS_WRITE;
+    } else {
+        return len;
+    }
+}
+
+int M2MConnectionHandlerPimpl::receive_from_socket(unsigned char *buf, size_t len)
+{
+    osEvent e = _recv_queue.get();
+    if (e.status == osEventMessage) {
+        std::string *packet = (std::string*)e.value.p;
+        int size = packet->size();
+        
+        if (size <= len) {
+            memcpy(buf, packet->data(), size);
+            delete packet;
+            return size;
+        }
+    }
+    
+    return M2MConnectionHandler::CONNECTION_ERROR_WANTS_READ;
+}
+
+void M2MConnectionHandlerPimpl::handle_connection_error(int /*error*/)
+{
+    _observer.socket_error(4);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-classic/source/m2mtimer.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mtimer.h"
+#include "mbed-client/m2mtimerobserver.h"
+#include "mbed-client-classic/m2mtimerpimpl.h"
+
+
+M2MTimer::M2MTimer(M2MTimerObserver& observer)
+: _observer(observer)
+{
+    _private_impl = new M2MTimerPimpl(observer);
+}
+
+M2MTimer::~M2MTimer()
+{
+    delete _private_impl;
+    _private_impl = NULL;
+}
+
+void M2MTimer::start_timer( uint64_t interval,
+                            M2MTimerObserver::Type type,
+                            bool single_shot)
+{
+    _private_impl->start_timer(interval,
+                               type,
+                               single_shot);
+}
+
+void M2MTimer::start_dtls_timer(uint64_t intermediate_interval, uint64_t total_interval, M2MTimerObserver::Type type){
+    _private_impl->start_dtls_timer(intermediate_interval, total_interval, type);
+}
+
+void M2MTimer::stop_timer()
+{
+    _private_impl->stop_timer();
+}
+
+bool M2MTimer::is_intermediate_interval_passed(){
+    return _private_impl->is_intermediate_interval_passed();
+}
+
+bool M2MTimer::is_total_interval_passed(){
+    return _private_impl->is_total_interval_passed();
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-classic/source/m2mtimerpimpl.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client-classic/m2mtimerpimpl.h"
+#include "mbed-client/m2mtimerobserver.h"
+#include <cstdio>
+
+M2MTimerPimpl::M2MTimerPimpl(M2MTimerObserver& observer)
+: _observer(observer),
+  _single_shot(true),
+  _interval(0),
+  _type(M2MTimerObserver::Notdefined),
+  _intermediate_interval(0),
+  _total_interval(0),
+  _status(0),
+  _dtls_type(false),
+  _thread(0)
+{
+    
+}
+
+M2MTimerPimpl::~M2MTimerPimpl()
+{
+    stop_timer();
+}
+
+void M2MTimerPimpl::start_timer(uint64_t interval,
+                                M2MTimerObserver::Type type,
+                                bool single_shot)
+{
+    _dtls_type = false;
+    _intermediate_interval = 0;
+    _total_interval = 0;
+    _status = 0;
+    _single_shot = single_shot;
+    _interval = interval;
+    _type = type;
+    _running = true;
+
+    _thread = rtos::create_thread<M2MTimerPimpl, &M2MTimerPimpl::timer_run>(this);
+}
+
+void M2MTimerPimpl::start_dtls_timer(uint64_t intermediate_interval, uint64_t total_interval, M2MTimerObserver::Type type)
+{
+    _dtls_type = true;
+    _intermediate_interval = intermediate_interval;
+    _total_interval = total_interval;
+    _status = 0;
+    _type = type;
+    _running = true;
+
+    _thread = rtos::create_thread<M2MTimerPimpl, &M2MTimerPimpl::timer_run>(this);
+}
+
+void M2MTimerPimpl::stop_timer()
+{
+    _running = false;
+    
+    if (_thread) {
+        delete _thread;
+        _thread = NULL;
+    }
+}
+
+void M2MTimerPimpl::timer_run()
+{
+    if (!_dtls_type) {
+        while (_running) {
+            _thread->wait(_interval);
+            if (!_running) return;
+            _observer.timer_expired(_type);
+            if (_single_shot) return;
+        }
+    } else {
+        _thread->wait(_intermediate_interval);
+        if (!_running) return;
+        _status++;
+        _thread->wait(_total_interval - _intermediate_interval);
+        if (!_running) return;
+        _status++;
+        _observer.timer_expired(_type);
+    }
+}
+
+bool M2MTimerPimpl::is_intermediate_interval_passed()
+{
+    if (_status > 0) {
+        return true;
+    }
+    return false;
+}
+
+bool M2MTimerPimpl::is_total_interval_passed()
+{
+    if (_status > 1) {
+        return true;
+    }
+    return false;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-mbedtls/LICENSE	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2 @@
+Unless specifically indicated otherwise in a file, files are licensed
+under the Apache 2.0 license, as can be found in: apache-2.0.txt
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-mbedtls/README.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2 @@
+# mbed-client-mbedtls
+Mbedtls specific implementation, which can be used by mbed clients
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-mbedtls/apache-2.0.txt	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+    You must give any other recipients of the Work or Derivative Works a copy of this License; and
+    You must cause any modified files to carry prominent notices stating that You changed the files; and
+    You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+    If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+    You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-mbedtls/mbed-client-mbedtls/m2mconnectionsecuritypimpl.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __M2M_CONNECTION_SECURITY_PIMPL_H__
+#define __M2M_CONNECTION_SECURITY_PIMPL_H__
+
+#include "mbed-client/m2mconnectionsecurity.h"
+#include "mbed-client/m2mtimerobserver.h"
+
+#include "mbedtls/config.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/entropy_poll.h"
+
+class M2MSecurity;
+class M2MTimer;
+
+//TODO: Should we let application to select these or not??
+const static int PSK_SUITES[] = {
+    MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
+    MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
+    0
+};
+
+
+class M2MConnectionSecurityPimpl : public M2MTimerObserver {
+private:
+    // Prevents the use of assignment operator by accident.
+    M2MConnectionSecurityPimpl& operator=( const M2MConnectionSecurityPimpl& /*other*/ );
+    // Prevents the use of copy constructor by accident
+    M2MConnectionSecurityPimpl( const M2MConnectionSecurityPimpl& /*other*/ );
+
+public:
+    M2MConnectionSecurityPimpl(M2MConnectionSecurity::SecurityMode mode);
+
+    virtual ~M2MConnectionSecurityPimpl();
+
+    void reset();
+
+    int init(const M2MSecurity *security);
+
+    int start_connecting_non_blocking(M2MConnectionHandler* connHandler);
+    int continue_connecting();
+
+    int connect(M2MConnectionHandler* connHandler);
+
+    int send_message(unsigned char *message, int len);
+
+    int read(unsigned char* buffer, uint16_t len);
+
+public: //From M2MTimerObserver
+    virtual void timer_expired(M2MTimerObserver::Type type);
+
+private:
+    bool                        _init_done;
+    mbedtls_ssl_config          _conf;
+    mbedtls_ssl_context         _ssl;
+
+    mbedtls_x509_crt            _cacert;
+    mbedtls_x509_crt            _owncert;
+    mbedtls_pk_context          _pkey;
+
+    mbedtls_ctr_drbg_context    _ctr_drbg;
+    mbedtls_entropy_context     _entropy;
+
+    uint32_t                    _flags;
+    M2MTimer                    *_timmer;
+
+    M2MConnectionSecurity::SecurityMode _sec_mode;
+    bool                        _is_blocking;
+
+    unsigned char               _buf[1024];
+
+    friend class Test_M2MConnectionSecurityPimpl;
+};
+
+#endif //__M2M_CONNECTION_SECURITY_PIMPL_H__
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-mbedtls/source/m2mconnectionsecurity.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string.h>
+#include "mbed-client/m2mconnectionhandler.h"
+#include "mbed-client/m2mconnectionsecurity.h"
+#include "mbed-client/m2mtimer.h"
+#include "mbed-client/m2msecurity.h"
+#include "mbed-client-mbedtls/m2mconnectionsecuritypimpl.h"
+
+M2MConnectionSecurity::M2MConnectionSecurity(SecurityMode mode)
+{
+    _private_impl = new M2MConnectionSecurityPimpl(mode);
+}
+
+M2MConnectionSecurity::~M2MConnectionSecurity(){
+    delete _private_impl;
+}
+
+void M2MConnectionSecurity::reset(){
+    _private_impl->reset();
+}
+
+int M2MConnectionSecurity::init(const M2MSecurity *security){
+    return _private_impl->init(security);
+}
+
+int M2MConnectionSecurity::start_connecting_non_blocking(M2MConnectionHandler* connHandler)
+{
+    return _private_impl->start_connecting_non_blocking(connHandler);
+}
+
+int M2MConnectionSecurity::continue_connecting()
+{
+    return _private_impl->continue_connecting();
+}
+
+int M2MConnectionSecurity::connect(M2MConnectionHandler* connHandler){
+    return _private_impl->connect(connHandler);
+}
+
+int M2MConnectionSecurity::send_message(unsigned char *message, int len){
+    return _private_impl->send_message(message, len);
+}
+
+int M2MConnectionSecurity::read(unsigned char* buffer, uint16_t len){
+    return _private_impl->read(buffer, len);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client-mbedtls/source/m2mconnectionsecuritypimpl.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,415 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "mbed-client/m2mconnectionhandler.h"
+#include "mbed-client-mbedtls/m2mconnectionsecuritypimpl.h"
+#include "mbed-client/m2mtimer.h"
+#include "mbed-client/m2msecurity.h"
+#include <string.h>
+
+void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
+int mbedtls_timing_get_delay( void *data );
+int entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen );
+//Point these back to M2MConnectionHandler!!!
+int f_send( void *ctx, const unsigned char *buf, size_t len );
+int f_recv(void *ctx, unsigned char *buf, size_t len);
+int f_recv_timeout(void *ctx, unsigned char *buf, size_t len, uint32_t some);
+
+bool cancelled;
+
+M2MConnectionSecurityPimpl::M2MConnectionSecurityPimpl(M2MConnectionSecurity::SecurityMode mode)
+  : _flags(0),
+    _sec_mode(mode),
+    _is_blocking(false)
+{
+    _init_done = false;
+    cancelled = true;
+    _timmer = new M2MTimer(*this);
+    mbedtls_ssl_init( &_ssl );
+    mbedtls_ssl_config_init( &_conf );
+    mbedtls_x509_crt_init( &_cacert );
+    mbedtls_x509_crt_init(&_owncert);
+    mbedtls_pk_init(&_pkey);
+    mbedtls_ctr_drbg_init( &_ctr_drbg );
+    mbedtls_entropy_init( &_entropy );
+}
+
+M2MConnectionSecurityPimpl::~M2MConnectionSecurityPimpl(){
+    mbedtls_ssl_config_free(&_conf);
+    mbedtls_ssl_free(&_ssl);
+    mbedtls_x509_crt_free(&_cacert);
+    mbedtls_x509_crt_free(&_owncert);
+    mbedtls_pk_free(&_pkey);
+    mbedtls_ctr_drbg_free( &_ctr_drbg );
+    mbedtls_entropy_free( &_entropy );
+    delete _timmer;
+}
+
+void M2MConnectionSecurityPimpl::timer_expired(M2MTimerObserver::Type type){
+    if(type == M2MTimerObserver::Dtls && !cancelled && !_is_blocking){
+        int error = continue_connecting();
+        if(MBEDTLS_ERR_SSL_TIMEOUT == error) {
+            if(_ssl.p_bio) {
+                M2MConnectionHandler* ptr = (M2MConnectionHandler*)_ssl.p_bio;
+                ptr->handle_connection_error(4);
+            }
+        }
+    } else {
+        if(_ssl.p_bio) {
+            M2MConnectionHandler* ptr = (M2MConnectionHandler*)_ssl.p_bio;
+            ptr->handle_connection_error(4);
+        }
+    }
+}
+
+void M2MConnectionSecurityPimpl::reset(){
+    _init_done = false;
+    cancelled = true;
+    mbedtls_ssl_config_free(&_conf);
+    mbedtls_ssl_free(&_ssl);
+    mbedtls_x509_crt_free(&_cacert);
+    mbedtls_x509_crt_free(&_owncert);
+    mbedtls_pk_free(&_pkey);
+    mbedtls_ctr_drbg_free( &_ctr_drbg );
+    mbedtls_entropy_free( &_entropy );
+    _timmer->stop_timer();
+}
+
+int M2MConnectionSecurityPimpl::init(const M2MSecurity *security){
+    int ret=-1;
+    if( security != NULL ){
+        const char *pers = "dtls_client";
+        mbedtls_ssl_init( &_ssl );
+        mbedtls_ssl_config_init( &_conf );
+        mbedtls_x509_crt_init( &_cacert );
+        mbedtls_x509_crt_init(&_owncert);
+        mbedtls_pk_init(&_pkey);
+        mbedtls_ctr_drbg_init( &_ctr_drbg );
+
+        mbedtls_entropy_init( &_entropy );
+
+        uint8_t *serPub = 0;
+        uint32_t serPubSize = security->resource_value_buffer(M2MSecurity::ServerPublicKey, serPub);
+
+        uint8_t *pubCert = 0;
+        uint32_t pubCertSize = security->resource_value_buffer(M2MSecurity::PublicKey, pubCert);
+
+        uint8_t *secKey = 0;
+        uint32_t secKeySize = security->resource_value_buffer(M2MSecurity::Secretkey, secKey);
+
+
+        if( serPub == NULL || pubCert == NULL || secKey == NULL ||
+            serPubSize == 0 || pubCertSize == 0 || secKeySize == 0 ){
+            return -1;
+        }
+
+
+        if( mbedtls_entropy_add_source( &_entropy, entropy_poll, NULL,
+                                    128, 0 ) < 0 ){
+            free(serPub);
+            free(pubCert);
+            free(secKey);
+            return -1;
+        }
+
+        if( ( ret = mbedtls_ctr_drbg_seed( &_ctr_drbg, mbedtls_entropy_func, &_entropy,
+                                   (const unsigned char *) pers,
+                                   strlen( pers ) ) ) != 0 )
+        {
+            free(serPub);
+            free(pubCert);
+            free(secKey);
+            return -1;
+        }
+
+        int mode = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+        if( _sec_mode == M2MConnectionSecurity::TLS ){
+            mode = MBEDTLS_SSL_TRANSPORT_STREAM;
+        }
+
+        if( ( ret = mbedtls_ssl_config_defaults( &_conf,
+                           MBEDTLS_SSL_IS_CLIENT,
+                           mode, 0 ) ) != 0 )
+        {
+            free(serPub);
+            free(pubCert);
+            free(secKey);
+            return -1;
+        }
+
+        if( security->resource_value_int(M2MSecurity::SecurityMode) == M2MSecurity::Certificate ){
+
+            ret = mbedtls_x509_crt_parse( &_cacert, (const unsigned char *) serPub,
+                                      serPubSize );
+            if( ret < 0 )
+            {
+                free(serPub);
+                free(pubCert);
+                free(secKey);
+                return -1;
+            }
+
+            ret = mbedtls_x509_crt_parse( &_owncert, (const unsigned char *) pubCert,
+                                      pubCertSize );
+            if( ret < 0 )
+            {
+
+                free(serPub);
+                free(pubCert);
+                free(secKey);
+                return -1;
+            }
+
+            ret = mbedtls_pk_parse_key(&_pkey, (const unsigned char *) secKey, secKeySize, NULL, 0);
+            free(serPub);
+            free(pubCert);
+            free(secKey);
+
+            if( ret < 0 )
+            {
+                return -1;
+            }
+
+            mbedtls_ssl_conf_own_cert(&_conf, &_owncert, &_pkey);
+            //TODO: use MBEDTLS_SSL_VERIFY_REQUIRED instead of optional
+            //MBEDTLS_SSL_VERIFY_NONE to test without verification (was MBEDTLS_SSL_VERIFY_OPTIONAL)
+            mbedtls_ssl_conf_authmode( &_conf, MBEDTLS_SSL_VERIFY_NONE );
+            mbedtls_ssl_conf_ca_chain( &_conf, &_cacert, NULL );
+        }else if(security->resource_value_int(M2MSecurity::SecurityMode) == M2MSecurity::Psk ){
+            ret = mbedtls_ssl_conf_psk(&_conf, secKey, secKeySize, pubCert, pubCertSize);
+            mbedtls_ssl_conf_ciphersuites(&_conf, PSK_SUITES);
+            free(serPub);
+            free(pubCert);
+            free(secKey);
+        }else{
+            free(serPub);
+            free(pubCert);
+            free(secKey);
+        }
+
+        if( ret >= 0 ){
+            _init_done = true;
+        }
+    }
+
+    return ret;
+}
+
+int M2MConnectionSecurityPimpl::connect(M2MConnectionHandler* connHandler){
+    int ret=-1;
+    if(!_init_done){
+        return ret;
+    }
+
+    _is_blocking = true;
+
+    // This is for blocking sockets timeout happens once at 60 seconds
+    mbedtls_ssl_conf_handshake_timeout( &_conf, 60000, 61000 );
+    mbedtls_ssl_conf_rng( &_conf, mbedtls_ctr_drbg_random, &_ctr_drbg );
+
+    if( ( ret = mbedtls_ssl_setup( &_ssl, &_conf ) ) != 0 )
+    {
+       return -1;
+    }
+
+    //TODO: check is this needed
+//    if( ( ret = mbedtls_ssl_set_hostname( &_ssl, "linux-secure-endpoint" ) ) != 0 )
+//    {
+//       return -1;
+//    }
+
+    mbedtls_ssl_set_bio( &_ssl, connHandler,
+                        f_send, f_recv, f_recv_timeout );
+
+    mbedtls_ssl_set_timer_cb( &_ssl, _timmer, mbedtls_timing_set_delay,
+                                            mbedtls_timing_get_delay );
+
+    do ret = mbedtls_ssl_handshake( &_ssl );
+    while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+           ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+    if( ret != 0 )
+    {
+        ret = -1;
+    }else{
+        if( ( _flags = mbedtls_ssl_get_verify_result( &_ssl ) ) != 0 )
+        {
+            ret = -1;
+        }
+    }
+    return ret;
+}
+
+int M2MConnectionSecurityPimpl::start_connecting_non_blocking(M2MConnectionHandler* connHandler)
+{
+    int ret=-1;
+    if(!_init_done){
+        return ret;
+    }
+
+    _is_blocking = false;
+    int mode = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+    if( _sec_mode == M2MConnectionSecurity::TLS ){
+        mode = MBEDTLS_SSL_TRANSPORT_STREAM;
+    }
+
+    if( ( ret = mbedtls_ssl_config_defaults( &_conf,
+                       MBEDTLS_SSL_IS_CLIENT,
+                       mode, 0 ) ) != 0 )
+    {
+        return -1;
+    }
+
+    // This is for non-blocking sockets total timeout is 1+2+4+8+16+29=60 seconds
+    mbedtls_ssl_conf_handshake_timeout( &_conf, 10000, 29000 );
+    mbedtls_ssl_conf_rng( &_conf, mbedtls_ctr_drbg_random, &_ctr_drbg );
+
+    if( ( ret = mbedtls_ssl_setup( &_ssl, &_conf ) ) != 0 )
+    {
+       return -1;
+    }
+
+    mbedtls_ssl_set_bio( &_ssl, connHandler,
+                        f_send, f_recv, f_recv_timeout );
+
+    mbedtls_ssl_set_timer_cb( &_ssl, _timmer, mbedtls_timing_set_delay,
+                                            mbedtls_timing_get_delay );
+
+    ret = mbedtls_ssl_handshake_step( &_ssl );
+    if( ret == 0 ){
+        ret = mbedtls_ssl_handshake_step( &_ssl );
+    }
+
+    if( ret >= 0){
+        ret = 1;
+    }else
+    {
+        ret = -1;
+    }
+    return ret;
+}
+
+int M2MConnectionSecurityPimpl::continue_connecting()
+{
+    int ret=-1;
+    while( ret != M2MConnectionHandler::CONNECTION_ERROR_WANTS_READ){
+        ret = mbedtls_ssl_handshake_step( &_ssl );
+        if( MBEDTLS_ERR_SSL_WANT_READ == ret ){
+            ret = M2MConnectionHandler::CONNECTION_ERROR_WANTS_READ;
+        }
+        if(MBEDTLS_ERR_SSL_TIMEOUT == ret ||
+           MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO == ret ||
+           MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE == ret ||
+           MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST == ret ||
+           MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE == ret ||
+           MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE == ret ||
+           MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC == ret ||
+           MBEDTLS_ERR_SSL_BAD_HS_FINISHED == ret) {
+            return MBEDTLS_ERR_SSL_TIMEOUT;
+        }
+        if( _ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ){
+            return 0;
+        }
+    }
+    return ret;
+}
+
+int M2MConnectionSecurityPimpl::send_message(unsigned char *message, int len){
+    int ret=-1;
+    if(!_init_done){
+        return ret;
+    }
+
+    do ret = mbedtls_ssl_write( &_ssl, (unsigned char *) message, len );
+    while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+           ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+    return ret; //bytes written
+}
+
+int M2MConnectionSecurityPimpl::read(unsigned char* buffer, uint16_t len){
+    int ret=-1;
+    if(!_init_done){
+        return 0;
+    }
+
+    memset( buffer, 0, len );
+    do ret = mbedtls_ssl_read( &_ssl, buffer, len-1 );
+    while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
+           ret == MBEDTLS_ERR_SSL_WANT_WRITE );
+
+    return ret; //bytes read
+}
+
+int f_send( void *ctx, const unsigned char *buf, size_t len){
+    M2MConnectionHandler* handler = ((M2MConnectionHandler *) ctx);
+    return handler->send_to_socket(buf, len);
+}
+
+int f_recv(void *ctx, unsigned char *buf, size_t len){
+    M2MConnectionHandler* handler = ((M2MConnectionHandler *) ctx);
+    return handler->receive_from_socket(buf, len);
+}
+
+int f_recv_timeout(void *ctx, unsigned char *buf, size_t len, uint32_t /*some*/){
+    return f_recv(ctx, buf, len);
+}
+
+int entropy_poll( void *, unsigned char *output, size_t len,
+                           size_t *olen )
+{
+    srand(time(NULL));
+    char *c = (char*)malloc(len);
+    memset(c, 0, len);
+    for(uint16_t i=0; i < len; i++){
+        c[i] = rand() % 256;
+    }
+    memmove(output, c, len);
+    *olen = len;
+
+    free(c);
+    return( 0 );
+}
+
+void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ){
+    M2MTimer* timer = (M2MTimer*) data;
+    if(!timer) {
+        return;
+    }
+    if( int_ms > 0 && fin_ms > 0 ){
+        cancelled = false;
+        timer->start_dtls_timer(int_ms, fin_ms);
+    }else{
+        cancelled = true;
+        timer->stop_timer();
+    }
+}
+
+int mbedtls_timing_get_delay( void *data ){
+    M2MTimer* timer = (M2MTimer*) data;
+    if(!timer){
+        return 0;
+    }
+    if(true == cancelled) {
+        return -1;
+    } else if( timer->is_total_interval_passed() ){
+        return 2;
+    }else if( timer->is_intermediate_interval_passed() ){
+        return 1;
+    }else{
+        return 0;
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/LICENSE	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,202 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/README.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,7 @@
+ARM mbed Client
+=======================
+
+This repository contains ARM mbed Client: a library that connects devices to mbed Device Connector Service, mbed Device Server (mDS) and to mbed-enabled cloud services from our partners.
+
+The documentation is collected under the docs directory and the **mbed Client Guide** is also hosted [here](https://docs.mbed.com/docs/mbed-client-guide/en/latest/).
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/docs/Howto.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,296 @@
+# How to use the mbed Client API
+
+This section explains how to create different types of Objects, Object Instances and Resources for the client to comply with the OMA LWM2M specifications.
+
+In order for the client to communicate its resources to the mbed Device Server (mbed DS), it needs to create Objects, Object Instances and Resources. You can do this easily with the Client C++ APIs, where the client can define its resources in a similar structure to the one defined in the LWM2M specification.
+
+This quick guide will explain how you can create and configure these resources using the C++ API.
+
+## How to create and configure Objects
+
+The M2MObject class is derived from the M2MBase class, so all the public methods can be used from the M2MObject and its derived classes.
+
+### Creating OMA-defined Objects
+
+#### Device Object
+
+There is a direct API in the M2MInterfaceFactory class to create a Device Object:
+
+`static M2MDevice *create_device();`
+
+Because there can be only one instance of M2MDevice, it is a static class and you can delete it as follows:
+
+`M2MDevice::delete_instance();`
+
+Check the M2MDevice class documentation to see how to configure the device object, as well as how to create appropriate Resources and assign values to them. 
+
+#### Security Object
+
+There is a direct API in the M2MInterfaceFactory class to create a Security Object:
+
+`static M2MSecurity *create_security(M2MSecurity::ServerType server_type);`
+
+You can create a Bootstrap or normal mbed Device Server by passing the appropriate `enum` value.
+
+Check the M2MSecurity class documentation to see how to configure the security object, as well as how to create appropriate Resources and assign values to them.
+
+#### Creating a custom Object
+
+As per the OMA LWM2M specification, the client must have defined Objects, under which it can create Object Instances. You can create an M2MObject using this API from the M2MInterfaceFactory class:
+
+`static M2MObject *create_object(const String &name);`
+
+You need to pass the name of the Object that you would like to create (for example `Test`); this will create an object with that name in mbed DS.
+
+#### Configuring the Object
+
+Once you have created an Object (whether OMA-specific or custom), you can configure various parameters in that object so that they can be controlled or modified to affect communication with mbed DS.
+
+Here, we discuss a few of the most important parameters, which you must configure properly to work with the objects.
+
+##### Setting Operation Mode
+
+You can set the operation mode of the objects so that they can handle `GET`, `PUT`, `POST`, `DELETE` or a combination of these requests coming from mbed DS.
+
+The API that sets the operation mode (present in the M2MBase class) is:
+
+`virtual void set_operation(M2MBase::Operation operation);`
+
+##### Setting Observable Mode
+
+You can set the object to be an observing resource. You can set the observable mode using the following API:
+
+`virtual void set_observable(bool observable);`
+
+##### Setting CoAP content type
+
+Currently, the only available content type is the OMA TLV type. The OMA TLV type works only for objects with a numeric value. For example, if you are creating a custom object it must be of a numeric type like `100`; only then the CoAP TLV type will work for the custom object. 
+
+If you want your object to support the TLV type, set the object's CoAP content type as `99`:
+
+`virtual void set_coap_content_type(const uint8_t content_type);`
+
+Later we will introduce support for the JSON content types.
+
+## How to create and configure Object Instances
+
+The M2MObjectInstance class is derived from the M2MBase class, so all the public methods from M2MObjectInstance and its derived classes can be used.
+
+### Creating OMA defined ObjectInstance
+
+#### Device ObjectInstance
+
+Because there can only be one instance for the Device Object, the ObjectInstance is automatically created when creating an M2MDevice Object.
+
+#### Security ObjectInstance
+
+Because there can only be one instance for the Device Object, the Object Instance is automatically created when creating an M2MDevice Object based on a selected server type.
+
+#### Creating custom object instances
+
+As per the OMA LWM2M specification, the client must have created Object Instances under Objects, which will eventually contain Resources.
+
+You can create an M2M Object Instance using this API from the M2MObject class:
+
+`M2MObject::create_object_instance(uint16_t instance_id);`
+
+You can pass an Object Instance ID to create appropriate Object Instances. Normally, Object Instances will start from `0` and increment. So the Object Instance structure on the mbed DS side would look like this:
+
+`Object/Object Instance ID`
+
+You need to pass the name of the Object Instance ID that you would like to create (for example `0`); this will create an object `/Test/0` in mbed DS.
+
+### Configuring the Object Instance
+
+When you have created an Object Instance (whether OMA-specific or custom), you can configure various parameters in that object so that they can be controlled or modified to affect communication with mbed DS.
+
+Here, we present a few of the most important parameters that you must configure properly to work with the object instances.
+
+#### Setting operation mode
+
+You can set the operation mode of the Object Instances so that they can handle `GET`, `PUT`, `POST`, `DELETE` or a combination of these requests coming from mbed DS.
+
+The API that you can use to set the operation mode (present in the M2MBase class) is:
+
+`virtual void set_operation(M2MBase::Operation operation);`
+
+#### Setting observable mode
+
+You can set the object to be an observing resource. 
+
+You can set the observable mode using the following API:
+
+`virtual void set_observable(bool observable);`
+
+#### Setting CoAP content type
+
+Currently, the only available content type is the OMA TLV type. The OMA TLV type works only for objects with a numeric value. For example, if are creating a custom object it must be of a numeric type like `100`; only then the CoAP TLV type will work for the custom object. 
+
+If you want your object to support the TLV type, set the CoAP content type of the object to `99`:
+
+`virtual void set_coap_content_type(const uint8_t content_type);`
+
+Later we will introduce support for the JSON content types.
+
+Apart from this, there are multiple APIs that provide getter and remove functions for Object Instances in the M2MObjectInstance class; check the API documentation for their usage. 
+
+## How to create and configure Resources and Resource Instances
+
+The M2MResource class is derived from the M2MResourceInstance, which in turn is derived from the M2MBase class, so all the public methods can be used from M2MResource or M2MResourceInstance and their derived classes.
+
+### Creating OMA-defined Resources
+
+#### Device Object Resources
+
+There are direct APIs to create and set values for the Device Resources. You can create the required Resource and set values based on their data types.
+
+- For Resources that take `string` values:
+
+`M2MResource* create_resource(DeviceResource resource, const String &value);`
+
+- For Resources that take `integer` values:
+
+`M2MResource* create_resource(DeviceResource resource, uint32_t value);`
+
+- There are a few resources that can have multiple instances. To create these resources, use these APIs:
+
+`M2MResourceInstance* create_resource_instance(DeviceResource resource, uint32_t value,uint16_t instance_id);`
+
+Where `instance_id` is the Resource Instance ID, for example `/3/0/11/0`.
+
+Check the M2MDevice API documentation to find which enums are supported for `integer` or `string` value types.
+
+There are other APIs in the M2MDevice class that you can use to set, remove and modify new values for the resources.
+
+#### Security Object Resources
+
+There are direct APIs to create and set values for the Security Resources, based on their data types.
+
+Most of the mandatory resources are created automatically when you create an M2MSecurity object. You can set their values using the following APIs:
+
+- For resources that take `integer` values:
+
+`bool set_resource_value(SecurityResource resource,uint32_t value);`
+
+- For resources that take `string` values:
+
+`bool set_resource_value(SecurityResource resource,const String &value);`
+
+- For resources that take binary values, like setting public keys and certificates:
+
+`bool set_resource_value(SecurityResource resource,onst uint8_t *value,const uint16_t length);`
+
+- You can create and set values for Resources that are not mandatory, and which take an `integer` value, using this API:
+
+`M2MResource* create_resource(SecurityResource resource, uint32_t value);`
+
+Check the M2MSecurity API documentation to find which enums are supported for `integer`, `string` or `uint8_t*` value types.
+
+There are more APIs in the M2MSecurity class that you can use to set, remove and modify Resource values.
+
+#### Creating custom Resources
+
+As per the OMA LWM2M specification, the client must have Resources under Object Instances which belong to Objects.
+
+You can create different types of Resources or Resource Instances.
+
+There are two types of Resources:
+
+- **M2MResource**: a resource with a unique instance, for example `/Test/0/Resource`.
+
+- **M2MResourceInstance**: a resource with multiple instances, for example `/Test/0/Resource/0`, `/Test/0/Resource/1`.
+
+Apart from these two types, you can create two types of Resource and Resource Instances:
+
+- Static: Resource and Resource Instances whose value does not change over time.
+- Dynamic: Resource and Resource Instances whose value can change. These resources can be made observable.
+
+**Creating dynamic and static single-instance Resources**
+
+As per the OMA LWM2M specification, the client must have created Resources under Object Instance. You can create M2MResource from the M2MObjectInstance class.
+
+- You can create a single-instance Resource with a static value using this API:
+
+	``` 
+	M2MResource* create_static_resource(const String &resource_name,
+	                                    const String &resource_type,
+	                                    M2MResourceInstance::ResourceType type,
+                                            const uint8_t *value,
+                                            const uint8_t value_length,
+                                            bool multiple_instance = false);
+        ```
+
+- You can create a single-instance Resource with a dynamic value that can be set later on, using this API:
+
+	```
+	M2MResource* create_dynamic_resource(const String &resource_name,
+	                                     const String &resource_type,
+	                                     M2MResourceInstance::ResourceType type,
+                                             bool observable,
+                                             bool multiple_instance = false);
+        ```
+
+These APIs take different parameters that you can see in the documentation.
+
+**Creating dynamic and static Resource Instances**
+
+As per the OMA LWM2M specification, the client must have created Resource Instances under Resources. You can create M2MResourceInstance from the M2MObjectInstance class.
+
+- You can create a Resource Instance with a static value using this API:
+
+	```
+	M2MResourceInstance* create_static_resource_instance(const String &resource_name,
+							     const String &resource_type,
+							     M2MResourceInstance::ResourceType type,
+                                                             const uint8_t *value,
+                                                             const uint8_t value_length,
+                                                             uint16_t instance_id);
+        ```
+
+- You can create a Resource Instance with a dynamic value that can be set later on, using this API:
+
+	```
+	M2MResourceInstance* create_dynamic_resource_instance(const String &resource_name,
+							      const String &resource_type,
+							      M2MResourceInstance::ResourceType type,
+                                                              bool observable,
+                                                              uint16_t instance_id);
+        ```
+
+These APIs take different parameters that you can see in the documentation.
+
+#### Configuring the Resource and Resource Instance
+
+When you have created a Resource or Resource Instance (whether OMA-specific or custom), you can configure various parameters so they can be controlled or modified to affect communication with mbed DS.
+
+Here, we present a few of the most important parameters that you must configure properly to work with the Resource and Resource Instance.
+
+##### Setting Operation Mode
+
+You can set the Resource or Resource Instance operation mode so that they can handle `GET`, `PUT`, `POST`, `DELETE` or a combination of these requests coming from mbed DS.
+
+The API that you can use to set the operation mode (present in the M2MBase class) is:
+
+`virtual void set_operation(M2MBase::Operation operation);`
+
+##### Setting the value of a dynamic Resource or Resource Instance
+
+You can set the value of a dynamic Resource or Resource Instance so that they can be sent to mbed DS using `GET` requests.
+
+The API used to set the values (present in the M2MResourceInstance class) is:
+
+`virtual bool set_value(const uint8_t *value, const uint32_t value_length);`
+
+##### Setting an executable function
+
+For Dynamic Resources, you can pass a function pointer to the Resource or Resource Instance. It will be executed when mbed DS calls a `POST` method on that resource. The Resource or Resource Instance must support the `POST` operation mode for this feature to work.
+
+You can pass the function pointer using this API:
+
+`virtual void set_execute_function(execute_callback callback);`
+
+Apart from this, there are multiple APIs that provide getter and remove functions for Resource and Resource Instances in the M2MResource and M2MResourceInstance classes. Check the API documentation for their usage. 
+
+## API documentation
+
+You can generate Doxygen API documentation for these APIs from a doxy file in the `doxygen` folder. You need to run the `doxygen` command from the `doxygen/` folder; it will generate a `docs` folder at the API source directory root level, where you can find the detailed documentation for each API.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/docs/Introduction.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,380 @@
+# mbed Client API
+
+## Introduction
+
+mbed Client is an OS-agnostic embedded software library that provides the means to connect and manage constrained embedded devices to web applications through the mbed Device Server (mbed DS). 
+
+The mbed Device Client API allows mbed OS developers to create applications with LWM2M features. These features are described in the [Lightweight Machine to Machine Technical Specification](http://technical.openmobilealliance.org/Technical/technical-information/release-program/current-releases/oma-lightweightm2m-v1-0); they include high level APIs to manage devices on mbed DS, securely communicate with internet services over the industry standard TLS/DTLS, and fully control the endpoint and application logic. 
+
+The API is written in C++ to allow quick application development.
+
+## mbed Client interfaces
+
+There are three interfaces between mbed DS and mbed Client:
+
+- Client registration and deregistration
+- Device management and service enablement
+- Information reporting
+
+The API provides an interface to define the application endpoint information. This information will be delivered to mbed DS during the registration operation (explained below).
+
+To create an interface for your endpoint:
+
+```
+#include "mbed-client/m2minterfacefactory.h"
+#include "mbed-client/m2minterface.h"
+
+M2MInterface* interface = M2MInterfaceFactory::create_interface(*this,
+                                                  "mbed-endpoint",
+                                                  "test",
+                                                  3600,
+                                                  5684,
+                                                  "",
+                                                  M2MInterface::UDP,
+                                                  M2MInterface::LwIP_IPv4,
+                                                  "");
+```
+
+When you have created the interface, you can proceed to execute operations.
+
+### Client Registration Interface
+
+The client uses the Client Registration Interface to register with mbed DS, update registration and deregister.
+
+Currently, only one-to-one client-server registration is supported. One-to-many client-server registrations will be supported in an upcoming release.
+
+The Client Registration Interface includes multiple sub-features. Currently supported:
+
+- Register
+- Update 
+- Deregister
+
+### The Register feature
+
+This API enables the client registration functionality.
+
+When registering, the client:
+
+* Performs the **Register** operation and provides parameters that mbed DS requires to register the client (for example End Point Name).
+
+* Maintains the registration and session (for example Lifetime, Queue Mode).
+
+* Provides information on the Objects the client supports and existing Object Instances in the client.
+
+#### Registering your client
+
+To provide information to mbed DS and issue the register command:
+
+First you need to create an mbed DS object. This object contains information about mbed DS, such as its address and security mode.
+
+```
+#include "mbed-client/m2msecurity.h"
+ M2MSecurity *security = M2MInterfaceFactory::create_security(M2MSecurity::M2MServer);
+        if(security) {
+            security->set_resource_value(M2MSecurity::M2MServerUri, LWM2M_SERVER_ADDRESS);
+            security->set_resource_value(M2MSecurity::BootstrapServer, 0);
+            security->set_resource_value(M2MSecurity::SecurityMode, M2MSecurity::NoSecurity);
+        }
+```
+
+**Note**: This API supports both non-secure and secure mode operations. For secure mode, you will also need to provide certificate, private key and server public key through the API.
+
+Create a secure mode operation as follows:
+
+```
+#include "mbed-client/m2msecurity.h"
+ M2MSecurity *security = M2MInterfaceFactory::create_security(M2MSecurity::M2MServer);
+        if(security) {
+            security->set_resource_value(M2MSecurity::M2MServerUri, LWM2M_SERVER_ADDRESS);
+            security->set_resource_value(M2MSecurity::BootstrapServer, 0);
+            security->set_resource_value(M2MSecurity::SecurityMode, M2MSecurity::Certificate);
+            security->set_resource_value(M2MSecurity::ServerPublicKey,<SERVER_CERT>,sizeof(<SERVER_CERT>));
+            security->set_resource_value(M2MSecurity::PublicKey,<CERT>,sizeof(<CERT>));
+            security->set_resource_value(M2MSecurity::Secretkey,<KEY>,sizeof(<KEY>));   
+        }
+```
+
+Next, you need to register all the resources that you would like to monitor or follow via mbed DS. To do this, create the resource objects and pass them to the Register API for registration purposes.
+
+For example, if you want to register your OMA LWM2M based Device object, you need to create the object and set the values for mandatory resources as follows:
+
+```
+#include "mbed-client/m2mdevice.h"
+M2MDevice *device = M2MInterfaceFactory::create_device();
+if(device) {
+    device->create_resource(M2MDevice::Manufacturer,MANUFACTURER);
+	device->create_resource(M2MDevice::DeviceType,TYPE);
+	device->create_resource(M2MDevice::ModelNumber,MODEL_NUMBER);
+	device->create_resource(M2MDevice::SerialNumber,SERIAL_NUMBER);
+    }
+```
+
+**Note:** You can register other resources, including custom resources. Please check the API documentation for a detailed description of the M2MObject, M2MObjectInstance and M2MResource classes.
+
+You have the registration server object and resources that you want to register. Now, you need to call the register API and pass the following objects as parameters:
+
+```
+M2MInterface::register_object(M2MSecurity* register_object, M2MObjectList object_list);
+```
+
+**Success or failure callback**
+
+Because this is an asynchronous operation, you will receive the result of this operation through a callback defined in `m2minterfaceobserver.h` in your application.
+
+If the register operation is successful and the client can register all your resources to mbed DS, your application will receive the following callback:
+
+```
+void object_registered(M2MSecurity *server_object, const M2MServer& server)
+```
+
+The `M2MSecurity *server_object` specifies to which mbed DS instance the client has just registered and `M2MServer &server` contains the data related to mbed DS, including the Short ServerID and the client registration period.
+
+If the registration operation fails for some reason, you will receive the following callback:
+
+```
+void error(M2MInterface::Error error)
+```
+
+You will get more information about the error from the `error` parameter passed with the callback; use it to fix the source of the error.
+
+### Update
+
+Periodically, or in response to events within the client or as initiated by mbed DS, the client updates its registration information with mbed DS. It sends an **Update** operation to mbed DS.
+
+To update your registration:
+
+```
+M2MInterface::update_registration(M2MSecurity* security_object, const uint32_t lifetime)
+```
+
+Normally, the enabler will update the registration automatically, but if you want to renew the registration before that, you can use this API.
+
+**Success or failure callback**
+
+If the update operation is successful, your application will receive the following callback:
+
+```
+void registration_updated(M2MSecurity *const M2MServer& server)
+```
+
+The `M2MSecurity *server_object` specifies to which mbed DS instance the client has just updated the registration and `M2MServer &server` contains the data related to mbed DS, including the Short ServerID and the client registration period.
+
+If the update operation fails for some reason, you will receive the following callback:
+
+```
+void error(M2MInterface::Error error)
+```
+
+### Deregister
+
+The client can deregister from mbed DS when it no longer requires access to the server. When mbed DS receives the **Deregister** message it removes the device's registration information from its database. When the client needs mbed DS again, it will have to register again.
+
+To deregister your endpoint client:
+
+If the endpoint has multiple server registrations, you need to provide the `server_object` of the server where you would like to deregister your endpoint. Otherwise, if there is only one registration, you can pass `NULL` and the client will deregister the default registration.
+
+```
+M2MInterface::unregister_object(M2MSecurity *object);
+```
+
+**Success or failure callback**
+
+Because this is an asynchronous operation, you will receive the result of this operation through a callback defined in `m2minterfaceobserver.h` in your application.
+
+If the client is successfully deregistered from mbed DS, your application will receive the following callback:
+
+```
+void object_unregistered(M2MSecurity *server_object)
+```
+
+The `M2MSecurity *server_object` specifies from which mbed DS instance the client has just deregistered.
+
+If the deregistration operation fails for some reason, you will receive the following callback:
+
+```
+void error(M2MInterface::Error error)
+```
+
+You will get more information about the error from the `error` parameter passed with the callback; use it to fix the source of the problem.
+
+### Device Management and Service Enabler Interface
+
+mbed DS uses the Device Management and Service Enabler Interface to access Object Instances and Resources available on the client. The interface provides this access through the following operations:
+
+- **Create**
+- **Delete**
+- **Read**
+- **Write**
+- **Execute**
+- **Write Attributes**
+
+Currently, support for the Create and Delete actions is limited to Object Instances.
+
+The Device Management and Service Enabler Interface supports the following data types:
+
+- Text - for Resources.
+- TLV - for Object and Object Instances.
+
+### Read
+
+The Client API allows setting values to Resources, an array of Resource Instances, an Object Instance or all the Object Instances of an Object (TLV format supported). mbed DS can then read these values using the **Read** operation.
+
+**Creating Resources**
+
+There are two types of resources you can create:
+
+- Static: you set the value of the resource once and it does not change during the course of operations.
+- Dynamic: the value is expected to change during the course of operations. Therefore, the value is fetched from setter APIs every time the server requests a `GET` operation.
+
+Here is an example of creating a custom static Resource:
+
+```
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+_object = M2MInterfaceFactory::create_object("Test");
+if(_object) {
+    M2MObjectInstance* inst = _object->create_object_instance();
+    if(inst) {
+    	inst->create_static_resource("S",
+        			     "ResourceTest",
+                                     STATIC_VALUE,
+                                     sizeof(STATIC_VALUE)-1);
+```
+
+And here is an example of creating a custom dynamic Resource:
+
+```
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+_object = M2MInterfaceFactory::create_object("Test");
+if(_object) {
+    M2MObjectInstance* inst = _object->create_object_instance();
+    if(inst) {
+	M2MResource* res = inst->create_dynamic_resource("D","ResourceTest",true);
+        char buffer[20];
+        int size = sprintf(buffer,"%d",_value);
+        res->set_operation(M2MBase::GET_PUT_ALLOWED);
+        res->set_value((const uint8_t*)buffer,
+                                   (const uint32_t)size);
+```
+
+For more information on different resource functionalities, please check the API documentation for the M2MObject, M2MObjectInstance and M2MResource classes.
+
+### Write
+
+The **Write** operation is used to overwrite the value of a Resource, an array of Resource Instances or multiple Resources from an Object Instance. 
+
+Whenever there is a valid `PUT` operation for any of the resources, the application will receive a callback:
+
+```
+void value_updated(M2MBase *base, M2MBase::BaseType type) 
+```
+
+Where `M2MBase` is the object whose value has been updated and `M2MBase::BaseType` is the object type.
+
+### Write Attributes
+
+Any readable Resource can have attributes that are considered during the **Observe** operation (explained below). The following attributes are used:
+
+- Minimum Period (pmin)
+- Maximum Period (pmax)
+- Greater Than (gt)
+- Less Than (lt)
+- Step (st)
+
+mbed DS sets the endpoint attribute values that are used to determine when the endpoint sends the Resource value to the server.
+
+Check the LWM2M specification for details of all the possible **Write Attributes** defined for different types of Objects and Resources.
+
+### Execute
+
+mbed DS uses the **Execute** operation to perform an action. This operation can only be performed on individual Resources. 
+
+**Note:** The client **must** return an error when the **Execute** operation is received for Object Instances or Resource Instances.
+
+Here is an implementation example for the **Execute** operation:
+
+```
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+
+    void M2MLWClient::execute_function(void */*argument*/) {
+    }
+
+_object = M2MInterfaceFactory::create_object("Test");
+if(_object) {
+    M2MObjectInstance* inst = _object->create_object_instance();
+    if(inst) {
+	M2MResource* res = inst->create_dynamic_resource("D","ResourceTest",true);
+        char buffer[20];
+        int size = sprintf(buffer,"%d",_value);
+        res->set_operation(M2MBase::GET_PUT_POST_ALLOWED);
+        res->set_value((const uint8_t*)buffer,
+                       (const uint32_t)size);
+        res->set_execute_function(execute_callback(this,&M2MLWClient::execute_function));
+```
+
+When the client receives the `POST` request for Execute from mbed DS for this resource, this function will be called and executed.
+
+### Information Reporting Interface
+
+mbed DS uses the Information Reporting Interface to observe any changes in a registered Resource on the client, receiving notifications when new values are available. 
+
+The interface supports the following sub-features:
+
+- Observe
+- Notify
+- Cancel
+
+### Observe
+
+mbed DS initiates an observation request to change the value of a dynamic Resource.
+
+**Tip:** Related parameters for the **Observe** operation are described in the [Write Attributes](#write-attributes) section.
+
+To make your Resource observable, you need to set the Observable parameter of your object to `true`:
+
+```
+ object->set_observable(true);
+```
+
+If you want a dynamic resource to be observable, do the following when creating the resource:
+
+```
+M2MResource* create_dynamic_resource(const String &resource_name,
+                                         const String &resource_type,
+                                         M2MResourceInstance::ResourceType type,
+                                         bool observable,
+                                         bool multiple_instance =false);
+```
+
+The mbed Client will handle the observation part once you have defined the Resources to be observable.
+
+### Notify
+
+The client sends the **Notify** operation to mbed DS during a valid observation on a Resource, when the notification conditions are met.
+
+### Cancel
+
+mbed DS sends the **Cancel Observation** operation to the client to end an observation relationship for an Object Instance or a Resource.
+
+## More Information
+
+This API is based on OMA LWM2M specification. You can get the specification [here](http://technical.openmobilealliance.org/Technical/technical-information/release-program/current-releases/oma-lightweightm2m-v1-0).
+
+## How to use the API
+More information on how to use the API effectively to create and configure Objects, Object Instances and Resources, can be found [here](Howto.md).
+
+## API documentation
+
+You can generate Doxygen API documentation for these APIs from a doxy file present in the `doxygen` folder. You need to run the `doxygen` command from the `doxygen/` folder; it will generate a `docs` folder at the API source directory root level. The folder contains detailed documentation for each API.
+
+## Example application
+
+An example application running on mbedOS is available [here](https://github.com/ARMmbed/mbed-client-examples).
+
+An example application running on Ubuntu is available [here](https://github.com/ARMmbed/mbed-client-linux-example).
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/docs/index.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,5 @@
+ARM mbed Client
+=====================
+
+mbed Client implements a subset of mbed OS functionality and is optimized for constrained networks and devices; it uses the Constrained 
+Application Protocol (CoAP) to provide energy-efficient communication and supports security measures tailored for low-memory devices.
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/docs/known-issues-mbed-client1511.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,64 @@
+# Known Issues
+
+## About this document
+
+This is the list of known issues for the 15.11 release of [mbed Client](https://github.com/ARMmbed/mbed-client). We publish mbed-client as module in GitHub, and track open issues as tickets in the repository. That makes for an easy development flow, but doesn’t make it very easy for you to get a single view of all the issues that affect the whole release. 
+
+The purpose of this document is to provide that single view of all the key issues we are aware of. It isn’t a complete list; it’s a filtered and reviewed list, focusing on the issues we thought you’d want to be aware of. Each item explains the problem, as well as workarounds if those are possible. For items filed through GitHub, we’ve included a link to the issue so that you can follow the discussion and code - or even suggest a solution.
+
+For more information about an issue, contact us on the [mbed forums](http://forums.mbed.com).
+
+### Other information not in this document
+
+We’re still very actively building mbed Client and the 15.11 release is a technology preview. As such there are some other limitations of the release that you can find described in the [release note](https://www.mbed.com/en/development/software/mbed-client/releases/mbed-client1511).
+
+#### Important Note for Windows Users
+
+If you are using this release on Microsoft Windows, please be advised that
+because of the way Windows handles filename and paths, you may have problems
+if you attempt to use this in a deep directory hierarchy with a long
+path name (e.g. `c:\some\very\long\path`). If you experience problems
+unpacking or building this release, please try it in a location with a
+shorter path before filing a bug. Thanks.
+
+***
+### mbed Client API may not be fully interoperable with other LWM2M servers.
+
+*Description*: mbed Client API is OMA LWM2M compatible. However, some features may not be fully interoperable against other open source LWM2M servers. This is the first release version and more features will be made interoperable over coming releases.
+
+*Workaround*: mbed Client is compatible with mbed Device Connector Service, which can be tested at [https://connector.mbed.com](https://connector.mbed.com).
+
+*Reported Issue*: ARM internal reference IOTCLT-366
+
+*Priority*: Major
+
+### mbed Client for Linux doesn't support IPv6 connectivity
+
+*Description*: mbed Client for Linux platform currently works only for IPv4-enabled LWM2M server addresses. IPv6 address support is currently broken.
+
+*Workaround*: mbed Client is compatible with mbed Device Connector Service which can be tested from [https://connector.mbed.com](https://connector.mbed.com) over IPv4 Address.
+
+*Reported Issue*: https://github.com/ARMmbed/mbed-client-linux/issues/19
+
+*Priority*: Major
+
+### mbed Client will occasionally disconnect from LWM2M Server because of network errors
+
+*Description*: If mbed Client is kept running for long durations (over 24 hours) with long lifetime values, it occasionally  goes offline due to unstable network conditions - and doesn't send periodic updates to LWM2M server.
+
+*Workaround*: Set the periodic lifetime value to less than 15 minutes if you want to run stability tests. Also, implement a network error handling mechanism on the application side, to handle `error()` callbacks received from the mbed-client library.
+
+*Reported Issue*: ARM internal reference IOTCLT-206
+
+*Priority*: Major
+
+### mbed Client might experience a memory leak when running for long durations
+
+*Description*: mbed Client might have memory leak issues when left running for longer than 12 hours.
+
+*Workaround*: None
+
+*Reported Issue*: ARM internal reference IOTCLT-290
+
+*Priority*: Major
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/docs/porting-guide.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,555 @@
+# Introduction to mbed Client
+
+mbed Client is structured as a set of modules. Each module declares which other modules it depends on. When you build a module, our build system `yotta` looks at these dependencies and installs the necessary modules before completing the build.
+
+This is also the process to build applications for the mbed Client (including the example application in the release). The application declares dependencies on the mbed Client and when it is built, `yotta` ensures that the modules (and anything that they depend on, recursively) are present before building. 
+
+In this release, all the necessary modules for the examples (the ones that the examples depend on) have been pre-installed in the `yotta_modules` directory of each example program, so you do not need to download them separately. In general, `yotta` downloads and installs the necessary modules over the internet from the public yotta Registry (which saves published versions of modules) or from a specified source control URL.
+
+# Building and testing mbed Client
+
+Before embarking on your own port, you should build the core mbed Client for an existing compilation target to get an understanding of how the mbed Client builds. You can find a general guide for building the mbed Client and its example application in the mbed Client release notes.
+
+# Components of mbed Client
+
+## Component software modules
+
+The mbed Client consists of one main component. More major components will be added in the further development phases:
+
+ * `mbed-client` is the core mbed Client, providing C++ APIs for the mbed Client.
+
+This module depends on further internal modules:
+
+```
+mbed-client x.x.x
+|
+|_mbed-client-c x.x.x
+|   |_mbed-client-libservice x.x.x
+|
+|_mbed-client-linux x.x.x
+```
+
+To list the dependency trees, give [`yotta list --all` command](http://docs.yottabuild.org/reference/commands.html).
+
+**Note**: In this case, we have listed the dependencies for the `x86-linux-native` compilation target. Different modules are needed for different compilation target.
+
+If you list the modules included in the mbed Client linux example, you can see that it depends directly only on the `mbed-client` and `mbed-client-linux` modules. These modules depend internally on various other modules.
+
+```
+mbed-client-linux-example x.x.x
+|
+|_mbed-client x.x.x
+   |
+   |_mbed-client-c x.x.x
+   |   |_mbed-client-libservice x.x.x
+   |
+   |_mbed-client-linux 0.0.2
+```
+
+## Compilation targets
+
+This release supports only one compilation target:
+
+ * `x86-linux-native`: to compile for linux OS, using the gcc toolchain.
+
+To select the compilation target used for compiling a library or an example program, give the command `yotta target x86-linux-native` before building. More documentation on target descriptions can be found on the [yotta
+documentation site](http://docs.yottabuild.org/tutorial/targets.html).
+
+# Porting mbed Client to different platform
+
+To port mbed Client to a new platform, perform the following steps:
+
+ 1. Contact [support@mbed.org](mailto:support@mbed.org), to request for new development repositories for your target platform.
+ 2. Create a yotta compilation target for your board.
+ 3. Implement the `mbed-client-xxx` module for your target platform where `xxx` is the name for your platform (for example, `linux`).
+ 4. Make sure that your port is updated into `module.json` of the `mbed-client` module.
+ 5. Verify that your implementation is correct.
+
+The `yotta` build system is designed for easy reuse of generic modules. If you intend to support multiple platforms that share common features, it is recommended to store the common functionality into a separate module and use it for each platform.
+
+# Step 1: Creating development repositories
+
+We provide private git repositories to our partners porting mbed Client. Only the members of the mbed Client team and relevant partner contacts and engineers have access to these repositories.
+
+When you contact `support@mbed.org`, a repository will be created for your module. You also need to provide the target description of your board as follows:
+
+- **`mbed-client-<platform-name>`** is the module that provides the `mbed-client-xxx` implementation for your platform. You may choose to split it into further modules in the future, to enable sharing of code, but we recommend that you implement the port for your first board in this module itself. 
+
+- **`target-<targetname>`** contains the yotta target description of the target you are porting to. This is usually your platform name.
+
+# Step 2: Creating a yotta compilation target
+
+To compile for a target board, you need a [target description](http://docs.yottabuild.org/tutorial/targets.html) that describes how to compile for the target. 
+
+The `mbed-client` module uses the platform name that each target defines, to choose which `mbed-client-<platform-name>` module to depend on to provide the platform-specific implementation.
+
+The target description contains:
+* `target.json` - the target description file
+* a [CMake toolchain file](http://www.cmake.org/cmake/help/v3.0/manual/cmake-toolchains.7.html) (and any dependencies it needs) that describes how to run the compiler
+* a linker script file
+
+To select the target description, run `yotta target <targetname>`. yotta needs this to set up the build.
+
+The documentation for target descriptions is available on the [yotta documentation site](http://docs.yottabuild.org/tutorial/targets.html).
+
+An example on compiling for linux target can be found in the `yotta_targets` directory of the example application.
+
+The directory structure of a typical target description is:
+
+```
+|readme.md
+|target.json
+|_CMake
+|   |_toolchain.cmake
+|   |
+|   |_Compiler
+|   |   |_GNU-ASM.cmake
+|   |   |_GNU-C.cmake
+|   |   |_GNU-CXX.cmake
+|   |
+|   |_Platform
+|       |_xxx-GNU-C.cmake
+|       |_xxx-GNU-CXX.cmake
+|       |_xxx.cmake
+|
+|_ld
+    |_newtarget.ld
+```
+
+Where the `target.json` file specifies the path to the CMake toolchain (`toolchain.cmake`) that uses the standard CMake mechanisms for including compiler, platform and language-specific configuration.
+
+**Note**: Improvements are planned to the yotta target description to allow more reuse of the descriptions between targets.
+
+To make your target available locally (without publishing it), you can give `yotta link-target` command to link it into the global install targets directory:
+
+```
+# in the directory of your target:
+yotta link-target
+```
+
+You can then give `yotta link-target <targetname>` command to make the globally linked target available when compiling another module. After that, give `yotta target <targetname>` command to select your target for the compilation.
+
+# Step 3: Implementing mbed-client-xxx
+
+First, clone your `mbed-client-<your-platform-name>` module and `mbed-client` modules from GitHub.
+
+The `mbed-client-<your-platform-name>` module needs to provide a socket and timer implementation for your target platform. The `mbed-client-xxx` module should include files `m2mconnectionhandler.h`and `m2mtimer.h` from `mbed-client` and implement a corresponding `.cpp` file that points to the platform-specific private implementations of the timer and the socket.
+
+**Note**: Private implementation classes MUST be named as `M2MConnectionHandlerPimpl` and `M2MTimerPimpl`, because of forward declarations.
+
+An example of mbed-client-platform core:
+
+```
+|_module.json
+|
+|_mbed-client-platform
+|    |_m2mconnectionhandlerpimpl.h
+|    |_m2mtimerpimpl.h
+|
+|_source
+    |_m2mconnectionhandler.cpp
+    |_m2mconnectionhandlerpimpl.cpp
+    |_m2mtimer.cpp
+    |_m2mtimerpimpl.cpp
+```
+
+To make your module available to other modules that you want to build, you need to give [`yotta link`](http://docs.yottabuild.org/reference/commands.html#yotta-link) command to link it to the module where you want to test it out.
+
+To use your local your in-development mbed-client implementation, give the command `yotta link mbed-client-xxx` in the main `mbed-client` module.
+
+```
+# in mbed-client, link your module:
+yotta link
+```
+
+You can also just commit and push your untested code to GitHub, but it is always a good idea to test before committing.
+
+Your `mbed-client-xxx` module must provide a platform-specific implementation for the mbed-client. The APIs that needs porting are defined in the `mbed-client-linux` module. The header files contain documentation alongside the declaration of each function, where the function is described along with its parameters and return value.
+
+There are two header files that require porting for your platform:
+
+- `m2mconnectionhandler.h`
+- `m2mtimer.h` 
+
+To see how this is done in Linux, check the `mbed-client-linux` module available in this package.
+
+## Implementing M2MConnectionHandler class for your platform
+
+```
+/*
+ * Copyright (c) 2015 ARM. All rights reserved.
+ */
+#ifndef M2M_CONNECTION_HANDLER_H__
+#define M2M_CONNECTION_HANDLER_H__
+
+#include "mbed-client/m2mconfig.h"
+#include "mbed-client/m2minterface.h"
+#include "mbed-client/m2mconnectionobserver.h"
+#include "nsdl-c/sn_nsdl.h"
+
+/**
+ * @brief M2MConnectionHandler.
+ * This class handles the socket connection for Mbed Client
+ */
+
+class M2MConnectionHandler {
+public:
+
+    /**
+     * @enum ConnectionError
+     * This enum defines error which can come from
+     * socket read and write operation.
+     */
+    typedef enum {
+        CONNECTION_ERROR_WANTS_READ = -1000,
+        CONNECTION_ERROR_WANTS_WRITE = -1001
+    }ConnectionError;
+
+public:
+
+    /**
+    * @brief Constructor
+    */
+    M2MConnectionHandler(M2MConnectionObserver &observer,
+                         M2MConnectionSecurity* sec,
+                         M2MInterface::NetworkStack stack);
+
+    /**
+    * @brief Destructor
+    */
+    ~M2MConnectionHandler();
+
+    /**
+    * @brief This binds the socket connection.
+    * @param listen_port Port to listen for incoming connection.
+    * @return true if successful else false.
+    */
+    bool bind_connection(const uint16_t listen_port);
+
+    /**
+    * @brief This resolves the server address. Output is
+    * returned through callback
+    * @param String server address.
+    * @param uint16_t Server port.
+    * @param ServerType, Server Type to be resolved.
+    * @param security, M2MSecurity object which determines what
+    * kind of secure connection will be used by socket.
+    * @return true if address is valid else false.
+    */
+    bool resolve_server_address(const String& server_address,
+                                const uint16_t server_port,
+                                M2MConnectionObserver::ServerType server_type,
+                                const M2MSecurity* security);
+
+    /**
+    * @brief Sends data, to the connected sent to server.
+    * @param data_ptr, Data to be sent.
+    * @param data_len, Length of data to be sent.
+    * @param address_ptr, Address structure where data has to be sent.
+    * @return True if data sent is successful else false.
+    */
+    bool send_data(uint8_t *data_ptr,
+                           uint16_t data_len,
+                           sn_nsdl_addr_s *address_ptr);
+
+    /**
+    * @brief Listens for incoming data from remote server
+    * @return true if successful else false.
+    */
+    bool start_listening_for_data();
+
+    /**
+    * @brief Stops listening for incoming data.
+    */
+    void stop_listening();
+
+    /**
+     * @brief sendToSocket Sends directly to socket. This is used by
+     * security classes to send after data has been encrypted.
+     * @param buf Buffer to send.
+     * @param len Length of a buffer.
+     * @return Number of bytes sent or -1 if failed.
+     */
+    int sendToSocket(const unsigned char *buf, size_t len);
+
+    /**
+     * @brief receiveFromSocket Receives directly from a socket. This
+     * is used by security classes to receive raw data to be decrypted.
+     * @param buf Buffer to send.
+     * @param len Length of a buffer.
+     * @return Number of bytes read or -1 if failed.
+     */
+    int receiveFromSocket(unsigned char *buf, size_t len);
+
+
+    /**
+    * @brief Closes the open connection.
+    */
+    void close_connection();
+
+private:
+
+    M2MConnectionObserver                       &_observer;
+    M2MConnectionHandlerPimpl                   *_private_impl;
+
+friend class Test_M2MConnectionHandler;
+friend class Test_M2MConnectionHandler_mbed;
+friend class Test_M2MConnectionHandler_linux;
+friend class M2MConnection_TestObserver;
+};
+
+#endif //M2M_CONNECTION_HANDLER_H__
+
+```
+
+Please note that some of these functions are asynchronous in nature and some are expecting callback from the network. For example, receiving data from a socket needs to be communicated back to the `mbed-client` so that the library can act on the data received. The callback comes through the Observer class defined in `M2MConnectionObserver`.
+
+The file `m2mconnectionobserver.h` is present in the `mbed-client`. To see how the callback needs to be called, check the implementation in `m2mconnectionhandlerpimpl.cpp` present in the `mbed-client-linux`. 
+
+```
+/*
+ * Copyright (c) 2015 ARM. All rights reserved.
+ */
+#ifndef M2M_CONNECTION_OBSERVER_H__
+#define M2M_CONNECTION_OBSERVER_H__
+
+#include "mbed-client/m2minterface.h"
+
+/**
+ * @brief Observer class for informing socket activity to the state machine
+ */
+
+class M2MConnectionObserver
+{
+
+public :
+
+    typedef enum {
+        Bootstrap,
+        MbedServer
+    }ServerType;
+
+    /**
+     * @brief The M2MSocketAddress struct
+     * Unified container for holding socket address data
+     * across different platforms.
+     */
+    struct SocketAddress{
+        M2MInterface::NetworkStack  _stack;
+        void                        *_address;    
+        uint8_t                     _length;
+        uint16_t                    _port;
+    };
+
+    /**
+    * @brief Indicates data is available from socket.
+    * @param data, data read from socket
+    * @param data_size, length of data read from socket.
+    * @param address, Server Address from where data is coming.
+    */
+    virtual void data_available(uint8_t* data,
+                                uint16_t data_size,
+                                const M2MConnectionObserver::SocketAddress &address) = 0;
+
+    /**
+    * @brief Indicates some error occured in socket.
+    * @param error_code, Error code from socket.
+    * It cannot be used any further.
+    */
+    virtual void socket_error(uint8_t error_code) = 0;
+
+    /**
+    * @brief Indicates server address resolving is ready.
+    * @param address, Resolved socket address.
+    * @param server_type, Type of server.
+    * @param server_port, Port of the resolved server address.
+    */
+    virtual void address_ready(const M2MConnectionObserver::SocketAddress &address,
+                               M2MConnectionObserver::ServerType server_type,
+                               const uint16_t server_port) = 0;
+
+    /**
+    * @brief Indicates data has been sent successfully.
+    */
+    virtual void data_sent() = 0;
+
+};
+
+#endif // M2M_CONNECTION_OBSERVER_H__
+
+```
+
+## Implementing M2MTimer class for your platform
+
+```
+/*
+ * Copyright (c) 2015 ARM. All rights reserved.
+ */
+#ifndef M2M_TIMER_H
+#define M2M_TIMER_H
+
+#include <stdint.h>
+
+class M2MTimerObserver;
+/**
+ * @brief M2MTimerImpl
+ * Private implementation class for timer, this can be
+ * modified based on platform on which mbed client needs
+ * to be used.
+ */
+class M2MTimerImpl
+{
+private:
+
+    // Prevents the use of assignment operator
+    M2MTimer& operator=(const M2MTimer& other);
+
+    // Prevents the use of copy constructor
+    M2MTimer(const M2MTimer& other);
+    
+public:
+
+    /**
+    * Constructor.
+    */
+    M2MTimer(M2MTimerObserver& _observer);
+
+    /**
+    * Destructor.
+    */
+    virtual ~M2MTimer();
+
+    /**
+     * Starts timer
+     * @param interval Timer's interval in milliseconds
+    * @param single_shot defines if timer is ticked
+    * once or is it restarted everytime timer is expired.
+    */
+    void start_timer(uint64_t interval, bool single_shot = true);
+
+    /**
+     * @brief Starts timer in DTLS manner.
+     * @param intermediate_interval Intermediate interval to use, must be smaller than tiotal (usually 1/4 of total).
+     * @param total_interval Total interval to use; This is the timeout value of a DTLS packet.
+     * @param type Type of the timer
+     */
+    void start_dtls_timer(uint64_t intermediate_interval, uint64_t total_interval, 
+                          M2MTimerObserver::Type type = M2MTimerObserver::Dtls);
+
+    /**
+    * Stops timer.
+    * This cancels the ongoing timer.
+    */
+    void stop_timer();
+    
+    /**
+     * @brief Checks if the intermediate interval has passed.
+     * @return true if interval has passed, false otherwise.
+     */
+    bool is_intermediate_interval_passed();
+
+    /**
+     * @brief Checks if the total interval has passed.
+     * @return true if interval has passed, false otherwise.
+     */
+    bool is_total_interval_passed();
+
+};
+
+#endif // M2M_TIMER_H
+```
+
+The timer API functions are asynchronous in nature and whenever a timer event is available, it is notified to the `mbed-client` so that the library can act on the _timer expired_ signal. The callback is received through an Observer class defined in `M2MTimerObserver` .
+
+The file `m2mtimerobserver.h` is present in `mbed-client`. To see how the callback needs to be called, check the implementation in `m2mtimerimpl.cpp` present in the`mbed-client-linux`. 
+
+```
+/*
+ * Copyright (c) 2015 ARM. All rights reserved.
+ */
+#ifndef M2M_TIMER_OBSERVER_H
+#define M2M_TIMER_OBSERVER_H
+
+/**
+ *  Observer class for informing timer expiry to the parent class
+ */
+class M2MTimerObserver
+{
+public:
+    typedef enum {
+        Notdefined,
+        Registration,
+        NsdlExecution,
+        PMinTimer,
+        PMaxTimer,
+        Dtls
+    }Type;
+
+    /**
+    * Indicates that the time has expired.
+    */
+    virtual void timer_expired(M2MTimerObserver::Type type =
+                               M2MTimerObserver::Notdefined) = 0;
+};
+
+#endif // M2M_TIMER_OBSERVER_H
+```
+
+# Step 4: Modify module.json of mbed-client module
+
+You need to add your target name to `module.json` so that when you set `yt target <platform>`, yotta can resolve the dependency correctly and link the main library with your module.
+
+Two platforms, mbed and linux, are already supported. You just need to add your module support after that.
+
+```
+{
+  "name": "mbed-client",
+  "version": "0.1.6",
+  "description": "Mbed Client API",
+  "private": true,
+  "keywords": [],
+  "author": "Yogesh Pande <yogesh.pande@arm.com>",
+  "homepage": "https://github.com/ARMmbed/mbed-client",
+  "licenses": [
+    {
+      "url": "https://spdx.org/licenses/Apache-2.0",
+      "type": "Apache-2.0"
+    }
+  ],
+  "dependencies": {
+    "mbed-client-c": "~0.1.0"
+  },
+  "targetDependencies": {
+    "arm": {
+      "mbed-client-mbed": "~0.0.3"
+    },
+    "linux": {
+      "mbed-client-linux": "~0.0.1"
+    },
+    "<your platform as defined in target.json>" : {
+      "mbed-client-platform": "<published version , can be done later, first link locally as explained in above steps>"
+    },
+  }
+}
+```
+
+# Step 5: Testing and verification
+
+You can build your mbed-client port immediately. After that, run:
+
+```
+# use the target we previously made locally available (not necessary if your target has been published):
+yotta link-target <yourtargetname>
+# build!
+yotta build
+```
+
+A `helloworld-mbedclient` program will be produced inside the `build/<yourtargetname>/test/` directory. This test application may require some changes to compile and run for your platform. First, check for the compilation errors. If you find any, fix the test application for your testing. 
+
+This test is available in `mbed-client/test/helloworld-mbedclient`, and can be found in:
+
+```
+build/<yourtargetname>/test/
+```
+
+Follow the `readme` instructions of the `mbed-client-linux` example to see what the test application can do.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/docs/release-note-mbed-client-1511.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+# mbed Client 15.11 Technology Preview Release Note
+
+This is the first Technology Preview of mbed Client, which is available for mbed OS as well as Linux. We’re actively working on mbed Client and we expect to make exciting changes in the next six months. We’re making this technology preview available so you can see the trajectory we’re on. Our focus in this release is on laying the foundation for mbed Client development and collaboration, particularly core tools, technology and testing.
+
+We expect mbed Client developers to be able to access, build and run example projects and to explore the underlying code.
+
+## About this release
+
+Note that this is a technology preview release, which means that this release is not yet suitable for volume production use. The software is still maturing, and a number of things may change, including module names, repository URLs, APIs, header file names and configuration parameters. We'll try to mitigate the impact that these changes have on your code where possible.
+
+Note that in this release we're changing our version numbering scheme for mbed Client releases, to a calendar-based (year and month YY.MM) scheme. This release (15.11) has previously been called 3.0 in some communications.
+
+## Collaboration
+
+We’re building mbed Client as a collaborative project, bringing together industry and open source community contributions. If you’d like to work on mbed Client with us, we’d encourage you [to pitch in](https://github.com/ARMmbed/mbed-os/blob/master/CONTRIBUTING.md). With this technology preview we’re ready to start receiving contributions back from the community.
+
+## Documentation
+
+To get started with mbed Client, please visit our [getting started guide](https://docs.mbed.com/docs/mbed-client-guide/en/latest/).
+
+## Changes since the last release
+
+This section documents the changes between this release and the earlier mbed Client Beta (15.09) release.
+
+This release contains the following new features:
+Securely connect to mbed Device Server (mbed DS) over TCP connection through TLS. The supported secure connection includes Certificate mode. We still support non-secure connection mode for fast development and debugging.
+
+New LWM2M Firmware Object class preview for application development.
+
+## Known issues
+
+The known issues for this release are described [on GitHub](https://github.com/ARMmbed/mbed-client/blob/master/docs/known-issues-mbed-client1511.md).
+
+## Other ways of accessing this release
+
+We prefer that you access and collaborate with mbed Client online. However, the release may also be downloaded as an archive [on mbed.com](https://www.mbed.com/en/development/software/mbed-client/releases/mbed-client1511/).
+
+# Module versions in this release
+
+This release comprises the following yotta modules and their versions:
+ 
+
+| Module                           |  Version   |
+|----------------------------------|------------|
+| `mbed-client`                    |   1.2.1	   |
+| `mbed-client-c`                  |   1.1.1	   |
+| `mbed-client-libservice`         |   3.0.8	   |
+| `mbed-client-linux`              |   1.1.0	   |
+| `mbed-client-linux-example`  	   |   1.0.0	   |
+| `mbedtls`  	 		                  |   2.2.0	   |
+| `mbed-client-mbed-tls`           |   1.0.9	   |
+| `target-x86-linux-native`        |   1.0.0	   |
+| `target-linux-native`            |   1.0.0	   |
+
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/doxygen/mbedclient_doxy	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1846 @@
+# Doxyfile 1.8.2
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file 
+# that follow. The default is UTF-8 which is also the encoding used for all 
+# text before the first occurrence of this tag. Doxygen uses libiconv (or the 
+# iconv built into libc) for the transcoding. See 
+# http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+DOXYFILE_ENCODING      = UTF-8
+
+# The PROJECT_NAME tag is a single word (or sequence of words) that should 
+# identify the project. Note that if you do not use Doxywizard you need 
+# to put quotes around the project name if it contains spaces.
+
+PROJECT_NAME           = mbed-client
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
+# This could be handy for archiving the generated documentation or 
+# if some version control system is used.
+
+PROJECT_NUMBER         = 
+
+# Using the PROJECT_BRIEF tag one can provide an optional one line description 
+# for a project that appears at the top of each page and should give viewer 
+# a quick idea about the purpose of the project. Keep the description short.
+
+PROJECT_BRIEF          = "mbed Client C++ library"
+
+# With the PROJECT_LOGO tag one can specify an logo or icon that is 
+# included in the documentation. The maximum height of the logo should not 
+# exceed 55 pixels and the maximum width should not exceed 200 pixels. 
+# Doxygen will copy the logo to the output directory.
+
+PROJECT_LOGO           = 
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
+# base path where the generated documentation will be put. 
+# If a relative path is entered, it will be relative to the location 
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = ../docs
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
+# 4096 sub-directories (in 2 levels) under the output directory of each output 
+# format and will distribute the generated files over these directories. 
+# Enabling this option can be useful when feeding doxygen a huge amount of 
+# source files, where putting all generated files in the same directory would 
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS         = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
+# documentation generated by doxygen is written. Doxygen will use this 
+# information to generate all constant output in the proper language. 
+# The default language is English, other supported languages are: 
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, 
+# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, 
+# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English 
+# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, 
+# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, 
+# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese.
+
+OUTPUT_LANGUAGE        = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
+# include brief member descriptions after the members that are listed in 
+# the file and class documentation (similar to JavaDoc). 
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
+# the brief description of a member or function before the detailed description. 
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator 
+# that is used to form the text in various listings. Each string 
+# in this list, if found as the leading text of the brief description, will be 
+# stripped from the text and the result after processing the whole list, is 
+# used as the annotated text. Otherwise, the brief description is used as-is. 
+# If left blank, the following values are used ("$name" is automatically 
+# replaced with the name of the entity): "The $name class" "The $name widget" 
+# "The $name file" "is" "provides" "specifies" "contains" 
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF       = "The $name class" \
+                         "The $name widget" \
+                         "The $name file" \
+                         is \
+                         provides \
+                         specifies \
+                         contains \
+                         represents \
+                         a \
+                         an \
+                         the
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
+# Doxygen will generate a detailed section even if there is only a brief 
+# description.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all 
+# inherited members of a class in the documentation of that class as if those 
+# members were ordinary class members. Constructors, destructors and assignment 
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
+# path before files name in the file list and in the header files. If set 
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
+# can be used to strip a user-defined part of the path. Stripping is 
+# only done if one of the specified strings matches the left-hand part of 
+# the path. The tag can be used to show relative paths in the file list. 
+# If left blank the directory from which doxygen is run is used as the 
+# path to strip. Note that you specify absolute paths here, but also 
+# relative paths, which will be relative from the directory where doxygen is 
+# started.
+
+STRIP_FROM_PATH        = 
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
+# the path mentioned in the documentation of a class, which tells 
+# the reader which header file to include in order to use a class. 
+# If left blank only the name of the header file containing the class 
+# definition is used. Otherwise one should specify the include paths that 
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH    = 
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
+# (but less readable) file names. This can be useful if your file system 
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
+# will interpret the first line (until the first dot) of a JavaDoc-style 
+# comment as the brief description. If set to NO, the JavaDoc 
+# comments will behave just like regular Qt-style comments 
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF      = NO
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will 
+# interpret the first line (until the first dot) of a Qt-style 
+# comment as the brief description. If set to NO, the comments 
+# will behave just like regular Qt-style comments (thus requiring 
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF           = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
+# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
+# comments) as a brief description. This used to be the default behaviour. 
+# The new default is to treat a multi-line C++ comment block as a detailed 
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
+# member inherits the documentation from any documented member that it 
+# re-implements.
+
+INHERIT_DOCS           = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce 
+# a new page for each member. If set to NO, the documentation of a member will 
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES  = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 16
+
+# This tag can be used to specify a number of aliases that acts 
+# as commands in the documentation. An alias has the form "name=value". 
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
+# put the command \sideeffect (or @sideeffect) in the documentation, which 
+# will result in a user-defined paragraph with heading "Side Effects:". 
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                = 
+
+# This tag can be used to specify a number of word-keyword mappings (TCL only). 
+# A mapping has the form "name=value". For example adding 
+# "class=itcl::class" will allow you to use the command class in the 
+# itcl::class meaning.
+
+TCL_SUBST              = 
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C 
+# sources only. Doxygen will then generate output that is more tailored for C. 
+# For instance, some of the names that are used will be different. The list 
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java 
+# sources only. Doxygen will then generate output that is more tailored for 
+# Java. For instance, namespaces will be presented as packages, qualified 
+# scopes will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran 
+# sources only. Doxygen will then generate output that is more tailored for 
+# Fortran.
+
+OPTIMIZE_FOR_FORTRAN   = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL 
+# sources. Doxygen will then generate output that is tailored for 
+# VHDL.
+
+OPTIMIZE_OUTPUT_VHDL   = NO
+
+# Doxygen selects the parser to use depending on the extension of the files it 
+# parses. With this tag you can assign which parser to use for a given 
+# extension. Doxygen has a built-in mapping, but you can override or extend it 
+# using this tag. The format is ext=language, where ext is a file extension, 
+# and language is one of the parsers supported by doxygen: IDL, Java, 
+# Javascript, CSharp, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, 
+# C++. For instance to make doxygen treat .inc files as Fortran files (default 
+# is PHP), and .f files as C (default is Fortran), use: inc=Fortran f=C. Note 
+# that for custom extensions you also need to set FILE_PATTERNS otherwise the 
+# files are not read by doxygen.
+
+EXTENSION_MAPPING      = 
+
+# If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all 
+# comments according to the Markdown format, which allows for more readable 
+# documentation. See http://daringfireball.net/projects/markdown/ for details. 
+# The output of markdown processing is further processed by doxygen, so you 
+# can mix doxygen, HTML, and XML commands with Markdown formatting. 
+# Disable only in case of backward compatibilities issues.
+
+MARKDOWN_SUPPORT       = YES
+
+# When enabled doxygen tries to link words that correspond to documented classes, 
+# or namespaces to their corresponding documentation. Such a link can be 
+# prevented in individual cases by by putting a % sign in front of the word or 
+# globally by setting AUTOLINK_SUPPORT to NO.
+
+AUTOLINK_SUPPORT       = YES
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want 
+# to include (a tag file for) the STL sources as input, then you should 
+# set this tag to YES in order to let doxygen match functions declarations and 
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. 
+# func(std::string) {}). This also makes the inheritance and collaboration 
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT    = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to 
+# enable parsing support.
+
+CPP_CLI_SUPPORT        = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. 
+# Doxygen will parse them like normal C++ but will assume all classes use public 
+# instead of private inheritance when no explicit protection keyword is present.
+
+SIP_SUPPORT            = NO
+
+# For Microsoft's IDL there are propget and propput attributes to indicate
+# getter and setter methods for a property. Setting this option to YES (the
+# default) will make doxygen replace the get and set methods by a property in
+# the documentation. This will only work if the methods are indeed getting or
+# setting a simple type. If this is not the case, or you want to show the
+# methods anyway, you should set this option to NO.
+
+IDL_PROPERTY_SUPPORT   = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
+# tag is set to YES, then doxygen will reuse the documentation of the first 
+# member in the group (if any) for the other members of the group. By default 
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
+# the same type (for instance a group of public functions) to be put as a 
+# subgroup of that type (e.g. under the Public Functions section). Set it to 
+# NO to prevent subgrouping. Alternatively, this can be done per class using 
+# the \nosubgrouping command.
+
+SUBGROUPING            = YES
+
+# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and 
+# unions are shown inside the group in which they are included (e.g. using 
+# @ingroup) instead of on a separate page (for HTML and Man pages) or 
+# section (for LaTeX and RTF).
+
+INLINE_GROUPED_CLASSES = NO
+
+# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and 
+# unions with only public data fields will be shown inline in the documentation 
+# of the scope in which they are defined (i.e. file, namespace, or group 
+# documentation), provided this scope is documented. If set to NO (the default), 
+# structs, classes, and unions are shown on a separate page (for HTML and Man 
+# pages) or section (for LaTeX and RTF).
+
+INLINE_SIMPLE_STRUCTS  = NO
+
+# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum 
+# is documented as struct, union, or enum with the name of the typedef. So 
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct 
+# with name TypeT. When disabled the typedef will appear as a member of a file, 
+# namespace, or class. And the struct will be named TypeS. This can typically 
+# be useful for C code in case the coding convention dictates that all compound 
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+
+TYPEDEF_HIDES_STRUCT   = NO
+
+# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to 
+# determine which symbols to keep in memory and which to flush to disk. 
+# When the cache is full, less often used symbols will be written to disk. 
+# For small to medium size projects (<1000 input files) the default value is 
+# probably good enough. For larger projects a too small cache size can cause 
+# doxygen to be busy swapping symbols to and from disk most of the time 
+# causing a significant performance penalty. 
+# If the system has enough physical memory increasing the cache will improve the 
+# performance by keeping more symbols in memory. Note that the value works on 
+# a logarithmic scale so increasing the size by one will roughly double the 
+# memory usage. The cache size is given by this formula: 
+# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, 
+# corresponding to a cache size of 2^16 = 65536 symbols.
+
+SYMBOL_CACHE_SIZE      = 0
+
+# Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be 
+# set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given 
+# their name and scope. Since this can be an expensive process and often the 
+# same symbol appear multiple times in the code, doxygen keeps a cache of 
+# pre-resolved symbols. If the cache is too small doxygen will become slower. 
+# If the cache is too large, memory is wasted. The cache size is given by this 
+# formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0, 
+# corresponding to a cache size of 2^16 = 65536 symbols.
+
+LOOKUP_CACHE_SIZE      = 0
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
+# documentation are documented, even if no documentation was available. 
+# Private class members and static file members will be hidden unless 
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = NO
+
+# If the EXTRACT_PACKAGE tag is set to YES all members with package or internal 
+# scope will be included in the documentation.
+
+EXTRACT_PACKAGE        = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file 
+# will be included in the documentation.
+
+EXTRACT_STATIC         = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
+# defined locally in source files will be included in the documentation. 
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = NO
+
+# This flag is only useful for Objective-C code. When set to YES local 
+# methods, which are defined in the implementation section but not in 
+# the interface are included in the documentation. 
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS  = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be 
+# extracted and appear in the documentation as a namespace called 
+# 'anonymous_namespace{file}', where file will be replaced with the base 
+# name of the file that contains the anonymous namespace. By default 
+# anonymous namespaces are hidden.
+
+EXTRACT_ANON_NSPACES   = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
+# undocumented members of documented classes, files or namespaces. 
+# If set to NO (the default) these members will be included in the 
+# various overviews, but no documentation section is generated. 
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = YES
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
+# undocumented classes that are normally visible in the class hierarchy. 
+# If set to NO (the default) these classes will be included in the various 
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = YES
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
+# friend (class|struct|union) declarations. 
+# If set to NO (the default) these declarations will be included in the 
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = YES
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
+# documentation blocks found inside the body of a function. 
+# If set to NO (the default) these blocks will be appended to the 
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS      = YES
+
+# The INTERNAL_DOCS tag determines if documentation 
+# that is typed after a \internal command is included. If the tag is set 
+# to NO (the default) then the documentation will be excluded. 
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
+# file names in lower-case letters. If set to YES upper-case letters are also 
+# allowed. This is useful if you have classes or files whose names only differ 
+# in case and if your file system supports case sensitive file names. Windows 
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES       = NO
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
+# will show members with their full class and namespace scopes in the 
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = YES
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
+# will put a list of the files that are included by a file in the documentation 
+# of that file.
+
+SHOW_INCLUDE_FILES     = NO
+
+# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen 
+# will list include files with double quotes in the documentation 
+# rather than with sharp brackets.
+
+FORCE_LOCAL_INCLUDES   = NO
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
+# will sort the (detailed) documentation of file and class members 
+# alphabetically by member name. If set to NO the members will appear in 
+# declaration order.
+
+SORT_MEMBER_DOCS       = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
+# brief documentation of file, namespace and class members alphabetically 
+# by member name. If set to NO (the default) the members will appear in 
+# declaration order.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen 
+# will sort the (brief and detailed) documentation of class members so that 
+# constructors and destructors are listed first. If set to NO (the default) 
+# the constructors will appear in the respective orders defined by 
+# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. 
+# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO 
+# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO.
+
+SORT_MEMBERS_CTORS_1ST = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the 
+# hierarchy of group names into alphabetical order. If set to NO (the default) 
+# the group names will appear in their defined order.
+
+SORT_GROUP_NAMES       = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
+# sorted by fully-qualified names, including namespaces. If set to 
+# NO (the default), the class list will be sorted only by class name, 
+# not including the namespace part. 
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. 
+# Note: This option applies only to the class list, not to the 
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME     = NO
+
+# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to 
+# do proper type resolution of all parameters of a function it will reject a 
+# match between the prototype and the implementation of a member function even 
+# if there is only one candidate or it is obvious which candidate to choose 
+# by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen 
+# will still accept a match between prototype and implementation in such cases.
+
+STRICT_PROTO_MATCHING  = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or 
+# disable (NO) the todo list. This list is created by putting \todo 
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or 
+# disable (NO) the test list. This list is created by putting \test 
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or 
+# disable (NO) the bug list. This list is created by putting \bug 
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
+# disable (NO) the deprecated list. This list is created by putting 
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional 
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       = 
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
+# the initial value of a variable or macro consists of for it to appear in 
+# the documentation. If the initializer consists of more lines than specified 
+# here it will be hidden. Use a value of 0 to hide initializers completely. 
+# The appearance of the initializer of individual variables and macros in the 
+# documentation can be controlled using \showinitializer or \hideinitializer 
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 18
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
+# at the bottom of the documentation of classes and structs. If set to YES the 
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = YES
+
+# Set the SHOW_FILES tag to NO to disable the generation of the Files page. 
+# This will remove the Files entry from the Quick Index and from the 
+# Folder Tree View (if specified). The default is YES.
+
+SHOW_FILES             = YES
+
+# Set the SHOW_NAMESPACES tag to NO to disable the generation of the 
+# Namespaces page.  This will remove the Namespaces entry from the Quick Index 
+# and from the Folder Tree View (if specified). The default is YES.
+
+SHOW_NAMESPACES        = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that 
+# doxygen should invoke to get the current version for each file (typically from 
+# the version control system). Doxygen will invoke the program by executing (via 
+# popen()) the command <command> <input-file>, where <command> is the value of 
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file 
+# provided by doxygen. Whatever the program writes to standard output 
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER    = 
+
+# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed 
+# by doxygen. The layout file controls the global structure of the generated 
+# output files in an output format independent way. To create the layout file 
+# that represents doxygen's defaults, run doxygen with the -l option. 
+# You can optionally specify a file name after the option, if omitted 
+# DoxygenLayout.xml will be used as the name of the layout file.
+
+LAYOUT_FILE            = 
+
+# The CITE_BIB_FILES tag can be used to specify one or more bib files 
+# containing the references data. This must be a list of .bib files. The 
+# .bib extension is automatically appended if omitted. Using this command 
+# requires the bibtex tool to be installed. See also 
+# http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style 
+# of the bibliography can be controlled using LATEX_BIB_STYLE. To use this 
+# feature you need bibtex and perl available in the search path.
+
+CITE_BIB_FILES         = 
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated 
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are 
+# generated by doxygen. Possible values are YES and NO. If left blank 
+# NO is used.
+
+WARNINGS               = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
+# potential errors in the documentation, such as not documenting some 
+# parameters in a documented function, or documenting parameters that 
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR      = YES
+
+# The WARN_NO_PARAMDOC option can be enabled to get warnings for 
+# functions that are documented, but have no documentation for their parameters 
+# or return value. If set to NO (the default) doxygen will only warn about 
+# wrong or incomplete parameter documentation, but not about the absence of 
+# documentation.
+
+WARN_NO_PARAMDOC       = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that 
+# doxygen can produce. The string should contain the $file, $line, and $text 
+# tags, which will be replaced by the file and line number from which the 
+# warning originated and the warning text. Optionally the format may contain 
+# $version, which will be replaced by the version of the file (if it could 
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT            = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning 
+# and error messages should be written. If left blank the output is written 
+# to stderr.
+
+WARN_LOGFILE           = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain 
+# documented source files. You may enter file names like "myfile.cpp" or 
+# directories like "/usr/src/myproject". Separate the files or directories 
+# with spaces.
+
+INPUT                  = ../mbed-client
+
+# This tag can be used to specify the character encoding of the source files 
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is 
+# also the default input encoding. Doxygen uses libiconv (or the iconv built 
+# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for 
+# the list of possible encodings.
+
+INPUT_ENCODING         = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the 
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank the following patterns are tested: 
+# *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh 
+# *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py 
+# *.f90 *.f *.for *.vhd *.vhdl
+
+FILE_PATTERNS          = *.c \
+                         *.cc \
+                         *.cxx \
+                         *.cpp \
+                         *.c++ \
+                         *.d \
+                         *.java \
+                         *.ii \
+                         *.ixx \
+                         *.ipp \
+                         *.i++ \
+                         *.inl \
+                         *.h \
+                         *.hh \
+                         *.hxx \
+                         *.hpp \
+                         *.h++ \
+                         *.idl \
+                         *.odl \
+                         *.cs \
+                         *.php \
+                         *.php3 \
+                         *.inc \
+                         *.m \
+                         *.markdown \
+                         *.md \
+                         *.mm \
+                         *.dox \
+                         *.py \
+                         *.f90 \
+                         *.f \
+                         *.for \
+                         *.vhd \
+                         *.vhdl
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
+# should be searched for input files as well. Possible values are YES and NO. 
+# If left blank NO is used.
+
+RECURSIVE              = YES
+
+# The EXCLUDE tag can be used to specify files and/or directories that should be 
+# excluded from the INPUT source files. This way you can easily exclude a 
+# subdirectory from a directory tree whose root is specified with the INPUT tag. 
+# Note that relative paths are relative to the directory from which doxygen is 
+# run.
+
+EXCLUDE                = 
+
+# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or 
+# directories that are symbolic links (a Unix file system feature) are excluded 
+# from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the 
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
+# certain files from those directories. Note that the wildcards are matched 
+# against the file with absolute path, so to exclude all test directories 
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS       = 
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names 
+# (namespaces, classes, functions, etc.) that should be excluded from the 
+# output. The symbol name can be a fully qualified name, a word, or if the 
+# wildcard * is used, a substring. Examples: ANamespace, AClass, 
+# AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS        = 
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or 
+# directories that contain example code fragments that are included (see 
+# the \include command).
+
+EXAMPLE_PATH           = 
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank all files are included.
+
+EXAMPLE_PATTERNS       = *
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
+# searched for input files to be used with the \include or \dontinclude 
+# commands irrespective of the value of the RECURSIVE tag. 
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or 
+# directories that contain image that are included in the documentation (see 
+# the \image command).
+
+IMAGE_PATH             = 
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should 
+# invoke to filter for each input file. Doxygen will invoke the filter program 
+# by executing (via popen()) the command <filter> <input-file>, where <filter> 
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
+# input file. Doxygen will then use the output that the filter program writes 
+# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
+# ignored.
+
+INPUT_FILTER           = 
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
+# basis.  Doxygen will compare the file name with each pattern and apply the 
+# filter if there is a match.  The filters are a list of the form: 
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
+# info on how filters are used. If FILTER_PATTERNS is empty or if 
+# non of the patterns match the file name, INPUT_FILTER is applied.
+
+FILTER_PATTERNS        = 
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
+# INPUT_FILTER) will be used to filter the input files when producing source 
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file 
+# pattern. A pattern will override the setting for FILTER_PATTERN (if any) 
+# and it is also possible to disable source filtering for a specific pattern 
+# using *.ext= (so without naming a filter). This option only has effect when 
+# FILTER_SOURCE_FILES is enabled.
+
+FILTER_SOURCE_PATTERNS = 
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
+# be generated. Documented entities will be cross-referenced with these sources. 
+# Note: To get rid of all source code in the generated output, make sure also 
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER         = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body 
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
+# doxygen to hide any special comment blocks from generated source code 
+# fragments. Normal C, C++ and Fortran comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES 
+# then for each documented function all documented 
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = NO
+
+# If the REFERENCES_RELATION tag is set to YES 
+# then for each documented function all documented entities 
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = NO
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) 
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from 
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will 
+# link to the source code.  Otherwise they will link to the documentation.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code 
+# will point to the HTML generated by the htags(1) tool instead of doxygen 
+# built-in source browser. The htags tool is part of GNU's global source 
+# tagging system (see http://www.gnu.org/software/global/global.html). You 
+# will need version 4.8.6 or higher.
+
+USE_HTAGS              = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
+# will generate a verbatim copy of the header file for each class for 
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
+# of all compounds will be generated. Enable this if the project 
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = YES
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 5
+
+# In case all classes in a project start with a common prefix, all 
+# classes will be put under the same header in the alphabetical index. 
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard header. Note that when using a custom header you are responsible  
+# for the proper inclusion of any scripts and style sheets that doxygen 
+# needs, which is dependent on the configuration options used. 
+# It is advised to generate a default header using "doxygen -w html 
+# header.html footer.html stylesheet.css YourConfigFile" and then modify 
+# that header. Note that the header is subject to change so you typically 
+# have to redo this when upgrading to a newer version of doxygen or when 
+# changing the value of configuration settings such as GENERATE_TREEVIEW!
+
+HTML_HEADER            = 
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard footer.
+
+HTML_FOOTER            = 
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
+# style sheet that is used by each HTML page. It can be used to 
+# fine-tune the look of the HTML output. If left blank doxygen will 
+# generate a default style sheet. Note that it is recommended to use 
+# HTML_EXTRA_STYLESHEET instead of this one, as it is more robust and this 
+# tag will in the future become obsolete.
+
+HTML_STYLESHEET        = 
+
+# The HTML_EXTRA_STYLESHEET tag can be used to specify an additional 
+# user-defined cascading style sheet that is included after the standard 
+# style sheets created by doxygen. Using this option one can overrule 
+# certain style aspects. This is preferred over using HTML_STYLESHEET 
+# since it does not replace the standard style sheet and is therefor more 
+# robust against future updates. Doxygen will copy the style sheet file to 
+# the output directory.
+
+HTML_EXTRA_STYLESHEET  = 
+
+# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or 
+# other source files which should be copied to the HTML output directory. Note 
+# that these files will be copied to the base HTML output directory. Use the 
+# $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these 
+# files. In the HTML_STYLESHEET file, use the file name only. Also note that 
+# the files will be copied as-is; there are no commands or markers available.
+
+HTML_EXTRA_FILES       = 
+
+# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. 
+# Doxygen will adjust the colors in the style sheet and background images 
+# according to this color. Hue is specified as an angle on a colorwheel, 
+# see http://en.wikipedia.org/wiki/Hue for more information. 
+# For instance the value 0 represents red, 60 is yellow, 120 is green, 
+# 180 is cyan, 240 is blue, 300 purple, and 360 is red again. 
+# The allowed range is 0 to 359.
+
+HTML_COLORSTYLE_HUE    = 220
+
+# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of 
+# the colors in the HTML output. For a value of 0 the output will use 
+# grayscales only. A value of 255 will produce the most vivid colors.
+
+HTML_COLORSTYLE_SAT    = 100
+
+# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to 
+# the luminance component of the colors in the HTML output. Values below 
+# 100 gradually make the output lighter, whereas values above 100 make 
+# the output darker. The value divided by 100 is the actual gamma applied, 
+# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, 
+# and 100 does not change the gamma.
+
+HTML_COLORSTYLE_GAMMA  = 80
+
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML 
+# page will contain the date and time when the page was generated. Setting 
+# this to NO can help when comparing the output of multiple runs.
+
+HTML_TIMESTAMP         = YES
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML 
+# documentation will contain sections that can be hidden and shown after the 
+# page has loaded.
+
+HTML_DYNAMIC_SECTIONS  = NO
+
+# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of 
+# entries shown in the various tree structured indices initially; the user 
+# can expand and collapse entries dynamically later on. Doxygen will expand 
+# the tree to such a level that at most the specified number of entries are 
+# visible (unless a fully collapsed tree already exceeds this amount). 
+# So setting the number of entries 1 will produce a full collapsed tree by 
+# default. 0 is a special value representing an infinite number of entries 
+# and will result in a full expanded tree by default.
+
+HTML_INDEX_NUM_ENTRIES = 100
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files 
+# will be generated that can be used as input for Apple's Xcode 3 
+# integrated development environment, introduced with OSX 10.5 (Leopard). 
+# To create a documentation set, doxygen will generate a Makefile in the 
+# HTML output directory. Running make will produce the docset in that 
+# directory and running "make install" will install the docset in 
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find 
+# it at startup. 
+# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html 
+# for more information.
+
+GENERATE_DOCSET        = NO
+
+# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the 
+# feed. A documentation feed provides an umbrella under which multiple 
+# documentation sets from a single provider (such as a company or product suite) 
+# can be grouped.
+
+DOCSET_FEEDNAME        = "Doxygen generated docs"
+
+# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that 
+# should uniquely identify the documentation set bundle. This should be a 
+# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen 
+# will append .docset to the name.
+
+DOCSET_BUNDLE_ID       = org.doxygen.Project
+
+# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely 
+# identify the documentation publisher. This should be a reverse domain-name 
+# style string, e.g. com.mycompany.MyDocSet.documentation.
+
+DOCSET_PUBLISHER_ID    = org.doxygen.Publisher
+
+# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher.
+
+DOCSET_PUBLISHER_NAME  = Publisher
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
+# will be generated that can be used as input for tools like the 
+# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) 
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
+# be used to specify the file name of the resulting .chm file. You 
+# can add a path in front of the file if the result should not be 
+# written to the html output directory.
+
+CHM_FILE               = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
+# be used to specify the location (absolute path including file name) of 
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION           = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
+# controls if a separate .chi index file is generated (YES) or that 
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING 
+# is used to encode HtmlHelp index (hhk), content (hhc) and project file 
+# content.
+
+CHM_INDEX_ENCODING     = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
+# controls whether a binary table of contents is generated (YES) or a 
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members 
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND             = NO
+
+# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and 
+# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated 
+# that can be used as input for Qt's qhelpgenerator to generate a 
+# Qt Compressed Help (.qch) of the generated HTML documentation.
+
+GENERATE_QHP           = NO
+
+# If the QHG_LOCATION tag is specified, the QCH_FILE tag can 
+# be used to specify the file name of the resulting .qch file. 
+# The path specified is relative to the HTML output folder.
+
+QCH_FILE               = 
+
+# The QHP_NAMESPACE tag specifies the namespace to use when generating 
+# Qt Help Project output. For more information please see 
+# http://doc.trolltech.com/qthelpproject.html#namespace
+
+QHP_NAMESPACE          = org.doxygen.Project
+
+# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating 
+# Qt Help Project output. For more information please see 
+# http://doc.trolltech.com/qthelpproject.html#virtual-folders
+
+QHP_VIRTUAL_FOLDER     = doc
+
+# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to 
+# add. For more information please see 
+# http://doc.trolltech.com/qthelpproject.html#custom-filters
+
+QHP_CUST_FILTER_NAME   = 
+
+# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the 
+# custom filter to add. For more information please see 
+# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters"> 
+# Qt Help Project / Custom Filters</a>.
+
+QHP_CUST_FILTER_ATTRS  = 
+
+# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this 
+# project's 
+# filter section matches. 
+# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes"> 
+# Qt Help Project / Filter Attributes</a>.
+
+QHP_SECT_FILTER_ATTRS  = 
+
+# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can 
+# be used to specify the location of Qt's qhelpgenerator. 
+# If non-empty doxygen will try to run qhelpgenerator on the generated 
+# .qhp file.
+
+QHG_LOCATION           = 
+
+# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files  
+# will be generated, which together with the HTML files, form an Eclipse help 
+# plugin. To install this plugin and make it available under the help contents 
+# menu in Eclipse, the contents of the directory containing the HTML and XML 
+# files needs to be copied into the plugins directory of eclipse. The name of 
+# the directory within the plugins directory should be the same as 
+# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before 
+# the help appears.
+
+GENERATE_ECLIPSEHELP   = NO
+
+# A unique identifier for the eclipse help plugin. When installing the plugin 
+# the directory name containing the HTML and XML files should also have 
+# this name.
+
+ECLIPSE_DOC_ID         = org.doxygen.Project
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) 
+# at top of each HTML page. The value NO (the default) enables the index and 
+# the value YES disables it. Since the tabs have the same information as the 
+# navigation tree you can set this option to NO if you already set 
+# GENERATE_TREEVIEW to YES.
+
+DISABLE_INDEX          = NO
+
+# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index 
+# structure should be generated to display hierarchical information. 
+# If the tag value is set to YES, a side panel will be generated 
+# containing a tree-like index structure (just like the one that 
+# is generated for HTML Help). For this to work a browser that supports 
+# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). 
+# Windows users are probably better off using the HTML help feature. 
+# Since the tree basically has the same information as the tab index you 
+# could consider to set DISABLE_INDEX to NO when enabling this option.
+
+GENERATE_TREEVIEW      = NO
+
+# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values 
+# (range [0,1..20]) that doxygen will group on one line in the generated HTML 
+# documentation. Note that a value of 0 will completely suppress the enum 
+# values from appearing in the overview section.
+
+ENUM_VALUES_PER_LINE   = 4
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
+# used to set the initial width (in pixels) of the frame in which the tree 
+# is shown.
+
+TREEVIEW_WIDTH         = 250
+
+# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open 
+# links to external symbols imported via tag files in a separate window.
+
+EXT_LINKS_IN_WINDOW    = NO
+
+# Use this tag to change the font size of Latex formulas included 
+# as images in the HTML documentation. The default is 10. Note that 
+# when you change the font size after a successful doxygen run you need 
+# to manually remove any form_*.png images from the HTML output directory 
+# to force them to be regenerated.
+
+FORMULA_FONTSIZE       = 10
+
+# Use the FORMULA_TRANPARENT tag to determine whether or not the images 
+# generated for formulas are transparent PNGs. Transparent PNGs are 
+# not supported properly for IE 6.0, but are supported on all modern browsers. 
+# Note that when changing this option you need to delete any form_*.png files 
+# in the HTML output before the changes have effect.
+
+FORMULA_TRANSPARENT    = YES
+
+# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax 
+# (see http://www.mathjax.org) which uses client side Javascript for the 
+# rendering instead of using prerendered bitmaps. Use this if you do not 
+# have LaTeX installed or if you want to formulas look prettier in the HTML 
+# output. When enabled you may also need to install MathJax separately and 
+# configure the path to it using the MATHJAX_RELPATH option.
+
+USE_MATHJAX            = NO
+
+# When MathJax is enabled you need to specify the location relative to the 
+# HTML output directory using the MATHJAX_RELPATH option. The destination 
+# directory should contain the MathJax.js script. For instance, if the mathjax 
+# directory is located at the same level as the HTML output directory, then 
+# MATHJAX_RELPATH should be ../mathjax. The default value points to 
+# the MathJax Content Delivery Network so you can quickly see the result without 
+# installing MathJax.  However, it is strongly recommended to install a local 
+# copy of MathJax from http://www.mathjax.org before deployment.
+
+MATHJAX_RELPATH        = http://cdn.mathjax.org/mathjax/latest
+
+# The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension 
+# names that should be enabled during MathJax rendering.
+
+MATHJAX_EXTENSIONS     = 
+
+# When the SEARCHENGINE tag is enabled doxygen will generate a search box 
+# for the HTML output. The underlying search engine uses javascript 
+# and DHTML and should work on any modern browser. Note that when using 
+# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets 
+# (GENERATE_DOCSET) there is already a search function so this one should 
+# typically be disabled. For large projects the javascript based search engine 
+# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution.
+
+SEARCHENGINE           = YES
+
+# When the SERVER_BASED_SEARCH tag is enabled the search engine will be 
+# implemented using a PHP enabled web server instead of at the web client 
+# using Javascript. Doxygen will generate the search PHP script and index 
+# file to put on the web server. The advantage of the server 
+# based approach is that it scales better to large projects and allows 
+# full text search. The disadvantages are that it is more difficult to setup 
+# and does not have live searching capabilities.
+
+SERVER_BASED_SEARCH    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
+# generate Latex output.
+
+GENERATE_LATEX         = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
+# invoked. If left blank `latex' will be used as the default command name. 
+# Note that when enabling USE_PDFLATEX this option is only used for 
+# generating bitmaps for formulas in the HTML output, but not in the 
+# Makefile that is written to the output directory.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
+# generate index for LaTeX. If left blank `makeindex' will be used as the 
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
+# LaTeX documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used 
+# by the printer. Possible values are: a4, letter, legal and 
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         = 
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
+# the generated latex document. The header should contain everything until 
+# the first chapter. If it is left blank doxygen will generate a 
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           = 
+
+# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for 
+# the generated latex document. The footer should contain everything after 
+# the last chapter. If it is left blank doxygen will generate a 
+# standard footer. Notice: only use this tag if you know what you are doing!
+
+LATEX_FOOTER           = 
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
+# contain links (just like the HTML output) instead of page references 
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = YES
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
+# plain latex in the generated Makefile. Set this option to YES to get a 
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = YES
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
+# command to the generated LaTeX files. This will instruct LaTeX to keep 
+# running if errors occur, instead of asking the user for help. 
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
+# include the index chapters (such as File Index, Compound Index, etc.) 
+# in the output.
+
+LATEX_HIDE_INDICES     = NO
+
+# If LATEX_SOURCE_CODE is set to YES then doxygen will include 
+# source code with syntax highlighting in the LaTeX output. 
+# Note that which sources are shown also depends on other settings 
+# such as SOURCE_BROWSER.
+
+LATEX_SOURCE_CODE      = NO
+
+# The LATEX_BIB_STYLE tag can be used to specify the style to use for the 
+# bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See 
+# http://en.wikipedia.org/wiki/BibTeX for more info.
+
+LATEX_BIB_STYLE        = plain
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
+# The RTF output is optimized for Word 97 and may not look very pretty with 
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
+# RTF documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
+# will contain hyperlink fields. The RTF file will 
+# contain links (just like the HTML output) instead of page references. 
+# This makes the output suitable for online browsing using WORD or other 
+# programs which support those fields. 
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = NO
+
+# Load style sheet definitions from file. Syntax is similar to doxygen's 
+# config file, i.e. a series of assignments. You only have to provide 
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    = 
+
+# Set optional variables used in the generation of an rtf document. 
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
+# generate man pages
+
+GENERATE_MAN           = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = man
+
+# The MAN_EXTENSION tag determines the extension that is added to 
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
+# then it will generate one additional man file for each entity 
+# documented in the real man page(s). These additional files 
+# only source the real man page, but without them the man command 
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will 
+# generate an XML file that captures the structure of 
+# the code including all documentation.
+
+GENERATE_XML           = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT             = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_SCHEMA             = 
+
+# The XML_DTD tag can be used to specify an XML DTD, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_DTD                = 
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
+# dump the program listings (including syntax highlighting 
+# and cross-referencing information) to the XML output. Note that 
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING     = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
+# generate an AutoGen Definitions (see autogen.sf.net) file 
+# that captures the structure of the code including all 
+# documentation. Note that this feature is still experimental 
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
+# generate a Perl module file that captures the structure of 
+# the code including all documentation. Note that this 
+# feature is still experimental and incomplete at the 
+# moment.
+
+GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
+# nicely formatted so it can be parsed by a human reader.  This is useful 
+# if you want to understand what is going on.  On the other hand, if this 
+# tag is set to NO the size of the Perl module output will be much smaller 
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file 
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
+# This is useful so different doxyrules.make files included by the same 
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX = 
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
+# evaluate all C-preprocessor directives found in the sources and include 
+# files.
+
+ENABLE_PREPROCESSING   = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
+# names in the source code. If set to NO (the default) only conditional 
+# compilation will be performed. Macro expansion can be done in a controlled 
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
+# then the macro expansion is limited to the macros specified with the 
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF     = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
+# pointed to by INCLUDE_PATH will be searched when a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that 
+# contain include files that are not input files but should be processed by 
+# the preprocessor.
+
+INCLUDE_PATH           = 
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
+# patterns (like *.h and *.hpp) to filter out the header-files in the 
+# directories. If left blank, the patterns specified with FILE_PATTERNS will 
+# be used.
+
+INCLUDE_FILE_PATTERNS  = 
+
+# The PREDEFINED tag can be used to specify one or more macro names that 
+# are defined before the preprocessor is started (similar to the -D option of 
+# gcc). The argument of the tag is a list of macros of the form: name 
+# or name=definition (no spaces). If the definition and the = are 
+# omitted =1 is assumed. To prevent a macro definition from being 
+# undefined via #undef or recursively expanded use the := operator 
+# instead of the = operator.
+
+PREDEFINED             = 
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
+# this tag can be used to specify a list of macro names that should be expanded. 
+# The macro definition that is found in the sources will be used. 
+# Use the PREDEFINED tag if you want to use a different macro definition that 
+# overrules the definition found in the source code.
+
+EXPAND_AS_DEFINED      = 
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
+# doxygen's preprocessor will remove all references to function-like macros 
+# that are alone on a line, have an all uppercase name, and do not end with a 
+# semicolon, because these will confuse the parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles. For each 
+# tag file the location of the external documentation should be added. The 
+# format of a tag file without this location is as follows: 
+#   TAGFILES = file1 file2 ... 
+# Adding location for the tag files is done as follows: 
+#   TAGFILES = file1=loc1 "file2 = loc2" ... 
+# where "loc1" and "loc2" can be relative or absolute paths 
+# or URLs. Note that each tag file must have a unique name (where the name does 
+# NOT include the path). If a tag file is not located in the directory in which 
+# doxygen is run, you must also specify the path to the tagfile here.
+
+TAGFILES               = 
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       = 
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
+# in the class index. If set to NO only the inherited external classes 
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
+# in the modules index. If set to NO, only the current project's groups will 
+# be listed.
+
+EXTERNAL_GROUPS        = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script 
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base 
+# or super classes. Setting the tag to NO turns the diagrams off. Note that 
+# this option also works with HAVE_DOT disabled, but it is recommended to 
+# install and use dot, since it yields more powerful graphs.
+
+CLASS_DIAGRAMS         = NO
+
+# You can define message sequence charts within doxygen comments using the \msc 
+# command. Doxygen will then run the mscgen tool (see 
+# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the 
+# documentation. The MSCGEN_PATH tag allows you to specify the directory where 
+# the mscgen tool resides. If left empty the tool is assumed to be found in the 
+# default search path.
+
+MSCGEN_PATH            = 
+
+# If set to YES, the inheritance and collaboration graphs will hide 
+# inheritance and usage relations if the target is undocumented 
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
+# available from the path. This tool is part of Graphviz, a graph visualization 
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = NO
+
+# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is 
+# allowed to run in parallel. When set to 0 (the default) doxygen will 
+# base this on the number of processors available in the system. You can set it 
+# explicitly to a value larger than 0 to get control over the balance 
+# between CPU load and processing speed.
+
+DOT_NUM_THREADS        = 0
+
+# By default doxygen will use the Helvetica font for all dot files that 
+# doxygen generates. When you want a differently looking font you can specify 
+# the font name using DOT_FONTNAME. You need to make sure dot is able to find 
+# the font, which can be done by putting it in a standard location or by setting 
+# the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the 
+# directory containing the font.
+
+DOT_FONTNAME           = Helvetica
+
+# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. 
+# The default size is 10pt.
+
+DOT_FONTSIZE           = 10
+
+# By default doxygen will tell dot to use the Helvetica font. 
+# If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to 
+# set the path where dot can find it.
+
+DOT_FONTPATH           = 
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect inheritance relations. Setting this tag to YES will force the 
+# CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect implementation dependencies (inheritance, containment, and 
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS           = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
+# collaboration diagrams in a style similar to the OMG's Unified Modeling 
+# Language.
+
+UML_LOOK               = NO
+
+# If the UML_LOOK tag is enabled, the fields and methods are shown inside 
+# the class node. If there are many fields or methods and many nodes the 
+# graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS 
+# threshold limits the number of items for each type to make the size more 
+# managable. Set this to 0 for no limit. Note that the threshold may be 
+# exceeded by 50% before the limit is enforced.
+
+UML_LIMIT_NUM_FIELDS   = 10
+
+# If set to YES, the inheritance and collaboration graphs will show the 
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
+# tags are set to YES then doxygen will generate a graph for each documented 
+# file showing the direct and indirect include dependencies of the file with 
+# other documented files.
+
+INCLUDE_GRAPH          = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
+# documented header file showing the documented files that directly or 
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = YES
+
+# If the CALL_GRAPH and HAVE_DOT options are set to YES then 
+# doxygen will generate a call dependency graph for every global function 
+# or class method. Note that enabling this option will significantly increase 
+# the time of a run. So in most cases it will be better to enable call graphs 
+# for selected functions only using the \callgraph command.
+
+CALL_GRAPH             = YES
+
+# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then 
+# doxygen will generate a caller dependency graph for every global function 
+# or class method. Note that enabling this option will significantly increase 
+# the time of a run. So in most cases it will be better to enable caller 
+# graphs for selected functions only using the \callergraph command.
+
+CALLER_GRAPH           = YES
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = YES
+
+# If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES 
+# then doxygen will show the dependencies a directory has on other directories 
+# in a graphical way. The dependency relations are determined by the #include 
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH        = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
+# generated by dot. Possible values are svg, png, jpg, or gif. 
+# If left blank png will be used. If you choose svg you need to set 
+# HTML_FILE_EXTENSION to xhtml in order to make the SVG files 
+# visible in IE 9+ (other browsers do not have this requirement).
+
+DOT_IMAGE_FORMAT       = png
+
+# If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to 
+# enable generation of interactive SVG images that allow zooming and panning. 
+# Note that this requires a modern browser other than Internet Explorer. 
+# Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you 
+# need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files 
+# visible. Older versions of IE do not have SVG support.
+
+INTERACTIVE_SVG        = NO
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be 
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH               = 
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that 
+# contain dot files that are included in the documentation (see the 
+# \dotfile command).
+
+DOTFILE_DIRS           = 
+
+# The MSCFILE_DIRS tag can be used to specify one or more directories that 
+# contain msc files that are included in the documentation (see the 
+# \mscfile command).
+
+MSCFILE_DIRS           = 
+
+# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of 
+# nodes that will be shown in the graph. If the number of nodes in a graph 
+# becomes larger than this value, doxygen will truncate the graph, which is 
+# visualized by representing a node as a red box. Note that doxygen if the 
+# number of direct children of the root node in a graph is already larger than 
+# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note 
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES    = 44
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
+# graphs generated by dot. A depth value of 3 means that only nodes reachable 
+# from the root by following a path via at most 3 edges will be shown. Nodes 
+# that lay further from the root node will be omitted. Note that setting this 
+# option to 1 or 2 may greatly reduce the computation time needed for large 
+# code bases. Also note that the size of a graph can be further restricted by 
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH    = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent 
+# background. This is disabled by default, because dot on Windows does not 
+# seem to support this out of the box. Warning: Depending on the platform used, 
+# enabling this option may lead to badly anti-aliased labels on the edges of 
+# a graph (i.e. they become hard to read).
+
+DOT_TRANSPARENT        = NO
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output 
+# files in one run (i.e. multiple -o and -T options on the command line). This 
+# makes dot run faster, but since only newer versions of dot (>1.8.10) 
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS      = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
+# generate a legend page explaining the meaning of the various boxes and 
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
+# remove the intermediate dot files that are used to generate 
+# the various graphs.
+
+DOT_CLEANUP            = YES
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/functionpointer.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,197 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef FUNCTIONPOINTER_H
+#define FUNCTIONPOINTER_H
+
+#include <string.h>
+#include <stdint.h>
+
+
+/** A class for storing and calling a pointer to a static or member void function
+ */
+template <typename R>
+class FP0{
+public:
+    /** Create a FunctionPointer, attaching a static function
+     *
+     *  @param function The void static function to attach (default is none)
+     */
+    FP0(R (*function)(void) = 0) {
+        attach(function);
+    }
+
+    /** Create a FP, attaching a member function
+     *
+     *  @param object The object pointer to invoke the member function on (i.e. the this pointer)
+     *  @param function The address of the void member function to attach
+     */
+    template<typename T>
+    FP0(T *object, R (T::*member)(void)) {
+        attach(object, member);
+    }
+
+    /** Attach a static function
+     *
+     *  @param function The void static function to attach (default is none)
+     */
+    void attach(R (*function)(void)) {
+        _p.function = function;
+        _membercaller = 0;
+    }
+
+    /** Attach a member function
+     *
+     *  @param object The object pointer to invoke the member function on (i.e. the this pointer)
+     *  @param function The address of the void member function to attach
+     */
+    template<typename T>
+    void attach(T *object, R (T::*member)(void)) {
+        _p.object = static_cast<void*>(object);
+        *reinterpret_cast<R (T::**)(void)>(_member) = member;
+        _membercaller = &FP0::membercaller<T>;
+    }
+
+    /** Call the attached static or member function
+     */
+    R call(){
+        if (_membercaller == 0 && _p.function) {
+            return _p.function();
+        } else if (_membercaller && _p.object) {
+            return _membercaller(_p.object, _member);
+        }
+        return (R)0;
+    }
+
+    typedef R (*static_fp)();
+    static_fp get_function() const {
+        return (R(*)())_p.function;
+    }
+
+    R operator ()(void) {
+        return call();
+    }
+    operator bool(void) {
+        void *q = &_p.function;
+        return (_membercaller != NULL) && _p.object != NULL && (*static_cast<void **>(q) != NULL);
+    }
+
+private:
+    template<typename T>
+    static void membercaller(void *object, uintptr_t *member) {
+        T* o = static_cast<T*>(object);
+        R (T::**m)(void) = reinterpret_cast<R (T::**)(void)>(member);
+        (o->**m)();
+    }
+
+    union {
+        R (*function)(void);               // static function pointer - 0 if none attached
+        void *object;                         // object this pointer - 0 if none attached
+    } _p;
+    uintptr_t _member[4];                     // aligned raw member function pointer storage - converted back by registered _membercaller
+    R (*_membercaller)(void*, uintptr_t*); // registered membercaller function to convert back and call _m.member on _object
+};
+
+/* If we had variadic templates, this wouldn't be a problem, but until C++11 is enabled, we are stuck with multiple classes... */
+
+/** A class for storing and calling a pointer to a static or member void function
+ */
+template <typename R, typename A1>
+class FP1{
+public:
+    /** Create a FP, attaching a static function
+     *
+     *  @param function The void static function to attach (default is none)
+     */
+    FP1(R (*function)(A1) = 0) {
+        attach(function);
+    }
+
+    /** Create a FP, attaching a member function
+     *
+     *  @param object The object pointer to invoke the member function on (i.e. the this pointer)
+     *  @param function The address of the void member function to attach
+     */
+    template<typename T>
+    FP1(T *object, R (T::*member)(A1)) {
+        attach(object, member);
+    }
+
+    /** Attach a static function
+     *
+     *  @param function The void static function to attach (default is none)
+     */
+    void attach(R (*function)(A1)) {
+        _p.function = function;
+        _membercaller = 0;
+    }
+
+    /** Attach a member function
+     *
+     *  @param object The object pointer to invoke the member function on (i.e. the this pointer)
+     *  @param function The address of the void member function to attach
+     */
+    template<typename T>
+    void attach(T *object, R (T::*member)(A1)) {
+        _p.object = static_cast<void*>(object);
+        *reinterpret_cast<R (T::**)(A1)>(_member) = member;
+        _membercaller = &FP1::membercaller<T>;
+    }
+
+    /** Call the attached static or member function
+     */
+    R call(A1 a){
+        if (_membercaller == 0 && _p.function) {
+           return _p.function(a);
+        } else if (_membercaller && _p.object) {
+           return _membercaller(_p.object, _member, a);
+        }
+        return (R)0;
+    }
+
+    typedef R (*static_fp)();
+    static_fp get_function() const {
+        return (R(*)())_p.function;
+    }
+
+    R operator ()(A1 a) {
+        return call(a);
+    }
+    operator bool(void)
+    {
+        void *q = &_p.function;
+        return (_membercaller != NULL) && _p.object != NULL && (*static_cast<void **>(q) != NULL);
+    }
+private:
+    template<typename T>
+    static void membercaller(void *object, uintptr_t *member, A1 a) {
+        T* o = static_cast<T*>(object);
+        R (T::**m)(A1) = reinterpret_cast<R (T::**)(A1)>(member);
+        (o->**m)(a);
+    }
+
+    union {
+        R (*function)(A1);               // static function pointer - 0 if none attached
+        void *object;                         // object this pointer - 0 if none attached
+    } _p;
+    uintptr_t _member[4];                     // aligned raw member function pointer storage - converted back by registered _membercaller
+    R (*_membercaller)(void*, uintptr_t*, A1); // registered membercaller function to convert back and call _m.member on _object
+};
+
+
+
+typedef FP0<void> FP;
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mbase.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,396 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_BASE_H
+#define M2M_BASE_H
+
+// Support for std args
+#include <stdint.h>
+#include "mbed-client/m2mconfig.h"
+#include "mbed-client/m2mreportobserver.h"
+
+//FORWARD DECLARATION
+struct sn_coap_hdr_;
+typedef sn_coap_hdr_ sn_coap_hdr_s;
+struct nsdl_s;
+
+class M2MObservationHandler;
+class M2MReportHandler;
+
+/**
+ *  @brief M2MBase.
+ *  This class is the base class based on which all LWM2M object models
+ *  can be created. This serves base class for Object, ObjectInstances and Resources.
+ */
+
+class M2MBase : public M2MReportObserver {
+
+public:
+
+    /**
+      * Enum to define the type of object.
+      */
+    typedef enum {
+        Object = 0x0,
+        Resource = 0x1,
+        ObjectInstance = 0x2,
+        ResourceInstance = 0x3
+    } BaseType;
+
+    /**
+      * Enum to define observation level.
+      */
+    typedef enum {
+        None                 = 0x0,
+        R_Attribute          = 0x01,
+        OI_Attribute         = 0x02,
+        OIR_Attribute        = 0x03,
+        O_Attribute          = 0x04,
+        OR_Attribute         = 0x05,
+        OOI_Attribute        = 0x06,
+        OOIR_Attribute       = 0x07
+    } Observation;
+
+
+    /**
+     * @brief Enum defining an operation that can be
+     * supported by a given resource.
+    */
+    typedef enum {
+        Static,
+        Dynamic,
+        Directory
+    }Mode;
+
+    /**
+     * Enum defining an operation that can be
+     * supported by a given resource.
+    */
+    typedef enum {
+        NOT_ALLOWED                 = 0x00,
+        GET_ALLOWED                 = 0x01,
+        PUT_ALLOWED                 = 0x02,
+        GET_PUT_ALLOWED             = 0x03,
+        POST_ALLOWED                = 0x04,
+        GET_POST_ALLOWED            = 0x05,
+        PUT_POST_ALLOWED            = 0x06,
+        GET_PUT_POST_ALLOWED        = 0x07,
+        DELETE_ALLOWED              = 0x08,
+        GET_DELETE_ALLOWED          = 0x09,
+        PUT_DELETE_ALLOWED          = 0x0A,
+        GET_PUT_DELETE_ALLOWED      = 0x0B,
+        POST_DELETE_ALLOWED         = 0x0C,
+        GET_POST_DELETE_ALLOWED     = 0x0D,
+        PUT_POST_DELETE_ALLOWED     = 0x0E,
+        GET_PUT_POST_DELETE_ALLOWED = 0x0F,
+
+    }Operation;
+
+protected:
+
+    // Prevents the use of default constructor.
+    M2MBase();
+
+    // Prevents the use of assignment operator.
+    M2MBase& operator=( const M2MBase& /*other*/ );
+
+    // Prevents the use of copy constructor
+    M2MBase( const M2MBase& /*other*/ );
+
+    /**
+     * @brief Constructor
+     * @param baseType, Type of the object created
+     * @param name, Name of the object
+     * @param id, ID of the object
+     */
+    M2MBase(const String &name,
+            M2MBase::Mode mode);
+public:
+
+    /**
+     * Destructor
+     */
+    virtual ~M2MBase();
+
+    /**
+     * @brief Sets the operation type for an object.
+     * @param operation, Operation to be set.
+     */
+    virtual void set_operation(M2MBase::Operation operation);
+
+    /**
+     * @brief Sets the interface description of the object.
+     * @param description, Description to be set.
+     */
+    virtual void set_interface_description(const String &description);
+
+    /**
+     * @brief Sets the resource type of the object.
+     * @param resource_type, Resource type to be set.
+     */
+    virtual void set_resource_type(const String &resource_type);
+
+    /**
+     * @brief Sets the CoAP content type of the object.
+     * @param content_type, Content Type to be set based on
+     * CoAP specifications.
+     */
+    virtual void set_coap_content_type(const uint8_t content_type);
+
+    /**
+     * @brief Sets the observable mode for the object.
+     * @param observable, Value for the observation.
+     */
+    virtual void set_observable(bool observable);
+
+    /**
+     * @brief Adds the observation level for the object.
+     * @param observation_level, Level of the observation.
+     */
+    virtual void add_observation_level(M2MBase::Observation observation_level);
+
+    /**
+     * @brief Removes the observation level for the object.
+     * @param observation_level, Level of the observation.
+     */
+    virtual void remove_observation_level(M2MBase::Observation observation_level);
+
+    /**
+     * @brief Sets the object under observation.
+     * @param observed, Value for the observation. When true, starts observing. When false, ongoing observation is cancelled.
+     * @param handler, Handler object for sending
+     * observation callbacks.
+     */
+    virtual void set_under_observation(bool observed,
+                                       M2MObservationHandler *handler);
+
+    /**
+     * @brief Sets the observation token value.
+     * @param token, Pointer to the token of the resource.
+     * @param length , Length of the token pointer.
+     */
+    virtual void set_observation_token(const uint8_t *token,
+                                       const uint8_t length);
+
+    /**
+     * Sets the instance ID of the object.
+     * @param instance_id, Instance ID of the object.
+     */
+    virtual void set_instance_id(const uint16_t instance_id);
+
+    /**
+     * Sets the observation number of the object.
+     * @param observation_number, Observation number of the object.
+     */
+    virtual void set_observation_number(const uint16_t observation_number);
+
+    /**
+     * @brief Returns object type.
+     * @return BaseType of the object.
+     */
+    virtual M2MBase::BaseType base_type() const;
+
+    /**
+     * @brief Returns the operation type of the object.
+     * @return Operation, Supported operation on the object.
+     */
+    virtual M2MBase::Operation operation() const;
+
+    /**
+     * @brief Returns the object name.
+     * @return Name for the object.
+     */
+    virtual const String &name() const;
+
+    /**
+     * @brief Returns the object name in integer.
+     * @return Name for the object in integer.
+     */
+    virtual int32_t name_id() const;
+
+    /**
+     * @brief Returns the object's Instance ID.
+     * @returns Instance ID of the object.
+     */
+    virtual uint16_t instance_id() const;
+
+    /**
+     * @brief Returns the interface description of the object.
+     * @return Description of the object.
+     */
+    virtual const String& interface_description() const;
+
+    /**
+     * @brief Returns the resource type of the object.
+     * @return Resource type of the object.
+     */
+    virtual const String& resource_type() const;
+
+    /**
+     * @brief Returns the CoAP content type of the object.
+     * @return Content type of the object.
+     */
+    virtual uint8_t coap_content_type() const;
+
+    /**
+     * @brief Returns the observation status of the object.
+     * @return True if observable, else false.
+     */
+    virtual bool is_observable() const;
+
+    /**
+     * @brief Returns the observation level of the object.
+     * @return Observation level of the object.
+     */
+    virtual M2MBase::Observation observation_level() const;
+
+    /**
+     * @brief Provides the observation token of the object.
+     * @param value[OUT], pointer to the value of the token.
+     * @param value_length[OUT], length of the token pointer.
+     */
+    virtual void get_observation_token(uint8_t *&token, uint32_t &token_length);
+
+    /**
+     * @brief Returns the mode of the resource.
+     * @return Mode of the resource.
+     */
+     virtual Mode mode() const;
+
+    /**
+     * @brief Returns the observation number.
+     * @return Observation number for the object.
+     */
+    virtual uint16_t observation_number() const;
+
+    /**
+     * @brief Parses the received query for the notification
+     * attribute.
+     * @param query, Query that needs to be parsed.
+     * @return True if required attributes are present, else false.
+     */
+    virtual bool handle_observation_attribute(char *&query);
+
+    /**
+     * @brief Handles GET request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, Received CoAP message from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to server.
+     */
+    virtual sn_coap_hdr_s* handle_get_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+    /**
+     * @brief Handles PUT request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, Received CoAP message from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to server.
+     */
+    virtual sn_coap_hdr_s* handle_put_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+
+    /**
+     * @brief Handles GET request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, Received CoAP message from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to server.
+     */
+    virtual sn_coap_hdr_s* handle_post_request(nsdl_s *nsdl,
+                                               sn_coap_hdr_s *received_coap_header,
+                                               M2MObservationHandler *observation_handler = NULL);
+protected : // from M2MReportObserver
+
+    virtual void observation_to_be_sent();
+
+protected:
+
+    /**
+     * @brief Sets the Base type for object.
+     * @param type, Type of the base object.
+     */
+    virtual void set_base_type(M2MBase::BaseType type);
+
+    /**
+     * @brief Removes resource from the CoAP structure.
+     * @param resource_name, Name of the resource.
+     */
+    virtual void remove_resource_from_coap(const String &resource_name);
+
+    /**
+     * @brief Removes object from NSDL list.
+     */
+    virtual void remove_object_from_coap();
+
+    /**
+     * @brief Memory Allocation required for libCoap.
+     * @param size, Size of memory to be reserved.
+    */
+    virtual void* memory_alloc(uint16_t size);
+
+    /**
+     * @brief Memory free functions required for libCoap.
+     * @param ptr, Object whose memory needs to be freed.
+    */
+    virtual void memory_free(void *ptr);
+
+    /**
+     * @brief Returns Report Handler object.
+     * @return M2MReportHandler object.
+    */
+    M2MReportHandler* report_handler();
+
+    /**
+     * @brief Returns Observation Handler object.
+     * @return M2MObservationHandler object.
+    */
+    M2MObservationHandler* observation_handler();
+
+private:
+
+    bool is_integer(const String &value);
+
+private:
+
+
+    M2MReportHandler           *_report_handler;
+    M2MObservationHandler      *_observation_handler;
+    M2MBase::Operation          _operation;
+    M2MBase::Mode               _mode;
+    M2MBase::BaseType           _base_type;
+    M2MBase::Observation        _observation_level;
+    String                      _name;
+    String                      _resource_type;
+    int32_t                     _name_id;
+    String                      _interface_description;
+    uint8_t                     _coap_content_type;
+    uint16_t                    _instance_id;
+    bool                        _observable;
+    uint16_t                    _observation_number;
+    uint8_t                     *_token;
+    uint8_t                     _token_length;
+
+friend class Test_M2MBase;
+
+};
+
+#endif // M2M_BASE_H
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mconfig.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2MCONFIG_H
+#define M2MCONFIG_H
+
+#include <stdlib.h>
+#include <cstring>
+#include <cstdio>
+#include "mbed-client/m2mstring.h"
+using namespace m2m;
+
+#if defined(HAVE_DEBUG) || !defined(NDEBUG)
+#define TRACE_GROUP "mbed-client"
+#endif
+
+#endif // M2MCONFIG_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mconnectionhandler.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_CONNECTION_HANDLER_H__
+#define M2M_CONNECTION_HANDLER_H__
+
+#include "mbed-client/m2mconnectionobserver.h"
+#include "mbed-client/m2mconfig.h"
+#include "mbed-client/m2minterface.h"
+#include "nsdl-c/sn_nsdl.h"
+
+class M2MConnectionSecurity;
+class M2MConnectionHandlerPimpl;
+
+/**
+ * @brief M2MConnectionHandler.
+ * This class handles the socket connection for the LWM2M Client.
+ */
+
+class M2MConnectionHandler {
+public:
+
+    /**
+     * @enum ConnectionError
+     * This enum defines an error that can come from
+     * socket read and write operation.
+     */
+    typedef enum {
+        CONNECTION_ERROR_WANTS_READ = -1000,
+        CONNECTION_ERROR_WANTS_WRITE = -1001
+    }ConnectionError;
+
+public:
+
+    /**
+    * @brief Constructor
+    */
+    M2MConnectionHandler(M2MConnectionObserver &observer,
+                         M2MConnectionSecurity* sec,
+                         M2MInterface::BindingMode mode,
+                         M2MInterface::NetworkStack stack);
+
+    /**
+    * @brief Destructor
+    */
+    ~M2MConnectionHandler();
+
+    /**
+    * @brief This binds the socket connection.
+    * @param listen_port Port to be listened to for an incoming connection.
+    * @return True if successful, else false.
+    */
+    bool bind_connection(const uint16_t listen_port);
+
+    /**
+    * @brief This resolves the server address. Output is
+    * returned through a callback.
+    * @param String Server address.
+    * @param uint16_t Server port.
+    * @param ServerType, Server Type to be resolved.
+    * @param security, M2MSecurity object that determines what
+    * type of secure connection will be used by the socket.
+    * @return True if address is valid, else false.
+    */
+    bool resolve_server_address(const String& server_address,
+                                const uint16_t server_port,
+                                M2MConnectionObserver::ServerType server_type,
+                                const M2MSecurity* security);
+
+    /**
+    * @brief Sends data to the connected server.
+    * @param data_ptr, Data to be sent.
+    * @param data_len, Length of data to be sent.
+    * @param address_ptr, Address structure where data has to be sent.
+    * @return True if data is sent successfully, else false.
+    */
+    bool send_data(uint8_t *data_ptr,
+                           uint16_t data_len,
+                           sn_nsdl_addr_s *address_ptr);
+
+    /**
+    * @brief Listens to the incoming data from a remote server.
+    * @return True if successful, else false.
+    */
+    bool start_listening_for_data();
+
+    /**
+    * @brief Stops listening to the incoming data.
+    */
+    void stop_listening();
+
+    /**
+     * @brief sendToSocket Sends directly to socket. This is used by
+     * security classes to send the data after it has been encrypted.
+     * @param buf Buffer to send.
+     * @param len Length of a buffer.
+     * @return Number of bytes sent or -1 if failed.
+     */
+    int send_to_socket(const unsigned char *buf, size_t len);
+
+    /**
+     * @brief receiveFromSocket Receives directly from a socket. This
+     * is used by the security classes to receive raw data to be decrypted.
+     * @param buf Buffer to send.
+     * @param len Length of a buffer.
+     * @return Number of bytes read or -1 if failed.
+     */
+    int receive_from_socket(unsigned char *buf, size_t len);
+
+    /**
+    * @brief Closes the open connection.
+    */
+    void close_connection();
+
+    /**
+    * @brief Error handling for DTLS connectivity.
+    * @param error, Error code from TLS library
+    */
+    void handle_connection_error(int error);
+
+private:
+
+    M2MConnectionObserver                       &_observer;
+    M2MConnectionHandlerPimpl                   *_private_impl;
+
+friend class Test_M2MConnectionHandler;
+friend class Test_M2MConnectionHandler_mbed;
+friend class Test_M2MConnectionHandler_linux;
+friend class M2MConnection_TestObserver;
+};
+
+#endif //M2M_CONNECTION_HANDLER_H__
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mconnectionobserver.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_CONNECTION_OBSERVER_H__
+#define M2M_CONNECTION_OBSERVER_H__
+
+#include "mbed-client/m2minterface.h"
+
+/**
+ * @brief M2MConnectionObserver
+ * Observer class for informing socket activity to the state machine.
+ */
+
+class M2MConnectionObserver
+{
+
+public :
+
+    /**
+      * @enum ServerType, Defines the type of the
+      * server that the client wants to use.
+      */
+    typedef enum {
+        Bootstrap,
+        LWM2MServer
+    }ServerType;
+
+    /**
+     * @brief The M2MSocketAddress struct.
+     * Unified container for holding socket address data
+     * across different platforms.
+     */
+    struct SocketAddress{
+        M2MInterface::NetworkStack  _stack;
+        void                        *_address;
+        uint8_t                     _length;
+        uint16_t                    _port;
+    };
+
+    /**
+    * @brief Indicates that data is available from socket.
+    * @param data, The data read from the socket.
+    * @param data_size, The length of the data read from the socket.
+    * @param address, Address of the server where the data is coming from.
+    */
+    virtual void data_available(uint8_t* data,
+                                uint16_t data_size,
+                                const M2MConnectionObserver::SocketAddress &address) = 0;
+
+    /**
+    * @brief Indicates an error occured in socket.
+    * @param error_code, Error code from socket,
+    * it cannot be used any further.
+    */
+    virtual void socket_error(uint8_t error_code) = 0;
+
+    /**
+    * @brief Indicates that the server address resolving is ready.
+    * @param address, Resolved socket address.
+    * @param server_type, Type of server.
+    * @param server_port, Port of the resolved server address.
+    */
+    virtual void address_ready(const M2MConnectionObserver::SocketAddress &address,
+                               M2MConnectionObserver::ServerType server_type,
+                               const uint16_t server_port) = 0;
+
+    /**
+    * @brief Indicates that data has been sent successfully.
+    */
+    virtual void data_sent() = 0;
+};
+
+#endif // M2M_CONNECTION_OBSERVER_H__
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mconnectionsecurity.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __M2M_CONNECTION_SECURITY_H__
+#define __M2M_CONNECTION_SECURITY_H__
+
+class M2MConnectionHandler;
+class M2MSecurity;
+class M2MConnectionSecurityPimpl;
+
+/**
+ * @brief M2MConnectionSecurity.
+ * This class provides a method to create a secure socket connection
+ * to handle connectivity for the mbed Client. It will handle sending, receiving
+ * and establishing a secure connection for the mbed Client on top of the
+ * normal socket connection.
+ */
+
+class M2MConnectionSecurity {
+public:
+    typedef enum {
+        NO_SECURITY = 0,
+        TLS,
+        DTLS
+    } SecurityMode;
+
+private:
+    // Prevents the use of assignment operator by accident.
+    M2MConnectionSecurity& operator=( const M2MConnectionSecurity& /*other*/ );
+    // Prevents the use of copy constructor by accident.
+    M2MConnectionSecurity( const M2MConnectionSecurity& /*other*/ );
+
+public:
+    /**
+     * @brief Default Constructor.
+     */
+    M2MConnectionSecurity(SecurityMode mode);
+
+    /**
+     * @brief Default Destructor.
+     */
+    ~M2MConnectionSecurity();
+
+    /**
+     * @brief Resets the socket connection states.
+     */
+    void reset();
+
+    /**
+     * @brief Initiatlizes the socket connection states.
+     */
+    int init(const M2MSecurity *security);
+
+    /**
+     * @brief Starts the connection in non-blocking mode.
+     * @param connHandler, ConnectionHandler object that maintains the socket.
+     * @return Returns the state of the connection. Successful or not.
+     */
+    int start_connecting_non_blocking(M2MConnectionHandler* connHandler);
+
+    /**
+     * @brief Continues connectivity logic for secure connection.
+     * @return Returns error code if any while continuing connection sequence.
+     */
+    int continue_connecting();
+
+    /**
+     * @brief Connects the client to the server.
+     * @param connHandler, ConnectionHandler object that maintains the socket.
+     * @return Returns the state of the connection. Successful or not.
+     */
+    int connect(M2MConnectionHandler* connHandler);
+
+    /**
+     * @brief Sends data to the server.
+     * @param message, Data to be sent.
+     * @param len, Length of the data.
+     * @return Indicates whether the data is sent successfully or not.
+     */
+    int send_message(unsigned char *message, int len);
+
+    /**
+     * @brief Reads the data received from the server.
+     * @param message, Data to be read.
+     * @param len, Length of the data.
+     * @return Indicates whether the data is read successfully or not.
+     */
+    int read(unsigned char* buffer, uint16_t len);
+
+private:
+
+    M2MConnectionSecurityPimpl* _private_impl;
+
+    friend class Test_M2MConnectionSecurity;
+    //friend class Test_M2MConnectionSecurityImpl;
+};
+
+#endif //__M2M_CONNECTION_SECURITY_H__
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mconstants.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2MCONSTANTS_H
+#define M2MCONSTANTS_H
+
+#include <stdint.h>
+#include "m2mconfig.h"
+
+const int MAX_VALUE_LENGTH = 256;
+const int BUFFER_LENGTH = 1024;
+extern const String COAP;
+const int32_t MINIMUM_REGISTRATION_TIME = 60; //in seconds
+const uint64_t ONE_SECOND_TIMER = 1;
+const uint16_t MAX_ALLOWED_STRING_LENGTH = 64;
+const uint16_t OPTIMUM_LIFETIME = 3600;
+const uint16_t REDUCE_LIFETIME = 900;
+const float REDUCTION_FACTOR = 0.75f;
+
+const int RETRY_COUNT = 2;
+const int RETRY_INTERVAL = 5;
+
+// values per: draft-ietf-core-observe-16
+// OMA LWM2M CR ref.
+#define START_OBSERVATION 0
+#define STOP_OBSERVATION 1
+
+// PUT attributes to be checked from server
+extern const String EQUAL;
+extern const String AMP;
+extern const String PMIN;
+extern const String PMAX;
+extern const String GT;
+extern const String LT;
+extern const String ST;
+extern const String CANCEL;
+
+//LWM2MOBJECT NAME/ID
+extern const String M2M_SECURITY_ID;
+extern const String M2M_SERVER_ID;
+extern const String M2M_ACCESS_CONTROL_ID;
+extern const String M2M_DEVICE_ID;
+
+extern const String M2M_CONNECTIVITY_MONITOR_ID;
+extern const String M2M_FIRMWARE_ID;
+extern const String M2M_LOCATION_ID;
+extern const String M2M_CONNECTIVITY_STATISTICS_ID;
+extern const String RESERVED_ID;
+
+//OBJECT RESOURCE TYPE
+extern const String OMA_RESOURCE_TYPE;
+
+//DEVICE RESOURCES
+extern const String DEVICE_MANUFACTURER;
+extern const String DEVICE_DEVICE_TYPE;
+extern const String DEVICE_MODEL_NUMBER;
+extern const String DEVICE_SERIAL_NUMBER;
+extern const String DEVICE_HARDWARE_VERSION;
+extern const String DEVICE_FIRMWARE_VERSION;
+extern const String DEVICE_SOFTWARE_VERSION;
+extern const String DEVICE_REBOOT;
+extern const String DEVICE_FACTORY_RESET;
+extern const String DEVICE_AVAILABLE_POWER_SOURCES;
+extern const String DEVICE_POWER_SOURCE_VOLTAGE;
+extern const String DEVICE_POWER_SOURCE_CURRENT;
+extern const String DEVICE_BATTERY_LEVEL;
+extern const String DEVICE_BATTERY_STATUS;
+extern const String DEVICE_MEMORY_FREE;
+extern const String DEVICE_MEMORY_TOTAL;
+extern const String DEVICE_ERROR_CODE;
+extern const String DEVICE_RESET_ERROR_CODE;
+extern const String DEVICE_CURRENT_TIME;
+extern const String DEVICE_UTC_OFFSET;
+extern const String DEVICE_TIMEZONE;
+extern const String DEVICE_SUPPORTED_BINDING_MODE;
+
+extern const String BINDING_MODE_UDP;
+extern const String BINDING_MODE_UDP_QUEUE;
+extern const String BINDING_MODE_SMS;
+extern const String BINDING_MODE_SMS_QUEUE;
+
+extern const String ERROR_CODE_VALUE;
+
+
+
+//SECURITY RESOURCES
+extern const String SECURITY_M2M_SERVER_URI;
+extern const String SECURITY_BOOTSTRAP_SERVER;
+extern const String SECURITY_SECURITY_MODE;
+extern const String SECURITY_PUBLIC_KEY;
+extern const String SECURITY_SERVER_PUBLIC_KEY;
+extern const String SECURITY_SECRET_KEY;
+extern const String SECURITY_SMS_SECURITY_MODE;
+extern const String SECURITY_SMS_BINDING_KEY;
+extern const String SECURITY_SMS_BINDING_SECRET_KEY;
+extern const String SECURITY_M2M_SERVER_SMS_NUMBER;
+extern const String SECURITY_SHORT_SERVER_ID;
+extern const String SECURITY_CLIENT_HOLD_OFF_TIME;
+
+//SERVER RESOURCES
+extern const String SERVER_SHORT_SERVER_ID;
+extern const String SERVER_LIFETIME;
+extern const String SERVER_DEFAULT_MIN_PERIOD;
+extern const String SERVER_DEFAULT_MAX_PERIOD;
+extern const String SERVER_DISABLE;
+extern const String SERVER_DISABLE_TIMEOUT;
+extern const String SERVER_NOTIFICATION_STORAGE;
+extern const String SERVER_BINDING;
+extern const String SERVER_REGISTRATION_UPDATE;
+
+//FIRMWARE RESOURCES
+extern const String FIRMWARE_PACKAGE;
+extern const String FIRMWARE_PACKAGE_URI;
+extern const String FIRMWARE_UPDATE;
+extern const String FIRMWARE_STATE;
+extern const String FIRMWARE_UPDATE_SUPPORTED_OBJECTS;
+extern const String FIRMWARE_UPDATE_RESULT;
+extern const String FIRMWARE_PACKAGE_NAME;
+extern const String FIRMWARE_PACKAGE_VERSION;
+
+// TLV serializer / deserializer
+const uint8_t TYPE_RESOURCE = 0xC0;
+const uint8_t TYPE_MULTIPLE_RESOURCE = 0x80;
+const uint8_t TYPE_RESOURCE_INSTANCE = 0x40;
+const uint8_t TYPE_OBJECT_INSTANCE = 0x0;
+
+const uint8_t ID8 = 0x0;
+const uint8_t ID16 = 0x20;
+
+const uint8_t LENGTH8 = 0x08;
+const uint8_t LENGTH16 = 0x10;
+const uint8_t LENGTH24 = 0x18;
+
+const uint8_t COAP_CONTENT_OMA_TLV_TYPE = 99;
+const uint8_t COAP_CONTENT_OMA_JSON_TYPE = 100;
+
+const uint16_t MAX_UNINT_16_COUNT = 65535;
+
+#endif // M2MCONSTANTS_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mdevice.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,250 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_DEVICE_H
+#define M2M_DEVICE_H
+
+#include "mbed-client/m2mobject.h"
+
+// FORWARD DECLARATION
+class M2MResource;
+class M2MResourceInstance;
+
+/**
+ *  @brief M2MDevice.
+ *  This class represents the Device Object model of the LWM2M framework.
+ *  It provides an interface for handling the device object
+ *  and all its corresponding resources. There can be only one instance
+ *  of a Device Object.
+ */
+class  M2MDevice : public M2MObject {
+
+friend class M2MInterfaceFactory;
+
+public:
+
+     /**
+      * @brief Enum defining all the resources associated with the
+      * Device Object in the LWM2M framework.
+      */
+    typedef enum {
+        Manufacturer,
+        DeviceType,
+        ModelNumber,
+        SerialNumber,
+        HardwareVersion,
+        FirmwareVersion,
+        SoftwareVersion,
+        Reboot,
+        FactoryReset,
+        AvailablePowerSources,
+        PowerSourceVoltage,
+        PowerSourceCurrent,
+        BatteryLevel,
+        BatteryStatus,
+        MemoryFree,
+        MemoryTotal,
+        ErrorCode,
+        ResetErrorCode,
+        CurrentTime,
+        UTCOffset,
+        Timezone,
+        SupportedBindingMode
+    }DeviceResource;
+
+private:
+
+    /**
+     * Constructor
+     */
+    M2MDevice();
+
+    // Prevents the use of assignment operator.
+    M2MDevice& operator=( const M2MDevice& /*other*/ );
+
+    // Prevents the use of copy constructor
+    M2MDevice( const M2MDevice& /*other*/ );
+
+    /**
+     * Destructor
+     */
+    virtual ~M2MDevice();
+
+    static M2MDevice* get_instance();
+
+public:
+
+    /**
+     * @brief Deletes the M2MDevice instance.
+     */
+    static void delete_instance();
+
+    /**
+     * @brief Creates a new resource for the given resource enum.
+     * @param resource, With this function, the following resources can be created:
+     * 'Manufacturer', 'DeviceType','ModelNumber','SerialNumber',
+     * 'HardwareVersion', 'FirmwareVersion', 'SoftwareVersion',
+     *  'UTCOffset', 'Timezone', 'SupportedBindingMode'.
+     * @param value, Value to be set on the resource, in String format.
+     * @return M2MResource if created successfully, else NULL.
+     */
+    M2MResource* create_resource(DeviceResource resource, const String &value);
+
+    /**
+     * @brief Creates a new resource for given resource enum.
+     * @param resource, With this function, the following resources can be created:
+     * 'AvailablePowerSources','PowerSourceVoltage','PowerSourceCurrent',
+     * 'BatteryLevel', 'BatteryStatus', 'MemoryFree', 'MemoryTotal',
+     * 'ErrorCode', 'CurrentTime'. For 'CurrentTime', pass the time value in EPOCH format, for example
+     * 1438944683.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @return M2MResource if created successfully, else NULL.
+     */
+    M2MResource* create_resource(DeviceResource resource, int64_t value);
+
+    /**
+     * @brief Creates a new resource instance for given resource enum.
+     * @param resource, With this function, the following resources can be created:
+     * 'AvailablePowerSources','PowerSourceVoltage','PowerSourceCurrent',
+     * 'ErrorCode'.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @return M2MResourceInstance if created successfully, else NULL.
+     */
+    M2MResourceInstance* create_resource_instance(DeviceResource resource, int64_t value,
+                                                  uint16_t instance_id);
+
+    /**
+     * @brief Creates a new resource for given resource name.
+     * @param resource, With this function, the following resources can be created:
+     * 'ResetErrorCode','FactoryReset'.
+     * @return M2MResource if created successfully, else NULL.
+     */
+    M2MResource* create_resource(DeviceResource resource);
+
+    /**
+     * @brief Deletes the resource with the given resource enum.
+     * Mandatory resources cannot be deleted.
+     * @param resource, Name of the resource to be deleted.
+     * @return True if deleted, else false.
+     */
+    bool delete_resource(DeviceResource resource);
+
+    /**
+     * @brief Deletes the resource with the given resource enum.
+     * Mandatory resources cannot be deleted.
+     * @param resource, Name of the resource to be deleted.
+     * @param instance_id, Instance Id of the resource.
+     * @return True if deleted, else false.
+     */
+    bool delete_resource_instance(DeviceResource resource,
+                                  uint16_t instance_id);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set for the following resources:
+     * 'Manufacturer', 'DeviceType','ModelNumber','SerialNumber',
+     * 'HardwareVersion', 'FirmwareVersion', 'SoftwareVersion',
+     *  'UTCOffset', 'Timezone', 'SupportedBindingMode'.
+     * @param value, Value to be set on the resource, in String format.
+     * @param instance_id, Instance Id of the resource, default is 0.
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(DeviceResource resource,
+                            const String &value,
+                            uint16_t instance_id = 0);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set for the following resources:
+     * 'AvailablePowerSources','PowerSourceVoltage','PowerSourceCurrent',
+     * 'BatteryLevel', 'BatteryStatus', 'MemoryFree', 'MemoryTotal',
+     * 'ErrorCode', 'CurrentTime'.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @param instance_id, Instance Id of the resource, default is 0.
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(DeviceResource resource,
+                            int64_t value,
+                            uint16_t instance_id = 0);
+
+    /**
+     * @brief Returns the value of the given resource enum, in String.
+     * @param resource, With this function, the following resources can return a value:
+     * 'Manufacturer', 'DeviceType','ModelNumber','SerialNumber',
+     * 'HardwareVersion', 'FirmwareVersion', 'SoftwareVersion',
+     *  'UTCOffset', 'Timezone', 'SupportedBindingMode'.
+     * @param instance_id, Instance Id of the resource, default is 0.
+     * @return Value associated with that resource. If the resource is not valid NULL is returned.
+     */
+    String resource_value_string(DeviceResource resource,
+                                 uint16_t instance_id = 0) const;
+
+    /**
+     * @brief Returns the value of the given resource key name, in Integer.
+     * @param resource, With this function, the following resources can return a value:
+     * 'AvailablePowerSources','PowerSourceVoltage','PowerSourceCurrent',
+     * 'BatteryLevel', 'BatteryStatus', 'MemoryFree', 'MemoryTotal',
+     * 'ErrorCode', 'CurrentTime'.
+     * @param instance_id, Instance Id of the resource, default is 0
+     * @return Value associated with that resource. If the resource is not valid -1 is returned.
+     */
+    int64_t resource_value_int(DeviceResource resource,
+                               uint16_t instance_id = 0) const;
+
+    /**
+     * @brief Indicates whether the resource instance with given resource enum exists or not.
+     * @param resource, Resource enum.
+     * @return True if at least one instance exists, else false.
+     */
+    bool is_resource_present(DeviceResource resource)const;
+
+    /**
+     * @brief Returns the number of resources for the whole device object.
+     * @return Total number of resources belonging to the device object.
+     */
+    uint16_t total_resource_count()const;
+
+    /**
+     * @brief Returns the number of resources for a given resource enum.
+     * @param resource, Resource enum.
+     * @return Number of resources for a given resource enum. Returns 1 for the
+     * mandatory resources. Can be 0 as well if no instances exist for an
+     * optional resource.
+     */
+    uint16_t per_resource_count(DeviceResource resource)const;
+
+private:
+
+    M2MResourceInstance* get_resource_instance(DeviceResource dev_res,
+                                               uint16_t instance_id) const;
+
+    String resource_name(DeviceResource resource) const;
+
+    bool check_value_range(DeviceResource resource, const int64_t value) const;
+
+private :
+
+    M2MObjectInstance*    _device_instance;     //Not owned
+
+protected:
+
+    static M2MDevice*     _instance;
+
+    friend class Test_M2MDevice;
+    friend class Test_M2MInterfaceFactory;
+};
+
+#endif // M2M_DEVICE_H
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mfirmware.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,233 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2MFIRMWARE_H
+#define M2MFIRMWARE_H
+
+#include "mbed-client/m2mobject.h"
+
+// FORWARD DECLARATION
+class M2MResource;
+class M2MResourceInstance;
+
+/**
+ *  @brief M2MFirmware.
+ *  This class represents the Firmware Object model of the LWM2M framework.
+ *  It provides an interface for handling the firmware object
+ *  and all its corresponding resources. There can be only one instance
+ *  of a Firmware Object.
+ */
+class  M2MFirmware : public M2MObject {
+
+friend class M2MInterfaceFactory;
+
+public:
+
+     /**
+      * @brief Enum defining all the resources associated with a
+      * Firmware Object in the LWM2M framework.
+      */
+    typedef enum {
+        Package,
+        PackageUri,
+        Update,
+        State,
+        UpdateSupportedObjects,
+        UpdateResult,
+        PackageName,
+        PackageVersion
+    } FirmwareResource;
+
+    /**
+     * @brief Enum defining the state of the firmware update.
+     */
+    typedef enum {
+       Idle = 0,
+       Downloading,
+       Downloaded
+    } UpdateState;
+
+    /**
+     * @brief Enum defining the result of the firmware update.
+     */
+    typedef enum {
+       Default = 0,
+       SuccessfullyUpdated,
+       NotEnoughSpace,
+       OutOfMemory,
+       ConnectionLost,
+       CRCCheckFailure,
+       UnsupportedPackageType,
+       InvalidURI
+    } ResultOfUpdate;
+
+private:
+
+    /**
+     * Constructor
+     */
+    M2MFirmware();
+
+    // Prevents the use of assignment operator.
+    M2MFirmware& operator=( const M2MFirmware& /*other*/ );
+
+    // Prevents the use of copy constructor.
+    M2MFirmware( const M2MFirmware& /*other*/ );
+
+    /**
+     * Destructor
+     */
+    virtual ~M2MFirmware();
+
+    static M2MFirmware* get_instance();
+
+public:
+
+    /**
+     * @brief Deletes the M2MFirmware instance.
+     */
+    static void delete_instance();
+
+    /**
+     * @brief Creates a new resource for given resource enum.
+     * @param resource, With this function, the following resources can be created:
+     * 'PackageUri', 'PackageName','PackageVersion'.
+     * @param value, Value to be set on the resource, in String format.
+     * @return M2MResource if created successfully, else NULL.
+     */
+    M2MResource* create_resource(FirmwareResource resource, const String &value);
+
+    /**
+     * @brief Creates a new resource for given resource enum.
+     * @param resource, With this function, the following resources can be created:
+     * 'State','UpdateSupportedObjects','UpdateResult'.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @return M2MResource if created successfully, else NULL.
+     */
+    M2MResource* create_resource(FirmwareResource resource, int64_t value);
+
+    /**
+     * @brief Deletes the resource with the given resource enum.
+     * Mandatory resources cannot be deleted.
+     * @param resource, Name of the resource to be deleted.
+     * @return True if deleted, else false.
+     */
+    bool delete_resource(FirmwareResource resource);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set on the following resources:
+     * 'Package', 'PackageUri', 'PackageName','PackageVersion'.
+     * @param value, Value to be set on the resource, in String format.     
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(FirmwareResource resource,
+                            const String &value);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set for the following resources:
+     * 'State','UpdateSupportedObjects','UpdateResult'.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(FirmwareResource resource,
+                            int64_t value);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set for the following resources:
+     * 'Package'.
+     * @param value, Value to be set on the resource, in uint8_t format.
+     * @param size, Size of the buffer value to be set on the resource.
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(FirmwareResource resource,
+                            const uint8_t *value,
+                            const uint32_t length);
+
+    /**
+     * @brief Returns the value of the given resource enum, in String.
+     * @param resource, With this function, the following resources can return value:
+     * 'PackageUri', 'PackageName','PackageVersion'.
+     * @return Value associated with that resource, if key is not valid it returns NULL.
+     */
+    String resource_value_string(FirmwareResource resource) const;
+
+    /**
+     * @brief Returns the value of the given resource key name, in Integer.
+     * @param resource, With this function, the following resources can return a value:
+     * 'State','UpdateSupportedObjects','UpdateResult'.     
+     * @return Value associated with that resource. If the resource is not valid -1 is returned.
+     */
+    int64_t resource_value_int(FirmwareResource resource) const;
+
+    /**
+     * @brief Populates the data buffer and returns the size of the buffer.
+     * @param resource, With this function, the following resources can return a value:
+     * 'Package'.
+     * @param [OUT] data, Data buffer containing the value.
+     * @return Size of the buffer populated.
+     */
+    uint32_t resource_value_buffer(FirmwareResource resource,
+                                   uint8_t *&data) const;
+
+    /**
+     * @brief Returns whether the resource instance with given resource enum exists or not.
+     * @param resource, Resource enum.
+     * @return True if at least one instance exists, else false.
+     */
+    bool is_resource_present(FirmwareResource resource) const;
+
+    /**
+     * @brief Returns number of resources for the whole firmware object.
+     * @return Total number of resources belonging to the firmware object.
+     */
+    uint16_t total_resource_count() const;
+
+    /**
+     * @brief Returns the number of resources for a given resource enum.
+     * @param resource, Resource enum.
+     * @return Number of resources for a given resource enum. Returns 1 for the
+     * mandatory resources. Can be 0 as well if no instance exists for an
+     * optional resource.
+     */
+    uint16_t per_resource_count(FirmwareResource resource) const;
+
+
+private:
+
+    M2MResource* get_resource(FirmwareResource resource) const;
+
+    String resource_name(FirmwareResource resource) const;
+
+    void create_mandatory_resources();
+
+    bool check_value_range(FirmwareResource resource, const int64_t value) const;
+
+private :
+
+    M2MObjectInstance*    _firmware_instance;     //Not owned
+
+protected:
+
+    static M2MFirmware*     _instance;
+
+    friend class Test_M2MFirmware;
+    friend class Test_M2MInterfaceFactory;
+};
+
+
+#endif // M2MFIRMWARE_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2minterface.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_INTERFACE_H
+#define M2M_INTERFACE_H
+
+#include <stdint.h>
+#include "mbed-client/m2mvector.h"
+#include "mbed-client/m2mconfig.h"
+#include "mbed-client/functionpointer.h"
+
+//FORWARD DECLARATION
+class M2MSecurity;
+class M2MObject;
+class M2MInterfaceObserver;
+
+typedef Vector<M2MObject *> M2MObjectList;
+typedef FP callback_handler;
+
+/**
+ *  @brief M2MInterface.
+ *  This class provides an interface for handling all the mbed Client Interface operations
+ *  defined in the OMA LWM2M specifications.
+ *  This includes Bootstrapping, Client Registration, Device Management &
+ *  Service Enablement and Information Reporting.
+ */
+
+class M2MInterface {
+
+public:
+
+    /**
+     * @brief Enum defining different kinds of errors
+     * that can occur during various client operations.
+     */
+    typedef enum {
+        ErrorNone = 0,
+        AlreadyExists,
+        BootstrapFailed,
+        InvalidParameters,
+        NotRegistered,
+        Timeout,
+        NetworkError,
+        ResponseParseFailed,
+        UnknownError,
+        MemoryFail,
+        NotAllowed
+    }Error;
+
+    /**
+     * @brief Enum defining different kinds of binding
+     * modes handled for client operations.
+     */
+    typedef enum {
+        NOT_SET = 0,
+        UDP = 0x01,
+        UDP_QUEUE = 0x03,
+        SMS = 0x04,
+        SMS_QUEUE =0x06,
+        UDP_SMS_QUEUE = 0x07,
+        TCP = 0x08, //not real value, spec does not have one!
+        TCP_QUEUE = 0x09 //not real value, spec does not have one!
+    }BindingMode;
+
+    /**
+     * @brief Enum defining different kinds of network
+     * stacks that can be used by the mbed Client.
+     */
+    typedef enum {
+        Uninitialized = 0,
+        LwIP_IPv4,
+        LwIP_IPv6,
+        Reserved,
+        Nanostack_IPv6,
+        Unknown
+    }NetworkStack;
+
+public:
+
+    virtual ~M2MInterface(){}
+
+    /**
+     * @brief Initiates bootstrapping of the client with the provided Bootstrap
+     * server information.
+     * NOTE: This API is not supported for developers!!
+     * @param security_object, Security object that contains information
+     * required for successful bootstrapping of the client.
+     */
+    virtual void bootstrap(M2MSecurity *security_object) = 0;
+
+    /**
+     * @brief Cancels the ongoing bootstrapping operation of the client. If the client has
+     * already successfully bootstrapped this function deletes the existing
+     * bootstrap information from the client.
+     * NOTE: This API is not supported for developers!!
+     */
+    virtual void cancel_bootstrap() = 0;
+
+    /**
+     * @brief Initiates the registration of the provided Security object to the
+     * corresponding LWM2M server.
+     * @param security_object, Security object that contains information
+     * required for registering to the LWM2M server.
+     * If the client wants to register to multiple LWM2M servers it must call
+     * this function once for each of the LWM2M server objects separately.
+     * @param object_list, Objects that contain information about the
+     * client attempting to register to the LWM2M server.
+     */
+    virtual void register_object(M2MSecurity *security_object, const M2MObjectList &object_list) = 0;
+
+    /**
+     * @brief Updates or refreshes the client's registration on the LWM2M
+     * server.
+     * @param security_object, Security object from which the device object
+     * needs to update registration. If there is only one LWM2M server registered
+     * this parameter can be NULL.
+     * @param lifetime, Lifetime for the endpoint client in seconds. If the same value
+     * has to be passed then put the default value as 0.
+     */
+    virtual void update_registration(M2MSecurity *security_object, const uint32_t lifetime = 0) = 0;
+
+    /**
+     * @brief Unregisters the registered object from the LWM2M server.
+     * @param security_object, Security object from which the device object
+     * needs to be unregistered. If there is only one LWM2M server registered
+     * this parameter can be NULL.
+     */
+    virtual void unregister_object(M2MSecurity* security_object = NULL) = 0;
+
+    /**
+     * @brief Sets the function that will be called for indicating that the client
+     * is going to sleep when the Binding mode is selected with Queue mode.
+     * @param callback, Function pointer that will be called when the client
+     * goes to sleep.
+     */
+    virtual void set_queue_sleep_handler(callback_handler handler) = 0;
+
+};
+
+#endif // M2M_INTERFACE_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2minterfacefactory.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_INTERFACE_FACTORY_H
+#define M2M_INTERFACE_FACTORY_H
+
+#include <stdlib.h>
+#include "mbed-client/m2msecurity.h"
+#include "mbed-client/m2mresource.h"
+#include "mbed-client/m2minterfaceobserver.h"
+
+//FORWARD DECLARATION
+class M2MDevice;
+class M2MServer;
+class M2MInterfaceImpl;
+class M2MFirmware;
+
+/**
+ *  @brief M2MInterfaceFactory.
+ *  This is a factory class that provides an interface for creating an mbed Client Interface
+ *  object for an application to utilize the LWM2M features provided by the client.
+ */
+
+class  M2MInterfaceFactory {
+private:
+    // Prevents the use of assignment operator by accident.
+    M2MInterfaceFactory& operator=( const M2MInterfaceFactory& /*other*/ );
+
+    // Prevents the use of copy constructor by accident
+    M2MInterfaceFactory( const M2MInterfaceFactory& /*other*/ );
+
+public:
+
+    /**
+     * @brief Creates an interface object for the mbed Client Inteface. With this, the
+     * client can handle client operations like Bootstrapping, Client
+     * Registration, Device Management and Information Reporting.
+     * @param endpoint_name, Endpoint name of the mbed client.
+     * @param endpoint_type, Endpoint type of the mbed client, default is empty.
+     * @param life_time, Lifetime of the endpoint in seconds,
+     *        if -1 it is optional.
+     * @param listen_port, Listening port for the endpoint, default is 5683.
+     * @param domain, Domain of the endpoint, default is empty.
+     * @param mode, Binding Mode of the endpoint, default is NOT_SET.
+     * @param stack, Select the underlying network stack to be used for the connection,
+     * default is LwIP_IPv4.
+     * @param context_address, Context address for M2M-HTTP, not used currently.
+     * @return M2MInterfaceImpl , Object to manage other client operations.
+     */
+    static M2MInterface *create_interface(M2MInterfaceObserver &observer,
+                                              const String &endpoint_name,
+                                              const String &endpoint_type = "",
+                                              const int32_t life_time = -1,
+                                              const uint16_t listen_port = 5683,
+                                              const String &domain = "",
+                                              M2MInterface::BindingMode mode = M2MInterface::NOT_SET,
+                                              M2MInterface::NetworkStack stack = M2MInterface::LwIP_IPv4,
+                                              const String &context_address = "");
+
+    /**
+     * @brief Creates a security object for the mbed Client Inteface. With this, the
+     * client can manage Bootstrapping and Client Registration.
+     * @param ServerType, Type of the Security Object, bootstrap or LWM2M server.
+     * @return M2MSecurity, Object to manage other client operations.
+     */
+    static M2MSecurity *create_security(M2MSecurity::ServerType server_type);
+
+    /**
+     * @brief Creates a server object for the mbed Client Inteface. With this, the 
+     * client can manage the server resources used for client operations
+     * such as Client Registration, server lifetime etc.
+     * @return M2MServer, Object to manage server client operations.
+     */
+    static M2MServer *create_server();
+
+    /**
+     * @brief Creates a device object for the mbed Client Inteface. With this, the
+     * client can manage the device resources used for client operations
+     * such as Client Registration, Device Management and Information Reporting.
+     * @param name, Name of the device object.
+     * @return M2MDevice, Object to manage other client operations.
+     */
+    static M2MDevice *create_device();
+
+    /**
+     * @brief Creates a firmware object for the mbed Client Inteface. With this, the
+     * client can manage the firmware resources used for the client operations
+     * such as Client Registration, Device Management and Information Reporting.
+     * @return M2MFirmware, Object to manage other client operations.
+     */
+    static M2MFirmware *create_firmware();
+
+    /**
+     * @brief Creates a generic object for the mbed Client Inteface. With this, the
+     * client can manage its own customized resources used for registering
+     * Device Management and Information Reporting for those resources.
+     * @param name, Name of the object.
+     * @param id, Unique ID for the object. It should be other than the reserved
+     * LWM2M object IDs.
+     * @return M2MObject, Object to manage other mbed Client operations.
+     */
+    static M2MObject *create_object(const String &name);
+
+
+    friend class Test_M2MInterfaceFactory;
+};
+
+#endif // M2M_INTERFACE_FACTORY_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2minterfaceobserver.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_INTERFACE_OBSERVER_H
+#define M2M_INTERFACE_OBSERVER_H
+
+#include "mbed-client/m2mbase.h"
+#include "mbed-client/m2minterface.h"
+
+//FORWARD DECLARATION
+class M2MServer;
+
+/**
+ * @brief M2MInterfaceObserver
+ * This is an observer class that updates the calling application about
+ * various events associated with various Interface operations.
+ * Also, it informs about various errors that can occur during any of the above
+ * operations.
+ */
+class M2MInterfaceObserver {
+
+public:
+
+    /**
+     * @brief Callback indicating that the bootstap has been done successfully.
+     * @param server_object Server object that contains information fetched
+     * about the LWM2M server from the bootstrap server. This object can be used
+     * to register to the LWM2M server. The object ownership is passed.
+     */
+    virtual void bootstrap_done(M2MSecurity *server_object) = 0;
+
+    /**
+     * @brief Callback indicating that the device object has been registered
+     * successfully to the LWM2M server.
+     * @param security_object Server object on which the device object is
+     * registered. The object ownership is passed.
+     * @param server_object, Object containing information about the LWM2M server.
+     * The client maintains the object.
+     */
+    virtual void object_registered(M2MSecurity *security_object, const M2MServer &server_object) = 0;
+
+    /**
+     * @brief Callback indicating that the device object has been successfully unregistered
+     * from the LWM2M server.
+     * @param server_object Server object from which the device object is
+     * unregistered. The object ownership is passed.
+     */
+    virtual void object_unregistered(M2MSecurity *server_object) = 0;
+
+    /**
+     * @brief Callback indicating that the device object registration has been successfully
+     * updated on the LWM2M server.
+     * @param security_object Server object on which the device object registration
+     * updated. The object ownership is passed.
+     * @param server_object, Object containing information about the LWM2M server.
+     * The client maintains the object.
+     */
+    virtual void registration_updated(M2MSecurity *security_object, const M2MServer & server_object) = 0;
+
+    /**
+     * @brief Callback indicating that there is an error during the operation.
+     * @param error Error code informing about the error that occured.
+     */
+    virtual void error(M2MInterface::Error error) = 0;
+
+    /**
+     * @brief Callback indicating that the value of the resource object is updated by the server.
+     * @param base Object whose value is updated.
+     * @param type Type of object.
+     */
+    virtual void value_updated(M2MBase *base, M2MBase::BaseType type) = 0;
+};
+
+#endif // M2M_INTERFACE_OBSERVER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mobject.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_OBJECT_H
+#define M2M_OBJECT_H
+
+#include "mbed-client/m2mvector.h"
+#include "mbed-client/m2mbase.h"
+#include "mbed-client/m2mobjectinstance.h"
+
+//FORWARD DECLARATION
+typedef Vector<M2MObjectInstance *> M2MObjectInstanceList;
+
+/**
+ *  @brief M2MObject.
+ *  This class is the base class for the mbed Client Objects. All defined
+ *  LWM2M object models can be created based on it. This class also holds all object
+ *  instances associated with the given object.
+ */
+
+class M2MObject : public M2MBase,
+                  public M2MObjectCallback
+{
+
+friend class M2MInterfaceFactory;
+
+protected :
+
+    /**
+     * @brief Constructor
+     * @param name, Name of the object
+     */
+    M2MObject(const String &object_name);
+
+    // Prevents the use of default constructor.
+    M2MObject();
+
+    // Prevents the use of assignment operator.
+    M2MObject& operator=( const M2MObject& /*other*/ );
+
+    // Prevents the use of copy constructor.
+    M2MObject( const M2MObject& /*other*/ );
+
+public:
+
+    /**
+     * @brief Destructor
+     */
+    virtual ~M2MObject();
+
+    /**
+     * @brief Creates a new object instance for a given mbed Client Interface object. With this,
+     * the client can respond to server's GET methods with the provided value.
+     * @return M2MObjectInstance, Object instance for managing other client operations.
+     */
+    M2MObjectInstance* create_object_instance(uint16_t instance_id = 0);
+
+    /**
+     * @brief Removes the object instance resource with the given instance id.
+     * @param instance_id, Instance ID of the object instance to be removed, default is 0.
+     * @return True if removed, else false.
+     */
+    virtual bool remove_object_instance(uint16_t instance_id = 0);
+
+    /**
+     * @brief Returns object instance with the the given instance id.
+     * @param instance_id, Instance ID of the requested object instance id, default is 0.
+     * @return Object instance reference if found, else NULL.
+     */
+    virtual M2MObjectInstance* object_instance(uint16_t instance_id = 0) const;
+
+    /**
+     * @brief Returns a list of object instances.
+     * @return List of instances with the object.
+     */
+    virtual const M2MObjectInstanceList& instances() const;
+
+    /**
+     * @brief Returns the total number of instances with the object.
+     * @return Total number of the object instances.
+     */
+    virtual uint16_t instance_count() const;
+
+    /**
+     * @brief Returns object type.
+     * @return BaseType.
+     */
+    virtual M2MBase::BaseType base_type() const;
+
+    /**
+     * @brief Adds the observation level for the object.
+     * @param observation_level, Level of observation.
+     */
+    virtual void add_observation_level(M2MBase::Observation observation_level);
+
+    /**
+     * @brief Removes the observation level from the object.
+     * @param observation_level, Level of observation.
+     */
+    virtual void remove_observation_level(M2MBase::Observation observation_level);
+
+    /**
+     * @brief Handles GET request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to server.
+     */
+    virtual sn_coap_hdr_s* handle_get_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+    /**
+     * @brief Handles PUT request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to server.
+     */
+    virtual sn_coap_hdr_s* handle_put_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+
+    /**
+     * @brief Handles GET request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to server.
+     */
+    virtual sn_coap_hdr_s* handle_post_request(nsdl_s *nsdl,
+                                               sn_coap_hdr_s *received_coap_header,
+                                               M2MObservationHandler *observation_handler = NULL);
+
+protected :
+
+     virtual void notification_update();
+
+private:
+
+    M2MObjectInstanceList     _instance_list; // owned    
+    uint16_t                  _max_instance_count;
+
+friend class Test_M2MObject;
+friend class Test_M2MInterfaceImpl;
+friend class Test_M2MNsdlInterface;
+friend class Test_M2MTLVSerializer;
+friend class Test_M2MTLVDeserializer;
+
+};
+
+#endif // M2M_OBJECT_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mobjectinstance.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,257 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_OBJECT_INSTANCE_H
+#define M2M_OBJECT_INSTANCE_H
+
+#include "mbed-client/m2mvector.h"
+#include "mbed-client/m2mresource.h"
+
+//FORWARD DECLARATION
+typedef Vector<M2MResource *> M2MResourceList;
+typedef Vector<M2MResourceInstance *> M2MResourceInstanceList;
+
+class M2MObjectCallback {
+public:
+    virtual void notification_update() = 0;
+};
+
+/**
+ *  @brief M2MObjectInstance.
+ *  This class is the instance class for mbed Client Objects. All defined
+ *  LWM2M object models can be created based on it. This class also holds all resource
+ *  instances associated with the given object.
+ */
+
+class M2MObjectInstance : public M2MBase,
+                          public M2MObjectInstanceCallback
+{
+
+friend class M2MObject;
+
+private: // Constructor and destructor are private which means
+         // that these objects can be created or
+         // deleted only through function provided by M2MObject.
+
+    /**
+     * @brief Constructor
+     * @param name, Name of the object
+     */
+    M2MObjectInstance(const String &object_name,
+                      M2MObjectCallback &object_callback);
+
+
+    // Prevents the use of default constructor.
+    M2MObjectInstance();
+
+    // Prevents the use of assignment operator.
+    M2MObjectInstance& operator=( const M2MObjectInstance& /*other*/ );
+
+    // Prevents the use of copy constructor.
+    M2MObjectInstance( const M2MObjectInstance& /*other*/ );
+
+    /**
+     * Destructor
+     */
+    virtual ~M2MObjectInstance();
+
+public:
+
+    /**
+     * @brief Creates a static resource for a given mbed Client Inteface object. With this, the
+     * client can respond to server's GET methods with the provided value.
+     * @param resource_name, Name of the resource.
+     * @param resource_type, Type of the resource.
+     * @param value, Pointer to the value of the resource.
+     * @param value_length, Length of the value in the pointer.
+     * @param multiple_instance, Resource can have
+     *        multiple instances, default is false.
+     * @return M2MResource, Resource for managing other client operations.
+     */
+    M2MResource* create_static_resource(const String &resource_name,
+                                        const String &resource_type,
+                                        M2MResourceInstance::ResourceType type,
+                                        const uint8_t *value,
+                                        const uint8_t value_length,
+                                        bool multiple_instance = false);
+
+    /**
+     * @brief Creates a dynamic resource for a given mbed Client Inteface object. With this,
+     * the client can respond to different queries from the server (GET,PUT etc).
+     * This type of resource is also observable and carries callbacks.
+     * @param resource_name, Name of the resource.
+     * @param resource_type, Type of the resource.
+     * @param observable, Indication, whether the resource is observable or not.
+     * @param multiple_instance, Resource can have
+     *        multiple instances, default is false.
+     * @return M2MResource, Resource for managing other client operations.
+     */
+    M2MResource* create_dynamic_resource(const String &resource_name,
+                                         const String &resource_type,
+                                         M2MResourceInstance::ResourceType type,
+                                         bool observable,
+                                         bool multiple_instance = false);
+
+
+    /**
+     * @brief Creates a static resource instance for a given mbed Client Inteface object. With this,
+     * the client can respond to server's GET methods with the provided value.
+     * @param resource_name, Name of the resource.
+     * @param resource_type, Type of the resource.
+     * @param value, Pointer to the value of the resource.
+     * @param value_length, Length of the value in pointer.
+     * @param instance_id, Instance Id of the resource.
+     * @return M2MResourceInstance, Resource Instance for managing other client operations.
+     */
+    M2MResourceInstance* create_static_resource_instance(const String &resource_name,
+                                                         const String &resource_type,
+                                                         M2MResourceInstance::ResourceType type,
+                                                         const uint8_t *value,
+                                                         const uint8_t value_length,
+                                                         uint16_t instance_id);
+
+    /**
+     * @brief Creates a dynamic resource instance for a given mbed Client Inteface object. With this,
+     * the client can respond to different queries from the server (GET,PUT etc).
+     * This type of resource is also observable and carries callbacks.
+     * @param resource_name, Name of the resource.
+     * @param resource_type, Type of the resource.
+     * @param observable, Indicates, whether the resource is observable or not.
+     * @param instance_id, Instance Id of the resource.
+     * @return M2MResourceInstance, Resource Instance for managing other client operations.
+     */
+    M2MResourceInstance* create_dynamic_resource_instance(const String &resource_name,
+                                                          const String &resource_type,
+                                                          M2MResourceInstance::ResourceType type,
+                                                          bool observable,
+                                                          uint16_t instance_id);
+
+    /**
+     * @brief Removes the resource with the given name.
+     * @param name, Name of the resource to be removed.
+     * @return True if removed, else false.
+     */
+    virtual bool remove_resource(const String &name);
+
+    /**
+     * @brief Removes the resource instance with the given name.
+     * @param resource_name, Name of the resource instance to be removed.
+     * @param instance_id, Instance Id of the instance.
+     * @return True if removed, else false.
+     */
+    virtual bool remove_resource_instance(const String &resource_name,
+                                          uint16_t instance_id);
+
+    /**
+     * @brief Returns resource with the given name.
+     * @param name, Name of the requested resource.
+     * @return Resource reference if found, else NULL.
+     */
+    virtual M2MResource* resource(const String &name) const;
+
+    /**
+     * @brief Returns a list of M2MResourceBase objects.
+     * @return List of Resource base with the object instance.
+     */
+    virtual const M2MResourceList& resources() const;
+
+    /**
+     * @brief Returns the total number of resources with the object.
+     * @return Total number of the resources.
+     */
+    virtual uint16_t resource_count() const;
+
+    /**
+     * @brief Returns the total number of single resource instances.
+     * @param resource, Name of the resource.
+     * @return Total number of the resources.
+     */
+    virtual uint16_t resource_count(const String& resource) const;
+
+    /**
+     * @brief Returns object type.
+     * @return BaseType.
+     */
+    virtual M2MBase::BaseType base_type() const;
+
+    /**
+     * @brief Adds the observation level for the object.
+     * @param observation_level, Level of observation.
+     */
+    virtual void add_observation_level(M2MBase::Observation observation_level);
+
+    /**
+     * @brief Removes the observation level from the object.
+     * @param observation_level, Level of observation.
+     */
+    virtual void remove_observation_level(M2MBase::Observation observation_level);
+
+    /**
+     * @brief Handles GET request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to the server.
+     */
+    virtual sn_coap_hdr_s* handle_get_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+    /**
+     * @brief Handles PUT request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to the server.
+     */
+    virtual sn_coap_hdr_s* handle_put_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+
+    /**
+     * @brief Handles GET request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to the server.
+     */
+    virtual sn_coap_hdr_s* handle_post_request(nsdl_s *nsdl,
+                                               sn_coap_hdr_s *received_coap_header,
+                                               M2MObservationHandler *observation_handler = NULL);
+
+
+protected :
+
+    virtual void notification_update(M2MBase::Observation observation_level);
+
+private:
+
+    M2MObjectCallback   &_object_callback;
+    M2MResourceList     _resource_list; // owned
+
+    friend class Test_M2MObjectInstance;
+    friend class Test_M2MObject;
+    friend class Test_M2MDevice;
+    friend class Test_M2MSecurity;
+    friend class Test_M2MServer;
+    friend class Test_M2MNsdlInterface;
+    friend class Test_M2MFirmware;
+    friend class Test_M2MTLVSerializer;
+    friend class Test_M2MTLVDeserializer;
+};
+
+#endif // M2M_OBJECT_INSTANCE_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mobservationhandler.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_OBSERVATION_HANDLER_H
+#define M2M_OBSERVATION_HANDLER_H
+
+
+//FORWARD DECLARATION
+class M2MBase;
+class M2MResourceInstance;
+
+/**
+ * @brief M2MObservationHandler
+ * An interface for handling observation
+ * callbacks from different objects.
+ *
+ */
+class M2MObservationHandler
+{
+  public:
+
+    /**
+     * @brief Observation callback to be sent to the
+     * server due to a change in a parameter under observation.
+     * @param object, Observed object whose information
+     * needs to be sent.
+     */
+    virtual void observation_to_be_sent(M2MBase *object) = 0;
+
+    /**
+     * @brief Callback for deleting an NSDL resource.
+     * @param resource_name, Name of the observed object whose information
+     * needs to be deleted.
+     */
+    virtual void resource_to_be_deleted(const String &resource_name) = 0;
+
+    /**
+     * @brief Callback indicating that the value of the resource object is updated by server.
+     * @param base, Object whose value is updated.
+     * @param object_name, Name of the resource which is updated, default is empty.
+     */
+    virtual void value_updated(M2MBase *base, const String &object_name = "") = 0;
+
+    /**
+     * @brief Callback for removing an object from the list.
+     * @param object, M2MObject to be removed.
+     */
+    virtual void remove_object(M2MBase *object) = 0;
+
+};
+
+
+#endif // M2M_OBSERVATION_HANDLER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mreportobserver.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2MREPORTOBSERVER_H
+#define M2MREPORTOBSERVER_H
+
+//FORWARD DECLARATION
+class M2MResourceInstance;
+
+/**
+ * @brief M2MReportObserver
+ * An interface for inviting the base class
+ * to send a report to the server.
+ *
+ */
+class M2MReportObserver
+{
+  public:
+
+    /**
+     * @brief Observation callback to be sent to the
+     * server due to a change in the observed parameter.
+     */
+    virtual void observation_to_be_sent() = 0;
+
+};
+
+#endif // M2MREPORTOBSERVER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mresource.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,205 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_RESOURCE_H
+#define M2M_RESOURCE_H
+
+#include "mbed-client/m2mvector.h"
+#include "mbed-client/m2mresourceinstance.h"
+
+//FORWARD DECLARATION
+class M2MObjectInstance;
+typedef Vector<M2MResourceInstance *> M2MResourceInstanceList;
+
+class M2MResourceCallback {
+public:
+    virtual void notification_update() = 0;
+};
+
+/**
+ *  @brief M2MResource.
+ *  This class is the base class for mbed Client Resources. All defined
+ *  LWM2M object models can be created using it. This class will also hold all resources
+ *  instances associated with the given object.
+ */
+
+class M2MResource : public M2MResourceInstance, M2MResourceCallback {
+
+friend class M2MObjectInstance;
+
+private: // Constructor and destructor are private
+         // which means that these objects can be created or
+         // deleted only through a function provided by the M2MObjectInstance.
+
+    /**
+     * @brief Constructor
+     * @param resource_name, Resource name of the object.
+     * @param resource_type, Resource type of the object.
+     * @param type, Resource Data Type of the object.
+     * @param value, Value pointer of the object.
+     * @param value_length, Length of the value pointer
+     * @param multiple_instance, True if resource supports instances.
+     */
+    M2MResource(M2MObjectInstanceCallback &object_instance_callback,
+                const String &resource_name,
+                const String &resource_type,
+                M2MResourceInstance::ResourceType type,
+                const uint8_t *value,
+                const uint8_t value_length,
+                bool multiple_instance = false);
+
+    /**
+     * @brief Constructor
+     * @param name, Name of the object
+     */
+    M2MResource(M2MObjectInstanceCallback &object_instance_callback,
+                const String &resource_name,
+                const String &resource_type,
+                M2MResourceInstance::ResourceType type,
+                bool observable,
+                bool multiple_instance = false);
+
+    // Prevents the use of default constructor.
+    M2MResource();
+
+    // Prevents the use of assignment operator.
+    M2MResource& operator=( const M2MResource& /*other*/ );
+
+    // Prevents the use of copy constructor
+    M2MResource( const M2MResource& /*other*/ );
+
+    /**
+     * Destructor
+     */
+    virtual ~M2MResource();
+
+public:
+
+    /**
+     * @brief Adds resource instances to the M2MResource.
+     * @param resource_instance, Resource Instance to be added.
+     */
+    void add_resource_instance(M2MResourceInstance *resource_instance);
+
+    /**
+     * @brief Returns whether the resource has multiple
+     * resource instances or not.
+     * @return True if resource base has multiple instances,
+     * else false.
+     */
+    bool supports_multiple_instances() const;
+
+    /**
+     * @brief Removes the resource with the given name.
+     * @param name, Name of the resource to be removed.
+     * @param instance_id, Instance ID of resource to be removed, default is 0.
+     * @return True if removed, else false.
+     */
+    virtual bool remove_resource_instance(uint16_t instance_id = 0);
+
+    /**
+     * @brief Returns resource instance with the given name.
+     * @param instance_id, Instance ID of the requested resource, default is 0
+     * @return M2MResourceInstance object if found, else NULL.
+     */
+    virtual M2MResourceInstance* resource_instance(uint16_t instance_id = 0) const;
+
+    /**
+     * @brief Returns a list of resources.
+     * @return List of resources with the object.
+     */
+    virtual const M2MResourceInstanceList& resource_instances() const;
+
+    /**
+     * @brief Returns the total number of resources with the object.
+     * @return Total number of resources.
+     */
+    virtual uint16_t resource_instance_count() const;
+
+    /**
+     * @brief Parses the received query for a notification
+     * attribute.
+     * @return True if required attributes are present, else false.
+     */
+    virtual bool handle_observation_attribute(char *&query);
+
+    /**
+     * @brief Adds the observation level for the object.
+     * @param observation_level, Level of observation.
+     */
+    virtual void add_observation_level(M2MBase::Observation observation_level);
+
+    /**
+     * @brief Removes the observation level from the object.
+     * @param observation_level, Level of observation.
+     */
+    virtual void remove_observation_level(M2MBase::Observation observation_level);
+
+    /**
+     * @brief Handles GET request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to the server.
+     */
+    virtual sn_coap_hdr_s* handle_get_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+    /**
+     * @brief Handles PUT request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to the server.
+     */
+    virtual sn_coap_hdr_s* handle_put_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+    /**
+     * @brief Handles POST request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to the server.
+     */
+    virtual sn_coap_hdr_s* handle_post_request(nsdl_s *nsdl,
+                                               sn_coap_hdr_s *received_coap_header,
+                                               M2MObservationHandler *observation_handler = NULL);
+
+protected:
+    virtual void notification_update();
+
+private:
+
+    M2MResourceInstanceList     _resource_instance_list; // owned
+    bool                        _has_multiple_instances;
+
+friend class Test_M2MResource;
+friend class Test_M2MObjectInstance;
+friend class Test_M2MObject;
+friend class Test_M2MDevice;
+friend class Test_M2MSecurity;
+friend class Test_M2MServer;
+friend class Test_M2MNsdlInterface;
+friend class Test_M2MFirmware;
+friend class Test_M2MTLVSerializer;
+friend class Test_M2MTLVDeserializer;
+
+};
+
+#endif // M2M_RESOURCE_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mresourceinstance.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,225 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_RESOURCE_INSTANCE_H
+#define M2M_RESOURCE_INSTANCE_H
+
+#include "mbed-client/m2mbase.h"
+#include "mbed-client/functionpointer.h"
+
+class M2MObjectInstanceCallback {
+public:
+    virtual void notification_update(M2MBase::Observation observation_level) = 0;
+};
+
+/**
+ *  @brief M2MResourceInstance.
+ *  This class is the base class for mbed Client Resources. All defined
+ *  LWM2M resource models can be created based on it.
+ */
+typedef FP1<void,void*> execute_callback;
+class M2MResourceCallback;
+
+class M2MResourceInstance : public M2MBase {
+
+friend class M2MObjectInstance;
+friend class M2MResource;
+
+public:
+
+    /**
+     * Enum defining a resource type that can be
+     * supported by a given resource.
+    */
+    typedef enum {
+        STRING,
+        INTEGER,
+        FLOAT,
+        BOOLEAN,
+        OPAQUE,
+        TIME,
+        OBJLINK
+    }ResourceType;
+
+
+private: // Constructor and destructor are private
+         // which means that these objects can be created or
+         // deleted only through a function provided by the M2MObjectInstance.
+    /**
+     * @brief Constructor for creating resource.
+     * @param resource_name, Name of the resource.
+     * @param resource_type, Resource Type.
+     * @param type, Resource Data Type of the object.
+     */
+    M2MResourceInstance(const String &resource_name,
+                        const String &resource_type,
+                        M2MResourceInstance::ResourceType type,
+                        M2MObjectInstanceCallback &object_instance_callback);
+
+    /**
+     * @brief Constructor for creating a resource.
+     * @param resource_name, Name of the resource.
+     * @param resource_type, Resource Type.
+     * @param type, Resource Data Type of the object.
+     * @param value, Value pointer of the object.
+     * @param value_length, Length of the value pointer.
+     */
+    M2MResourceInstance(const String &resource_name,
+                        const String &resource_type,
+                        M2MResourceInstance::ResourceType type,
+                        const uint8_t *value,
+                        const uint8_t value_length,
+                        M2MObjectInstanceCallback &object_instance_callback);
+
+    // Prevents the use of default constructor.
+    M2MResourceInstance();
+
+    // Prevents the use of assignment operator.
+    M2MResourceInstance& operator=( const M2MResourceInstance& /*other*/ );
+
+    // Prevents the use of copy constructor
+    M2MResourceInstance( const M2MResourceInstance& /*other*/ );
+
+    /**
+     * Destructor
+     */
+    virtual ~M2MResourceInstance();
+
+public:
+
+    /**
+     * @brief Returns object type.
+     * @return BaseType.
+     */
+    virtual M2MBase::BaseType base_type() const;
+
+    /**
+     * @brief Returns resource data type.
+     * @return ResourceType.
+     */
+    virtual M2MResourceInstance::ResourceType resource_instance_type() const;
+
+    /**
+     * @brief Parses the received query for a notification
+     * attribute.
+     * @return True if required attributes are present, else false.
+     */
+    virtual bool handle_observation_attribute(char *&query);
+
+    /**
+     * @brief Sets the function that should be executed when this
+     * resource receives a POST command.
+     * @param callback, Function pointer that needs to be executed.
+     */
+    virtual void set_execute_function(execute_callback callback);
+
+    /**
+     * @brief Sets the value of the given resource.
+     * @param value, Pointer to the value to be set on the resource.
+     * @param value_length , Length of the value pointer.
+     * @return True if successfully set, else false.
+     */
+    virtual bool set_value(const uint8_t *value, const uint32_t value_length);
+
+    /**
+     * @brief Clears the value of the given resource.
+     */
+    virtual void clear_value();
+
+    /**
+     * @brief Executes the function that is set in "set_execute_function".
+     * @param arguments, Arguments that will be passed to be executed.
+     */
+    void execute(void *arguments);
+
+    /**
+     * @brief Provides the value of the given resource.
+     * @param value[OUT], Pointer to the resource value.
+     * @param value_length[OUT], Length of the value pointer.
+     */
+    virtual void get_value(uint8_t *&value, uint32_t &value_length);
+
+    /**
+     * @brief Returns value pointer of the object.
+     * @return Value pointer of the object.
+    */
+    uint8_t* value() const;
+
+    /**
+     * @brief Returns length of the value pointer.
+     * @return Length of the value pointer.
+    */
+    uint32_t value_length() const;
+
+    /**
+     * @brief Handles GET request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to the server.
+     */
+    virtual sn_coap_hdr_s* handle_get_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+    /**
+     * @brief Handles PUT request for the registered objects.
+     * @param nsdl, NSDL handler for the CoAP library.
+     * @param received_coap_header, CoAP message received from the server.
+     * @param observation_handler, Handler object for sending
+     * observation callbacks.
+     * @return sn_coap_hdr_s,  Message that needs to be sent to the server.
+     */
+    virtual sn_coap_hdr_s* handle_put_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler = NULL);
+
+protected:
+
+    /**
+     * @brief Set observer for sending notification update.
+     * @param resource, callback handle.
+     */
+    void set_resource_observer(M2MResourceCallback *resource);
+
+private:
+
+    void report();
+
+    bool is_value_changed(const uint8_t* value, const uint32_t value_len);
+
+private:
+
+    M2MObjectInstanceCallback               &_object_instance_callback;
+    execute_callback                        _execute_callback;
+    uint8_t                                 *_value;
+    uint32_t                                _value_length;
+    ResourceType                            _resource_type;
+    M2MResourceCallback                     *_resource_callback; // Not owned
+
+    friend class Test_M2MResourceInstance;
+    friend class Test_M2MResource;
+    friend class Test_M2MObjectInstance;
+    friend class Test_M2MObject;
+    friend class Test_M2MDevice;
+    friend class Test_M2MSecurity;
+    friend class Test_M2MServer;
+    friend class Test_M2MNsdlInterface;
+    friend class Test_M2MFirmware;
+    friend class Test_M2MTLVSerializer;
+    friend class Test_M2MTLVDeserializer;
+};
+
+#endif // M2M_RESOURCE_INSTANCE_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2msecurity.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,219 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_SECURITY_H
+#define M2M_SECURITY_H
+
+#include "mbed-client/m2mobject.h"
+
+// FORWARD DECLARATION
+class M2MResource;
+
+/**
+ *  @brief M2MSecurity.
+ *  This class represents an interface for the Security Object model of the LWM2M framework.
+ *  It handles the security object instances and all corresponding
+ *  resources.
+ */
+
+class  M2MSecurity : public M2MObject {
+
+friend class M2MInterfaceFactory;
+friend class M2MNsdlInterface;
+
+public:
+
+    /**
+     * @brief Enum defining all resources associated with a
+     * Security Object in the LWM2M framework.
+     */
+    typedef enum {
+        M2MServerUri,
+        BootstrapServer,
+        SecurityMode,
+        PublicKey,
+        ServerPublicKey,
+        Secretkey,
+        SMSSecurityMode,
+        SMSBindingKey,
+        SMSBindingSecretKey,
+        M2MServerSMSNumber,
+        ShortServerID,
+        ClientHoldOffTime
+    }SecurityResource;
+
+    /**
+     * @brief Enum defining the type of a security attribute
+     * used by the Security Object.
+     */
+    typedef enum {
+        SecurityNotSet = -1,
+        Psk = 0,
+        Certificate = 2,
+        NoSecurity = 3
+    } SecurityModeType;
+
+    /**
+     * @brief Enum defining an interface operation that can be
+     * handled by the Security Object.
+     */
+    typedef enum {
+        Bootstrap = 0x0,
+        M2MServer = 0x1
+    } ServerType;
+
+private:
+
+    /**
+     * @brief Constructor
+     * @param server_type, Type of the security object created. Either bootstrap or LWM2M server.
+     */
+    M2MSecurity(ServerType server_type);
+
+    // Prevents the use of default constructor.
+    M2MSecurity();
+
+    // Prevents the use of assignment operator.
+    M2MSecurity& operator=( const M2MSecurity& /*other*/ );
+
+    // Prevents the use of copy constructor
+    M2MSecurity( const M2MSecurity& /*other*/ );
+
+public:
+
+    /**
+     * @brief Destructor
+     */
+    virtual ~M2MSecurity();
+
+    /**
+     * @brief Creates a new resource for given resource enum.
+     * @param rescource, With this function, the following resources can be created:
+     * ' BootstrapServer', 'SecurityMode', 'SMSSecurityMode',
+     * 'M2MServerSMSNumber', 'ShortServerID', 'ClientHoldOffTime'.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @return M2MResource if created successfully, else NULL.
+     */
+    M2MResource* create_resource(SecurityResource rescource, uint32_t value);
+
+    /**
+     * @brief Deletes the resource with the given resource enum.
+     * Mandatory resources cannot be deleted.
+     * @param resource, Resource to be deleted.
+     * @return True if deleted, else false.
+     */
+    bool delete_resource(SecurityResource rescource);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set for the following resources:
+     * 'M2MServerUri', 'SMSBindingKey', 'SMSBindingSecretKey'.
+     * @param value, Value to be set on the resource, in String format.
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(SecurityResource resource,
+                            const String &value);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set for the following resourecs:
+     * 'BootstrapServer', 'SecurityMode', 'SMSSecurityMode',
+     * 'M2MServerSMSNumber', 'ShortServerID', 'ClientHoldOffTime'.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(SecurityResource resource,
+                            uint32_t value);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set for the follwing resources:
+     * 'PublicKey', 'ServerPublicKey', 'Secretkey'.
+     * @param value, Value to be set on the resource, in uint8_t format.
+     * @param size, Size of the buffer value to be set on the resource.
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(SecurityResource resource,
+                            const uint8_t *value,
+                            const uint16_t length);
+
+    /**
+     * @brief Returns the value of the given resource enum, in String.
+     * @param resource, With this function, the following resources can return a value:
+     * 'M2MServerUri','SMSBindingKey', 'SMSBindingSecretKey'.
+     * @return Value associated with that resource. If the resource is not valid an empty string is returned.
+     */
+    String resource_value_string(SecurityResource resource) const;
+
+    /**
+     * @brief Populates the data buffer and returns the size of the buffer.
+     * @param resource, With this fucntion, the following resources can return a value:
+     * 'PublicKey', 'ServerPublicKey', 'Secretkey'.
+     * @param [OUT] data, Data buffer that contains the value.
+     * @return Size of the populated buffer.
+     */
+    uint32_t resource_value_buffer(SecurityResource resource,
+                                   uint8_t *&data) const;
+
+    /**
+     * @brief Returns the value of the given resource name, in Integer.
+     * @param resource, With this function, the following resources can return a value:
+     * 'BootstrapServer', 'SecurityMode', 'SMSSecurityMode',
+     * 'M2MServerSMSNumber', 'ShortServerID', 'ClientHoldOffTime'.
+     * @return Value associated with the resource. If the resource is not valid 0 is returned.
+     */
+    uint32_t resource_value_int(SecurityResource resource) const;
+
+
+    /**
+     * @brief Returns whether the resource instance with given resource enum exists or not
+     * @param resource, Resource enum.
+     * @return True if at least one instance exists, else false.
+     */
+    bool is_resource_present(SecurityResource resource)const;
+
+    /**
+     * @brief Returns the total number of resources for a security object.
+     * @return Total number of resources.
+     */
+    uint16_t total_resource_count()const;
+
+    /**
+     * @brief Returns the type of the Security Object. It can be either
+     * Bootstrap or M2MServer.
+     * @return ServerType, Type of the Security Object.
+     */
+    ServerType server_type() const;
+
+private:
+
+    M2MResource* get_resource(SecurityResource resource) const;
+
+private:
+
+    ServerType            _server_type;
+    M2MObjectInstance*    _server_instance;
+
+    friend class Test_M2MSecurity;
+    friend class Test_M2MInterfaceImpl;
+    friend class Test_M2MConnectionSecurityImpl;
+    friend class Test_M2MConnectionHandlerPimpl_linux;
+    friend class Test_M2MConnectionHandlerPimpl_mbed;
+    friend class Test_M2MConnectionSecurityPimpl;
+};
+
+#endif // M2M_SECURITY_H
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mserver.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_SERVER_H
+#define M2M_SERVER_H
+
+#include "mbed-client/m2mobject.h"
+
+// FORWARD DECLARATION
+class M2MResource;
+
+/**
+ *  @brief M2MServer.
+ *  This class represents an interface for the Server Object model of the LWM2M framework.
+ *  It handles the server object and all its corresponding
+ *  resources.
+ */
+
+class M2MServer : public M2MObject
+{
+
+friend class M2MInterfaceFactory;
+friend class M2MNsdlInterface;
+
+public:
+
+    /**
+     * @brief Enum defining all resources associated with
+     * a Server Object in the LWM2M framework.
+     */
+    typedef enum {
+        ShortServerID,
+        Lifetime,
+        DefaultMinPeriod,
+        DefaultMaxPeriod,
+        Disable,
+        DisableTimeout,
+        NotificationStorage,
+        Binding,
+        RegistrationUpdate
+    }ServerResource;
+
+private:
+
+    /**
+     * @brief Constructor
+     */
+    M2MServer();
+
+
+    // Prevents the use of assignment operator.
+    M2MServer& operator=( const M2MServer& /*other*/ );
+
+    // Prevents the use of copy constructor
+    M2MServer( const M2MServer& /*other*/ );
+
+public:
+
+    /**
+     * @brief Destructor
+     */
+    virtual ~M2MServer();
+
+    /**
+     * @brief Creates a new resource for a given resource enum.
+     * @param resource, With this function, a value can be set to the following resources:
+     *  'ShortServerID','Lifetime','DefaultMinPeriod','DefaultMaxPeriod','DisableTimeout',
+     *  'NotificationStorage'.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @return M2MResource if created successfully, else NULL.
+     */
+    M2MResource* create_resource(ServerResource resource, uint32_t value);
+
+    /**
+     * @brief Creates a new resource for a given resource enum.
+     * @param resource, With this function, the following resources can be created:
+     * 'Disable', 'RegistrationUpdate'
+     * @return M2MResource if created successfully, else NULL.
+     */
+    M2MResource* create_resource(ServerResource resource);
+
+    /**
+     * @brief Deletes the resource with the given resource enum.
+     * Mandatory resources cannot be deleted.
+     * @param resource, Name of the resource to be deleted.
+     * @return True if deleted, else false.
+     */
+    bool delete_resource(ServerResource rescource);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set on the following resources: 
+     * 'Binding'.
+     * @param value, Value to be set on the resource, in String format.
+     * @return True if successfully set, else false.
+     */
+    bool set_resource_value(ServerResource resource,
+                            const String &value);
+
+    /**
+     * @brief Sets the value of the given resource enum.
+     * @param resource, With this function, a value can be set to the following resources:
+     *  'ShortServerID','Lifetime','DefaultMinPeriod','DefaultMaxPeriod','DisableTimeout',
+     *  'NotificationStorage'.
+     * @param value, Value to be set on the resource, in Integer format.
+     * @return True if successfully set else false.
+     */
+    bool set_resource_value(ServerResource resource,
+                            uint32_t value);
+    /**
+     * @brief Returns the value of the given resource enum, in String.
+     * @param resource, With this function, the following resources can return a value:
+     * 'Binding'.
+     * @return Value associated with the resource. If the resource is not valid an empty string is returned.
+     */
+    String resource_value_string(ServerResource resource) const;
+
+    /**
+     * @brief Returns the value of the given resource name, in Integer.
+     * @param resource, With this function, the following resources can return a value:
+     *  'ShortServerID','Lifetime','DefaultMinPeriod','DefaultMaxPeriod','DisableTimeout',
+     *  'NotificationStorage'
+     * @return Value associated with the resource. If the resource is not valid -1 is returned.
+     */
+    uint32_t resource_value_int(ServerResource resource) const;
+
+    /**
+     * @brief Returns whether the resource instance with the given resource enum exists or not.
+     * @param resource, Resource enum.
+     * @return True if at least one instance exists, else false.
+     */
+    bool is_resource_present(ServerResource resource)const;
+
+    /**
+     * @brief Returns the total number of resources for the server object.
+     * @return Total number of resources.
+     */
+    uint16_t total_resource_count()const;
+
+private:
+
+    M2MResource* get_resource(ServerResource res) const;
+
+
+private:
+
+    M2MObjectInstance*    _server_instance;
+
+    friend class Test_M2MServer;
+    friend class Test_M2MNsdlInterface;
+};
+
+#endif // M2M_SERVER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mstring.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stddef.h> // size_t
+#include <stdexcept>
+
+class Test_M2MString;
+
+namespace m2m
+{
+
+  /** @brief Simple C++ string class, used as replacement for
+   std::string.
+   */
+  class String
+  {
+    char*     p;           ///< The data
+    size_t    allocated_;  ///< The allocated memory size (including trailing NULL)
+    size_t    size_;       ///< The currently used memory size (excluding trailing NULL)
+
+  public:
+    typedef size_t size_type;
+    static const   size_type npos;
+
+    String();
+    virtual ~String();
+    String(const String&);
+    String(const char*);
+
+    String&  operator=(const char*);
+    String&  operator=(const String&);
+
+    String&  operator+=(const String&);
+    String&  operator+=(const char*);
+    String&  operator+=(char);
+    void     push_back(char);
+
+    //No need for this += is
+    //friend String operator+(const String& lhs, const String& rhs);
+
+    bool     operator==(const char*) const;
+    bool     operator==(const String&) const;
+
+    void     clear();       // set string to empty string (memory remains reserved)
+
+    size_type size()   const   { return size_; }   ///< size without terminating NULL
+    size_type length() const   { return size_; }   ///< as size()
+
+    /// size if fully used
+    size_type capacity() const { return allocated_-1; }
+
+    bool      empty() const    { return size_ == 0; }
+
+    const char*  c_str() const { return p; } ///< raw data
+
+    /** Reserve internal string memory so that n characters can be put into the
+        string (plus 1 for the NULL char). If there is already enough memory,
+        nothing happens, if not, the memory will be realloated to exactly this
+        amount.
+        */
+    void reserve( size_type n);
+
+    /** Resize string. If n is less than the current size, the string will be truncated.
+        If n is larger, the memory will be reallocated to exactly this amount, and
+        the additional characters will be NULL characters.
+        */
+    void resize( size_type n);
+
+    /** Resize string. If n is less than the current size, the string will be truncated.
+        If n is larger, the memory will be reallocated to exactly this amount, and
+        the additional characters will be c characters.
+        */
+    void resize( size_type n, char c);
+
+    /// swap contents
+    void swap( String& );
+
+    String   substr(const size_type pos, size_type length) const;
+
+    // unchecked access:
+    char&    operator[](const size_type i)       { return p[i]; }
+    char     operator[](const size_type i) const { return p[i]; }
+    // checked access:
+    char&    at(const size_type i);
+    char     at(const size_type i) const;
+
+    /// erase len characters at position pos
+    String& erase(size_type pos, size_type len);
+    /// Append n characters of a string
+    String& append(const char* str, size_type n);
+
+    int     compare( size_type pos, size_type len, const String& str ) const;
+    int     compare( size_type pos, size_type len, const char*   str ) const;
+
+    int     find_last_of(char c) const;
+
+  private:
+    // reallocate the internal memory
+    void  new_realloc( size_type n);
+    char* strdup_never_null(const char* other);
+
+    char _return_value;
+
+    friend class ::Test_M2MString;
+
+  };
+  // class
+
+  bool
+  operator<(const String&, const String&);
+
+} // namespace
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mtimer.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_TIMER_H
+#define M2M_TIMER_H
+
+#include <stdint.h>
+#include "mbed-client/m2mtimerobserver.h"
+
+class M2MTimerPimpl;
+
+/**
+* @brief M2MTimer.
+* Timer class for mbed client.
+*/
+class M2MTimer
+{
+private:
+    // Prevents the use of assignment operator
+    M2MTimer& operator=(const M2MTimer& other);
+
+    // Prevents the use of copy constructor
+    M2MTimer(const M2MTimer& other);
+
+public:
+
+    /**
+    * Constructor.
+    */
+    M2MTimer(M2MTimerObserver& observer);
+
+    /**
+    * Destructor.
+    */
+    virtual ~M2MTimer();
+
+    /**
+    * @brief Starts timer.
+    * @param interval Timer interval in milliseconds.
+    * @param single_shot Defines whether the timer is ticked once or restarted every time at expiry.
+    */
+    void start_timer(uint64_t interval, M2MTimerObserver::Type type, bool single_shot = true);
+
+    /**
+     * @brief Starts timer in DTLS manner.
+     * @param intermediate_interval Intermediate interval to use, must be smaller than total (usually 1/4 of total).
+     * @param total_interval Total interval to use; This is the timeout value of a DTLS packet.
+     * @param type Type of the timer.
+     */
+    void start_dtls_timer(uint64_t intermediate_interval, uint64_t total_interval, M2MTimerObserver::Type type = M2MTimerObserver::Dtls);
+
+    /**
+    * Stops timer.
+    * This cancels the ongoing timer.
+    */
+    void stop_timer();
+
+    /**
+     * @brief Checks if the intermediate interval has passed.
+     * @return True if interval has passed, else false.
+     */
+    bool is_intermediate_interval_passed();
+
+    /**
+     * @brief Checks if the total interval has passed.
+     * @return True if interval has passed, else false.
+     */
+    bool is_total_interval_passed();
+
+private:
+
+    M2MTimerObserver&   _observer;
+    M2MTimerPimpl       *_private_impl;
+    friend class Test_M2MTimerImpl_linux;
+};
+
+#endif // M2M_TIMER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mtimerobserver.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_TIMER_OBSERVER_H
+#define M2M_TIMER_OBSERVER_H
+
+/**
+ *  @brief M2MTimerObserver
+ *  Observer class for indicating the timer expiry to the parent class.
+ */
+class M2MTimerObserver
+{
+public:
+    /**
+      * @enum Defines the types of timer
+      * that can be created for mbed Client.
+      */
+    typedef enum {
+        Notdefined,
+        Registration,
+        NsdlExecution,
+        PMinTimer,
+        PMaxTimer,
+        Dtls,
+        QueueSleep
+    }Type;
+
+    /**
+    * Indicates that the time has expired.
+    * @param type, Type of timer that has expired.
+    */
+    virtual void timer_expired(M2MTimerObserver::Type type =
+                               M2MTimerObserver::Notdefined) = 0;
+};
+
+#endif // M2M_TIMER_OBSERVER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/mbed-client/m2mvector.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef M2M_VECTOR_H
+#define M2M_VECTOR_H
+
+#include <stdio.h>
+
+namespace m2m
+{
+
+template <typename ObjectTemplate>
+
+class Vector
+{
+  public:
+    explicit Vector( int init_size = 0)
+            : _size( init_size ),
+              _index(0),
+              _capacity( init_size + MORE_SIZE ){
+        _object_template = new ObjectTemplate[ _capacity ];
+    }
+
+    Vector(const Vector & rhs ): _object_template(0) {
+        operator=(rhs);
+    }
+
+    ~Vector() {
+        delete [] _object_template;
+      _object_template = NULL;
+    }
+
+    const Vector & operator=(const Vector & rhs) {
+        if(this != &rhs) {
+            delete[] _object_template;
+            _size = rhs.size();
+            _index = rhs._index;
+            _capacity = rhs._capacity;
+
+            _object_template = new ObjectTemplate[capacity()];
+            for(int k = 0; k < size(); k++) {
+                _object_template[k] = rhs._object_template[k];
+            }
+        }
+        return *this;
+    }
+
+    void resize(int new_size) {
+        if(new_size > _capacity) {
+            reserve(new_size * 2 + 1);
+        }
+        _size = new_size;
+    }
+
+    void reserve(int new_capacity) {
+        if(new_capacity < _size) {
+            return;
+        }
+        ObjectTemplate *old_array = _object_template;
+
+        _object_template = new ObjectTemplate[new_capacity];
+        for(int k = 0; k < _size; k++) {
+            _object_template[k] = old_array[k];
+        }
+        _capacity = new_capacity;
+        delete [] old_array;
+    }
+
+    ObjectTemplate & operator[](int idx) {
+        return _object_template[idx];
+    }
+
+    const ObjectTemplate& operator[](int idx) const {
+        return _object_template[idx];
+    }
+
+    bool empty() const{
+        return size() == 0;
+    }
+
+    int size() const {
+        return _size;
+    }
+
+    int capacity() const {
+        return _capacity;
+    }
+
+    void push_back(const ObjectTemplate& x) {
+        if(_size == _capacity) {
+            reserve(2 * _capacity + 1);
+        }
+        _object_template[_index++] = x;
+        _size++;
+    }
+
+    void pop_back() {
+        _size--;
+        _index--;
+    }
+
+    void clear() {
+        _size = 0;
+        _index = 0;
+    }
+
+    const ObjectTemplate& back() const {
+        return _object_template[_index- 1];
+    }
+
+    typedef ObjectTemplate* iterator;
+    typedef const ObjectTemplate* const_iterator;
+
+    iterator begin() {
+        return &_object_template[0];
+    }
+
+    const_iterator begin() const {
+        return &_object_template[0];
+    }
+
+    iterator end() {
+        return &_object_template[_index];
+    }
+
+    const_iterator end() const {
+        return &_object_template[_index];
+    }
+
+    void erase(int position) {
+        if(position <= _size) {
+            _object_template[position] = 0;
+            _size--;
+            if(position < _index) {
+                for(int k = position; k < _index; k++) {
+                    _object_template[k] = _object_template[k+1];
+                }
+            }
+            _index--;
+        }
+    }
+
+    enum {
+        MORE_SIZE = 32
+    };
+
+  private:
+    int                 _size;
+    int                 _index;
+    int                 _capacity;
+    ObjectTemplate*     _object_template;
+};
+
+} // namespace
+
+#endif // M2M_VECTOR_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/eventdata.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef EVENT_DATA_H
+#define EVENT_DATA_H
+
+#include "mbed-client/m2mvector.h"
+
+//FORWARD DECLARATION
+class M2MObject;
+
+
+typedef Vector<M2MObject *> M2MObjectList;
+
+class M2MSecurity;
+
+class EventData
+{
+public:
+    virtual ~EventData() {}
+};
+
+class M2MSecurityData : public EventData
+{
+public:
+    M2MSecurityData()
+    :_object(NULL){}
+    virtual ~M2MSecurityData() {}
+    M2MSecurity  *_object;
+};
+
+class ResolvedAddressData : public EventData
+{
+public:
+    ResolvedAddressData()
+    :_address(NULL),
+    _port(0){}
+    virtual ~ResolvedAddressData() {}
+    const M2MConnectionObserver::SocketAddress    *_address;
+    uint16_t                                       _port;
+};
+
+class ReceivedData : public EventData
+{
+public:
+    ReceivedData()
+    :_data(NULL),
+    _size(0),
+    _port(0),
+    _address(NULL){}
+    virtual ~ReceivedData() {}
+    uint8_t                                         *_data;
+    uint16_t                                        _size;
+    uint16_t                                        _port;
+    const M2MConnectionObserver::SocketAddress      *_address;
+};
+
+class M2MRegisterData : public EventData
+{
+public:
+    M2MRegisterData()
+    :_object(NULL){}
+    virtual ~M2MRegisterData() {}
+    M2MSecurity     *_object;
+    M2MObjectList    _object_list;
+};
+
+class M2MUpdateRegisterData : public EventData
+{
+public:
+    M2MUpdateRegisterData()
+    :_object(NULL),
+    _lifetime(0){}
+    virtual ~M2MUpdateRegisterData() {}
+    M2MSecurity     *_object;
+    uint32_t        _lifetime;
+};
+
+
+#endif //EVENT_DATA_H
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/m2minterfaceimpl.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,374 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_INTERFACE_IMPL_H
+#define M2M_INTERFACE_IMPL_H
+
+#include "mbed-client/m2minterface.h"
+#include "mbed-client/m2mserver.h"
+#include "mbed-client/m2mconnectionobserver.h"
+#include "include/m2mnsdlobserver.h"
+#include "mbed-client/m2mtimerobserver.h"
+
+//FORWARD DECLARATION
+class M2MNsdlInterface;
+class M2MConnectionHandler;
+class EventData;
+class M2MTimer;
+
+/**
+ *  @brief M2MInterfaceImpl.
+ *  This class implements handling of all mbed Client Interface operations
+ *  defined in OMA LWM2M specifications.
+ *  This includes Bootstrapping, Client Registration, Device Management &
+ *  Service Enablement and Information Reporting.
+ */
+
+class  M2MInterfaceImpl : public M2MInterface,
+                          public M2MNsdlObserver,
+                          public M2MConnectionObserver,
+                          public M2MTimerObserver
+{
+private:
+    // Prevents the use of assignment operator by accident.
+    M2MInterfaceImpl& operator=( const M2MInterfaceImpl& /*other*/ );
+
+    // Prevents the use of copy constructor by accident
+    M2MInterfaceImpl( const M2MInterfaceImpl& /*other*/ );
+
+friend class M2MInterfaceFactory;
+
+private:
+
+    /**
+     * @brief Constructor
+     * @param observer, Observer to pass the event callbacks for various
+     * interface operations.
+     * @param endpoint_name, Endpoint name of the client.
+     * @param endpoint_type, Endpoint type of the client.
+     * @param life_time, Life time of the client in seconds
+     * @param listen_port, Listening port for the endpoint, default is 8000.
+     * @param domain, Domain of the client.
+     * @param mode, Binding mode of the client, default is UDP
+     * @param stack, Network Stack to be used for connection, default is LwIP_IPv4
+     * @param context_address, Context address default is empty.
+     */
+    M2MInterfaceImpl(M2MInterfaceObserver& observer,
+                     const String &endpoint_name,
+                     const String &endpoint_type,
+                     const int32_t life_time,
+                     const uint16_t listen_port,
+                     const String &domain = "",
+                     BindingMode mode = M2MInterface::NOT_SET,
+                     M2MInterface::NetworkStack stack = M2MInterface::LwIP_IPv4,
+                     const String &context_address = "");
+
+public:
+
+    /**
+     * @brief Destructor
+     */
+    virtual ~M2MInterfaceImpl();
+
+    /**
+     * @brief Initiates bootstrapping of the client with the provided Bootstrap
+     * server information.
+     * @param security_object, Security object which contains information
+     * required for successful bootstrapping of the client.
+     */
+    virtual void bootstrap(M2MSecurity *security);
+
+    /**
+     * @brief Cancels on going bootstrapping operation of the client. If the client has
+     * already successfully bootstrapped then this function deletes existing
+     * bootstrap information from the client.
+     */
+    virtual void cancel_bootstrap();
+
+    /**
+     * @brief Initiates registration of the provided Security object to the
+     * corresponding LWM2M server.
+     * @param security_object, Security object which contains information
+     * required for registering to the LWM2M server.
+     * If client wants to register to multiple LWM2M servers then it has call
+     * this function once for each of LWM2M server object separately.
+     * @param object_list, Objects which contains information
+     * which the client want to register to the LWM2M server.
+     */
+    virtual void register_object(M2MSecurity *security_object, const M2MObjectList &object_list);
+
+    /**
+     * @brief Updates or refreshes the client's registration on the LWM2M
+     * server.
+     * @param security_object, Security object from which the device object
+     * needs to update registration, if there is only one LWM2M server registered
+     * then this parameter can be NULL.
+     * @param lifetime, Lifetime for the endpoint client in seconds.
+     */
+    virtual void update_registration(M2MSecurity *security_object, const uint32_t lifetime = 0);
+
+    /**
+     * @brief Unregisters the registered object from the LWM2M server
+     * @param security_object, Security object from which the device object
+     * needs to be unregistered, if there is only one LWM2M server registered
+     * then this parameter can be NULL.
+     */
+    virtual void unregister_object(M2MSecurity* security = NULL);
+
+    /**
+     * @brief Sets the function which will be called indicating client
+     * is going to sleep when the Binding mode is selected with Queue mode.
+     * @param callback, Function pointer which will be called when client
+     * goes to seleep.
+     */
+    virtual void set_queue_sleep_handler(callback_handler handler);
+
+protected: // From M2MNsdlObserver
+
+    virtual void coap_message_ready(uint8_t *data_ptr,
+                                    uint16_t data_len,
+                                    sn_nsdl_addr_s *address_ptr);
+
+    virtual void client_registered(M2MServer *server_object);
+
+    virtual void registration_updated(const M2MServer &server_object);
+
+    virtual void registration_error(uint8_t error_code);
+
+    virtual void client_unregistered();
+
+    virtual void bootstrap_done(M2MSecurity *security_object);
+
+    virtual void bootstrap_error();
+
+    virtual void coap_data_processed();
+
+    virtual void value_updated(M2MBase *base);
+
+protected: // From M2MConnectionObserver
+
+    virtual void data_available(uint8_t* data,
+                                uint16_t data_size,
+                                const M2MConnectionObserver::SocketAddress &address);
+
+    virtual void socket_error(uint8_t error_code);
+
+    virtual void address_ready(const M2MConnectionObserver::SocketAddress &address,
+                               M2MConnectionObserver::ServerType server_type,
+                               const uint16_t server_port);
+
+    virtual void data_sent();
+
+protected: // from M2MTimerObserver
+
+    virtual void timer_expired(M2MTimerObserver::Type type);
+
+
+private: // state machine state functions
+
+    /**
+    * When the state is Idle.
+    */
+    void state_idle(EventData* data);
+
+    /**
+    * When the client starts bootstrap.
+    */
+    void state_bootstrap( EventData *data);
+
+    /**
+    * When the bootstrap server address is resolved.
+    */
+    void state_bootstrap_address_resolved( EventData *data);
+
+    /**
+    * When the bootstrap resource is created.
+    */
+    void state_bootstrap_resource_created( EventData *data);
+
+    /**
+    * When the server has sent response and bootstrapping is done.
+    */
+    void state_bootstrapped( EventData *data);
+
+    /**
+    * When the client starts register.
+    */
+    void state_register( EventData *data);
+
+    /**
+    * When the server address for register is resolved.
+    */
+    void state_register_address_resolved( EventData *data);
+
+    /**
+    * When the register resource is created.
+    */
+    void state_register_resource_created( EventData *data);
+
+    /**
+    * When the client is registered.
+    */
+    void state_registered( EventData *data);
+
+    /**
+    * When the client is updating registration.
+    */
+    void state_update_registration( EventData *data);
+
+    /**
+    * When the client starts unregister.
+    */
+    void state_unregister( EventData *data);
+
+    /**
+    * When the client has been unregistered.
+    */
+    void state_unregistered( EventData *data);
+
+    /**
+    * When the coap data is been sent through socket.
+    */
+    void state_sending_coap_data( EventData *data);
+
+    /**
+    * When the coap data is sent successfully.
+    */
+    void state_coap_data_sent( EventData *data);
+
+    /**
+    * When the socket is receiving coap data.
+    */
+    void state_receiving_coap_data( EventData *data);
+
+    /**
+    * When the socket has received coap data.
+    */
+    void state_coap_data_received( EventData *data);
+
+    /**
+    * When the coap message is being processed.
+    */
+    void state_processing_coap_data( EventData *data);
+
+    /**
+    * When the coap message has been processed.
+    */
+    void state_coap_data_processed( EventData *data);
+
+    /**
+    * When the client is waiting to receive or send data.
+    */
+    void state_waiting( EventData *data);
+
+    /**
+    * State enumeration order must match the order of state
+    * method entries in the state map
+    */
+    enum E_States {
+        STATE_IDLE = 0,
+        STATE_BOOTSTRAP,
+        STATE_BOOTSTRAP_ADDRESS_RESOLVED,
+        STATE_BOOTSTRAP_RESOURCE_CREATED,
+        STATE_BOOTSTRAPPED,
+        STATE_REGISTER, //5
+        STATE_REGISTER_ADDRESS_RESOLVED,
+        STATE_REGISTER_RESOURCE_CREATED,
+        STATE_REGISTERED,
+        STATE_UPDATE_REGISTRATION,
+        STATE_UNREGISTER, //10
+        STATE_UNREGISTERED,
+        STATE_SENDING_COAP_DATA,
+        STATE_COAP_DATA_SENT,
+        STATE_COAP_DATA_RECEIVED,
+        STATE_PROCESSING_COAP_DATA, //15
+        STATE_COAP_DATA_PROCESSED,
+        STATE_WAITING,
+        STATE_MAX_STATES
+    };
+
+    /**
+     * @brief Redirects the state machine to right function.
+     * @param current_state Current state to be set.
+     * @param data, Data to be passed to the state function.
+     */
+    void state_function( uint8_t current_state, EventData* data  );
+
+    /**
+     * @brief State Engine maintaining state machine logic.
+     */
+    void state_engine(void);
+
+    /**
+    * External event which can trigger the state machine.
+    * @param New State which the state machine should go to.
+    * @param data to be passed to the state machine.
+    */
+    void external_event(uint8_t, EventData* = NULL);
+
+    /**
+    * Internal event generated by state machine.
+    * @param New State which the state machine should go to.
+    * @param data to be passed to the state machine.
+    */
+    void internal_event(uint8_t, EventData* = NULL);
+
+    enum
+    {
+        EVENT_IGNORED = 0xFE,
+        CANNOT_HAPPEN
+    };
+
+private:
+
+    M2MInterfaceObserver        &_observer;
+    M2MConnectionHandler        *_connection_handler;
+    M2MNsdlInterface            *_nsdl_interface;
+    uint8_t                     _current_state;
+    const int                   _max_states;
+    bool                        _event_generated;
+    EventData                   *_event_data;
+
+    String                      _endpoint_name;
+    String                      _endpoint_type;
+    String                      _domain;
+    int32_t                     _life_time;
+    BindingMode                 _binding_mode;
+    String                      _context_address;
+    uint16_t                    _listen_port;
+    M2MSecurity                 *_register_server; //TODO: to be the list not owned
+    bool                        _event_ignored;
+    bool                        _register_ongoing;
+    bool                        _update_register_ongoing;
+    M2MTimer                    *_queue_sleep_timer;
+    callback_handler            _callback_handler;
+
+   friend class Test_M2MInterfaceImpl;
+
+};
+
+#define BEGIN_TRANSITION_MAP \
+    static const uint8_t TRANSITIONS[] = {\
+
+#define TRANSITION_MAP_ENTRY(entry)\
+    entry,
+
+#define END_TRANSITION_MAP(data) \
+    0 };\
+    external_event(TRANSITIONS[_current_state], data);
+
+#endif //M2M_INTERFACE_IMPL_H
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/m2mnsdlinterface.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,295 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2MNSDLINTERFACE_H
+#define M2MNSDLINTERFACE_H
+
+#include "mbed-client/m2mvector.h"
+#include "mbed-client/m2mconfig.h"
+#include "mbed-client/m2minterface.h"
+#include "mbed-client/m2mtimerobserver.h"
+#include "mbed-client/m2mobservationhandler.h"
+#include "include/nsdllinker.h"
+
+//FORWARD DECLARARTION
+class M2MSecurity;
+class M2MObject;
+class M2MObjectInstance;
+class M2MResource;
+class M2MResourceInstance;
+class M2MNsdlObserver;
+class M2MBase;
+class M2MServer;
+class M2MTimer;
+
+typedef Vector<M2MObject *> M2MObjectList;
+
+/**
+ * @brief M2MNsdlInterface
+ * Class which interacts between mbed Client C++ Library and mbed-client-c library.
+ */
+class M2MNsdlInterface : public M2MTimerObserver,
+                         public M2MObservationHandler
+{
+private:
+    // Prevents the use of assignment operator by accident.
+    M2MNsdlInterface& operator=( const M2MNsdlInterface& /*other*/ );
+
+    // Prevents the use of copy constructor by accident
+    M2MNsdlInterface( const M2MNsdlInterface& /*other*/ );
+
+public:
+    /**
+    * @brief Constructor
+    * @param observer, Observer to pass the event callbacks from nsdl library.
+    */
+    M2MNsdlInterface(M2MNsdlObserver &observer);
+
+    /**
+     * @brief Destructor
+     */
+    virtual ~M2MNsdlInterface();
+
+    /**
+     * @brief Creates endpoint object for the nsdl stack.
+     * @param endpoint_name, Endpoint name of the client.
+     * @param endpoint_type, Endpoint type of the client.
+     * @param life_time, Life time of the client in seconds
+     * @param domain, Domain of the client.
+     * @param mode, Binding mode of the client, default is UDP
+     * @param context_address, Context address default is empty.
+    */
+    void create_endpoint(const String &endpoint_name,
+                         const String &endpoint_type,
+                         const int32_t life_time,
+                         const String &domain,
+                         const uint8_t mode,
+                         const String &context_address);
+
+    /**
+     * @brief Deletes the endpoint.
+    */
+    void delete_endpoint();
+
+    /**
+     * @brief Creates the NSDL structure for the registered objectlist.
+     * @param object_list, List of objects to be registered.
+     * @return true if structure created successfully else false.
+    */
+    bool create_nsdl_list_structure(const M2MObjectList &object_list);
+
+    /**
+     * @brief Removed the NSDL resource for the given resource.
+     * @param resource_name, Resource name to be removed.
+     * @return true if removed successfully else false.
+    */
+    bool delete_nsdl_resource(const String &resource_name);
+
+    /**
+     * @brief Creates the bootstrap object.
+     * @param address Bootstrap address.
+     * @return true if created and sent successfully else false.
+    */
+    bool create_bootstrap_resource(sn_nsdl_addr_s *address);
+
+    /**
+     * @brief Sends the register message to the server.
+     * @param address M2MServer address.
+     * @param port M2MServer port.
+     * @param address_type IP Address type.
+     * @return  true if register sent successfully else false.
+    */
+    bool send_register_message(uint8_t* address,
+                               const uint16_t port,
+                               sn_nsdl_addr_type_e address_type);
+
+    /**
+     * @brief Sends the update registration message to the server.
+     * @param lifetime, Updated lifetime value in seconds.
+     * @return  true if sent successfully else false.
+     *
+    */
+    bool send_update_registration(const uint32_t lifetime = 0);
+
+    /**
+     * @brief Sends unregister message to the server.
+     * @return  true if unregister sent successfully else false.
+    */
+    bool send_unregister_message();
+
+    /**
+     * @brief Memory Allocation required for libCoap.
+     * @param size, Size of memory to be reserved.
+    */
+    void* memory_alloc(uint16_t size);
+
+    /**
+     * @brief Memory free functions required for libCoap
+     * @param ptr, Object whose memory needs to be freed.
+    */
+    void memory_free(void *ptr);
+
+    /**
+    * @brief Callback from nsdl library to inform the data is ready
+    * to be sent to server.
+    * @param nsdl_handle, Handler for the nsdl structure for this endpoint
+    * @param protocol, Protocol format of the data
+    * @param data, Data to be sent.
+    * @param data_len, Size of the data to be sent
+    * @param address, server address where data has to be sent.
+    * @return 1 if successful else 0.
+    */
+    uint8_t send_to_server_callback(struct nsdl_s * nsdl_handle,
+                                    sn_nsdl_capab_e protocol,
+                                    uint8_t *data,
+                                    uint16_t data_len,
+                                    sn_nsdl_addr_s *address);
+
+    /**
+    * @brief Callback from nsdl library to inform the data which is
+    * received from server for the client has been converted to coap message.
+    * @param nsdl_handle, Handler for the nsdl structure for this endpoint
+    * @param coap_header, Coap message formed from data.
+    * @param address, Server address from where the data is received.
+    * @return 1 if successful else 0.
+    */
+    uint8_t received_from_server_callback(struct nsdl_s * nsdl_handle,
+                                          sn_coap_hdr_s *coap_header,
+                                          sn_nsdl_addr_s *address);
+
+    /**
+    * @brief Callback from nsdl library to inform the data which is
+    * received from server for the resources has been converted to coap message.
+    * @param nsdl_handle, Handler for the nsdl resource structure for this endpoint..
+    * @param coap_header, Coap message formed from data.
+    * @param address, Server address from where the data is received.
+    * @param nsdl_capab, Protocol for the message, currently only coap is supported.
+    * @return 1 if successful else 0.
+    */
+    uint8_t resource_callback(struct nsdl_s *nsdl_handle, sn_coap_hdr_s *coap,
+                               sn_nsdl_addr_s *address,
+                               sn_nsdl_capab_e nsdl_capab);
+
+    /**
+     * @brief Callback when the bootstrap information is received from bootstrap server.
+     * @param server_info, Server information received from bootstrap server.
+     */
+    void bootstrap_done_callback(sn_nsdl_oma_server_info_t *server_info);
+
+    /**
+     * @brief Callback when there is data received from server and needs to be processed.
+     * @param data, data received from server.
+     * @param data_size, data size received from server.
+     * @param addres, address structure of the server.
+     * @return true if successfully processed else false.
+     */
+    bool process_received_data(uint8_t *data,
+                               uint16_t data_size,
+                               sn_nsdl_addr_s *address);
+
+    /**
+     * @brief Stops all the timers in case there is any errors.
+     */
+    void stop_timers();
+
+protected: // from M2MTimerObserver
+
+    virtual void timer_expired(M2MTimerObserver::Type type);
+
+protected: // from M2MObservationHandler
+
+    virtual void observation_to_be_sent(M2MBase *object);
+
+    virtual void resource_to_be_deleted(const String &resource_name);
+
+    virtual void value_updated(M2MBase *base, const String &object_name);
+
+    virtual void remove_object(M2MBase *object);
+
+private:
+
+    /**
+    * @brief Initializes all the nsdl library component to be usable.
+    * @return true if initialization is successful else false.
+    */
+    bool initialize();
+
+    bool add_object_to_list(M2MObject *object);
+
+    bool create_nsdl_object_structure(M2MObject *object);
+
+    bool create_nsdl_object_instance_structure(M2MObjectInstance *object_instance);
+
+    bool create_nsdl_resource_structure(M2MResource *resource,
+                                        const String &object_name = "",
+                                        bool multiple_instances = false);
+
+    bool create_nsdl_resource(M2MBase *base, const String &name = "");
+
+    String coap_to_string(uint8_t *coap_data_ptr,
+                          int coap_data_ptr_length);
+
+    void execute_nsdl_process_loop();
+
+    uint64_t registration_time();
+
+    M2MBase* find_resource(const String &object);
+
+    M2MBase* find_resource(const M2MObject *object,
+                           const String &object_instance);
+
+    M2MBase* find_resource(const M2MObjectInstance *object_instance,
+                           const String &resource_instance);
+
+    M2MBase* find_resource(const M2MResource *resource,
+                           const String &object_name,
+                           const String &resource_instance);
+
+    bool object_present(M2MObject * object) const;
+
+    void clear_resource(sn_nsdl_resource_info_s *&resource);
+
+    M2MInterface::Error interface_error(sn_coap_hdr_s *coap_header);
+
+    void send_object_observation(M2MObject *object);
+
+    void send_object_instance_observation(M2MObjectInstance *object_instance);
+
+    void send_resource_observation(M2MResource *resource);
+
+private:
+
+    M2MNsdlObserver                   &_observer;
+    M2MObjectList                      _object_list;
+    M2MServer                         *_server;
+    M2MTimer                          *_nsdl_exceution_timer;
+    M2MTimer                          *_registration_timer;
+    sn_nsdl_ep_parameters_s           *_endpoint;
+    sn_nsdl_resource_info_s           *_resource;
+    sn_nsdl_bs_ep_info_t               _bootstrap_endpoint;
+    sn_nsdl_oma_device_t               _bootstrap_device_setup;
+    sn_nsdl_addr_s                     _sn_nsdl_address;
+    nsdl_s                            *_nsdl_handle;
+    uint32_t                           _counter_for_nsdl;
+    uint16_t                           _register_id;
+    uint16_t                           _unregister_id;
+    uint16_t                           _update_id;
+    uint16_t                           _bootstrap_id;
+
+friend class Test_M2MNsdlInterface;
+
+};
+
+#endif // M2MNSDLINTERFACE_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/m2mnsdlobserver.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2M_NSDL_OBSERVER_H
+#define M2M_NSDL_OBSERVER_H
+
+#include "include/nsdllinker.h"
+
+//FORWARD DECLARATION
+class M2MSecurity;
+class M2MServer;
+
+/**
+ * @brief Observer class for informing NSDL callback to the state machine
+ */
+
+class M2MNsdlObserver
+{
+
+public :
+
+    /**
+    * @brief Informs that coap message is ready.
+    * @param data_ptr, Data object of coap message.
+    * @param data_len, Length of the data object.
+    * @param address_ptr, Address structure of the server.
+    */
+    virtual void coap_message_ready(uint8_t *data_ptr,
+                                    uint16_t data_len,
+                                    sn_nsdl_addr_s *address_ptr) = 0;
+
+    /**
+    * @brief Informs that client is registered successfully.
+    * @param server_object, Server object associated with
+    * registered server.
+    */
+    virtual void client_registered(M2MServer *server_object) = 0;
+
+    /**
+    * @brief Informs that client registration is updated successfully.
+    * @param server_object, Server object associated with
+    * registered server.
+    */
+    virtual void registration_updated(const M2MServer &server_object) = 0;
+
+    /**
+    * @brief Informs that some error occured during
+    * registration.
+    * @param error_code, Error code for registration error
+    */
+    virtual void registration_error(uint8_t error_code) = 0;
+
+    /**
+    * @brief Informs that client is unregistered successfully.
+    */
+    virtual void client_unregistered() = 0;
+
+    /**
+    * @brief Informs that client bootstrapping is done.
+    * @param security_object, M2MSecurity Object which contains information about
+    * LWM2M server fetched from bootstrap server.
+    */
+    virtual void bootstrap_done(M2MSecurity *security_object) = 0;
+
+    /**
+    * @brief Informs that some error occured during
+    * bootstrapping.
+    */
+    virtual void bootstrap_error() = 0;
+
+    /**
+    * @brief Informs that received data has been processed.
+    */
+    virtual void coap_data_processed() = 0;
+
+    /**
+     * @brief Callback informing that the value of the resource object is updated by server.
+     * @param base Object whose value is updated.
+     */
+    virtual void value_updated(M2MBase *base) = 0;
+};
+#endif // M2M_NSDL_OBSERVER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/m2mreporthandler.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,181 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef M2MREPORTHANDLER_H
+#define M2MREPORTHANDLER_H
+
+// Support for std args
+#include <stdint.h>
+#include "mbed-client/m2mconfig.h"
+#include "mbed-client/m2mbase.h"
+#include "mbed-client/m2mtimerobserver.h"
+#include "mbed-client/m2mresourceinstance.h"
+
+//FORWARD DECLARATION
+class M2MReportObserver;
+class M2MTimer;
+class M2MResourceInstance;
+
+/**
+ *  @brief M2MReportHandler.
+ *  This class is handles all the observation related operations.
+ */
+
+class M2MReportHandler: public M2MTimerObserver
+{
+private:
+    // Prevents the use of assignment operator by accident.
+    M2MReportHandler& operator=( const M2MReportHandler& /*other*/ );
+
+public:
+
+    M2MReportHandler(M2MReportObserver &observer);
+
+public:
+
+    /**
+     * Enum defining which write attributes are set.
+    */
+    enum {
+        Cancel = 1,
+        Pmin = 2,
+        Pmax = 4,
+        Lt = 8,
+        Gt = 16,
+        St = 32
+    };
+
+    /**
+     * Destructor
+     */
+    virtual ~M2MReportHandler();
+
+    /**
+     * @brief Sets that object is under observation.
+     * @param Value for the observation.
+     * @param handler, Handler object for sending
+     * observation callbacks.
+     */
+    virtual void set_under_observation(bool observed);
+
+    /**
+     * @brief Sets the value of the given resource.
+     * @param value, Value of the observed resource.
+     */
+    virtual void set_value(float value);
+
+    /**
+     * @brief Sets notification trigger.
+     */
+    void set_notification_trigger();
+
+    /**
+     * @brief Parses the received query for notification
+     * attribute.
+     * @param query Query to be parsed for attributes.
+     * @param type Type of the Base Object.
+     * @param resource_type Type of the Resource.
+     * @return true if required attributes are present else false.
+     */
+    virtual bool parse_notification_attribute(char *&query,
+                                              M2MBase::BaseType type,
+                                              M2MResourceInstance::ResourceType resource_type = M2MResourceInstance::OPAQUE);
+
+    /**
+    * @brief Set back to default values.
+    */
+    void set_default_values();
+
+    /**
+     * @brief Return write attribute flags.
+     */
+    uint8_t attribute_flags();
+
+protected : // from M2MTimerObserver
+
+    virtual void timer_expired(M2MTimerObserver::Type type =
+                               M2MTimerObserver::Notdefined);
+
+private:
+
+
+
+    bool set_notification_attribute(char* option,
+            M2MBase::BaseType type,
+            M2MResourceInstance::ResourceType resource_type);
+
+    /**
+     * @brief Schedule a report, if the pmin is exceeded
+     * then report immediately else store the state to be
+     * reported once the time fires.
+     */
+    void schedule_report();
+
+    /**
+    * @brief Reports a sample that satisfies the reporting criteria.
+    */
+    void report();
+
+    /**
+    * @brief Manage timers for pmin and pmax.
+    */
+    void handle_timers();
+
+    /**
+    * @brief Check whether notification params can be accepted.
+    */
+    bool check_attribute_validity();
+
+    /**
+    * @brief Stop pmin & pmax timers.
+    */
+    void stop_timers();
+
+    /**
+     * @brief Check if current value match threshold values.
+     * @return True if notify can be send otherwise false.
+     */
+    bool check_threshold_values();
+
+    /**
+     * @brief Check whether current value matches with GT & LT.
+     * @return True if current value match with GT or LT values.
+     */
+    bool check_gt_lt_params();
+
+private:
+
+    M2MReportObserver           &_observer;
+    float                       _pmax;
+    float                       _pmin;
+    float                       _gt;
+    float                       _lt;
+    float                       _st;
+    bool                        _pmin_exceeded;
+    bool                        _pmax_exceeded;
+    M2MTimer                    *_pmin_timer;
+    M2MTimer                    *_pmax_timer;        
+    float                       _high_step;
+    float                       _low_step;
+    float                       _current_value;
+    float                       _last_value;    
+    uint8_t                     _attribute_state;
+    bool                        _notify;
+
+friend class Test_M2MReportHandler;
+
+};
+
+#endif // M2MREPORTHANDLER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/m2mtlvdeserializer.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,184 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mvector.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+
+/**
+ * @brief M2MTLVDeserializer
+ * TLV Deserialiser get the object instances and resources as binary data and 
+ * builds the <code>lwm2m</code> representation from it. See OMA-LWM2M 
+ * specification, chapter 6.1 for the resource model and chapter 6.3.3 for
+ * the OMA-TLV specification.
+ */
+class M2MTLVDeserializer {
+
+public :
+
+    typedef enum {
+        None,
+        NotFound,
+        NotAllowed,
+        NotValid
+    } Error;
+
+    typedef enum {
+        Put,
+        Post
+    } Operation;
+
+
+    /**
+    * Constructor.
+    */
+    M2MTLVDeserializer();
+
+    /**
+    * Destructor.
+    */
+    virtual ~M2MTLVDeserializer();
+
+    /**
+     * This method checks whether the given binary encodes an object instance
+     * or something else. It returns <code>true</code> if bits 7-6 of the first
+     * byte is "00".
+     * @param tlv Binary to be checked as LWM2M object instance
+     * @return <code>true</code> or <code>false</code>.
+     */
+    bool is_object_instance(uint8_t *tlv);
+
+    
+    /**
+     * This method checks whether the given binary encodes a resource or 
+     * something else. It returns <code>true</code> if bits 7-6 of the first
+     * byte is "11".
+     * @param tlv Binary to be checked as LWM2M resource.
+     * @return <code>true</code> or <code>false</code>.
+     */
+    bool is_resource(uint8_t *tlv);
+
+    /**
+     * This method checks whether the given binary encodes a multiple resource
+     * or something else. It returns <code>true</code> if bits 7-6 of the first
+     * byte is "10".
+     * @param tlv Binary to be checked as LWM2M multiple resource.
+     * @return <code>true</code> or <code>false</code>.
+     */
+    bool is_multiple_resource(uint8_t *tlv);
+    
+    /**
+     * This method checks whether the given binary encodes a resource instance
+     * or something else. It returns <code>true</code> if bits 7-6 of the first
+     * byte is "01".
+     * @param tlv Binary to be checked as LWM2M resource instance.
+     * @return <code>true</code> or <code>false</code>.
+     */
+    bool is_resource_instance(uint8_t *tlv);
+
+    /**
+     * Deserialises the given binary that must encode object instances. Binary
+     * array can be checked before invoking this method with 
+     */
+    M2MTLVDeserializer::Error deserialise_object_instances(uint8_t* tlv,
+                                                           uint32_t tlv_size,
+                                                           M2MObject &object,
+                                                           M2MTLVDeserializer::Operation operation);
+
+    /**
+     * Deserialises the given binary that must encode resources. Binary array 
+     * can be checked before invoking this method.
+     */
+    M2MTLVDeserializer::Error deserialize_resources(uint8_t *tlv,
+                                                    uint32_t tlv_size,
+                                                    M2MObjectInstance &object_instance,
+                                                    M2MTLVDeserializer::Operation operation);
+
+    /**
+     * Deserialises the given binary that must encode resource instances. Binary array
+     * can be checked before invoking this method.
+     */
+    M2MTLVDeserializer::Error deserialize_resource_instances(uint8_t *tlv,
+                                                             uint32_t tlv_size,
+                                                             M2MResource &resource,
+                                                             M2MTLVDeserializer::Operation operation);
+    /**
+     * This method return object instance id or resource id.
+     * @param tlv Binary to be checked
+     * @return Object instance id or resource id.
+     */
+    uint16_t instance_id(uint8_t *tlv);
+    
+private:
+
+    M2MTLVDeserializer::Error deserialize_object_instances(uint8_t *tlv,
+                                                           uint32_t tlv_size,
+                                                           uint32_t offset,
+                                                           M2MObject &object,
+                                                           M2MTLVDeserializer::Operation operation,
+                                                           bool update_value);
+    
+    M2MTLVDeserializer::Error deserialize_resources(uint8_t *tlv,
+                                                    uint32_t tlv_size,
+                                                    uint32_t offset,
+                                                    M2MObjectInstance &object_instance,
+                                                    M2MTLVDeserializer::Operation operation,
+                                                    bool update_value);
+
+    M2MTLVDeserializer::Error deserialize_resource_instances(uint8_t *tlv,
+                                                             uint32_t tlv_size,
+                                                             uint32_t offset,
+                                                             M2MResource &resource,
+                                                             M2MObjectInstance &object_instance,
+                                                             M2MTLVDeserializer::Operation operation,
+                                                             bool update_value);
+
+    M2MTLVDeserializer::Error deserialize_resource_instances(uint8_t *tlv,
+                                                             uint32_t tlv_size,
+                                                             uint32_t offset,
+                                                             M2MResource &resource,
+                                                             M2MTLVDeserializer::Operation operation,
+                                                             bool update_value);
+
+    bool is_object_instance(uint8_t *tlv, uint32_t offset);
+    
+    bool is_resource(uint8_t *tlv, uint32_t offset);
+    
+    bool is_multiple_resource(uint8_t *tlv, uint32_t offset);
+    
+    bool is_resource_instance(uint8_t *tlv, uint32_t offset);
+};
+
+class TypeIdLength {
+
+public:
+
+    static TypeIdLength* createTypeIdLength(uint8_t *tlv, uint32_t offset);
+
+    TypeIdLength* deserialize();
+
+    void deserialiseID (uint32_t idLength);
+
+    void deserialiseLength (uint32_t lengthType);
+
+    uint8_t             *_tlv;
+    uint32_t            _offset;
+    uint32_t            _type;
+    uint16_t            _id;
+    uint32_t            _length;
+
+    friend class Test_M2MTLVDeserializer;
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/m2mtlvserializer.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mvector.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+
+/**
+ * @brief M2MTLVSerializer
+ * TLV Serialiser constructs the binary representation of object instances,
+ * resources and resource instances (see OMA-LWM2M specification, chapter 6.1
+ * for resource model) as OMA-TLV according described in chapter 6.3.3. 
+ * 
+ */
+class M2MTLVSerializer {
+
+public:
+
+    /**
+    * Constructor.
+    */
+    M2MTLVSerializer();
+
+    /**
+    * Destructor.
+    */
+    virtual ~M2MTLVSerializer();
+
+    /**
+     * Serialises given objects instances that contain resources or multiple 
+     * resources. Object instance IDs are also encoded. This method must be 
+     * used when an operation targets an object with (potential) multiple 
+     * instances like "GET /1". In that case the generated TLV will contain the
+     * following data:
+     * <ul>
+     * <li> ./0
+     * <li> ./0/0
+     * <li> ./0/1
+     * <li> ...
+     * <li> ./1
+     * <li> ./1/0
+     * <li> ./1/1
+     * <li> ...
+     * </ul>
+     *    
+     * @param objects List of object instances.
+     * @return Object instances encoded binary as OMA-TLV 
+     * @see #serializeObjectInstances(List) 
+     */
+    uint8_t* serialize(M2MObjectInstanceList object_instance_list, uint32_t &size);
+
+    /**
+     * Serialises given resources with no information about the parent object
+     * instance. This method must be used when an operation targets an object
+     * instance like "GET /1/0" or a single-instance object like "GET /3//".
+     * Resources may have single or multiple instances. The generated TLV will 
+     * contain the following data as response to "GET /3//":
+     * <ul>
+     * <li> ./0
+     * <li> ./1
+     * <li> ./2
+     * <li> ./6/0 (1st instance of a multiple resource)
+     * <li> ./6/1 (2nd instance of a multiple resource)
+     * <li> ...
+     * </ul>
+     * @param resources Array of resources and resource instances.
+     * @return Resources encoded binary as OMA-TLV
+     * @see #serializeResources(List)
+     */
+    uint8_t* serialize(M2MResourceList resource_list, uint32_t &size);
+
+    uint8_t* serialize(M2MResource *resource, uint32_t &size);
+
+private :
+
+    uint8_t* serialize_object_instances(M2MObjectInstanceList object_instance_list, uint32_t &size);
+
+    uint8_t* serialize_resources(M2MResourceList resource_list, uint32_t &size, bool &valid);
+
+    void serialize(uint16_t id, M2MObjectInstance *object_instance, uint8_t *&data, uint32_t &size);
+    
+    bool serialize (M2MResource *resource, uint8_t *&data, uint32_t &size);
+
+    bool serialize_resource(M2MResource *resource, uint8_t *&data, uint32_t &size);
+
+    bool serialize_multiple_resource(M2MResource *resource, uint8_t *&data, uint32_t &size);
+
+    void serialize_resource_instance(uint16_t id, M2MResourceInstance *resource, uint8_t *&data, uint32_t &size);
+    
+    void serialize_TILV (uint8_t type, uint16_t id, uint8_t *value, uint32_t value_length, uint8_t *&data, uint32_t &size);
+
+    uint8_t* serialize_id(uint16_t id, uint32_t &size);
+
+    uint8_t* serialize_length(uint32_t length, uint32_t &size);
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/nsdlaccesshelper.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef NSDL_ACCESS_HELPER_H
+#define NSDL_ACCESS_HELPER_H
+
+#include "include/m2mnsdlinterface.h"
+
+extern M2MNsdlInterface  *__nsdl_interface;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+uint8_t __nsdl_c_callback(struct nsdl_s * nsdl_handle,
+                          sn_coap_hdr_s *received_coap_ptr,
+                          sn_nsdl_addr_s *address,
+                          sn_nsdl_capab_e nsdl_capab);
+void *__nsdl_c_memory_alloc(uint16_t size);
+void __nsdl_c_memory_free(void *ptr);
+uint8_t __nsdl_c_send_to_server(struct nsdl_s * nsdl_handle,
+                                sn_nsdl_capab_e protocol,
+                                uint8_t *data_ptr,
+                                uint16_t data_len,
+                                sn_nsdl_addr_s *address_ptr);
+uint8_t __nsdl_c_received_from_server(struct nsdl_s * nsdl_handle,
+                                      sn_coap_hdr_s *coap_header,
+                                      sn_nsdl_addr_s *address_ptr);
+void __nsdl_c_bootstrap_done(sn_nsdl_oma_server_info_t *server_info_ptr);
+void *__socket_malloc( void * context, size_t size);
+void __socket_free(void * context, void * ptr);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // NSDL_ACCESS_HELPER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/nsdllinker.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef NSDL_LINKER_H
+#define NSDL_LINKER_H
+
+#include <stdint.h>
+#include "nsdl-c/sn_nsdl.h"        // libCoap includes
+#include "nsdl-c/sn_coap_header.h"
+#include "nsdl-c/sn_coap_protocol.h"
+#include "nsdl-c/sn_nsdl_lib.h"
+#include "ns_list.h"
+
+#endif // NSDL_LINKER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/include/smartpointer.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef SMART_POINTER_H
+#define SMART_POINTER_H
+
+class ReferenceCount
+{
+private:
+
+    int _count; // Reference count
+
+public:
+
+void add_ref()
+{
+    // Increment the reference count
+    _count++;
+}
+
+int release()
+{
+    // Decrement the reference count and
+    // return the reference count.
+    return --_count;
+}
+};
+
+template < typename T > class SmartPointer
+{
+private:
+
+    T                   *_data;         // Generic pointer to be stored
+    ReferenceCount      *_reference;    // Reference count
+
+
+public:
+
+SmartPointer()
+: _data(0), _reference(0)
+{
+    // Create a new reference
+    _reference = new ReferenceCount();
+    // Increment the reference count
+    _reference->add_ref();
+}
+
+SmartPointer(T* value)
+: _data(value), _reference(0)
+{
+    // Create a new reference
+    _reference = new ReferenceCount();
+    // Increment the reference count
+    _reference->add_ref();
+}
+
+SmartPointer(const SmartPointer<T>& smart_pointer)
+: _data(smart_pointer._data), reference(smart_pointer._reference)
+{
+    // Copy constructor
+    // Copy the data and reference pointer
+    // and increment the reference count
+    _reference->add_ref();
+}
+
+~SmartPointer()
+{
+    if(_reference->release() == 0) {
+        delete _data;
+        delete _reference;
+    }
+}
+
+T& operator* ()
+{
+    return *_data;
+}
+
+T* operator-> ()
+{
+    return _data;
+}
+
+SmartPointer<T>& operator = (const SmartPointer<T>& smart_pointer)
+{
+    // Assignment operator
+    if (this != &SmartPointer) { // Avoid self assignment
+        // Decrement the old reference count
+        // if reference become zero delete the old data
+        if(_reference->release() == 0) {
+           delete _data;
+           delete _reference;
+        }
+
+        // Copy the data and reference pointer
+        // and increment the reference count
+        _data = SmartPointer._data;
+        _reference = SmartPointer._reference;
+        _reference->add_ref();
+    }
+    return *this;
+}
+
+};
+
+#endif // SMART_POINTER_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mbase.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,402 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mbase.h"
+#include "mbed-client/m2mobservationhandler.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mtimer.h"
+#include "include/m2mreporthandler.h"
+#include "include/nsdllinker.h"
+#include "ns_trace.h"
+#include <ctype.h>
+#include <string.h>
+
+M2MBase& M2MBase::operator=(const M2MBase& other)
+{
+    if (this != &other) { // protect against invalid self-assignment
+        _operation = other._operation;
+        _mode = other._mode;
+        _name = other._name;
+        _resource_type = other._resource_type;
+        _interface_description = other._interface_description;
+        _coap_content_type = other._coap_content_type;
+        _instance_id = other._instance_id;
+        _observable = other._observable;
+        _observation_number = other._observation_number;
+        _observation_level = other._observation_level;
+        _observation_handler = other._observation_handler;
+
+        if(_token) {
+            free(_token);
+            _token = NULL;
+            _token_length = 0;
+        }
+        _token_length = other._token_length;
+        if(other._token) {
+            _token = (uint8_t *)malloc(other._token_length+1);
+            if(_token) {
+                memset(_token, 0, other._token_length+1);
+                memcpy((uint8_t *)_token, (uint8_t *)other._token, other._token_length);
+            }
+        }
+
+        if(_report_handler) {
+            delete _report_handler;
+            _report_handler = NULL;
+        }
+        if(other._report_handler) {
+            _report_handler = new M2MReportHandler(*other._report_handler);
+        }
+    }
+    return *this;
+}
+
+M2MBase::M2MBase(const M2MBase& other) :
+    _report_handler(NULL),
+    _token(NULL),
+    _token_length(0)
+{
+    _operation = other._operation;
+    _mode = other._mode;
+    _name = other._name;
+    _resource_type = other._resource_type;
+    _interface_description = other._interface_description;
+    _coap_content_type = other._coap_content_type;
+    _instance_id = other._instance_id;
+    _observable = other._observable;
+    _observation_handler = other._observation_handler;
+    _observation_number = other._observation_number;
+    _observation_level = other._observation_level;
+
+    _token_length = other._token_length;
+    if(other._token) {
+        _token = (uint8_t *)malloc(other._token_length+1);
+        if(_token) {
+            memset(_token, 0, other._token_length+1);
+            memcpy((uint8_t *)_token, (uint8_t *)other._token, other._token_length);
+        }
+    }
+
+    if(other._report_handler) {
+        _report_handler = new M2MReportHandler(*other._report_handler);
+    }
+}
+
+M2MBase::M2MBase(const String & resource_name,
+                 M2MBase::Mode mde)
+: _report_handler(NULL),
+  _observation_handler(NULL),
+  _operation(M2MBase::NOT_ALLOWED),  
+  _mode(mde),
+  _observation_level(M2MBase::None),
+  _name(resource_name),
+  _coap_content_type(0),
+  _instance_id(0),
+  _observable(false),
+  _observation_number(0),
+  _token(NULL),
+  _token_length(0)
+{
+    if(is_integer(_name) && _name.size() <= MAX_ALLOWED_STRING_LENGTH) {
+        _name_id = strtoul(_name.c_str(), NULL, 10);
+        if(_name_id > 65535){
+            _name_id = -1;
+        }
+    } else {
+        _name_id = -1;
+    }
+}
+
+M2MBase::~M2MBase()
+{
+    if(_report_handler) {
+        delete _report_handler;
+        _report_handler = NULL;
+    }
+    if(_token) {
+        free(_token);
+        _token = NULL;
+        _token_length = 0;
+    }
+}
+
+void M2MBase::set_operation(M2MBase::Operation opr)
+{
+    // If the mode is Static, there is only GET_ALLOWED
+   // supported.
+    if(M2MBase::Static == _mode) {
+            _operation = M2MBase::GET_ALLOWED;
+    } else {
+        _operation = opr;
+    }
+}
+
+void M2MBase::set_interface_description(const String &desc)
+{
+    _interface_description = desc;
+}
+
+void M2MBase::set_resource_type(const String &res_type)
+{
+    _resource_type = res_type;
+}
+
+void M2MBase::set_coap_content_type(const uint8_t con_type)
+{
+    _coap_content_type = con_type;
+}
+
+void M2MBase::set_observable(bool observable)
+{
+   _observable = observable;
+}
+
+void M2MBase::add_observation_level(M2MBase::Observation observation_level)
+{
+    _observation_level = (M2MBase::Observation)(_observation_level | observation_level);
+}
+
+void M2MBase::remove_observation_level(M2MBase::Observation observation_level)
+{
+    _observation_level = (M2MBase::Observation)(_observation_level ^ observation_level);
+}
+
+void M2MBase::set_under_observation(bool observed,
+                                    M2MObservationHandler *handler)
+{
+
+    tr_debug("M2MBase::set_under_observation - observed: %d", observed);
+    tr_debug("M2MBase::set_under_observation - _base_type: %d", _base_type);
+    _observation_handler = handler;
+    if(handler) {
+        if (_base_type != M2MBase::ResourceInstance) {
+            if(!_report_handler){
+                _report_handler = new M2MReportHandler(*this);
+            }
+            _report_handler->set_under_observation(observed);
+        }
+    } else {
+        if(_report_handler) {
+            delete _report_handler;
+            _report_handler = NULL;
+        }
+    }
+}
+
+void M2MBase::set_observation_token(const uint8_t *token, const uint8_t length)
+{
+    if(_token) {
+         free(_token);
+         _token = NULL;
+         _token_length = 0;
+    }
+
+    if( token != NULL && length > 0 ) {
+        _token = (uint8_t *)malloc(length+1);
+       if(_token) {
+            memset(_token, 0, length+1);
+            memcpy((uint8_t *)_token, (uint8_t *)token, length);
+            _token_length = length;
+        }
+    }
+}
+
+void M2MBase::set_instance_id(const uint16_t inst_id)
+{
+    _instance_id = inst_id;
+}
+
+void M2MBase::set_observation_number(const uint16_t observation_number)
+{
+    _observation_number = observation_number;
+}
+
+M2MBase::BaseType M2MBase::base_type() const
+{
+    return _base_type;
+}
+
+M2MBase::Operation M2MBase::operation() const
+{
+    return _operation;
+}
+
+const String& M2MBase::name() const
+{
+    return _name;
+}
+
+int32_t M2MBase::name_id() const
+{
+    return _name_id;
+}
+
+uint16_t M2MBase::instance_id() const
+{
+    return _instance_id;
+}
+
+const String& M2MBase::interface_description() const
+{
+    return _interface_description;
+}
+
+const String& M2MBase::resource_type() const
+{
+    return _resource_type;
+}
+
+uint8_t M2MBase::coap_content_type() const
+{
+    return _coap_content_type;
+}
+
+bool M2MBase::is_observable() const
+{
+    return _observable;
+}
+
+M2MBase::Observation M2MBase::observation_level() const
+{
+    return _observation_level;
+}
+
+void M2MBase::get_observation_token(uint8_t *&token, uint32_t &token_length)
+{
+    token_length = 0;
+    if(token) {
+        free(token);
+        token = NULL;
+    }
+    token = (uint8_t *)malloc(_token_length+1);
+    if(token) {
+        token_length = _token_length;
+        memset(token, 0, _token_length+1);
+        memcpy((uint8_t *)token, (uint8_t *)_token, token_length);
+    }
+}
+
+M2MBase::Mode M2MBase::mode() const
+{
+    return _mode;
+}
+
+uint16_t M2MBase::observation_number() const
+{
+    return _observation_number;
+}
+
+bool M2MBase::handle_observation_attribute(char *&query)
+{
+    tr_debug("M2MBase::handle_observation_attribute");
+    bool success = false;
+    if(_report_handler) {
+        success = _report_handler->parse_notification_attribute(query,_base_type);
+        if (success) {
+            if ((_report_handler->attribute_flags() & M2MReportHandler::Cancel) == 0) {
+                _report_handler->set_under_observation(true);
+            } else {
+                _report_handler->set_under_observation(false);
+            }
+        }
+    }
+    return success;
+}
+
+void M2MBase::observation_to_be_sent()
+{
+    //TODO: Move this to M2MResourceInstance
+    if(_observation_handler) {
+       _observation_handler->observation_to_be_sent(this);
+    }
+}
+
+void M2MBase::set_base_type(M2MBase::BaseType type)
+{
+    _base_type = type;
+}
+
+void M2MBase::remove_resource_from_coap(const String &resource_name)
+{
+    if(_observation_handler) {
+        _observation_handler->resource_to_be_deleted(resource_name);
+    }
+}
+
+void M2MBase::remove_object_from_coap()
+{
+    if(_observation_handler) {
+        _observation_handler->remove_object(this);
+    }
+}
+
+sn_coap_hdr_s* M2MBase::handle_get_request(nsdl_s */*nsdl*/,
+                                           sn_coap_hdr_s */*received_coap_header*/,
+                                           M2MObservationHandler */*observation_handler*/)
+{
+    //Handled in M2MResource, M2MObjectInstance and M2MObject classes
+    return NULL;
+}
+
+sn_coap_hdr_s* M2MBase::handle_put_request(nsdl_s */*nsdl*/,
+                                           sn_coap_hdr_s */*received_coap_header*/,
+                                           M2MObservationHandler */*observation_handler*/)
+{
+    //Handled in M2MResource, M2MObjectInstance and M2MObject classes
+    return NULL;
+}
+
+sn_coap_hdr_s* M2MBase::handle_post_request(nsdl_s */*nsdl*/,
+                                            sn_coap_hdr_s */*received_coap_header*/,
+                                            M2MObservationHandler */*observation_handler*/)
+{
+    //Handled in M2MResource, M2MObjectInstance and M2MObject classes
+    return NULL;
+}
+
+void *M2MBase::memory_alloc(uint16_t size)
+{
+    if(size)
+        return malloc(size);
+    else
+        return 0;
+}
+
+void M2MBase::memory_free(void *ptr)
+{
+    if(ptr)
+        free(ptr);
+}
+
+M2MReportHandler* M2MBase::report_handler()
+{
+    return _report_handler;
+}
+
+M2MObservationHandler* M2MBase::observation_handler()
+{
+    return _observation_handler;
+}
+
+bool M2MBase::is_integer(const String &value)
+{
+    const char *s = value.c_str();
+    if(value.empty() || ((!isdigit(s[0])) && (s[0] != '-') && (s[0] != '+'))) {
+        return false;
+    }
+    char * p ;
+    strtol(value.c_str(), &p, 10);
+    return (*p == 0);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mconstants.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mconstants.h"
+const String COAP = "coap://";
+
+// PUT attributes to be checked from server
+const String EQUAL = "=";
+const String AMP = "&";
+const String PMIN = "pmin";
+const String PMAX = "pmax";
+const String GT = "gt";
+const String LT = "lt";
+const String ST = "st";
+const String CANCEL = "cancel";
+
+
+//LWM2MOBJECT NAME/ID
+const String M2M_SECURITY_ID = "0";
+const String M2M_SERVER_ID = "1";
+const String M2M_ACCESS_CONTROL_ID = "2";
+const String M2M_DEVICE_ID = "3";
+
+const String M2M_CONNECTIVITY_MONITOR_ID = "4";
+const String M2M_FIRMWARE_ID = "5";
+const String M2M_LOCATION_ID = "6";
+const String M2M_CONNECTIVITY_STATISTICS_ID = "7";
+const String RESERVED_ID = "8";
+
+//OMA RESOURCE TYPE
+const String OMA_RESOURCE_TYPE = ""; //oma.lwm2m
+
+//DEVICE RESOURCES
+const String DEVICE_MANUFACTURER = "0";
+const String DEVICE_DEVICE_TYPE = "17";
+const String DEVICE_MODEL_NUMBER = "1";
+const String DEVICE_SERIAL_NUMBER = "2";
+const String DEVICE_HARDWARE_VERSION = "18";
+const String DEVICE_FIRMWARE_VERSION = "3";
+const String DEVICE_SOFTWARE_VERSION = "19";
+const String DEVICE_REBOOT = "4";
+const String DEVICE_FACTORY_RESET = "5";
+const String DEVICE_AVAILABLE_POWER_SOURCES = "6";
+const String DEVICE_POWER_SOURCE_VOLTAGE = "7";
+const String DEVICE_POWER_SOURCE_CURRENT = "8";
+const String DEVICE_BATTERY_LEVEL = "9";
+const String DEVICE_BATTERY_STATUS = "20";
+const String DEVICE_MEMORY_FREE = "10";
+const String DEVICE_MEMORY_TOTAL = "21";
+const String DEVICE_ERROR_CODE = "11";
+const String DEVICE_RESET_ERROR_CODE = "12";
+const String DEVICE_CURRENT_TIME = "13";
+const String DEVICE_UTC_OFFSET = "14";
+const String DEVICE_TIMEZONE = "15";
+const String DEVICE_SUPPORTED_BINDING_MODE = "16";
+
+const String BINDING_MODE_UDP = "U";
+const String BINDING_MODE_UDP_QUEUE = "UQ";
+const String BINDING_MODE_SMS = "S";
+const String BINDING_MODE_SMS_QUEUE = "SQ";
+
+const String ERROR_CODE_VALUE = "0";
+
+
+
+//SECURITY RESOURCES
+const String SECURITY_M2M_SERVER_URI = "0";
+const String SECURITY_BOOTSTRAP_SERVER = "1";
+const String SECURITY_SECURITY_MODE = "2";
+const String SECURITY_PUBLIC_KEY = "3";
+const String SECURITY_SERVER_PUBLIC_KEY = "4";
+const String SECURITY_SECRET_KEY = "5";
+const String SECURITY_SMS_SECURITY_MODE = "6";
+const String SECURITY_SMS_BINDING_KEY = "7";
+const String SECURITY_SMS_BINDING_SECRET_KEY = "8";
+const String SECURITY_M2M_SERVER_SMS_NUMBER = "9";
+const String SECURITY_SHORT_SERVER_ID = "10";
+const String SECURITY_CLIENT_HOLD_OFF_TIME = "11";
+
+//SERVER RESOURCES
+const String SERVER_SHORT_SERVER_ID = "0";
+const String SERVER_LIFETIME = "1";
+const String SERVER_DEFAULT_MIN_PERIOD = "2";
+const String SERVER_DEFAULT_MAX_PERIOD = "3";
+const String SERVER_DISABLE = "4";
+const String SERVER_DISABLE_TIMEOUT = "5";
+const String SERVER_NOTIFICATION_STORAGE = "6";
+const String SERVER_BINDING = "7";
+const String SERVER_REGISTRATION_UPDATE = "8";
+
+//FIRMWARE RESOURCES
+const String FIRMWARE_PACKAGE = "0";
+const String FIRMWARE_PACKAGE_URI = "1";
+const String FIRMWARE_UPDATE = "2";
+const String FIRMWARE_STATE = "3";
+const String FIRMWARE_UPDATE_SUPPORTED_OBJECTS = "4";
+const String FIRMWARE_UPDATE_RESULT = "5";
+const String FIRMWARE_PACKAGE_NAME = "6";
+const String FIRMWARE_PACKAGE_VERSION = "7";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mdevice.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,563 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <cstdio>
+#include "mbed-client/m2mdevice.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+#include "ns_trace.h"
+
+M2MDevice* M2MDevice::_instance = NULL;
+
+M2MDevice* M2MDevice::get_instance()
+{
+    if(_instance == NULL) {
+        _instance = new M2MDevice();
+    }
+    return _instance;
+}
+
+void M2MDevice::delete_instance()
+{
+    if(_instance) {
+        delete _instance;
+        _instance = NULL;
+    }
+}
+
+M2MDevice::M2MDevice()
+: M2MObject(M2M_DEVICE_ID)
+{
+    _device_instance = M2MObject::create_object_instance();
+
+    if(_device_instance) {
+        _device_instance->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+
+        M2MResource* res = _device_instance->create_dynamic_resource(DEVICE_REBOOT,
+                                                                     OMA_RESOURCE_TYPE,
+                                                                     M2MResourceInstance::OPAQUE,
+                                                                     false);
+        if(res) {
+            res->set_operation(M2MBase::POST_ALLOWED);
+        }
+
+        M2MResourceInstance* instance = _device_instance->create_dynamic_resource_instance(DEVICE_ERROR_CODE,
+                                                                 OMA_RESOURCE_TYPE,
+                                                                 M2MResourceInstance::INTEGER,
+                                                                 false,0);
+        if(instance) {
+            instance->set_operation(M2MBase::GET_ALLOWED);
+            instance->set_value((const uint8_t*)ERROR_CODE_VALUE.c_str(),
+                           (uint32_t)ERROR_CODE_VALUE.length());
+        }
+        res = _device_instance->create_dynamic_resource(DEVICE_SUPPORTED_BINDING_MODE,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::STRING,
+                                                        false);
+        if(res) {
+            res->set_operation(M2MBase::GET_ALLOWED);
+            res->set_value((const uint8_t*)BINDING_MODE_UDP.c_str(),
+                           (uint32_t)BINDING_MODE_UDP.length());
+        }
+    }
+}
+
+M2MDevice::~M2MDevice()
+{
+}
+
+M2MResource* M2MDevice::create_resource(DeviceResource resource, const String &value)
+{
+    M2MResource* res = NULL;
+    String device_id = "";
+    M2MBase::Operation operation = M2MBase::GET_ALLOWED;
+    if(!is_resource_present(resource) && value.size() <= MAX_ALLOWED_STRING_LENGTH) {
+        switch(resource) {
+            case Manufacturer:
+               device_id = DEVICE_MANUFACTURER;
+               break;
+            case DeviceType:
+                device_id = DEVICE_DEVICE_TYPE;
+                break;
+            case ModelNumber:
+                device_id = DEVICE_MODEL_NUMBER;
+                break;
+            case SerialNumber:
+                device_id = DEVICE_SERIAL_NUMBER;
+                break;
+            case HardwareVersion:
+                device_id = DEVICE_HARDWARE_VERSION;
+                break;
+            case FirmwareVersion:
+                device_id = DEVICE_FIRMWARE_VERSION;
+                break;
+            case SoftwareVersion:
+                device_id = DEVICE_SOFTWARE_VERSION;
+                break;
+            case UTCOffset:
+                device_id = DEVICE_UTC_OFFSET;
+                operation = M2MBase::GET_PUT_ALLOWED;
+                break;
+            case Timezone:
+                device_id = DEVICE_TIMEZONE;
+                operation = M2MBase::GET_PUT_ALLOWED;
+                break;
+            default:
+                break;
+        }
+    }
+    if(!device_id.empty()) {
+        if(_device_instance) {
+            res = _device_instance->create_dynamic_resource(device_id,
+                                                            OMA_RESOURCE_TYPE,
+                                                            M2MResourceInstance::STRING,
+                                                            false);
+
+            if(res ) {
+                res->set_operation(operation);
+                if (value.empty()) {
+                    res->clear_value();
+                } else {
+                    res->set_value((const uint8_t*)value.c_str(),
+                                   (uint32_t)value.length());
+                }
+            }
+        }
+    }
+    return res;
+}
+
+M2MResource* M2MDevice::create_resource(DeviceResource resource, int64_t value)
+{
+    M2MResource* res = NULL;
+    String device_id = "";
+    M2MBase::Operation operation = M2MBase::GET_ALLOWED;
+    if(!is_resource_present(resource)) {
+        switch(resource) {        
+        case BatteryLevel:
+            if(check_value_range(resource, value)) {
+                device_id = DEVICE_BATTERY_LEVEL;
+            }
+            break;
+        case BatteryStatus:
+            if(check_value_range(resource, value)) {
+                device_id = DEVICE_BATTERY_STATUS;
+            }
+            break;
+        case MemoryFree:
+            device_id = DEVICE_MEMORY_FREE;
+            break;
+        case MemoryTotal:
+            device_id = DEVICE_MEMORY_TOTAL;
+            break;
+        case CurrentTime:
+            device_id = DEVICE_CURRENT_TIME;
+            operation = M2MBase::GET_PUT_ALLOWED;
+            break;
+        default:
+            break;
+        }
+    }
+    if(!device_id.empty()) {
+        if(_device_instance) {
+            res = _device_instance->create_dynamic_resource(device_id,
+                                                            OMA_RESOURCE_TYPE,
+                                                            M2MResourceInstance::INTEGER,
+                                                            false);
+
+            if(res) {
+                char *buffer = (char*)memory_alloc(20);
+                if(buffer) {
+                    int size = snprintf(buffer, 20,"%lld", (long long int)value);
+                    res->set_operation(operation);
+                    res->set_value((const uint8_t*)buffer,
+                                   (uint32_t)size);
+                    memory_free(buffer);
+                }
+            }
+        }
+    }
+    return res;
+}
+
+M2MResourceInstance* M2MDevice::create_resource_instance(DeviceResource resource, int64_t value,
+                                                 uint16_t instance_id)
+{
+    M2MResourceInstance* res = NULL;
+    String device_id = "";    
+    // For these resources multiple instance can exist
+    if(AvailablePowerSources == resource) {
+        if(check_value_range(resource, value)) {
+            device_id = DEVICE_AVAILABLE_POWER_SOURCES;
+        }
+    } else if(PowerSourceVoltage == resource) {
+        device_id = DEVICE_POWER_SOURCE_VOLTAGE;
+    } else if(PowerSourceCurrent == resource) {
+        device_id = DEVICE_POWER_SOURCE_CURRENT;
+    } else if(ErrorCode == resource) {
+        if(check_value_range(resource, value)) {
+            device_id = DEVICE_ERROR_CODE;
+        }
+    }
+
+    if(!device_id.empty()) {
+        if(_device_instance) {
+            res = _device_instance->create_dynamic_resource_instance(device_id,OMA_RESOURCE_TYPE,
+                                                                     M2MResourceInstance::INTEGER,
+                                                                     false, instance_id);
+
+            if(res) {
+                char *buffer = (char*)memory_alloc(20);
+                if(buffer) {
+                    int size = snprintf(buffer, 20,"%lld", (long long int)value);
+                    // Only read operation is allowed for above resources
+                    res->set_operation(M2MBase::GET_ALLOWED);
+                    res->set_value((const uint8_t*)buffer,
+                                   (uint32_t)size);
+                    memory_free(buffer);
+                }
+            }
+        }
+    }
+    return res;
+}
+M2MResource* M2MDevice::create_resource(DeviceResource resource)
+{
+    M2MResource* res = NULL;
+    if(!is_resource_present(resource)) {
+        String device_Id;
+        if(FactoryReset == resource) {
+            device_Id = DEVICE_FACTORY_RESET;
+        } else if(ResetErrorCode == resource) {
+            device_Id = DEVICE_RESET_ERROR_CODE;
+        }
+        if(_device_instance && !device_Id.empty()) {
+            res = _device_instance->create_dynamic_resource(device_Id,
+                                                            OMA_RESOURCE_TYPE,
+                                                            M2MResourceInstance::OPAQUE,
+                                                            false);
+            if(res) {
+                res->set_operation(M2MBase::POST_ALLOWED);
+            }
+        }
+    }
+    return res;
+}
+
+bool M2MDevice::delete_resource(DeviceResource resource)
+{
+    bool success = false;
+    if(M2MDevice::Reboot != resource             &&
+       M2MDevice::ErrorCode != resource          &&
+       M2MDevice::SupportedBindingMode != resource) {
+        if(_device_instance) {
+            success = _device_instance->remove_resource(resource_name(resource));
+        }
+    }
+    return success;
+}
+
+bool M2MDevice::delete_resource_instance(DeviceResource resource,
+                                         uint16_t instance_id)
+{
+    bool success = false;
+    if(M2MDevice::Reboot != resource             &&
+       M2MDevice::ErrorCode != resource          &&
+       M2MDevice::SupportedBindingMode != resource) {
+        if(_device_instance) {
+            success = _device_instance->remove_resource_instance(resource_name(resource),instance_id);
+        }
+    }
+    return success;
+}
+
+bool M2MDevice::set_resource_value(DeviceResource resource,
+                                   const String &value,
+                                   uint16_t instance_id)
+{
+    bool success = false;
+    M2MResourceInstance* res = get_resource_instance(resource,instance_id);
+    if(res && value.size() <= MAX_ALLOWED_STRING_LENGTH) {
+        if(M2MDevice::Manufacturer == resource          ||
+           M2MDevice::ModelNumber == resource           ||
+           M2MDevice::DeviceType == resource            ||
+           M2MDevice::SerialNumber == resource          ||
+           M2MDevice::HardwareVersion == resource       ||
+           M2MDevice::FirmwareVersion == resource       ||
+           M2MDevice::SoftwareVersion == resource       ||
+           M2MDevice::UTCOffset == resource             ||
+           M2MDevice::Timezone == resource) {
+                if (value.empty()) {
+                    res->clear_value();
+                    success = true;
+                } else {
+                    success = res->set_value((const uint8_t*)value.c_str(),(uint32_t)value.length());
+                }
+        }
+    }
+    return success;
+}
+
+bool M2MDevice::set_resource_value(DeviceResource resource,
+                                       int64_t value,
+                                       uint16_t instance_id)
+{
+    bool success = false;
+    M2MResourceInstance* res = get_resource_instance(resource,instance_id);
+    if(res) {
+        if(M2MDevice::BatteryLevel == resource          ||
+           M2MDevice::BatteryStatus == resource         ||
+           M2MDevice::MemoryFree == resource            ||
+           M2MDevice::MemoryTotal == resource           ||
+           M2MDevice::ErrorCode == resource             ||
+           M2MDevice::CurrentTime == resource           ||
+           M2MDevice::AvailablePowerSources == resource ||
+           M2MDevice::PowerSourceVoltage == resource    ||
+           M2MDevice::PowerSourceCurrent == resource) {
+            // If it is any of the above resource
+            // set the value of the resource.
+            if (check_value_range(resource, value)) {
+                char *buffer = (char*)memory_alloc(20);
+                if(buffer) {
+                    int size = snprintf(buffer, 20,"%lld",(long long int)value);
+                    success = res->set_value((const uint8_t*)buffer,
+                                             (uint32_t)size);
+                    memory_free(buffer);
+                }
+            }
+        }
+    }
+    return success;
+}
+
+String M2MDevice::resource_value_string(DeviceResource resource,
+                                        uint16_t instance_id) const
+{
+    String value = "";
+    M2MResourceInstance* res = get_resource_instance(resource,instance_id);
+    if(res) {
+        if(M2MDevice::Manufacturer == resource          ||
+           M2MDevice::ModelNumber == resource           ||
+           M2MDevice::DeviceType == resource            ||
+           M2MDevice::SerialNumber == resource          ||
+           M2MDevice::HardwareVersion == resource       ||
+           M2MDevice::FirmwareVersion == resource       ||
+           M2MDevice::SoftwareVersion == resource       ||
+           M2MDevice::UTCOffset == resource             ||
+           M2MDevice::Timezone == resource) {
+
+            uint8_t* buffer = NULL;
+            uint32_t length = 0;
+            res->get_value(buffer,length);
+
+            char *char_buffer = (char*)malloc(length+1);
+            if(char_buffer) {
+                memset(char_buffer,0,length+1);
+                memcpy(char_buffer,(char*)buffer,length);
+
+                String s_name(char_buffer);
+                value = s_name;
+                if(char_buffer) {
+                    free(char_buffer);
+                }
+            }
+            if(buffer) {
+                free(buffer);
+            }
+        }
+    }
+    return value;
+}
+
+int64_t M2MDevice::resource_value_int(DeviceResource resource,
+                                      uint16_t instance_id) const
+{
+    int64_t value = -1;
+    M2MResourceInstance* res = get_resource_instance(resource,instance_id);
+    if(res) {
+        if(M2MDevice::BatteryLevel == resource          ||
+           M2MDevice::BatteryStatus == resource         ||
+           M2MDevice::MemoryFree == resource            ||
+           M2MDevice::MemoryTotal == resource           ||
+           M2MDevice::ErrorCode == resource             ||
+           M2MDevice::CurrentTime == resource           ||
+           M2MDevice::AvailablePowerSources == resource ||
+           M2MDevice::PowerSourceVoltage == resource    ||
+           M2MDevice::PowerSourceCurrent == resource) {
+            // Get the value and convert it into integer
+            uint8_t* buffer = NULL;
+            uint32_t length = 0;
+            res->get_value(buffer,length);
+            if(buffer) {
+                value = atoi((const char*)buffer);
+                free(buffer);
+            }
+        }
+    }
+    return value;
+}
+
+bool M2MDevice::is_resource_present(DeviceResource resource) const
+{
+    bool success = false;
+    M2MResourceInstance* res = get_resource_instance(resource,0);
+    if(res) {
+        success = true;
+    }
+    return success;
+}
+
+uint16_t M2MDevice::per_resource_count(DeviceResource res) const
+{
+    uint16_t count = 0;
+    if(_device_instance) {
+        count = _device_instance->resource_count(resource_name(res));
+    }
+    return count;
+}
+
+uint16_t M2MDevice::total_resource_count() const
+{
+    uint16_t count = 0;
+    if(_device_instance) {
+        count = _device_instance->resources().size();
+    }
+    return count;
+}
+
+M2MResourceInstance* M2MDevice::get_resource_instance(DeviceResource dev_res,
+                                                      uint16_t instance_id) const
+{
+    M2MResource* res = NULL;
+    M2MResourceInstance* inst = NULL;
+    if(_device_instance) {
+        res = _device_instance->resource(resource_name(dev_res));
+        if(res) {
+            if(res->supports_multiple_instances()) {
+               inst = res->resource_instance(instance_id);
+            } else {
+                inst = res;
+            }
+        }
+    }
+    return inst;
+}
+
+String M2MDevice::resource_name(DeviceResource resource) const
+{
+    String res_name = "";
+    switch(resource) {
+        case Manufacturer:
+            res_name = DEVICE_MANUFACTURER;
+            break;
+        case DeviceType:
+            res_name = DEVICE_DEVICE_TYPE;
+            break;
+        case ModelNumber:
+            res_name = DEVICE_MODEL_NUMBER;
+            break;
+        case SerialNumber:
+            res_name = DEVICE_SERIAL_NUMBER;
+            break;
+        case HardwareVersion:
+            res_name = DEVICE_HARDWARE_VERSION;
+            break;
+        case FirmwareVersion:
+            res_name = DEVICE_FIRMWARE_VERSION;
+            break;
+        case SoftwareVersion:
+            res_name = DEVICE_SOFTWARE_VERSION;
+            break;
+        case Reboot:
+            res_name = DEVICE_REBOOT;
+            break;
+        case FactoryReset:
+            res_name = DEVICE_FACTORY_RESET;
+            break;
+        case AvailablePowerSources:
+            res_name = DEVICE_AVAILABLE_POWER_SOURCES;
+            break;
+        case PowerSourceVoltage:
+            res_name = DEVICE_POWER_SOURCE_VOLTAGE;
+            break;
+        case PowerSourceCurrent:
+            res_name = DEVICE_POWER_SOURCE_CURRENT;
+            break;
+        case BatteryLevel:
+            res_name = DEVICE_BATTERY_LEVEL;
+            break;
+        case BatteryStatus:
+            res_name = DEVICE_BATTERY_STATUS;
+            break;
+        case MemoryFree:
+            res_name = DEVICE_MEMORY_FREE;
+            break;
+        case MemoryTotal:
+            res_name = DEVICE_MEMORY_TOTAL;
+            break;
+        case ErrorCode:
+            res_name = DEVICE_ERROR_CODE;
+            break;
+        case ResetErrorCode:
+            res_name = DEVICE_RESET_ERROR_CODE;
+            break;
+        case CurrentTime:
+            res_name = DEVICE_CURRENT_TIME;
+            break;
+        case UTCOffset:
+            res_name = DEVICE_UTC_OFFSET;
+            break;
+        case Timezone:
+            res_name = DEVICE_TIMEZONE;
+            break;
+        case SupportedBindingMode:
+            res_name = DEVICE_SUPPORTED_BINDING_MODE;
+            break;
+    }
+    return res_name;
+}
+
+bool M2MDevice::check_value_range(DeviceResource resource, int64_t value) const
+{
+    bool success = false;
+    switch (resource) {
+        case AvailablePowerSources:
+            if(value >= 0 && value <= 7) {
+                success = true;
+            }
+            break;
+        case BatteryLevel:
+            if (value >= 0 && value <= 100) {
+                success = true;
+            }
+            break;
+        case BatteryStatus:
+            if (value >= 0 && value <= 6) {
+                success = true;
+            }
+            break;
+        case ErrorCode:
+            if (value >= 0 && value <= 8) {
+                success = true;
+            }
+            break;
+    default:
+        success = true;
+        break;
+    }
+    return success;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mfirmware.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,444 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <cstdio>
+#include "mbed-client/m2mfirmware.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+
+M2MFirmware* M2MFirmware::_instance = NULL;
+
+M2MFirmware* M2MFirmware::get_instance()
+{
+    if(_instance == NULL) {
+        _instance = new M2MFirmware();
+    }
+    return _instance;
+}
+
+void M2MFirmware::delete_instance()
+{
+    if(_instance) {
+        delete _instance;
+        _instance = NULL;
+    }
+}
+
+M2MFirmware::M2MFirmware()
+: M2MObject(M2M_FIRMWARE_ID)
+{
+    _firmware_instance = M2MObject::create_object_instance();
+    if(_firmware_instance) {
+        create_mandatory_resources();
+    }
+}
+
+M2MFirmware::~M2MFirmware()
+{
+}
+
+void M2MFirmware::create_mandatory_resources()
+{
+    _firmware_instance->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+    M2MResource* res = _firmware_instance->create_dynamic_resource(FIRMWARE_PACKAGE,
+                                                                 OMA_RESOURCE_TYPE,
+                                                                 M2MResourceInstance::OPAQUE,
+                                                                 false);
+    if(res) {
+        res->set_operation(M2MBase::PUT_ALLOWED);
+    }
+
+    res = _firmware_instance->create_dynamic_resource(FIRMWARE_PACKAGE_URI,
+                                                    OMA_RESOURCE_TYPE,
+                                                    M2MResourceInstance::STRING,
+                                                    false);
+    if(res) {
+        res->set_operation(M2MBase::PUT_ALLOWED);
+    }
+
+    res = _firmware_instance->create_dynamic_resource(FIRMWARE_UPDATE,
+                                                    OMA_RESOURCE_TYPE,
+                                                    M2MResourceInstance::OPAQUE,
+                                                    false);
+    if(res) {
+        res->set_operation(M2MBase::NOT_ALLOWED);
+    }
+
+    res = _firmware_instance->create_dynamic_resource(FIRMWARE_STATE,
+                                                    OMA_RESOURCE_TYPE,
+                                                    M2MResourceInstance::INTEGER,
+                                                    false);
+    if(res) {
+        res->set_operation(M2MBase::GET_ALLOWED);
+    }
+
+    res = _firmware_instance->create_dynamic_resource(FIRMWARE_UPDATE_RESULT,
+                                                    OMA_RESOURCE_TYPE,
+                                                    M2MResourceInstance::INTEGER,
+                                                    false);
+    if(res) {
+        res->set_operation(M2MBase::GET_ALLOWED);
+    }
+}
+
+M2MResource* M2MFirmware::create_resource(FirmwareResource resource, const String &value)
+{
+    M2MResource* res = NULL;
+    String firmware_id = "";
+    M2MBase::Operation operation = M2MBase::GET_ALLOWED;
+    if(!is_resource_present(resource)) {
+        switch(resource) {
+            case PackageName:
+                firmware_id = FIRMWARE_PACKAGE_NAME;
+                break;
+            case PackageVersion:
+                firmware_id = FIRMWARE_PACKAGE_VERSION;
+                break;
+            default:
+                break;
+        }
+    }
+    if(!firmware_id.empty() && value.size() < 256) {
+        if(_firmware_instance) {
+            res = _firmware_instance->create_dynamic_resource(firmware_id,
+                                                            OMA_RESOURCE_TYPE,
+                                                            M2MResourceInstance::STRING,
+                                                            false);
+
+            if(res) {
+                res->set_operation(operation);
+                if(value.empty()) {
+                    res->clear_value();
+                } else {
+                    res->set_value((const uint8_t*)value.c_str(),
+                                   (uint32_t)value.length());
+                }
+            }
+        }
+    }
+    return res;
+}
+
+M2MResource* M2MFirmware::create_resource(FirmwareResource resource, int64_t value)
+{
+    M2MResource* res = NULL;
+    String firmware_id = "";
+    M2MBase::Operation operation = M2MBase::GET_ALLOWED;
+    if(!is_resource_present(resource)) {
+        switch(resource) {
+        case UpdateSupportedObjects:
+            if(check_value_range(resource, value)) {
+                firmware_id = FIRMWARE_UPDATE_SUPPORTED_OBJECTS;
+                operation = M2MBase::GET_PUT_ALLOWED;
+            }
+            break;
+        default:
+            break;
+        }
+    }
+    if(!firmware_id.empty()) {
+        if(_firmware_instance) {
+            res = _firmware_instance->create_dynamic_resource(firmware_id,
+                                                            OMA_RESOURCE_TYPE,
+                                                            M2MResourceInstance::INTEGER,
+                                                            false);
+
+            if(res) {
+                char *buffer = (char*)memory_alloc(20);
+                if(buffer) {
+                    int size = snprintf(buffer, 20,"%lld",(long long int)value);
+
+                    res->set_operation(operation);
+                    res->set_value((const uint8_t*)buffer,
+                                   (uint32_t)size);
+                    memory_free(buffer);
+                }
+            }
+        }
+    }
+    return res;
+}
+
+bool M2MFirmware::set_resource_value(FirmwareResource resource,
+                                   const String &value)
+{
+    bool success = false;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MFirmware::PackageUri == resource  ||
+           M2MFirmware::PackageName == resource ||
+           M2MFirmware::PackageVersion == resource) {
+            if (value.size() < 256) {
+                if(value.empty()) {
+                    res->clear_value();
+                    success = true;
+                } else {
+                    success = res->set_value((const uint8_t*)value.c_str(),(uint32_t)value.length());
+                }
+            }
+        }
+    }
+    return success;
+}
+
+bool M2MFirmware::set_resource_value(FirmwareResource resource,
+                                       int64_t value)
+{
+    bool success = false;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MFirmware::State == resource          ||
+           M2MFirmware::UpdateSupportedObjects == resource ||
+           M2MFirmware::UpdateResult == resource) {
+            // If it is any of the above resource
+            // set the value of the resource.
+            if (check_value_range(resource, value)) {
+                char *buffer = (char*)memory_alloc(20);
+                if(buffer) {
+                    int size = snprintf(buffer, 20,"%lld",(long long int)value);
+                    success = res->set_value((const uint8_t*)buffer,
+                                             (uint32_t)size);
+                    memory_free(buffer);
+                }
+            }
+        }
+    }
+    return success;
+}
+
+bool M2MFirmware::set_resource_value(FirmwareResource resource,
+                                     const uint8_t *value,
+                                     const uint32_t length)
+{
+    bool success = false;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MFirmware::Package == resource) {
+            success = res->set_value(value,length);
+        }
+    }
+    return success;
+}
+
+bool M2MFirmware::is_resource_present(FirmwareResource resource) const
+{
+    bool success = false;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        success = true;
+    }
+    return success;
+}
+
+String M2MFirmware::resource_name(FirmwareResource resource) const
+{
+    String res_name = "";
+    switch(resource) {
+        case Package:
+            res_name = FIRMWARE_PACKAGE;
+            break;
+        case PackageUri:
+            res_name = FIRMWARE_PACKAGE_URI;
+            break;
+        case Update:
+            res_name = FIRMWARE_UPDATE;
+            break;
+        case State:
+            res_name = FIRMWARE_STATE;
+            break;
+        case UpdateSupportedObjects:
+            res_name = FIRMWARE_UPDATE_SUPPORTED_OBJECTS;
+            break;
+        case UpdateResult:
+            res_name = FIRMWARE_UPDATE_RESULT;
+            break;
+        case PackageName:
+            res_name = FIRMWARE_PACKAGE_NAME;
+            break;
+        case PackageVersion:
+            res_name = FIRMWARE_PACKAGE_VERSION;
+            break;
+    }
+    return res_name;
+}
+
+uint16_t M2MFirmware::per_resource_count(FirmwareResource res) const
+{
+    uint16_t count = 0;
+    if(_firmware_instance) {
+        count = _firmware_instance->resource_count(resource_name(res));
+    }
+    return count;
+}
+
+uint16_t M2MFirmware::total_resource_count() const
+{
+    uint16_t count = 0;
+    if(_firmware_instance) {
+        count = _firmware_instance->resources().size();
+    }
+    return count;
+}
+
+uint32_t M2MFirmware::resource_value_buffer(FirmwareResource resource,
+                               uint8_t *&data) const
+{
+    uint32_t size = 0;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MFirmware::Package == resource) {
+            res->get_value(data,size);
+        }
+    }
+    return size;
+}
+
+M2MResource* M2MFirmware::get_resource(FirmwareResource res) const
+{
+    M2MResource* res_object = NULL;
+    if(_firmware_instance) {
+        String res_name = "";
+        switch(res) {
+            case Package:
+                res_name = FIRMWARE_PACKAGE;
+                break;
+            case PackageUri:
+                res_name = FIRMWARE_PACKAGE_URI;
+                break;
+            case Update:
+                res_name = FIRMWARE_UPDATE;
+                break;
+            case State:
+                res_name = FIRMWARE_STATE;
+                break;
+            case UpdateSupportedObjects:
+                res_name = FIRMWARE_UPDATE_SUPPORTED_OBJECTS;
+                break;
+            case UpdateResult:
+                res_name = FIRMWARE_UPDATE_RESULT;
+                break;
+            case PackageName:
+                res_name = FIRMWARE_PACKAGE_NAME;
+                break;
+            case PackageVersion:
+                res_name = FIRMWARE_PACKAGE_VERSION;
+                break;
+        }
+        res_object = _firmware_instance->resource(res_name);
+    }
+    return res_object;
+}
+
+bool M2MFirmware::delete_resource(FirmwareResource resource)
+{
+    bool success = false;
+    if(M2MFirmware::UpdateSupportedObjects == resource ||
+       M2MFirmware::PackageName == resource            ||
+       M2MFirmware::PackageVersion == resource) {
+        if(_firmware_instance) {
+            success = _firmware_instance->remove_resource(resource_name(resource));
+        }
+    }
+    return success;
+}
+
+int64_t M2MFirmware::resource_value_int(FirmwareResource resource) const
+{
+    int64_t value = -1;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MFirmware::State == resource          ||
+           M2MFirmware::UpdateSupportedObjects == resource         ||
+           M2MFirmware::UpdateResult == resource) {
+            // Get the value and convert it into integer
+            uint8_t* buffer = NULL;
+            uint32_t length = 0;
+            res->get_value(buffer,length);
+            if(buffer) {
+                value = atoi((const char*)buffer);
+                free(buffer);
+            }
+        }
+    }
+    return value;
+}
+
+String M2MFirmware::resource_value_string(FirmwareResource resource) const
+{
+    String value = "";
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MFirmware::PackageUri == resource          ||
+           M2MFirmware::PackageName == resource           ||
+           M2MFirmware::PackageVersion == resource) {
+            uint8_t* buffer = NULL;
+            uint32_t length = 0;
+            res->get_value(buffer,length);
+
+            char *char_buffer = (char*)malloc(length+1);
+            if(char_buffer) {
+                memset(char_buffer,0,length+1);
+                memcpy(char_buffer,(char*)buffer,length);
+
+                String s_name(char_buffer);
+                value = s_name;
+                if(char_buffer) {
+                    free(char_buffer);
+                }
+            }
+            if(buffer) {
+                free(buffer);
+            }
+        }
+    }
+    return value;
+}
+
+bool M2MFirmware::check_value_range(FirmwareResource resource, int64_t value) const
+{
+    bool success = false;
+    switch (resource) {
+        case UpdateSupportedObjects:
+            if(value == 0 || value == 1) {
+                success = true;
+            }
+            break;
+        case State:
+            if (value >= 0 && value <= 2) {
+                success = true;
+                M2MResource* updateRes = get_resource(M2MFirmware::Update);
+                if (updateRes){
+                    if (value == M2MFirmware::Downloaded) {
+                        updateRes->set_operation(M2MBase::POST_ALLOWED);
+                    }
+                    else {
+                        updateRes->set_operation(M2MBase::NOT_ALLOWED);
+                    }
+                }
+            }
+            break;
+        case UpdateResult:
+            if (value >= 0 && value <= 7) {
+                success = true;
+            }
+            break;
+    default:
+        break;
+    }
+    return success;
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2minterfacefactory.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2minterfacefactory.h"
+#include "mbed-client/m2mserver.h"
+#include "mbed-client/m2mdevice.h"
+#include "mbed-client/m2mfirmware.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mconfig.h"
+#include "include/m2minterfaceimpl.h"
+#include "ns_trace.h"
+
+M2MInterface* M2MInterfaceFactory::create_interface(M2MInterfaceObserver &observer,
+                                                    const String &endpoint_name,
+                                                    const String &endpoint_type,
+                                                    const int32_t life_time,
+                                                    const uint16_t listen_port,
+                                                    const String &domain,
+                                                    M2MInterface::BindingMode mode,
+                                                    M2MInterface::NetworkStack stack,
+                                                    const String &context_address)
+{
+    tr_debug("M2MInterfaceFactory::create_interface - IN");
+    tr_debug("M2MInterfaceFactory::create_interface - parameters endpoint name : %s",endpoint_name.c_str());
+    tr_debug("M2MInterfaceFactory::create_interface - parameters endpoint type : %s",endpoint_type.c_str());
+    tr_debug("M2MInterfaceFactory::create_interface - parameters life time(in secs):  %d",life_time);
+    tr_debug("M2MInterfaceFactory::create_interface - parameters Listen Port : %d",listen_port);
+    tr_debug("M2MInterfaceFactory::create_interface - parameters Binding Mode : %d",(int)mode);
+    tr_debug("M2MInterfaceFactory::create_interface - parameters NetworkStack : %d",(int)stack);
+    M2MInterfaceImpl *interface = NULL;
+
+
+    bool endpoint_type_valid = true;
+    if(!endpoint_type.empty()) {
+        if(endpoint_type.size() > MAX_ALLOWED_STRING_LENGTH){
+            endpoint_type_valid = false;
+        }
+    }
+
+    bool domain_valid = true;
+    if(!domain.empty()) {
+        if(domain.size() > MAX_ALLOWED_STRING_LENGTH){
+            domain_valid = false;
+        }
+    }
+
+    if(((life_time == -1) || (life_time >= MINIMUM_REGISTRATION_TIME)) &&
+       !endpoint_name.empty() && (endpoint_name.size() <= MAX_ALLOWED_STRING_LENGTH) &&
+       endpoint_type_valid && domain_valid) {
+        tr_debug("M2MInterfaceFactory::create_interface - Creating M2MInterfaceImpl");
+        interface = new M2MInterfaceImpl(observer, endpoint_name,
+                                         endpoint_type, life_time,
+                                         listen_port, domain, mode,
+                                         stack, context_address);
+
+    }
+    tr_debug("M2MInterfaceFactory::create_interface - OUT");
+    return interface;
+}
+
+M2MSecurity* M2MInterfaceFactory::create_security(M2MSecurity::ServerType server_type)
+{
+    tr_debug("M2MInterfaceFactory::create_security");
+    M2MSecurity *security = new M2MSecurity(server_type);
+    return security;
+}
+
+M2MServer* M2MInterfaceFactory::create_server()
+{
+    tr_debug("M2MInterfaceFactory::create_server");
+    M2MServer *server = new M2MServer();
+    return server;
+}
+
+M2MDevice* M2MInterfaceFactory::create_device()
+{
+    tr_debug("M2MInterfaceFactory::create_device");
+    M2MDevice* device = M2MDevice::get_instance();
+    return device;
+}
+
+M2MFirmware* M2MInterfaceFactory::create_firmware()
+{
+    tr_debug("M2MInterfaceFactory::create_firmware");
+    M2MFirmware* firmware = M2MFirmware::get_instance();
+    return firmware;
+}
+
+M2MObject* M2MInterfaceFactory::create_object(const String &name)
+{
+    tr_debug("M2MInterfaceFactory::create_object : Name : %s", name.c_str());
+    if(name.size() > MAX_ALLOWED_STRING_LENGTH || name.empty()){
+        return NULL;
+    }
+
+    M2MObject *object = NULL;
+    object = new M2MObject(name);
+    return object;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2minterfaceimpl.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,800 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <assert.h>
+#include "include/m2minterfaceimpl.h"
+#include "include/eventdata.h"
+#include "mbed-client/m2minterfaceobserver.h"
+#include "mbed-client/m2mconnectionhandler.h"
+#include "mbed-client/m2mconnectionsecurity.h"
+#include "include/m2mnsdlinterface.h"
+#include "mbed-client/m2msecurity.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mtimer.h"
+#include "ns_trace.h"
+
+M2MInterfaceImpl::M2MInterfaceImpl(M2MInterfaceObserver& observer,
+                                   const String &ep_name,
+                                   const String &ep_type,
+                                   const int32_t l_time,
+                                   const uint16_t listen_port,
+                                   const String &dmn,
+                                   M2MInterface::BindingMode mode,
+                                   M2MInterface::NetworkStack stack,
+                                   const String &con_addr)
+: _observer(observer),
+  _nsdl_interface(new M2MNsdlInterface(*this)),
+  _current_state(0),
+  _max_states( STATE_MAX_STATES ),
+  _event_generated(false),
+  _event_data(NULL),
+  _endpoint_name(ep_name),
+  _endpoint_type(ep_type),
+  _domain( dmn),
+  _life_time(l_time),
+  _binding_mode(mode),
+  _context_address(con_addr),
+  _listen_port(listen_port),
+  _register_server(NULL),
+  _event_ignored(false),
+  _register_ongoing(false),
+  _update_register_ongoing(false),
+  _queue_sleep_timer(new M2MTimer(*this)),
+  _callback_handler(NULL)
+{
+    M2MConnectionSecurity::SecurityMode sec_mode = M2MConnectionSecurity::DTLS;
+    //Hack for now
+    if( _binding_mode == M2MInterface::TCP ){
+        _binding_mode = M2MInterface::UDP;
+        sec_mode = M2MConnectionSecurity::TLS;
+    }else if( _binding_mode == M2MInterface::TCP_QUEUE ){
+        _binding_mode = M2MInterface::UDP_QUEUE;
+        sec_mode = M2MConnectionSecurity::TLS;
+    }
+    tr_debug("M2MInterfaceImpl::M2MInterfaceImpl() -IN");
+    _nsdl_interface->create_endpoint(_endpoint_name,
+                                     _endpoint_type,
+                                     _life_time,
+                                     _domain,
+                                     (uint8_t)_binding_mode,
+                                     _context_address);
+
+    //Here we must use TCP still
+    _connection_handler = new M2MConnectionHandler(*this, new M2MConnectionSecurity(sec_mode), mode, stack);
+
+    _connection_handler->bind_connection(_listen_port);
+     tr_debug("M2MInterfaceImpl::M2MInterfaceImpl() -OUT");
+}
+
+
+M2MInterfaceImpl::~M2MInterfaceImpl()
+{
+    tr_debug("M2MInterfaceImpl::~M2MInterfaceImpl() - IN");
+    delete _queue_sleep_timer;
+    delete _nsdl_interface;
+    _connection_handler->stop_listening();
+    delete _connection_handler;
+    tr_debug("M2MInterfaceImpl::~M2MInterfaceImpl() - OUT");
+}
+
+void M2MInterfaceImpl::bootstrap(M2MSecurity *security)
+{
+    tr_debug("M2MInterfaceImpl::bootstrap(M2MSecurity *security) - IN");
+    // Transition to a new state based upon
+    // the current state of the state machine
+    M2MSecurityData* data = new M2MSecurityData();
+    data->_object = security;
+    BEGIN_TRANSITION_MAP                                    // - Current State -
+        TRANSITION_MAP_ENTRY (STATE_BOOTSTRAP)              // state_idle
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrap
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state__bootstrap_address_resolved
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrap_resource_created
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrapped
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register_address_resolved
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register_resource_created
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_registered
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_update_registration
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_unregister
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_unregistered
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_sending_coap_data
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_sent
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_received
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_processing_coap_data
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_processed
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_waiting
+    END_TRANSITION_MAP(data)
+    if(_event_ignored) {
+        _event_ignored = false;
+        _observer.error(M2MInterface::NotAllowed);
+    }
+    tr_debug("M2MInterfaceImpl::bootstrap(M2MSecurity *security) - OUT");
+}
+
+void M2MInterfaceImpl::cancel_bootstrap()
+{
+//TODO: Do we need this ?
+}
+
+void M2MInterfaceImpl::register_object(M2MSecurity *security, const M2MObjectList &object_list)
+{
+    tr_debug("M2MInterfaceImpl::register_object(M2MSecurity *security,const M2MObjectList &object_list) - IN");
+    // Transition to a new state based upon
+    // the current state of the state machine
+    //TODO: manage register object in a list.
+    if(!_register_ongoing) {
+       _register_ongoing = true;
+        _register_server = security;
+        M2MRegisterData *data = new M2MRegisterData();
+        data->_object = security;
+        data->_object_list = object_list;
+        BEGIN_TRANSITION_MAP                                    // - Current State -
+            TRANSITION_MAP_ENTRY (STATE_REGISTER)               // state_idle
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrap
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state__bootstrap_address_resolved
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrap_resource_created
+            TRANSITION_MAP_ENTRY (STATE_REGISTER)               // state_bootstrapped
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register_address_resolved
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register_resource_created
+            TRANSITION_MAP_ENTRY (STATE_REGISTER)               // state_registered
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_update_registration
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_unregister
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_unregistered
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_sending_coap_data
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_sent
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_received
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_processing_coap_data
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_processed
+            TRANSITION_MAP_ENTRY (STATE_REGISTER)               // state_waiting
+        END_TRANSITION_MAP(data)
+        if(_event_ignored) {
+            _event_ignored = false;
+            _observer.error(M2MInterface::NotAllowed);
+        }
+    } else {
+       tr_debug("M2MInterfaceImpl::register_object(M2MSecurity *security,const M2MObjectList &object_list) - NOT ALLOWED");
+        _observer.error(M2MInterface::NotAllowed);
+    }
+    tr_debug("M2MInterfaceImpl::register_object(M2MSecurity *security,const M2MObjectList &object_list) - OUT");
+}
+
+void M2MInterfaceImpl::update_registration(M2MSecurity *security_object, const uint32_t lifetime)
+{
+    tr_debug("M2MInterfaceImpl::update_registration(M2MSecurity *security,const uint32_t lifetime) - IN");
+    // Transition to a new state based upon
+    // the current state of the state machine
+    if(lifetime != 0 && (lifetime < MINIMUM_REGISTRATION_TIME)) {
+        _observer.error(M2MInterface::InvalidParameters);
+    } else if(!_update_register_ongoing){
+        _update_register_ongoing = true;
+        M2MUpdateRegisterData *data = new M2MUpdateRegisterData();
+        data->_object = security_object;
+        data->_lifetime = lifetime;
+        BEGIN_TRANSITION_MAP                                    // - Current State -
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_idle
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrap
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state__bootstrap_address_resolved
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrap_resource_created
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrapped
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register_address_resolved
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register_resource_created
+            TRANSITION_MAP_ENTRY (STATE_UPDATE_REGISTRATION)    // state_registered
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_update_registration
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_unregister
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_unregistered
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_sending_coap_data
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_sent
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_received
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_processing_coap_data
+            TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_processed
+            TRANSITION_MAP_ENTRY (STATE_UPDATE_REGISTRATION)    // state_waiting
+        END_TRANSITION_MAP(data)
+        if(_event_ignored) {
+            _event_ignored = false;
+            _observer.error(M2MInterface::NotAllowed);
+        }
+    } else {
+        tr_debug("M2MInterfaceImpl::update_registration(M2MSecurity *security,const M2MObjectList &object_list) - NOT ALLOWED");
+        _observer.error(M2MInterface::NotAllowed);
+    }
+    tr_debug("M2MInterfaceImpl::update_registration(M2MSecurity *security,const uint32_t lifetime) - OUT");
+}
+
+void M2MInterfaceImpl::unregister_object(M2MSecurity* /*security*/)
+{
+    tr_debug("M2MInterfaceImpl::unregister_object(M2MSecurity *security) - IN");
+    // Transition to a new state based upon
+    // the current state of the state machine
+    BEGIN_TRANSITION_MAP                                // - Current State -
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_idle
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrap
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state__bootstrap_address_resolved
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrap_resource_created
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_bootstrapped
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register_address_resolved
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_register_resource_created
+        TRANSITION_MAP_ENTRY (STATE_UNREGISTER)             // state_registered
+        TRANSITION_MAP_ENTRY (STATE_UNREGISTER)             // state_update_registration
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_unregister
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_unregistered
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_sending_coap_data
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_sent
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_received
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_processing_coap_data
+        TRANSITION_MAP_ENTRY (EVENT_IGNORED)                // state_coap_data_processed
+        TRANSITION_MAP_ENTRY (STATE_UNREGISTER)             // state_waiting
+    END_TRANSITION_MAP(NULL)
+    if(_event_ignored) {
+        _event_ignored = false;
+        _observer.error(M2MInterface::NotAllowed);
+    }
+    tr_debug("M2MInterfaceImpl::unregister_object(M2MSecurity *security) - OUT");
+}
+
+void M2MInterfaceImpl::set_queue_sleep_handler(callback_handler handler)
+{
+    tr_debug("M2MInterfaceImpl::set_queue_sleep_handler()");
+    _callback_handler = handler;
+}
+
+void M2MInterfaceImpl::coap_message_ready(uint8_t *data_ptr,
+                                          uint16_t data_len,
+                                          sn_nsdl_addr_s *address_ptr)
+{
+    tr_debug("M2MInterfaceImpl::coap_message_ready(uint8_t *data_ptr,uint16_t data_len,sn_nsdl_addr_s *address_ptr)");
+    internal_event(STATE_SENDING_COAP_DATA);
+    if(!_connection_handler->send_data(data_ptr,data_len,address_ptr)) {
+        internal_event( STATE_IDLE);
+        tr_error("M2MInterfaceImpl::coap_message_ready() - M2MInterface::NetworkError");
+        _observer.error(M2MInterface::NetworkError);
+    }
+}
+
+void M2MInterfaceImpl::client_registered(M2MServer *server_object)
+{
+    tr_debug("M2MInterfaceImpl::client_registered(M2MServer *server_object)");
+    internal_event(STATE_REGISTERED);
+    //Inform client is registered.
+    //TODO: manage register object in a list.
+    _observer.object_registered(_register_server,*server_object);
+}
+
+void M2MInterfaceImpl::registration_updated(const M2MServer &server_object)
+{
+    tr_debug("M2MInterfaceImpl::registration_updated(const M2MServer &server_object)");
+    internal_event(STATE_REGISTERED);
+    _observer.registration_updated(_register_server,server_object);
+}
+
+
+void M2MInterfaceImpl::registration_error(uint8_t error_code)
+{
+    tr_debug("M2MInterfaceImpl::registration_error(uint8_t error_code) %d", error_code);
+    internal_event(STATE_IDLE);
+    _observer.error((M2MInterface::Error)error_code);
+}
+
+void M2MInterfaceImpl::client_unregistered()
+{
+    tr_debug("M2MInterfaceImpl::client_unregistered()");
+    internal_event(STATE_UNREGISTERED);
+    //TODO: manage register object in a list.
+    _observer.object_unregistered(_register_server);
+}
+
+void M2MInterfaceImpl::bootstrap_done(M2MSecurity *security_object)
+{
+    tr_debug("M2MInterfaceImpl::bootstrap_done(M2MSecurity *security_object)");
+    internal_event(STATE_BOOTSTRAPPED);
+    _observer.bootstrap_done(security_object);
+}
+
+void M2MInterfaceImpl::bootstrap_error()
+{
+    tr_debug("M2MInterfaceImpl::bootstrap_error()");
+    internal_event(STATE_IDLE);
+    _observer.error(M2MInterface::BootstrapFailed);
+}
+
+void M2MInterfaceImpl::coap_data_processed()
+{
+    tr_debug("M2MInterfaceImpl::coap_data_processed()");
+    internal_event(STATE_COAP_DATA_PROCESSED);
+}
+
+void M2MInterfaceImpl::value_updated(M2MBase *base)
+{
+    tr_debug("M2MInterfaceImpl::value_updated(M2MBase *base)");
+    if(base) {
+        M2MBase::BaseType type = base->base_type();
+        _observer.value_updated(base, type);
+    }
+}
+
+void M2MInterfaceImpl::data_available(uint8_t* data,
+                                      uint16_t data_size,
+                                      const M2MConnectionObserver::SocketAddress &address)
+{
+    tr_debug("M2MInterfaceImpl::data_available(uint8_t* data,uint16_t data_size,const M2MConnectionObserver::SocketAddress &address)");
+    ReceivedData *event = new ReceivedData();
+    event->_data = data;
+    event->_size = data_size;
+    event->_address = &address;
+    internal_event(STATE_COAP_DATA_RECEIVED, event);
+}
+
+void M2MInterfaceImpl::socket_error(uint8_t /*error_code*/)
+{
+    tr_debug("M2MInterfaceImpl::socket_error(uint8_t error_code)");
+    internal_event(STATE_IDLE);
+    M2MInterface::Error error = M2MInterface::NetworkError;
+    _observer.error(error);
+}
+
+void M2MInterfaceImpl::address_ready(const M2MConnectionObserver::SocketAddress &address,
+                                     M2MConnectionObserver::ServerType server_type,
+                                     const uint16_t server_port)
+{
+    tr_debug("M2MInterfaceImpl::address_ready(const M2MConnectionObserver::SocketAddress ,M2MConnectionObserver::ServerType,const uint16_t)");
+    ResolvedAddressData *data = new ResolvedAddressData();
+    data->_address = &address;
+    data->_port = server_port;
+    if( M2MConnectionObserver::Bootstrap == server_type) {
+        tr_debug("M2MInterfaceImpl::address_ready() Server Type Bootstrap");
+        internal_event(STATE_BOOTSTRAP_ADDRESS_RESOLVED, data);
+    } else {
+        tr_debug("M2MInterfaceImpl::address_ready() Server Type LWM2M");
+        internal_event(STATE_REGISTER_ADDRESS_RESOLVED, data);
+    }
+}
+
+void M2MInterfaceImpl::data_sent()
+{
+    tr_debug("M2MInterfaceImpl::data_sent()");
+    if(_binding_mode == M2MInterface::UDP_QUEUE ||
+       _binding_mode == M2MInterface::TCP_QUEUE  ||
+       _binding_mode == M2MInterface::SMS_QUEUE  ||
+       _binding_mode == M2MInterface::UDP_SMS_QUEUE) {
+        if(_callback_handler) {
+            _queue_sleep_timer->stop_timer();
+            _queue_sleep_timer->start_timer(RETRY_COUNT*RETRY_INTERVAL*1000, M2MTimerObserver::QueueSleep);
+        }
+    }
+    internal_event(STATE_COAP_DATA_SENT);
+}
+
+void M2MInterfaceImpl::timer_expired(M2MTimerObserver::Type type)
+{
+    tr_debug("M2MInterfaceImpl::timer_expired()");
+    if(M2MTimerObserver::QueueSleep == type) {        
+        if(_callback_handler) {
+            _callback_handler();
+        }
+    _queue_sleep_timer->stop_timer();
+    }
+}
+
+// state machine sits here.
+void M2MInterfaceImpl::state_idle(EventData* /*data*/)
+{
+    // Handle Idle state here
+    // Cleanup all resources, if necessary
+    _connection_handler->stop_listening();
+    _nsdl_interface->stop_timers();
+    _register_ongoing = false;
+    _update_register_ongoing = false;
+    tr_debug("M2MInterfaceImpl::state_idle");
+}
+
+void M2MInterfaceImpl::state_bootstrap( EventData *data)
+{
+    tr_debug("M2MInterfaceImpl::state_bootstrap");
+    // Start with bootstrapping preparation
+    bool success = false;
+    if(data) {
+        M2MSecurityData *event = (M2MSecurityData *)data;
+        M2MSecurity *security = event->_object;
+        if(security) {
+            if(M2MSecurity::Bootstrap == security->server_type()) {
+                tr_debug("M2MInterfaceImpl::state_bootstrap - server_type : M2MSecurity::Bootstrap");
+                String server_address = security->resource_value_string(M2MSecurity::M2MServerUri);
+                tr_debug("M2MInterfaceImpl::state_bootstrap - server_address %s", server_address.c_str());
+                String ip_address;
+                uint16_t port;
+                if(server_address.compare(0,COAP.size(),COAP) == 0) {
+                    server_address = server_address.substr(COAP.size(),
+                                                           server_address.size()-COAP.size());
+                    int colonFound = server_address.find_last_of(':');
+                    if(colonFound != -1) {
+                       ip_address = server_address.substr(0,colonFound);
+                       port = atoi(server_address.substr(colonFound+1,
+                                                         server_address.size()-ip_address.size()).c_str());
+
+                        tr_debug("M2MInterfaceImpl::state_bootstrap - IP address %s , Port %d", ip_address.c_str(), port);
+                       // If bind and resolving server address succeed then proceed else
+                       // return error to the application and go to Idle state.
+                       if(_connection_handler->resolve_server_address(ip_address,
+                                                                      port,
+                                                                      M2MConnectionObserver::Bootstrap,
+                                                                      security)) {
+                           tr_debug("M2MInterfaceImpl::state_bootstrap - resolve_server_address - success");
+                           success = true;
+                       }
+                    }
+                }
+            }
+        }
+    }
+    if(!success) {
+        tr_error("M2MInterfaceImpl::state_bootstrap - M2MInterface::InvalidParameters");
+        _observer.error(M2MInterface::InvalidParameters);
+        internal_event(STATE_IDLE);
+    }
+}
+
+void M2MInterfaceImpl::state_bootstrap_address_resolved( EventData *data)
+{
+    tr_debug("M2MInterfaceImpl::state_bootstrap_address_resolved");
+    ResolvedAddressData *event = (ResolvedAddressData *)data;
+    sn_nsdl_addr_s address;
+
+    M2MInterface::NetworkStack stack = event->_address->_stack;
+
+    if(M2MInterface::LwIP_IPv4 == stack) {
+        tr_debug("M2MInterfaceImpl::state_bootstrap_address_resolved : IPv4 address");
+        address.type = SN_NSDL_ADDRESS_TYPE_IPV4;
+        address.addr_len = 4;
+    } else if((M2MInterface::LwIP_IPv6 == stack) ||
+              (M2MInterface::Nanostack_IPv6 == stack)) {
+        tr_debug("M2MInterfaceImpl::state_bootstrap_address_resolved : IPv6 address");
+        address.type = SN_NSDL_ADDRESS_TYPE_IPV6;
+        address.addr_len = 16;
+    }
+    address.port = event->_port;
+    address.addr_ptr = (uint8_t*)event->_address->_address;
+    _connection_handler->start_listening_for_data();
+    if(_nsdl_interface->create_bootstrap_resource(&address)) {
+       tr_debug("M2MInterfaceImpl::state_bootstrap_address_resolved : create_bootstrap_resource - success");
+       internal_event(STATE_BOOTSTRAP_RESOURCE_CREATED);
+    } else{
+        // If resource creation fails then inform error to application
+        tr_error("M2MInterfaceImpl::state_bootstrap_address_resolved : M2MInterface::InvalidParameters");
+        internal_event(STATE_IDLE);
+        _observer.error(M2MInterface::InvalidParameters);
+    }
+}
+
+void M2MInterfaceImpl::state_bootstrap_resource_created( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_bootstrap_resource_created");
+}
+
+void M2MInterfaceImpl::state_bootstrapped( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_bootstrapped");
+}
+
+void M2MInterfaceImpl::state_register( EventData *data)
+{
+    tr_debug("M2MInterfaceImpl::state_register");
+    // Start with registration preparation
+    bool success = false;
+    M2MInterface::Error error = M2MInterface::InvalidParameters;
+    if(data) {
+        M2MRegisterData *event = (M2MRegisterData *)data;
+        M2MSecurity *security = event->_object;
+        if(security) {
+            if(M2MSecurity::M2MServer == security->server_type()) {
+                tr_debug("M2MInterfaceImpl::state_register - server_type : M2MSecurity::M2MServer");
+                if(_nsdl_interface->create_nsdl_list_structure(event->_object_list)) {
+                    tr_debug("M2MInterfaceImpl::state_register - create_nsdl_list_structure - success");
+                    // If the nsdl resource structure is created successfully
+                    String server_address = security->resource_value_string(M2MSecurity::M2MServerUri);
+                    tr_debug("M2MInterfaceImpl::state_register - server_address %s", server_address.c_str());
+                    String ip_address;
+                    uint16_t port;
+                    if(server_address.compare(0,COAP.size(),COAP) == 0) {
+                        server_address = server_address.substr(COAP.size(),
+                                                               server_address.size()-COAP.size());
+                        int colonFound = server_address.find_last_of(':'); //10
+                        if(colonFound != -1) {
+                           ip_address = server_address.substr(0,colonFound);
+                           port = atoi(server_address.substr(colonFound+1,
+                                                             server_address.size()-ip_address.size()).c_str());
+
+                            tr_debug("M2MInterfaceImpl::state_register - IP address %s , Port %d", ip_address.c_str(), port);
+                           // If bind and resolving server address succeed then proceed else
+                           // return error to the application and go to Idle state.
+                           if(_connection_handler->resolve_server_address(ip_address,
+                                                                          port,
+                                                                          M2MConnectionObserver::LWM2MServer,
+                                                                          security)) {
+                                tr_debug("M2MInterfaceImpl::state_register - resolve_server_address - success");
+                                success = true;
+                            } else {
+                                tr_error("M2MInterfaceImpl::state_register - set error as M2MInterface::NetworkError");
+                                error = M2MInterface::NetworkError;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+    if(!success) {
+        tr_error("M2MInterfaceImpl::state_register - Error Occured %d", (int)error);
+        internal_event(STATE_IDLE);
+        _observer.error(error);
+    }
+}
+
+void M2MInterfaceImpl::state_register_address_resolved( EventData *data)
+{
+    tr_debug("M2MInterfaceImpl::state_register_address_resolved");
+    if(data) {
+        ResolvedAddressData *event = (ResolvedAddressData *)data;
+
+        sn_nsdl_addr_type_e address_type = SN_NSDL_ADDRESS_TYPE_IPV6;
+
+        M2MInterface::NetworkStack stack = event->_address->_stack;
+
+        if(M2MInterface::LwIP_IPv4 == stack) {
+            tr_debug("M2MInterfaceImpl::state_register_address_resolved : IPv4 address");
+            address_type = SN_NSDL_ADDRESS_TYPE_IPV4;
+        } else if((M2MInterface::LwIP_IPv6 == stack) ||
+                  (M2MInterface::Nanostack_IPv6 == stack)) {
+            tr_debug("M2MInterfaceImpl::state_register_address_resolved : IPv6 address");
+            address_type = SN_NSDL_ADDRESS_TYPE_IPV6;
+        }
+        internal_event(STATE_REGISTER_RESOURCE_CREATED);
+        _connection_handler->start_listening_for_data();
+        if(!_nsdl_interface->send_register_message((uint8_t*)event->_address->_address,event->_port, address_type)) {
+            // If resource creation fails then inform error to application
+            tr_error("M2MInterfaceImpl::state_register_address_resolved : M2MInterface::InvalidParameters");
+            internal_event(STATE_IDLE);
+            _observer.error(M2MInterface::InvalidParameters);
+        }
+    }
+}
+
+void M2MInterfaceImpl::state_register_resource_created( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_register_resource_created");
+}
+
+void M2MInterfaceImpl::state_registered( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_registered");
+    _register_ongoing = false;
+    _update_register_ongoing = false;
+}
+
+void M2MInterfaceImpl::state_update_registration( EventData *data)
+{
+    tr_debug("M2MInterfaceImpl::state_update_registration");
+    // Start with registration preparation
+    bool success = false;
+    if(data) {
+        M2MUpdateRegisterData *event = (M2MUpdateRegisterData *)data;
+        success = _nsdl_interface->send_update_registration(event->_lifetime);
+
+    }
+    if(!success) {
+        tr_error("M2MInterfaceImpl::state_register_address_resolved : M2MInterface::InvalidParameters");
+        internal_event(STATE_IDLE);
+        _observer.error(M2MInterface::InvalidParameters);
+    }
+}
+
+void M2MInterfaceImpl::state_unregister( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_unregister");
+    internal_event(STATE_SENDING_COAP_DATA);
+    if(!_nsdl_interface->send_unregister_message()) {
+        tr_error("M2MInterfaceImpl::state_unregister : M2MInterface::NotRegistered");
+        internal_event(STATE_IDLE);
+        _observer.error(M2MInterface::NotRegistered);
+    }
+}
+
+void M2MInterfaceImpl::state_unregistered( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_unregistered");
+    internal_event(STATE_IDLE);
+}
+
+void M2MInterfaceImpl::state_sending_coap_data( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_sending_coap_data");
+    internal_event(STATE_WAITING);
+}
+
+void M2MInterfaceImpl::state_coap_data_sent( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_coap_data_sent");
+    internal_event(STATE_WAITING);
+}
+
+void M2MInterfaceImpl::state_coap_data_received( EventData *data)
+{
+    tr_debug("M2MInterfaceImpl::state_coap_data_received");
+    if(data) {
+        ReceivedData *event = (ReceivedData*)data;
+        sn_nsdl_addr_s address;
+
+        M2MInterface::NetworkStack stack = event->_address->_stack;
+
+        if(M2MInterface::LwIP_IPv4 == stack) {
+            tr_debug("M2MInterfaceImpl::state_coap_data_received : IPv4 address");
+            address.type = SN_NSDL_ADDRESS_TYPE_IPV4;
+            address.addr_len = 4;
+        } else if((M2MInterface::LwIP_IPv6 == stack) ||
+                  (M2MInterface::Nanostack_IPv6 == stack)) {
+            tr_debug("M2MInterfaceImpl::state_coap_data_received : IPv6 address");
+            address.type = SN_NSDL_ADDRESS_TYPE_IPV6;
+            address.addr_len = 16;
+        }
+        address.port = event->_address->_port;
+        address.addr_ptr = (uint8_t*)event->_address->_address;
+
+        // Process received data
+        internal_event(STATE_PROCESSING_COAP_DATA);
+        if(!_nsdl_interface->process_received_data(event->_data,
+                                                  event->_size,
+                                                  &address)) {
+           tr_error("M2MInterfaceImpl::state_coap_data_received : M2MInterface::ResponseParseFailed");
+            _observer.error(M2MInterface::ResponseParseFailed);
+        }
+    }
+}
+
+void M2MInterfaceImpl::state_processing_coap_data( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_processing_coap_data");
+    internal_event(STATE_WAITING);
+}
+
+void M2MInterfaceImpl::state_coap_data_processed( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_coap_data_processed");
+    internal_event(STATE_WAITING);
+}
+
+void M2MInterfaceImpl::state_waiting( EventData */*data*/)
+{
+    tr_debug("M2MInterfaceImpl::state_waiting");
+}
+
+// generates an external event. called once per external event
+// to start the state machine executing
+void M2MInterfaceImpl::external_event(uint8_t new_state,
+                                     EventData* p_data)
+{
+    tr_debug("M2MInterfaceImpl::external_event : new state %d", new_state);
+    // if we are supposed to ignore this event
+    if (new_state == EVENT_IGNORED) {
+        tr_debug("M2MInterfaceImpl::external_event : new state is EVENT_IGNORED");
+        // just delete the event data, if any
+        if (p_data) {
+            delete p_data;
+            p_data = NULL;
+        }
+        _event_ignored = true;
+    }
+    else {
+        tr_debug("M2MInterfaceImpl::external_event : handle new state");
+        // generate the event and execute the state engine
+        internal_event(new_state, p_data);
+    }
+}
+
+// generates an internal event. called from within a state
+// function to transition to a new state
+void M2MInterfaceImpl::internal_event(uint8_t new_state,
+                                      EventData* p_data)
+{
+    tr_debug("M2MInterfaceImpl::internal_event : new state %d", new_state);
+    _event_data = p_data;
+    _event_generated = true;
+    _current_state = new_state;
+    state_engine();
+}
+
+// the state engine executes the state machine states
+void M2MInterfaceImpl::state_engine (void )
+{
+    tr_debug("M2MInterfaceImpl::state_engine");
+    EventData* p_data_temp = NULL;
+
+    // while events are being generated keep executing states
+    while (_event_generated) {
+        p_data_temp = _event_data;  // copy of event data pointer
+        _event_data = NULL;       // event data used up, reset ptr
+        _event_generated = false;  // event used up, reset flag
+
+        assert(_current_state < _max_states);
+
+        state_function( _current_state, p_data_temp );
+
+        // if event data was used, then delete it
+        if (p_data_temp) {
+            delete p_data_temp;
+            p_data_temp = NULL;
+        }
+    }
+}
+
+void M2MInterfaceImpl::state_function( uint8_t current_state, EventData* data )
+{
+    switch( current_state ) {
+    case STATE_IDLE:
+            M2MInterfaceImpl::state_idle(data);
+            break;
+        case STATE_BOOTSTRAP:
+            M2MInterfaceImpl::state_bootstrap(data);
+            break;
+        case STATE_BOOTSTRAP_ADDRESS_RESOLVED:
+            M2MInterfaceImpl::state_bootstrap_address_resolved(data);
+            break;
+        case STATE_BOOTSTRAP_RESOURCE_CREATED:
+            M2MInterfaceImpl::state_bootstrap_resource_created(data);
+            break;
+        case STATE_BOOTSTRAPPED:
+            M2MInterfaceImpl::state_bootstrapped(data);
+            break;
+        case STATE_REGISTER:
+            M2MInterfaceImpl::state_register(data);
+            break;
+        case STATE_REGISTER_ADDRESS_RESOLVED:
+            M2MInterfaceImpl::state_register_address_resolved(data);
+            break;
+        case STATE_REGISTER_RESOURCE_CREATED:
+            M2MInterfaceImpl::state_register_resource_created(data);
+            break;
+        case STATE_REGISTERED:
+            M2MInterfaceImpl::state_registered(data);
+            break;
+        case STATE_UPDATE_REGISTRATION:
+            M2MInterfaceImpl::state_update_registration(data);
+            break;
+        case STATE_UNREGISTER:
+            M2MInterfaceImpl::state_unregister(data);
+            break;
+        case STATE_UNREGISTERED:
+            M2MInterfaceImpl::state_unregistered(data);
+            break;
+        case STATE_SENDING_COAP_DATA:
+            M2MInterfaceImpl::state_sending_coap_data(data);
+            break;
+        case STATE_COAP_DATA_SENT:
+            M2MInterfaceImpl::state_coap_data_sent(data);
+            break;
+        case STATE_COAP_DATA_RECEIVED:
+            M2MInterfaceImpl::state_coap_data_received(data);
+            break;
+        case STATE_PROCESSING_COAP_DATA:
+            M2MInterfaceImpl::state_processing_coap_data(data);
+            break;
+        case STATE_COAP_DATA_PROCESSED:
+            M2MInterfaceImpl::state_coap_data_processed(data);
+            break;
+        case STATE_WAITING:
+            M2MInterfaceImpl::state_waiting(data);
+            break;
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mnsdlinterface.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1388 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "include/nsdlaccesshelper.h"
+#include "include/m2mnsdlobserver.h"
+#include "mbed-client/m2msecurity.h"
+#include "mbed-client/m2mserver.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+#include "mbed-client/m2mconstants.h"
+#include "include/m2mtlvserializer.h"
+#include "ip6string.h"
+#include "ns_trace.h"
+#include "mbed-client/m2mtimer.h"
+
+M2MNsdlInterface::M2MNsdlInterface(M2MNsdlObserver &observer)
+: _observer(observer),
+  _server(NULL),
+  _nsdl_exceution_timer(new M2MTimer(*this)),
+  _registration_timer(new M2MTimer(*this)),
+  _nsdl_handle(NULL),
+  _counter_for_nsdl(0),
+  _register_id(0),
+  _unregister_id(0),
+  _update_id(0),
+  _bootstrap_id(0)
+{
+    tr_debug("M2MNsdlInterface::M2MNsdlInterface()");
+    _endpoint = NULL;
+    _resource = NULL;
+    __nsdl_interface = this;
+
+    _bootstrap_endpoint.device_object = NULL;
+    _bootstrap_endpoint.oma_bs_status_cb = NULL;
+
+    _bootstrap_device_setup.sn_oma_device_boot_callback = NULL;
+    _bootstrap_device_setup.error_code = NO_ERROR;
+
+    _sn_nsdl_address.addr_len = 0;
+    _sn_nsdl_address.addr_ptr = NULL;
+    _sn_nsdl_address.port = 0;
+
+    // This initializes libCoap and libNsdl
+    // Parameters are function pointers to used memory allocation
+    // and free functions in structure and used functions for sending
+    // and receiving purposes.
+    _nsdl_handle = sn_nsdl_init(&(__nsdl_c_send_to_server), &(__nsdl_c_received_from_server),
+                 &(__nsdl_c_memory_alloc), &(__nsdl_c_memory_free));
+
+    initialize();
+}
+
+M2MNsdlInterface::~M2MNsdlInterface()
+{
+    tr_debug("M2MNsdlInterface::~M2MNsdlInterface() - IN");
+    if(_resource) {
+        if(_resource->resource_parameters_ptr) {
+            memory_free(_resource->resource_parameters_ptr);
+            _resource->resource_parameters_ptr = NULL;
+        }
+        memory_free(_resource);
+        _resource = NULL;
+    }
+    if(_endpoint) {
+        if(_endpoint->lifetime_ptr) {
+            memory_free(_endpoint->lifetime_ptr);
+            _endpoint->lifetime_ptr = NULL;
+        }
+        if(_endpoint->location_ptr) {
+            memory_free(_endpoint->location_ptr);
+            _endpoint->location_ptr = NULL;
+        }
+        memory_free(_endpoint);
+        _endpoint = NULL;
+
+    }
+    delete _nsdl_exceution_timer;
+    delete _registration_timer;
+    _object_list.clear();
+
+    if(_server){
+        delete _server;
+        _server = NULL;
+    }
+    sn_nsdl_destroy(_nsdl_handle);
+    _nsdl_handle = NULL;
+    __nsdl_interface = NULL;
+    tr_debug("M2MNsdlInterface::~M2MNsdlInterface() - OUT");
+}
+
+bool M2MNsdlInterface::initialize()
+{
+    tr_debug("M2MNsdlInterface::initialize()");
+    bool success = false;
+
+    //Sets the packet retransmission attempts and time interval
+    sn_coap_protocol_set_retransmission_parameters(RETRY_COUNT,RETRY_INTERVAL);
+
+    _nsdl_exceution_timer->start_timer(ONE_SECOND_TIMER * 1000,
+                                       M2MTimerObserver::NsdlExecution,
+                                       false);
+
+    // Allocate the memory for resources
+    _resource = (sn_nsdl_resource_info_s*)memory_alloc(sizeof(sn_nsdl_resource_info_s));
+    if(_resource) {
+        memset(_resource, 0, sizeof(sn_nsdl_resource_info_s));
+        _resource->resource_parameters_ptr = (sn_nsdl_resource_parameters_s*)memory_alloc(sizeof(sn_nsdl_resource_parameters_s)+1);
+        if(_resource->resource_parameters_ptr) {
+            memset(_resource->resource_parameters_ptr, 0, sizeof(sn_nsdl_resource_parameters_s)+1);
+        }
+    }
+
+    //Allocate the memory for endpoint
+    _endpoint = (sn_nsdl_ep_parameters_s*)memory_alloc(sizeof(sn_nsdl_ep_parameters_s)+1);
+    if(_endpoint) {
+        memset(_endpoint, 0, sizeof(sn_nsdl_ep_parameters_s)+1);
+        success = true;
+    }
+    return success;
+}
+
+void M2MNsdlInterface::create_endpoint(const String &name,
+                                       const String &type,
+                                       const int32_t life_time,
+                                       const String &domain,
+                                       const uint8_t mode,
+                                       const String &/*context_address*/)
+{
+    tr_debug("M2MNsdlInterface::create_endpoint( name %s type %s lifetime %d, domain %s, mode %d)",
+              name.c_str(), type.c_str(), life_time, domain.c_str(), mode);
+    if(_endpoint){
+        memset(_endpoint, 0, sizeof(sn_nsdl_ep_parameters_s)+1);
+        if(!name.empty()) {
+            _endpoint->endpoint_name_ptr = (uint8_t*)name.c_str();
+            _endpoint->endpoint_name_len = name.length();
+        }
+        if(!type.empty()) {
+            _endpoint->type_ptr = (uint8_t*)type.c_str();
+            _endpoint->type_len =  type.length();
+        }
+        if(!domain.empty()) {
+            _endpoint->domain_name_ptr = (uint8_t*)domain.c_str();
+            _endpoint->domain_name_len = domain.length();
+        }
+        _endpoint->binding_and_mode = (sn_nsdl_oma_binding_and_mode_t)mode;
+
+        // If lifetime is less than zero then leave the field empty
+        if( life_time > 0) {
+            char *buffer = (char*)memory_alloc(20);
+            int size = snprintf(buffer, 20,"%ld",(long int)life_time);
+            if( _endpoint->lifetime_ptr == NULL ){
+                _endpoint->lifetime_ptr = (uint8_t*)memory_alloc(size+1);
+            }
+            if(_endpoint->lifetime_ptr) {
+                memset(_endpoint->lifetime_ptr, 0, size+1);
+                memcpy(_endpoint->lifetime_ptr,buffer,size);
+                _endpoint->lifetime_len =  size;
+            }
+            memory_free(buffer);
+        }
+    }
+}
+
+void M2MNsdlInterface::delete_endpoint()
+{
+    tr_debug("M2MNsdlInterface::delete_endpoint()");
+    if(_endpoint) {
+        if(_endpoint->lifetime_ptr) {
+            free(_endpoint->lifetime_ptr);
+            _endpoint->lifetime_ptr = NULL;
+        }
+        memory_free(_endpoint);
+        _endpoint = NULL;
+    }
+}
+
+bool M2MNsdlInterface::create_nsdl_list_structure(const M2MObjectList &object_list)
+{
+    tr_debug("M2MNsdlInterface::create_nsdl_list_structure()");
+    bool success = false;
+    if(!object_list.empty()) {
+       tr_debug("M2MNsdlInterface::create_nsdl_list_structure - Object count is %d", object_list.size());
+        M2MObjectList::const_iterator it;
+        it = object_list.begin();
+        for ( ; it != object_list.end(); it++ ) {
+            // Create NSDL structure for all Objects inside
+            success = create_nsdl_object_structure(*it);
+            add_object_to_list(*it);
+        }
+    }
+    return success;
+}
+
+bool M2MNsdlInterface::delete_nsdl_resource(const String &resource_name)
+{
+    tr_debug("M2MNsdlInterface::delete_nsdl_resource( %s)", resource_name.c_str());
+    return (sn_nsdl_delete_resource(_nsdl_handle,
+                                    resource_name.length(),
+                                    (uint8_t *)resource_name.c_str()) == 0) ? true : false;
+}
+
+bool M2MNsdlInterface::create_bootstrap_resource(sn_nsdl_addr_s *address)
+{
+    tr_debug("M2MNsdlInterface::create_bootstrap_resource()");
+    bool success = false;
+    _bootstrap_device_setup.error_code = NO_ERROR;
+    _bootstrap_device_setup.sn_oma_device_boot_callback = 0;
+
+    _bootstrap_endpoint.device_object = &_bootstrap_device_setup;
+    _bootstrap_endpoint.oma_bs_status_cb = &__nsdl_c_bootstrap_done;
+
+    if(_bootstrap_id == 0) {
+        _bootstrap_id = sn_nsdl_oma_bootstrap(_nsdl_handle,
+                                               address,
+                                               _endpoint,
+                                               &_bootstrap_endpoint);
+        tr_debug("M2MNsdlInterface::create_bootstrap_resource - _bootstrap_id %d", _bootstrap_id);
+        success = _bootstrap_id != 0;
+
+    }
+    return success;
+}
+
+bool M2MNsdlInterface::send_register_message(uint8_t* address,
+                                             const uint16_t port,
+                                             sn_nsdl_addr_type_e address_type)
+{
+    tr_debug("M2MNsdlInterface::send_register_message()");
+    bool success = false;
+    if(set_NSP_address(_nsdl_handle,address, port, address_type) == 0) {
+        if(_register_id == 0) {
+            _register_id = sn_nsdl_register_endpoint(_nsdl_handle,_endpoint);
+            tr_debug("M2MNsdlInterface::send_register_message - _register_id %d", _register_id);
+            success = _register_id != 0;
+        }
+    }
+    return success;
+}
+
+bool M2MNsdlInterface::send_update_registration(const uint32_t lifetime)
+{
+    tr_debug("M2MNsdlInterface::send_update_registration( lifetime %d)", lifetime);
+    bool success = false;
+
+    create_nsdl_list_structure(_object_list);
+    //If Lifetime value is 0, then don't change the existing lifetime value
+    if(lifetime != 0) {
+        char *buffer = (char*)memory_alloc(20);
+        int size = snprintf(buffer, 20,"%ld",(long int)lifetime);
+        if(_endpoint->lifetime_ptr) {
+            memory_free(_endpoint->lifetime_ptr);
+            _endpoint->lifetime_ptr = NULL;
+            _endpoint->lifetime_len = 0;
+        }
+
+        if(_endpoint->lifetime_ptr == NULL){
+            _endpoint->lifetime_ptr = (uint8_t*)memory_alloc(size+1);
+        }
+        if(_endpoint->lifetime_ptr) {
+            memset(_endpoint->lifetime_ptr, 0, size+1);
+            memcpy(_endpoint->lifetime_ptr,buffer,size);
+            _endpoint->lifetime_len =  size;
+        }
+        memory_free(buffer);
+
+        _registration_timer->stop_timer();
+        _registration_timer->start_timer(registration_time() * 1000,
+                                         M2MTimerObserver::Registration,
+                                         false);
+        if(_nsdl_handle &&
+           _endpoint && _endpoint->lifetime_ptr) {
+            _update_id = sn_nsdl_update_registration(_nsdl_handle,
+                                                     _endpoint->lifetime_ptr,
+                                                     _endpoint->lifetime_len);
+            tr_debug("M2MNsdlInterface::send_update_registration - New lifetime value _update_id %d", _update_id);
+            success = _update_id != 0;
+        }
+    } else {
+        if(_nsdl_handle) {
+            _update_id = sn_nsdl_update_registration(_nsdl_handle, NULL, 0);
+            tr_debug("M2MNsdlInterface::send_update_registration - regular update- _update_id %d", _update_id);
+            success = _update_id != 0;
+        }
+    }
+    return success;
+}
+
+bool M2MNsdlInterface::send_unregister_message()
+{
+    tr_debug("M2MNsdlInterface::send_unregister_message");
+    bool success = false;
+    //Does not clean resources automatically
+    if(_unregister_id == 0) {
+       _unregister_id = sn_nsdl_unregister_endpoint(_nsdl_handle);
+       tr_debug("M2MNsdlInterface::send_unregister_message - _unregister_id %d", _unregister_id);
+       success = _unregister_id != 0;
+    }
+    return success;
+}
+
+void *M2MNsdlInterface::memory_alloc(uint16_t size)
+{
+    if(size)
+        return malloc(size);
+    else
+        return 0;
+}
+
+void M2MNsdlInterface::memory_free(void *ptr)
+{
+    if(ptr)
+        free(ptr);
+}
+
+uint8_t M2MNsdlInterface::send_to_server_callback(struct nsdl_s * /*nsdl_handle*/,
+                                                  sn_nsdl_capab_e /*protocol*/,
+                                                  uint8_t *data_ptr,
+                                                  uint16_t data_len,
+                                                  sn_nsdl_addr_s *address)
+{
+    tr_debug("M2MNsdlInterface::send_to_server_callback()");
+    _observer.coap_message_ready(data_ptr,data_len,address);
+    return 1;
+}
+
+uint8_t M2MNsdlInterface::received_from_server_callback(struct nsdl_s * /*nsdl_handle*/,
+                                                        sn_coap_hdr_s *coap_header,
+                                                        sn_nsdl_addr_s *address)
+{
+    tr_debug("M2MNsdlInterface::received_from_server_callback()");
+    _observer.coap_data_processed();
+    uint8_t value = 0;
+    if(coap_header) {
+        if(coap_header->msg_id == _register_id) {
+            _register_id = 0;
+            if(coap_header->msg_code == COAP_MSG_CODE_RESPONSE_CREATED) {
+                if(_server) {
+                    delete _server;
+                    _server = NULL;
+                }
+                tr_debug("M2MNsdlInterface::received_from_server_callback - registration callback");
+                _server = new M2MServer();
+                _server->set_resource_value(M2MServer::ShortServerID,1);
+
+                _observer.client_registered(_server);
+                // If lifetime is less than zero then leave the field empty
+                if(coap_header->options_list_ptr) {
+                    if(coap_header->options_list_ptr->max_age_ptr) {
+                        if(_endpoint->lifetime_ptr) {
+                            memory_free(_endpoint->lifetime_ptr);
+                            _endpoint->lifetime_ptr = NULL;
+                            _endpoint->lifetime_len = 0;
+                        }
+                        uint32_t max_time = 0;
+                        for(int i=0;i < coap_header->options_list_ptr->max_age_len; i++) {
+                            max_time += (*(coap_header->options_list_ptr->max_age_ptr + i) & 0xff) <<
+                                     8*(coap_header->options_list_ptr->max_age_len- 1 - i);
+                            }
+                        // If lifetime is less than zero then leave the field empty
+                        if( max_time > 0) {
+                            char *buffer = (char*)memory_alloc(20);
+                            if(buffer) {
+                                int size = snprintf(buffer, 20,"%ld",(long int)max_time);
+                                _endpoint->lifetime_ptr = (uint8_t*)memory_alloc(size+1);
+
+                                if(_endpoint->lifetime_ptr) {
+                                    memset(_endpoint->lifetime_ptr, 0, size+1);
+                                    memcpy(_endpoint->lifetime_ptr,buffer,size);
+                                    _endpoint->lifetime_len =  size;
+                                }
+                                memory_free(buffer);
+                            }
+                        }
+                    }
+                    if(coap_header->options_list_ptr->location_path_ptr) {
+                        _endpoint->location_ptr = (uint8_t*)memory_alloc(coap_header->options_list_ptr->location_path_len+1);
+                        memset(_endpoint->location_ptr,0,coap_header->options_list_ptr->location_path_len+1);
+                        memcpy(_endpoint->location_ptr,
+                               coap_header->options_list_ptr->location_path_ptr,
+                               coap_header->options_list_ptr->location_path_len);
+                        _endpoint->location_len = coap_header->options_list_ptr->location_path_len ;
+                        sn_nsdl_set_endpoint_location(_nsdl_handle,_endpoint->location_ptr,_endpoint->location_len);
+                    }
+                }
+                if(_endpoint->lifetime_ptr) {
+                    _registration_timer->stop_timer();
+                    _registration_timer->start_timer(registration_time() * 1000,
+                                                     M2MTimerObserver::Registration,
+                                                     false);
+                }
+            } else {
+                if(_server) {
+                    delete _server;
+                    _server = NULL;
+                }
+                tr_error("M2MNsdlInterface::received_from_server_callback - registration error %d", coap_header->msg_code);
+                M2MInterface::Error error = interface_error(coap_header);
+                _observer.registration_error(error);
+            }
+        } else if(coap_header->msg_id == _unregister_id) {
+            _unregister_id = 0;
+            if(coap_header->msg_code == COAP_MSG_CODE_RESPONSE_DELETED) {
+                _registration_timer->stop_timer();
+                if(_server) {
+                   delete _server;
+                   _server = NULL;
+                }
+                tr_debug("M2MNsdlInterface::received_from_server_callback - unregistration callback");
+                _observer.client_unregistered();
+            } else {
+                tr_error("M2MNsdlInterface::received_from_server_callback - unregistration error %d", coap_header->msg_code);
+                M2MInterface::Error error = interface_error(coap_header);
+                _observer.registration_error(error);
+            }
+        } else if(coap_header->msg_id == _update_id) {
+            _update_id = 0;
+
+            if(coap_header->msg_code == COAP_MSG_CODE_RESPONSE_CHANGED) {
+                tr_debug("M2MNsdlInterface::received_from_server_callback - registration_updated successfully");
+                _observer.registration_updated(*_server);
+            } else {
+                tr_error("M2MNsdlInterface::received_from_server_callback - registration_updated failed %d", coap_header->msg_code);
+                M2MInterface::Error error = interface_error(coap_header);
+                // In case, the error for update registration is not allowed implies the client is no longer registered in
+                // server hence the error returns should be NotRegistered.
+                if(M2MInterface::NotAllowed == error) {
+                    error = M2MInterface::NotRegistered;
+                }
+                _observer.registration_error(error);
+            }
+        }else if(coap_header->msg_id == _bootstrap_id) {
+            _bootstrap_id = 0;
+            M2MInterface::Error error = interface_error(coap_header);
+            if(error != M2MInterface::ErrorNone) {
+                _observer.bootstrap_error();
+            }
+        } else {
+            if(COAP_MSG_CODE_REQUEST_POST == coap_header->msg_code) {
+                if(coap_header->uri_path_ptr) {
+                    String resource_name = coap_to_string(coap_header->uri_path_ptr,
+                                                          coap_header->uri_path_len);
+
+                    sn_coap_hdr_s *coap_response = NULL;
+                    String object_name;
+                    int slash_found = resource_name.find_last_of('/');
+                    //The POST operation here is only allowed for non-existing object instances
+                    if(slash_found != -1) {
+                        object_name = resource_name.substr(0,slash_found);
+                        if( object_name.find_last_of('/') != -1){
+                            coap_response = sn_nsdl_build_response(_nsdl_handle,
+                                                                   coap_header,
+                                                                   COAP_MSG_CODE_RESPONSE_NOT_FOUND);
+                        } else {
+                            int32_t instance_id = atoi(resource_name.substr(slash_found+1,
+                                                     resource_name.size()-object_name.size()).c_str());
+                            M2MBase* base = find_resource(object_name);
+                            if(base && (instance_id >= 0) && (instance_id < 65535)) {
+                                if(coap_header->payload_ptr) {
+                                    M2MObject* object = (M2MObject*)base;
+                                    M2MObjectInstance *obj_instance = object->create_object_instance(instance_id);
+                                    if(obj_instance) {
+                                        obj_instance->set_operation(M2MBase::GET_PUT_POST_ALLOWED);
+                                        coap_response = obj_instance->handle_post_request(_nsdl_handle,coap_header,this);
+                                    }
+                                    if(coap_response && coap_response->msg_code != COAP_MSG_CODE_RESPONSE_CREATED) {
+                                        //Invalid request so remove created ObjectInstance
+                                        object->remove_object_instance(instance_id);
+                                    }
+                                } else {
+                                    tr_debug("M2MNsdlInterface::received_from_server_callback - Missing Payload - Cannot create");
+                                    coap_response = sn_nsdl_build_response(_nsdl_handle,
+                                                                           coap_header,
+                                                                           COAP_MSG_CODE_RESPONSE_BAD_REQUEST);
+                                }
+                            } else { //if(base)
+                                tr_debug("M2MNsdlInterface::received_from_server_callback - Missing BASE - Cannot create");
+                                coap_response = sn_nsdl_build_response(_nsdl_handle,
+                                                                       coap_header,
+                                                                       COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED);
+                            }
+                        }
+                    } else{ // if(slash_found != -1)
+                        tr_debug("M2MNsdlInterface::received_from_server_callback - slash_found - Cannot create");
+                        coap_response = sn_nsdl_build_response(_nsdl_handle,
+                                                               coap_header,
+                                                               COAP_MSG_CODE_RESPONSE_NOT_FOUND);
+                    }
+                    if(coap_response) {
+                        tr_debug("M2MNsdlInterface::received_from_server_callback - send CoAP response");
+                        (sn_nsdl_send_coap_message(_nsdl_handle, address, coap_response) == 0) ? value = 0 : value = 1;
+                        sn_nsdl_release_allocated_coap_msg_mem(_nsdl_handle, coap_response);
+                    }
+                }
+            }
+        }
+    }
+    return value;
+}
+
+uint8_t M2MNsdlInterface::resource_callback(struct nsdl_s */*nsdl_handle*/,
+                                            sn_coap_hdr_s *received_coap_header,
+                                            sn_nsdl_addr_s *address,
+                                            sn_nsdl_capab_e /*nsdl_capab*/)
+{
+    tr_debug("M2MNsdlInterface::resource_callback()");
+    _observer.coap_data_processed();
+    uint8_t result = 1;
+    sn_coap_hdr_s *coap_response = NULL;
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CHANGED; // 4.00
+    String resource_name = coap_to_string(received_coap_header->uri_path_ptr,
+                                          received_coap_header->uri_path_len);
+    tr_debug("M2MNsdlInterface::resource_callback() - resource_name %s", resource_name.c_str());
+    M2MBase* base = find_resource(resource_name);
+
+    if(base) {
+        if(COAP_MSG_CODE_REQUEST_GET == received_coap_header->msg_code) {
+            coap_response = base->handle_get_request(_nsdl_handle, received_coap_header,this);
+        } else if(COAP_MSG_CODE_REQUEST_PUT == received_coap_header->msg_code) {
+            coap_response = base->handle_put_request(_nsdl_handle, received_coap_header,this);
+        } else if(COAP_MSG_CODE_REQUEST_POST == received_coap_header->msg_code) {
+            if(base->base_type() == M2MBase::ResourceInstance) {
+                msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST;
+            } else {
+                coap_response = base->handle_post_request(_nsdl_handle, received_coap_header,this);
+            }
+        } else if(COAP_MSG_CODE_REQUEST_DELETE == received_coap_header->msg_code) {
+            // Delete the object instance
+            tr_debug("M2MNsdlInterface::resource_callback() - DELETE the object instance");
+            M2MBase::BaseType type = base->base_type();
+            if(M2MBase::ObjectInstance == type) {
+                M2MBase* base_object = find_resource(base->name());
+                if(base_object) {
+                    M2MObject *object = (M2MObject*)base_object;
+                    int slash_found = resource_name.find_last_of('/');
+                    // Object instance validty checks done in upper level, no need for error handling
+                    if(slash_found != -1) {
+                        String object_name;
+                        object_name = resource_name.substr(slash_found + 1, resource_name.length());
+                        if (object->remove_object_instance(strtoul(
+                                object_name.c_str(), NULL, 10))) {
+                            msg_code = COAP_MSG_CODE_RESPONSE_DELETED;
+                        }
+                    }
+                }
+            } else {
+                msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST; // 4.00
+            }
+        }
+    } else  {
+        tr_debug("M2MNsdlInterface::resource_callback() - Resource NOT FOUND");
+        msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST; // 4.00
+    }
+    if(!coap_response) {
+            coap_response = sn_nsdl_build_response(_nsdl_handle,
+                                                   received_coap_header,
+                                                   msg_code);
+    }
+    if(coap_response) {
+        tr_debug("M2MNsdlInterface::resource_callback() - send CoAP response");
+        (sn_nsdl_send_coap_message(_nsdl_handle, address, coap_response) == 0) ? result = 0 : result = 1;
+        if(coap_response->payload_ptr) {
+            free(coap_response->payload_ptr);
+            coap_response->payload_ptr = NULL;
+        }
+        sn_nsdl_release_allocated_coap_msg_mem(_nsdl_handle, coap_response);
+    }
+    return result;
+}
+
+void M2MNsdlInterface::bootstrap_done_callback(sn_nsdl_oma_server_info_t *server_info)
+{
+    tr_debug("M2MNsdlInterface::bootstrap_done_callback()");
+    _bootstrap_id = 0;
+    M2MSecurity* security = NULL;
+    if(server_info && server_info->omalw_address_ptr->addr_ptr) {
+        security = new M2MSecurity(M2MSecurity::M2MServer);
+        uint16_t port = server_info->omalw_address_ptr->port;
+        char *buffer = (char*)memory_alloc(20);
+        snprintf(buffer, 20,"%d",port);
+        String server_uri(COAP);
+        String server_address;
+        //TODO: currently only supports IPV4 Mapping, fix to support IPV6 as well
+        if(SN_NSDL_ADDRESS_TYPE_IPV4 == server_info->omalw_address_ptr->type) {
+            int val = 0;
+            for(int index = 0; index < server_info->omalw_address_ptr->addr_len; index++) {
+                char *server_buffer = (char*)memory_alloc(20);
+                val = (int)server_info->omalw_address_ptr->addr_ptr[index];
+                snprintf(server_buffer, 20,"%d",val);
+                server_address +=String(server_buffer);
+
+                memory_free(server_buffer);
+
+                if(index < server_info->omalw_address_ptr->addr_len-1) {
+                    server_address += String(".");
+                }
+            }
+
+            tr_debug("M2MNsdlInterface::bootstrap_done_callback - IPv4 Server address received %s", server_address.c_str());
+        } else if(SN_NSDL_ADDRESS_TYPE_HOSTNAME == server_info->omalw_address_ptr->type) {
+            char *hostname = (char*)memory_alloc(server_info->omalw_address_ptr->addr_len);
+            if(hostname) {
+                memset(hostname, 0, server_info->omalw_address_ptr->addr_len);
+                memcpy(hostname,
+                       server_info->omalw_address_ptr->addr_ptr,
+                       server_info->omalw_address_ptr->addr_len);
+                server_address += String(hostname);
+                memory_free(hostname);
+                hostname = NULL;
+                tr_debug("M2MNsdlInterface::bootstrap_done_callback - Hostname Server address received %s", server_address.c_str());
+            }
+        } else if(SN_NSDL_ADDRESS_TYPE_IPV6 == server_info->omalw_address_ptr->type) {
+            char ipv6_address[40];
+            ip6tos(server_info->omalw_address_ptr->addr_ptr, ipv6_address);
+            server_address += String(ipv6_address);
+            tr_debug("M2MNsdlInterface::bootstrap_done_callback - IPv6 Server address received %s", server_address.c_str());
+        }
+
+        server_uri += server_address;
+        server_uri +=String(":");
+        server_uri += String(buffer);
+
+        memory_free(buffer);
+        security->set_resource_value(M2MSecurity::M2MServerUri, server_uri);
+        security->set_resource_value(M2MSecurity::BootstrapServer, 0);
+
+        M2MSecurity::SecurityModeType security_mode = M2MSecurity::SecurityNotSet;
+
+        switch(server_info->omalw_server_security) {
+            case SEC_NOT_SET:
+                security_mode = M2MSecurity::SecurityNotSet;
+                break;
+            case PSK:
+                //Not supported at the moment
+                break;
+            case RPK:
+                //Not supported at the moment
+                break;
+            case CERTIFICATE:
+                security_mode = M2MSecurity::Certificate;
+                break;
+            case NO_SEC:
+                security_mode = M2MSecurity::NoSecurity;
+                break;
+            }
+        security->set_resource_value(M2MSecurity::SecurityMode,security_mode);
+
+        //TODO: This is mandatory parameter for LWM2M server,
+        // why is it missing from nsdl-c API ?
+        security->set_resource_value(M2MSecurity::ShortServerID,1);
+
+        // Check certiticates only if the mode is Certificate
+        // else it is in NoSecurity Mode, Psk and Rsk are not supported.
+        if(M2MSecurity::Certificate == security_mode) {
+            omalw_certificate_list_t *certificates = sn_nsdl_get_certificates(_nsdl_handle);
+            if(certificates) {
+                security->set_resource_value(M2MSecurity::ServerPublicKey,certificates->certificate_ptr[0],certificates->certificate_len[0]);
+                security->set_resource_value(M2MSecurity::PublicKey,certificates->certificate_ptr[1],certificates->certificate_len[1]);
+                security->set_resource_value(M2MSecurity::Secretkey,certificates->own_private_key_ptr,certificates->own_private_key_len);
+            } else {
+                // Mode is certificate but certificates are missing so its bootstrap error.
+                delete security;
+                security = NULL;
+            }
+        }
+    }
+    if(security) {
+        tr_debug("M2MNsdlInterface::bootstrap_done_callback - bootstrap_done");
+        // Inform that bootstrap is done and LWM2M server object is available.
+        _observer.bootstrap_done(security);
+    } else {
+        tr_error("M2MNsdlInterface::bootstrap_done_callback - bootstrap_error");
+        // Bootstrap error inform to the application.
+        _observer.bootstrap_error();
+    }
+}
+
+bool M2MNsdlInterface::process_received_data(uint8_t *data,
+                                             uint16_t data_size,
+                                             sn_nsdl_addr_s *address)
+{
+    tr_debug("M2MNsdlInterface::process_received_data( data size %d)", data_size);
+    return (0 == sn_nsdl_process_coap(_nsdl_handle,
+                                      data,
+                                      data_size,
+                                      address)) ? true : false;
+}
+
+void M2MNsdlInterface::stop_timers()
+{
+    tr_debug("M2MNsdlInterface::stop_timers()");
+    if(_registration_timer) {
+        _registration_timer->stop_timer();
+    }
+}
+
+void M2MNsdlInterface::timer_expired(M2MTimerObserver::Type type)
+{
+    if(M2MTimerObserver::NsdlExecution == type) {
+        sn_nsdl_exec(_nsdl_handle, _counter_for_nsdl);
+        _counter_for_nsdl++;
+    } else if(M2MTimerObserver::Registration == type) {
+        tr_debug("M2MNsdlInterface::timer_expired - M2MTimerObserver::Registration - Send update registration");
+        send_update_registration();
+    }
+}
+
+void M2MNsdlInterface::observation_to_be_sent(M2MBase *object)
+{
+    tr_debug("M2MNsdlInterface::observation_to_be_sent()");
+    if(object) {
+        M2MBase::BaseType type = object->base_type();
+        if(type == M2MBase::Object) {
+            send_object_observation((M2MObject*)object);
+        } else if(type == M2MBase::ObjectInstance) {
+            send_object_instance_observation((M2MObjectInstance*)object);
+        } else if(type == M2MBase::Resource) {
+                send_resource_observation((M2MResource*)object);
+        }
+    }
+}
+
+void M2MNsdlInterface::resource_to_be_deleted(const String &resource_name)
+{
+    tr_debug("M2MNsdlInterface::resource_to_be_deleted(resource_name %s)", resource_name.c_str());
+    delete_nsdl_resource(resource_name);
+}
+
+void M2MNsdlInterface::value_updated(M2MBase *base,
+                                     const String &object_name)
+{
+    tr_debug("M2MNsdlInterface::value_updated()");
+    if(base) {
+        switch(base->base_type()) {
+            case M2MBase::Object:
+                create_nsdl_object_structure((M2MObject*)base);
+            break;
+            case M2MBase::ObjectInstance:
+                create_nsdl_object_instance_structure((M2MObjectInstance*)base);
+            break;
+            case M2MBase::Resource: {
+                    M2MResource* resource = (M2MResource*)base;
+                    create_nsdl_resource_structure(resource,object_name,
+                                               resource->supports_multiple_instances());
+            }
+            break;
+            case M2MBase::ResourceInstance: {
+                M2MResourceInstance* instance = (M2MResourceInstance*)base;
+                create_nsdl_resource(instance,object_name);
+            }
+            break;
+        }
+    }
+    _observer.value_updated(base);
+}
+
+void M2MNsdlInterface::remove_object(M2MBase *object)
+{
+    tr_debug("M2MNsdlInterface::remove_object()");
+    M2MObject* rem_object = (M2MObject*)object;
+    if(rem_object && !_object_list.empty()) {
+        M2MObjectList::const_iterator it;
+        it = _object_list.begin();
+        int index = 0;
+        for ( ; it != _object_list.end(); it++, index++ ) {
+            if((*it) == rem_object) {
+                _object_list.erase(index);
+                break;
+            }
+        }
+    }
+    if(_object_list.empty()) {
+        _object_list.clear();
+    }
+}
+
+bool M2MNsdlInterface::create_nsdl_object_structure(M2MObject *object)
+{
+    tr_debug("M2MNsdlInterface::create_nsdl_object_structure()");
+    bool success = false;
+    if(object) {
+        //object->set_under_observation(false,this);
+        M2MObjectInstanceList instance_list = object->instances();
+        tr_debug("M2MNsdlInterface::create_nsdl_object_structure - Object Instance count %d", instance_list.size());
+        if(!instance_list.empty()) {
+           M2MObjectInstanceList::const_iterator it;
+           it = instance_list.begin();
+           for ( ; it != instance_list.end(); it++ ) {
+               // Create NSDL structure for all object instances inside
+               success = create_nsdl_object_instance_structure(*it);
+           }
+        }
+    }
+    if((object->operation() != M2MBase::NOT_ALLOWED)) {
+        success = create_nsdl_resource(object,object->name());
+    }
+    return success;
+}
+
+bool M2MNsdlInterface::create_nsdl_object_instance_structure(M2MObjectInstance *object_instance)
+{
+    tr_debug("M2MNsdlInterface::create_nsdl_object_instance_structure()");
+    bool success = false;
+    if( object_instance) {
+
+        char *inst_id = (char*)malloc(20);
+        snprintf(inst_id, 20,"%d",object_instance->instance_id());
+
+        // Append object instance id to the object name.
+        String object_name = object_instance->name();
+        object_name += String("/");
+        object_name += String(inst_id);
+        free(inst_id);
+
+
+        //object_instance->set_under_observation(false,this);
+
+        M2MResourceList res_list = object_instance->resources();
+        tr_debug("M2MNsdlInterface::create_nsdl_object_instance_structure - ResourceBase count %d", res_list.size());
+        if(!res_list.empty()) {
+            M2MResourceList::const_iterator it;
+            it = res_list.begin();
+            for ( ; it != res_list.end(); it++ ) {
+                // Create NSDL structure for all resources inside
+                success = create_nsdl_resource_structure(*it,object_name,
+                                                         (*it)->supports_multiple_instances());
+            }
+        }
+        if(object_instance->operation() != M2MBase::NOT_ALLOWED) {
+            success = create_nsdl_resource(object_instance,object_name);
+        }
+    }
+    return success;
+}
+
+bool M2MNsdlInterface::create_nsdl_resource_structure(M2MResource *res,
+                                                      const String &object_name,
+                                                      bool multiple_instances)
+{
+    tr_debug("M2MNsdlInterface::create_nsdl_resource_structure(object_name %s)", object_name.c_str());
+    bool success = false;
+    if(res) {
+        // Append object name to the resource.
+        // Take out the instance Id and append to the
+        // resource name like "object/0/+ resource + / + 0"
+        String res_name = object_name;
+        res_name+= String("/");
+        res_name.append(res->name().c_str(),res->name().length());
+
+        // if there are multiple instances supported
+        // then add instance Id into creating resource path
+        // else normal /object_id/object_instance/resource_id format.
+        if(multiple_instances) {
+            M2MResourceInstanceList res_list = res->resource_instances();
+            tr_debug("M2MNsdlInterface::create_nsdl_resource_structure - ResourceInstance count %d", res_list.size());
+            if(!res_list.empty()) {
+                M2MResourceInstanceList::const_iterator it;
+                it = res_list.begin();
+                for ( ; it != res_list.end(); it++ ) {
+                    String inst_name = res_name;
+                    // Create NSDL structure for all resources inside
+                    char *inst_id = (char*)memory_alloc(20);
+                    snprintf(inst_id, 20,"%d",(*it)->instance_id());
+                    inst_name+= String("/") ;
+                    inst_name+= String(inst_id);
+
+                    memory_free(inst_id);
+
+                    success = create_nsdl_resource((*it),inst_name);
+                }
+                // Register the main Resource as well along with ResourceInstances
+                success = create_nsdl_resource(res,res_name);
+            }
+        } else {
+            tr_debug("M2MNsdlInterface::create_nsdl_resource_structure - res_name %s", res_name.c_str());
+            success = create_nsdl_resource(res,res_name);
+        }
+    }
+    return success;
+}
+
+bool M2MNsdlInterface::create_nsdl_resource(M2MBase *base, const String &name)
+{
+    tr_debug("M2MNsdlInterface::create_nsdl_resource(name %s)", name.c_str());
+    bool success = false;
+    uint8_t* buffer = 0;
+    uint32_t length = 0;
+
+    // Create the NSDL Resource Pointer...
+    if(base) {
+        sn_nsdl_resource_info_s* resource = sn_nsdl_get_resource(_nsdl_handle,
+                                                                 name.length(),
+                                                                 (uint8_t*)name.c_str());
+        if(resource) {
+            success = true;
+            if(resource->mode == SN_GRS_STATIC) {
+                if((M2MBase::Resource == base->base_type() ||
+                   M2MBase::ResourceInstance == base->base_type()) &&
+                   M2MBase::Static == base->mode()) {
+                    M2MResourceInstance *res = (M2MResourceInstance*)base;
+                    res->get_value(buffer,length);
+                    if(resource->resource) {
+                        memory_free(resource->resource);
+                    }
+                    resource->resource = buffer;
+                    resource->resourcelen = length;
+                    sn_nsdl_update_resource(_nsdl_handle,resource);
+                }
+            }
+            // Update Resource access everytime for existing resource.
+            resource->access = (sn_grs_resource_acl_e)base->operation();
+        } else if(_resource) {
+            base->set_under_observation(false,this);
+            //TODO: implement access control
+            // Currently complete access is given
+            _resource->access = (sn_grs_resource_acl_e)base->operation();
+
+            if((M2MBase::Resource == base->base_type() ||
+                M2MBase::ResourceInstance == base->base_type()) &&
+               M2MBase::Static == base->mode()) {
+                M2MResourceInstance *res = (M2MResourceInstance*)base;
+                // Static resource is updated
+                _resource->mode = SN_GRS_STATIC;
+
+                res->get_value(buffer,length);
+                _resource->resource = buffer;
+                _resource->resourcelen = length;
+            }
+
+            if(M2MBase::Dynamic == base->mode()){
+              // Dynamic resource is updated
+               _resource->mode = SN_GRS_DYNAMIC;
+               _resource->sn_grs_dyn_res_callback = __nsdl_c_callback;
+            } else {
+               _resource->mode = SN_GRS_DIRECTORY;
+            }
+
+            if( _resource->path != NULL ){
+                memory_free(_resource->path);
+                _resource->path = NULL;
+            }
+            if(name.length() > 0 ){
+                _resource->path = ((uint8_t*)memory_alloc(name.length()+1));
+                if(_resource->path) {
+                    memset(_resource->path, 0, name.length()+1);
+                    memcpy(_resource->path, (uint8_t*)name.c_str(), name.length());
+                    _resource->pathlen = name.length();
+                }
+            }
+
+            if(!base->resource_type().empty() && _resource->resource_parameters_ptr) {
+                _resource->resource_parameters_ptr->resource_type_ptr =
+                       ((uint8_t*)memory_alloc(base->resource_type().length()+1));
+                if(_resource->resource_parameters_ptr->resource_type_ptr) {
+                    memset(_resource->resource_parameters_ptr->resource_type_ptr,
+                          0, base->resource_type().length()+1);
+                    memcpy(_resource->resource_parameters_ptr->resource_type_ptr,
+                          (uint8_t*)base->resource_type().c_str(),
+                          base->resource_type().length());
+                    _resource->resource_parameters_ptr->resource_type_len =
+                           base->resource_type().length();
+                }
+            }
+            if(!base->interface_description().empty() && _resource->resource_parameters_ptr) {
+                _resource->resource_parameters_ptr->interface_description_ptr =
+                       ((uint8_t*)memory_alloc(base->interface_description().length()+1));
+                if(_resource->resource_parameters_ptr->interface_description_ptr) {
+                    memset(_resource->resource_parameters_ptr->interface_description_ptr,
+                          0, base->interface_description().length()+1);
+                    memcpy(_resource->resource_parameters_ptr->interface_description_ptr,
+                          (uint8_t*)base->interface_description().c_str(),
+                          base->interface_description().length());
+                    _resource->resource_parameters_ptr->interface_description_len =
+                           base->interface_description().length();
+                 }
+            }
+            if(_resource->resource_parameters_ptr) {
+                _resource->resource_parameters_ptr->coap_content_type = base->coap_content_type();
+                _resource->resource_parameters_ptr->observable = (uint8_t)base->is_observable();
+            }
+
+            int8_t result = sn_nsdl_create_resource(_nsdl_handle,_resource);
+            tr_debug("M2MNsdlInterface::create_nsdl_resource - Creating in NSDL-C result %d", result);
+
+            // Either the resource is created or it already
+            // exists , then result is success.
+            if (result == 0 ||
+               result == -2){
+                success = true;
+            }
+
+            if(_resource->path) {
+                memory_free(_resource->path);
+            }
+            if(_resource->resource_parameters_ptr->resource_type_ptr){
+                memory_free(_resource->resource_parameters_ptr->resource_type_ptr);
+            }
+            if(_resource->resource_parameters_ptr->interface_description_ptr){
+                memory_free(_resource->resource_parameters_ptr->interface_description_ptr);
+            }
+
+            //Clear up the filled resource to fill up new resource.
+            clear_resource(_resource);
+
+            if(success) {
+               base->set_under_observation(false,this);
+            }
+        }
+    }
+    if(buffer) {
+        free(buffer);
+    }
+    return success;
+}
+
+// convenience method to get the URI from its buffer field...
+String M2MNsdlInterface::coap_to_string(uint8_t *coap_data,int coap_data_length)
+{
+    String value = "";
+    if (coap_data != NULL && coap_data_length > 0) {
+        char buf[256+1];
+        memset(buf,0,256+1);
+        memcpy(buf,(char *)coap_data,coap_data_length);
+        value = String(buf);
+    }
+    return value;
+}
+
+uint64_t M2MNsdlInterface::registration_time()
+{
+    uint64_t value = 0;
+    if(_endpoint->lifetime_ptr) {
+        value = atol((const char*)_endpoint->lifetime_ptr);
+    }
+
+    if(value >= OPTIMUM_LIFETIME) {
+        value = value - REDUCE_LIFETIME;
+    } else {
+        value = REDUCTION_FACTOR * value;
+    }
+    tr_debug("M2MNsdlInterface::registration_time - value (in seconds) %ld", value);
+    return value;
+}
+
+M2MBase* M2MNsdlInterface::find_resource(const String &object_name)
+{
+    M2MBase *object = NULL;
+    if(!_object_list.empty()) {
+        M2MObjectList::const_iterator it;
+        it = _object_list.begin();
+        for ( ; it != _object_list.end(); it++ ) {
+            if((*it)->name() == object_name) {
+                object = (*it);
+                tr_debug("M2MNsdlInterface::find_resource(%s) found", object_name.c_str());
+                break;
+            }
+            object = find_resource((*it),object_name);
+            if(object != NULL) {
+                tr_debug("M2MNsdlInterface::find_resource(%s) found", object_name.c_str());
+                break;
+            }
+        }
+    }
+    return object;
+}
+
+M2MBase* M2MNsdlInterface::find_resource(const M2MObject *object,
+                                         const String &object_instance)
+{
+    M2MBase *instance = NULL;
+    if(object) {
+        M2MObjectInstanceList list = object->instances();
+        if(!list.empty()) {
+            M2MObjectInstanceList::const_iterator it;
+            it = list.begin();
+            for ( ; it != list.end(); it++ ) {
+                char *inst_id = (char*)memory_alloc(20);
+                snprintf(inst_id, 20,"%d",(*it)->instance_id());
+
+                // Append object instance id to the object name.
+                String name = (*it)->name();
+                name+= String("/");
+                name+= String(inst_id);
+
+                memory_free(inst_id);
+
+                if(name == object_instance){
+                    instance = (*it);
+                    break;
+                }
+                instance = find_resource((*it),object_instance);
+                if(instance != NULL){
+                    break;
+                }
+            }
+        }
+    }
+    return instance;
+}
+
+M2MBase* M2MNsdlInterface::find_resource(const M2MObjectInstance *object_instance,
+                                         const String &resource_instance)
+{
+    M2MBase *instance = NULL;
+    if(object_instance) {
+        M2MResourceList list = object_instance->resources();
+        if(!list.empty()) {
+            M2MResourceList::const_iterator it;
+            it = list.begin();
+            for ( ; it != list.end(); it++ ) {
+                String name = object_instance->name();
+                char *obj_inst_id = (char*)memory_alloc(20);
+                snprintf(obj_inst_id, 20,"%d",object_instance->instance_id());
+
+                // Append object instance id to the object name.
+                name+= String("/");
+                name+= String(obj_inst_id);
+
+                memory_free(obj_inst_id);
+
+                name+= String("/");
+                name+= (*it)->name();
+
+                if(name == resource_instance) {
+                    instance = *it;
+                    break;
+                } else if((*it)->supports_multiple_instances()) {
+                    instance = find_resource((*it),name, resource_instance);
+                    if(instance != NULL){
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    return instance;
+}
+
+M2MBase* M2MNsdlInterface::find_resource(const M2MResource *resource,
+                                         const String &object_name,
+                                         const String &resource_instance)
+{
+    M2MBase *res = NULL;
+    if(resource) {
+        if(resource->supports_multiple_instances()) {
+            M2MResourceInstanceList list = resource->resource_instances();
+            if(!list.empty()) {
+                M2MResourceInstanceList::const_iterator it;
+                it = list.begin();
+                for ( ; it != list.end(); it++ ) {
+                    String name = object_name;
+                    // if there are multiple instances supported
+                    // then add instance Id into creating resource path
+                    // else normal /object_id/object_instance/resource_id format.
+
+                    char *inst_id = (char*)memory_alloc(20);
+                    snprintf(inst_id, 20,"%d",(*it)->instance_id());
+
+                    name+= String("/") ;
+                    name+= String(inst_id);
+
+                    memory_free(inst_id);
+
+                    if(name == resource_instance){
+                        res = (*it);
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    return res;
+}
+
+bool M2MNsdlInterface::object_present(M2MObject* object) const
+{
+    bool success = false;
+    if(object && !_object_list.empty()) {
+        M2MObjectList::const_iterator it;
+        it = _object_list.begin();
+        for ( ; it != _object_list.end(); it++ ) {
+            if((*it) == object) {
+                success = true;
+                break;
+            }
+        }
+    }
+    return success;
+}
+
+bool M2MNsdlInterface::add_object_to_list(M2MObject* object)
+{
+    bool success = false;
+    if(object && !object_present(object)) {
+        _object_list.push_back(object);
+        success = true;
+    }
+    return success;
+}
+
+void M2MNsdlInterface::clear_resource(sn_nsdl_resource_info_s *&resource)
+{
+    //Clear up the filled resource to fill up new resource.
+    if(resource && resource->resource_parameters_ptr) {
+        sn_nsdl_resource_parameters_s *temp_resource_parameter = resource->resource_parameters_ptr;
+        memset(resource->resource_parameters_ptr, 0, sizeof(sn_nsdl_resource_parameters_s));
+        memset(resource,0, sizeof(sn_nsdl_resource_info_s));
+        resource->resource_parameters_ptr = temp_resource_parameter;
+    }
+}
+
+M2MInterface::Error M2MNsdlInterface::interface_error(sn_coap_hdr_s *coap_header)
+{
+    M2MInterface::Error error = M2MInterface::ErrorNone;
+    if(coap_header) {
+        switch(coap_header->msg_code) {
+            case COAP_MSG_CODE_RESPONSE_BAD_REQUEST:
+            case COAP_MSG_CODE_RESPONSE_BAD_OPTION:
+            case COAP_MSG_CODE_RESPONSE_REQUEST_ENTITY_INCOMPLETE:
+            case COAP_MSG_CODE_RESPONSE_PRECONDITION_FAILED:
+            case COAP_MSG_CODE_RESPONSE_REQUEST_ENTITY_TOO_LARGE:
+            case COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT:
+                error = M2MInterface::InvalidParameters;
+                break;
+            case COAP_MSG_CODE_RESPONSE_UNAUTHORIZED:
+            case COAP_MSG_CODE_RESPONSE_FORBIDDEN:
+            case COAP_MSG_CODE_RESPONSE_NOT_ACCEPTABLE:
+            case COAP_MSG_CODE_RESPONSE_NOT_FOUND:
+            case COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED:
+                error = M2MInterface::NotAllowed;
+                break;
+            case COAP_MSG_CODE_RESPONSE_CREATED:
+            case COAP_MSG_CODE_RESPONSE_DELETED:
+            case COAP_MSG_CODE_RESPONSE_VALID:
+            case COAP_MSG_CODE_RESPONSE_CHANGED:
+            case COAP_MSG_CODE_RESPONSE_CONTENT:
+                error = M2MInterface::ErrorNone;
+                break;
+            default:
+                error = M2MInterface::UnknownError;
+                break;
+        }
+        if(coap_header->coap_status == COAP_STATUS_BUILDER_MESSAGE_SENDING_FAILED) {
+            error = M2MInterface::NetworkError;
+        }
+    }
+    return error;
+}
+
+void M2MNsdlInterface::send_object_observation(M2MObject *object)
+{
+    tr_debug("M2MNsdlInterface::send_object_observation");
+    if(object) {
+        uint8_t *value = 0;
+        uint32_t length = 0;
+        uint8_t *token = 0;
+        uint32_t token_length = 0;
+        uint8_t observation_number[2];
+        uint8_t observation_number_length = 1;
+
+        uint16_t number = object->observation_number();
+
+        observation_number[0] = ((number>>8) & 0xFF);
+        observation_number[1] = (number & 0xFF);
+
+        if(number > 0xFF) {
+            observation_number_length = 2;
+        }
+
+        M2MTLVSerializer *serializer = new M2MTLVSerializer();
+        if(serializer) {
+            value = serializer->serialize(object->instances(), length);
+            delete serializer;
+        }
+
+        object->get_observation_token(token,token_length);
+
+        sn_nsdl_send_observation_notification(_nsdl_handle,
+                                              token,
+                                              token_length,
+                                              value,length,
+                                              observation_number,
+                                              observation_number_length,
+                                              COAP_MSG_TYPE_CONFIRMABLE,
+                                              object->coap_content_type());
+        memory_free(value);
+        memory_free(token);
+    }
+}
+
+void M2MNsdlInterface::send_object_instance_observation(M2MObjectInstance *object_instance)
+{
+    tr_debug("M2MNsdlInterface::send_object_instance_observation");
+    if(object_instance) {
+        uint8_t *value = 0;
+        uint32_t length = 0;
+        uint8_t *token = 0;
+        uint32_t token_length = 0;
+        uint8_t observation_number[2];
+        uint8_t observation_number_length = 1;
+
+        uint16_t number = object_instance->observation_number();
+
+        observation_number[0] = ((number>>8) & 0xFF);
+        observation_number[1] = (number & 0xFF);
+
+        if(number > 0xFF) {
+            observation_number_length = 2;
+        }
+
+        M2MTLVSerializer *serializer = new M2MTLVSerializer();
+        if(serializer) {
+            value = serializer->serialize(object_instance->resources(), length);
+            delete serializer;
+        }
+
+        object_instance->get_observation_token(token,token_length);
+
+        sn_nsdl_send_observation_notification(_nsdl_handle,
+                                              token,
+                                              token_length,
+                                              value,length,
+                                              observation_number,
+                                              observation_number_length,
+                                              COAP_MSG_TYPE_CONFIRMABLE,
+                                              object_instance->coap_content_type());
+        memory_free(value);
+        memory_free(token);
+    }
+}
+
+void M2MNsdlInterface::send_resource_observation(M2MResource *resource)
+{
+    tr_debug("M2MNsdlInterface::send_resource_observation");
+    if(resource) {
+        uint8_t *value = 0;
+        uint32_t length = 0;
+        uint8_t *token = 0;
+        uint32_t token_length = 0;
+        uint8_t observation_number[2];
+        uint8_t observation_number_length = 1;
+
+        uint16_t number = resource->observation_number();
+
+        observation_number[0] = ((number>>8) & 0xFF);
+        observation_number[1] = (number & 0xFF);
+
+        if(number > 0xFF) {
+            observation_number_length = 2;
+        }
+
+        resource->get_observation_token(token,token_length);
+        uint8_t content_type = 0;
+        if (resource->resource_instance_count() > 0) {
+            M2MTLVSerializer *serializer = new M2MTLVSerializer();
+            content_type = COAP_CONTENT_OMA_TLV_TYPE;
+            if(serializer) {
+                value = serializer->serialize(resource, length);
+                delete serializer;
+            }
+        } else {
+            resource->get_value(value,length);
+        }
+
+        sn_nsdl_send_observation_notification(_nsdl_handle,
+                                              token,
+                                              token_length,
+                                              value,length,
+                                              observation_number,
+                                              observation_number_length,
+                                              COAP_MSG_TYPE_CONFIRMABLE,
+                                              content_type);
+        memory_free(value);
+        memory_free(token);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mobject.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,559 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobservationhandler.h"
+#include "mbed-client/m2mconstants.h"
+#include "include/m2mtlvserializer.h"
+#include "include/m2mtlvdeserializer.h"
+#include "include/nsdllinker.h"
+#include "include/m2mreporthandler.h"
+#include "ns_trace.h"
+
+M2MObject::M2MObject(const String &object_name)
+: M2MBase(object_name,M2MBase::Dynamic),
+  _max_instance_count(MAX_UNINT_16_COUNT)
+{
+    M2MBase::set_base_type(M2MBase::Object);
+    if(M2MBase::name_id() != -1) {
+        M2MBase::set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+    }
+}
+
+M2MObject::~M2MObject()
+{
+    if(!_instance_list.empty()) {
+        M2MObjectInstanceList::const_iterator it;
+        it = _instance_list.begin();
+        M2MObjectInstance* obj = NULL;
+        uint16_t index = 0;
+        for (; it!=_instance_list.end(); it++, index++ ) {
+            //Free allocated memory for object instances.
+            obj = *it;
+
+            char *obj_inst_id = (char*)malloc(20);
+            if(obj_inst_id) {
+                snprintf(obj_inst_id, 20,"%d",index);
+
+                String obj_name = M2MBase::name();
+                obj_name += String("/");
+                obj_name += String(obj_inst_id);
+
+                free(obj_inst_id);
+                remove_resource_from_coap(obj_name);
+            }
+
+            delete obj;
+            obj = NULL;
+        }
+        remove_object_from_coap();
+        _instance_list.clear();
+    }
+}
+
+M2MObject& M2MObject::operator=(const M2MObject& other)
+{
+    if (this != &other) { // protect against invalid self-assignment
+        if(!other._instance_list.empty()){
+            M2MObjectInstance* ins = NULL;
+            M2MObjectInstanceList::const_iterator it;
+            it = other._instance_list.begin();
+            for (; it!=other._instance_list.end(); it++ ) {
+                ins = *it;
+                _instance_list.push_back(new M2MObjectInstance(*ins));
+            }
+        }
+    }
+    return *this;
+}
+
+M2MObject::M2MObject(const M2MObject& other)
+: M2MBase(other),
+  _max_instance_count(MAX_UNINT_16_COUNT)
+{
+    this->operator=(other);
+}
+
+M2MObjectInstance* M2MObject::create_object_instance(uint16_t instance_id)
+{
+    tr_debug("M2MObject::create_object_instance - id: %d", instance_id);
+    M2MObjectInstance *instance = NULL;
+    if(!object_instance(instance_id)) {
+        instance = new M2MObjectInstance(this->name(),*this);
+        if(instance) {
+            instance->set_instance_id(instance_id);
+            _instance_list.push_back(instance);
+            if(M2MBase::name_id() != -1) {
+                instance->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+            }
+        }
+    }
+    return instance;
+}
+
+bool M2MObject::remove_object_instance(uint16_t inst_id)
+{
+    tr_debug("M2MObject::remove_object_instance(inst_id %d)", inst_id);
+    bool success = false;
+    if(!_instance_list.empty()) {
+        M2MObjectInstance* obj = NULL;
+        M2MObjectInstanceList::const_iterator it;
+        it = _instance_list.begin();
+        int pos = 0;
+        for ( ; it != _instance_list.end(); it++, pos++ ) {
+            if((*it)->instance_id() == inst_id) {
+                // Instance found and deleted.
+                obj = *it;
+
+                char *obj_inst_id = (char*)malloc(20);
+                if(obj_inst_id) {
+                    snprintf(obj_inst_id, 20,"%d",obj->instance_id());
+
+                    String obj_name = name();
+                    obj_name += String("/");
+                    obj_name += String(obj_inst_id);
+
+                    free(obj_inst_id);
+
+                    delete obj;
+                    obj = NULL;
+                    _instance_list.erase(pos);
+                    success = true;
+
+                    remove_resource_from_coap(obj_name);
+                }
+                break;
+            }
+        }
+    }
+    return success;
+}
+
+M2MObjectInstance* M2MObject::object_instance(uint16_t inst_id) const
+{
+    tr_debug("M2MObject::object_instance(inst_id %d)", inst_id);
+    M2MObjectInstance *obj = NULL;
+    if(!_instance_list.empty()) {
+        M2MObjectInstanceList::const_iterator it;
+        it = _instance_list.begin();
+        for ( ; it != _instance_list.end(); it++ ) {
+            if((*it)->instance_id() == inst_id) {
+                // Instance found.
+                obj = *it;
+                break;
+            }
+        }
+    }
+    return obj;
+}
+
+const M2MObjectInstanceList& M2MObject::instances() const
+{
+    return _instance_list;
+}
+
+uint16_t M2MObject::instance_count() const
+{
+    return (uint16_t)_instance_list.size();
+}
+
+M2MBase::BaseType M2MObject::base_type() const
+{
+    return M2MBase::base_type();
+}
+
+void M2MObject::add_observation_level(M2MBase::Observation observation_level)
+{
+    M2MBase::add_observation_level(observation_level);
+    if(!_instance_list.empty()) {
+        M2MObjectInstanceList::const_iterator it;
+        it = _instance_list.begin();
+        for ( ; it != _instance_list.end(); it++ ) {
+            (*it)->add_observation_level(observation_level);
+        }
+    }
+}
+
+void M2MObject::remove_observation_level(M2MBase::Observation observation_level)
+{
+    M2MBase::remove_observation_level(observation_level);
+    if(!_instance_list.empty()) {
+        M2MObjectInstanceList::const_iterator it;
+        it = _instance_list.begin();
+        for ( ; it != _instance_list.end(); it++ ) {
+            (*it)->remove_observation_level(observation_level);
+        }
+    }
+}
+
+sn_coap_hdr_s* M2MObject::handle_get_request(nsdl_s *nsdl,
+                                             sn_coap_hdr_s *received_coap_header,
+                                             M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MObject::handle_get_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+    sn_coap_hdr_s * coap_response = sn_nsdl_build_response(nsdl,
+                                                           received_coap_header,
+                                                           msg_code);
+    //TODO: GET for Object is not yet implemented.
+    // Need to first fix C library and then implement on C++ side.
+    uint8_t * data = NULL;
+    uint32_t  data_length = 0;
+    //TODO: GET for Object is not yet implemented.
+    // Need to first fix C library and then implement on C++ side.
+    if(received_coap_header) {
+        // process the GET if we have registered a callback for it
+        if ((operation() & SN_GRS_GET_ALLOWED) != 0) {
+            if(coap_response) {
+                uint16_t coap_content_type = 0;
+                bool content_type_present = false;
+                if(received_coap_header->content_type_ptr) {
+                    content_type_present = true;
+                    coap_response->content_type_ptr = (uint8_t*)malloc(received_coap_header->content_type_len);
+                    if(coap_response->content_type_ptr) {
+                        memset(coap_response->content_type_ptr, 0, received_coap_header->content_type_len);
+                        memcpy(coap_response->content_type_ptr,
+                               received_coap_header->content_type_ptr,
+                               received_coap_header->content_type_len);
+                        coap_response->content_type_len = received_coap_header->content_type_len;
+                        for(uint8_t i = 0; i < coap_response->content_type_len; i++) {
+                            coap_content_type = (coap_content_type << 8) + (coap_response->content_type_ptr[i] & 0xFF);
+                        }
+                    }
+                }
+                if(!content_type_present &&
+                   M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                    coap_content_type = COAP_CONTENT_OMA_TLV_TYPE;
+                }
+
+                tr_debug("M2MObject::handle_get_request() - Request Content-Type %d", coap_content_type);
+
+                // fill in the CoAP response payload
+                if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type) {
+                    M2MTLVSerializer *serializer = new M2MTLVSerializer();
+                    data = serializer->serialize(_instance_list, data_length);
+                    delete serializer;
+                } else { // TOD0: Implement JSON Format.
+                    msg_code = COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT; // Content format not supported
+                }
+
+                coap_response->payload_len = data_length;
+                coap_response->payload_ptr = data;
+
+                coap_response->options_list_ptr = (sn_coap_options_list_s*)malloc(sizeof(sn_coap_options_list_s));
+                memset(coap_response->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+                coap_response->options_list_ptr->max_age_ptr = (uint8_t*)malloc(1);
+                memset(coap_response->options_list_ptr->max_age_ptr,0,1);
+                coap_response->options_list_ptr->max_age_len = 1;
+
+                if(data){
+                    if(received_coap_header->token_ptr) {
+                        tr_debug("M2MObject::handle_get_request - Sets Observation Token to resource");
+                        set_observation_token(received_coap_header->token_ptr,
+                                              received_coap_header->token_len);
+                    }
+
+                    if(received_coap_header->options_list_ptr) {
+                        if(received_coap_header->options_list_ptr->observe) {
+                            if (is_observable()) {
+                                uint32_t number = 0;
+                                uint8_t observe_option = 0;
+                                if(received_coap_header->options_list_ptr->observe_ptr) {
+                                    observe_option = *received_coap_header->options_list_ptr->observe_ptr;
+                                }
+                                if(START_OBSERVATION == observe_option) {
+                                    tr_debug("M2MObject::handle_get_request - Starts Observation");
+                                    // If the observe length is 0 means register for observation.
+                                    if(received_coap_header->options_list_ptr->observe_len != 0) {
+                                        for(int i=0;i < received_coap_header->options_list_ptr->observe_len; i++) {
+                                        number = (*(received_coap_header->options_list_ptr->observe_ptr + i) & 0xff) <<
+                                                 8*(received_coap_header->options_list_ptr->observe_len- 1 - i);
+                                        }
+                                    }
+                                    // If the observe value is 0 means register for observation.
+                                    if(number == 0) {
+                                        tr_debug("M2MObject::handle_get_request - Put Resource under Observation");
+                                        set_under_observation(true,observation_handler);
+                                        add_observation_level(M2MBase::O_Attribute);
+                                        uint8_t *obs_number = (uint8_t*)malloc(3);
+                                        memset(obs_number,0,3);
+                                        uint8_t observation_number_length = 1;
+
+                                        uint16_t number = observation_number();
+
+                                        tr_debug("M2MObject::handle_get_request - Observation Number %d", number);
+                                        obs_number[0] = ((number>>8) & 0xFF);
+                                        obs_number[1] = (number & 0xFF);
+
+                                        if(number > 0xFF) {
+                                            observation_number_length = 2;
+                                        }
+                                        coap_response->options_list_ptr->observe_ptr = obs_number;
+                                        coap_response->options_list_ptr->observe_len = observation_number_length;
+                                    }
+                                } else if (STOP_OBSERVATION == observe_option) {
+                                    tr_debug("M2MObject::handle_get_request - Stops Observation");
+                                    // If the observe options_list_ptr->observe_ptr value is 1 means de-register from observation.
+                                    set_under_observation(false,NULL);
+                                    remove_observation_level(M2MBase::O_Attribute);
+                                }
+                                msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+                            }
+                            else {
+                                msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                            }
+                        }
+                    }
+                } else {
+                    msg_code = COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT; // Content format not supported
+                }
+            }
+        }else {
+            tr_error("M2MResource::handle_get_request - Return COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            // Operation is not allowed.
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+        }
+    } else {
+        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+    }
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+sn_coap_hdr_s* M2MObject::handle_put_request(nsdl_s *nsdl,
+                                             sn_coap_hdr_s *received_coap_header,
+                                             M2MObservationHandler */*observation_handler*/)
+{
+    tr_debug("M2MObject::handle_put_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CHANGED; // 2.04
+    sn_coap_hdr_s *coap_response = sn_nsdl_build_response(nsdl,
+                                                          received_coap_header,
+                                                          msg_code);
+    if(received_coap_header) {
+        if ((operation() & SN_GRS_PUT_ALLOWED) != 0) {
+            if(!received_coap_header->payload_ptr) {
+                if(received_coap_header->options_list_ptr &&
+                   received_coap_header->options_list_ptr->uri_query_ptr) {
+                    char *query = (char*)malloc(received_coap_header->options_list_ptr->uri_query_len+1);
+                    if (query){
+                        memset(query, 0, received_coap_header->options_list_ptr->uri_query_len+1);
+                        memcpy(query,
+                            received_coap_header->options_list_ptr->uri_query_ptr,
+                            received_coap_header->options_list_ptr->uri_query_len);
+                        memset(query + received_coap_header->options_list_ptr->uri_query_len,'\0',1);//String terminator
+                       tr_debug("M2MObject::handle_put_request() - Query %s", query);
+                        // if anything was updated, re-initialize the stored notification attributes
+                        if (!handle_observation_attribute(query)){
+                            tr_debug("M2MObject::handle_put_request() - Invalid query");
+                            msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST; // 4.00
+                        }
+                        free(query);
+                    }
+                } else {
+                    tr_error("M2MObject::handle_put_request() - COAP_MSG_CODE_RESPONSE_BAD_REQUEST - Empty URI_QUERY");
+                    msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST;
+                }
+            } else {
+                tr_error("M2MObject::handle_put_request() - COAP_MSG_CODE_RESPONSE_BAD_REQUEST -Payload exists");
+                msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST;
+            }
+        } else {
+            // Operation is not allowed.
+            tr_error("M2MObject::handle_put_request() - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+        }
+    } else {
+        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+    }
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+
+sn_coap_hdr_s* M2MObject::handle_post_request(nsdl_s *nsdl,
+                                              sn_coap_hdr_s *received_coap_header,
+                                              M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MObject::handle_post_request()");    
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CHANGED; // 2.04
+    // process the POST if we have registered a callback for it    
+    sn_coap_hdr_s *coap_response = sn_nsdl_build_response(nsdl,
+                                                          received_coap_header,
+                                                          msg_code);
+
+    if(received_coap_header) {
+        if ((operation() & SN_GRS_POST_ALLOWED) != 0) {
+            if(received_coap_header->payload_ptr) {
+                tr_debug("M2MObject::handle_post_request() - Update Object with new values");
+                uint16_t coap_content_type = 0;
+                bool content_type_present = false;
+                if(received_coap_header->content_type_ptr) {
+                    content_type_present = true;
+                    if(coap_response) {
+                        coap_response->content_type_ptr = (uint8_t*)malloc(received_coap_header->content_type_len);
+                        if(coap_response->content_type_ptr) {
+                            memset(coap_response->content_type_ptr, 0, received_coap_header->content_type_len);
+                            memcpy(coap_response->content_type_ptr,
+                                   received_coap_header->content_type_ptr,
+                                   received_coap_header->content_type_len);
+                            coap_response->content_type_len = received_coap_header->content_type_len;
+                            for(uint8_t i = 0; i < coap_response->content_type_len; i++) {
+                                coap_content_type = (coap_content_type << 8) + (coap_response->content_type_ptr[i] & 0xFF);
+                            }
+                        }
+                    }
+                } // if(received_coap_header->content_type_ptr)
+                if(!content_type_present &&
+                   M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                    coap_content_type = COAP_CONTENT_OMA_TLV_TYPE;
+                }
+
+                tr_debug("M2MObject::handle_post_request() - Request Content-Type %d", coap_content_type);
+
+                if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type) {
+                    uint16_t instance_id = 0;
+                    // Check next free instance id
+                    for(instance_id = 0; instance_id <= _max_instance_count; instance_id++) {
+                        if(NULL == object_instance(instance_id)) {
+                            break;
+                        }
+                        if(instance_id == _max_instance_count) {
+                            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                            break;
+                        }
+                    }
+                    if(COAP_MSG_CODE_RESPONSE_CHANGED == msg_code) {
+                        M2MTLVDeserializer *deserializer = new M2MTLVDeserializer();
+                        bool is_obj_instance = false;
+                        bool obj_instance_exists = false;
+                        if (deserializer) {
+                            is_obj_instance = deserializer->is_object_instance(received_coap_header->payload_ptr);
+                            if (is_obj_instance) {
+                                instance_id = deserializer->instance_id(received_coap_header->payload_ptr);
+                                tr_debug("M2MObject::handle_post_request() - instance id in TLV: %d", instance_id);
+                                // Check if instance id already exists
+                                if (object_instance(instance_id)){
+                                    obj_instance_exists = true;
+                                }
+                            }
+                        }
+                        if (!obj_instance_exists) {
+                            M2MObjectInstance *obj_instance = create_object_instance(instance_id);
+                            if(obj_instance) {
+                                obj_instance->set_operation(M2MBase::GET_PUT_ALLOWED);
+                            }
+
+                            if(deserializer) {
+                                String obj_name = "";
+                                char *obj_inst_id = NULL;
+                                M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+                                if(is_obj_instance) {
+                                    tr_debug("M2MObject::handle_post_request() - TLV data contains ObjectInstance");
+                                    error = deserializer->deserialise_object_instances(received_coap_header->payload_ptr,
+                                                                               received_coap_header->payload_len,
+                                                                               *this,
+                                                                               M2MTLVDeserializer::Post);
+                                } else if(deserializer->is_resource(received_coap_header->payload_ptr) ||
+                                          deserializer->is_multiple_resource(received_coap_header->payload_ptr)) {
+                                    tr_debug("M2MObject::handle_post_request() - TLV data contains Resources");
+                                    error = deserializer->deserialize_resources(received_coap_header->payload_ptr,
+                                                                                received_coap_header->payload_len,
+                                                                                *obj_instance,
+                                                                                M2MTLVDeserializer::Post);
+                                } else {
+                                    error = M2MTLVDeserializer::NotValid;
+                                }
+                                switch(error) {
+                                    case M2MTLVDeserializer::None:
+                                        if(observation_handler) {
+                                            observation_handler->value_updated(this);
+                                        }
+                                        coap_response->options_list_ptr = (sn_coap_options_list_s*)malloc(sizeof(sn_coap_options_list_s));
+                                        if (coap_response->options_list_ptr) {
+                                            memset(coap_response->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+                                            obj_name = M2MBase::name();
+                                            obj_name += String("/");
+                                            obj_inst_id = (char*)malloc(10);
+                                            snprintf(obj_inst_id, 10,"%d",instance_id);
+                                            obj_name += obj_inst_id;
+
+                                            coap_response->options_list_ptr->location_path_len = obj_name.length();
+                                            if (coap_response->options_list_ptr->location_path_len != 0) {
+                                                coap_response->options_list_ptr->location_path_ptr =
+                                                        (uint8_t*)malloc(coap_response->options_list_ptr->location_path_len);
+                                                if (coap_response->options_list_ptr->location_path_ptr) {
+                                                    memcpy(coap_response->options_list_ptr->location_path_ptr,
+                                                           obj_name.c_str(),
+                                                           coap_response->options_list_ptr->location_path_len);
+                                                }
+                                            }
+                                            free(obj_inst_id);
+                                        }
+                                        msg_code = COAP_MSG_CODE_RESPONSE_CREATED;                                        
+                                        break;
+                                    case M2MTLVDeserializer::NotAllowed:
+                                        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                                        break;
+                                    case M2MTLVDeserializer::NotValid:
+                                        msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST;
+                                        break;
+                                    case M2MTLVDeserializer::NotFound:
+                                        msg_code = COAP_MSG_CODE_RESPONSE_NOT_FOUND;
+                                        break;
+                                }                                
+                            }
+                        } else {
+                            tr_debug("M2MObject::handle_post_request() - COAP_MSG_CODE_RESPONSE_BAD_REQUEST");
+                            msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST;
+                        }
+                        delete deserializer;
+                    }
+                } else {
+                    msg_code =COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT;
+                } // if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type)
+            } else {
+                tr_error("M2MObject::handle_post_request - COAP_MSG_CODE_RESPONSE_BAD_REQUEST - Missing Payload");
+                msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST; //
+            }
+        } else { // if ((object->operation() & SN_GRS_POST_ALLOWED) != 0)
+            tr_error("M2MObject::handle_post_request - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED; // 4.05
+        }
+    } else { //if(received_coap_header)
+        tr_error("M2MObject::handle_post_request - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED; // 4.05
+    }
+
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+void M2MObject::notification_update()
+{
+    tr_debug("M2MObject::notification_update");
+    M2MReportHandler *report_handler = M2MBase::report_handler();
+    if(report_handler && is_observable()) {
+        report_handler->set_notification_trigger();
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mobjectinstance.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,743 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mresource.h"
+#include "mbed-client/m2mresource.h"
+#include "mbed-client/m2mobservationhandler.h"
+#include "include/m2mtlvserializer.h"
+#include "include/m2mtlvdeserializer.h"
+#include "include/nsdllinker.h"
+#include "include/m2mreporthandler.h"
+#include "ns_trace.h"
+
+M2MObjectInstance& M2MObjectInstance::operator=(const M2MObjectInstance& other)
+{
+    if (this != &other) { // protect against invalid self-assignment
+        if(!other._resource_list.empty()){
+            M2MResource* ins = NULL;
+            M2MResourceList::const_iterator it;
+            it = other._resource_list.begin();
+            for (; it!=other._resource_list.end(); it++ ) {
+                ins = *it;
+                _resource_list.push_back(new M2MResource(*ins));
+            }
+        }
+    }
+    return *this;
+}
+
+M2MObjectInstance::M2MObjectInstance(const M2MObjectInstance& other)
+: M2MBase(other),
+  _object_callback(other._object_callback)
+{
+    this->operator=(other);
+}
+
+M2MObjectInstance::M2MObjectInstance(const String &object_name,
+                                     M2MObjectCallback &object_callback)
+: M2MBase(object_name,M2MBase::Dynamic),
+  _object_callback(object_callback)
+{
+    M2MBase::set_base_type(M2MBase::ObjectInstance);
+
+}
+
+M2MObjectInstance::~M2MObjectInstance()
+{
+    if(!_resource_list.empty()) {
+        M2MResource* res = NULL;
+        M2MResourceList::const_iterator it;
+        it = _resource_list.begin();
+        for (; it!=_resource_list.end(); it++ ) {
+            //Free allocated memory for resources.
+            res = *it;
+            delete res;
+            res = NULL;
+        }
+        _resource_list.clear();
+    }
+}
+
+M2MResource* M2MObjectInstance::create_static_resource(const String &resource_name,
+                                                       const String &resource_type,
+                                                       M2MResourceInstance::ResourceType type,
+                                                       const uint8_t *value,
+                                                       const uint8_t value_length,
+                                                       bool multiple_instance)
+{
+    tr_debug("M2MObjectInstance::create_static_resource(resource_name %s)",resource_name.c_str());
+    M2MResource *res = NULL;
+    if( resource_name.empty() || resource_name.size() > MAX_ALLOWED_STRING_LENGTH){
+        return res;
+    }
+    res = new M2MResource(*this,resource_name, resource_type, type,
+                               value, value_length, multiple_instance);
+    if(res) {
+        _resource_list.push_back(res);
+        if(M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+            res->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+        }
+    }
+    return res;
+}
+
+M2MResource* M2MObjectInstance::create_dynamic_resource(const String &resource_name,
+                                                const String &resource_type,
+                                                M2MResourceInstance::ResourceType type,
+                                                bool observable,
+                                                bool multiple_instance)
+{
+    tr_debug("M2MObjectInstance::create_dynamic_resource(resource_name %s)",resource_name.c_str());
+    M2MResource *res = NULL;
+    if( resource_name.empty() || resource_name.size() > MAX_ALLOWED_STRING_LENGTH){
+        return res;
+    }
+    res = new M2MResource(*this,resource_name, resource_type, type,
+                          observable, multiple_instance);
+    if(res) {
+        _resource_list.push_back(res);
+        if(M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+            res->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+        }
+    }
+    return res;
+}
+
+M2MResourceInstance* M2MObjectInstance::create_static_resource_instance(const String &resource_name,
+                                                                        const String &resource_type,
+                                                                        M2MResourceInstance::ResourceType type,
+                                                                        const uint8_t *value,
+                                                                        const uint8_t value_length,
+                                                                        uint16_t instance_id)
+{
+    tr_debug("M2MObjectInstance::create_static_resource_instance(resource_name %s)",resource_name.c_str());
+    M2MResourceInstance *instance = NULL;
+    if(resource_name.empty() || resource_name.size() > MAX_ALLOWED_STRING_LENGTH){
+        return instance;
+    }
+    M2MResource *res = resource(resource_name);
+    if(!res) {
+        res = new M2MResource(*this,resource_name, resource_type, type,
+                              value, value_length, true);
+        _resource_list.push_back(res);
+        res->set_operation(M2MBase::GET_ALLOWED);
+        res->set_observable(false);
+        if(M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+            res->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+        }
+    }
+    if(res->supports_multiple_instances()&& (res->resource_instance(instance_id) == NULL)) {
+        instance = new M2MResourceInstance(resource_name, resource_type, type,
+                                           value, value_length,*this);
+        if(instance) {
+            instance->set_operation(M2MBase::GET_ALLOWED);
+            instance->set_observable(false);
+            instance->set_instance_id(instance_id);
+            if(M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                instance->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+            }
+            res->add_resource_instance(instance);
+        }
+    }
+    return instance;
+}
+
+M2MResourceInstance* M2MObjectInstance::create_dynamic_resource_instance(const String &resource_name,
+                                                                         const String &resource_type,
+                                                                         M2MResourceInstance::ResourceType type,
+                                                                         bool observable,
+                                                                         uint16_t instance_id)
+{
+    tr_debug("M2MObjectInstance::create_dynamic_resource_instance(resource_name %s)",resource_name.c_str());
+    M2MResourceInstance *instance = NULL;
+    if(resource_name.empty() || resource_name.size() > MAX_ALLOWED_STRING_LENGTH){
+        return instance;
+    }
+    M2MResource *res = resource(resource_name);
+    if(!res) {
+        res = new M2MResource(*this,resource_name, resource_type, type,
+                          observable, true);
+        _resource_list.push_back(res);
+        res->set_operation(M2MBase::GET_PUT_ALLOWED);
+        res->set_observable(false);
+        if(M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+            res->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+        }
+    }
+    if(res->supports_multiple_instances() && (res->resource_instance(instance_id) == NULL)) {
+        instance = new M2MResourceInstance(resource_name, resource_type, type,*this);
+        if(instance) {
+            instance->set_operation(M2MBase::GET_PUT_ALLOWED);
+            instance->set_observable(observable);
+            instance->set_instance_id(instance_id);
+            if(M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                instance->set_coap_content_type(COAP_CONTENT_OMA_TLV_TYPE);
+            }
+            res->add_resource_instance(instance);
+        }
+    }
+    return instance;
+}
+
+bool M2MObjectInstance::remove_resource(const String &resource_name)
+{
+    tr_debug("M2MObjectInstance::remove_resource(resource_name %s)",
+             resource_name.c_str());
+    bool success = false;
+    if(!_resource_list.empty()) {
+         M2MResource* res = NULL;
+         M2MResourceList::const_iterator it;
+         it = _resource_list.begin();
+         int pos = 0;
+         for ( ; it != _resource_list.end(); it++, pos++ ) {
+             if(((*it)->name() == resource_name)) {
+                // Resource found and deleted.
+                res = *it;
+
+                char *obj_inst_id = (char*)malloc(20);
+                if(obj_inst_id) {
+                    snprintf(obj_inst_id, 20,"%d",instance_id());
+
+                    String obj_name = name();
+                    obj_name += String("/");
+                    obj_name += String(obj_inst_id);
+                    obj_name += String("/");
+                    obj_name += (*it)->name();
+
+                    free(obj_inst_id);
+
+
+                    remove_resource_from_coap(obj_name);
+                    delete res;
+                    res = NULL;
+                    _resource_list.erase(pos);
+                    success = true;
+                }
+                 break;
+             }
+         }
+     }
+    return success;
+}
+
+bool M2MObjectInstance::remove_resource_instance(const String &resource_name,
+                                                 uint16_t inst_id)
+{
+    tr_debug("M2MObjectInstance::remove_resource_instance(resource_name %s inst_id %d)",
+             resource_name.c_str(), inst_id);
+    bool success = false;
+    M2MResource *res = resource(resource_name);
+    if(res) {
+        M2MResourceInstanceList list = res->resource_instances();
+        M2MResourceInstanceList::const_iterator it;
+        it = list.begin();
+        for ( ; it != list.end(); it++) {
+            if((*it)->instance_id() == inst_id) {
+                char *obj_inst_id = (char*)malloc(20);
+                if(obj_inst_id) {
+                    snprintf(obj_inst_id, 20,"%d",instance_id());
+
+                    String obj_name = name();
+                    obj_name += String("/");
+                    obj_name += String(obj_inst_id);
+                    obj_name += String("/");
+                    obj_name += resource_name;
+
+                    free(obj_inst_id);
+
+                    char *res_inst_id = (char*)malloc(20);
+                    if(res_inst_id) {
+                        snprintf(res_inst_id, 20,"%d",inst_id);
+                        obj_name += String("/");
+                        obj_name += String(res_inst_id);
+
+                        free(res_inst_id);
+
+                        remove_resource_from_coap(obj_name);
+                        success = res->remove_resource_instance(inst_id);
+                        if(res->resource_instance_count() == 0) {
+                            M2MResourceList::const_iterator itr;
+                            itr = _resource_list.begin();
+                            int pos = 0;
+                            for ( ; itr != _resource_list.end(); itr++, pos++ ) {
+                                if(((*itr)->name() == resource_name)) {
+                                    delete res;
+                                    res = NULL;
+                                    _resource_list.erase(pos);
+                                    break;
+                                }
+                            }
+                        }
+                    }
+                }
+                break;
+            }
+        }
+    }
+    return success;
+}
+
+M2MResource* M2MObjectInstance::resource(const String &resource) const
+{
+    M2MResource *res = NULL;
+    if(!_resource_list.empty()) {
+        M2MResourceList::const_iterator it;
+        it = _resource_list.begin();
+        for (; it!=_resource_list.end(); it++ ) {
+            if((*it)->name() == resource) {
+                res = *it;
+                break;
+            }
+        }
+    }
+    return res;
+}
+
+const M2MResourceList& M2MObjectInstance::resources() const
+{
+    return _resource_list;
+}
+
+uint16_t M2MObjectInstance::resource_count() const
+{
+    uint16_t count = 0;
+    if(!_resource_list.empty()) {
+        M2MResourceList::const_iterator it;
+        it = _resource_list.begin();
+        for ( ; it != _resource_list.end(); it++ ) {
+            if((*it)->supports_multiple_instances()) {
+                count += (*it)->resource_instance_count();
+            } else {
+                count++;
+            }
+        }
+    }
+    return count;
+}
+
+uint16_t M2MObjectInstance::resource_count(const String& resource) const
+{
+    uint16_t count = 0;
+    if(!_resource_list.empty()) {
+        M2MResourceList::const_iterator it;
+        it = _resource_list.begin();
+        for ( ; it != _resource_list.end(); it++ ) {
+            if((*it)->name() == resource) {
+                if((*it)->supports_multiple_instances()) {
+                    count += (*it)->resource_instance_count();
+                } else {
+                    count++;
+                }
+            }
+        }
+    }
+    return count;
+}
+
+M2MBase::BaseType M2MObjectInstance::base_type() const
+{
+    return M2MBase::base_type();
+}
+
+void M2MObjectInstance::add_observation_level(M2MBase::Observation observation_level)
+{
+    M2MBase::add_observation_level(observation_level);
+    if(!_resource_list.empty()) {
+        M2MResourceList::const_iterator it;
+        it = _resource_list.begin();
+        for ( ; it != _resource_list.end(); it++ ) {            
+            (*it)->add_observation_level(observation_level);
+        }
+    }
+}
+
+void M2MObjectInstance::remove_observation_level(M2MBase::Observation observation_level)
+{
+    M2MBase::remove_observation_level(observation_level);
+    if(!_resource_list.empty()) {
+        M2MResourceList::const_iterator it;
+        it = _resource_list.begin();
+        for ( ; it != _resource_list.end(); it++ ) {            
+            (*it)->remove_observation_level(observation_level);
+        }
+    }
+}
+
+sn_coap_hdr_s* M2MObjectInstance::handle_get_request(nsdl_s *nsdl,
+                                                     sn_coap_hdr_s *received_coap_header,
+                                                     M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MObjectInstance::handle_get_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+    sn_coap_hdr_s * coap_response = sn_nsdl_build_response(nsdl,
+                                                           received_coap_header,
+                                                           msg_code);
+    uint8_t * data = NULL;
+    uint32_t  data_length = 0;
+    //TODO: GET for Object is not yet implemented.
+    // Need to first fix C library and then implement on C++ side.
+    if(received_coap_header) {
+        // process the GET if we have registered a callback for it
+        if ((operation() & SN_GRS_GET_ALLOWED) != 0) {
+            if(coap_response) {
+                uint16_t coap_content_type = 0;
+                bool content_type_present = false;
+                if(received_coap_header->content_type_ptr) {
+                    content_type_present = true;
+                    coap_response->content_type_ptr = (uint8_t*)malloc(received_coap_header->content_type_len);
+                    if(coap_response->content_type_ptr) {
+                        memset(coap_response->content_type_ptr, 0, received_coap_header->content_type_len);
+                        memcpy(coap_response->content_type_ptr,
+                               received_coap_header->content_type_ptr,
+                               received_coap_header->content_type_len);
+                        coap_response->content_type_len = received_coap_header->content_type_len;
+                        for(uint8_t i = 0; i < coap_response->content_type_len; i++) {
+                            coap_content_type = (coap_content_type << 8) + (coap_response->content_type_ptr[i] & 0xFF);
+                        }
+                     }
+                }
+                if(!content_type_present &&
+                   M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                    coap_content_type = COAP_CONTENT_OMA_TLV_TYPE;
+                }
+
+                tr_debug("M2MObjectInstance::handle_get_request() - Request Content-Type %d", coap_content_type);
+
+                // fill in the CoAP response payload
+                if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type) {
+                    M2MTLVSerializer *serializer = new M2MTLVSerializer();
+                    if(serializer) {
+                        data = serializer->serialize(_resource_list, data_length);
+                        delete serializer;
+                    }
+                } else {
+                    msg_code = COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT; // Content format not supported
+                }
+
+                coap_response->payload_len = data_length;
+                coap_response->payload_ptr = data;
+
+                if(data) {
+                    coap_response->options_list_ptr = (sn_coap_options_list_s*)malloc(sizeof(sn_coap_options_list_s));
+                    memset(coap_response->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+                    coap_response->options_list_ptr->max_age_ptr = (uint8_t*)malloc(1);
+                    memset(coap_response->options_list_ptr->max_age_ptr,0,1);
+                    coap_response->options_list_ptr->max_age_len = 1;
+
+
+                    if(received_coap_header->token_ptr) {
+                        tr_debug("M2MObjectInstance::handle_get_request - Sets Observation Token to resource");
+                        set_observation_token(received_coap_header->token_ptr,
+                                              received_coap_header->token_len);
+                    }
+                    if(received_coap_header->options_list_ptr) {
+                        if(received_coap_header->options_list_ptr->observe) {
+                            if (is_observable()) {
+                                uint32_t number = 0;
+                                uint8_t observe_option = 0;
+                                if(received_coap_header->options_list_ptr->observe_ptr) {
+                                    observe_option = *received_coap_header->options_list_ptr->observe_ptr;
+                                }
+                                if(START_OBSERVATION == observe_option) {
+                                    tr_debug("M2MObjectInstance::handle_get_request - Starts Observation");
+                                    // If the observe length is 0 means register for observation.
+                                    if(received_coap_header->options_list_ptr->observe_len != 0) {
+                                        for(int i=0;i < received_coap_header->options_list_ptr->observe_len; i++) {
+                                            number = (*(received_coap_header->options_list_ptr->observe_ptr + i) & 0xff) <<
+                                                     8*(received_coap_header->options_list_ptr->observe_len- 1 - i);
+                                        }
+                                    }
+                                    // If the observe value is 0 means register for observation.
+                                    if(number == 0) {
+                                        tr_debug("M2MObjectInstance::handle_get_request - Put Resource under Observation");
+                                        set_under_observation(true,observation_handler);
+                                        add_observation_level(M2MBase::OI_Attribute);
+
+                                        uint8_t *obs_number = (uint8_t*)malloc(3);
+                                        memset(obs_number,0,3);
+                                        uint8_t observation_number_length = 1;
+
+                                        uint16_t number = observation_number();
+
+                                        tr_debug("M2MObjectInstance::handle_get_request - Observation Number %d", number);
+                                        obs_number[0] = ((number>>8) & 0xFF);
+                                        obs_number[1] = (number & 0xFF);
+
+                                        if(number > 0xFF) {
+                                            observation_number_length = 2;
+                                        }
+                                        coap_response->options_list_ptr->observe_ptr = obs_number;
+                                        coap_response->options_list_ptr->observe_len = observation_number_length;
+                                    }
+                                } else if (STOP_OBSERVATION == observe_option) {
+                                    tr_debug("M2MObjectInstance::handle_get_request - Stops Observation");
+                                    set_under_observation(false,NULL);
+                                    remove_observation_level(M2MBase::OI_Attribute);
+
+                                }
+                                msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+                            }
+                            else {
+                                msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                            }
+                        }
+                    }
+                } else {
+                    msg_code = COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT; // Content format not supported
+                }
+            }
+        }else {
+            tr_error("M2MObjectInstance::handle_get_request - Return COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            // Operation is not allowed.
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+        }        
+    } else {
+        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+    }
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+sn_coap_hdr_s* M2MObjectInstance::handle_put_request(nsdl_s *nsdl,
+                                                     sn_coap_hdr_s *received_coap_header,
+                                                     M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MObjectInstance::handle_put_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CHANGED; // 2.04
+    sn_coap_hdr_s * coap_response = sn_nsdl_build_response(nsdl,
+                                                           received_coap_header,
+                                                           msg_code);;
+    if(received_coap_header) {
+        if ((operation() & SN_GRS_PUT_ALLOWED) != 0) {            
+            uint16_t coap_content_type = 0;
+            bool content_type_present = false;
+            if(received_coap_header->content_type_ptr) {
+                content_type_present = true;
+                if(coap_response) {
+                    coap_response->content_type_ptr = (uint8_t*)malloc(received_coap_header->content_type_len);
+                    if(coap_response->content_type_ptr) {
+                        memset(coap_response->content_type_ptr, 0, received_coap_header->content_type_len);
+                        memcpy(coap_response->content_type_ptr,
+                               received_coap_header->content_type_ptr,
+                               received_coap_header->content_type_len);
+                        coap_response->content_type_len = received_coap_header->content_type_len;
+                        for(uint8_t i = 0; i < coap_response->content_type_len; i++) {
+                            coap_content_type = (coap_content_type << 8) + (coap_response->content_type_ptr[i] & 0xFF);
+                        }
+                    }
+                }
+            }
+            if(!content_type_present &&
+               M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                coap_content_type = COAP_CONTENT_OMA_TLV_TYPE;
+            }
+
+            tr_debug("M2MObjectInstance::handle_put_request() - Request Content-Type %d", coap_content_type);
+
+            if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type) {
+                M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+                M2MTLVDeserializer *deserializer = new M2MTLVDeserializer();
+                if(deserializer && received_coap_header->payload_ptr) {
+                    error = deserializer->deserialize_resources(received_coap_header->payload_ptr,
+                                                                received_coap_header->payload_len,
+                                                                *this,
+                                                                M2MTLVDeserializer::Put);
+                    switch(error) {
+                        case M2MTLVDeserializer::None:
+                            if(observation_handler) {
+                                observation_handler->value_updated(this);
+                            }
+                            msg_code = COAP_MSG_CODE_RESPONSE_CHANGED;
+                            break;
+                        case M2MTLVDeserializer::NotFound:
+                            msg_code = COAP_MSG_CODE_RESPONSE_NOT_FOUND;
+                            break;
+                        case M2MTLVDeserializer::NotAllowed:
+                            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                            break;
+                        case M2MTLVDeserializer::NotValid:
+                            msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST;
+                            break;
+                    }
+                    delete deserializer;
+                }
+            } else {
+                msg_code =COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT;
+            } // if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type)
+            if(!received_coap_header->payload_ptr &&
+               received_coap_header->options_list_ptr &&
+               received_coap_header->options_list_ptr->uri_query_ptr) {
+                char *query = (char*)malloc(received_coap_header->options_list_ptr->uri_query_len+1);
+                if (query){
+                    memset(query, 0, received_coap_header->options_list_ptr->uri_query_len+1);
+                    memcpy(query,
+                        received_coap_header->options_list_ptr->uri_query_ptr,
+                        received_coap_header->options_list_ptr->uri_query_len);
+                    memset(query + received_coap_header->options_list_ptr->uri_query_len,'\0',1);//String terminator
+                   tr_debug("M2MObjectInstance::handle_put_request() - Query %s", query);
+                    // if anything was updated, re-initialize the stored notification attributes
+                    if (!handle_observation_attribute(query)){
+                        tr_debug("M2MObjectInstance::handle_put_request() - Invalid query");
+                        msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST; // 4.00
+                    } else {
+                        msg_code =COAP_MSG_CODE_RESPONSE_CHANGED;
+                    }
+                    free(query);
+                }
+            }
+        } else {
+            // Operation is not allowed.
+            tr_error("M2MObjectInstance::handle_put_request() - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+        }
+    } else {
+       msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+    }
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+sn_coap_hdr_s* M2MObjectInstance::handle_post_request(nsdl_s *nsdl,
+                                                      sn_coap_hdr_s *received_coap_header,
+                                                      M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MObjectInstance::handle_post_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CHANGED; // 2.04
+    sn_coap_hdr_s * coap_response = sn_nsdl_build_response(nsdl,
+                                                           received_coap_header,
+                                                           msg_code);
+    if(received_coap_header) {
+        if ((operation() & SN_GRS_POST_ALLOWED) != 0) {
+            uint16_t coap_content_type = 0;
+            bool content_type_present = false;
+            if(received_coap_header->content_type_ptr) {
+                content_type_present = true;
+                if(coap_response) {
+                    coap_response->content_type_ptr = (uint8_t*)malloc(received_coap_header->content_type_len);
+                    if(coap_response->content_type_ptr) {
+                        memset(coap_response->content_type_ptr, 0, received_coap_header->content_type_len);
+                        memcpy(coap_response->content_type_ptr,
+                               received_coap_header->content_type_ptr,
+                               received_coap_header->content_type_len);
+                        coap_response->content_type_len = received_coap_header->content_type_len;
+                        for(uint8_t i = 0; i < coap_response->content_type_len; i++) {
+                            coap_content_type = (coap_content_type << 8) + (coap_response->content_type_ptr[i] & 0xFF);
+                        }
+                    }
+                }
+            }
+            if(!content_type_present &&
+               M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                coap_content_type = COAP_CONTENT_OMA_TLV_TYPE;
+            }
+
+            tr_debug("M2MObjectInstance::handle_post_request() - Request Content-Type %d", coap_content_type);
+
+            if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type) {
+                M2MTLVDeserializer *deserializer = new M2MTLVDeserializer();
+                if(deserializer) {
+                    String obj_name = "";
+                    char *obj_inst_id = NULL;
+                    char *resource_id = NULL;
+                    M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+                    error = deserializer->deserialize_resources(received_coap_header->payload_ptr,
+                                                                received_coap_header->payload_len,
+                                                                *this,
+                                                                M2MTLVDeserializer::Post);
+
+                    uint16_t instance_id = deserializer->instance_id(received_coap_header->payload_ptr);
+                    switch(error) {
+                        case M2MTLVDeserializer::None:
+                            if(observation_handler) {
+                                observation_handler->value_updated(this);
+                            }                            
+                            coap_response->options_list_ptr = (sn_coap_options_list_s*)malloc(sizeof(sn_coap_options_list_s));
+                            if (coap_response->options_list_ptr) {
+                                memset(coap_response->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+                                resource_id = (char*)malloc(10);
+                                obj_inst_id = (char*)malloc(10);
+                                snprintf(resource_id, 10, "%d",instance_id);
+                                snprintf(obj_inst_id, 10, "%d",M2MBase::instance_id());
+
+                                obj_name += M2MBase::name();
+                                obj_name += "/";
+                                obj_name += obj_inst_id;
+                                obj_name += "/";
+                                obj_name += resource_id;
+
+                                coap_response->options_list_ptr->location_path_len = obj_name.length();
+                                if (coap_response->options_list_ptr->location_path_len != 0) {
+                                    coap_response->options_list_ptr->location_path_ptr =
+                                            (uint8_t*)malloc(coap_response->options_list_ptr->location_path_len);
+                                    if (coap_response->options_list_ptr->location_path_ptr) {
+                                        memcpy(coap_response->options_list_ptr->location_path_ptr,
+                                               obj_name.c_str(),
+                                               coap_response->options_list_ptr->location_path_len);
+                                    }
+                                }
+
+                                free(obj_inst_id);
+                                free(resource_id);
+                            }
+                            msg_code = COAP_MSG_CODE_RESPONSE_CREATED;
+                            break;
+                        case M2MTLVDeserializer::NotAllowed:
+                            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                            break;
+                        case M2MTLVDeserializer::NotValid:
+                            msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST;
+                            break;
+                        default:
+                            break;
+                    }
+                    delete deserializer;
+                }
+            } else {
+                msg_code =COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT;
+            } // if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type)
+        } else {
+            // Operation is not allowed.
+            tr_error("M2MObjectInstance::handle_post_request() - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+        }
+    } else {
+        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+    }
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+void M2MObjectInstance::notification_update(M2MBase::Observation observation_level)
+{
+    if(M2MBase::O_Attribute == observation_level) {
+        _object_callback.notification_update();
+    } else {
+        M2MReportHandler *report_handler = M2MBase::report_handler();
+        if(report_handler && is_observable()) {
+            report_handler->set_notification_trigger();
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mreporthandler.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,476 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mreportobserver.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mtimer.h"
+#include "include/m2mreporthandler.h"
+#include "ns_trace.h"
+#include <stdio.h>
+#include <string.h>
+
+M2MReportHandler::M2MReportHandler(M2MReportObserver &observer)
+: _observer(observer),
+  _pmax(-1.0f),
+  _pmin(1.0f),
+  _gt(0.0f),
+  _lt(0.0f),
+  _st(0.0f),
+  _pmin_exceeded(false),
+  _pmax_exceeded(false),
+  _pmin_timer(NULL),
+  _pmax_timer(NULL),  
+  _high_step(0.0f),
+  _low_step(0.0f),
+  _current_value(0.0f),
+  _last_value(0.0f),
+  _attribute_state(0),
+  _notify(false)
+{
+    tr_debug("M2MReportHandler::M2MReportHandler()");
+}
+
+M2MReportHandler::~M2MReportHandler()
+{
+    tr_debug("M2MReportHandler::~M2MReportHandler()");
+    if(_pmax_timer) {
+        delete _pmax_timer;
+    }
+    if(_pmin_timer) {
+        delete _pmin_timer;
+    }
+}
+
+void M2MReportHandler::set_under_observation(bool observed)
+{
+    tr_debug("M2MReportHandler::set_under_observation(observed %d)", (int)observed);
+    stop_timers();
+    if(observed) {
+        handle_timers();
+    }
+    else {
+        set_default_values();
+    }
+}
+
+void M2MReportHandler::set_value(float value)
+{
+    tr_debug("M2MReportHandler::set_value()");
+    _current_value = value;    
+    if(_current_value != _last_value) {
+        tr_debug("M2MReportHandler::set_value() - UNDER OBSERVATION");
+        if (check_threshold_values()) {
+            schedule_report();
+        }
+        else {
+            tr_debug("M2MReportHandler::set_value - value not in range");
+            _notify = false;
+            _last_value = _current_value;
+            if ((_attribute_state & M2MReportHandler::Lt) == M2MReportHandler::Lt ||
+                    (_attribute_state & M2MReportHandler::Gt) == M2MReportHandler::Gt ||
+                    (_attribute_state & M2MReportHandler::St) == M2MReportHandler::St) {
+                tr_debug("M2MReportHandler::set_value - stop pmin timer");
+                if (_pmin_timer) {
+                    _pmin_timer->stop_timer();
+                    _pmin_exceeded = true;
+                }
+            }
+        }
+        _high_step = _current_value + _st;
+        _low_step = _current_value - _st;
+    }
+}
+
+void M2MReportHandler::set_notification_trigger()
+{
+    tr_debug("M2MReportHandler::set_notification_trigger()");
+    _current_value = 0.0f;
+    _last_value = 1.0f;    
+    schedule_report();
+}
+
+bool M2MReportHandler::parse_notification_attribute(char *&query,
+                                                    M2MBase::BaseType type,
+                                                    M2MResourceInstance::ResourceType resource_type)
+{
+    tr_debug("M2MReportHandler::parse_notification_attribute(Query %s, Base type %d)", query, (int)type);
+    bool success = false;
+    char* sep_pos = strchr(query, '&');
+    char* rest = query;
+    if( sep_pos != NULL ){
+        char query_options[5][20];
+        float pmin = _pmin;
+        float pmax = _pmax;
+        float lt = _lt;
+        float gt = _gt;
+        float st = _st;
+        float high = _high_step;
+        float low = _low_step;
+        uint8_t attr = _attribute_state;
+
+        memset(query_options, 0, sizeof(query_options[0][0]) * 5 * 20);
+        uint8_t num_options = 0;
+        while( sep_pos != NULL && num_options < 5){
+            size_t len = (size_t)(sep_pos-rest);
+            if( len > 19 ){
+                len = 19;
+            }
+            memcpy(query_options[num_options], rest, len);
+            sep_pos++;            
+            rest = sep_pos;
+            sep_pos = strchr(rest, '&');
+            num_options++;
+        }
+        if( num_options < 5 && strlen(rest) > 0){
+            size_t len = (size_t)strlen(rest);
+            if( len > 19 ){
+                len = 19;
+            }
+            memcpy(query_options[num_options++], rest, len);
+        }
+
+        for (int option = 0; option < num_options; option++) {
+            success = set_notification_attribute(query_options[option],type, resource_type);
+            if (!success) {
+                tr_debug("M2MReportHandler::parse_notification_attribute - break");
+                break;
+            }
+        }
+
+        if(success) {
+             success = check_attribute_validity();
+        }
+        else {
+            tr_debug("M2MReportHandler::parse_notification_attribute - not valid query");
+            _pmin = pmin;
+            _pmax = pmax;
+            _st = st;
+            _lt = lt;
+            _gt = gt;
+            _high_step = high;
+            _low_step = low;
+            _attribute_state = attr;
+        }
+    }
+    else {
+        if(set_notification_attribute(query, type, resource_type)) {
+            success = check_attribute_validity();
+        }
+    }
+
+    return success;
+}
+
+void M2MReportHandler::timer_expired(M2MTimerObserver::Type type)
+{    
+    switch(type) {
+        case M2MTimerObserver::PMinTimer: {
+            tr_debug("M2MReportHandler::timer_expired - PMIN");
+            if (_notify ||
+                    (_pmin > 0 &&
+                     (_attribute_state & M2MReportHandler::Pmax) != M2MReportHandler::Pmax)){
+                report();
+            }
+            else{                
+                _pmin_exceeded = true;
+            }
+        }
+        break;
+        case M2MTimerObserver::PMaxTimer: {
+            tr_debug("M2MReportHandler::timer_expired - PMAX");
+            _pmax_exceeded = true;
+            if (_pmin_exceeded ||
+                    (_attribute_state & M2MReportHandler::Pmin) != M2MReportHandler::Pmin ) {
+                report();
+            }
+        }
+        break;
+        default:
+            break;
+    }
+}
+
+bool M2MReportHandler::set_notification_attribute(char* option,
+                                                  M2MBase::BaseType type,
+                                                  M2MResourceInstance::ResourceType resource_type)
+{
+    tr_debug("M2MReportHandler::set_notification_attribute()");
+    bool success = false;
+    char attribute[20];
+    char value[20];
+    memset(&attribute, 0, 20);
+    memset(&value, 0, 20);
+
+    char* pos = strstr(option, EQUAL.c_str());
+    if( pos != NULL ){
+        memcpy(attribute, option, (size_t)(pos-option));
+        pos++;
+        memcpy(value, pos, 20);
+    }else{
+        memcpy(attribute, option, (size_t)strlen(option) + 1);
+    }
+
+    if (strcmp(attribute, PMIN.c_str()) == 0) {
+        sscanf(value, "%f", &_pmin);
+        success = true;
+        _attribute_state |= M2MReportHandler::Pmin;
+        tr_debug("M2MReportHandler::set_notification_attribute %s to %f", attribute, _pmin);
+    }
+    else if(strcmp(attribute, PMAX.c_str()) == 0) {
+        sscanf(value, "%f", &_pmax);
+        success = true;        
+        _attribute_state |= M2MReportHandler::Pmax;
+        tr_debug("M2MReportHandler::set_notification_attribute %s to %f", attribute, _pmax);
+    }
+    else if(strcmp(attribute, GT.c_str()) == 0 &&
+            (M2MBase::Resource == type)){
+        sscanf(value, "%f", &_gt);
+        success = true;        
+        _attribute_state |= M2MReportHandler::Gt;
+        tr_debug("M2MReportHandler::set_notification_attribute %s to %f", attribute, _gt);
+    }
+    else if(strcmp(attribute, LT.c_str()) == 0 &&
+            (M2MBase::Resource == type)){
+        sscanf(value, "%f", &_lt);
+        success = true;
+        _attribute_state |= M2MReportHandler::Lt;
+        tr_debug("M2MReportHandler::set_notification_attribute %s to %f", attribute, _lt);
+    }
+    else if(strcmp(attribute, ST.c_str()) == 0 &&
+            (M2MBase::Resource == type)){
+        sscanf(value, "%f", &_st);
+        success = true;
+        _high_step = _current_value + _st;
+        _low_step = _current_value - _st;
+        _attribute_state |= M2MReportHandler::St;        
+        tr_debug("M2MReportHandler::set_notification_attribute %s to %f", attribute, _st);
+    }
+    else if(strcmp(attribute, CANCEL.c_str()) == 0) {
+        success = true;
+        _attribute_state |= M2MReportHandler::Cancel;
+        tr_debug("M2MReportHandler::set_notification_attribute cancel");
+    }   
+
+    // Return false if try to set gt,lt or st when the resource type is something else than numerical
+    if ((resource_type != M2MResourceInstance::INTEGER &&
+            resource_type != M2MResourceInstance::FLOAT) &&
+            ((_attribute_state & M2MReportHandler::Gt) == M2MReportHandler::Gt ||
+            (_attribute_state & M2MReportHandler::Lt) == M2MReportHandler::Lt ||
+            (_attribute_state & M2MReportHandler::St) == M2MReportHandler::St)) {
+        tr_debug("M2MReportHandler::set_notification_attribute - not numerical resource");
+        success = false;
+    }
+
+    return success;
+}
+
+void M2MReportHandler::schedule_report()
+{
+    tr_debug("M2MReportHandler::schedule_report()");
+    _notify = true;
+    if ((_attribute_state & M2MReportHandler::Pmin) != M2MReportHandler::Pmin ||
+            _pmin_exceeded) {
+        report();
+    }
+}
+
+void M2MReportHandler::report()
+{
+    tr_debug("M2MReportHandler::report()");
+    if(_current_value != _last_value && _notify) {
+        tr_debug("M2MReportHandler::report()- send with PMIN");
+        _pmin_exceeded = false;
+        _pmax_exceeded = false;
+        _notify = false;
+        _observer.observation_to_be_sent();
+        if (_pmax_timer) {
+            _pmax_timer->stop_timer();
+        }
+    }
+    else {
+        if (_pmax_exceeded) {
+            tr_debug("M2MReportHandler::report()- send with PMAX");
+            _observer.observation_to_be_sent();
+        }
+        else {
+            tr_debug("M2MReportHandler::report()- no need to send");
+        }
+    }
+    handle_timers();
+    _last_value = _current_value;
+}
+
+void M2MReportHandler::handle_timers()
+{
+    tr_debug("M2MReportHandler::handle_timers()");
+    uint64_t time_interval = 0;
+    if ((_attribute_state & M2MReportHandler::Pmin) == M2MReportHandler::Pmin) {
+        if (_pmin == _pmax) {
+            _pmin_exceeded = true;
+        } else {
+            _pmin_exceeded = false;
+            time_interval = (uint64_t)(_pmin * 1000);
+            tr_debug("M2MReportHandler::handle_timers() - Start PMIN interval: %d", (int)time_interval);
+            if (!_pmin_timer) {
+                _pmin_timer = new M2MTimer(*this);
+            }
+            _pmin_timer->start_timer(time_interval,
+                                     M2MTimerObserver::PMinTimer,
+                                     true);
+        }
+    }
+    if ((_attribute_state & M2MReportHandler::Pmax) == M2MReportHandler::Pmax) {
+        if (_pmax > 0) {
+            if (!_pmax_timer) {
+                _pmax_timer = new M2MTimer(*this);
+            }
+            time_interval = (uint64_t)(_pmax * 1000);
+            tr_debug("M2MReportHandler::handle_timers() - Start PMAX interval: %d", (int)time_interval);
+            _pmax_timer->start_timer(time_interval,
+                                     M2MTimerObserver::PMaxTimer,
+                                     true);
+        }
+    }
+}
+
+bool M2MReportHandler::check_attribute_validity()
+{
+    bool success = true;
+    if ((_attribute_state & M2MReportHandler::Pmax) == M2MReportHandler::Pmax &&
+            ((_pmax >= -1.0f) && (_pmin > _pmax))) {
+        success = false;
+    }
+    float low = _lt + 2 * _st;
+    if ((_attribute_state & M2MReportHandler::Gt) == M2MReportHandler::Gt &&
+            (low >= _gt)) {
+        success = false;
+    }
+    return success;
+}
+
+void M2MReportHandler::stop_timers()
+{
+    tr_debug("M2MReportHandler::stop_timers()");
+    if (_pmin_timer) {
+        _pmin_exceeded = false;
+        _pmin_timer->stop_timer();
+
+        delete _pmin_timer;
+        _pmin_timer = NULL;
+    }
+    if (_pmax_timer) {
+        _pmax_exceeded = false;
+        _pmax_timer->stop_timer();
+        delete _pmax_timer;
+        _pmax_timer = NULL;
+    }
+    tr_debug("M2MReportHandler::stop_timers() - out");
+}
+
+void M2MReportHandler::set_default_values()
+{
+    tr_debug("M2MReportHandler::set_default_values");
+    _pmax = -1.0f;
+    _pmin = 1.0f;
+    _gt = 0.0f;
+    _lt = 0.0f;
+    _st = 0.0f;
+    _high_step = 0.0f;
+    _low_step = 0.0f;
+    _pmin_exceeded = false;
+    _pmax_exceeded = false;
+    _last_value = 0.0f;
+    _attribute_state = 0;
+}
+
+bool M2MReportHandler::check_threshold_values()
+{
+    tr_debug("M2MReportHandler::check_threshold_values");
+    tr_debug("Current value: %f", _current_value);
+    tr_debug("High step: %f", _high_step);
+    tr_debug("Low step: %f", _low_step);
+    tr_debug("Less than: %f", _lt);
+    tr_debug("Greater than: %f", _gt);
+    tr_debug("Step: %f", _st);
+    bool can_send = false;
+    // Check step condition
+    if ((_attribute_state & M2MReportHandler::St) == M2MReportHandler::St) {
+        if ((_current_value >= _high_step ||
+            _current_value <= _low_step)) {                  
+            can_send = true;
+        }
+        else {            
+            if ((_attribute_state & M2MReportHandler::Lt) == M2MReportHandler::Lt ||
+                    (_attribute_state & M2MReportHandler::Gt) == M2MReportHandler::Gt ) {
+                can_send = check_gt_lt_params();
+            }
+            else {
+                can_send = false;
+            }
+        }
+    }
+    else {        
+        can_send = check_gt_lt_params();
+    }
+    tr_debug("M2MReportHandler::check_threshold_values - value in range = %d", (int)can_send);
+    return can_send;
+}
+
+bool M2MReportHandler::check_gt_lt_params()
+{
+    tr_debug("M2MReportHandler::check_gt_lt_params");
+    bool can_send = false;
+    // GT & LT set.
+    if ((_attribute_state & (M2MReportHandler::Lt | M2MReportHandler::Gt))
+             == (M2MReportHandler::Lt | M2MReportHandler::Gt)) {
+        if (_current_value > _gt || _current_value < _lt) {            
+            can_send = true;
+        }
+        else {            
+            can_send = false;
+        }
+    }
+    // Only LT
+    else if ((_attribute_state & M2MReportHandler::Lt) == M2MReportHandler::Lt &&
+           (_attribute_state & M2MReportHandler::Gt) == 0 ) {
+        if (_current_value < _lt) {            
+            can_send = true;
+        }
+        else {            
+            can_send = false;
+        }
+    }
+    // Only GT
+    else if ((_attribute_state & M2MReportHandler::Gt) == M2MReportHandler::Gt &&
+           (_attribute_state & M2MReportHandler::Lt) == 0 ) {
+        if (_current_value > _gt) {            
+            can_send = true;
+        }
+        else {            
+            can_send = false;
+        }
+    }
+    // GT & LT not set.
+    else {        
+        can_send = true;
+    }
+    tr_debug("M2MReportHandler::check_gt_lt_params - value in range = %d", (int)can_send);
+    return can_send;
+}
+
+uint8_t M2MReportHandler::attribute_flags()
+{
+    return _attribute_state;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mresource.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,535 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mresource.h"
+#include "mbed-client/m2mobservationhandler.h"
+#include "include/m2mreporthandler.h"
+#include "include/m2mtlvserializer.h"
+#include "include/m2mtlvdeserializer.h"
+#include "include/nsdllinker.h"
+#include "ns_trace.h"
+
+M2MResource& M2MResource::operator=(const M2MResource& other)
+{
+    if (this != &other) { // protect against invalid self-assignment
+        _has_multiple_instances = other._has_multiple_instances;
+        if(!other._resource_instance_list.empty()){
+            M2MResourceInstance* ins = NULL;
+            M2MResourceInstanceList::const_iterator it;
+            it = other._resource_instance_list.begin();
+            for (; it!=other._resource_instance_list.end(); it++ ) {
+                ins = *it;
+                _resource_instance_list.push_back(new M2MResourceInstance(*ins));
+            }
+        }
+    }
+    return *this;
+}
+
+M2MResource::M2MResource(const M2MResource& other)
+: M2MResourceInstance(other)
+{
+    this->operator=(other);
+}
+
+M2MResource::M2MResource(M2MObjectInstanceCallback &object_instance_callback,
+                         const String &resource_name,
+                         const String &resource_type,
+                         M2MResourceInstance::ResourceType type,
+                         const uint8_t *value,
+                         const uint8_t value_length,
+                         bool multiple_instance)
+: M2MResourceInstance(resource_name, resource_type, type, value, value_length,
+                      object_instance_callback),
+  _has_multiple_instances(multiple_instance)
+{
+    M2MBase::set_base_type(M2MBase::Resource);
+    M2MBase::set_operation(M2MBase::GET_ALLOWED);
+    M2MBase::set_observable(false);
+}
+
+M2MResource::M2MResource(M2MObjectInstanceCallback &object_instance_callback,
+                         const String &resource_name,
+                         const String &resource_type,
+                         M2MResourceInstance::ResourceType type,
+                         bool observable,
+                         bool multiple_instance)
+: M2MResourceInstance(resource_name, resource_type, type,
+                      object_instance_callback),
+  _has_multiple_instances(multiple_instance)
+{
+    M2MBase::set_base_type(M2MBase::Resource);
+    M2MBase::set_operation(M2MBase::GET_PUT_ALLOWED);
+    M2MBase::set_observable(observable);
+}
+
+M2MResource::~M2MResource()
+{
+    if(!_resource_instance_list.empty()) {
+        M2MResourceInstance* res = NULL;
+        M2MResourceInstanceList::const_iterator it;
+        it = _resource_instance_list.begin();
+        for (; it!=_resource_instance_list.end(); it++ ) {
+            //Free allocated memory for resources.
+            res = *it;
+            delete res;
+            res = NULL;
+        }
+        _resource_instance_list.clear();
+    }
+}
+
+bool M2MResource::supports_multiple_instances() const
+{
+    return _has_multiple_instances;
+}
+
+bool M2MResource::remove_resource_instance(uint16_t inst_id)
+{
+    tr_debug("M2MResource::remove_resource(inst_id %d)", inst_id);
+    bool success = false;
+    if(!_resource_instance_list.empty()) {
+        M2MResourceInstance* res = NULL;
+        M2MResourceInstanceList::const_iterator it;
+        it = _resource_instance_list.begin();
+        int pos = 0;
+        for ( ; it != _resource_instance_list.end(); it++, pos++ ) {
+            if(((*it)->instance_id() == inst_id)) {
+                // Resource found and deleted.
+                res = *it;
+                delete res;
+                res = NULL;
+                _resource_instance_list.erase(pos);
+                success = true;
+                break;
+            }
+        }
+    }
+    return success;
+}
+
+M2MResourceInstance* M2MResource::resource_instance(uint16_t inst_id) const
+{
+    tr_debug("M2MResource::resource(resource_name inst_id %d)", inst_id);
+    M2MResourceInstance *res = NULL;
+    if(!_resource_instance_list.empty()) {
+        M2MResourceInstanceList::const_iterator it;
+        it = _resource_instance_list.begin();
+        for ( ; it != _resource_instance_list.end(); it++ ) {
+            if(((*it)->instance_id() == inst_id)) {
+                // Resource found.
+                res = *it;
+                break;
+            }
+        }
+    }
+    return res;
+}
+
+const M2MResourceInstanceList& M2MResource::resource_instances() const
+{
+    return _resource_instance_list;
+}
+
+uint16_t M2MResource::resource_instance_count() const
+{
+    return (uint16_t)_resource_instance_list.size();
+}
+
+bool M2MResource::handle_observation_attribute(char *&query)
+{
+    tr_debug("M2MResource::handle_observation_attribute");
+    bool success = false;
+    M2MReportHandler *handler = M2MBase::report_handler();
+    if (handler) {
+        success = handler->parse_notification_attribute(query,
+                M2MBase::base_type(), _resource_type);
+        if (success) {            
+            if ((handler->attribute_flags() & M2MReportHandler::Cancel) == 0) {
+                handler->set_under_observation(true);
+            } else {
+                handler->set_under_observation(false);
+            }
+        }
+        else {
+            handler->set_default_values();
+        }
+
+        if (success) {
+            if(!_resource_instance_list.empty()) {
+                M2MResourceInstanceList::const_iterator it;
+                it = _resource_instance_list.begin();
+                for ( ; it != _resource_instance_list.end(); it++ ) {
+                    M2MReportHandler *report_handler = (*it)->report_handler();
+                    if(report_handler && is_observable()) {
+                        report_handler->set_notification_trigger();
+                    }
+                }
+            }
+        }
+    }
+    return success;
+}
+
+void M2MResource::add_observation_level(M2MBase::Observation observation_level)
+{
+    M2MBase::add_observation_level(observation_level);
+    if(!_resource_instance_list.empty()) {
+        M2MResourceInstanceList::const_iterator inst;
+        inst = _resource_instance_list.begin();
+        for ( ; inst != _resource_instance_list.end(); inst++ ) {
+            (*inst)->add_observation_level(observation_level);
+        }
+    }
+}
+
+void M2MResource::remove_observation_level(M2MBase::Observation observation_level)
+{
+    M2MBase::remove_observation_level(observation_level);
+    if(!_resource_instance_list.empty()) {
+        M2MResourceInstanceList::const_iterator inst;
+        inst = _resource_instance_list.begin();
+        for ( ; inst != _resource_instance_list.end(); inst++ ) {
+            (*inst)->remove_observation_level(observation_level);
+        }
+    }
+}
+
+void M2MResource::add_resource_instance(M2MResourceInstance *res)
+{
+    tr_debug("M2MResource::add_resource_instance()");
+    if(res) {
+        _resource_instance_list.push_back(res);
+    }
+}
+
+sn_coap_hdr_s* M2MResource::handle_get_request(nsdl_s *nsdl,
+                                               sn_coap_hdr_s *received_coap_header,
+                                               M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MResource::handle_get_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+    sn_coap_hdr_s * coap_response = NULL;
+    if(_has_multiple_instances) {
+        coap_response = sn_nsdl_build_response(nsdl,
+                                               received_coap_header,
+                                               msg_code);
+        if(received_coap_header) {
+            // process the GET if we have registered a callback for it
+            if ((operation() & SN_GRS_GET_ALLOWED) != 0) {
+                if(coap_response) {
+                    uint16_t coap_content_type = 0;
+                    bool content_type_present = false;
+                    if(received_coap_header->content_type_ptr){
+                        content_type_present = true;
+                        coap_response->content_type_ptr = (uint8_t*)malloc(received_coap_header->content_type_len);
+                        if(coap_response->content_type_ptr) {
+                            memset(coap_response->content_type_ptr, 0, received_coap_header->content_type_len);
+                            memcpy(coap_response->content_type_ptr,
+                                   received_coap_header->content_type_ptr,
+                                   received_coap_header->content_type_len);
+                            coap_response->content_type_len = received_coap_header->content_type_len;
+                            for(uint8_t i = 0; i < coap_response->content_type_len; i++) {
+                                coap_content_type = (coap_content_type << 8) + (coap_response->content_type_ptr[i] & 0xFF);
+                            }
+                         }
+                    }
+
+                    if(!content_type_present &&
+                       M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                        coap_content_type = COAP_CONTENT_OMA_TLV_TYPE;
+                    }
+
+                    tr_debug("M2MResource::handle_get_request() - Request Content-Type %d", coap_content_type);
+
+                    uint8_t *data = NULL;
+                    uint32_t data_length = 0;
+                    // fill in the CoAP response payload
+                    if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type) {
+                        M2MTLVSerializer *serializer = new M2MTLVSerializer();
+                        if(serializer) {
+                            data = serializer->serialize(this, data_length);
+                            delete serializer;
+                        }
+                    } else {
+                        msg_code = COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT; // Content format not supported
+                    }
+
+                    coap_response->payload_len = data_length;
+                    coap_response->payload_ptr = data;
+
+                    coap_response->options_list_ptr = (sn_coap_options_list_s*)malloc(sizeof(sn_coap_options_list_s));
+                    memset(coap_response->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+                    coap_response->options_list_ptr->max_age_ptr = (uint8_t*)malloc(1);
+                    memset(coap_response->options_list_ptr->max_age_ptr,0,1);
+                    coap_response->options_list_ptr->max_age_len = 1;
+
+                    if(received_coap_header->token_ptr) {
+                        tr_debug("M2MResource::handle_get_request - Sets Observation Token to resource");
+                        set_observation_token(received_coap_header->token_ptr,
+                                              received_coap_header->token_len);
+                    }
+
+                    if(received_coap_header->options_list_ptr) {
+                        if(received_coap_header->options_list_ptr->observe) {
+                            if (is_observable()) {
+                                uint32_t number = 0;
+                                uint8_t observe_option = 0;
+                                if(received_coap_header->options_list_ptr->observe_ptr) {
+                                    observe_option = *received_coap_header->options_list_ptr->observe_ptr;
+                                }
+                                if(START_OBSERVATION == observe_option) {
+                                    tr_debug("M2MResource::handle_get_request - Starts Observation");
+                                    // If the observe length is 0 means register for observation.
+                                    if(received_coap_header->options_list_ptr->observe_len != 0) {
+                                        for(int i=0;i < received_coap_header->options_list_ptr->observe_len; i++) {
+                                            number = (*(received_coap_header->options_list_ptr->observe_ptr + i) & 0xff) <<
+                                                     8*(received_coap_header->options_list_ptr->observe_len- 1 - i);
+                                            }
+                                    }
+                                    // If the observe value is 0 means register for observation.
+                                    if(number == 0) {
+                                        tr_debug("M2MResource::handle_get_request - Put Resource under Observation");
+                                        M2MResourceInstanceList::const_iterator it;
+                                        it = _resource_instance_list.begin();
+                                        for (; it!=_resource_instance_list.end(); it++ ) {
+                                            tr_debug("M2MResource::handle_get_request - set_resource_observer");
+                                            (*it)->set_resource_observer(this);
+                                        }
+
+                                        set_under_observation(true,observation_handler);
+                                        M2MBase::add_observation_level(M2MBase::R_Attribute);
+
+                                        uint8_t *obs_number = (uint8_t*)malloc(3);
+                                        memset(obs_number,0,3);
+                                        uint8_t observation_number_length = 1;
+
+                                        uint16_t number = observation_number();
+
+                                        tr_debug("M2MResource::handle_get_request - Observation Number %d", number);
+                                        obs_number[0] = ((number>>8) & 0xFF);
+                                        obs_number[1] = (number & 0xFF);
+
+                                        if(number > 0xFF) {
+                                            observation_number_length = 2;
+                                        }
+                                        coap_response->options_list_ptr->observe_ptr = obs_number;
+                                        coap_response->options_list_ptr->observe_len = observation_number_length;
+                                    }
+                                } else if (STOP_OBSERVATION == observe_option) {
+                                    tr_debug("M2MResource::handle_get_request - Stops Observation");
+                                    set_under_observation(false,NULL);
+                                    M2MBase::remove_observation_level(M2MBase::R_Attribute);
+                                    M2MResourceInstanceList::const_iterator it;
+                                    it = _resource_instance_list.begin();
+                                    for (; it!=_resource_instance_list.end(); it++ ) {
+                                        (*it)->set_resource_observer(NULL);
+                                    }
+                                }
+                                msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+                            }
+                            else {
+                                msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                            }
+                        }
+                    }
+                }
+            }else {
+                tr_error("M2MResource::handle_get_request - Return COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+                // Operation is not allowed.
+                msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+            }
+        }
+        if(coap_response) {
+            coap_response->msg_code = msg_code;
+        }
+    } else {
+        coap_response = M2MResourceInstance::handle_get_request(nsdl,
+                                                                received_coap_header,
+                                                                observation_handler);
+    }
+    return coap_response;
+}
+
+sn_coap_hdr_s* M2MResource::handle_put_request(nsdl_s *nsdl,
+                                               sn_coap_hdr_s *received_coap_header,
+                                               M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MResource::handle_put_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CHANGED; // 2.04
+    sn_coap_hdr_s * coap_response = NULL;
+    if(_has_multiple_instances) {
+        coap_response = sn_nsdl_build_response(nsdl,
+                                               received_coap_header,
+                                               msg_code);
+        // process the PUT if we have registered a callback for it
+        if(received_coap_header) {
+            if ((operation() & SN_GRS_PUT_ALLOWED) != 0) {                
+                uint16_t coap_content_type = 0;
+                bool content_type_present = false;
+                if(received_coap_header->content_type_ptr) {
+                    if(coap_response) {
+                        content_type_present = true;
+                        coap_response->content_type_ptr = (uint8_t*)malloc(received_coap_header->content_type_len);
+                        if(coap_response->content_type_ptr) {
+                            memset(coap_response->content_type_ptr, 0, received_coap_header->content_type_len);
+                            memcpy(coap_response->content_type_ptr,
+                                   received_coap_header->content_type_ptr,
+                                   received_coap_header->content_type_len);
+                            coap_response->content_type_len = received_coap_header->content_type_len;
+                            for(uint8_t i = 0; i < coap_response->content_type_len; i++) {
+                                coap_content_type = (coap_content_type << 8) + (coap_response->content_type_ptr[i] & 0xFF);
+                            }
+                        }
+                    }
+                }
+                if(!content_type_present &&
+                   M2MBase::coap_content_type() == COAP_CONTENT_OMA_TLV_TYPE) {
+                    coap_content_type = COAP_CONTENT_OMA_TLV_TYPE;
+                }
+
+                tr_debug("M2MResource::handle_put_request() - Request Content-Type %d", coap_content_type);
+
+                if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type) {
+                    M2MTLVDeserializer *deserializer = new M2MTLVDeserializer();
+                    if(deserializer) {
+                        M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+                        error = deserializer->deserialize_resource_instances(received_coap_header->payload_ptr,
+                                                                             received_coap_header->payload_len,
+                                                                             *this,
+                                                                             M2MTLVDeserializer::Put);
+                        switch(error) {
+                            case M2MTLVDeserializer::None:
+                                if(observation_handler) {
+                                    String value = "";
+                                    if (received_coap_header->uri_path_ptr != NULL &&
+                                        received_coap_header->uri_path_len > 0) {
+                                        char* buf = (char*)malloc(received_coap_header->uri_path_len+1);
+                                        if(buf) {
+                                            memset(buf,0,received_coap_header->uri_path_len+1);
+                                            memcpy(buf,received_coap_header->uri_path_ptr,received_coap_header->uri_path_len);
+                                            value = String(buf);
+                                            free(buf);
+                                        }
+                                    }
+                                    observation_handler->value_updated(this,value);
+                                }
+                                msg_code = COAP_MSG_CODE_RESPONSE_CHANGED;
+                                break;
+                            case M2MTLVDeserializer::NotFound:
+                                msg_code = COAP_MSG_CODE_RESPONSE_NOT_FOUND;
+                                break;
+                            case M2MTLVDeserializer::NotAllowed:
+                                msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                                break;
+                            case M2MTLVDeserializer::NotValid:
+                                msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST;
+                                break;
+                        }
+                        delete deserializer;
+                    }
+                } else {
+                    msg_code =COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT;
+                } // if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type)
+
+                if(received_coap_header->options_list_ptr &&
+                   received_coap_header->options_list_ptr->uri_query_ptr) {
+                    char *query = (char*)malloc(received_coap_header->options_list_ptr->uri_query_len+1);
+                    if (query){
+                        msg_code = COAP_MSG_CODE_RESPONSE_CHANGED;
+                        memset(query, 0, received_coap_header->options_list_ptr->uri_query_len+1);
+                        memcpy(query,
+                            received_coap_header->options_list_ptr->uri_query_ptr,
+                            received_coap_header->options_list_ptr->uri_query_len);
+                        memset(query + received_coap_header->options_list_ptr->uri_query_len,'\0',1);//String terminator
+                        tr_debug("M2MResource::handle_put_request() - Query %s", query);
+                        // if anything was updated, re-initialize the stored notification attributes
+                        if (!handle_observation_attribute(query)){
+                            tr_debug("M2MResource::handle_put_request() - Invalid query");
+                            msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST; // 4.00
+                        }
+                        free(query);
+                    }
+                }
+            } else {
+                // Operation is not allowed.
+                tr_error("M2MResource::handle_put_request() - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+                msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+            }
+        } else {
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+        }
+        if(coap_response) {
+            coap_response->msg_code = msg_code;
+        }
+    } else {
+        coap_response = M2MResourceInstance::handle_put_request(nsdl,
+                                                                received_coap_header,
+                                                                observation_handler);
+     }
+    return coap_response;
+}
+
+sn_coap_hdr_s* M2MResource::handle_post_request(nsdl_s *nsdl,
+                                                sn_coap_hdr_s *received_coap_header,
+                                                M2MObservationHandler */*observation_handler*/)
+{
+    tr_debug("M2MResource::handle_post_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CHANGED; // 2.04
+    sn_coap_hdr_s * coap_response = sn_nsdl_build_response(nsdl,
+                                                           received_coap_header,
+                                                           msg_code);
+    // process the POST if we have registered a callback for it
+    if(received_coap_header) {
+        if ((operation() & SN_GRS_POST_ALLOWED) != 0) {
+            void *arguments = NULL;
+            if(received_coap_header->payload_ptr) {
+                if(received_coap_header->payload_ptr) {
+                    arguments = (void*)malloc(received_coap_header->payload_len+1);
+                    if (arguments){
+                        memset(arguments, 0, received_coap_header->payload_len+1);
+                        memcpy(arguments,
+                            received_coap_header->payload_ptr,
+                            received_coap_header->payload_len);
+                    }
+                }
+            }
+            tr_debug("M2MResource::handle_post_request - Execute resource function");
+            execute(arguments);
+            free(arguments);
+        } else { // if ((object->operation() & SN_GRS_POST_ALLOWED) != 0)
+            tr_error("M2MResource::handle_post_request - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED; // 4.05
+        }
+    } else { //if(object && received_coap_header)
+        tr_error("M2MResource::handle_post_request - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED; // 4.01
+    }
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+void M2MResource::notification_update()
+{
+    tr_debug("M2MResource::notification_update()");
+    M2MReportHandler *report_handler = M2MBase::report_handler();
+    if(report_handler && is_observable()) {
+        report_handler->set_notification_trigger();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mresourceinstance.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,480 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdlib.h>
+#include "mbed-client/m2mresource.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mobservationhandler.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "include/m2mreporthandler.h"
+#include "include/nsdllinker.h"
+#include "ns_trace.h"
+
+M2MResourceInstance& M2MResourceInstance::operator=(const M2MResourceInstance& other)
+{
+    if (this != &other) { // protect against invalid self-assignment
+
+        if(_value) {
+            free(_value);
+            _value = NULL;
+            _value_length = 0;
+        }
+        _value_length = other._value_length;
+        if(other._value) {
+            _value = (uint8_t *)malloc(other._value_length+1);
+            if(_value) {
+                memset(_value, 0, other._value_length+1);
+                memcpy((uint8_t *)_value, (uint8_t *)other._value, other._value_length);
+            }
+        }
+    }
+    return *this;
+}
+
+M2MResourceInstance::M2MResourceInstance(const M2MResourceInstance& other)
+: M2MBase(other),
+  _object_instance_callback(other._object_instance_callback),
+  _execute_callback(NULL),
+  _value(NULL),
+  _value_length(0),
+  _resource_type(M2MResourceInstance::STRING),
+  _resource_callback(NULL)
+{
+    this->operator=(other);
+}
+
+M2MResourceInstance::M2MResourceInstance(const String &res_name,
+                                         const String &resource_type,
+                                         M2MResourceInstance::ResourceType type,
+                                         M2MObjectInstanceCallback &object_instance_callback)
+: M2MBase(res_name,
+          M2MBase::Dynamic),
+ _object_instance_callback(object_instance_callback),
+ _execute_callback(NULL),
+ _value(NULL),
+ _value_length(0),
+ _resource_type(type),
+ _resource_callback(NULL)
+{
+    M2MBase::set_resource_type(resource_type);
+    M2MBase::set_base_type(M2MBase::ResourceInstance);
+}
+
+M2MResourceInstance::M2MResourceInstance(const String &res_name,
+                                         const String &resource_type,
+                                         M2MResourceInstance::ResourceType type,
+                                         const uint8_t *value,
+                                         const uint8_t value_length,
+                                         M2MObjectInstanceCallback &object_instance_callback)
+: M2MBase(res_name,
+          M2MBase::Static),
+ _object_instance_callback(object_instance_callback),
+ _execute_callback(NULL),
+ _value(NULL),
+ _value_length(0),
+ _resource_type(type),
+ _resource_callback(NULL)
+{
+    M2MBase::set_resource_type(resource_type);
+    M2MBase::set_base_type(M2MBase::Resource);
+    if( value != NULL && value_length > 0 ) {
+        _value = (uint8_t *)malloc(value_length+1);
+        if(_value) {
+            memset(_value, 0, value_length+1);
+            memcpy((uint8_t *)_value, (uint8_t *)value, value_length);
+            _value_length = value_length;
+        }
+    }
+}
+
+M2MResourceInstance::~M2MResourceInstance()
+{
+    if(_value) {
+        free(_value);
+        _value = NULL;
+        _value_length = 0;
+    }
+    _resource_callback = NULL;
+}
+
+M2MBase::BaseType M2MResourceInstance::base_type() const
+{
+    return M2MBase::base_type();
+}
+
+M2MResourceInstance::ResourceType M2MResourceInstance::resource_instance_type() const
+{
+    return _resource_type;
+}
+
+bool M2MResourceInstance::handle_observation_attribute(char *&query)
+{
+    tr_debug("M2MResourceInstance::handle_observation_attribute()");
+    bool success = false;
+    M2MReportHandler *handler = M2MBase::report_handler();
+    if (handler) {
+        success = handler->parse_notification_attribute(query,
+                M2MBase::base_type(), _resource_type);
+        if (success) {
+            if ((handler->attribute_flags() & M2MReportHandler::Cancel) == 0) {
+                handler->set_under_observation(true);
+            } else {
+                handler->set_under_observation(false);
+            }
+        }
+        else {
+            handler->set_default_values();
+        }
+    }
+    return success;
+}
+
+void M2MResourceInstance::set_execute_function(execute_callback callback)
+{
+    _execute_callback = callback;
+}
+
+void M2MResourceInstance::clear_value()
+{
+    tr_debug("M2MResourceInstance::clear_value");
+    if(_value) {
+         free(_value);
+         _value = NULL;
+         _value_length = 0;
+    }
+    report();
+}
+
+bool M2MResourceInstance::set_value(const uint8_t *value,
+                                    const uint32_t value_length)
+{
+    tr_debug("M2MResourceInstance::set_value()");
+    bool success = false;
+    bool string_value_changed = false;
+    if(_resource_type == M2MResourceInstance::STRING) {
+        if(is_value_changed(value,value_length)) {
+            string_value_changed = true;
+        }
+    }
+    if( value != NULL && value_length > 0 ) {
+        success = true;
+        if(_value) {
+             free(_value);
+             _value = NULL;
+             _value_length = 0;
+        }
+        _value = (uint8_t *)malloc(value_length+1);
+        if(_value) {
+            memset(_value, 0, value_length+1);
+            memcpy((uint8_t *)_value, (uint8_t *)value, value_length);
+            _value_length = value_length;
+            if(string_value_changed) {
+                M2MReportHandler *report_handler = M2MBase::report_handler();
+                if(report_handler && is_observable()) {
+                    report_handler->set_notification_trigger();
+                }
+            } else {
+                report();
+            }
+        }
+    }
+
+    return success;
+}
+
+
+void M2MResourceInstance::report()
+{
+    tr_debug("M2MResourceInstance::report()");
+    M2MBase::Observation  observation_level = M2MBase::observation_level();
+    if(M2MBase::O_Attribute == observation_level ||
+       M2MBase::OI_Attribute == observation_level||
+       M2MBase::OOI_Attribute == observation_level) {
+        _object_instance_callback.notification_update(observation_level);
+    }
+
+    if(M2MBase::Dynamic == mode()) {
+        if(!_resource_callback && _resource_type != M2MResourceInstance::STRING) {
+            M2MReportHandler *report_handler = M2MBase::report_handler();
+            if (report_handler && is_observable()) {
+                if(_value) {
+                    report_handler->set_value(atof((const char*)_value));
+                } else {
+                    report_handler->set_value(0);
+                }
+            }
+        }
+        else {
+            if (_resource_callback && base_type() == M2MBase::ResourceInstance) {
+                _resource_callback->notification_update();
+            }
+        }
+    } else if(M2MBase::Static == mode()) {
+        M2MObservationHandler *observation_handler = M2MBase::observation_handler();
+        if(observation_handler) {
+            observation_handler->value_updated(this);
+        }
+    } else {
+        tr_debug("M2MResourceInstance::report() - mode = %d, is_observable = %d", mode(), is_observable());
+    }
+}
+
+bool M2MResourceInstance::is_value_changed(const uint8_t* value, const uint32_t value_len)
+{
+    tr_debug("M2MResourceInstance::is_value_changed()");
+    bool changed = false;
+    if(value_len != _value_length) {
+        changed = true;
+    } else if(value && !_value) {
+        changed = true;
+    } else if(_value && !value) {
+        changed = true;
+    } else {        
+        if (_value) {
+            String val((const char*)value);
+            String tmp_val((const char*)_value);
+            if(!(val == tmp_val)){
+                changed = true;
+            }
+        }
+    }
+    return changed;
+}
+
+void M2MResourceInstance::execute(void *arguments)
+{
+    tr_debug("M2MResourceInstance::execute");
+    if(_execute_callback) {
+        _execute_callback(arguments);
+    }
+}
+
+void M2MResourceInstance::get_value(uint8_t *&value, uint32_t &value_length)
+{
+    value_length = 0;
+    if(value) {
+        free(value);
+        value = NULL;
+    }
+    if(_value && _value_length > 0) {
+        value = (uint8_t *)malloc(_value_length+1);
+        if(value) {
+            value_length = _value_length;
+            memset(value, 0, _value_length+1);
+            memcpy((uint8_t *)value, (uint8_t *)_value, value_length);
+        }
+    }
+}
+
+uint8_t* M2MResourceInstance::value() const
+{
+    return _value;
+}
+
+uint32_t M2MResourceInstance::value_length() const
+{
+    return _value_length;
+}
+
+sn_coap_hdr_s* M2MResourceInstance::handle_get_request(nsdl_s *nsdl,
+                                               sn_coap_hdr_s *received_coap_header,
+                                               M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MResourceInstance::handle_get_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CONTENT;
+    sn_coap_hdr_s *coap_response = sn_nsdl_build_response(nsdl,
+                                                          received_coap_header,
+                                                          msg_code);
+    if(received_coap_header) {
+        // process the GET if we have registered a callback for it
+        if ((operation() & SN_GRS_GET_ALLOWED) != 0) {
+            if(coap_response) {
+                coap_response->content_type_ptr = (uint8_t*)malloc(1);
+                if(coap_response->content_type_ptr) {
+                    memset(coap_response->content_type_ptr, 0, 1);
+                    coap_response->content_type_len = 1;
+                }
+
+                // fill in the CoAP response payload
+                coap_response->payload_ptr = NULL;
+                uint32_t payload_len = 0;
+                get_value(coap_response->payload_ptr,payload_len);
+                coap_response->payload_len = payload_len;
+
+                coap_response->options_list_ptr = (sn_coap_options_list_s*)malloc(sizeof(sn_coap_options_list_s));
+                memset(coap_response->options_list_ptr, 0, sizeof(sn_coap_options_list_s));
+
+                coap_response->options_list_ptr->max_age_ptr = (uint8_t*)malloc(1);
+                memset(coap_response->options_list_ptr->max_age_ptr,0,1);
+                coap_response->options_list_ptr->max_age_len = 1;
+
+                if(received_coap_header->token_ptr) {
+                    tr_debug("M2MResourceInstance::handle_get_request - Sets Observation Token to resource");
+                    set_observation_token(received_coap_header->token_ptr,
+                                          received_coap_header->token_len);
+                }
+
+                if(received_coap_header->options_list_ptr) {
+                    if(received_coap_header->options_list_ptr->observe) {
+                        if (is_observable()) {
+                            uint32_t number = 0;
+                            uint8_t observe_option = 0;
+                            if(received_coap_header->options_list_ptr->observe_ptr) {
+                                observe_option = *received_coap_header->options_list_ptr->observe_ptr;
+                            }
+                            if(START_OBSERVATION == observe_option) {
+                                tr_debug("M2MResourceInstance::handle_get_request - Starts Observation");
+                                // If the observe length is 0 means register for observation.
+                                if(received_coap_header->options_list_ptr->observe_len != 0) {
+                                    for(int i=0;i < received_coap_header->options_list_ptr->observe_len; i++) {
+                                        number = (*(received_coap_header->options_list_ptr->observe_ptr + i) & 0xff) <<
+                                                 8*(received_coap_header->options_list_ptr->observe_len- 1 - i);
+                                        }
+                                }
+                                // If the observe value is 0 means register for observation.
+                                if(number == 0) {
+                                    tr_debug("M2MResourceInstance::handle_get_request - Put Resource under Observation");
+                                    set_under_observation(true,observation_handler);
+                                    M2MBase::add_observation_level(M2MBase::R_Attribute);
+                                    uint8_t *obs_number = (uint8_t*)malloc(3);
+                                    memset(obs_number,0,3);
+                                    uint8_t observation_number_length = 1;
+
+                                    uint16_t number = observation_number();
+
+                                    tr_debug("M2MResourceInstance::handle_get_request - Observation Number %d", number);
+                                    obs_number[0] = ((number>>8) & 0xFF);
+                                    obs_number[1] = (number & 0xFF);
+
+                                    if(number > 0xFF) {
+                                        observation_number_length = 2;
+                                    }
+                                    coap_response->options_list_ptr->observe_ptr = obs_number;
+                                    coap_response->options_list_ptr->observe_len = observation_number_length;
+                                }
+                            } else if (STOP_OBSERVATION == observe_option) {
+                                tr_debug("M2MResourceInstance::handle_get_request - Stops Observation");
+                                set_under_observation(false,NULL);
+                                M2MBase::remove_observation_level(M2MBase::R_Attribute);
+                            }
+                        } else {
+                            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+                        }
+                    }
+                }
+            }
+        }else {
+            tr_error("M2MResourceInstance::handle_get_request - Return COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            // Operation is not allowed.
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+        }
+    } else {
+        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+    }
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+sn_coap_hdr_s* M2MResourceInstance::handle_put_request(nsdl_s *nsdl,
+                                               sn_coap_hdr_s *received_coap_header,
+                                               M2MObservationHandler *observation_handler)
+{
+    tr_debug("M2MResourceInstance::handle_put_request()");
+    sn_coap_msg_code_e msg_code = COAP_MSG_CODE_RESPONSE_CHANGED; // 2.04
+    sn_coap_hdr_s * coap_response = sn_nsdl_build_response(nsdl,
+                                                           received_coap_header,
+                                                           msg_code);
+    // process the PUT if we have registered a callback for it
+    if(received_coap_header) {
+        if ((operation() & SN_GRS_PUT_ALLOWED) != 0) {
+            uint16_t coap_content_type = 0;
+            if(received_coap_header->content_type_ptr) {
+                if(coap_response) {
+                    coap_response->content_type_ptr = (uint8_t*)malloc(received_coap_header->content_type_len);
+                    if(coap_response->content_type_ptr) {
+                        memset(coap_response->content_type_ptr, 0, received_coap_header->content_type_len);
+                        memcpy(coap_response->content_type_ptr,
+                               received_coap_header->content_type_ptr,
+                               received_coap_header->content_type_len);
+                        coap_response->content_type_len = received_coap_header->content_type_len;
+                        for(uint8_t i = 0; i < coap_response->content_type_len; i++) {
+                            coap_content_type = (coap_content_type << 8) + (coap_response->content_type_ptr[i] & 0xFF);
+                        }
+                    }
+                }
+            }
+
+            tr_debug("M2MResourceInstance::handle_put_request() - Request Content-Type %d", coap_content_type);
+
+            if(COAP_CONTENT_OMA_TLV_TYPE == coap_content_type) {
+                msg_code = COAP_MSG_CODE_RESPONSE_UNSUPPORTED_CONTENT_FORMAT;
+            } else {
+                set_value(received_coap_header->payload_ptr, received_coap_header->payload_len);
+                if(received_coap_header->payload_ptr) {
+                   tr_debug("M2MResourceInstance::handle_put_request() - Update Resource with new values");
+                    if(observation_handler) {
+                        String value = "";
+                        if (received_coap_header->uri_path_ptr != NULL &&
+                            received_coap_header->uri_path_len > 0) {
+                            char* buf = (char*)malloc(received_coap_header->uri_path_len+1);
+                            if(buf) {
+                                memset(buf,0,received_coap_header->uri_path_len+1);
+                                memcpy(buf,received_coap_header->uri_path_ptr,received_coap_header->uri_path_len);
+                                value = String(buf);
+                                free(buf);
+                            }
+                        }
+                        observation_handler->value_updated(this,value);
+                    }
+                }
+                if(received_coap_header->options_list_ptr &&
+                   received_coap_header->options_list_ptr->uri_query_ptr) {
+                    char *query = (char*)malloc(received_coap_header->options_list_ptr->uri_query_len+1);
+                    if (query){
+                        memset(query, 0, received_coap_header->options_list_ptr->uri_query_len+1);
+                        memcpy(query,
+                            received_coap_header->options_list_ptr->uri_query_ptr,
+                            received_coap_header->options_list_ptr->uri_query_len);
+                        memset(query + received_coap_header->options_list_ptr->uri_query_len,'\0',1);//String terminator
+                        tr_debug("M2MResourceInstance::handle_put_request() - Query %s", query);
+                        // if anything was updated, re-initialize the stored notification attributes
+                        if (!handle_observation_attribute(query)){
+                            tr_debug("M2MResourceInstance::handle_put_request() - Invalid query");
+                            msg_code = COAP_MSG_CODE_RESPONSE_BAD_REQUEST; // 4.00
+                        }
+                        free(query);
+                    }
+                }
+            }
+        } else {
+            // Operation is not allowed.
+            tr_error("M2MResourceInstance::handle_put_request() - COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED");
+            msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+        }
+    } else {
+        msg_code = COAP_MSG_CODE_RESPONSE_METHOD_NOT_ALLOWED;
+    }
+    if(coap_response) {
+        coap_response->msg_code = msg_code;
+    }
+    return coap_response;
+}
+
+void M2MResourceInstance::set_resource_observer(M2MResourceCallback *resource)
+{
+    _resource_callback = resource;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2msecurity.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,358 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <cstdio>
+#include "mbed-client/m2msecurity.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+
+
+M2MSecurity::M2MSecurity(ServerType ser_type)
+: M2MObject(M2M_SECURITY_ID),
+ _server_type(ser_type),
+ _server_instance(NULL)
+{
+     _server_instance  = M2MObject::create_object_instance();
+
+    if(_server_instance) {
+
+        M2MResource* res = _server_instance->create_dynamic_resource(SECURITY_M2M_SERVER_URI,
+                                                                     OMA_RESOURCE_TYPE,
+                                                                     M2MResourceInstance::STRING,
+                                                                     false);
+        if(res) {
+            res->set_operation(M2MBase::NOT_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SECURITY_BOOTSTRAP_SERVER,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::BOOLEAN,
+                                                        false);
+        if(res) {
+            res->set_operation(M2MBase::NOT_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SECURITY_SECURITY_MODE,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::INTEGER,
+                                                        false);
+        if(res) {
+            res->set_operation(M2MBase::NOT_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SECURITY_PUBLIC_KEY,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::OPAQUE,
+                                                        false);
+        if(res) {
+            res->set_operation(M2MBase::NOT_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SECURITY_SERVER_PUBLIC_KEY,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::OPAQUE,
+                                                        false);
+        if(res) {
+            res->set_operation(M2MBase::NOT_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SECURITY_SECRET_KEY,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::OPAQUE,
+                                                        false);
+        if(res) {
+            res->set_operation(M2MBase::NOT_ALLOWED);
+        }
+        if(M2MSecurity::M2MServer == ser_type) {
+            res = _server_instance->create_dynamic_resource(SECURITY_SHORT_SERVER_ID,
+                                                            OMA_RESOURCE_TYPE,
+                                                            M2MResourceInstance::INTEGER,
+                                                            false);
+            if(res) {
+                res->set_operation(M2MBase::NOT_ALLOWED);
+            }
+        }
+    }
+}
+
+M2MSecurity::~M2MSecurity()
+{
+    _server_instance = NULL;
+}
+
+M2MResource* M2MSecurity::create_resource(SecurityResource resource, uint32_t value)
+{
+    M2MResource* res = NULL;
+    String security_id = "";
+    if(!is_resource_present(resource)) {
+        switch(resource) {
+            case SMSSecurityMode:
+               security_id = SECURITY_SMS_SECURITY_MODE;
+               break;
+            case M2MServerSMSNumber:
+                security_id = SECURITY_M2M_SERVER_SMS_NUMBER;
+                break;
+            case ShortServerID:
+                security_id = SECURITY_SHORT_SERVER_ID;
+                break;
+            case ClientHoldOffTime:
+                security_id = SECURITY_CLIENT_HOLD_OFF_TIME;
+                break;
+            default:
+                break;
+        }
+    }
+    if(!security_id.empty()) {
+        if(_server_instance) {
+
+            res = _server_instance->create_dynamic_resource(security_id,OMA_RESOURCE_TYPE,
+                                                            M2MResourceInstance::INTEGER,
+                                                            false);
+
+            if(res) {
+                char *buffer = (char*)malloc(20);
+                if(buffer) {
+                    int size = snprintf(buffer, 20,"%ld",(long int)value);
+                    res->set_operation(M2MBase::NOT_ALLOWED);
+                    res->set_value((const uint8_t*)buffer,
+                                   (uint32_t)size);
+                    free(buffer);
+                }
+            }
+        }
+    }
+    return res;
+}
+
+bool M2MSecurity::delete_resource(SecurityResource resource)
+{
+    bool success = false;
+    String security_id = "";
+    switch(resource) {
+        case SMSSecurityMode:
+           security_id = SECURITY_SMS_SECURITY_MODE;
+           break;
+        case M2MServerSMSNumber:
+            security_id = SECURITY_M2M_SERVER_SMS_NUMBER;
+            break;
+        case ShortServerID:
+            if(M2MSecurity::Bootstrap == _server_type) {
+                security_id = SECURITY_SHORT_SERVER_ID;
+            }
+            break;
+        case ClientHoldOffTime:
+            security_id = SECURITY_CLIENT_HOLD_OFF_TIME;
+            break;
+        default:
+            // Others are mandatory resources hence cannot be deleted.
+            break;
+    }
+    if(!security_id.empty()) {
+        if(_server_instance) {
+            success = _server_instance->remove_resource(security_id);
+        }
+    }
+    return success;
+}
+
+bool M2MSecurity::set_resource_value(SecurityResource resource,
+                                     const String &value)
+{
+    bool success = false;
+    if(M2MSecurity::M2MServerUri == resource) {
+        M2MResource* res = get_resource(resource);
+        if(res) {
+            success = res->set_value((const uint8_t*)value.c_str(),(uint32_t)value.length());
+        }
+    }
+    return success;
+}
+
+bool M2MSecurity::set_resource_value(SecurityResource resource,
+                                     uint32_t value)
+{
+    bool success = false;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MSecurity::SecurityMode == resource        ||
+           M2MSecurity::SMSSecurityMode == resource     ||
+           M2MSecurity::M2MServerSMSNumber == resource  ||
+           M2MSecurity::ShortServerID == resource       ||
+           M2MSecurity::ClientHoldOffTime == resource) {
+            // If it is any of the above resource
+            // set the value of the resource.
+            char *buffer = (char*)malloc(20);
+            if(buffer) {
+                int size = snprintf(buffer, 20,"%ld",(long int)value);
+                success = res->set_value((const uint8_t*)buffer,
+                                         (uint32_t)size);
+                free(buffer);
+            }
+        }
+    }
+    return success;
+}
+
+bool M2MSecurity::set_resource_value(SecurityResource resource,
+                                     const uint8_t *value,
+                                     const uint16_t length)
+{
+    bool success = false;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MSecurity::PublicKey == resource           ||
+           M2MSecurity::ServerPublicKey == resource     ||
+           M2MSecurity::Secretkey == resource) {
+            success = res->set_value(value,length);
+        }
+    }
+    return success;
+}
+
+String M2MSecurity::resource_value_string(SecurityResource resource) const
+{
+    String value = "";
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MSecurity::M2MServerUri == resource) {
+            uint8_t* buffer = NULL;
+            uint32_t length = 0;
+            res->get_value(buffer,length);
+
+            char *char_buffer = (char*)malloc(length+1);
+            if(char_buffer) {
+                memset(char_buffer,0,length+1);
+                if(buffer) {
+                    memcpy(char_buffer,(char*)buffer,length);                    
+                }
+                String s_name(char_buffer);
+                value = s_name;
+                free(char_buffer);
+            }
+            if(buffer) {
+                free(buffer);
+            }
+        }
+    }
+    return value;
+}
+
+uint32_t M2MSecurity::resource_value_buffer(SecurityResource resource,
+                               uint8_t *&data) const
+{
+    uint32_t size = 0;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MSecurity::PublicKey == resource        ||
+           M2MSecurity::ServerPublicKey == resource  ||
+           M2MSecurity::Secretkey == resource) {
+            res->get_value(data,size);
+        }
+    }
+    return size;
+}
+
+
+uint32_t M2MSecurity::resource_value_int(SecurityResource resource) const
+{
+    uint32_t value = 0;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MSecurity::SecurityMode == resource        ||
+           M2MSecurity::SMSSecurityMode == resource     ||
+           M2MSecurity::M2MServerSMSNumber == resource  ||
+           M2MSecurity::ShortServerID == resource       ||
+           M2MSecurity::ClientHoldOffTime == resource) {
+            // Get the value and convert it into integer
+            uint8_t* buffer = NULL;
+            uint32_t length = 0;
+            res->get_value(buffer,length);
+            if(buffer) {
+                value = atoi((const char*)buffer);
+                free(buffer);
+            }
+        }
+    }
+    return value;
+}
+
+bool M2MSecurity::is_resource_present(SecurityResource resource) const
+{
+    bool success = false;
+    M2MResource *res = get_resource(resource);
+    if(res) {
+        success = true;
+    }
+    return success;
+}
+
+uint16_t M2MSecurity::total_resource_count() const
+{
+    uint16_t count = 0;
+    if(_server_instance) {
+        count = _server_instance->resources().size();
+    }
+    return count;
+}
+
+M2MSecurity::ServerType M2MSecurity::server_type() const
+{
+    return _server_type;
+}
+
+M2MResource* M2MSecurity::get_resource(SecurityResource res) const
+{
+    M2MResource* res_object = NULL;
+    if(_server_instance) {
+        String res_name = "";
+        switch(res) {
+            case M2MServerUri:
+                res_name = SECURITY_M2M_SERVER_URI;
+                break;
+            case BootstrapServer:
+                res_name = SECURITY_BOOTSTRAP_SERVER;
+                break;
+            case SecurityMode:
+                res_name = SECURITY_SECURITY_MODE;
+                break;
+            case PublicKey:
+                res_name = SECURITY_PUBLIC_KEY;
+                break;
+            case ServerPublicKey:
+                res_name = SECURITY_SERVER_PUBLIC_KEY;
+                break;
+            case Secretkey:
+                res_name = SECURITY_SECRET_KEY;
+                break;
+            case SMSSecurityMode:
+                res_name = SECURITY_SMS_SECURITY_MODE;
+                break;
+            case SMSBindingKey:
+                res_name = SECURITY_SMS_BINDING_KEY;
+                break;
+            case SMSBindingSecretKey:
+                res_name = SECURITY_SMS_BINDING_SECRET_KEY;
+                break;
+            case M2MServerSMSNumber:
+                res_name = SECURITY_M2M_SERVER_SMS_NUMBER;
+                break;
+            case ShortServerID:
+                res_name = SECURITY_SHORT_SERVER_ID;
+                break;
+            case ClientHoldOffTime:
+                res_name = SECURITY_CLIENT_HOLD_OFF_TIME;
+                break;
+        }
+        res_object = _server_instance->resource(res_name);
+    }
+    return res_object;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mserver.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,310 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <cstdio>
+#include "mbed-client/m2mserver.h"
+#include "mbed-client/m2mconstants.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+
+
+M2MServer::M2MServer()
+: M2MObject(M2M_SERVER_ID)
+{
+    M2MObject::create_object_instance();
+
+    _server_instance = object_instance();
+
+    if(_server_instance) {
+
+        M2MResource* res = _server_instance->create_dynamic_resource(SERVER_SHORT_SERVER_ID,
+                                                                     OMA_RESOURCE_TYPE,
+                                                                     M2MResourceInstance::INTEGER,
+                                                                     true);
+        if(res) {
+            res->set_operation(M2MBase::GET_PUT_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SERVER_LIFETIME,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::INTEGER,
+                                                        true);
+        if(res) {
+            res->set_operation(M2MBase::GET_PUT_POST_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SERVER_NOTIFICATION_STORAGE,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::BOOLEAN,
+                                                        true);
+        if(res) {
+            res->set_operation(M2MBase::GET_PUT_POST_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SERVER_BINDING,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::STRING,
+                                                        true);
+        if(res) {
+            res->set_operation(M2MBase::GET_PUT_POST_ALLOWED);
+        }
+        res = _server_instance->create_dynamic_resource(SERVER_REGISTRATION_UPDATE,
+                                                        OMA_RESOURCE_TYPE,
+                                                        M2MResourceInstance::OPAQUE,
+                                                        false);
+        if(res) {
+          res->set_operation(M2MBase::POST_ALLOWED);
+        }
+    }
+}
+
+M2MServer::~M2MServer()
+{
+
+}
+
+M2MResource* M2MServer::create_resource(ServerResource resource, uint32_t value)
+{
+    M2MResource* res = NULL;
+    String server_id = "";
+    if(!is_resource_present(resource)) {
+        switch(resource) {
+        case DefaultMinPeriod:
+            server_id = SERVER_DEFAULT_MIN_PERIOD;
+            break;
+        case DefaultMaxPeriod:
+            server_id = SERVER_DEFAULT_MAX_PERIOD;
+            break;
+        case DisableTimeout:
+            server_id = SERVER_DISABLE_TIMEOUT;
+            break;
+        default:
+            break;
+        }
+    }
+    if(!server_id.empty()) {
+        if(_server_instance) {
+            res = _server_instance->create_dynamic_resource(server_id,
+                                                            OMA_RESOURCE_TYPE,
+                                                            M2MResourceInstance::INTEGER,
+                                                            true);
+            if(res) {
+                res->set_operation(M2MBase::GET_PUT_POST_ALLOWED);
+                // If resource is created then set the value.
+                char *buffer = (char*)malloc(20);
+                if(buffer) {
+                    int size = snprintf(buffer, 20,"%ld",(long int)value);
+                    res->set_value((const uint8_t*)buffer,(uint32_t)size);
+                    free(buffer);
+                }
+            }
+        }
+    }
+    return res;
+}
+
+M2MResource* M2MServer::create_resource(ServerResource resource)
+{
+    M2MResource* res = NULL;
+    if(!is_resource_present(resource)) {
+        if(M2MServer::Disable == resource) {
+                if(_server_instance) {
+                    res = _server_instance->create_dynamic_resource(SERVER_DISABLE,
+                                                                    OMA_RESOURCE_TYPE,
+                                                                    M2MResourceInstance::OPAQUE,
+                                                                    false);
+                if(res) {
+                    res->set_operation(M2MBase::POST_ALLOWED);
+                }
+            }
+        }
+    }
+    return res;
+}
+
+bool M2MServer::delete_resource(ServerResource resource)
+{
+    bool success = false;
+    String server_id = "";
+    switch(resource) {
+        case DefaultMinPeriod:
+           server_id = SERVER_DEFAULT_MIN_PERIOD;
+           break;
+        case DefaultMaxPeriod:
+            server_id = SERVER_DEFAULT_MAX_PERIOD;
+            break;
+        case Disable:
+            server_id = SERVER_DISABLE;
+            break;
+        case DisableTimeout:
+            server_id = SERVER_DISABLE_TIMEOUT;
+            break;
+        default:
+            break;
+    }
+    if(!server_id.empty()) {
+        if(_server_instance) {
+            success = _server_instance->remove_resource(server_id);
+        }
+    }
+    return success;
+}
+
+bool M2MServer::set_resource_value(ServerResource resource,
+                                   const String &value)
+{
+    bool success = false;
+    M2MResource* res = get_resource(resource);
+    if(res && (M2MServer::Binding == resource)) {
+        success = res->set_value((const uint8_t*)value.c_str(),(uint32_t)value.length());
+    }
+    return success;
+}
+
+bool M2MServer::set_resource_value(ServerResource resource,
+                                   uint32_t value)
+{
+    bool success = false;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MServer::ShortServerID == resource     ||
+           M2MServer::Lifetime == resource          ||
+           M2MServer::DefaultMinPeriod == resource  ||
+           M2MServer::DefaultMaxPeriod == resource  ||
+           M2MServer::DisableTimeout == resource    ||
+           M2MServer::NotificationStorage == resource) {
+            // If it is any of the above resource
+            // set the value of the resource.
+            char *buffer = (char*)malloc(20);
+            if(buffer) {
+                int size = snprintf(buffer, 20,"%ld",(long int)value);
+                success = res->set_value((const uint8_t*)buffer,
+                                         (uint32_t)size);
+                free(buffer);
+            }
+        }
+    }
+    return success;
+}
+
+String M2MServer::resource_value_string(ServerResource resource) const
+{
+    String value = "";
+    M2MResource* res = get_resource(resource);
+    if(res && (M2MServer::Binding == resource)) {
+        uint8_t* buffer = NULL;
+        uint32_t length = 0;
+        res->get_value(buffer,length);
+
+        char *char_buffer = (char*)malloc(length+1);
+        if(char_buffer) {
+            memset(char_buffer,0,length+1);
+            memcpy(char_buffer,(char*)buffer,length);
+
+            String s_name(char_buffer);
+            value = s_name;
+            if(char_buffer) {
+                free(char_buffer);
+            }
+        }
+        if(buffer) {
+            free(buffer);
+        }
+    }
+    return value;
+}
+
+
+uint32_t M2MServer::resource_value_int(ServerResource resource) const
+{
+    uint32_t value = 0;
+    M2MResource* res = get_resource(resource);
+    if(res) {
+        if(M2MServer::ShortServerID == resource     ||
+           M2MServer::Lifetime == resource          ||
+           M2MServer::DefaultMinPeriod == resource  ||
+           M2MServer::DefaultMaxPeriod == resource  ||
+           M2MServer::DisableTimeout == resource    ||
+           M2MServer::NotificationStorage == resource) {
+            // Get the value and convert it into integer
+            uint8_t* buffer = NULL;
+            uint32_t length = 0;
+            res->get_value(buffer,length);
+            if(buffer) {
+                value = atoi((const char*)buffer);
+                free(buffer);
+            }
+        }
+    }
+    return value;
+}
+
+bool M2MServer::is_resource_present(ServerResource resource) const
+{
+    bool success = false;
+    M2MResource *res = get_resource(resource);
+    if(res) {
+        success = true;
+    }
+    return success;
+}
+
+uint16_t M2MServer::total_resource_count() const
+{
+    uint16_t total_count = 0;
+    if(_server_instance) {
+    total_count = _server_instance->resources().size();
+    }
+    return total_count;
+}
+
+M2MResource* M2MServer::get_resource(ServerResource res) const
+{
+    M2MResource* res_object = NULL;
+    String res_name = "";
+    switch(res) {
+    case ShortServerID:
+        res_name = SERVER_SHORT_SERVER_ID;
+        break;
+    case Lifetime:
+        res_name = SERVER_LIFETIME;
+        break;
+    case DefaultMinPeriod:
+        res_name = SERVER_DEFAULT_MIN_PERIOD;
+        break;
+    case DefaultMaxPeriod:
+        res_name = SERVER_DEFAULT_MAX_PERIOD;
+        break;
+    case Disable:
+        res_name = SERVER_DISABLE;
+        break;
+    case DisableTimeout:
+        res_name = SERVER_DISABLE_TIMEOUT;
+        break;
+    case NotificationStorage:
+        res_name = SERVER_NOTIFICATION_STORAGE;
+        break;
+    case Binding:
+        res_name = SERVER_BINDING;
+        break;
+    case RegistrationUpdate:
+        res_name = SERVER_REGISTRATION_UPDATE;
+        break;
+    }
+    if(!res_name.empty()) {
+        if(_server_instance) {
+        res_object = _server_instance->resource(res_name);
+        }
+    }
+    return res_object;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mstring.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,366 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "mbed-client/m2mstring.h"
+#include <string.h> // strlen
+#include <stdlib.h> // malloc, realloc
+#include <assert.h>
+#include <algorithm> // min
+
+namespace m2m {
+
+  const String::size_type String::npos = static_cast<size_t>(-1);
+
+  /*
+   * Like the 'new' operator, we want to guarantee that we NEVER
+   * return NULL. Loop until there is free memory.
+   *
+   */
+  static char* malloc_never_null(const size_t b)
+  {
+      char *p;
+
+      do {
+          p = static_cast<char*>(malloc(b));
+      } while ( p == NULL );
+
+      return p;
+  }
+
+  /**
+   * Allocates memory for the copy the string at the same time sets "this->allocated".
+   * @param s
+   * @return
+   */
+  char*
+  String::strdup_never_null(const char* s)
+  {
+      const size_t len = strlen(s)+1;
+      char *p2 = malloc_never_null(len);
+      memcpy(p2, s, len);
+      allocated_=len;
+      size_=len-1;
+      return p2;
+  }
+
+  String::String()
+  : p( strdup_never_null("") )
+  {
+    _return_value = '\0';
+  }
+
+  String::~String()
+  {
+      free(p);
+      p = 0;
+  }
+
+  String::String(const String& s)
+    : p(0)
+  {
+    if( &s != NULL ){
+        p = malloc_never_null( s.size_ + 1 );  // copy only used part
+        allocated_ = s.size_ + 1;
+        size_      = s.size_;
+        memcpy(p, s.p, size_ + 1);
+    }
+    _return_value = '\0';
+  }
+
+  String::String(const char* s)
+  : p(strdup_never_null(s))
+  {
+      _return_value = '\0';
+  }
+
+  String& String::operator=(const char* s)
+  {
+      if ( p != s ) {
+            // s could point into our own string, so we have to allocate a new string
+            const size_t len = strlen(s);
+            char* copy = (char*) malloc( len + 1);
+            memmove(copy, s, len+1); // trailing 0
+            free( p );
+            p = copy;
+            size_ = len;
+            allocated_ = len+1;
+      }
+
+      return *this;
+  }
+
+  String& String::operator=(const String& s)
+  {
+      return operator=(s.p);
+  }
+
+  String& String::operator+=(const String& s)
+  {
+    if (s.size_ > 0){
+      this->reserve(size_ + s.size_);
+      memmove(p+size_, s.p, s.size_+1); // trailing 0
+      size_ += s.size_;
+    }
+    return *this;
+  }
+
+  // since p and s may overlap, we have to copy our own string first
+  String& String::operator+=(const char* s)
+  {
+      const size_type lens = strlen(s);
+      if (lens > 0){
+        if (size_ + lens + 1 <= allocated_) {
+          memmove(p+size_, s, lens+1); // trailing 0
+          size_ += lens;
+        } else {
+          String s2( *this );  // copy own data
+          s2.reserve(size_ + lens);
+          memmove(s2.p+size_, s, lens+1); // trailing 0
+          s2.size_ = size_ + lens;
+          this->swap( s2 );
+        }
+      }
+      return *this;
+  }
+
+  String& String::operator+=(const char c)
+  {
+      push_back(c);
+      return *this;
+  }
+
+
+  void String::push_back(const char c) {
+
+    if (size_ == allocated_ - 1) {
+      size_t more =  (allocated_* 3) / 2; // factor 1.5
+      if ( more < 4 ) more = 4;
+      reserve( size_ + more );
+    }
+
+    p[size_] = c;
+    size_++;
+    p[size_] = 0;
+  }
+
+  bool String::operator==(const char* s) const
+  {
+      if( s == NULL ){
+          if( p == NULL ){
+              return true;
+          }
+          return false;
+      }
+      bool ret = strcmp(p, s);
+      return !ret;
+  }
+
+  bool String::operator==(const String& s) const
+  {
+      bool ret = strcmp(p, s.p);
+      return !ret;
+  }
+
+  void String::clear()
+  {
+      size_ = 0;
+      p[0]  = 0;
+  }
+
+//  String operator+(const String& lhs, const String& rhs)
+//  {
+//      return String(lhs) += rhs;
+//  }
+
+  String String::substr(const size_type pos, size_type length) const
+  {
+      String s;
+      const size_type len = size_;
+
+      if ( pos <= len ) {
+
+      size_type remain = len - pos;
+
+      if ( length > remain )
+          length = remain;
+
+      s.reserve( length );
+
+      memcpy(s.p, p + pos, length);
+      s.p[length] = '\0';
+      s.size_ = length;
+      }
+      return s;
+  }
+
+
+  // checked access, accessing the NUL at end is allowed
+  char& String::at(const size_type i)
+  {
+      if ( i <= strlen(p) ) {
+        _return_value = p[i];
+      } else {
+      _return_value = '\0';
+      }
+      return _return_value;
+  }
+
+  char String::at(const size_type i) const
+  {
+      if ( i <= strlen(p) ) {
+        return p[i];
+      } else {
+         return '\0';
+      }
+  }
+
+  String& String::erase(size_type pos, size_type len)
+  {
+    if (len > 0) {
+
+      if ( pos < size_ ) { // user must not remove trailing 0
+
+          size_type s2 = size_;
+          size_type remain = s2 - pos - len;
+
+          if (remain > 0) {
+            // erase by overwriting
+            memmove(p + pos, p + pos + len, remain);
+          }
+
+          //if ( remain < 0 ) remain = 0;
+
+          // remove unused space
+          this->resize( pos+remain );
+
+        }
+    }
+    return *this;
+  }
+
+  String& String::append( const char* str, size_type n) {
+    if (str && n > 0) {
+      size_t lens = strlen(str);
+      if (n > lens)
+        n = lens;
+      size_t newlen = size_ + n;
+      this->reserve( newlen );
+      memmove(p+size_, str, n); // p and s.p MAY overlap
+      p[newlen] = 0; // add NUL termination
+      size_ = newlen;
+    }
+    return *this;
+  }
+
+  int
+  String::compare( size_type pos, size_type len, const String& str ) const {
+    int r = -1;
+    if (pos <= size_) {
+        if ( len > size_ - pos)
+          len = size_ - pos; // limit len to available length
+
+        const size_type osize = str.size();
+        const size_type len2   = std::min(len, osize);
+        r = strncmp( p + pos, str.p, len2);
+        if (r==0) // equal so far, now compare sizes
+            r = len < osize ? -1 : ( len == osize ? 0 : +1 );
+    }
+    return r;
+  }
+
+  int
+  String::compare( size_type pos, size_type len, const char* str ) const {
+      int r = -1;
+      if (pos <= size_) {
+
+        if ( len > size_ - pos)
+          len = size_ - pos; // limit len to available length
+
+        const size_type osize = strlen(str);
+        const size_type len2   = std::min(len, osize);
+        r = strncmp( p + pos, str, len2);
+        if (r==0) // equal so far, now compare sizes
+            r = len < osize ? -1 : ( len == osize ? 0 : +1 );
+    }
+    return r;
+  }
+
+ int
+ String::find_last_of(char c) const {
+    int r = -1;
+    char *v;
+    v = strrchr(p,c);
+    if (v != NULL){
+        r = 0;
+        char* i = p;
+        while (v != i){
+            i++;
+            r++;
+        }
+    }
+    return r;
+ }
+
+  void
+  String::new_realloc( size_type n) {
+    if (n > 0 ) {
+      char* pnew = static_cast<char*>(realloc(p, n)); // could return NULL
+      if (pnew)
+        p = pnew;
+    }
+   }
+
+
+  void
+  String::reserve( const size_type n) {
+    if (n >= allocated_ ) {
+      this->new_realloc(n + 1);
+      allocated_ = n + 1;
+    }
+  }
+
+  void
+  String::resize( const size_type n) {
+    this->resize( n, 0 );
+  }
+
+  void
+  String::resize( const size_type n, const char c) {
+    if (n < size_ ) {
+      p[n] = 0;
+      size_ = n;
+    }
+    else if (n >  size_ ) {
+      this->reserve( n );
+      for (size_type i=size_; i < n; ++i )
+        p[i] = c;
+      p[n] = 0;
+      size_ = n;
+    }
+  }
+
+  void String::swap( String& s ) {
+    std::swap( allocated_, s.allocated_ );
+    std::swap( size_,      s.size_      );
+    std::swap( p,          s.p          );
+  }
+
+
+  // Comparison
+  bool operator<( const String& s1, const String& s2 ) {
+    return strcmp( s1.c_str(), s2.c_str() ) < 0;
+  }
+
+} // namespace
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mtlvdeserializer.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,432 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdio.h>
+#include "include/m2mtlvdeserializer.h"
+#include "mbed-client/m2mconstants.h"
+#include "include/nsdllinker.h"
+#include "ns_trace.h"
+
+M2MTLVDeserializer::M2MTLVDeserializer()
+{
+}
+
+M2MTLVDeserializer::~M2MTLVDeserializer()
+{
+}
+
+bool M2MTLVDeserializer::is_object_instance(uint8_t *tlv)
+{
+    return is_object_instance(tlv, 0);
+}
+
+bool M2MTLVDeserializer::is_resource(uint8_t *tlv)
+{
+    return is_resource(tlv, 0);
+}
+
+bool M2MTLVDeserializer::is_multiple_resource(uint8_t *tlv)
+{
+    return is_multiple_resource(tlv, 0);
+}
+
+bool M2MTLVDeserializer::is_resource_instance(uint8_t *tlv)
+{
+    return is_resource_instance(tlv, 0);
+}
+
+M2MTLVDeserializer::Error M2MTLVDeserializer::deserialise_object_instances(uint8_t* tlv,
+                                                                           uint32_t tlv_size,
+                                                                           M2MObject &object,
+                                                                           M2MTLVDeserializer::Operation operation)
+{
+    M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+    if (is_object_instance(tlv) ) {
+        tr_debug("M2MTLVDeserializer::deserialise_object_instances");
+        error = deserialize_object_instances(tlv, tlv_size, 0, object,operation,false);
+        if(M2MTLVDeserializer::None == error) {
+            error = deserialize_object_instances(tlv, tlv_size, 0, object,operation,true);
+        }
+    } else {
+        tr_debug("M2MTLVDeserializer::deserialise_object_instances ::NotValid");
+        error = M2MTLVDeserializer::NotValid;
+    }
+    return error;
+}
+
+M2MTLVDeserializer::Error M2MTLVDeserializer::deserialize_resources(uint8_t *tlv,
+                                                                    uint32_t tlv_size,
+                                                                    M2MObjectInstance &object_instance,
+                                                                    M2MTLVDeserializer::Operation operation)
+{
+    M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+    if (!is_resource(tlv) && !is_multiple_resource(tlv)) {
+        error = M2MTLVDeserializer::NotValid;
+    } else {
+        error = deserialize_resources(tlv, tlv_size, 0, object_instance, operation,false);
+        if(M2MTLVDeserializer::None == error) {
+            error = deserialize_resources(tlv, tlv_size, 0, object_instance, operation,true);
+        }
+    }
+    return error;
+}
+
+M2MTLVDeserializer::Error M2MTLVDeserializer::deserialize_resource_instances(uint8_t *tlv,
+                                                                             uint32_t tlv_size,
+                                                                             M2MResource &resource,
+                                                                             M2MTLVDeserializer::Operation operation)
+{
+    M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+    if (!is_multiple_resource(tlv)) {
+        error = M2MTLVDeserializer::NotValid;
+    } else {
+        tr_debug("M2MTLVDeserializer::deserialize_resource_instances()");
+        uint8_t offset = 2;
+
+        ((tlv[0] & 0x20) == 0) ? offset : offset++;
+
+        uint8_t length = tlv[0] & 0x18;
+        if(length == 0x08) {
+        offset+= 1;
+        } else if(length == 0x10) {
+        offset+= 2;
+        } else if(length == 0x18) {
+        offset+= 3;
+        }
+
+        tr_debug("M2MTLVDeserializer::deserialize_resource_instances() Offset %d", offset);
+        error = deserialize_resource_instances(tlv, tlv_size, offset, resource, operation,false);
+        if(M2MTLVDeserializer::None == error) {
+            error = deserialize_resource_instances(tlv, tlv_size, offset, resource, operation,true);
+        }
+    }
+    return error;
+}
+
+M2MTLVDeserializer::Error M2MTLVDeserializer::deserialize_object_instances(uint8_t *tlv,
+                                                                           uint32_t tlv_size,
+                                                                           uint32_t offset,
+                                                                           M2MObject &object,
+                                                                           M2MTLVDeserializer::Operation operation,
+                                                                           bool update_value)
+{
+    tr_debug("M2MTLVDeserializer::deserialize_object_instances()");
+    M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+    TypeIdLength *til = TypeIdLength::createTypeIdLength(tlv, offset)->deserialize();
+    offset = til->_offset;
+
+    M2MObjectInstanceList list = object.instances();
+    M2MObjectInstanceList::const_iterator it;
+    it = list.begin();
+
+    if (TYPE_OBJECT_INSTANCE == til->_type) {
+        for (; it!=list.end(); it++) {
+            if((*it)->instance_id() == til->_id) {
+                error = deserialize_resources(tlv, tlv_size-offset, offset, (**it),operation, update_value);
+            }
+        }
+        offset += til->_length;
+
+        if(offset < tlv_size) {
+            error = deserialize_object_instances(tlv, tlv_size-offset, offset, object, operation, update_value);
+        }
+        delete til;
+    }
+    return error;
+}
+
+M2MTLVDeserializer::Error M2MTLVDeserializer::deserialize_resources(uint8_t *tlv,
+                                                                    uint32_t tlv_size,
+                                                                    uint32_t offset,
+                                                                    M2MObjectInstance &object_instance,
+                                                                    M2MTLVDeserializer::Operation operation,
+                                                                    bool update_value)
+{
+    tr_debug("M2MTLVDeserializer::deserialize_resources()");
+    M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+    TypeIdLength *til = TypeIdLength::createTypeIdLength(tlv, offset)->deserialize();
+    offset = til->_offset;
+
+    M2MResourceList list = object_instance.resources();
+    M2MResourceList::const_iterator it;
+    it = list.begin();
+
+    if (TYPE_RESOURCE == til->_type || TYPE_RESOURCE_INSTANCE == til->_type) {
+        bool found = false;
+        for (; it!=list.end(); it++) {
+            if((*it)->name_id() == til->_id){
+                tr_debug("M2MTLVDeserializer::deserialize_resources() - Resource ID %d ", til->_id);
+                found = true;
+                if(update_value) {
+                    if(til->_length > 0) {
+                        tr_debug("M2MTLVDeserializer::deserialize_resources() - Update value");
+                        (*it)->set_value(tlv+offset, til->_length);
+                    } else {
+                        tr_debug("M2MTLVDeserializer::deserialize_resources() - Clear Value");
+                        (*it)->clear_value();
+                    }
+                    break;
+                } else if(0 == ((*it)->operation() & SN_GRS_PUT_ALLOWED)) {
+                    tr_debug("M2MTLVDeserializer::deserialize_resources() - NOT_ALLOWED");
+                    error = M2MTLVDeserializer::NotAllowed;
+                    break;
+                }
+            }            
+        }
+        if(!found) {
+            if(M2MTLVDeserializer::Post == operation) {
+                //Create a new Resource
+                char *buffer = (char*)malloc(10);
+                if(buffer) {
+                    snprintf(buffer,10, "%d",til->_id);
+                    String id(buffer);
+                    M2MResource *resource = object_instance.create_dynamic_resource(id,"",M2MResourceInstance::INTEGER,true,false);
+                    if(resource) {
+                        resource->set_operation(M2MBase::GET_PUT_ALLOWED);
+                    }
+                    free(buffer);
+                }
+            } else if(M2MTLVDeserializer::Put == operation) {
+                error = M2MTLVDeserializer::NotFound;
+            }
+        }
+    } else if (TYPE_MULTIPLE_RESOURCE == til->_type) {
+        for (; it!=list.end(); it++) {
+            if((*it)->supports_multiple_instances()) {
+                error = deserialize_resource_instances(tlv, tlv_size-offset, offset, (**it), object_instance, operation, update_value);
+            }
+        }
+
+    } else {
+        delete til;
+        error = M2MTLVDeserializer::NotValid;
+        return error;
+    }
+    offset += til->_length;
+
+    delete til;
+    if(offset < tlv_size) {
+        error = deserialize_resources(tlv, tlv_size-offset, offset, object_instance, operation, update_value);
+    }
+    return error;
+}
+
+M2MTLVDeserializer::Error M2MTLVDeserializer::deserialize_resource_instances(uint8_t *tlv,
+                                                                             uint32_t tlv_size,
+                                                                             uint32_t offset,
+                                                                             M2MResource &resource,
+                                                                             M2MObjectInstance &object_instance,
+                                                                             M2MTLVDeserializer::Operation operation,
+                                                                             bool update_value)
+{
+    M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+    TypeIdLength *til = TypeIdLength::createTypeIdLength(tlv, offset)->deserialize();
+    offset = til->_offset;
+
+    if (TYPE_MULTIPLE_RESOURCE == til->_type || TYPE_RESOURCE_INSTANCE == til->_type) {
+        M2MResourceInstanceList list = resource.resource_instances();
+        M2MResourceInstanceList::const_iterator it;
+        it = list.begin();
+        bool found = false;
+        for (; it!=list.end(); it++) {
+            if((*it)->instance_id() == til->_id) {
+                found = true;
+                if(update_value) {
+                    if(til->_length > 0) {
+                        (*it)->set_value(tlv+offset, til->_length);
+                    } else {
+                        (*it)->clear_value();
+                    }
+                    break;
+                } else if(0 == ((*it)->operation() & SN_GRS_PUT_ALLOWED)) {
+                    error = M2MTLVDeserializer::NotAllowed;
+                    break;
+                }
+            }
+        }
+        if(!found) {
+            if(M2MTLVDeserializer::Post == operation) {
+                // Create a new Resource Instance
+                M2MResourceInstance *res_instance = object_instance.create_dynamic_resource_instance(resource.name(),"",
+                                                                                                 M2MResourceInstance::INTEGER,
+                                                                                                 true,
+                                                                                                 til->_id);
+                if(res_instance) {
+                    res_instance->set_operation(M2MBase::GET_PUT_ALLOWED);
+                }
+            } else if(M2MTLVDeserializer::Put == operation) {
+                error = M2MTLVDeserializer::NotFound;
+            }
+        }
+    } else {
+        delete til;
+        error = M2MTLVDeserializer::NotValid;
+        return error;
+    }
+
+    offset += til->_length;
+
+    delete til;
+    if(offset < tlv_size) {
+        error = deserialize_resource_instances(tlv, tlv_size-offset, offset, resource, object_instance, operation, update_value);
+    }
+    return error;
+}
+
+M2MTLVDeserializer::Error M2MTLVDeserializer::deserialize_resource_instances(uint8_t *tlv,
+                                                                             uint32_t tlv_size,
+                                                                             uint32_t offset,
+                                                                             M2MResource &resource,
+                                                                             M2MTLVDeserializer::Operation operation,
+                                                                             bool update_value)
+{
+    M2MTLVDeserializer::Error error = M2MTLVDeserializer::None;
+    TypeIdLength *til = TypeIdLength::createTypeIdLength(tlv, offset)->deserialize();
+    offset = til->_offset;
+
+    if (TYPE_RESOURCE_INSTANCE == til->_type) {
+        M2MResourceInstanceList list = resource.resource_instances();
+        M2MResourceInstanceList::const_iterator it;
+        it = list.begin();
+        bool found = false;
+        for (; it!=list.end(); it++) {
+            if((*it)->instance_id() == til->_id) {
+                found = true;
+                if(update_value) {
+                    if(til->_length > 0) {
+                    (*it)->set_value(tlv+offset, til->_length);
+                    } else {
+                        (*it)->clear_value();
+                    }
+                    break;
+                } else if(0 == ((*it)->operation() & SN_GRS_PUT_ALLOWED)) {
+                    error = M2MTLVDeserializer::NotAllowed;
+                    break;
+                }
+            }
+        }
+        if(!found) {
+            if(M2MTLVDeserializer::Post == operation) {
+                error = M2MTLVDeserializer::NotAllowed;
+            } else if(M2MTLVDeserializer::Put == operation) {
+                error = M2MTLVDeserializer::NotFound;
+            }
+        }
+    } else {
+        delete til;
+        error = M2MTLVDeserializer::NotValid;
+        return error;
+    }
+
+    offset += til->_length;
+
+    delete til;
+    if(offset < tlv_size) {
+        error = deserialize_resource_instances(tlv, tlv_size-offset, offset, resource, operation, update_value);
+    }
+    return error;
+}
+
+bool M2MTLVDeserializer::is_object_instance(uint8_t *tlv, uint32_t offset)
+{
+    bool ret = false;
+    if (tlv) {
+        uint8_t value = tlv[offset];
+        ret = (TYPE_OBJECT_INSTANCE == (value & TYPE_RESOURCE));
+    }
+    return ret;
+}
+
+uint16_t M2MTLVDeserializer::instance_id(uint8_t *tlv)
+{
+    TypeIdLength *til = TypeIdLength::createTypeIdLength(tlv, 0)->deserialize();
+    uint16_t id = til->_id;
+    delete til;
+    return id;
+}
+
+bool M2MTLVDeserializer::is_resource(uint8_t *tlv, uint32_t offset)
+{
+    bool ret = false;
+    if (tlv) {
+        ret = (TYPE_RESOURCE == (tlv[offset] & TYPE_RESOURCE));
+    }
+    return ret;
+}
+    
+bool M2MTLVDeserializer::is_multiple_resource(uint8_t *tlv, uint32_t offset)
+{
+    bool ret = false;
+    if (tlv) {
+        ret = (TYPE_MULTIPLE_RESOURCE == (tlv[offset] & TYPE_RESOURCE));
+    }
+    return ret;
+}
+    
+bool M2MTLVDeserializer::is_resource_instance(uint8_t *tlv, uint32_t offset)
+{
+    bool ret = false;
+    if (tlv) {
+        ret = (TYPE_RESOURCE_INSTANCE == (tlv[offset] & TYPE_RESOURCE));
+    }
+    return ret;
+}
+
+TypeIdLength* TypeIdLength::createTypeIdLength(uint8_t *tlv, uint32_t offset)
+{
+    TypeIdLength *til = new TypeIdLength();
+    til->_tlv = tlv;
+    til->_offset = offset;
+    til->_type = tlv[offset] & 0xC0;
+    til->_id = -1;
+    til->_length = 0;
+    return til;
+}
+
+TypeIdLength* TypeIdLength::deserialize()
+{
+    uint32_t idLength = _tlv[_offset] & ID16;
+    uint32_t lengthType = _tlv[_offset] & LENGTH24;
+    if (0 == lengthType) {
+        _length = _tlv[_offset] & 0x07;
+    }
+    _offset++;
+
+    deserialiseID(idLength);
+    deserialiseLength(lengthType);
+
+    return this;
+}
+
+void TypeIdLength::deserialiseID(uint32_t idLength)
+{
+    _id = _tlv[_offset++] & 0xFF;
+    if (ID16 == idLength) {
+        _id = (_id << 8) + (_tlv[_offset++] & 0xFF);
+    }
+}
+
+void TypeIdLength::deserialiseLength(uint32_t lengthType)
+{
+    if (lengthType > 0) {
+        _length = _tlv[_offset++] & 0xFF;
+    }
+    if (lengthType > LENGTH8) {
+        _length = (_length << 8) + (_tlv[_offset++] & 0xFF);
+    }
+    if (lengthType > LENGTH16) {
+        _length = (_length << 8) + (_tlv[_offset++] & 0xFF);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/m2mtlvserializer.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,242 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdio.h>
+#include "include/m2mtlvserializer.h"
+#include "mbed-client/m2mconstants.h"
+
+M2MTLVSerializer::M2MTLVSerializer()
+{
+}
+
+M2MTLVSerializer::~M2MTLVSerializer()
+{
+}
+
+uint8_t* M2MTLVSerializer::serialize(M2MObjectInstanceList object_instance_list, uint32_t &size)
+{
+    return serialize_object_instances(object_instance_list, size);
+}
+
+uint8_t* M2MTLVSerializer::serialize(M2MResourceList resource_list, uint32_t &size)
+{
+    bool valid = true;
+    return serialize_resources(resource_list, size,valid);
+}
+
+uint8_t* M2MTLVSerializer::serialize(M2MResource *resource, uint32_t &size)
+{
+    uint8_t* data = NULL;
+    serialize(resource, data, size);
+    return data;
+}
+
+uint8_t* M2MTLVSerializer::serialize_object_instances(M2MObjectInstanceList object_instance_list, uint32_t &size)
+{
+    uint8_t *data = NULL;
+
+    if(!object_instance_list.empty()) {
+        M2MObjectInstanceList::const_iterator it;
+        it = object_instance_list.begin();
+        for (; it!=object_instance_list.end(); it++) {
+            uint16_t id = (*it)->instance_id();
+            serialize(id, *it, data, size);
+        }
+    }
+    return data;
+}
+
+uint8_t* M2MTLVSerializer::serialize_resources(M2MResourceList resource_list, uint32_t &size, bool &valid)
+{
+    uint8_t *data = NULL;
+
+    if(!resource_list.empty()) {
+        M2MResourceList::const_iterator it;
+        it = resource_list.begin();
+        for (; it!=resource_list.end(); it++) {
+            if((*it)->name_id() == -1) {
+                valid = false;
+                break;
+            }
+        }
+        if(valid) {
+            it = resource_list.begin();
+            for (; it!=resource_list.end(); it++) {
+                serialize(*it, data, size);
+            }
+        }
+    }
+    return data;
+}
+
+void M2MTLVSerializer::serialize(uint16_t id, M2MObjectInstance *object_instance, uint8_t *&data, uint32_t &size)
+{
+    uint8_t *resource_data = NULL;
+    uint32_t resource_size = 0;
+
+    bool valid = true;
+    resource_data = serialize_resources(object_instance->resources(),resource_size,valid);
+    if(valid) {
+        serialize_TILV(TYPE_OBJECT_INSTANCE, id, resource_data, resource_size, data, size);
+    }
+    free(resource_data);
+}
+
+bool M2MTLVSerializer::serialize(M2MResource *resource, uint8_t *&data, uint32_t &size)
+{
+    bool success = false;
+    if(resource->name_id() != -1) {
+        success = resource->supports_multiple_instances() ?
+                serialize_multiple_resource(resource, data, size) :
+                serialize_resource(resource, data, size);
+    }
+    return success;
+}
+
+bool M2MTLVSerializer::serialize_resource(M2MResource *resource, uint8_t *&data, uint32_t &size)
+{
+    bool success = false;
+    if(resource->name_id() != -1) {
+        success = true;
+        serialize_TILV(TYPE_RESOURCE, resource->name_id(), resource->value(), resource->value_length(), data, size);
+    }
+    return success;
+}
+
+bool M2MTLVSerializer::serialize_multiple_resource(M2MResource *resource, uint8_t *&data, uint32_t &size)
+{
+    bool success = false;
+    uint8_t *nested_data = NULL;
+    uint32_t nested_data_size = 0;
+
+    M2MResourceInstanceList instance_list = resource->resource_instances();
+    if(!instance_list.empty()) {
+        M2MResourceInstanceList::const_iterator it;
+        it = instance_list.begin();
+        for (; it!=instance_list.end(); it++) {
+            uint16_t id = (*it)->instance_id();
+            serialize_resource_instance(id, (*it), nested_data, nested_data_size);            
+        }
+    }
+    if(resource->name_id() != -1) {
+        success = true;
+        serialize_TILV(TYPE_MULTIPLE_RESOURCE, resource->name_id(), nested_data, nested_data_size, data, size);
+    }
+
+    free(nested_data);
+    nested_data = NULL;
+    return success;
+}
+
+void M2MTLVSerializer::serialize_resource_instance(uint16_t id, M2MResourceInstance *resource, uint8_t *&data, uint32_t &size)
+{
+    serialize_TILV(TYPE_RESOURCE_INSTANCE, id, resource->value(), resource->value_length(), data, size);
+}
+
+void M2MTLVSerializer::serialize_TILV(uint8_t type, uint16_t id, uint8_t *value, uint32_t value_length, uint8_t *&data, uint32_t &size)
+{
+    uint8_t *tlv = 0;
+    uint32_t type_length = 1;
+    type += id < 256 ? 0 : ID16;
+    type += value_length < 8 ? value_length :
+            value_length < 256 ? LENGTH8 :
+            value_length < 65536 ? LENGTH16 : LENGTH24;
+    uint8_t *tlv_type = (uint8_t*)malloc(type_length+1);
+    memset(tlv_type,0,type_length+1);
+    *tlv_type = type & 0xFF;
+
+    uint32_t id_size = 0;
+    uint8_t* id_ptr = serialize_id(id, id_size);
+
+    uint32_t length_size = 0;
+    uint8_t* length_ptr = serialize_length(value_length, length_size);
+
+    tlv = (uint8_t*)malloc(size + type_length + id_size + length_size + value_length+1);
+    memset(tlv,0,size + type_length + id_size + length_size + value_length+1);
+    if(data) {
+        memcpy(tlv, data, size);
+    }
+    memcpy(tlv+size, tlv_type, type_length);
+    memcpy(tlv+size+type_length, id_ptr, id_size);
+    memcpy(tlv+size+type_length+id_size, length_ptr, length_size);
+    memcpy(tlv+size+type_length+id_size+length_size, value, value_length);
+
+    if(tlv_type) {
+        free(tlv_type) ;
+    }
+    if(length_ptr) {
+        free(length_ptr);
+    }
+    if(id_ptr) {
+        free(id_ptr);
+    }
+    if(data) {
+        free(data);
+        data = NULL;
+    }
+    data = tlv;
+    size += type_length + id_size + length_size + value_length;
+}
+
+uint8_t* M2MTLVSerializer::serialize_id(uint16_t id, uint32_t &size)
+{
+    uint32_t id_size = id > 255 ? 2 : 1;
+    uint8_t *id_ptr = (uint8_t*)malloc(id_size);
+    memset(id_ptr, 0 , id_size);
+    size += id_size;
+    if(id > 255) {
+        *id_ptr = (id & 0xFF00) >> 8;
+        id_ptr++;
+        *id_ptr = id & 0xFF;
+        id_ptr--;
+    } else {
+        *id_ptr = id & 0xFF;
+    }
+    return id_ptr;
+}
+
+uint8_t* M2MTLVSerializer::serialize_length(uint32_t length, uint32_t &size)
+{
+    uint8_t *length_ptr = 0;
+    uint32_t length_size = 0;
+    if (length > 65535) {
+        length_size = 3;
+        length_ptr = (uint8_t*)malloc(length_size+1);
+        memset(length_ptr,0,length_size+1);
+        *length_ptr = (length & 0xFF0000) >> 16;
+        length_ptr++;
+        *length_ptr = (length & 0xFF00) >> 8;
+        length_ptr++;
+        *length_ptr = length & 0xFF;
+        length_ptr--;
+        length_ptr--;
+    } else if (length > 255) {
+        length_size = 2;
+        length_ptr = (uint8_t*)malloc(length_size+1);
+        memset(length_ptr,0,length_size+1);
+        *length_ptr = (length & 0xFF00) >> 8;
+        length_ptr++;
+        *length_ptr = length & 0xFF;
+        length_ptr--;
+    } else if (length > 7) {
+        length_size = 1;
+        length_ptr = (uint8_t*)malloc(length_size+1);
+        memset(length_ptr,0,length_size+1);
+        *length_ptr = length & 0xFF;
+    }
+    size += length_size;
+    return length_ptr;
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-client/source/nsdlaccesshelper.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "include/nsdlaccesshelper.h"
+#include "include/m2mnsdlinterface.h"
+
+// callback function for NSDL library to call into
+M2MNsdlInterface  *__nsdl_interface = NULL;
+
+uint8_t __nsdl_c_callback(struct nsdl_s *nsdl_handle,
+                          sn_coap_hdr_s *received_coap_ptr,
+                          sn_nsdl_addr_s *address,
+                          sn_nsdl_capab_e nsdl_capab)
+{
+    uint8_t status = 0;
+    if(__nsdl_interface) {
+        status = __nsdl_interface->resource_callback(nsdl_handle,received_coap_ptr,
+                                                     address, nsdl_capab);
+    }
+    return status;
+}
+
+void* __nsdl_c_memory_alloc(uint16_t size)
+{
+    void * val = NULL;
+    if(__nsdl_interface) {
+        val = __nsdl_interface->memory_alloc(size);
+    }
+    return val;
+}
+
+void __nsdl_c_memory_free(void *ptr)
+{
+    if(__nsdl_interface) {
+        __nsdl_interface->memory_free(ptr);
+    }
+}
+
+uint8_t __nsdl_c_send_to_server(struct nsdl_s * nsdl_handle,
+                                sn_nsdl_capab_e protocol,
+                                uint8_t *data_ptr,
+                                uint16_t data_len,
+                                sn_nsdl_addr_s *address_ptr)
+{
+    uint8_t status = 0;
+    if(__nsdl_interface) {
+        status = __nsdl_interface->send_to_server_callback(nsdl_handle,
+                                                           protocol, data_ptr,
+                                                           data_len, address_ptr);
+    }
+    return status;
+}
+
+uint8_t __nsdl_c_received_from_server(struct nsdl_s * nsdl_handle,
+                                      sn_coap_hdr_s *coap_header,
+                                      sn_nsdl_addr_s *address_ptr)
+{
+    uint8_t status = 0;
+    if(__nsdl_interface) {
+        status = __nsdl_interface->received_from_server_callback(nsdl_handle,
+                                                                 coap_header,
+                                                                 address_ptr);
+    }
+    return status;
+}
+
+void __nsdl_c_bootstrap_done(sn_nsdl_oma_server_info_t *server_info_ptr)
+{
+    if(__nsdl_interface) {
+        __nsdl_interface->bootstrap_done_callback(server_info_ptr);
+    }
+}
+
+void* __socket_malloc( void * context, size_t size)
+{
+    (void) context;
+    return malloc(size);
+}
+
+void __socket_free(void * context, void * ptr)
+{
+    (void) context;
+    free(ptr);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/Mail.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,109 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef MAIL_H
+#define MAIL_H
+
+#include <stdint.h>
+#include <string.h>
+
+#include "cmsis_os.h"
+
+namespace rtos {
+
+/** The Mail class allow to control, send, receive, or wait for mail.
+ A mail is a memory block that is send to a thread or interrupt service routine.
+  @tparam  T         data type of a single message element.
+  @tparam  queue_sz  maximum number of messages in queue.
+*/
+template<typename T, uint32_t queue_sz>
+class Mail {
+public:
+    /** Create and Initialise Mail queue. */
+    Mail() {
+    #ifdef CMSIS_OS_RTX
+        memset(_mail_q, 0, sizeof(_mail_q));
+        _mail_p[0] = _mail_q;
+
+        memset(_mail_m, 0, sizeof(_mail_m));
+        _mail_p[1] = _mail_m;
+
+        _mail_def.pool = _mail_p;
+        _mail_def.queue_sz = queue_sz;
+        _mail_def.item_sz = sizeof(T);
+    #endif
+        _mail_id = osMailCreate(&_mail_def, NULL);
+    }
+
+    /** Allocate a memory block of type T
+      @param   millisec  timeout value or 0 in case of no time-out. (default: 0).
+      @return  pointer to memory block that can be filled with mail or NULL in case error.
+    */
+    T* alloc(uint32_t millisec=0) {
+        return (T*)osMailAlloc(_mail_id, millisec);
+    }
+
+    /** Allocate a memory block of type T and set memory block to zero.
+      @param   millisec  timeout value or 0 in case of no time-out.  (default: 0).
+      @return  pointer to memory block that can be filled with mail or NULL in case error.
+    */
+    T* calloc(uint32_t millisec=0) {
+        return (T*)osMailCAlloc(_mail_id, millisec);
+    }
+
+    /** Put a mail in the queue.
+      @param   mptr  memory block previously allocated with Mail::alloc or Mail::calloc.
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus put(T *mptr) {
+        return osMailPut(_mail_id, (void*)mptr);
+    }
+
+    /** Get a mail from a queue.
+      @param   millisec  timeout value or 0 in case of no time-out. (default: osWaitForever).
+      @return  event that contains mail information or error code.
+    */
+    osEvent get(uint32_t millisec=osWaitForever) {
+        return osMailGet(_mail_id, millisec);
+    }
+
+    /** Free a memory block from a mail.
+      @param   mptr  pointer to the memory block that was obtained with Mail::get.
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus free(T *mptr) {
+        return osMailFree(_mail_id, (void*)mptr);
+    }
+
+private:
+    osMailQId    _mail_id;
+    osMailQDef_t _mail_def;
+#ifdef CMSIS_OS_RTX
+    uint32_t     _mail_q[4+(queue_sz)];
+    uint32_t     _mail_m[3+((sizeof(T)+3)/4)*(queue_sz)];
+    void        *_mail_p[2];
+#endif
+};
+
+}
+
+#endif
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/MemoryPool.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,82 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef MEMORYPOOL_H
+#define MEMORYPOOL_H
+
+#include <stdint.h>
+#include <string.h>
+
+#include "cmsis_os.h"
+
+namespace rtos {
+
+/** Define and manage fixed-size memory pools of objects of a given type.
+  @tparam  T         data type of a single object (element).
+  @tparam  queue_sz  maximum number of objects (elements) in the memory pool.
+*/
+template<typename T, uint32_t pool_sz>
+class MemoryPool {
+public:
+    /** Create and Initialize a memory pool. */
+    MemoryPool() {
+    #ifdef CMSIS_OS_RTX
+        memset(_pool_m, 0, sizeof(_pool_m));
+        _pool_def.pool = _pool_m;
+
+        _pool_def.pool_sz = pool_sz;
+        _pool_def.item_sz =  sizeof(T);
+    #endif
+        _pool_id = osPoolCreate(&_pool_def);
+    }
+
+    /** Allocate a memory block of type T from a memory pool.
+      @return  address of the allocated memory block or NULL in case of no memory available.
+    */
+    T* alloc(void) {
+        return (T*)osPoolAlloc(_pool_id);
+    }
+
+    /** Allocate a memory block of type T from a memory pool and set memory block to zero.
+      @return  address of the allocated memory block or NULL in case of no memory available.
+    */
+    T* calloc(void) {
+        return (T*)osPoolCAlloc(_pool_id);
+    }
+
+    /** Return an allocated memory block back to a specific memory pool.
+      @param   address of the allocated memory block that is returned to the memory pool.
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus free(T *block) {
+        return osPoolFree(_pool_id, (void*)block);
+    }
+
+private:
+    osPoolId    _pool_id;
+    osPoolDef_t _pool_def;
+#ifdef CMSIS_OS_RTX
+    uint32_t    _pool_m[3+((sizeof(T)+3)/4)*(pool_sz)];
+#endif
+};
+
+}
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/Mutex.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#include "Mutex.h"
+
+#include <string.h>
+#include "mbed_error.h"
+
+namespace rtos {
+
+Mutex::Mutex() {
+#ifdef CMSIS_OS_RTX
+    memset(_mutex_data, 0, sizeof(_mutex_data));
+    _osMutexDef.mutex = _mutex_data;
+#endif
+    _osMutexId = osMutexCreate(&_osMutexDef);
+    if (_osMutexId == NULL) {
+        error("Error initializing the mutex object\n");
+    }
+}
+
+osStatus Mutex::lock(uint32_t millisec) {
+    return osMutexWait(_osMutexId, millisec);
+}
+
+bool Mutex::trylock() {
+    return (osMutexWait(_osMutexId, 0) == osOK);
+}
+
+osStatus Mutex::unlock() {
+    return osMutexRelease(_osMutexId);
+}
+
+Mutex::~Mutex() {
+    osMutexDelete(_osMutexId);
+}
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/Mutex.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,69 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef MUTEX_H
+#define MUTEX_H
+
+#include <stdint.h>
+#include "cmsis_os.h"
+
+namespace rtos {
+
+/** The Mutex class is used to synchronise the execution of threads.
+ This is for example used to protect access to a shared resource.
+*/
+class Mutex {
+public:
+    /** Create and Initialize a Mutex object */
+    Mutex();
+
+    /** Wait until a Mutex becomes available.
+      @param   millisec  timeout value or 0 in case of no time-out. (default: osWaitForever)
+      @return  status code that indicates the execution status of the function.
+     */
+    osStatus lock(uint32_t millisec=osWaitForever);
+
+    /** Try to lock the mutex, and return immediately
+      @return  true if the mutex was acquired, false otherwise.
+     */
+    bool trylock();
+
+    /** Unlock the mutex that has previously been locked by the same thread
+      @return  status code that indicates the execution status of the function.
+     */
+    osStatus unlock();
+
+    ~Mutex();
+
+private:
+    osMutexId _osMutexId;
+    osMutexDef_t _osMutexDef;
+#ifdef CMSIS_OS_RTX
+#ifdef __MBED_CMSIS_RTOS_CA9
+    int32_t _mutex_data[4];
+#else
+    int32_t _mutex_data[3];
+#endif
+#endif
+};
+
+}
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/Queue.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,81 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef QUEUE_H
+#define QUEUE_H
+
+#include <stdint.h>
+#include <string.h>
+
+#include "cmsis_os.h"
+#include "mbed_error.h"
+
+namespace rtos {
+
+/** The Queue class allow to control, send, receive, or wait for messages.
+ A message can be a integer or pointer value  to a certain type T that is send
+ to a thread or interrupt service routine.
+  @tparam  T         data type of a single message element.
+  @tparam  queue_sz  maximum number of messages in queue.
+*/
+template<typename T, uint32_t queue_sz>
+class Queue {
+public:
+    /** Create and initialise a message Queue. */
+    Queue() {
+    #ifdef CMSIS_OS_RTX
+        memset(_queue_q, 0, sizeof(_queue_q));
+        _queue_def.pool = _queue_q;
+        _queue_def.queue_sz = queue_sz;
+    #endif
+        _queue_id = osMessageCreate(&_queue_def, NULL);
+        if (_queue_id == NULL) {
+            error("Error initialising the queue object\n");
+        }
+    }
+
+    /** Put a message in a Queue.
+      @param   data      message pointer.
+      @param   millisec  timeout value or 0 in case of no time-out. (default: 0)
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus put(T* data, uint32_t millisec=0) {
+        return osMessagePut(_queue_id, (uint32_t)data, millisec);
+    }
+
+    /** Get a message or Wait for a message from a Queue.
+      @param   millisec  timeout value or 0 in case of no time-out. (default: osWaitForever).
+      @return  event information that includes the message and the status code.
+    */
+    osEvent get(uint32_t millisec=osWaitForever) {
+        return osMessageGet(_queue_id, millisec);
+    }
+
+private:
+    osMessageQId    _queue_id;
+    osMessageQDef_t _queue_def;
+#ifdef CMSIS_OS_RTX
+    uint32_t        _queue_q[4+(queue_sz)];
+#endif
+};
+
+}
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/RtosTimer.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,53 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#include "RtosTimer.h"
+
+#include <string.h>
+
+#include "cmsis_os.h"
+#include "mbed_error.h"
+
+namespace rtos {
+
+RtosTimer::RtosTimer(void (*periodic_task)(void const *argument), os_timer_type type, void *argument) {
+#ifdef CMSIS_OS_RTX
+    _timer.ptimer = periodic_task;
+
+    memset(_timer_data, 0, sizeof(_timer_data));
+    _timer.timer = _timer_data;
+#endif
+    _timer_id = osTimerCreate(&_timer, type, argument);
+}
+
+osStatus RtosTimer::start(uint32_t millisec) {
+    return osTimerStart(_timer_id, millisec);
+}
+
+osStatus RtosTimer::stop(void) {
+    return osTimerStop(_timer_id);
+}
+
+RtosTimer::~RtosTimer() {
+    osTimerDelete(_timer_id);
+}
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/RtosTimer.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,71 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef RTOS_TIMER_H
+#define RTOS_TIMER_H
+
+#include <stdint.h>
+#include "cmsis_os.h"
+
+namespace rtos {
+
+/** The RtosTimer class allow creating and and controlling of timer functions in the system.
+ A timer function is called when a time period expires whereby both on-shot and
+ periodic timers are possible. A timer can be started, restarted, or stopped.
+
+ Timers are handled in the thread osTimerThread.
+ Callback functions run under control of this thread and may use CMSIS-RTOS API calls.
+*/
+class RtosTimer {
+public:
+    /** Create and Start timer.
+      @param   task      name of the timer call back function.
+      @param   type      osTimerOnce for one-shot or osTimerPeriodic for periodic behaviour. (default: osTimerPeriodic)
+      @param   argument  argument to the timer call back function. (default: NULL)
+    */
+    RtosTimer(void (*task)(void const *argument),
+          os_timer_type type=osTimerPeriodic,
+          void *argument=NULL);
+
+    /** Stop the timer.
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus stop(void);
+
+    /** start a timer.
+      @param   millisec  time delay value of the timer.
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus start(uint32_t millisec);
+
+    ~RtosTimer();
+
+private:
+    osTimerId _timer_id;
+    osTimerDef_t _timer;
+#ifdef CMSIS_OS_RTX
+    uint32_t _timer_data[5];
+#endif
+};
+
+}
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/Semaphore.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,48 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#include "Semaphore.h"
+
+#include <string.h>
+
+namespace rtos {
+
+Semaphore::Semaphore(int32_t count) {
+#ifdef CMSIS_OS_RTX
+    memset(_semaphore_data, 0, sizeof(_semaphore_data));
+    _osSemaphoreDef.semaphore = _semaphore_data;
+#endif
+    _osSemaphoreId = osSemaphoreCreate(&_osSemaphoreDef, count);
+}
+
+int32_t Semaphore::wait(uint32_t millisec) {
+    return osSemaphoreWait(_osSemaphoreId, millisec);
+}
+
+osStatus Semaphore::release(void) {
+    return osSemaphoreRelease(_osSemaphoreId);
+}
+
+Semaphore::~Semaphore() {
+    osSemaphoreDelete(_osSemaphoreId);
+}
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/Semaphore.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,60 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef SEMAPHORE_H
+#define SEMAPHORE_H
+
+#include <stdint.h>
+#include "cmsis_os.h"
+
+namespace rtos {
+
+/** The Semaphore class is used to manage and protect access to a set of shared resources. */
+class Semaphore {
+public:
+    /** Create and Initialize a Semaphore object used for managing resources.
+      @param number of available resources; maximum index value is (count-1).
+    */
+    Semaphore(int32_t count);
+
+    /** Wait until a Semaphore resource becomes available.
+      @param   millisec  timeout value or 0 in case of no time-out. (default: osWaitForever).
+      @return  number of available tokens, or -1 in case of incorrect parameters
+    */
+    int32_t wait(uint32_t millisec=osWaitForever);
+
+    /** Release a Semaphore resource that was obtain with Semaphore::wait.
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus release(void);
+
+    ~Semaphore();
+
+private:
+    osSemaphoreId _osSemaphoreId;
+    osSemaphoreDef_t _osSemaphoreDef;
+#ifdef CMSIS_OS_RTX
+    uint32_t _semaphore_data[2];
+#endif
+};
+
+}
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/Thread.cpp	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,142 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#include "Thread.h"
+
+#include "mbed_error.h"
+
+namespace rtos {
+
+Thread::Thread(void (*task)(void const *argument), void *argument,
+        osPriority priority, uint32_t stack_size, unsigned char *stack_pointer) {
+#ifdef CMSIS_OS_RTX
+    _thread_def.pthread = task;
+    _thread_def.tpriority = priority;
+    _thread_def.stacksize = stack_size;
+    if (stack_pointer != NULL) {
+        _thread_def.stack_pointer = (uint32_t*)stack_pointer;
+        _dynamic_stack = false;
+    } else {
+        _thread_def.stack_pointer = new uint32_t[stack_size/sizeof(uint32_t)];
+        if (_thread_def.stack_pointer == NULL)
+            error("Error allocating the stack memory\n");
+        _dynamic_stack = true;
+    }
+    
+    //Fill the stack with a magic word for maximum usage checking
+    for (uint32_t i = 0; i < (stack_size / sizeof(uint32_t)); i++) {
+        _thread_def.stack_pointer[i] = 0xE25A2EA5;
+    }
+#endif
+    _tid = osThreadCreate(&_thread_def, argument);
+}
+
+osStatus Thread::terminate() {
+    return osThreadTerminate(_tid);
+}
+
+osStatus Thread::set_priority(osPriority priority) {
+    return osThreadSetPriority(_tid, priority);
+}
+
+osPriority Thread::get_priority() {
+    return osThreadGetPriority(_tid);
+}
+
+int32_t Thread::signal_set(int32_t signals) {
+    return osSignalSet(_tid, signals);
+}
+
+int32_t Thread::signal_clr(int32_t signals) {
+    return osSignalClear(_tid, signals);
+}
+
+Thread::State Thread::get_state() {
+#ifndef __MBED_CMSIS_RTOS_CA9
+    return ((State)_thread_def.tcb.state);
+#else
+    uint8_t status;
+    status = osThreadGetState(_tid);
+    return ((State)status);
+#endif
+}
+
+uint32_t Thread::stack_size() {
+#ifndef __MBED_CMSIS_RTOS_CA9
+    return _thread_def.tcb.priv_stack;
+#else
+    return 0;
+#endif
+}
+
+uint32_t Thread::free_stack() {
+#ifndef __MBED_CMSIS_RTOS_CA9
+    uint32_t bottom = (uint32_t)_thread_def.tcb.stack;
+    return _thread_def.tcb.tsk_stack - bottom;
+#else
+    return 0;
+#endif
+}
+
+uint32_t Thread::used_stack() {
+#ifndef __MBED_CMSIS_RTOS_CA9
+    uint32_t top = (uint32_t)_thread_def.tcb.stack + _thread_def.tcb.priv_stack;
+    return top - _thread_def.tcb.tsk_stack;
+#else
+    return 0;
+#endif
+}
+
+uint32_t Thread::max_stack() {
+#ifndef __MBED_CMSIS_RTOS_CA9
+    uint32_t high_mark = 0;
+    while (_thread_def.tcb.stack[high_mark] == 0xE25A2EA5)
+        high_mark++;
+    return _thread_def.tcb.priv_stack - (high_mark * 4);
+#else
+    return 0;
+#endif
+}
+
+osEvent Thread::signal_wait(int32_t signals, uint32_t millisec) {
+    return osSignalWait(signals, millisec);
+}
+
+osStatus Thread::wait(uint32_t millisec) {
+    return osDelay(millisec);
+}
+
+osStatus Thread::yield() {
+    return osThreadYield();
+}
+
+osThreadId Thread::gettid() {
+    return osThreadGetId();
+}
+
+Thread::~Thread() {
+    terminate();
+    if (_dynamic_stack) {
+        delete[] (_thread_def.stack_pointer);
+    }
+}
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/Thread.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,144 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef THREAD_H
+#define THREAD_H
+
+#include <stdint.h>
+#include "cmsis_os.h"
+
+namespace rtos {
+
+/** The Thread class allow defining, creating, and controlling thread functions in the system. */
+class Thread {
+public:
+    /** Create a new thread, and start it executing the specified function.
+      @param   task           function to be executed by this thread.
+      @param   argument       pointer that is passed to the thread function as start argument. (default: NULL).
+      @param   priority       initial priority of the thread function. (default: osPriorityNormal).
+      @param   stack_size      stack size (in bytes) requirements for the thread function. (default: DEFAULT_STACK_SIZE).
+      @param   stack_pointer  pointer to the stack area to be used by this thread (default: NULL).
+    */
+    Thread(void (*task)(void const *argument), void *argument=NULL,
+           osPriority priority=osPriorityNormal,
+           uint32_t stack_size=DEFAULT_STACK_SIZE,
+           unsigned char *stack_pointer=NULL);
+
+    /** Terminate execution of a thread and remove it from Active Threads
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus terminate();
+
+    /** Set priority of an active thread
+      @param   priority  new priority value for the thread function.
+      @return  status code that indicates the execution status of the function.
+    */
+    osStatus set_priority(osPriority priority);
+
+    /** Get priority of an active thread
+      @return  current priority value of the thread function.
+    */
+    osPriority get_priority();
+
+    /** Set the specified Signal Flags of an active thread.
+      @param   signals  specifies the signal flags of the thread that should be set.
+      @return  previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+    */
+    int32_t signal_set(int32_t signals);
+
+    /** Clears the specified Signal Flags of an active thread.
+      @param   signals  specifies the signal flags of the thread that should be cleared.
+      @return  resultant signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+    */
+    int32_t signal_clr(int32_t signals);
+
+    /** State of the Thread */
+    enum State {
+        Inactive,           /**< Not created or terminated */
+        Ready,              /**< Ready to run */
+        Running,            /**< Running */
+        WaitingDelay,       /**< Waiting for a delay to occur */
+        WaitingInterval,    /**< Waiting for an interval to occur */
+        WaitingOr,          /**< Waiting for one event in a set to occur */
+        WaitingAnd,         /**< Waiting for multiple events in a set to occur */
+        WaitingSemaphore,   /**< Waiting for a semaphore event to occur */
+        WaitingMailbox,     /**< Waiting for a mailbox event to occur */
+        WaitingMutex,       /**< Waiting for a mutex event to occur */
+    };
+
+    /** State of this Thread
+      @return  the State of this Thread
+    */
+    State get_state();
+    
+    /** Get the total stack memory size for this Thread
+      @return  the total stack memory size in bytes
+    */
+    uint32_t stack_size();
+    
+    /** Get the currently unused stack memory for this Thread
+      @return  the currently unused stack memory in bytes
+    */
+    uint32_t free_stack();
+    
+    /** Get the currently used stack memory for this Thread
+      @return  the currently used stack memory in bytes
+    */
+    uint32_t used_stack();
+    
+    /** Get the maximum stack memory usage to date for this Thread
+      @return  the maximum stack memory usage to date in bytes
+    */
+    uint32_t max_stack();
+
+    /** Wait for one or more Signal Flags to become signaled for the current RUNNING thread.
+      @param   signals   wait until all specified signal flags set or 0 for any single signal flag.
+      @param   millisec  timeout value or 0 in case of no time-out. (default: osWaitForever).
+      @return  event flag information or error code.
+    */
+    static osEvent signal_wait(int32_t signals, uint32_t millisec=osWaitForever);
+
+    /** Wait for a specified time period in millisec:
+      @param   millisec  time delay value
+      @return  status code that indicates the execution status of the function.
+    */
+    static osStatus wait(uint32_t millisec);
+
+    /** Pass control to next thread that is in state READY.
+      @return  status code that indicates the execution status of the function.
+    */
+    static osStatus yield();
+
+    /** Get the thread id of the current running thread.
+      @return  thread ID for reference by other functions or NULL in case of error.
+    */
+    static osThreadId gettid();
+
+    virtual ~Thread();
+
+private:
+    osThreadId _tid;
+    osThreadDef_t _thread_def;
+    bool _dynamic_stack;
+};
+
+}
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtos/rtos.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,35 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2012 ARM Limited
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef RTOS_H
+#define RTOS_H
+
+#include "Thread.h"
+#include "Mutex.h"
+#include "RtosTimer.h"
+#include "Semaphore.h"
+#include "Mail.h"
+#include "MemoryPool.h"
+#include "Queue.h"
+
+using namespace rtos;
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/ARM7/TOOLCHAIN_GCC/HAL_CM0.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,329 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM0.S
+ *      Purpose: Hardware Abstraction Layer for ARM7TDMI
+ *      Rev.:    V1.0
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used 
+ *    to endorse or promote products derived from this software without 
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        .file   "HAL_CM0.S"
+        .syntax unified
+
+        .equ    TCB_TSTACK, 40
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        .arm
+
+        .section ".text"
+        .align  2
+
+/*-------------------------- Save Context --------------------------------*/
+/* MUST be called the first */
+.macro SaveContext
+
+      /* Push R0 as we are going to use the register. */                                      \
+        STMDB  SP!, {R0}
+
+        /* Set R0 to SP(user) */
+        STMDB  SP,{SP}^
+        NOP
+        SUB    SP, SP, #4
+        LDMIA  SP!,{R0}
+
+        /* Push the LR return address onto the user stack. */
+        STMDB  R0!, {LR}
+
+        /* Now we have saved LR we can use it instead of R0. */
+        MOV    LR, R0
+
+        /* Pop R0 so we can save it onto the system mode stack. */
+        LDMIA  SP!, {R0}
+
+        /* Push all the system mode registers onto the task stack. */
+        STMDB  LR,{R0-R12,LR}^      /* LR can not be changed because  user's LR is used*/
+        NOP                         /* pass 1 cycle before changing LR */
+        SUB    LR, LR, #14*4        /* change LR now -15 dwords (R0-R14)*/
+
+        /* Push the SPSR onto the task stack. */
+        MRS    R0, SPSR
+        STMDB  LR!, {R0}
+
+        /* Store the new top of stack for the task. */
+        LDR    R0,=os_tsk
+        LDR    R0, [R0]             /* R0 = (tcb) os_tsk.run */
+        STR    LR, [R0, TCB_TSTACK] /* tcb.tsk_stack = SP(user) */
+.endm
+
+/*-------------------------- Restore Context --------------------------------*/
+        .type   RestoreContext, %function
+        .global RestoreContext
+RestoreContext:
+        .fnstart
+        .cantunwind
+    /* Set the LR to the task stack. */
+    LDR     R0,=os_tsk
+    LDR     R1, [R0, 4]              /* R1 = (tcb) os_tsk.new */
+    STR     R1, [R0]                 /* os_tsk.run = os_tsk_newk */
+    LDR     LR, [R1, TCB_TSTACK]     /* LR = tcb.tsk_stack */
+
+    /* Get the SPSR from the stack. */
+    LDMFD   LR!, {R0}                /*  SPSR */
+    MSR     SPSR, R0
+
+    /* Restore all system mode registers for the task. */
+    LDMFD  LR, {R0-R12,LR}^
+    NOP
+
+    ADD    LR, LR, 15*4               /* increase starck pointer */
+    /* Set SP(user) to LR */
+    STMDB  SP!,{LR}
+    LDMIA  SP,{SP}^
+    NOP
+    ADD    SP, SP, #4
+
+    /* Restore the return address. */
+    LDR    LR, [LR,#-4]                   /* last dword is task's PC register */
+
+    /* And return - correcting the offset in the LR to obtain the */
+    /* correct address. */
+    SUBS    PC, LR, #4
+
+/*-------------------------- End --------------------------------*/
+ .fnend
+        .size   RestoreContext, .-RestoreContext
+
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+#       void rt_set_PSP (U32 stack);
+
+        .type   rt_set_PSP, %function
+        .global rt_set_PSP
+rt_set_PSP:
+        .fnstart
+        .cantunwind
+
+        MOV     SP,R0
+        BX      LR
+
+        .fnend
+        .size   rt_set_PSP, .-rt_set_PSP
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+#       U32 rt_get_PSP (void);
+
+        .type   rt_get_PSP, %function
+        .global rt_get_PSP
+rt_get_PSP:
+        .fnstart
+        .cantunwind
+
+        MOV     R0,SP
+        BX      LR
+
+        .fnend
+        .size   rt_get_PSP, .-rt_get_PSP
+
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+#      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .type   _alloc_box, %function
+        .global _alloc_box
+_alloc_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R3,=rt_alloc_box
+        MOV     R12, R3
+        MRS     R3, CPSR
+        AND     R3, 0x1F
+        CMP     R3, 0x12 /* IRQ mode*/
+        BNE     PrivilegedA
+        CMP     R3, 0x1F /* System mode*/
+        BNE     PrivilegedA
+        SVC     0
+        BX      LR
+PrivilegedA:
+        BX      R12
+
+        .fnend
+        .size   _alloc_box, .-_alloc_box
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+#       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .type   _free_box, %function
+        .global _free_box
+_free_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R3,=rt_free_box
+        MOV     R12, R3
+        MRS     R3, CPSR
+        AND     R3, 0x1F
+        CMP     R3, 0x12 /* IRQ mode*/
+        BNE     PrivilegedA
+        CMP     R3, 0x1F /* System mode*/
+        BNE     PrivilegedA
+        SVC     0
+        BX      LR
+PrivilegedF:
+        BX      R12
+
+        .fnend
+        .size   _free_box, .-_free_box
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+#       void SVC_Handler (void);
+
+        .type   SVC_Handler, %function
+        .global SVC_Handler
+SVC_Handler:
+        .fnstart
+        .cantunwind
+        /* Within an IRQ ISR the link register has an offset from the true return
+        address, but an SWI ISR does not.  Add the offset manually so the same
+        ISR return code can be used in both cases. */
+
+        STMFD   SP!, {R0,LR}          /* Store registers. */
+        ADD     LR, LR, #4            /* Align LR with IRQ handler */
+        SaveContext
+        MOV     R11, LR               /* Save Task Stack Pointer */
+        LDMFD   SP!, {R0,LR}          /* Restore registers and return. */
+        STMFD   SP!, {R11}            /* Save Task Stack Pointer */
+
+        LDR     R5, [LR,#-4]          /* Calculate address of SWI instruction and load it into r5. */
+        BIC     R5, R5,#0xff000000    /* Mask off top 8 bits of instruction to give SWI number. */
+
+        CMP     R5, #0
+        BNE     SVC_User                /* User SVC Number > 0 */
+        MOV     LR, PC                  /* set LR to return address */
+        BX      R12                     /* Call SVC Function */
+
+        LDMFD   SP!, {R11}              /* Load Task Stack Pointer */
+        STMIB   R11!, {R0-R3}           /* Store return values to Task stack */
+
+SVC_Exit:
+        B       RestoreContext           /* return to the task */
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        LDR     R6,=SVC_Count
+        LDR     R6,[R6]
+        CMP     R5,R6
+        LDMFDHI   SP!, {R11}
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table - 4
+        LSLS    R5,R5,#2
+        LDR     R4,[R4,R5]              /* Load SVC Function Address */
+        /*  R0-R3,R12  are unchanged */
+        MOV     LR, PC                  /* set LR to return address */
+        BX      R4                      /* Call SVC Function */
+
+        LDMFD   SP!, {R11}              /* Load Task Stack Pointer */
+        BEQ     SVC_Exit                /* no need in return values */
+
+        STMIB   R11!, {R0-R3}           /* Store return values to Task stack */
+SVC_Done:
+        B       RestoreContext           /* return to the task */
+
+        .fnend
+        .size   SVC_Handler, .-SVC_Handler
+        
+
+/*-------------------------- IRQ_Handler ---------------------------------*/
+
+#       void IRQ_Handler (void);
+
+        .type   IRQ_Handler, %function
+        .global IRQ_Handler
+IRQ_Handler:
+        .fnstart
+        .cantunwind
+
+        SaveContext
+
+        MOV R0, #0xFFFFFF00
+        LDR R0, [R0]               /* Load address of raised IRQ handler*/
+
+        MOV LR, PC
+        BX  R0
+
+        MOV R0, #0xFFFFFF00
+        STR R0, [R0]              /* Clear interrupt */
+
+        B   RestoreContext
+
+        .fnend
+        .size   IRQ_Handler, .-IRQ_Handler
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+#       void SysTick_Handler (void);
+
+        .type   SysTick_Handler, %function
+        .global SysTick_Handler
+SysTick_Handler:
+        .fnstart
+        .cantunwind
+
+        PUSH    {LR}
+        BL      rt_systick
+        POP     {LR}
+        BX      LR               /* return to IRQ handler */
+
+/*-------------------------- End --------------------------------*/
+ .fnend
+        .size   SysTick_Handler, .-SysTick_Handler
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
+.end
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/ARM7/TOOLCHAIN_GCC/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.60
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used 
+; *    to endorse or promote products derived from this software without 
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+        .file   "SVC_Table.S"
+
+
+        .section ".svc_table"
+
+        .global  SVC_Table
+SVC_Table:
+/* Insert user SVC functions here. SVC 0 used by RTL Kernel. */
+#       .long   __SVC_1                 /* user SVC function */
+SVC_End:
+
+        .global  SVC_Count
+SVC_Count:
+        .long   (SVC_End-SVC_Table)/4
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/HAL_CM.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,161 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM.C
+ *      Purpose: Hardware Abstraction Layer for ARM7TDMI
+ *      Rev.:    V1.0
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+#ifdef DBG_MSG
+BIT dbg_msg;
+#endif
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_init_stack ---------------------------------*/
+
+void rt_init_stack (P_TCB p_TCB, FUNCP task_body) {
+  /* Prepare TCB and saved context for a first time start of a task. */
+  U32 *stk,i,size;
+
+  /* Prepare a complete interrupt frame for first task start */
+  size = p_TCB->priv_stack >> 2;
+
+  /* Write to the top of stack. */
+  stk = &p_TCB->stack[size];
+
+  /* Auto correct to 8-byte ARM stack alignment. */
+  if ((U32)stk & 0x04) {
+    stk--;
+  }
+
+  stk -= 16;
+
+  /* Default xPSR and initial PC */
+  stk[15] = (U32)task_body + 4; /* add 4 byte offset because SUB PC, LR - 4 */
+  stk[0] = INITIAL_xPSR;
+
+  /* Clear R0-R13/LR registers. */
+  for (i = 1; i < 14; i++) {
+    stk[i] = 0;
+  }
+
+  /* Assign a void pointer to R0. */
+  stk[TCB_STACK_R0_OFFSET_DWORDS] = (U32)p_TCB->msg;
+
+  /* Initial Task stack pointer. */
+  p_TCB->tsk_stack = (U32)stk;
+
+  /* Task entry point. */
+  p_TCB->ptask = task_body;
+
+  /* Set a magic word for checking of stack overflow.
+   For the main thread (ID: 0x01) the stack is in a memory area shared with the
+   heap, therefore the last word of the stack is a moving target.
+   We want to do stack/heap collision detection instead.
+  */
+  if (p_TCB->task_id != 0x01)
+      p_TCB->stack[0] = MAGIC_WORD;
+}
+
+
+/*--------------------------- rt_ret_val ----------------------------------*/
+
+static __inline U32 *rt_ret_regs (P_TCB p_TCB) {
+  /* Get pointer to task return value registers (R0..R3) in Stack */
+
+  /* Stack Frame: CPSR,R0-R13,PC */
+  return (U32 *)(p_TCB->tsk_stack + TCB_STACK_R0_OFFSET_BYTES);
+}
+
+void rt_ret_val (P_TCB p_TCB, U32 v0) {
+  U32 *ret;
+
+  ret = rt_ret_regs(p_TCB);
+  ret[0] = v0;
+}
+
+void rt_ret_val2(P_TCB p_TCB, U32 v0, U32 v1) {
+  U32 *ret;
+
+  ret = rt_ret_regs(p_TCB);
+  ret[0] = v0;
+  ret[1] = v1;
+}
+
+
+/*--------------------------- dbg_init --------------------------------------*/
+
+#ifdef DBG_MSG
+void dbg_init (void) {
+  if ((DEMCR & DEMCR_TRCENA)     &&
+      (ITM_CONTROL & ITM_ITMENA) &&
+      (ITM_ENABLE & (1UL << 31))) {
+    dbg_msg = __TRUE;
+  }
+}
+#endif
+
+/*--------------------------- dbg_task_notify -------------------------------*/
+
+#ifdef DBG_MSG
+void dbg_task_notify (P_TCB p_tcb, BOOL create) {
+  while (ITM_PORT31_U32 == 0);
+  ITM_PORT31_U32 = (U32)p_tcb->ptask;
+  while (ITM_PORT31_U32 == 0);
+  ITM_PORT31_U16 = (create << 8) | p_tcb->task_id;
+}
+#endif
+
+/*--------------------------- dbg_task_switch -------------------------------*/
+
+#ifdef DBG_MSG
+void dbg_task_switch (U32 task_id) {
+  while (ITM_PORT31_U32 == 0);
+  ITM_PORT31_U8 = task_id;
+}
+#endif
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/RTX_CM_lib.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,384 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_CM_LIB.H
+ *      Purpose: RTX Kernel System Configuration
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+#include "mbed_error.h"
+
+#if   defined (__CC_ARM)
+#pragma O3
+#define __USED __attribute__((used))
+#elif defined (__GNUC__)
+#pragma GCC optimize ("O3")
+#define __USED __attribute__((used))
+#elif defined (__ICCARM__)
+#define __USED __root
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Definitions
+ *---------------------------------------------------------------------------*/
+
+#define _declare_box(pool,size,cnt)  uint32_t pool[(((size)+3)/4)*(cnt) + 3]
+#define _declare_box8(pool,size,cnt) uint64_t pool[(((size)+7)/8)*(cnt) + 2]
+
+#define OS_TCB_SIZE     48
+#define OS_TMR_SIZE     8
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+
+typedef void    *OS_ID;
+typedef uint32_t OS_TID;
+typedef uint32_t OS_MUT[3];
+typedef uint32_t OS_RESULT;
+
+#define runtask_id()    rt_tsk_self()
+#define mutex_init(m)   rt_mut_init(m)
+#define mutex_wait(m)   os_mut_wait(m,0xFFFF)
+#define mutex_rel(m)    os_mut_release(m)
+
+extern OS_TID    rt_tsk_self    (void);
+extern void      rt_mut_init    (OS_ID mutex);
+extern OS_RESULT rt_mut_release (OS_ID mutex);
+extern OS_RESULT rt_mut_wait    (OS_ID mutex, uint16_t timeout);
+
+#define os_mut_wait(mutex,timeout) _os_mut_wait((uint32_t)rt_mut_wait,mutex,timeout)
+#define os_mut_release(mutex)      _os_mut_release((uint32_t)rt_mut_release,mutex)
+
+OS_RESULT _os_mut_release (uint32_t p, OS_ID mutex)                   __svc_indirect(0);
+OS_RESULT _os_mut_wait    (uint32_t p, OS_ID mutex, uint16_t timeout) __svc_indirect(0);
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+#if (OS_TIMERS != 0)
+#define OS_TASK_CNT (OS_TASKCNT + 1)
+#else
+#define OS_TASK_CNT  OS_TASKCNT
+#endif
+
+uint16_t const os_maxtaskrun = OS_TASK_CNT;
+uint32_t const os_rrobin     = (OS_ROBIN << 16) | OS_ROBINTOUT;
+uint32_t const os_trv        = OS_TRV;
+uint8_t  const os_flags      = OS_RUNPRIV;
+
+/* Export following defines to uVision debugger. */
+__USED uint32_t const os_clockrate = OS_TICK;
+__USED uint32_t const os_timernum  = 0;
+
+/* Stack for the os_idle_demon */
+unsigned int idle_task_stack[OS_IDLESTKSIZE];
+unsigned short const idle_task_stack_size = OS_IDLESTKSIZE;
+
+#ifndef OS_FIFOSZ
+ #define OS_FIFOSZ      16
+#endif
+
+/* Fifo Queue buffer for ISR requests.*/
+uint32_t       os_fifo[OS_FIFOSZ*2+1];
+uint8_t  const os_fifo_size = OS_FIFOSZ;
+
+/* An array of Active task pointers. */
+void *os_active_TCB[OS_TASK_CNT];
+
+/* User Timers Resources */
+#if (OS_TIMERS != 0)
+extern void osTimerThread (void const *argument);
+osThreadDef(osTimerThread, (osPriority)(OS_TIMERPRIO-3), 4*OS_TIMERSTKSZ);
+osThreadId osThreadId_osTimerThread;
+osMessageQDef(osTimerMessageQ, OS_TIMERCBQS, void *);
+osMessageQId osMessageQId_osTimerMessageQ;
+#else
+osThreadDef_t os_thread_def_osTimerThread = { NULL };
+osThreadId osThreadId_osTimerThread;
+osMessageQDef(osTimerMessageQ, 0, void *);
+osMessageQId osMessageQId_osTimerMessageQ;
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      RTX Optimizations (empty functions)
+ *---------------------------------------------------------------------------*/
+
+#if OS_ROBIN == 0
+ void rt_init_robin (void) {;}
+ void rt_chk_robin  (void) {;}
+#endif
+
+#if OS_STKCHECK == 0
+ void rt_stk_check  (void) {;}
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Standard Library multithreading interface
+ *---------------------------------------------------------------------------*/
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+ static OS_MUT   std_libmutex[OS_MUTEXCNT];
+ static uint32_t nr_mutex;
+
+ /*--------------------------- _mutex_initialize -----------------------------*/
+
+int _mutex_initialize (OS_ID *mutex) {
+  /* Allocate and initialize a system mutex. */
+
+  if (nr_mutex >= OS_MUTEXCNT) {
+    /* If you are here, you need to increase the number OS_MUTEXCNT. */
+    error("Not enough stdlib mutexes\n");
+  }
+  *mutex = &std_libmutex[nr_mutex++];
+  mutex_init (*mutex);
+  return (1);
+}
+
+
+/*--------------------------- _mutex_acquire --------------------------------*/
+
+__attribute__((used)) void _mutex_acquire (OS_ID *mutex) {
+  /* Acquire a system mutex, lock stdlib resources. */
+  if (runtask_id ()) {
+    /* RTX running, acquire a mutex. */
+    mutex_wait (*mutex);
+  }
+}
+
+
+/*--------------------------- _mutex_release --------------------------------*/
+
+__attribute__((used)) void _mutex_release (OS_ID *mutex) {
+  /* Release a system mutex, unlock stdlib resources. */
+  if (runtask_id ()) {
+    /* RTX running, release a mutex. */
+    mutex_rel (*mutex);
+  }
+}
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      RTX Startup
+ *---------------------------------------------------------------------------*/
+
+/* Main Thread definition */
+extern int main (void);
+osThreadDef_t os_thread_def_main = {(os_pthread)main, osPriorityNormal, 0, NULL};
+
+// This define should be probably moved to the CMSIS layer
+
+#if defined(TARGET_LPC2460)
+extern unsigned char     __usr_stack_top__[];
+#define INITIAL_SP            (__usr_stack_top__)
+
+#else
+#error "no target defined"
+
+#endif
+
+#ifdef __CC_ARM
+extern unsigned char     Image$$RW_IRAM1$$ZI$$Limit[];
+#define HEAP_START      (Image$$RW_IRAM1$$ZI$$Limit)
+#elif defined(__GNUC__)
+extern unsigned char     __end__[];
+#define HEAP_START      (__end__)
+#elif defined(__ICCARM__)
+#pragma section="HEAP"
+#define HEAP_START     (void *)__section_begin("HEAP")
+#endif
+
+void set_main_stack(void) {
+    // That is the bottom of the main stack block: no collision detection
+    os_thread_def_main.stack_pointer = HEAP_START;
+
+    // Leave OS_SCHEDULERSTKSIZE words for the scheduler and interrupts
+    os_thread_def_main.stacksize = (INITIAL_SP - (unsigned int)HEAP_START) - (OS_SCHEDULERSTKSIZE * 4);
+}
+
+#if defined (__CC_ARM)
+#ifdef __MICROLIB
+void _main_init (void) __attribute__((section(".ARM.Collect$$$$000000FF")));
+void _main_init (void) {
+  osKernelInitialize();
+  set_main_stack();
+  osThreadCreate(&os_thread_def_main, NULL);
+  osKernelStart();
+  for (;;);
+}
+#else
+
+/* The single memory model is checking for stack collision at run time, verifing
+   that the heap pointer is underneath the stack pointer.
+
+   With the RTOS there is not only one stack above the heap, there are multiple
+   stacks and some of them are underneath the heap pointer.
+*/
+#pragma import(__use_two_region_memory)
+
+__asm void __rt_entry (void) {
+
+  IMPORT  __user_setup_stackheap
+  IMPORT  __rt_lib_init
+  IMPORT  os_thread_def_main
+  IMPORT  osKernelInitialize
+  IMPORT  set_main_stack
+  IMPORT  osKernelStart
+  IMPORT  osThreadCreate
+  IMPORT  exit
+
+  BL      __user_setup_stackheap
+  MOV     R1,R2
+  BL      __rt_lib_init
+  BL      osKernelInitialize
+  BL      set_main_stack
+  LDR     R0,=os_thread_def_main
+  MOVS    R1,#0
+  BL      osThreadCreate
+  BL      osKernelStart
+  BL      exit
+
+  ALIGN
+}
+#endif
+
+#elif defined (__GNUC__)
+
+#ifdef __CS3__
+
+/* CS3 start_c routine.
+ *
+ * Copyright (c) 2006, 2007 CodeSourcery Inc
+ *
+ * The authors hereby grant permission to use, copy, modify, distribute,
+ * and license this software and its documentation for any purpose, provided
+ * that existing copyright notices are retained in all copies and that this
+ * notice is included verbatim in any distributions. No written agreement,
+ * license, or royalty fee is required for any of the authorized uses.
+ * Modifications to this software may be copyrighted by their authors
+ * and need not follow the licensing terms described here, provided that
+ * the new terms are clearly indicated on the first page of each file where
+ * they apply.
+ */
+
+#include "cs3.h"
+
+extern void __libc_init_array (void);
+
+__attribute ((noreturn)) void __cs3_start_c (void){
+  unsigned regions = __cs3_region_num;
+  const struct __cs3_region *rptr = __cs3_regions;
+
+  /* Initialize memory */
+  for (regions = __cs3_region_num, rptr = __cs3_regions; regions--; rptr++) {
+    long long *src = (long long *)rptr->init;
+    long long *dst = (long long *)rptr->data;
+    unsigned limit = rptr->init_size;
+    unsigned count;
+
+    if (src != dst)
+      for (count = 0; count != limit; count += sizeof (long long))
+        *dst++ = *src++;
+    else
+      dst = (long long *)((char *)dst + limit);
+    limit = rptr->zero_size;
+    for (count = 0; count != limit; count += sizeof (long long))
+      *dst++ = 0;
+  }
+
+  /* Run initializers.  */
+  __libc_init_array ();
+
+  osKernelInitialize();
+  set_main_stack();
+  osThreadCreate(&os_thread_def_main, NULL);
+  osKernelStart();
+  for (;;);
+}
+
+#else
+
+__attribute__((naked)) void software_init_hook (void) {
+  __asm (
+    ".syntax unified\n"
+    ".thumb\n"
+    "movs r0,#0\n"
+    "movs r1,#0\n"
+    "mov  r8,r0\n"
+    "mov  r9,r1\n"
+    "ldr  r0,= __libc_fini_array\n"
+    "bl   atexit\n"
+    "bl   __libc_init_array\n"
+    "mov  r0,r8\n"
+    "mov  r1,r9\n"
+    "bl   osKernelInitialize\n"
+    "bl   set_main_stack\n"
+    "ldr  r0,=os_thread_def_main\n"
+    "movs r1,#0\n"
+    "bl   osThreadCreate\n"
+    "bl   osKernelStart\n"
+    "bl   exit\n"
+  );
+}
+
+#endif
+
+#elif defined (__ICCARM__)
+
+extern int  __low_level_init(void);
+extern void __iar_data_init3(void);
+extern void exit(int arg);
+
+__noreturn __stackless void __cmain(void) {
+  int a;
+
+  if (__low_level_init() != 0) {
+    __iar_data_init3();
+  }
+  osKernelInitialize();
+  set_main_stack();
+  osThreadCreate(&os_thread_def_main, NULL);
+  a = osKernelStart();
+  exit(a);
+}
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/RTX_Conf.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,72 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_CONFIG.H
+ *      Purpose: Exported functions of RTX_Config.c
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+
+/* Error Codes */
+#define OS_ERR_STK_OVF          1
+#define OS_ERR_FIFO_OVF         2
+#define OS_ERR_MBX_OVF          3
+
+/* Definitions */
+#define BOX_ALIGN_8                   0x80000000
+#define _declare_box(pool,size,cnt)   U32 pool[(((size)+3)/4)*(cnt) + 3]
+#define _declare_box8(pool,size,cnt)  U64 pool[(((size)+7)/8)*(cnt) + 2]
+#define _init_box8(pool,size,bsize)   _init_box (pool,size,(bsize) | BOX_ALIGN_8)
+
+/* Variables */
+extern U32 idle_task_stack[];
+extern U32 os_fifo[];
+extern void *os_active_TCB[];
+
+/* Constants */
+extern U16 const os_maxtaskrun;
+extern U32 const os_trv;
+extern U8  const os_flags;
+extern U32 const os_rrobin;
+extern U32 const os_clockrate;
+extern U32 const os_timernum;
+extern U16 const idle_task_stack_size;
+
+extern U8  const os_fifo_size;
+
+/* Functions */
+extern void os_idle_demon   (void);
+extern int  os_tick_init    (void);
+extern void os_tick_irqack  (void);
+extern void os_tmr_call     (U16  info);
+extern void os_error        (U32 err_code);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/RTX_Conf_CM.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,246 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_Conf_CM.C
+ *      Purpose: Configuration of CMSIS RTX Kernel for ARM7TDMI
+ *      Rev.:    V1.0
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "cmsis_os.h"
+
+
+/*----------------------------------------------------------------------------
+ *      RTX User configuration part BEGIN
+ *---------------------------------------------------------------------------*/
+
+//-------- <<< Use Configuration Wizard in Context Menu >>> -----------------
+//
+// <h>Thread Configuration
+// =======================
+//
+//   <o>Number of concurrent running threads <0-250>
+//   <i> Defines max. number of threads that will run at the same time.
+//       counting "main", but not counting "osTimerThread"
+//   <i> Default: 6
+#ifndef OS_TASKCNT
+#  if  defined(TARGET_LPC2368) || defined(TARGET_LPC2460)
+#    define OS_TASKCNT         14
+#  else
+#    error "no target defined"
+#  endif
+#endif
+
+//   <o>Scheduler (+ interrupts) stack size [bytes] <64-4096:8><#/4>
+#ifndef OS_SCHEDULERSTKSIZE
+#  if  defined(TARGET_LPC2368)  ||  defined(TARGET_LPC2460)
+#      define OS_SCHEDULERSTKSIZE    (136*2)
+#  else
+#    error "no target defined"
+#  endif
+#endif
+
+//   <o>Idle stack size [bytes] <64-4096:8><#/4>
+//   <i> Defines default stack size for the Idle thread.
+#ifndef OS_IDLESTKSIZE
+ #define OS_IDLESTKSIZE         136
+#endif
+
+//   <o>Timer Thread stack size [bytes] <64-4096:8><#/4>
+//   <i> Defines stack size for Timer thread.
+//   <i> Default: 200
+#ifndef OS_TIMERSTKSZ
+ #define OS_TIMERSTKSZ  WORDS_STACK_SIZE
+#endif
+
+// <q>Check for stack overflow
+// <i> Includes the stack checking code for stack overflow.
+// <i> Note that additional code reduces the Kernel performance.
+#ifndef OS_STKCHECK
+ #define OS_STKCHECK    1
+#endif
+
+// <o>Processor mode for thread execution
+//   <0=> Unprivileged mode
+//   <1=> Privileged mode
+// <i> Default: Privileged mode
+#ifndef OS_RUNPRIV
+ #define OS_RUNPRIV     1
+#endif
+
+// </h>
+// <h>SysTick Timer Configuration
+// ==============================
+//
+//   <o>Timer clock value [Hz] <1-1000000000>
+//   <i> Defines the timer clock value.
+//   <i> Default: 6000000  (6MHz)
+#ifndef OS_CLOCK
+#  if defined(TARGET_LPC2368)
+#    define OS_CLOCK       96000000
+
+#  elif defined(TARGET_LPC2460)
+#    define OS_CLOCK       72000000
+
+#  else
+#    error "no target defined"
+#  endif
+#endif
+
+//   <o>Timer tick value [us] <1-1000000>
+//   <i> Defines the timer tick value.
+//   <i> Default: 1000  (1ms)
+#ifndef OS_TICK
+ #define OS_TICK        1000
+#endif
+
+// </h>
+
+// <h>System Configuration
+// =======================
+//
+// <e>Round-Robin Thread switching
+// ===============================
+//
+// <i> Enables Round-Robin Thread switching.
+#ifndef OS_ROBIN
+ #define OS_ROBIN       1
+#endif
+
+//   <o>Round-Robin Timeout [ticks] <1-1000>
+//   <i> Defines how long a thread will execute before a thread switch.
+//   <i> Default: 5
+#ifndef OS_ROBINTOUT
+ #define OS_ROBINTOUT   5
+#endif
+
+// </e>
+
+// <e>User Timers
+// ==============
+//   <i> Enables user Timers
+#ifndef OS_TIMERS
+ #define OS_TIMERS      1
+#endif
+
+//   <o>Timer Thread Priority
+//                        <1=> Low
+//                        <2=> Below Normal
+//                        <3=> Normal
+//                        <4=> Above Normal
+//                        <5=> High
+//                        <6=> Realtime (highest)
+//   <i> Defines priority for Timer Thread
+//   <i> Default: High
+#ifndef OS_TIMERPRIO
+ #define OS_TIMERPRIO   5
+#endif
+
+//   <o>Timer Callback Queue size <1-32>
+//   <i> Number of concurrent active timer callback functions.
+//   <i> Default: 4
+#ifndef OS_TIMERCBQSZ
+ #define OS_TIMERCBQS   4
+#endif
+
+// </e>
+
+//   <o>ISR FIFO Queue size<4=>   4 entries  <8=>   8 entries
+//                         <12=> 12 entries  <16=> 16 entries
+//                         <24=> 24 entries  <32=> 32 entries
+//                         <48=> 48 entries  <64=> 64 entries
+//                         <96=> 96 entries
+//   <i> ISR functions store requests to this buffer,
+//   <i> when they are called from the interrupt handler.
+//   <i> Default: 16 entries
+#ifndef OS_FIFOSZ
+ #define OS_FIFOSZ      16
+#endif
+
+// </h>
+
+//------------- <<< end of configuration section >>> -----------------------
+
+// Standard library system mutexes
+// ===============================
+//  Define max. number system mutexes that are used to protect
+//  the arm standard runtime library. For microlib they are not used.
+#ifndef OS_MUTEXCNT
+ #define OS_MUTEXCNT    12
+#endif
+
+/*----------------------------------------------------------------------------
+ *      RTX User configuration part END
+ *---------------------------------------------------------------------------*/
+
+#define OS_TRV          ((uint32_t)(((double)OS_CLOCK*(double)OS_TICK)/1E6)-1)
+
+
+/*----------------------------------------------------------------------------
+ *      OS Idle daemon
+ *---------------------------------------------------------------------------*/
+void os_idle_demon (void) {
+  /* The idle demon is a system thread, running when no other thread is      */
+  /* ready to run.                                                           */
+
+  /* Sleep: ideally, we should put the chip to sleep.
+     Unfortunately, this usually requires disconnecting the interface chip (debugger).
+     This can be done, but it would break the local file system.
+  */
+  for (;;) {
+      // sleep();
+  }
+}
+
+/*----------------------------------------------------------------------------
+ *      RTX Errors
+ *---------------------------------------------------------------------------*/
+extern void mbed_die(void);
+
+void os_error (uint32_t err_code) {
+    /* This function is called when a runtime error is detected. Parameter     */
+    /* 'err_code' holds the runtime error code (defined in RTX_Conf.h).      */
+    mbed_die();
+}
+
+void sysThreadError(osStatus status) {
+    if (status != osOK) {
+        mbed_die();
+    }
+}
+
+/*----------------------------------------------------------------------------
+ *      RTX Configuration Functions
+ *---------------------------------------------------------------------------*/
+
+#include "RTX_CM_lib.h"
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/cmsis_os.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,774 @@
+/* ----------------------------------------------------------------------
+ * Copyright (C) 2015 ARM Limited. All rights reserved.
+ *
+ * $Date:        5. June 2012
+ * $Revision:    V1.01
+ *
+ * Project:      CMSIS-RTOS API
+ * Title:        cmsis_os.h RTX header file
+ *
+ * Version 0.02
+ *    Initial Proposal Phase
+ * Version 0.03
+ *    osKernelStart added, optional feature: main started as thread
+ *    osSemaphores have standard behavior
+ *    osTimerCreate does not start the timer, added osTimerStart
+ *    osThreadPass is renamed to osThreadYield
+ * Version 1.01
+ *    Support for C++ interface
+ *     - const attribute removed from the osXxxxDef_t typedef's
+ *     - const attribute added to the osXxxxDef macros
+ *    Added: osTimerDelete, osMutexDelete, osSemaphoreDelete
+ *    Added: osKernelInitialize
+ * -------------------------------------------------------------------- */
+
+/**
+\page cmsis_os_h Header File Template: cmsis_os.h
+
+The file \b cmsis_os.h is a template header file for a CMSIS-RTOS compliant Real-Time Operating System (RTOS).
+Each RTOS that is compliant with CMSIS-RTOS shall provide a specific \b cmsis_os.h header file that represents
+its implementation.
+
+The file cmsis_os.h contains:
+ - CMSIS-RTOS API function definitions
+ - struct definitions for parameters and return types
+ - status and priority values used by CMSIS-RTOS API functions
+ - macros for defining threads and other kernel objects
+
+
+<b>Name conventions and header file modifications</b>
+
+All definitions are prefixed with \b os to give an unique name space for CMSIS-RTOS functions.
+Definitions that are prefixed \b os_ are not used in the application code but local to this header file.
+All definitions and functions that belong to a module are grouped and have a common prefix, i.e. \b osThread.
+
+Definitions that are marked with <b>CAN BE CHANGED</b> can be adapted towards the needs of the actual CMSIS-RTOS implementation.
+These definitions can be specific to the underlying RTOS kernel.
+
+Definitions that are marked with <b>MUST REMAIN UNCHANGED</b> cannot be altered. Otherwise the CMSIS-RTOS implementation is no longer
+compliant to the standard. Note that some functions are optional and need not to be provided by every CMSIS-RTOS implementation.
+
+
+<b>Function calls from interrupt service routines</b>
+
+The following CMSIS-RTOS functions can be called from threads and interrupt service routines (ISR):
+  - \ref osSignalSet
+  - \ref osSemaphoreRelease
+  - \ref osPoolAlloc, \ref osPoolCAlloc, \ref osPoolFree
+  - \ref osMessagePut, \ref osMessageGet
+  - \ref osMailAlloc, \ref osMailCAlloc, \ref osMailGet, \ref osMailPut, \ref osMailFree
+
+Functions that cannot be called from an ISR are verifying the interrupt status and return in case that they are called
+from an ISR context the status code \b osErrorISR. In some implementations this condition might be caught using the HARD FAULT vector.
+
+Some CMSIS-RTOS implementations support CMSIS-RTOS function calls from multiple ISR at the same time.
+If this is impossible, the CMSIS-RTOS rejects calls by nested ISR functions with the status code \b osErrorISRRecursive.
+
+
+<b>Define and reference object definitions</b>
+
+With <b>\#define osObjectsExternal</b> objects are defined as external symbols. This allows to create a consistent header file
+that is used throughout a project as shown below:
+
+<i>Header File</i>
+\code
+#include <cmsis_os.h>                                         // CMSIS RTOS header file
+
+// Thread definition
+extern void thread_sample (void const *argument);             // function prototype
+osThreadDef (thread_sample, osPriorityBelowNormal, 1, 100);
+
+// Pool definition
+osPoolDef(MyPool, 10, long);
+\endcode
+
+
+This header file defines all objects when included in a C/C++ source file. When <b>\#define osObjectsExternal</b> is
+present before the header file, the objects are defined as external symbols. A single consistent header file can therefore be
+used throughout the whole project.
+
+<i>Example</i>
+\code
+#include "osObjects.h"     // Definition of the CMSIS-RTOS objects
+\endcode
+
+\code
+#define osObjectExternal   // Objects will be defined as external symbols
+#include "osObjects.h"     // Reference to the CMSIS-RTOS objects
+\endcode
+
+*/
+
+#ifndef _CMSIS_OS_H
+#define _CMSIS_OS_H
+
+/// \note MUST REMAIN UNCHANGED: \b osCMSIS identifies the CMSIS-RTOS API version.
+#define osCMSIS           0x10001      ///< API version (main [31:16] .sub [15:0])
+
+/// \note CAN BE CHANGED: \b osCMSIS_KERNEL identifies the underlying RTOS kernel and version number.
+#define osCMSIS_RTX     ((4<<16)|61)   ///< RTOS identification and version (main [31:16] .sub [15:0])
+
+/// \note MUST REMAIN UNCHANGED: \b osKernelSystemId shall be consistent in every CMSIS-RTOS.
+#define osKernelSystemId "RTX V4.61"   ///< RTOS identification string
+
+
+#define CMSIS_OS_RTX
+
+// The stack space occupied is mainly dependent on the underling C standard library
+#if defined(TOOLCHAIN_GCC) || defined(TOOLCHAIN_ARM_STD) || defined(TOOLCHAIN_IAR)
+#    define WORDS_STACK_SIZE   512
+#elif defined(TOOLCHAIN_ARM_MICRO)
+#    define WORDS_STACK_SIZE   128
+#endif
+
+#define DEFAULT_STACK_SIZE         (WORDS_STACK_SIZE*4)
+
+
+/// \note MUST REMAIN UNCHANGED: \b osFeature_xxx shall be consistent in every CMSIS-RTOS.
+#define osFeature_MainThread   1       ///< main thread      1=main can be thread, 0=not available
+#define osFeature_Pool         1       ///< Memory Pools:    1=available, 0=not available
+#define osFeature_MailQ        1       ///< Mail Queues:     1=available, 0=not available
+#define osFeature_MessageQ     1       ///< Message Queues:  1=available, 0=not available
+#define osFeature_Signals      16      ///< maximum number of Signal Flags available per thread
+#define osFeature_Semaphore    65535   ///< maximum count for \ref osSemaphoreCreate function
+#define osFeature_Wait         0       ///< osWait function: 1=available, 0=not available
+
+#if defined (__CC_ARM)
+#define os_InRegs __value_in_regs      // Compiler specific: force struct in registers
+#elif defined (__ICCARM__)
+#define os_InRegs __value_in_regs      // Compiler specific: force struct in registers
+#else
+#define os_InRegs
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C"
+{
+#endif
+
+#include "os_tcb.h"
+
+// ==== Enumeration, structures, defines ====
+
+/// Priority used for thread control.
+/// \note MUST REMAIN UNCHANGED: \b osPriority shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osPriorityIdle          = -3,          ///< priority: idle (lowest)
+  osPriorityLow           = -2,          ///< priority: low
+  osPriorityBelowNormal   = -1,          ///< priority: below normal
+  osPriorityNormal        =  0,          ///< priority: normal (default)
+  osPriorityAboveNormal   = +1,          ///< priority: above normal
+  osPriorityHigh          = +2,          ///< priority: high
+  osPriorityRealtime      = +3,          ///< priority: realtime (highest)
+  osPriorityError         =  0x84        ///< system cannot determine priority or thread has illegal priority
+} osPriority;
+
+/// Timeout value.
+/// \note MUST REMAIN UNCHANGED: \b osWaitForever shall be consistent in every CMSIS-RTOS.
+#define osWaitForever     0xFFFFFFFF     ///< wait forever timeout value
+
+/// Status code values returned by CMSIS-RTOS functions.
+/// \note MUST REMAIN UNCHANGED: \b osStatus shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osOK                    =     0,       ///< function completed; no error or event occurred.
+  osEventSignal           =  0x08,       ///< function completed; signal event occurred.
+  osEventMessage          =  0x10,       ///< function completed; message event occurred.
+  osEventMail             =  0x20,       ///< function completed; mail event occurred.
+  osEventTimeout          =  0x40,       ///< function completed; timeout occurred.
+  osErrorParameter        =  0x80,       ///< parameter error: a mandatory parameter was missing or specified an incorrect object.
+  osErrorResource         =  0x81,       ///< resource not available: a specified resource was not available.
+  osErrorTimeoutResource  =  0xC1,       ///< resource not available within given time: a specified resource was not available within the timeout period.
+  osErrorISR              =  0x82,       ///< not allowed in ISR context: the function cannot be called from interrupt service routines.
+  osErrorISRRecursive     =  0x83,       ///< function called multiple times from ISR with same object.
+  osErrorPriority         =  0x84,       ///< system cannot determine priority or thread has illegal priority.
+  osErrorNoMemory         =  0x85,       ///< system is out of memory: it was impossible to allocate or reserve memory for the operation.
+  osErrorValue            =  0x86,       ///< value of a parameter is out of range.
+  osErrorOS               =  0xFF,       ///< unspecified RTOS error: run-time error but no other error message fits.
+  os_status_reserved      =  0x7FFFFFFF  ///< prevent from enum down-size compiler optimization.
+} osStatus;
+
+
+/// Timer type value for the timer definition.
+/// \note MUST REMAIN UNCHANGED: \b os_timer_type shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osTimerOnce             =     0,       ///< one-shot timer
+  osTimerPeriodic         =     1        ///< repeating timer
+} os_timer_type;
+
+/// Entry point of a thread.
+/// \note MUST REMAIN UNCHANGED: \b os_pthread shall be consistent in every CMSIS-RTOS.
+typedef void (*os_pthread) (void const *argument);
+
+/// Entry point of a timer call back function.
+/// \note MUST REMAIN UNCHANGED: \b os_ptimer shall be consistent in every CMSIS-RTOS.
+typedef void (*os_ptimer) (void const *argument);
+
+// >>> the following data type definitions may shall adapted towards a specific RTOS
+
+/// Thread ID identifies the thread (pointer to a thread control block).
+/// \note CAN BE CHANGED: \b os_thread_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_thread_cb *osThreadId;
+
+/// Timer ID identifies the timer (pointer to a timer control block).
+/// \note CAN BE CHANGED: \b os_timer_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_timer_cb *osTimerId;
+
+/// Mutex ID identifies the mutex (pointer to a mutex control block).
+/// \note CAN BE CHANGED: \b os_mutex_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_mutex_cb *osMutexId;
+
+/// Semaphore ID identifies the semaphore (pointer to a semaphore control block).
+/// \note CAN BE CHANGED: \b os_semaphore_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_semaphore_cb *osSemaphoreId;
+
+/// Pool ID identifies the memory pool (pointer to a memory pool control block).
+/// \note CAN BE CHANGED: \b os_pool_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_pool_cb *osPoolId;
+
+/// Message ID identifies the message queue (pointer to a message queue control block).
+/// \note CAN BE CHANGED: \b os_messageQ_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_messageQ_cb *osMessageQId;
+
+/// Mail ID identifies the mail queue (pointer to a mail queue control block).
+/// \note CAN BE CHANGED: \b os_mailQ_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_mailQ_cb *osMailQId;
+
+
+/// Thread Definition structure contains startup information of a thread.
+/// \note CAN BE CHANGED: \b os_thread_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_thread_def  {
+  os_pthread               pthread;      ///< start address of thread function
+  osPriority             tpriority;      ///< initial thread priority
+  uint32_t               stacksize;      ///< stack size requirements in bytes
+  uint32_t              *stack_pointer;  ///< pointer to the stack memory block
+  struct OS_TCB          tcb;
+} osThreadDef_t;
+
+/// Timer Definition structure contains timer parameters.
+/// \note CAN BE CHANGED: \b os_timer_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_timer_def  {
+  os_ptimer                 ptimer;    ///< start address of a timer function
+  void                      *timer;    ///< pointer to internal data
+} osTimerDef_t;
+
+/// Mutex Definition structure contains setup information for a mutex.
+/// \note CAN BE CHANGED: \b os_mutex_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_mutex_def  {
+  void                      *mutex;    ///< pointer to internal data
+} osMutexDef_t;
+
+/// Semaphore Definition structure contains setup information for a semaphore.
+/// \note CAN BE CHANGED: \b os_semaphore_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_semaphore_def  {
+  void                  *semaphore;    ///< pointer to internal data
+} osSemaphoreDef_t;
+
+/// Definition structure for memory block allocation.
+/// \note CAN BE CHANGED: \b os_pool_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_pool_def  {
+  uint32_t                 pool_sz;    ///< number of items (elements) in the pool
+  uint32_t                 item_sz;    ///< size of an item
+  void                       *pool;    ///< pointer to memory for pool
+} osPoolDef_t;
+
+/// Definition structure for message queue.
+/// \note CAN BE CHANGED: \b os_messageQ_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_messageQ_def  {
+  uint32_t                queue_sz;    ///< number of elements in the queue
+  void                       *pool;    ///< memory array for messages
+} osMessageQDef_t;
+
+/// Definition structure for mail queue.
+/// \note CAN BE CHANGED: \b os_mailQ_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_mailQ_def  {
+  uint32_t                queue_sz;    ///< number of elements in the queue
+  uint32_t                 item_sz;    ///< size of an item
+  void                       *pool;    ///< memory array for mail
+} osMailQDef_t;
+
+/// Event structure contains detailed information about an event.
+/// \note MUST REMAIN UNCHANGED: \b os_event shall be consistent in every CMSIS-RTOS.
+///       However the struct may be extended at the end.
+typedef struct  {
+  osStatus                 status;     ///< status code: event or error information
+  union  {
+    uint32_t                    v;     ///< message as 32-bit value
+    void                       *p;     ///< message or mail as void pointer
+    int32_t               signals;     ///< signal flags
+  } value;                             ///< event value
+  union  {
+    osMailQId             mail_id;     ///< mail id obtained by \ref osMailCreate
+    osMessageQId       message_id;     ///< message id obtained by \ref osMessageCreate
+  } def;                               ///< event definition
+} osEvent;
+
+
+//  ==== Kernel Control Functions ====
+
+/// Initialize the RTOS Kernel for creating objects.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osKernelInitialize shall be consistent in every CMSIS-RTOS.
+osStatus osKernelInitialize (void);
+
+/// Start the RTOS Kernel.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osKernelStart shall be consistent in every CMSIS-RTOS.
+osStatus osKernelStart (void);
+
+/// Check if the RTOS kernel is already started.
+/// \note MUST REMAIN UNCHANGED: \b osKernelRunning shall be consistent in every CMSIS-RTOS.
+/// \return 0 RTOS is not started, 1 RTOS is started.
+int32_t osKernelRunning(void);
+
+
+//  ==== Thread Management ====
+
+/// Create a Thread Definition with function, priority, and stack requirements.
+/// \param         name         name of the thread function.
+/// \param         priority     initial priority of the thread function.
+/// \param         stacksz      stack size (in bytes) requirements for the thread function.
+/// \note CAN BE CHANGED: The parameters to \b osThreadDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osThreadDef(name, priority, stacksz)  \
+extern osThreadDef_t os_thread_def_##name
+#else                            // define the object
+#define osThreadDef(name, priority, stacksz)  \
+uint32_t os_thread_def_stack_##name [stacksz / sizeof(uint32_t)]; \
+osThreadDef_t os_thread_def_##name = \
+{ (name), (priority), (stacksz), (os_thread_def_stack_##name)}
+#endif
+
+/// Access a Thread definition.
+/// \param         name          name of the thread definition object.
+/// \note CAN BE CHANGED: The parameter to \b osThread shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osThread(name)  \
+&os_thread_def_##name
+
+/// Create a thread and add it to Active Threads and set it to state READY.
+/// \param[in]     thread_def    thread definition referenced with \ref osThread.
+/// \param[in]     argument      pointer that is passed to the thread function as start argument.
+/// \return thread ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osThreadCreate shall be consistent in every CMSIS-RTOS.
+osThreadId osThreadCreate (osThreadDef_t *thread_def, void *argument);
+
+/// Return the thread ID of the current running thread.
+/// \return thread ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osThreadGetId shall be consistent in every CMSIS-RTOS.
+osThreadId osThreadGetId (void);
+
+/// Terminate execution of a thread and remove it from Active Threads.
+/// \param[in]     thread_id   thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadTerminate shall be consistent in every CMSIS-RTOS.
+osStatus osThreadTerminate (osThreadId thread_id);
+
+/// Pass control to next thread that is in state \b READY.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadYield shall be consistent in every CMSIS-RTOS.
+osStatus osThreadYield (void);
+
+/// Change priority of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     priority      new priority value for the thread function.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadSetPriority shall be consistent in every CMSIS-RTOS.
+osStatus osThreadSetPriority (osThreadId thread_id, osPriority priority);
+
+/// Get current priority of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \return current priority value of the thread function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadGetPriority shall be consistent in every CMSIS-RTOS.
+osPriority osThreadGetPriority (osThreadId thread_id);
+
+
+//  ==== Generic Wait Functions ====
+
+/// Wait for Timeout (Time Delay).
+/// \param[in]     millisec      time delay value
+/// \return status code that indicates the execution status of the function.
+osStatus osDelay (uint32_t millisec);
+
+#if (defined (osFeature_Wait)  &&  (osFeature_Wait != 0))     // Generic Wait available
+
+/// Wait for Signal, Message, Mail, or Timeout.
+/// \param[in] millisec          timeout value or 0 in case of no time-out
+/// \return event that contains signal, message, or mail information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osWait shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osWait (uint32_t millisec);
+
+#endif  // Generic Wait available
+
+
+//  ==== Timer Management Functions ====
+/// Define a Timer object.
+/// \param         name          name of the timer object.
+/// \param         function      name of the timer call back function.
+/// \note CAN BE CHANGED: The parameter to \b osTimerDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osTimerDef(name, function)  \
+extern osTimerDef_t os_timer_def_##name
+#else                            // define the object
+#define osTimerDef(name, function)  \
+uint32_t os_timer_cb_##name[5]; \
+osTimerDef_t os_timer_def_##name = \
+{ (function), (os_timer_cb_##name) }
+#endif
+
+/// Access a Timer definition.
+/// \param         name          name of the timer object.
+/// \note CAN BE CHANGED: The parameter to \b osTimer shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osTimer(name) \
+&os_timer_def_##name
+
+/// Create a timer.
+/// \param[in]     timer_def     timer object referenced with \ref osTimer.
+/// \param[in]     type          osTimerOnce for one-shot or osTimerPeriodic for periodic behavior.
+/// \param[in]     argument      argument to the timer call back function.
+/// \return timer ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osTimerCreate shall be consistent in every CMSIS-RTOS.
+osTimerId osTimerCreate (osTimerDef_t *timer_def, os_timer_type type, void *argument);
+
+/// Start or restart a timer.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \param[in]     millisec      time delay value of the timer.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerStart shall be consistent in every CMSIS-RTOS.
+osStatus osTimerStart (osTimerId timer_id, uint32_t millisec);
+
+/// Stop the timer.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerStop shall be consistent in every CMSIS-RTOS.
+osStatus osTimerStop (osTimerId timer_id);
+
+/// Delete a timer that was created by \ref osTimerCreate.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerDelete shall be consistent in every CMSIS-RTOS.
+osStatus osTimerDelete (osTimerId timer_id);
+
+
+//  ==== Signal Management ====
+
+/// Set the specified Signal Flags of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     signals       specifies the signal flags of the thread that should be set.
+/// \return previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSignalSet shall be consistent in every CMSIS-RTOS.
+int32_t osSignalSet (osThreadId thread_id, int32_t signals);
+
+/// Clear the specified Signal Flags of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     signals       specifies the signal flags of the thread that shall be cleared.
+/// \return previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSignalClear shall be consistent in every CMSIS-RTOS.
+int32_t osSignalClear (osThreadId thread_id, int32_t signals);
+
+/// Get Signal Flags status of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \return previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSignalGet shall be consistent in every CMSIS-RTOS.
+int32_t osSignalGet (osThreadId thread_id);
+
+/// Wait for one or more Signal Flags to become signaled for the current \b RUNNING thread.
+/// \param[in]     signals       wait until all specified signal flags set or 0 for any single signal flag.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return event flag information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osSignalWait shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osSignalWait (int32_t signals, uint32_t millisec);
+
+
+//  ==== Mutex Management ====
+
+/// Define a Mutex.
+/// \param         name          name of the mutex object.
+/// \note CAN BE CHANGED: The parameter to \b osMutexDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMutexDef(name)  \
+extern osMutexDef_t os_mutex_def_##name
+#else                            // define the object
+#define osMutexDef(name)  \
+uint32_t os_mutex_cb_##name[3]; \
+osMutexDef_t os_mutex_def_##name = { (os_mutex_cb_##name) }
+#endif
+
+/// Access a Mutex definition.
+/// \param         name          name of the mutex object.
+/// \note CAN BE CHANGED: The parameter to \b osMutex shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMutex(name)  \
+&os_mutex_def_##name
+
+/// Create and Initialize a Mutex object.
+/// \param[in]     mutex_def     mutex definition referenced with \ref osMutex.
+/// \return mutex ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMutexCreate shall be consistent in every CMSIS-RTOS.
+osMutexId osMutexCreate (osMutexDef_t *mutex_def);
+
+/// Wait until a Mutex becomes available.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexWait shall be consistent in every CMSIS-RTOS.
+osStatus osMutexWait (osMutexId mutex_id, uint32_t millisec);
+
+/// Release a Mutex that was obtained by \ref osMutexWait.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexRelease shall be consistent in every CMSIS-RTOS.
+osStatus osMutexRelease (osMutexId mutex_id);
+
+/// Delete a Mutex that was created by \ref osMutexCreate.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexDelete shall be consistent in every CMSIS-RTOS.
+osStatus osMutexDelete (osMutexId mutex_id);
+
+
+//  ==== Semaphore Management Functions ====
+
+#if (defined (osFeature_Semaphore)  &&  (osFeature_Semaphore != 0))     // Semaphore available
+
+/// Define a Semaphore object.
+/// \param         name          name of the semaphore object.
+/// \note CAN BE CHANGED: The parameter to \b osSemaphoreDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osSemaphoreDef(name)  \
+extern osSemaphoreDef_t os_semaphore_def_##name
+#else                            // define the object
+#define osSemaphoreDef(name)  \
+uint32_t os_semaphore_cb_##name[2]; \
+osSemaphoreDef_t os_semaphore_def_##name = { (os_semaphore_cb_##name) }
+#endif
+
+/// Access a Semaphore definition.
+/// \param         name          name of the semaphore object.
+/// \note CAN BE CHANGED: The parameter to \b osSemaphore shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osSemaphore(name)  \
+&os_semaphore_def_##name
+
+/// Create and Initialize a Semaphore object used for managing resources.
+/// \param[in]     semaphore_def semaphore definition referenced with \ref osSemaphore.
+/// \param[in]     count         number of available resources.
+/// \return semaphore ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreCreate shall be consistent in every CMSIS-RTOS.
+osSemaphoreId osSemaphoreCreate (osSemaphoreDef_t *semaphore_def, int32_t count);
+
+/// Wait until a Semaphore token becomes available.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return number of available tokens, or -1 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreWait shall be consistent in every CMSIS-RTOS.
+int32_t osSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec);
+
+/// Release a Semaphore token.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreRelease shall be consistent in every CMSIS-RTOS.
+osStatus osSemaphoreRelease (osSemaphoreId semaphore_id);
+
+/// Delete a Semaphore that was created by \ref osSemaphoreCreate.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreDelete shall be consistent in every CMSIS-RTOS.
+osStatus osSemaphoreDelete (osSemaphoreId semaphore_id);
+
+#endif     // Semaphore available
+
+
+//  ==== Memory Pool Management Functions ====
+
+#if (defined (osFeature_Pool)  &&  (osFeature_Pool != 0))  // Memory Pool Management available
+
+/// \brief Define a Memory Pool.
+/// \param         name          name of the memory pool.
+/// \param         no            maximum number of blocks (objects) in the memory pool.
+/// \param         type          data type of a single block (object).
+/// \note CAN BE CHANGED: The parameter to \b osPoolDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osPoolDef(name, no, type)   \
+extern osPoolDef_t os_pool_def_##name
+#else                            // define the object
+#define osPoolDef(name, no, type)   \
+uint32_t os_pool_m_##name[3+((sizeof(type)+3)/4)*(no)]; \
+osPoolDef_t os_pool_def_##name = \
+{ (no), sizeof(type), (os_pool_m_##name) }
+#endif
+
+/// \brief Access a Memory Pool definition.
+/// \param         name          name of the memory pool
+/// \note CAN BE CHANGED: The parameter to \b osPool shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osPool(name) \
+&os_pool_def_##name
+
+/// Create and Initialize a memory pool.
+/// \param[in]     pool_def      memory pool definition referenced with \ref osPool.
+/// \return memory pool ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osPoolCreate shall be consistent in every CMSIS-RTOS.
+osPoolId osPoolCreate (osPoolDef_t *pool_def);
+
+/// Allocate a memory block from a memory pool.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \return address of the allocated memory block or NULL in case of no memory available.
+/// \note MUST REMAIN UNCHANGED: \b osPoolAlloc shall be consistent in every CMSIS-RTOS.
+void *osPoolAlloc (osPoolId pool_id);
+
+/// Allocate a memory block from a memory pool and set memory block to zero.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \return address of the allocated memory block or NULL in case of no memory available.
+/// \note MUST REMAIN UNCHANGED: \b osPoolCAlloc shall be consistent in every CMSIS-RTOS.
+void *osPoolCAlloc (osPoolId pool_id);
+
+/// Return an allocated memory block back to a specific memory pool.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \param[in]     block         address of the allocated memory block that is returned to the memory pool.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osPoolFree shall be consistent in every CMSIS-RTOS.
+osStatus osPoolFree (osPoolId pool_id, void *block);
+
+#endif   // Memory Pool Management available
+
+
+//  ==== Message Queue Management Functions ====
+
+#if (defined (osFeature_MessageQ)  &&  (osFeature_MessageQ != 0))     // Message Queues available
+
+/// \brief Create a Message Queue Definition.
+/// \param         name          name of the queue.
+/// \param         queue_sz      maximum number of messages in the queue.
+/// \param         type          data type of a single message element (for debugger).
+/// \note CAN BE CHANGED: The parameter to \b osMessageQDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMessageQDef(name, queue_sz, type)   \
+extern osMessageQDef_t os_messageQ_def_##name
+#else                            // define the object
+#define osMessageQDef(name, queue_sz, type)   \
+uint32_t os_messageQ_q_##name[4+(queue_sz)]; \
+osMessageQDef_t os_messageQ_def_##name = \
+{ (queue_sz), (os_messageQ_q_##name) }
+#endif
+
+/// \brief Access a Message Queue Definition.
+/// \param         name          name of the queue
+/// \note CAN BE CHANGED: The parameter to \b osMessageQ shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMessageQ(name) \
+&os_messageQ_def_##name
+
+/// Create and Initialize a Message Queue.
+/// \param[in]     queue_def     queue definition referenced with \ref osMessageQ.
+/// \param[in]     thread_id     thread ID (obtained by \ref osThreadCreate or \ref osThreadGetId) or NULL.
+/// \return message queue ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMessageCreate shall be consistent in every CMSIS-RTOS.
+osMessageQId osMessageCreate (osMessageQDef_t *queue_def, osThreadId thread_id);
+
+/// Put a Message to a Queue.
+/// \param[in]     queue_id      message queue ID obtained with \ref osMessageCreate.
+/// \param[in]     info          message information.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMessagePut shall be consistent in every CMSIS-RTOS.
+osStatus osMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec);
+
+/// Get a Message or Wait for a Message from a Queue.
+/// \param[in]     queue_id      message queue ID obtained with \ref osMessageCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return event information that includes status code.
+/// \note MUST REMAIN UNCHANGED: \b osMessageGet shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osMessageGet (osMessageQId queue_id, uint32_t millisec);
+
+#endif     // Message Queues available
+
+
+//  ==== Mail Queue Management Functions ====
+
+#if (defined (osFeature_MailQ)  &&  (osFeature_MailQ != 0))     // Mail Queues available
+
+/// \brief Create a Mail Queue Definition.
+/// \param         name          name of the queue
+/// \param         queue_sz      maximum number of messages in queue
+/// \param         type          data type of a single message element
+/// \note CAN BE CHANGED: The parameter to \b osMailQDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMailQDef(name, queue_sz, type) \
+extern osMailQDef_t os_mailQ_def_##name
+#else                            // define the object
+#define osMailQDef(name, queue_sz, type) \
+uint32_t os_mailQ_q_##name[4+(queue_sz)]; \
+uint32_t os_mailQ_m_##name[3+((sizeof(type)+3)/4)*(queue_sz)]; \
+void *   os_mailQ_p_##name[2] = { (os_mailQ_q_##name), os_mailQ_m_##name }; \
+osMailQDef_t os_mailQ_def_##name =  \
+{ (queue_sz), sizeof(type), (os_mailQ_p_##name) }
+#endif
+
+/// \brief Access a Mail Queue Definition.
+/// \param         name          name of the queue
+/// \note CAN BE CHANGED: The parameter to \b osMailQ shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMailQ(name)  \
+&os_mailQ_def_##name
+
+/// Create and Initialize mail queue.
+/// \param[in]     queue_def     reference to the mail queue definition obtain with \ref osMailQ
+/// \param[in]     thread_id     thread ID (obtained by \ref osThreadCreate or \ref osThreadGetId) or NULL.
+/// \return mail queue ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailCreate shall be consistent in every CMSIS-RTOS.
+osMailQId osMailCreate (osMailQDef_t *queue_def, osThreadId thread_id);
+
+/// Allocate a memory block from a mail.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return pointer to memory block that can be filled with mail or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailAlloc shall be consistent in every CMSIS-RTOS.
+void *osMailAlloc (osMailQId queue_id, uint32_t millisec);
+
+/// Allocate a memory block from a mail and set memory block to zero.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return pointer to memory block that can be filled with mail or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailCAlloc shall be consistent in every CMSIS-RTOS.
+void *osMailCAlloc (osMailQId queue_id, uint32_t millisec);
+
+/// Put a mail to a queue.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     mail          memory block previously allocated with \ref osMailAlloc or \ref osMailCAlloc.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMailPut shall be consistent in every CMSIS-RTOS.
+osStatus osMailPut (osMailQId queue_id, void *mail);
+
+/// Get a mail from a queue.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return event that contains mail information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osMailGet shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osMailGet (osMailQId queue_id, uint32_t millisec);
+
+/// Free a memory block from a mail.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     mail          pointer to the memory block that was obtained with \ref osMailGet.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMailFree shall be consistent in every CMSIS-RTOS.
+osStatus osMailFree (osMailQId queue_id, void *mail);
+
+#endif  // Mail Queues available
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif  // _CMSIS_OS_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/os_tcb.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,55 @@
+#ifndef OS_TCB_H
+#define OS_TCB_H
+
+/* Types */
+typedef char               S8;
+typedef unsigned char      U8;
+typedef short              S16;
+typedef unsigned short     U16;
+typedef int                S32;
+typedef unsigned int       U32;
+typedef long long          S64;
+typedef unsigned long long U64;
+typedef unsigned char      BIT;
+typedef unsigned int       BOOL;
+typedef void               (*FUNCP)(void);
+#define TCB_STACK_LR_OFFSET_BYTES   (14*4) // prelast DWORD
+#define TCB_STACK_LR_OFFSET_DWORDS  (14)   // prelast DWORD
+#define TCB_STACK_R0_OFFSET_BYTES   (1*4)  // second DWORD
+#define TCB_STACK_R0_OFFSET_DWORDS  (1)    // second DWORD
+
+typedef struct OS_TCB {
+  /* General part: identical for all implementations.                        */
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     state;                   /* Task state                              */
+  U8     prio;                    /* Execution priority                      */
+  U8     task_id;                 /* Task ID value for optimized TCB access  */
+  struct OS_TCB *p_lnk;           /* Link pointer for ready/sem. wait list   */
+  struct OS_TCB *p_rlnk;          /* Link pointer for sem./mbx lst backwards */
+  struct OS_TCB *p_dlnk;          /* Link pointer for delay list             */
+  struct OS_TCB *p_blnk;          /* Link pointer for delay list backwards   */
+  U16    delta_time;              /* Time until time out                     */
+  U16    interval_time;           /* Time interval for periodic waits        */
+  U16    events;                  /* Event flags                             */
+  U16    waits;                   /* Wait flags                              */
+  void   **msg;                   /* Direct message passing when task waits  */
+
+  /* Hardware dependant part: specific for CM processor                      */
+  U8     stack_frame;             /* Stack frame: 0=Basic, 1=Extended        */
+  U8     reserved1;
+  U16    reserved2;
+  U32    priv_stack;              /* Private stack size in bytes             */
+  U32    tsk_stack;               /* Current task Stack pointer (R13)        */
+  U32    *stack;                  /* Pointer to Task Stack memory block      */
+
+  /* Library dependant part                                                   */
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+ /* A memory space for arm standard library. */
+  U32 std_libspace[96/4];
+#endif
+
+  /* Task entry point used for uVision debugger                              */
+  FUNCP  ptask;                   /* Task entry address                      */
+} *P_TCB;
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_CMSIS.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1853 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    rt_CMSIS.c
+ *      Purpose: CMSIS RTOS API
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#define __CMSIS_GENERIC
+
+#include "core_arm7.h"
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_Task.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Time.h"
+#include "rt_Mutex.h"
+#include "rt_Semaphore.h"
+#include "rt_Mailbox.h"
+#include "rt_MemBox.h"
+#include "rt_HAL_CM.h"
+
+#define os_thread_cb OS_TCB
+
+#include "cmsis_os.h"
+
+#if (osFeature_Signals != 16)
+#error Invalid "osFeature_Signals" value!
+#endif
+#if (osFeature_Semaphore > 65535)
+#error Invalid "osFeature_Semaphore" value!
+#endif
+#if (osFeature_Wait != 0)
+#error osWait not supported!
+#endif
+
+
+// ==== Enumeration, structures, defines ====
+
+// Service Calls defines
+
+#if defined (__CC_ARM)          /* ARM Compiler */
+
+#define __NO_RETURN __declspec(noreturn)
+
+#define osEvent_type       osEvent
+#define osEvent_ret_status ret
+#define osEvent_ret_value  ret
+#define osEvent_ret_msg    ret
+#define osEvent_ret_mail   ret
+
+#define osCallback_type    osCallback
+#define osCallback_ret     ret
+
+#define SVC_0_1(f,t,...)                                                       \
+__svc_indirect(0) t  _##f (t(*)());                                            \
+                  t     f (void);                                              \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (void) {                                             \
+  return _##f(f);                                                              \
+}
+
+#define SVC_1_1(f,t,t1,...)                                                    \
+__svc_indirect(0) t  _##f (t(*)(t1),t1);                                       \
+                  t     f (t1 a1);                                             \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1) {                                            \
+  return _##f(f,a1);                                                           \
+}
+
+#define SVC_2_1(f,t,t1,t2,...)                                                 \
+__svc_indirect(0) t  _##f (t(*)(t1,t2),t1,t2);                                 \
+                  t     f (t1 a1, t2 a2);                                      \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2) {                                     \
+  return _##f(f,a1,a2);                                                        \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,...)                                              \
+__svc_indirect(0) t  _##f (t(*)(t1,t2,t3),t1,t2,t3);                           \
+                  t     f (t1 a1, t2 a2, t3 a3);                               \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2, t3 a3) {                              \
+  return _##f(f,a1,a2,a3);                                                     \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,...)                                           \
+__svc_indirect(0) t  _##f (t(*)(t1,t2,t3,t4),t1,t2,t3,t4);                     \
+                  t     f (t1 a1, t2 a2, t3 a3, t4 a4);                        \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                       \
+  return _##f(f,a1,a2,a3,a4);                                                  \
+}
+
+#define SVC_1_2 SVC_1_1
+#define SVC_1_3 SVC_1_1
+#define SVC_2_3 SVC_2_1
+
+#elif defined (__GNUC__)        /* GNU Compiler */
+
+#define __NO_RETURN __attribute__((noreturn))
+
+typedef uint32_t __attribute__((vector_size(8)))  ret64;
+typedef uint32_t __attribute__((vector_size(16))) ret128;
+
+#define RET_pointer    __r0
+#define RET_int32_t    __r0
+#define RET_osStatus   __r0
+#define RET_osPriority __r0
+#define RET_osEvent    {(osStatus)__r0, {(uint32_t)__r1}, {(void *)__r2}}
+#define RET_osCallback {(void *)__r0, (void *)__r1}
+
+#define osEvent_type        ret128
+#define osEvent_ret_status (ret128){ret.status}
+#define osEvent_ret_value  (ret128){ret.status, ret.value.v}
+#define osEvent_ret_msg    (ret128){ret.status, ret.value.v, (uint32_t)ret.def.message_id}
+#define osEvent_ret_mail   (ret128){ret.status, ret.value.v, (uint32_t)ret.def.mail_id}
+
+#define osCallback_type     ret64
+#define osCallback_ret     (ret64) {(uint32_t)ret.fp, (uint32_t)ret.arg}
+
+#define SVC_ArgN(n) \
+  register int __r##n __asm("r"#n);
+
+#define SVC_ArgR(n,t,a) \
+  register t   __r##n __asm("r"#n) = a;
+
+#define SVC_Arg0()                                                             \
+  SVC_ArgN(0)                                                                  \
+  SVC_ArgN(1)                                                                  \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg1(t1)                                                           \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgN(1)                                                                  \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg2(t1,t2)                                                        \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg3(t1,t2,t3)                                                     \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgR(2,t3,a3)                                                            \
+  SVC_ArgN(3)
+
+#define SVC_Arg4(t1,t2,t3,t4)                                                  \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgR(2,t3,a3)                                                            \
+  SVC_ArgR(3,t4,a4)
+
+#if (defined (__CORTEX_M0)) || defined (__CORTEX_M0PLUS)
+#define SVC_Call(f)                                                            \
+  __asm volatile                                                                 \
+  (                                                                            \
+    "ldr r7,="#f"\n\t"                                                         \
+    "mov r12,r7\n\t"                                                           \
+    "svc 0"                                                                    \
+    :               "=r" (__r0), "=r" (__r1), "=r" (__r2), "=r" (__r3)         \
+    :                "r" (__r0),  "r" (__r1),  "r" (__r2),  "r" (__r3)         \
+    : "r7", "r12", "lr", "cc"                                                  \
+  );
+#else
+#define SVC_Call(f)                                                            \
+  __asm volatile                                                                 \
+  (                                                                            \
+    "ldr r12,="#f"\n\t"                                                        \
+    "svc 0"                                                                    \
+    :               "=r" (__r0), "=r" (__r1), "=r" (__r2), "=r" (__r3)         \
+    :                "r" (__r0),  "r" (__r1),  "r" (__r2),  "r" (__r3)         \
+    : "r12", "lr", "cc"                                                        \
+  );
+#endif
+
+#define SVC_0_1(f,t,rv)                                                        \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (void) {                                                \
+  SVC_Arg0();                                                                  \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_1_1(f,t,t1,rv)                                                     \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1) {                                               \
+  SVC_Arg1(t1);                                                                \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_2_1(f,t,t1,t2,rv)                                                  \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2) {                                        \
+  SVC_Arg2(t1,t2);                                                             \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,rv)                                               \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2, t3 a3) {                                 \
+  SVC_Arg3(t1,t2,t3);                                                          \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,rv)                                            \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                          \
+  SVC_Arg4(t1,t2,t3,t4);                                                       \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_1_2 SVC_1_1
+#define SVC_1_3 SVC_1_1
+#define SVC_2_3 SVC_2_1
+
+#elif defined (__ICCARM__)      /* IAR Compiler */
+
+#define __NO_RETURN __noreturn
+
+#define osEvent_type       osEvent
+#define osEvent_ret_status ret
+#define osEvent_ret_value  ret
+#define osEvent_ret_msg    ret
+#define osEvent_ret_mail   ret
+
+#define osCallback_type    osCallback
+#define osCallback_ret     ret
+
+#define RET_osEvent     osEvent
+#define RET_osCallback  osCallback
+
+#define SVC_Setup(f)                                                           \
+  __asm(                                                                       \
+    "mov r12,%0\n"                                                             \
+    :: "r"(&f): "r12"                                                          \
+  );
+
+
+#define SVC_0_1(f,t,...)                                                       \
+t f (void);                                                                    \
+_Pragma("swi_number=0") __swi t _##f (void);                                   \
+static inline t __##f (void) {                                                 \
+  SVC_Setup(f);                                                                \
+  return _##f();                                                               \
+}
+
+#define SVC_1_1(f,t,t1,...)                                                    \
+t f (t1 a1);                                                                   \
+_Pragma("swi_number=0") __swi t _##f (t1 a1);                                  \
+static inline t __##f (t1 a1) {                                                \
+  SVC_Setup(f);                                                                \
+  return _##f(a1);                                                             \
+}
+
+#define SVC_2_1(f,t,t1,t2,...)                                                 \
+t f (t1 a1, t2 a2);                                                            \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2);                           \
+static inline t __##f (t1 a1, t2 a2) {                                         \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2);                                                          \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,...)                                              \
+t f (t1 a1, t2 a2, t3 a3);                                                     \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2, t3 a3);                    \
+static inline t __##f (t1 a1, t2 a2, t3 a3) {                                  \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2,a3);                                                       \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,...)                                           \
+t f (t1 a1, t2 a2, t3 a3, t4 a4);                                              \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2, t3 a3, t4 a4);             \
+static inline t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                           \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2,a3,a4);                                                    \
+}
+
+#define SVC_1_2 SVC_1_1
+#define SVC_1_3 SVC_1_1
+#define SVC_2_3 SVC_2_1
+
+#endif
+
+
+// Callback structure
+typedef struct {
+  void *fp;             // Function pointer
+  void *arg;            // Function argument
+} osCallback;
+
+
+// OS Section definitions
+#ifdef OS_SECTIONS_LINK_INFO
+extern const uint32_t  os_section_id$$Base;
+extern const uint32_t  os_section_id$$Limit;
+#endif
+
+// OS Timers external resources
+extern osThreadDef_t   os_thread_def_osTimerThread;
+extern osThreadId      osThreadId_osTimerThread;
+extern osMessageQDef_t os_messageQ_def_osTimerMessageQ;
+extern osMessageQId    osMessageQId_osTimerMessageQ;
+
+
+// ==== Helper Functions ====
+
+/// Convert timeout in millisec to system ticks
+static uint32_t rt_ms2tick (uint32_t millisec) {
+  uint32_t tick;
+
+  if (millisec == osWaitForever) return 0xFFFF; // Indefinite timeout
+  if (millisec > 4000000) return 0xFFFE;        // Max ticks supported
+
+  tick = ((1000 * millisec) + os_clockrate - 1)  / os_clockrate;
+  if (tick > 0xFFFE) return 0xFFFE;
+
+  return tick;
+}
+
+/// Convert Thread ID to TCB pointer
+static P_TCB rt_tid2ptcb (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  if (thread_id == NULL) return NULL;
+
+  if ((uint32_t)thread_id & 3) return NULL;
+
+#ifdef OS_SECTIONS_LINK_INFO
+  if ((os_section_id$$Base != 0) && (os_section_id$$Limit != 0)) {
+    if (thread_id  < (osThreadId)os_section_id$$Base)  return NULL;
+    if (thread_id >= (osThreadId)os_section_id$$Limit) return NULL;
+  }
+#endif
+
+  ptcb = thread_id;
+
+  if (ptcb->cb_type != TCB) return NULL;
+
+  return ptcb;
+}
+
+/// Convert ID pointer to Object pointer
+static void *rt_id2obj (void *id) {
+
+  if ((uint32_t)id & 3) return NULL;
+
+#ifdef OS_SECTIONS_LINK_INFO
+  if ((os_section_id$$Base != 0) && (os_section_id$$Limit != 0)) {
+    if (id  < (void *)os_section_id$$Base)  return NULL;
+    if (id >= (void *)os_section_id$$Limit) return NULL;
+  }
+#endif
+
+  return id;
+}
+
+
+// ==== Kernel Control ====
+
+uint8_t os_initialized;                         // Kernel Initialized flag
+uint8_t os_running;                             // Kernel Running flag
+
+// Kernel Control Service Calls declarations
+SVC_0_1(svcKernelInitialize, osStatus, RET_osStatus)
+SVC_0_1(svcKernelStart,      osStatus, RET_osStatus)
+SVC_0_1(svcKernelRunning,    int32_t,  RET_int32_t)
+
+extern void  sysThreadError   (osStatus status);
+osThreadId   svcThreadCreate  (osThreadDef_t *thread_def, void *argument);
+osMessageQId svcMessageCreate (osMessageQDef_t *queue_def, osThreadId thread_id);
+
+// Kernel Control Service Calls
+
+/// Initialize the RTOS Kernel for creating objects
+osStatus svcKernelInitialize (void) {
+  if (os_initialized) return osOK;
+
+  rt_sys_init();                                // RTX System Initialization
+  os_tsk.run->prio = 255;                       // Highest priority
+
+  sysThreadError(osOK);
+
+  os_initialized = 1;
+
+  return osOK;
+}
+
+/// Start the RTOS Kernel
+osStatus svcKernelStart (void) {
+
+  if (os_running) return osOK;
+
+  // Create OS Timers resources (Message Queue & Thread)
+  osMessageQId_osTimerMessageQ = svcMessageCreate (&os_messageQ_def_osTimerMessageQ, NULL);
+  osThreadId_osTimerThread = svcThreadCreate(&os_thread_def_osTimerThread, NULL);
+
+  rt_tsk_prio(0, 0);                            // Lowest priority
+//  __set_SP(os_tsk.run->tsk_stack + 8*4);       // New context
+  os_tsk.run = NULL;                            // Force context switch
+
+  rt_sys_start();
+
+  os_running = 1;
+
+  return osOK;
+}
+
+/// Check if the RTOS kernel is already started
+int32_t svcKernelRunning(void) {
+  return os_running;
+}
+
+// Kernel Control Public API
+
+/// Initialize the RTOS Kernel for creating objects
+osStatus osKernelInitialize (void) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  if (__get_CONTROL() == MODE_SUPERVISOR)  {              // Privileged mode
+    return   svcKernelInitialize();
+  } else {
+    return __svcKernelInitialize();
+  }
+}
+
+/// Start the RTOS Kernel
+osStatus osKernelStart (void) {
+
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  switch (__get_CONTROL()) {
+    case MODE_SUPERVISOR:                      // Privileged mode
+      break;
+    case MODE_USER:
+    case MODE_SYSTEM:                           // Unprivileged mode
+      return osErrorOS;
+    default:                                   // Other invalid modes
+      return osErrorOS;
+      break;
+  }
+  return svcKernelStart();
+}
+
+/// Check if the RTOS kernel is already started
+int32_t osKernelRunning(void) {
+  if ((__get_CONTROL() == MODE_IRQ) || (__get_CONTROL() == MODE_SUPERVISOR)) {
+    // in ISR or Privileged
+    return os_running;
+  } else {
+    return __svcKernelRunning();
+  }
+}
+
+
+// ==== Thread Management ====
+
+__NO_RETURN void osThreadExit (void);
+
+// Thread Service Calls declarations
+SVC_2_1(svcThreadCreate,      osThreadId, osThreadDef_t *, void *,     RET_pointer)
+SVC_0_1(svcThreadGetId,       osThreadId,                              RET_pointer)
+SVC_1_1(svcThreadTerminate,   osStatus,   osThreadId,                  RET_osStatus)
+SVC_0_1(svcThreadYield,       osStatus,                                RET_osStatus)
+SVC_2_1(svcThreadSetPriority, osStatus,   osThreadId,      osPriority, RET_osStatus)
+SVC_1_1(svcThreadGetPriority, osPriority, osThreadId,                  RET_osPriority)
+
+// Thread Service Calls
+extern OS_TID rt_get_TID (void);
+extern void   rt_init_context (P_TCB p_TCB, U8 priority, FUNCP task_body);
+
+/// Create a thread and add it to Active Threads and set it to state READY
+osThreadId svcThreadCreate (osThreadDef_t *thread_def, void *argument) {
+  P_TCB  ptcb;
+
+  if ((thread_def == NULL) ||
+      (thread_def->pthread == NULL) ||
+      (thread_def->tpriority < osPriorityIdle) ||
+      (thread_def->tpriority > osPriorityRealtime) ||
+      (thread_def->stacksize == 0) ||
+      (thread_def->stack_pointer == NULL) ) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  U8 priority = thread_def->tpriority - osPriorityIdle + 1;
+  P_TCB task_context = &thread_def->tcb;
+
+  /* Utilize the user provided stack. */
+  task_context->stack      = (U32*)thread_def->stack_pointer;
+  task_context->priv_stack = thread_def->stacksize;
+  /* Find a free entry in 'os_active_TCB' table. */
+  OS_TID tsk = rt_get_TID ();
+  os_active_TCB[tsk-1] = task_context;
+  task_context->task_id = tsk;
+  /* Pass parameter 'argv' to 'rt_init_context' */
+  task_context->msg = argument;
+  /* For 'size == 0' system allocates the user stack from the memory pool. */
+  rt_init_context (task_context, priority, (FUNCP)thread_def->pthread);
+
+  /* Dispatch this task to the scheduler for execution. */
+  DBG_TASK_NOTIFY(task_context, __TRUE);
+  rt_dispatch (task_context);
+
+  ptcb = (P_TCB)os_active_TCB[tsk - 1];         // TCB pointer
+
+  *((uint32_t *)ptcb->tsk_stack + TCB_STACK_LR_OFFSET_DWORDS) = (uint32_t)osThreadExit; /* LR = osThreadExit */
+
+  return ptcb;
+}
+
+/// Return the thread ID of the current running thread
+osThreadId svcThreadGetId (void) {
+  OS_TID tsk;
+
+  tsk = rt_tsk_self();
+  if (tsk == 0) return NULL;
+  return (P_TCB)os_active_TCB[tsk - 1];
+}
+
+/// Terminate execution of a thread and remove it from ActiveThreads
+osStatus svcThreadTerminate (osThreadId thread_id) {
+  OS_RESULT res;
+  P_TCB     ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osErrorParameter;
+
+  res = rt_tsk_delete(ptcb->task_id);           // Delete task
+
+  if (res == OS_R_NOK) return osErrorResource;  // Delete task failed
+
+  return osOK;
+}
+
+/// Pass control to next thread that is in state READY
+osStatus svcThreadYield (void) {
+  rt_tsk_pass();                                // Pass control to next task
+  return osOK;
+}
+
+/// Change priority of an active thread
+osStatus svcThreadSetPriority (osThreadId thread_id, osPriority priority) {
+  OS_RESULT res;
+  P_TCB     ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osErrorParameter;
+
+  if ((priority < osPriorityIdle) || (priority > osPriorityRealtime)) {
+    return osErrorValue;
+  }
+
+  res = rt_tsk_prio(                            // Change task priority
+    ptcb->task_id,                              // Task ID
+    priority - osPriorityIdle + 1               // New task priority
+  );
+
+  if (res == OS_R_NOK) return osErrorResource;  // Change task priority failed
+
+  return osOK;
+}
+
+/// Get current priority of an active thread
+osPriority svcThreadGetPriority (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osPriorityError;
+
+  return (osPriority)(ptcb->prio - 1 + osPriorityIdle);
+}
+
+
+// Thread Public API
+
+/// Create a thread and add it to Active Threads and set it to state READY
+osThreadId osThreadCreate (osThreadDef_t *thread_def, void *argument) {
+  if (__get_CONTROL() == MODE_IRQ) return NULL;           // Not allowed in ISR
+  if ((__get_CONTROL() == MODE_SUPERVISOR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcThreadCreate(thread_def, argument);
+  } else {
+    return __svcThreadCreate(thread_def, argument);
+  }
+}
+
+/// Return the thread ID of the current running thread
+osThreadId osThreadGetId (void) {
+  if (__get_CONTROL() == MODE_IRQ) return NULL;           // Not allowed in ISR
+  return __svcThreadGetId();
+}
+
+/// Terminate execution of a thread and remove it from ActiveThreads
+osStatus osThreadTerminate (osThreadId thread_id) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadTerminate(thread_id);
+}
+
+/// Pass control to next thread that is in state READY
+osStatus osThreadYield (void) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadYield();
+}
+
+/// Change priority of an active thread
+osStatus osThreadSetPriority (osThreadId thread_id, osPriority priority) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadSetPriority(thread_id, priority);
+}
+
+/// Get current priority of an active thread
+osPriority osThreadGetPriority (osThreadId thread_id) {
+  if (__get_CONTROL() == MODE_IRQ) return osPriorityError;// Not allowed in ISR
+  return __svcThreadGetPriority(thread_id);
+}
+
+/// INTERNAL - Not Public
+/// Auto Terminate Thread on exit (used implicitly when thread exists)
+__NO_RETURN void osThreadExit (void) {
+  __svcThreadTerminate(__svcThreadGetId());
+  for (;;);                                     // Should never come here
+}
+
+
+// ==== Generic Wait Functions ====
+
+// Generic Wait Service Calls declarations
+SVC_1_1(svcDelay,           osStatus, uint32_t, RET_osStatus)
+#if osFeature_Wait != 0
+SVC_1_3(svcWait,  os_InRegs osEvent,  uint32_t, RET_osEvent)
+#endif
+
+// Generic Wait Service Calls
+
+/// Wait for Timeout (Time Delay)
+osStatus svcDelay (uint32_t millisec) {
+  if (millisec == 0) return osOK;
+  rt_dly_wait(rt_ms2tick(millisec));
+  return osEventTimeout;
+}
+
+/// Wait for Signal, Message, Mail, or Timeout
+#if osFeature_Wait != 0
+os_InRegs osEvent_type svcWait (uint32_t millisec) {
+  osEvent ret;
+
+  if (millisec == 0) {
+    ret.status = osOK;
+    return osEvent_ret_status;
+  }
+
+  /* To Do: osEventSignal, osEventMessage, osEventMail */
+  rt_dly_wait(rt_ms2tick(millisec));
+  ret.status = osEventTimeout;
+
+  return osEvent_ret_status;
+}
+#endif
+
+
+// Generic Wait API
+
+/// Wait for Timeout (Time Delay)
+osStatus osDelay (uint32_t millisec) {
+  if (__get_CONTROL() == MODE_IRQ)  return osErrorISR;     // Not allowed in ISR
+  return __svcDelay(millisec);
+}
+
+/// Wait for Signal, Message, Mail, or Timeout
+os_InRegs osEvent osWait (uint32_t millisec) {
+  osEvent ret;
+
+#if osFeature_Wait == 0
+  ret.status = osErrorOS;
+  return ret;
+#else
+  if (__get_CONTROL() == MODE_IRQ) {                      // Not allowed in ISR
+    ret.status = osErrorISR;
+    return ret;
+  }
+  return __svcWait(millisec);
+#endif
+}
+
+
+// ==== Timer Management ====
+
+// Timer definitions
+#define osTimerInvalid  0
+#define osTimerStopped  1
+#define osTimerRunning  2
+
+// Timer structures
+
+typedef struct os_timer_cb_ {                   // Timer Control Block
+  struct os_timer_cb_ *next;                    // Pointer to next active Timer
+  uint8_t             state;                    // Timer State
+  uint8_t              type;                    // Timer Type (Periodic/One-shot)
+  uint16_t         reserved;                    // Reserved
+  uint16_t             tcnt;                    // Timer Delay Count
+  uint16_t             icnt;                    // Timer Initial Count
+  void                 *arg;                    // Timer Function Argument
+  osTimerDef_t       *timer;                    // Pointer to Timer definition
+} os_timer_cb;
+
+// Timer variables
+os_timer_cb *os_timer_head;                     // Pointer to first active Timer
+
+
+// Timer Helper Functions
+
+// Insert Timer into the list sorted by time
+static void rt_timer_insert (os_timer_cb *pt, uint32_t tcnt) {
+  os_timer_cb *p, *prev;
+
+  prev = NULL;
+  p = os_timer_head;
+  while (p != NULL) {
+    if (tcnt < p->tcnt) break;
+    tcnt -= p->tcnt;
+    prev = p;
+    p = p->next;
+  }
+  pt->next = p;
+  pt->tcnt = (uint16_t)tcnt;
+  if (p != NULL) {
+    p->tcnt -= pt->tcnt;
+  }
+  if (prev != NULL) {
+    prev->next = pt;
+  } else {
+    os_timer_head = pt;
+  }
+}
+
+// Remove Timer from the list
+static int rt_timer_remove (os_timer_cb *pt) {
+  os_timer_cb *p, *prev;
+
+  prev = NULL;
+  p = os_timer_head;
+  while (p != NULL) {
+    if (p == pt) break;
+    prev = p;
+    p = p->next;
+  }
+  if (p == NULL) return -1;
+  if (prev != NULL) {
+    prev->next = pt->next;
+  } else {
+    os_timer_head = pt->next;
+  }
+  if (pt->next != NULL) {
+    pt->next->tcnt += pt->tcnt;
+  }
+
+  return 0;
+}
+
+
+// Timer Service Calls declarations
+SVC_3_1(svcTimerCreate,           osTimerId,  osTimerDef_t *, os_timer_type, void *, RET_pointer)
+SVC_2_1(svcTimerStart,            osStatus,   osTimerId,      uint32_t,              RET_osStatus)
+SVC_1_1(svcTimerStop,             osStatus,   osTimerId,                             RET_osStatus)
+SVC_1_1(svcTimerDelete,           osStatus,   osTimerId,                             RET_osStatus)
+SVC_1_2(svcTimerCall,   os_InRegs osCallback, osTimerId,                             RET_osCallback)
+
+// Timer Management Service Calls
+
+/// Create timer
+osTimerId svcTimerCreate (osTimerDef_t *timer_def, os_timer_type type, void *argument) {
+  os_timer_cb *pt;
+
+  if ((timer_def == NULL) || (timer_def->ptimer == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  pt = timer_def->timer;
+  if (pt == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if ((type != osTimerOnce) && (type != osTimerPeriodic)) {
+    sysThreadError(osErrorValue);
+    return NULL;
+  }
+
+  if (osThreadId_osTimerThread == NULL) {
+    sysThreadError(osErrorResource);
+    return NULL;
+  }
+
+  if (pt->state != osTimerInvalid){
+    sysThreadError(osErrorResource);
+    return NULL;
+  }
+
+  pt->state = osTimerStopped;
+  pt->type  =  (uint8_t)type;
+  pt->arg   = argument;
+  pt->timer = timer_def;
+
+  return (osTimerId)pt;
+}
+
+/// Start or restart timer
+osStatus svcTimerStart (osTimerId timer_id, uint32_t millisec) {
+  os_timer_cb *pt;
+  uint32_t     tcnt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  tcnt = rt_ms2tick(millisec);
+  if (tcnt == 0) return osErrorValue;
+
+  switch (pt->state) {
+    case osTimerRunning:
+      if (rt_timer_remove(pt) != 0) {
+        return osErrorResource;
+      }
+      break;
+    case osTimerStopped:
+      pt->state = osTimerRunning;
+      pt->icnt  = (uint16_t)tcnt;
+      break;
+    default:
+      return osErrorResource;
+  }
+
+  rt_timer_insert(pt, tcnt);
+
+  return osOK;
+}
+
+/// Stop timer
+osStatus svcTimerStop (osTimerId timer_id) {
+  os_timer_cb *pt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  if (pt->state != osTimerRunning) return osErrorResource;
+
+  pt->state = osTimerStopped;
+
+  if (rt_timer_remove(pt) != 0) {
+    return osErrorResource;
+  }
+
+  return osOK;
+}
+
+/// Delete timer
+osStatus svcTimerDelete (osTimerId timer_id) {
+  os_timer_cb *pt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  switch (pt->state) {
+    case osTimerRunning:
+      rt_timer_remove(pt);
+      break;
+    case osTimerStopped:
+      break;
+    default:
+      return osErrorResource;
+  }
+
+  pt->state = osTimerInvalid;
+
+  return osOK;
+}
+
+/// Get timer callback parameters
+os_InRegs osCallback_type svcTimerCall (osTimerId timer_id) {
+  os_timer_cb *pt;
+  osCallback   ret;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) {
+    ret.fp  = NULL;
+    ret.arg = NULL;
+    return osCallback_ret;
+  }
+
+  ret.fp  = (void *)pt->timer->ptimer;
+  ret.arg = pt->arg;
+
+  return osCallback_ret;
+}
+
+static __INLINE osStatus isrMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec);
+
+/// Timer Tick (called each SysTick)
+void sysTimerTick (void) {
+  os_timer_cb *pt, *p;
+
+  p = os_timer_head;
+  if (p == NULL) return;
+
+  p->tcnt--;
+  while ((p != NULL) && (p->tcnt == 0)) {
+    pt = p;
+    p = p->next;
+    os_timer_head = p;
+    isrMessagePut(osMessageQId_osTimerMessageQ, (uint32_t)pt, 0);
+    if (pt->type == osTimerPeriodic) {
+      rt_timer_insert(pt, pt->icnt);
+    } else {
+      pt->state = osTimerStopped;
+    }
+  }
+}
+
+
+// Timer Management Public API
+
+/// Create timer
+osTimerId osTimerCreate (osTimerDef_t *timer_def, os_timer_type type, void *argument) {
+  if (__get_CONTROL() == MODE_IRQ) return NULL;           // Not allowed in ISR
+  if ((__get_CONTROL() == MODE_SUPERVISOR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcTimerCreate(timer_def, type, argument);
+  } else {
+    return __svcTimerCreate(timer_def, type, argument);
+  }
+}
+
+/// Start or restart timer
+osStatus osTimerStart (osTimerId timer_id, uint32_t millisec) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerStart(timer_id, millisec);
+}
+
+/// Stop timer
+osStatus osTimerStop (osTimerId timer_id) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerStop(timer_id);
+}
+
+/// Delete timer
+osStatus osTimerDelete (osTimerId timer_id) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerDelete(timer_id);
+}
+
+/// INTERNAL - Not Public
+/// Get timer callback parameters (used by OS Timer Thread)
+os_InRegs osCallback osTimerCall (osTimerId timer_id) {
+  return __svcTimerCall(timer_id);
+}
+
+
+// Timer Thread
+__NO_RETURN void osTimerThread (void const *argument) {
+  osCallback cb;
+  osEvent    evt;
+
+  for (;;) {
+    evt = osMessageGet(osMessageQId_osTimerMessageQ, osWaitForever);
+    if (evt.status == osEventMessage) {
+      cb = osTimerCall(evt.value.p);
+      if (cb.fp != NULL) {
+        (*(os_ptimer)cb.fp)(cb.arg);
+      }
+    }
+  }
+}
+
+
+// ==== Signal Management ====
+
+// Signal Service Calls declarations
+SVC_2_1(svcSignalSet,             int32_t, osThreadId, int32_t,  RET_int32_t)
+SVC_2_1(svcSignalClear,           int32_t, osThreadId, int32_t,  RET_int32_t)
+SVC_1_1(svcSignalGet,             int32_t, osThreadId,           RET_int32_t)
+SVC_2_3(svcSignalWait,  os_InRegs osEvent, int32_t,    uint32_t, RET_osEvent)
+
+// Signal Service Calls
+
+/// Set the specified Signal Flags of an active thread
+int32_t svcSignalSet (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  rt_evt_set(signals, ptcb->task_id);           // Set event flags
+
+  return sig;
+}
+
+/// Clear the specified Signal Flags of an active thread
+int32_t svcSignalClear (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  rt_evt_clr(signals, ptcb->task_id);           // Clear event flags
+
+  return sig;
+}
+
+/// Get Signal Flags status of an active thread
+int32_t svcSignalGet (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  return ptcb->events;                          // Return event flags
+}
+
+/// Wait for one or more Signal Flags to become signaled for the current RUNNING thread
+os_InRegs osEvent_type svcSignalWait (int32_t signals, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) {
+    ret.status = osErrorValue;
+    return osEvent_ret_status;
+  }
+
+  if (signals != 0) {                           // Wait for all specified signals
+    res = rt_evt_wait(signals, rt_ms2tick(millisec), __TRUE);
+  } else {                                      // Wait for any signal
+    res = rt_evt_wait(0xFFFF,  rt_ms2tick(millisec), __FALSE);
+  }
+
+  if (res == OS_R_EVT) {
+    ret.status = osEventSignal;
+    ret.value.signals = signals ? signals : os_tsk.run->waits;
+  } else {
+    ret.status = millisec ? osEventTimeout : osOK;
+    ret.value.signals = 0;
+  }
+
+  return osEvent_ret_value;
+}
+
+
+// Signal ISR Calls
+
+/// Set the specified Signal Flags of an active thread
+static __INLINE int32_t isrSignalSet (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  isr_evt_set(signals, ptcb->task_id);          // Set event flags
+
+  return sig;
+}
+
+
+// Signal Public API
+
+/// Set the specified Signal Flags of an active thread
+int32_t osSignalSet (osThreadId thread_id, int32_t signals) {
+  if (__get_CONTROL() == MODE_IRQ) {                      // in ISR
+    return   isrSignalSet(thread_id, signals);
+  } else {                                      // in Thread
+    return __svcSignalSet(thread_id, signals);
+  }
+}
+
+/// Clear the specified Signal Flags of an active thread
+int32_t osSignalClear (osThreadId thread_id, int32_t signals) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcSignalClear(thread_id, signals);
+}
+
+/// Get Signal Flags status of an active thread
+int32_t osSignalGet (osThreadId thread_id) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcSignalGet(thread_id);
+}
+
+/// Wait for one or more Signal Flags to become signaled for the current RUNNING thread
+os_InRegs osEvent osSignalWait (int32_t signals, uint32_t millisec) {
+  osEvent ret;
+
+  if (__get_CONTROL() == MODE_IRQ) {                      // Not allowed in ISR
+    ret.status = osErrorISR;
+    return ret;
+  }
+  return __svcSignalWait(signals, millisec);
+}
+
+
+// ==== Mutex Management ====
+
+// Mutex Service Calls declarations
+SVC_1_1(svcMutexCreate,  osMutexId, osMutexDef_t *,           RET_pointer)
+SVC_2_1(svcMutexWait,    osStatus,  osMutexId,      uint32_t, RET_osStatus)
+SVC_1_1(svcMutexRelease, osStatus,  osMutexId,                RET_osStatus)
+SVC_1_1(svcMutexDelete,  osStatus,  osMutexId,                RET_osStatus)
+
+// Mutex Service Calls
+
+/// Create and Initialize a Mutex object
+osMutexId svcMutexCreate (osMutexDef_t *mutex_def) {
+  OS_ID mut;
+
+  if (mutex_def == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  mut = mutex_def->mutex;
+  if (mut == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_MUCB)mut)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  rt_mut_init(mut);                             // Initialize Mutex
+
+  return mut;
+}
+
+/// Wait until a Mutex becomes available
+osStatus svcMutexWait (osMutexId mutex_id, uint32_t millisec) {
+  OS_ID     mut;
+  OS_RESULT res;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  res = rt_mut_wait(mut, rt_ms2tick(millisec)); // Wait for Mutex
+
+  if (res == OS_R_TMO) {
+    return (millisec ? osErrorTimeoutResource : osErrorResource);
+  }
+
+  return osOK;
+}
+
+/// Release a Mutex that was obtained with osMutexWait
+osStatus svcMutexRelease (osMutexId mutex_id) {
+  OS_ID     mut;
+  OS_RESULT res;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  res = rt_mut_release(mut);                    // Release Mutex
+
+  if (res == OS_R_NOK) return osErrorResource;  // Thread not owner or Zero Counter
+
+  return osOK;
+}
+
+/// Delete a Mutex that was created by osMutexCreate
+osStatus svcMutexDelete (osMutexId mutex_id) {
+  OS_ID mut;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  rt_mut_delete(mut);                           // Release Mutex
+
+  return osOK;
+}
+
+
+// Mutex Public API
+
+/// Create and Initialize a Mutex object
+osMutexId osMutexCreate (osMutexDef_t *mutex_def) {
+  if (__get_CONTROL() == MODE_IRQ) return NULL;           // Not allowed in ISR
+  if ((__get_CONTROL() == MODE_SUPERVISOR) && (os_running == 0)) {
+    // Privileged and not running
+    return    svcMutexCreate(mutex_def);
+  } else {
+    return __svcMutexCreate(mutex_def);
+  }
+}
+
+/// Wait until a Mutex becomes available
+osStatus osMutexWait (osMutexId mutex_id, uint32_t millisec) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexWait(mutex_id, millisec);
+}
+
+/// Release a Mutex that was obtained with osMutexWait
+osStatus osMutexRelease (osMutexId mutex_id) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexRelease(mutex_id);
+}
+
+/// Delete a Mutex that was created by osMutexCreate
+osStatus osMutexDelete (osMutexId mutex_id) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexDelete(mutex_id);
+}
+
+
+// ==== Semaphore Management ====
+
+// Semaphore Service Calls declarations
+SVC_2_1(svcSemaphoreCreate,  osSemaphoreId, const osSemaphoreDef_t *,  int32_t, RET_pointer)
+SVC_2_1(svcSemaphoreWait,    int32_t,       osSemaphoreId,      uint32_t, RET_int32_t)
+SVC_1_1(svcSemaphoreRelease, osStatus,      osSemaphoreId,                RET_osStatus)
+SVC_1_1(svcSemaphoreDelete,  osStatus,            osSemaphoreId,                RET_osStatus)
+
+// Semaphore Service Calls
+
+/// Create and Initialize a Semaphore object
+osSemaphoreId svcSemaphoreCreate (const osSemaphoreDef_t *semaphore_def, int32_t count) {
+  OS_ID sem;
+
+  if (semaphore_def == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  sem = semaphore_def->semaphore;
+  if (sem == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_SCB)sem)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (count > osFeature_Semaphore) {
+    sysThreadError(osErrorValue);
+    return NULL;
+  }
+
+  rt_sem_init(sem, count);                      // Initialize Semaphore
+
+  return sem;
+}
+
+/// Wait until a Semaphore becomes available
+int32_t svcSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec) {
+  OS_ID     sem;
+  OS_RESULT res;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return -1;
+
+  if (((P_SCB)sem)->cb_type != SCB) return -1;
+
+  res = rt_sem_wait(sem, rt_ms2tick(millisec)); // Wait for Semaphore
+
+  if (res == OS_R_TMO) return 0;                // Timeout
+
+  return (((P_SCB)sem)->tokens + 1);
+}
+
+/// Release a Semaphore
+osStatus svcSemaphoreRelease (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  if (((P_SCB)sem)->tokens == osFeature_Semaphore) return osErrorResource;
+
+  rt_sem_send(sem);                             // Release Semaphore
+
+  return osOK;
+}
+
+/// Delete a Semaphore that was created by osSemaphoreCreate
+osStatus svcSemaphoreDelete (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  rt_sem_delete(sem);                           // Delete Semaphore
+
+  return osOK;
+}
+
+
+// Semaphore ISR Calls
+
+/// Release a Semaphore
+static __INLINE osStatus isrSemaphoreRelease (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  if (((P_SCB)sem)->tokens == osFeature_Semaphore) return osErrorResource;
+
+  isr_sem_send(sem);                            // Release Semaphore
+
+  return osOK;
+}
+
+
+// Semaphore Public API
+
+/// Create and Initialize a Semaphore object
+osSemaphoreId osSemaphoreCreate (osSemaphoreDef_t *semaphore_def, int32_t count) {
+  if (__get_CONTROL() == MODE_IRQ) return NULL;           // Not allowed in ISR
+  if ((__get_CONTROL() == MODE_SUPERVISOR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcSemaphoreCreate(semaphore_def, count);
+  } else {
+    return __svcSemaphoreCreate(semaphore_def, count);
+  }
+}
+
+/// Wait until a Semaphore becomes available
+int32_t osSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec) {
+  if (__get_CONTROL() == MODE_IRQ) return -1;             // Not allowed in ISR
+  return __svcSemaphoreWait(semaphore_id, millisec);
+}
+
+/// Release a Semaphore
+osStatus osSemaphoreRelease (osSemaphoreId semaphore_id) {
+  if (__get_CONTROL() == MODE_IRQ) {                      // in ISR
+    return   isrSemaphoreRelease(semaphore_id);
+  } else {                                      // in Thread
+    return __svcSemaphoreRelease(semaphore_id);
+  }
+}
+
+/// Delete a Semaphore that was created by osSemaphoreCreate
+osStatus osSemaphoreDelete (osSemaphoreId semaphore_id) {
+  if (__get_CONTROL() == MODE_IRQ) return osErrorISR;     // Not allowed in ISR
+  return __svcSemaphoreDelete(semaphore_id);
+}
+
+
+// ==== Memory Management Functions ====
+
+// Memory Management Helper Functions
+
+// Clear Memory Box (Zero init)
+static void rt_clr_box (void *box_mem, void *box) {
+  uint32_t *p, n;
+
+  if (box) {
+    p = box;
+    for (n = ((P_BM)box_mem)->blk_size; n; n -= 4) {
+      *p++ = 0;
+    }
+  }
+}
+
+// Memory Management Service Calls declarations
+SVC_1_1(svcPoolCreate, osPoolId, const osPoolDef_t *,           RET_pointer)
+SVC_2_1(sysPoolAlloc,  void *,   osPoolId,      uint32_t, RET_pointer)
+SVC_2_1(sysPoolFree,   osStatus, osPoolId,      void *,   RET_osStatus)
+
+// Memory Management Service & ISR Calls
+
+/// Create and Initialize memory pool
+osPoolId svcPoolCreate (const osPoolDef_t *pool_def) {
+  uint32_t blk_sz;
+
+  if ((pool_def == NULL) ||
+      (pool_def->pool_sz == 0) ||
+      (pool_def->item_sz == 0) ||
+      (pool_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  blk_sz = (pool_def->item_sz + 3) & ~3;
+
+  _init_box(pool_def->pool, sizeof(struct OS_BM) + pool_def->pool_sz * blk_sz, blk_sz);
+
+  return pool_def->pool;
+}
+
+/// Allocate a memory block from a memory pool
+void *sysPoolAlloc (osPoolId pool_id, uint32_t clr) {
+  void *ptr;
+
+  if (pool_id == NULL) return NULL;
+
+  ptr = rt_alloc_box(pool_id);
+  if (clr) {
+    rt_clr_box(pool_id, ptr);
+  }
+
+  return ptr;
+}
+
+/// Return an allocated memory block back to a specific memory pool
+osStatus sysPoolFree (osPoolId pool_id, void *block) {
+  int32_t res;
+
+  if (pool_id == NULL) return osErrorParameter;
+
+  res = rt_free_box(pool_id, block);
+  if (res != 0) return osErrorValue;
+
+  return osOK;
+}
+
+
+// Memory Management Public API
+
+/// Create and Initialize memory pool
+osPoolId osPoolCreate (osPoolDef_t *pool_def) {
+  if (__get_CONTROL() == MODE_IRQ) return NULL;           // Not allowed in ISR
+  if ((__get_CONTROL() == MODE_SUPERVISOR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcPoolCreate(pool_def);
+  } else {
+    return __svcPoolCreate(pool_def);
+  }
+}
+
+/// Allocate a memory block from a memory pool
+void *osPoolAlloc (osPoolId pool_id) {
+  if ((__get_CONTROL() == MODE_IRQ) || (__get_CONTROL()  == MODE_SUPERVISOR)) {    // in ISR or Privileged
+    return   sysPoolAlloc(pool_id, 0);
+  } else {                                      // in Thread
+    return __sysPoolAlloc(pool_id, 0);
+  }
+}
+
+/// Allocate a memory block from a memory pool and set memory block to zero
+void *osPoolCAlloc (osPoolId pool_id) {
+  if ((__get_CONTROL() == MODE_IRQ) || (__get_CONTROL() == MODE_SUPERVISOR)) {    // in ISR or Privileged
+    return   sysPoolAlloc(pool_id, 1);
+  } else {                                      // in Thread
+    return __sysPoolAlloc(pool_id, 1);
+  }
+}
+
+/// Return an allocated memory block back to a specific memory pool
+osStatus osPoolFree (osPoolId pool_id, void *block) {
+  if ((__get_CONTROL() == MODE_IRQ) || (__get_CONTROL() == MODE_SUPERVISOR)) {    // in ISR or Privileged
+    return   sysPoolFree(pool_id, block);
+  } else {                                      // in Thread
+    return __sysPoolFree(pool_id, block);
+  }
+}
+
+
+// ==== Message Queue Management Functions ====
+
+// Message Queue Management Service Calls declarations
+SVC_2_1(svcMessageCreate,        osMessageQId,    osMessageQDef_t *, osThreadId,           RET_pointer)
+SVC_3_1(svcMessagePut,              osStatus,     osMessageQId,      uint32_t,   uint32_t, RET_osStatus)
+SVC_2_3(svcMessageGet,    os_InRegs osEvent,      osMessageQId,      uint32_t,             RET_osEvent)
+
+// Message Queue Service Calls
+
+/// Create and Initialize Message Queue
+osMessageQId svcMessageCreate (osMessageQDef_t *queue_def, osThreadId thread_id) {
+
+  if ((queue_def == NULL) ||
+      (queue_def->queue_sz == 0) ||
+      (queue_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_MCB)queue_def->pool)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  rt_mbx_init(queue_def->pool, 4*(queue_def->queue_sz + 4));
+
+  return queue_def->pool;
+}
+
+/// Put a Message to a Queue
+osStatus svcMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+  OS_RESULT res;
+
+  if (queue_id == NULL) return osErrorParameter;
+
+  if (((P_MCB)queue_id)->cb_type != MCB) return osErrorParameter;
+
+  res = rt_mbx_send(queue_id, (void *)info, rt_ms2tick(millisec));
+
+  if (res == OS_R_TMO) {
+    return (millisec ? osErrorTimeoutResource : osErrorResource);
+  }
+
+  return osOK;
+}
+
+/// Get a Message or Wait for a Message from a Queue
+os_InRegs osEvent_type svcMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if (queue_id == NULL) {
+    ret.status = osErrorParameter;
+    return osEvent_ret_status;
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) {
+    ret.status = osErrorParameter;
+    return osEvent_ret_status;
+  }
+
+  res = rt_mbx_wait(queue_id, &ret.value.p, rt_ms2tick(millisec));
+
+  if (res == OS_R_TMO) {
+    ret.status = millisec ? osEventTimeout : osOK;
+    return osEvent_ret_value;
+  }
+
+  ret.status = osEventMessage;
+
+  return osEvent_ret_value;
+}
+
+
+// Message Queue ISR Calls
+
+/// Put a Message to a Queue
+static __INLINE osStatus isrMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+
+  if ((queue_id == NULL) || (millisec != 0)) {
+    return osErrorParameter;
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) return osErrorParameter;
+
+  if (rt_mbx_check(queue_id) == 0) {            // Check if Queue is full
+    return osErrorResource;
+  }
+
+  isr_mbx_send(queue_id, (void *)info);
+
+  return osOK;
+}
+
+/// Get a Message or Wait for a Message from a Queue
+static __INLINE os_InRegs osEvent isrMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if ((queue_id == NULL) || (millisec != 0)) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  res = isr_mbx_receive(queue_id, &ret.value.p);
+
+  if (res != OS_R_MBX) {
+    ret.status = osOK;
+    return ret;
+  }
+
+  ret.status = osEventMessage;
+
+  return ret;
+}
+
+
+// Message Queue Management Public API
+
+/// Create and Initialize Message Queue
+osMessageQId osMessageCreate (osMessageQDef_t *queue_def, osThreadId thread_id) {
+  if (__get_CONTROL() == MODE_IRQ) return NULL;           // Not allowed in ISR
+  if ((__get_CONTROL() == MODE_SUPERVISOR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcMessageCreate(queue_def, thread_id);
+  } else {
+    return __svcMessageCreate(queue_def, thread_id);
+  }
+}
+
+/// Put a Message to a Queue
+osStatus osMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+  if (__get_CONTROL() == MODE_IRQ) {                      // in ISR
+    return   isrMessagePut(queue_id, info, millisec);
+  } else {                                      // in Thread
+    return __svcMessagePut(queue_id, info, millisec);
+  }
+}
+
+/// Get a Message or Wait for a Message from a Queue
+os_InRegs osEvent osMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  if (__get_CONTROL() == MODE_IRQ) {                      // in ISR
+    return   isrMessageGet(queue_id, millisec);
+  } else {                                      // in Thread
+    return __svcMessageGet(queue_id, millisec);
+  }
+}
+
+
+// ==== Mail Queue Management Functions ====
+
+// Mail Queue Management Service Calls declarations
+SVC_2_1(svcMailCreate, osMailQId, osMailQDef_t *, osThreadId,                   RET_pointer)
+SVC_4_1(sysMailAlloc,  void *,    osMailQId,      uint32_t, uint32_t, uint32_t, RET_pointer)
+SVC_3_1(sysMailFree,   osStatus,  osMailQId,      void *,   uint32_t,           RET_osStatus)
+
+// Mail Queue Management Service & ISR Calls
+
+/// Create and Initialize mail queue
+osMailQId svcMailCreate (osMailQDef_t *queue_def, osThreadId thread_id) {
+  uint32_t blk_sz;
+  P_MCB    pmcb;
+  void    *pool;
+
+  if ((queue_def == NULL) ||
+      (queue_def->queue_sz == 0) ||
+      (queue_def->item_sz  == 0) ||
+      (queue_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  pmcb = *(((void **)queue_def->pool) + 0);
+  pool = *(((void **)queue_def->pool) + 1);
+
+  if ((pool == NULL) || (pmcb == NULL) || (pmcb->cb_type != 0)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  blk_sz = (queue_def->item_sz + 3) & ~3;
+
+  _init_box(pool, sizeof(struct OS_BM) + queue_def->queue_sz * blk_sz, blk_sz);
+
+  rt_mbx_init(pmcb, 4*(queue_def->queue_sz + 4));
+
+
+  return queue_def->pool;
+}
+
+/// Allocate a memory block from a mail
+void *sysMailAlloc (osMailQId queue_id, uint32_t millisec, uint32_t isr, uint32_t clr) {
+  P_MCB pmcb;
+  void *pool;
+  void *mem;
+
+  if (queue_id == NULL) return NULL;
+
+  pmcb = *(((void **)queue_id) + 0);
+  pool = *(((void **)queue_id) + 1);
+
+  if ((pool == NULL) || (pmcb == NULL)) return NULL;
+
+  if (isr && (millisec != 0)) return NULL;
+
+  mem = rt_alloc_box(pool);
+  if (clr) {
+    rt_clr_box(pool, mem);
+  }
+
+  if ((mem == NULL) && (millisec != 0)) {
+    // Put Task to sleep when Memory not available
+    if (pmcb->p_lnk != NULL) {
+      rt_put_prio((P_XCB)pmcb, os_tsk.run);
+    } else {
+      pmcb->p_lnk = os_tsk.run;
+      os_tsk.run->p_lnk = NULL;
+      os_tsk.run->p_rlnk = (P_TCB)pmcb;
+      // Task is waiting to allocate a message
+      pmcb->state = 3;
+    }
+    rt_block(rt_ms2tick(millisec), WAIT_MBX);
+  }
+
+  return mem;
+}
+
+/// Free a memory block from a mail
+osStatus sysMailFree (osMailQId queue_id, void *mail, uint32_t isr) {
+  P_MCB   pmcb;
+  P_TCB   ptcb;
+  void   *pool;
+  void   *mem;
+  int32_t res;
+
+  if (queue_id == NULL) return osErrorParameter;
+
+  pmcb = *(((void **)queue_id) + 0);
+  pool = *(((void **)queue_id) + 1);
+
+  if ((pmcb == NULL) || (pool == NULL)) return osErrorParameter;
+
+  res = rt_free_box(pool, mail);
+
+  if (res != 0) return osErrorValue;
+
+  if (pmcb->state == 3) {
+    // Task is waiting to allocate a message
+    if (isr) {
+      rt_psq_enq (pmcb, (U32)pool);
+      rt_psh_req ();
+    } else {
+      mem = rt_alloc_box(pool);
+      if (mem != NULL) {
+        ptcb = rt_get_first((P_XCB)pmcb);
+        if (pmcb->p_lnk == NULL) {
+          pmcb->state = 0;
+        }
+        rt_ret_val(ptcb, (U32)mem);
+        rt_rmv_dly(ptcb);
+        rt_dispatch(ptcb);
+      }
+    }
+  }
+
+  return osOK;
+}
+
+
+// Mail Queue Management Public API
+
+/// Create and Initialize mail queue
+osMailQId osMailCreate (osMailQDef_t *queue_def, osThreadId thread_id) {
+  if (__get_CONTROL() == MODE_IRQ) return NULL;           // Not allowed in ISR
+  if ((__get_CONTROL() == MODE_SUPERVISOR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcMailCreate(queue_def, thread_id);
+  } else {
+    return __svcMailCreate(queue_def, thread_id);
+  }
+}
+
+/// Allocate a memory block from a mail
+void *osMailAlloc (osMailQId queue_id, uint32_t millisec) {
+  if (__get_CONTROL() == MODE_IRQ) {                      // in ISR
+    return   sysMailAlloc(queue_id, millisec, 1, 0);
+  } else {                                      // in Thread
+    return __sysMailAlloc(queue_id, millisec, 0, 0);
+  }
+}
+
+/// Allocate a memory block from a mail and set memory block to zero
+void *osMailCAlloc (osMailQId queue_id, uint32_t millisec) {
+  if (__get_CONTROL() == MODE_IRQ) {                      // in ISR
+    return   sysMailAlloc(queue_id, millisec, 1, 1);
+  } else {                                      // in Thread
+    return __sysMailAlloc(queue_id, millisec, 0, 1);
+  }
+}
+
+/// Free a memory block from a mail
+osStatus osMailFree (osMailQId queue_id, void *mail) {
+  if (__get_CONTROL() == MODE_IRQ) {                      // in ISR
+    return   sysMailFree(queue_id, mail, 1);
+  } else {                                      // in Thread
+    return __sysMailFree(queue_id, mail, 0);
+  }
+}
+
+/// Put a mail to a queue
+osStatus osMailPut (osMailQId queue_id, void *mail) {
+  if (queue_id == NULL) return osErrorParameter;
+  if (mail == NULL)     return osErrorValue;
+  return osMessagePut(*((void **)queue_id), (uint32_t)mail, 0);
+}
+
+/// Get a mail from a queue
+os_InRegs osEvent osMailGet (osMailQId queue_id, uint32_t millisec) {
+  osEvent ret;
+
+  if (queue_id == NULL) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  ret = osMessageGet(*((void **)queue_id), millisec);
+  if (ret.status == osEventMessage) ret.status = osEventMail;
+
+  return ret;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Event.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,190 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_EVENT.C
+ *      Purpose: Implements waits and wake-ups for event flags
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_evt_wait -----------------------------------*/
+
+OS_RESULT rt_evt_wait (U16 wait_flags, U16 timeout, BOOL and_wait) {
+  /* Wait for one or more event flags with optional time-out.                */
+  /* "wait_flags" identifies the flags to wait for.                          */
+  /* "timeout" is the time-out limit in system ticks (0xffff if no time-out) */
+  /* "and_wait" specifies the AND-ing of "wait_flags" as condition to be met */
+  /* to complete the wait. (OR-ing if set to 0).                             */
+  U32 block_state;
+
+  if (and_wait) {
+    /* Check for AND-connected events */
+    if ((os_tsk.run->events & wait_flags) == wait_flags) {
+      os_tsk.run->events &= ~wait_flags;
+      return (OS_R_EVT);
+    }
+    block_state = WAIT_AND;
+  }
+  else {
+    /* Check for OR-connected events */
+    if (os_tsk.run->events & wait_flags) {
+      os_tsk.run->waits = os_tsk.run->events & wait_flags;
+      os_tsk.run->events &= ~wait_flags;
+      return (OS_R_EVT);
+    }
+    block_state = WAIT_OR;
+  }
+  /* Task has to wait */
+  os_tsk.run->waits = wait_flags;
+  rt_block (timeout, (U8)block_state);
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- rt_evt_set ------------------------------------*/
+
+void rt_evt_set (U16 event_flags, OS_TID task_id) {
+  /* Set one or more event flags of a selectable task. */
+  P_TCB p_tcb;
+
+  p_tcb = os_active_TCB[task_id-1];
+  if (p_tcb == NULL) {
+    return;
+  }
+  p_tcb->events |= event_flags;
+  event_flags    = p_tcb->waits;
+  /* If the task is not waiting for an event, it should not be put */
+  /* to ready state. */
+  if (p_tcb->state == WAIT_AND) {
+    /* Check for AND-connected events */
+    if ((p_tcb->events & event_flags) == event_flags) {
+      goto wkup;
+    }
+  }
+  if (p_tcb->state == WAIT_OR) {
+    /* Check for OR-connected events */
+    if (p_tcb->events & event_flags) {
+      p_tcb->waits  &= p_tcb->events;
+wkup: p_tcb->events &= ~event_flags;
+      rt_rmv_dly (p_tcb);
+      p_tcb->state   = READY;
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_tcb, 0x08/*osEventSignal*/, p_tcb->waits);
+#else
+      rt_ret_val (p_tcb, OS_R_EVT);
+#endif
+      rt_dispatch (p_tcb);
+    }
+  }
+}
+
+
+/*--------------------------- rt_evt_clr ------------------------------------*/
+
+void rt_evt_clr (U16 clear_flags, OS_TID task_id) {
+  /* Clear one or more event flags (identified by "clear_flags") of a */
+  /* selectable task (identified by "task"). */
+  P_TCB task = os_active_TCB[task_id-1];
+
+  if (task == NULL) {
+    return;
+  }
+  task->events &= ~clear_flags;
+}
+
+
+/*--------------------------- isr_evt_set -----------------------------------*/
+
+void isr_evt_set (U16 event_flags, OS_TID task_id) {
+  /* Same function as "os_evt_set", but to be called by ISRs. */
+  P_TCB p_tcb = os_active_TCB[task_id-1];
+
+  if (p_tcb == NULL) {
+    return;
+  }
+  rt_psq_enq (p_tcb, event_flags);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- rt_evt_get ------------------------------------*/
+
+U16 rt_evt_get (void) {
+  /* Get events of a running task after waiting for OR connected events. */
+  return (os_tsk.run->waits);
+}
+
+
+/*--------------------------- rt_evt_psh ------------------------------------*/
+
+void rt_evt_psh (P_TCB p_CB, U16 set_flags) {
+  /* Check if task has to be waken up */
+  U16 event_flags;
+
+  p_CB->events |= set_flags;
+  event_flags = p_CB->waits;
+  if (p_CB->state == WAIT_AND) {
+    /* Check for AND-connected events */
+    if ((p_CB->events & event_flags) == event_flags) {
+      goto rdy;
+    }
+  }
+  if (p_CB->state == WAIT_OR) {
+    /* Check for OR-connected events */
+    if (p_CB->events & event_flags) {
+      p_CB->waits  &= p_CB->events;
+rdy:  p_CB->events &= ~event_flags;
+      rt_rmv_dly (p_CB);
+      p_CB->state   = READY;
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_CB, 0x08/*osEventSignal*/, p_CB->waits);
+#else
+      rt_ret_val (p_CB, OS_R_EVT);
+#endif
+      rt_put_prio (&os_rdy, p_CB);
+    }
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Event.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_EVENT.H
+ *      Purpose: Implements waits and wake-ups for event flags
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern OS_RESULT rt_evt_wait (U16 wait_flags,  U16 timeout, BOOL and_wait);
+extern void      rt_evt_set  (U16 event_flags, OS_TID task_id);
+extern void      rt_evt_clr  (U16 clear_flags, OS_TID task_id);
+extern void      isr_evt_set (U16 event_flags, OS_TID task_id);
+extern U16       rt_evt_get  (void);
+extern void      rt_evt_psh  (P_TCB p_CB, U16 set_flags);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_HAL_CM.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,216 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_HAL_CM.H
+ *      Purpose: Hardware Abstraction Layer for Cortex-M definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "cmsis.h"
+/* Definitions */
+#define INITIAL_xPSR    0x10000000
+#define DEMCR_TRCENA    0x01000000
+#define ITM_ITMENA      0x00000001
+#define MAGIC_WORD      0xE25A2EA5
+
+#define SYS_TICK_IRQn TIMER0_IRQn
+
+extern void rt_set_PSP (U32 stack);
+extern U32  rt_get_PSP (void);
+extern void os_set_env (void);
+extern void SysTick_Handler (void);
+extern void *_alloc_box (void *box_mem);
+extern int  _free_box (void *box_mem, void *box);
+
+extern void rt_init_stack (P_TCB p_TCB, FUNCP task_body);
+extern void rt_ret_val  (P_TCB p_TCB, U32 v0);
+extern void rt_ret_val2 (P_TCB p_TCB, U32 v0, U32 v1);
+
+extern void dbg_init (void);
+extern void dbg_task_notify (P_TCB p_tcb, BOOL create);
+extern void dbg_task_switch (U32 task_id);
+
+
+#if defined (__CC_ARM)          /* ARM Compiler */
+
+#if ((__TARGET_ARCH_7_M || __TARGET_ARCH_7E_M) && !NO_EXCLUSIVE_ACCESS)
+ #define __USE_EXCLUSIVE_ACCESS
+#else
+ #undef  __USE_EXCLUSIVE_ACCESS
+#endif
+
+#elif defined (__GNUC__)        /* GNU Compiler */
+
+#undef  __USE_EXCLUSIVE_ACCESS
+
+#if defined (__CORTEX_M0) || defined (__CORTEX_M0PLUS)
+#define __TARGET_ARCH_6S_M 1
+#else
+#define __TARGET_ARCH_6S_M 0
+#endif
+
+#if defined (__VFP_FP__) && !defined(__SOFTFP__)
+#define __TARGET_FPU_VFP 1
+#else
+#define __TARGET_FPU_VFP 0
+#endif
+
+#define __inline inline
+#define __weak   __attribute__((weak))
+
+
+#elif defined (__ICCARM__)      /* IAR Compiler */
+
+#undef  __USE_EXCLUSIVE_ACCESS
+
+#if (__CORE__ == __ARM6M__)
+#define __TARGET_ARCH_6S_M 1
+#else
+#define __TARGET_ARCH_6S_M 0
+#endif
+
+#if defined __ARMVFP__
+#define __TARGET_FPU_VFP 1
+#else
+#define __TARGET_FPU_VFP 0
+#endif
+
+#define __inline inline
+
+#endif
+
+
+/* NVIC registers */
+
+#define OS_PEND_IRQ()   NVIC_PendIRQ(SYS_TICK_IRQn)
+#define OS_PENDING      NVIC_PendingIRQ(SYS_TICK_IRQn)
+#define OS_UNPEND(fl)   NVIC_UnpendIRQ(SYS_TICK_IRQn)
+#define OS_PEND(fl,p)   NVIC_PendIRQ(SYS_TICK_IRQn)
+#define OS_LOCK()       NVIC_DisableIRQ(SYS_TICK_IRQn)
+#define OS_UNLOCK()     NVIC_EnableIRQ(SYS_TICK_IRQn)
+
+#define OS_X_PENDING    NVIC_PendingIRQ(SYS_TICK_IRQn)
+#define OS_X_UNPEND(fl) NVIC_UnpendIRQ(SYS_TICK_IRQn)
+#define OS_X_PEND(fl,p) NVIC_PendIRQ(SYS_TICK_IRQn)
+
+#define OS_X_INIT(n)    NVIC_EnableIRQ(n)
+#define OS_X_LOCK(n)    NVIC_DisableIRQ(n)
+#define OS_X_UNLOCK(n)  NVIC_EnableIRQ(n)
+
+/* Variables */
+extern BIT dbg_msg;
+
+/* Functions */
+#ifdef __USE_EXCLUSIVE_ACCESS
+ #define rt_inc(p)     while(__strex((__ldrex(p)+1),p))
+ #define rt_dec(p)     while(__strex((__ldrex(p)-1),p))
+#else
+ #define rt_inc(p)     __disable_irq();(*p)++;__enable_irq();
+ #define rt_dec(p)     __disable_irq();(*p)--;__enable_irq();
+#endif
+
+__inline static U32 rt_inc_qi (U32 size, U8 *count, U8 *first) {
+  U32 cnt,c2;
+#ifdef __USE_EXCLUSIVE_ACCESS
+  do {
+    if ((cnt = __ldrex(count)) == size) {
+      __clrex();
+      return (cnt); }
+  } while (__strex(cnt+1, count));
+  do {
+    c2 = (cnt = __ldrex(first)) + 1;
+    if (c2 == size) c2 = 0;
+  } while (__strex(c2, first));
+#else
+  __disable_irq();
+  if ((cnt = *count) < size) {
+    *count = cnt+1;
+    c2 = (cnt = *first) + 1;
+    if (c2 == size) c2 = 0;
+    *first = c2;
+  }
+  __enable_irq ();
+#endif
+  return (cnt);
+}
+
+__inline static void rt_systick_init (void) {
+#if SYS_TICK_IRQn == TIMER0_IRQn
+ #define SYS_TICK_TIMER  LPC_TIM0
+ LPC_SC->PCONP |= (1 << PCTIM0);
+ LPC_SC->PCLKSEL0 = (LPC_SC->PCLKSEL0 & (~(1<<3))) | (1<<2); //PCLK == CPUCLK
+#elif SYS_TICK_IRQn == TIMER1_IRQn
+ #define SYS_TICK_TIMER LPC_TIM1
+ LPC_SC->PCONP |= (1 << PCTIM1);
+ LPC_SC->PCLKSEL0 = (LPC_SC->PCLKSEL0 & (~(1<<5))) | (1<<4); //PCLK == CPUCLK
+#elif SYS_TICK_IRQn == TIMER2_IRQn
+ #define SYS_TICK_TIMER LPC_TIM2
+ LPC_SC->PCONP |= (1 << PCTIM2);
+ LPC_SC->PCLKSEL1 = (LPC_SC->PCLKSEL1 & (~(1<<13))) | (1<<12); //PCLK == CPUCLK
+#else
+ #define SYS_TICK_TIMER LPC_TIM3
+ LPC_SC->PCONP |= (1 << PCTIM3);
+ LPC_SC->PCLKSEL1 = (LPC_SC->PCLKSEL1 & (~(1<<15))) | (1<<14); //PCLK == CPUCLK
+#endif
+
+  // setup Timer to count forever
+  //interrupt_reg
+  SYS_TICK_TIMER->TCR = 2; // reset & disable timer 0
+  SYS_TICK_TIMER->TC = os_trv;
+  SYS_TICK_TIMER->PR = 0; // set the prescale divider
+  //Reset of TC and Interrupt when MR3  MR2 matches TC
+  SYS_TICK_TIMER->MCR = (1 << 9) |(1 << 10); //TMCR_MR3_R_Msk | TMCR_MR3_I_Msk
+  SYS_TICK_TIMER->MR3 = os_trv; // match registers
+  SYS_TICK_TIMER->CCR = 0; // disable compare registers
+  SYS_TICK_TIMER->EMR = 0; // disable external match register
+  // initialize the interrupt vector
+  NVIC_SetVector(SYS_TICK_IRQn, (uint32_t)&SysTick_Handler);
+  SYS_TICK_TIMER->TCR = 1; // enable timer 0
+}
+
+__inline static void rt_svc_init (void) {
+// TODO: add svcInit
+
+}
+
+#ifdef DBG_MSG
+#define DBG_INIT() dbg_init()
+#define DBG_TASK_NOTIFY(p_tcb,create) if (dbg_msg) dbg_task_notify(p_tcb,create)
+#define DBG_TASK_SWITCH(task_id)      if (dbg_msg && (os_tsk.new_tsk != os_tsk.run)) \
+                                                   dbg_task_switch(task_id)
+#else
+#define DBG_INIT()
+#define DBG_TASK_NOTIFY(p_tcb,create)
+#define DBG_TASK_SWITCH(task_id)
+#endif
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_List.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,320 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_LIST.C
+ *      Purpose: Functions for the management of different lists
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* List head of chained ready tasks */
+struct OS_XCB  os_rdy;
+/* List head of chained delay tasks */
+struct OS_XCB  os_dly;
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_put_prio -----------------------------------*/
+
+void rt_put_prio (P_XCB p_CB, P_TCB p_task) {
+  /* Put task identified with "p_task" into list ordered by priority.       */
+  /* "p_CB" points to head of list; list has always an element at end with  */
+  /* a priority less than "p_task->prio".                                   */
+  P_TCB p_CB2;
+  U32 prio;
+  BOOL sem_mbx = __FALSE;
+
+  if (p_CB->cb_type == SCB || p_CB->cb_type == MCB || p_CB->cb_type == MUCB) {
+    sem_mbx = __TRUE;
+  }
+  prio = p_task->prio;
+  p_CB2 = p_CB->p_lnk;
+  /* Search for an entry in the list */
+  while (p_CB2 != NULL && prio <= p_CB2->prio) {
+    p_CB = (P_XCB)p_CB2;
+    p_CB2 = p_CB2->p_lnk;
+  }
+  /* Entry found, insert the task into the list */
+  p_task->p_lnk = p_CB2;
+  p_CB->p_lnk = p_task;
+  if (sem_mbx) {
+    if (p_CB2 != NULL) {
+      p_CB2->p_rlnk = p_task;
+    }
+    p_task->p_rlnk = (P_TCB)p_CB;
+  }
+  else {
+    p_task->p_rlnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_get_first ----------------------------------*/
+
+P_TCB rt_get_first (P_XCB p_CB) {
+  /* Get task at head of list: it is the task with highest priority. */
+  /* "p_CB" points to head of list. */
+  P_TCB p_first;
+
+  p_first = p_CB->p_lnk;
+  p_CB->p_lnk = p_first->p_lnk;
+  if (p_CB->cb_type == SCB || p_CB->cb_type == MCB || p_CB->cb_type == MUCB) {
+    if (p_first->p_lnk != NULL) {
+      p_first->p_lnk->p_rlnk = (P_TCB)p_CB;
+      p_first->p_lnk = NULL;
+    }
+    p_first->p_rlnk = NULL;
+  }
+  else {
+    p_first->p_lnk = NULL;
+  }
+  return (p_first);
+}
+
+
+/*--------------------------- rt_put_rdy_first ------------------------------*/
+
+void rt_put_rdy_first (P_TCB p_task) {
+  /* Put task identified with "p_task" at the head of the ready list. The   */
+  /* task must have at least a priority equal to highest priority in list.  */
+  p_task->p_lnk = os_rdy.p_lnk;
+  p_task->p_rlnk = NULL;
+  os_rdy.p_lnk = p_task;
+}
+
+
+/*--------------------------- rt_get_same_rdy_prio --------------------------*/
+
+P_TCB rt_get_same_rdy_prio (void) {
+  /* Remove a task of same priority from ready list if any exists. Other-   */
+  /* wise return NULL.                                                      */
+  P_TCB p_first;
+
+  p_first = os_rdy.p_lnk;
+  if (p_first->prio == os_tsk.run->prio) {
+    os_rdy.p_lnk = os_rdy.p_lnk->p_lnk;
+    return (p_first);
+  }
+  return (NULL);
+}
+
+
+/*--------------------------- rt_resort_prio --------------------------------*/
+
+void rt_resort_prio (P_TCB p_task) {
+  /* Re-sort ordered lists after the priority of 'p_task' has changed.      */
+  P_TCB p_CB;
+
+  if (p_task->p_rlnk == NULL) {
+    if (p_task->state == READY) {
+      /* Task is chained into READY list. */
+      p_CB = (P_TCB)&os_rdy;
+      goto res;
+    }
+  }
+  else {
+    p_CB = p_task->p_rlnk;
+    while (p_CB->cb_type == TCB) {
+      /* Find a header of this task chain list. */
+      p_CB = p_CB->p_rlnk;
+    }
+res:rt_rmv_list (p_task);
+    rt_put_prio ((P_XCB)p_CB, p_task);
+  }
+}
+
+
+/*--------------------------- rt_put_dly ------------------------------------*/
+
+void rt_put_dly (P_TCB p_task, U16 delay) {
+  /* Put a task identified with "p_task" into chained delay wait list using */
+  /* a delay value of "delay".                                              */
+  P_TCB p;
+  U32 delta,idelay = delay;
+
+  p = (P_TCB)&os_dly;
+  if (p->p_dlnk == NULL) {
+    /* Delay list empty */
+    delta = 0;
+    goto last;
+  }
+  delta = os_dly.delta_time;
+  while (delta < idelay) {
+    if (p->p_dlnk == NULL) {
+      /* End of list found */
+last: p_task->p_dlnk = NULL;
+      p->p_dlnk = p_task;
+      p_task->p_blnk = p;
+      p->delta_time = (U16)(idelay - delta);
+      p_task->delta_time = 0;
+      return;
+    }
+    p = p->p_dlnk;
+    delta += p->delta_time;
+  }
+  /* Right place found */
+  p_task->p_dlnk = p->p_dlnk;
+  p->p_dlnk = p_task;
+  p_task->p_blnk = p;
+  if (p_task->p_dlnk != NULL) {
+    p_task->p_dlnk->p_blnk = p_task;
+  }
+  p_task->delta_time = (U16)(delta - idelay);
+  p->delta_time -= p_task->delta_time;
+}
+
+
+/*--------------------------- rt_dec_dly ------------------------------------*/
+
+void rt_dec_dly (void) {
+  /* Decrement delta time of list head: remove tasks having a value of zero.*/
+  P_TCB p_rdy;
+
+  if (os_dly.p_dlnk == NULL) {
+    return;
+  }
+  os_dly.delta_time--;
+  while ((os_dly.delta_time == 0) && (os_dly.p_dlnk != NULL)) {
+    p_rdy = os_dly.p_dlnk;
+    if (p_rdy->p_rlnk != NULL) {
+      /* Task is really enqueued, remove task from semaphore/mailbox */
+      /* timeout waiting list. */
+      p_rdy->p_rlnk->p_lnk = p_rdy->p_lnk;
+      if (p_rdy->p_lnk != NULL) {
+        p_rdy->p_lnk->p_rlnk = p_rdy->p_rlnk;
+        p_rdy->p_lnk = NULL;
+      }
+      p_rdy->p_rlnk = NULL;
+    }
+    rt_put_prio (&os_rdy, p_rdy);
+    os_dly.delta_time = p_rdy->delta_time;
+    if (p_rdy->state == WAIT_ITV) {
+      /* Calculate the next time for interval wait. */
+      p_rdy->delta_time = p_rdy->interval_time + (U16)os_time;
+    }
+    p_rdy->state   = READY;
+    os_dly.p_dlnk = p_rdy->p_dlnk;
+    if (p_rdy->p_dlnk != NULL) {
+      p_rdy->p_dlnk->p_blnk =  (P_TCB)&os_dly;
+      p_rdy->p_dlnk = NULL;
+    }
+    p_rdy->p_blnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_rmv_list -----------------------------------*/
+
+void rt_rmv_list (P_TCB p_task) {
+  /* Remove task identified with "p_task" from ready, semaphore or mailbox  */
+  /* waiting list if enqueued.                                              */
+  P_TCB p_b;
+
+  if (p_task->p_rlnk != NULL) {
+    /* A task is enqueued in semaphore / mailbox waiting list. */
+    p_task->p_rlnk->p_lnk = p_task->p_lnk;
+    if (p_task->p_lnk != NULL) {
+      p_task->p_lnk->p_rlnk = p_task->p_rlnk;
+    }
+    return;
+  }
+
+  p_b = (P_TCB)&os_rdy;
+  while (p_b != NULL) {
+    /* Search the ready list for task "p_task" */
+    if (p_b->p_lnk == p_task) {
+      p_b->p_lnk = p_task->p_lnk;
+      return;
+    }
+    p_b = p_b->p_lnk;
+  }
+}
+
+
+/*--------------------------- rt_rmv_dly ------------------------------------*/
+
+void rt_rmv_dly (P_TCB p_task) {
+  /* Remove task identified with "p_task" from delay list if enqueued.      */
+  P_TCB p_b;
+
+  p_b = p_task->p_blnk;
+  if (p_b != NULL) {
+    /* Task is really enqueued */
+    p_b->p_dlnk = p_task->p_dlnk;
+    if (p_task->p_dlnk != NULL) {
+      /* 'p_task' is in the middle of list */
+      p_b->delta_time += p_task->delta_time;
+      p_task->p_dlnk->p_blnk = p_b;
+      p_task->p_dlnk = NULL;
+    }
+    else {
+      /* 'p_task' is at the end of list */
+      p_b->delta_time = 0;
+    }
+    p_task->p_blnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_psq_enq ------------------------------------*/
+
+void rt_psq_enq (OS_ID entry, U32 arg) {
+  /* Insert post service request "entry" into ps-queue. */
+  U32 idx;
+
+  idx = rt_inc_qi (os_psq->size, &os_psq->count, &os_psq->first);
+  if (idx < os_psq->size) {
+    os_psq->q[idx].id  = entry;
+    os_psq->q[idx].arg = arg;
+  }
+  else {
+    os_error (OS_ERR_FIFO_OVF);
+  }
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_List.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,67 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_LIST.H
+ *      Purpose: Functions for the management of different lists
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+
+/* Values for 'cb_type' */
+#define TCB             0
+#define MCB             1
+#define SCB             2
+#define MUCB            3
+#define HCB             4
+
+/* Variables */
+extern struct OS_XCB os_rdy;
+extern struct OS_XCB os_dly;
+
+/* Functions */
+extern void  rt_put_prio      (P_XCB p_CB, P_TCB p_task);
+extern P_TCB rt_get_first     (P_XCB p_CB);
+extern void  rt_put_rdy_first (P_TCB p_task);
+extern P_TCB rt_get_same_rdy_prio (void);
+extern void  rt_resort_prio   (P_TCB p_task);
+extern void  rt_put_dly       (P_TCB p_task, U16 delay);
+extern void  rt_dec_dly       (void);
+extern void  rt_rmv_list      (P_TCB p_task);
+extern void  rt_rmv_dly       (P_TCB p_task);
+extern void  rt_psq_enq       (OS_ID entry, U32 arg);
+
+/* This is a fast macro generating in-line code */
+#define rt_rdy_prio(void) (os_rdy.p_lnk->prio)
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Mailbox.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,292 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MAILBOX.C
+ *      Purpose: Implements waits and wake-ups for mailbox messages
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Mailbox.h"
+#include "rt_MemBox.h"
+#include "rt_Task.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_mbx_init -----------------------------------*/
+
+void rt_mbx_init (OS_ID mailbox, U16 mbx_size) {
+  /* Initialize a mailbox */
+  P_MCB p_MCB = mailbox;
+
+  p_MCB->cb_type = MCB;
+  p_MCB->state   = 0;
+  p_MCB->isr_st  = 0;
+  p_MCB->p_lnk   = NULL;
+  p_MCB->first   = 0;
+  p_MCB->last    = 0;
+  p_MCB->count   = 0;
+  p_MCB->size    = (mbx_size + sizeof(void *) - sizeof(struct OS_MCB)) /
+                                                     (U32)sizeof (void *);
+}
+
+
+/*--------------------------- rt_mbx_send -----------------------------------*/
+
+OS_RESULT rt_mbx_send (OS_ID mailbox, void *p_msg, U16 timeout) {
+  /* Send message to a mailbox */
+  P_MCB p_MCB = mailbox;
+  P_TCB p_TCB;
+
+  if ((p_MCB->p_lnk != NULL) && (p_MCB->state == 1)) {
+    /* A task is waiting for message */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val2(p_TCB, 0x10/*osEventMessage*/, (U32)p_msg);
+#else
+    *p_TCB->msg = p_msg;
+    rt_ret_val (p_TCB, OS_R_MBX);
+#endif
+    rt_rmv_dly (p_TCB);
+    rt_dispatch (p_TCB);
+  }
+  else {
+    /* Store message in mailbox queue */
+    if (p_MCB->count == p_MCB->size) {
+      /* No free message entry, wait for one. If message queue is full, */
+      /* then no task is waiting for message. The 'p_MCB->p_lnk' list   */
+      /* pointer can now be reused for send message waits task list.    */
+      if (timeout == 0) {
+        return (OS_R_TMO);
+      }
+      if (p_MCB->p_lnk != NULL) {
+        rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+      }
+      else {
+        p_MCB->p_lnk = os_tsk.run;
+        os_tsk.run->p_lnk  = NULL;
+        os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+        /* Task is waiting to send a message */
+        p_MCB->state = 2;
+      }
+      os_tsk.run->msg = p_msg;
+      rt_block (timeout, WAIT_MBX);
+      return (OS_R_TMO);
+    }
+    /* Yes, there is a free entry in a mailbox. */
+    p_MCB->msg[p_MCB->first] = p_msg;
+    rt_inc (&p_MCB->count);
+    if (++p_MCB->first == p_MCB->size) {
+      p_MCB->first = 0;
+    }
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mbx_wait -----------------------------------*/
+
+OS_RESULT rt_mbx_wait (OS_ID mailbox, void **message, U16 timeout) {
+  /* Receive a message; possibly wait for it */
+  P_MCB p_MCB = mailbox;
+  P_TCB p_TCB;
+
+  /* If a message is available in the fifo buffer */
+  /* remove it from the fifo buffer and return. */
+  if (p_MCB->count) {
+    *message = p_MCB->msg[p_MCB->last];
+    if (++p_MCB->last == p_MCB->size) {
+      p_MCB->last = 0;
+    }
+    if ((p_MCB->p_lnk != NULL) && (p_MCB->state == 2)) {
+      /* A task is waiting to send message */
+      p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+      rt_ret_val(p_TCB, OS_R_OK);
+#endif
+      p_MCB->msg[p_MCB->first] = p_TCB->msg;
+      if (++p_MCB->first == p_MCB->size) {
+        p_MCB->first = 0;
+      }
+      rt_rmv_dly (p_TCB);
+      rt_dispatch (p_TCB);
+    }
+    else {
+      rt_dec (&p_MCB->count);
+    }
+    return (OS_R_OK);
+  }
+  /* No message available: wait for one */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  if (p_MCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+  }
+  else {
+    p_MCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+    /* Task is waiting to receive a message */
+    p_MCB->state = 1;
+  }
+  rt_block(timeout, WAIT_MBX);
+#ifndef __CMSIS_RTOS
+  os_tsk.run->msg = message;
+#endif
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- rt_mbx_check ----------------------------------*/
+
+OS_RESULT rt_mbx_check (OS_ID mailbox) {
+  /* Check for free space in a mailbox. Returns the number of messages     */
+  /* that can be stored to a mailbox. It returns 0 when mailbox is full.   */
+  P_MCB p_MCB = mailbox;
+
+  return (p_MCB->size - p_MCB->count);
+}
+
+
+/*--------------------------- isr_mbx_send ----------------------------------*/
+
+void isr_mbx_send (OS_ID mailbox, void *p_msg) {
+  /* Same function as "os_mbx_send", but to be called by ISRs. */
+  P_MCB p_MCB = mailbox;
+
+  rt_psq_enq (p_MCB, (U32)p_msg);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- isr_mbx_receive -------------------------------*/
+
+OS_RESULT isr_mbx_receive (OS_ID mailbox, void **message) {
+  /* Receive a message in the interrupt function. The interrupt function   */
+  /* should not wait for a message since this would block the rtx os.      */
+  P_MCB p_MCB = mailbox;
+
+  if (p_MCB->count) {
+    /* A message is available in the fifo buffer. */
+    *message = p_MCB->msg[p_MCB->last];
+    if (p_MCB->state == 2) {
+      /* A task is locked waiting to send message */
+      rt_psq_enq (p_MCB, 0);
+      rt_psh_req ();
+    }
+    rt_dec (&p_MCB->count);
+    if (++p_MCB->last == p_MCB->size) {
+      p_MCB->last = 0;
+    }
+    return (OS_R_MBX);
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mbx_psh ------------------------------------*/
+
+void rt_mbx_psh (P_MCB p_CB, void *p_msg) {
+  /* Store the message to the mailbox queue or pass it to task directly. */
+  P_TCB p_TCB;
+  void *mem;
+
+  if (p_CB->p_lnk != NULL) switch (p_CB->state) {
+#ifdef __CMSIS_RTOS
+    case 3:
+      /* Task is waiting to allocate memory, remove it from the waiting list */
+      mem = rt_alloc_box(p_msg);
+      if (mem == NULL) break;
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+      rt_ret_val(p_TCB, (U32)mem);
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+#endif
+    case 2:
+      /* Task is waiting to send a message, remove it from the waiting list */
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+      rt_ret_val(p_TCB, OS_R_OK);
+#endif
+      p_CB->msg[p_CB->first] = p_TCB->msg;
+      rt_inc (&p_CB->count);
+      if (++p_CB->first == p_CB->size) {
+        p_CB->first = 0;
+      }
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+    case 1:
+      /* Task is waiting for a message, pass the message to the task directly */
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_TCB, 0x10/*osEventMessage*/, (U32)p_msg);
+#else
+      *p_TCB->msg = p_msg;
+      rt_ret_val (p_TCB, OS_R_MBX);
+#endif
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+  } else {
+      /* No task is waiting for a message, store it to the mailbox queue */
+      if (p_CB->count < p_CB->size) {
+        p_CB->msg[p_CB->first] = p_msg;
+        rt_inc (&p_CB->count);
+        if (++p_CB->first == p_CB->size) {
+          p_CB->first = 0;
+        }
+      }
+      else {
+        os_error (OS_ERR_MBX_OVF);
+      }
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Mailbox.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,48 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MAILBOX.H
+ *      Purpose: Implements waits and wake-ups for mailbox messages
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_mbx_init  (OS_ID mailbox, U16 mbx_size);
+extern OS_RESULT rt_mbx_send  (OS_ID mailbox, void *p_msg,    U16 timeout);
+extern OS_RESULT rt_mbx_wait  (OS_ID mailbox, void **message, U16 timeout);
+extern OS_RESULT rt_mbx_check (OS_ID mailbox);
+extern void      isr_mbx_send (OS_ID mailbox, void *p_msg);
+extern OS_RESULT isr_mbx_receive (OS_ID mailbox, void **message);
+extern void      rt_mbx_psh   (P_MCB p_CB,    void *p_msg);
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_MemBox.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,166 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MEMBOX.C
+ *      Purpose: Interface functions for fixed memory block management system
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_MemBox.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- _init_box -------------------------------------*/
+
+int _init_box  (void *box_mem, U32 box_size, U32 blk_size) {
+  /* Initialize memory block system, returns 0 if OK, 1 if fails. */
+  void *end;
+  void *blk;
+  void *next;
+  U32  sizeof_bm;
+
+  /* Create memory structure. */
+  if (blk_size & BOX_ALIGN_8) {
+    /* Memory blocks 8-byte aligned. */
+    blk_size = ((blk_size & ~BOX_ALIGN_8) + 7) & ~7;
+    sizeof_bm = (sizeof (struct OS_BM) + 7) & ~7;
+  }
+  else {
+    /* Memory blocks 4-byte aligned. */
+    blk_size = (blk_size + 3) & ~3;
+    sizeof_bm = sizeof (struct OS_BM);
+  }
+  if (blk_size == 0) {
+    return (1);
+  }
+  if ((blk_size + sizeof_bm) > box_size) {
+    return (1);
+  }
+  /* Create a Memory structure. */
+  blk = ((U8 *) box_mem) + sizeof_bm;
+  ((P_BM) box_mem)->free = blk;
+  end = ((U8 *) box_mem) + box_size;
+  ((P_BM) box_mem)->end      = end;
+  ((P_BM) box_mem)->blk_size = blk_size;
+
+  /* Link all free blocks using offsets. */
+  end = ((U8 *) end) - blk_size;
+  while (1)  {
+    next = ((U8 *) blk) + blk_size;
+    if (next > end)  break;
+    *((void **)blk) = next;
+    blk = next;
+  }
+  /* end marker */
+  *((void **)blk) = 0;
+  return (0);
+}
+
+/*--------------------------- rt_alloc_box ----------------------------------*/
+
+void *rt_alloc_box (void *box_mem) {
+  /* Allocate a memory block and return start address. */
+  void **free;
+#ifndef __USE_EXCLUSIVE_ACCESS
+  int  irq_dis;
+
+  irq_dis = __disable_irq ();
+  free = ((P_BM) box_mem)->free;
+  if (free) {
+    ((P_BM) box_mem)->free = *free;
+  }
+  if (!irq_dis) __enable_irq ();
+#else
+  do {
+    if ((free = (void **)__ldrex(&((P_BM) box_mem)->free)) == 0) {
+      __clrex();
+      break;
+    }
+  } while (__strex((U32)*free, &((P_BM) box_mem)->free));
+#endif
+  return (free);
+}
+
+
+/*--------------------------- _calloc_box -----------------------------------*/
+
+void *_calloc_box (void *box_mem)  {
+  /* Allocate a 0-initialized memory block and return start address. */
+  void *free;
+  U32 *p;
+  U32 i;
+
+  free = _alloc_box (box_mem);
+  if (free)  {
+    p = free;
+    for (i = ((P_BM) box_mem)->blk_size; i; i -= 4)  {
+      *p = 0;
+      p++;
+    }
+  }
+  return (free);
+}
+
+
+/*--------------------------- rt_free_box -----------------------------------*/
+
+int rt_free_box (void *box_mem, void *box) {
+  /* Free a memory block, returns 0 if OK, 1 if box does not belong to box_mem */
+#ifndef __USE_EXCLUSIVE_ACCESS
+  int irq_dis;
+#endif
+
+  if (box < box_mem || box >= ((P_BM) box_mem)->end) {
+    return (1);
+  }
+
+#ifndef __USE_EXCLUSIVE_ACCESS
+  irq_dis = __disable_irq ();
+  *((void **)box) = ((P_BM) box_mem)->free;
+  ((P_BM) box_mem)->free = box;
+  if (!irq_dis) __enable_irq ();
+#else
+  do {
+    *((void **)box) = (void *)__ldrex(&((P_BM) box_mem)->free);
+  } while (__strex ((U32)box, &((P_BM) box_mem)->free));
+#endif
+  return (0);
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_MemBox.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MEMBOX.H
+ *      Purpose: Interface functions for fixed memory block management system
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+#define rt_init_box     _init_box
+#define rt_calloc_box   _calloc_box
+extern int     _init_box   (void *box_mem, U32 box_size, U32 blk_size);
+extern void *rt_alloc_box  (void *box_mem);
+extern void *  _calloc_box (void *box_mem);
+extern int   rt_free_box   (void *box_mem, void *box);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Mutex.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,197 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MUTEX.C
+ *      Purpose: Implements mutex synchronization objects
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Mutex.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_mut_init -----------------------------------*/
+
+void rt_mut_init (OS_ID mutex) {
+  /* Initialize a mutex object */
+  P_MUCB p_MCB = mutex;
+
+  p_MCB->cb_type = MUCB;
+  p_MCB->prio    = 0;
+  p_MCB->level   = 0;
+  p_MCB->p_lnk   = NULL;
+  p_MCB->owner   = NULL;
+}
+
+
+/*--------------------------- rt_mut_delete ---------------------------------*/
+
+#ifdef __CMSIS_RTOS
+OS_RESULT rt_mut_delete (OS_ID mutex) {
+  /* Delete a mutex object */
+  P_MUCB p_MCB = mutex;
+  P_TCB  p_TCB;
+
+  /* Restore owner task's priority. */
+  if (p_MCB->level != 0) {
+    p_MCB->owner->prio = p_MCB->prio;
+    if (p_MCB->owner != os_tsk.run) {
+      rt_resort_prio (p_MCB->owner);
+    }
+  }
+
+  while (p_MCB->p_lnk != NULL) {
+    /* A task is waiting for mutex. */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+    rt_ret_val(p_TCB, 0/*osOK*/);
+    rt_rmv_dly(p_TCB);
+    p_TCB->state = READY;
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+
+  if (os_rdy.p_lnk && (os_rdy.p_lnk->prio > os_tsk.run->prio)) {
+    /* preempt running task */
+    rt_put_prio (&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_dispatch (NULL);
+  }
+
+  p_MCB->cb_type = 0;
+
+  return (OS_R_OK);
+}
+#endif
+
+
+/*--------------------------- rt_mut_release --------------------------------*/
+
+OS_RESULT rt_mut_release (OS_ID mutex) {
+  /* Release a mutex object */
+  P_MUCB p_MCB = mutex;
+  P_TCB  p_TCB;
+
+  if (p_MCB->level == 0 || p_MCB->owner != os_tsk.run) {
+    /* Unbalanced mutex release or task is not the owner */
+    return (OS_R_NOK);
+  }
+  if (--p_MCB->level != 0) {
+    return (OS_R_OK);
+  }
+  /* Restore owner task's priority. */
+  os_tsk.run->prio = p_MCB->prio;
+  if (p_MCB->p_lnk != NULL) {
+    /* A task is waiting for mutex. */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+    rt_ret_val(p_TCB, OS_R_MUT);
+#endif
+    rt_rmv_dly (p_TCB);
+    /* A waiting task becomes the owner of this mutex. */
+    p_MCB->level     = 1;
+    p_MCB->owner     = p_TCB;
+    p_MCB->prio      = p_TCB->prio;
+    /* Priority inversion, check which task continues. */
+    if (os_tsk.run->prio >= rt_rdy_prio()) {
+      rt_dispatch (p_TCB);
+    }
+    else {
+      /* Ready task has higher priority than running task. */
+      rt_put_prio (&os_rdy, os_tsk.run);
+      rt_put_prio (&os_rdy, p_TCB);
+      os_tsk.run->state = READY;
+      p_TCB->state      = READY;
+      rt_dispatch (NULL);
+    }
+  }
+  else {
+    /* Check if own priority raised by priority inversion. */
+    if (rt_rdy_prio() > os_tsk.run->prio) {
+      rt_put_prio (&os_rdy, os_tsk.run);
+      os_tsk.run->state = READY;
+      rt_dispatch (NULL);
+    }
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mut_wait -----------------------------------*/
+
+OS_RESULT rt_mut_wait (OS_ID mutex, U16 timeout) {
+  /* Wait for a mutex, continue when mutex is free. */
+  P_MUCB p_MCB = mutex;
+
+  if (p_MCB->level == 0) {
+    p_MCB->owner = os_tsk.run;
+    p_MCB->prio  = os_tsk.run->prio;
+    goto inc;
+  }
+  if (p_MCB->owner == os_tsk.run) {
+    /* OK, running task is the owner of this mutex. */
+inc:p_MCB->level++;
+    return (OS_R_OK);
+  }
+  /* Mutex owned by another task, wait until released. */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  /* Raise the owner task priority if lower than current priority. */
+  /* This priority inversion is called priority inheritance.       */
+  if (p_MCB->prio < os_tsk.run->prio) {
+    p_MCB->owner->prio = os_tsk.run->prio;
+    rt_resort_prio (p_MCB->owner);
+  }
+  if (p_MCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+  }
+  else {
+    p_MCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk  = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+  }
+  rt_block(timeout, WAIT_MUT);
+  return (OS_R_TMO);
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Mutex.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,44 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MUTEX.H
+ *      Purpose: Implements mutex synchronization objects
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_mut_init    (OS_ID mutex);
+extern OS_RESULT rt_mut_delete  (OS_ID mutex);
+extern OS_RESULT rt_mut_release (OS_ID mutex);
+extern OS_RESULT rt_mut_wait    (OS_ID mutex, U16 timeout);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Robin.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,84 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_ROBIN.C
+ *      Purpose: Round Robin Task switching
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+#include "rt_Robin.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+struct OS_ROBIN os_robin;
+
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+/*--------------------------- rt_init_robin ---------------------------------*/
+
+__weak void rt_init_robin (void) {
+  /* Initialize Round Robin variables. */
+  os_robin.task = NULL;
+  os_robin.tout = (U16)os_rrobin;
+}
+
+/*--------------------------- rt_chk_robin ----------------------------------*/
+
+__weak void rt_chk_robin (void) {
+  /* Check if Round Robin timeout expired and switch to the next ready task.*/
+  P_TCB p_new;
+
+  if (os_robin.task != os_rdy.p_lnk) {
+    /* New task was suspended, reset Round Robin timeout. */
+    os_robin.task = os_rdy.p_lnk;
+    os_robin.time = (U16)os_time + os_robin.tout - 1;
+  }
+  if (os_robin.time == (U16)os_time) {
+    /* Round Robin timeout has expired, swap Robin tasks. */
+    os_robin.task = NULL;
+    p_new = rt_get_first (&os_rdy);
+    rt_put_prio ((P_XCB)&os_rdy, p_new);
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Robin.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,45 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_ROBIN.H
+ *      Purpose: Round Robin Task switching definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+extern struct OS_ROBIN os_robin;
+
+/* Functions */
+extern void rt_init_robin (void);
+extern void rt_chk_robin  (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Semaphore.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,183 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SEMAPHORE.C
+ *      Purpose: Implements binary and counting semaphores
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Semaphore.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_sem_init -----------------------------------*/
+
+void rt_sem_init (OS_ID semaphore, U16 token_count) {
+  /* Initialize a semaphore */
+  P_SCB p_SCB = semaphore;
+
+  p_SCB->cb_type = SCB;
+  p_SCB->p_lnk  = NULL;
+  p_SCB->tokens = token_count;
+}
+
+
+/*--------------------------- rt_sem_delete ---------------------------------*/
+
+#ifdef __CMSIS_RTOS
+OS_RESULT rt_sem_delete (OS_ID semaphore) {
+  /* Delete semaphore */
+  P_SCB p_SCB = semaphore;
+  P_TCB p_TCB;
+
+  while (p_SCB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_SCB);
+    rt_ret_val(p_TCB, 0);
+    rt_rmv_dly(p_TCB);
+    p_TCB->state = READY;
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+
+  if (os_rdy.p_lnk && (os_rdy.p_lnk->prio > os_tsk.run->prio)) {
+    /* preempt running task */
+    rt_put_prio (&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_dispatch (NULL);
+  }
+
+  p_SCB->cb_type = 0;
+
+  return (OS_R_OK);
+}
+#endif
+
+
+/*--------------------------- rt_sem_send -----------------------------------*/
+
+OS_RESULT rt_sem_send (OS_ID semaphore) {
+  /* Return a token to semaphore */
+  P_SCB p_SCB = semaphore;
+  P_TCB p_TCB;
+
+  if (p_SCB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_SCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 1);
+#else
+    rt_ret_val(p_TCB, OS_R_SEM);
+#endif
+    rt_rmv_dly (p_TCB);
+    rt_dispatch (p_TCB);
+  }
+  else {
+    /* Store token. */
+    p_SCB->tokens++;
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_sem_wait -----------------------------------*/
+
+OS_RESULT rt_sem_wait (OS_ID semaphore, U16 timeout) {
+  /* Obtain a token; possibly wait for it */
+  P_SCB p_SCB = semaphore;
+
+  if (p_SCB->tokens) {
+    p_SCB->tokens--;
+    return (OS_R_OK);
+  }
+  /* No token available: wait for one */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  if (p_SCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_SCB, os_tsk.run);
+  }
+  else {
+    p_SCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_SCB;
+  }
+  rt_block(timeout, WAIT_SEM);
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- isr_sem_send ----------------------------------*/
+
+void isr_sem_send (OS_ID semaphore) {
+  /* Same function as "os_sem"send", but to be called by ISRs */
+  P_SCB p_SCB = semaphore;
+
+  rt_psq_enq (p_SCB, 0);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- rt_sem_psh ------------------------------------*/
+
+void rt_sem_psh (P_SCB p_CB) {
+  /* Check if task has to be waken up */
+  P_TCB p_TCB;
+
+  if (p_CB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_CB);
+    rt_rmv_dly (p_TCB);
+    p_TCB->state   = READY;
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 1);
+#else
+    rt_ret_val(p_TCB, OS_R_SEM);
+#endif
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+  else {
+    /* Store token */
+    p_CB->tokens++;
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Semaphore.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SEMAPHORE.H
+ *      Purpose: Implements binary and counting semaphores
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_sem_init  (OS_ID semaphore, U16 token_count);
+extern OS_RESULT rt_sem_delete(OS_ID semaphore);
+extern OS_RESULT rt_sem_send  (OS_ID semaphore);
+extern OS_RESULT rt_sem_wait  (OS_ID semaphore, U16 timeout);
+extern void      isr_sem_send (OS_ID semaphore);
+extern void      rt_sem_psh (P_SCB p_CB);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_System.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,293 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SYSTEM.C
+ *      Purpose: System Task Manager
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_Task.h"
+#include "rt_System.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Mailbox.h"
+#include "rt_Semaphore.h"
+#include "rt_Time.h"
+#include "rt_Robin.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+int os_tick_irqn;
+
+/*----------------------------------------------------------------------------
+ *      Local Variables
+ *---------------------------------------------------------------------------*/
+
+static volatile BIT os_lock;
+static volatile BIT os_psh_flag;
+static          U8  pend_flags;
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+#if defined (__CC_ARM)
+__asm void $$RTX$$version (void) {
+   /* Export a version number symbol for a version control. */
+
+                EXPORT  __RL_RTX_VER
+
+__RL_RTX_VER    EQU     0x450
+}
+#endif
+
+
+/*--------------------------- rt_suspend ------------------------------------*/
+U32 rt_suspend (void) {
+  /* Suspend OS scheduler */
+  U32 delta = 0xFFFF;
+
+  rt_tsk_lock();
+
+  if (os_dly.p_dlnk) {
+    delta = os_dly.delta_time;
+  }
+#ifndef __CMSIS_RTOS
+  if (os_tmr.next) {
+    if (os_tmr.tcnt < delta) delta = os_tmr.tcnt;
+  }
+#endif
+
+  return (delta);
+}
+
+
+/*--------------------------- rt_resume -------------------------------------*/
+void rt_resume (U32 sleep_time) {
+  /* Resume OS scheduler after suspend */
+  P_TCB next;
+  U32   delta;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  os_robin.task = NULL;
+
+  /* Update delays. */
+  if (os_dly.p_dlnk) {
+    delta = sleep_time;
+    if (delta >= os_dly.delta_time) {
+      delta   -= os_dly.delta_time;
+      os_time += os_dly.delta_time;
+      os_dly.delta_time = 1;
+      while (os_dly.p_dlnk) {
+        rt_dec_dly();
+        if (delta == 0) break;
+        delta--;
+        os_time++;
+      }
+    } else {
+      os_time           += delta;
+      os_dly.delta_time -= delta;
+    }
+  } else {
+    os_time += sleep_time;
+  }
+
+#ifndef __CMSIS_RTOS
+  /* Check the user timers. */
+  if (os_tmr.next) {
+    delta = sleep_time;
+    if (delta >= os_tmr.tcnt) {
+      delta   -= os_tmr.tcnt;
+      os_tmr.tcnt = 1;
+      while (os_tmr.next) {
+        rt_tmr_tick();
+        if (delta == 0) break;
+        delta--;
+      }
+    } else {
+      os_tmr.tcnt -= delta;
+    }
+  }
+#endif
+
+  /* Switch back to highest ready task */
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+
+  rt_tsk_unlock();
+}
+
+
+/*--------------------------- rt_tsk_lock -----------------------------------*/
+
+void rt_tsk_lock (void) {
+  /* Prevent task switching by locking out scheduler */
+    OS_X_LOCK(os_tick_irqn);
+    os_lock = __TRUE;
+    OS_X_UNPEND (&pend_flags);
+}
+
+
+/*--------------------------- rt_tsk_unlock ---------------------------------*/
+
+void rt_tsk_unlock (void) {
+  /* Unlock scheduler and re-enable task switching */
+    OS_X_UNLOCK(os_tick_irqn);
+    os_lock = __FALSE;
+    OS_X_PEND (pend_flags, os_psh_flag);
+    os_psh_flag = __FALSE;
+}
+
+
+/*--------------------------- rt_psh_req ------------------------------------*/
+
+void rt_psh_req (void) {
+  /* Initiate a post service handling request if required. */
+  if (os_lock == __FALSE) {
+    OS_PEND_IRQ ();
+  }
+  else {
+    os_psh_flag = __TRUE;
+  }
+}
+
+
+/*--------------------------- rt_pop_req ------------------------------------*/
+
+void rt_pop_req (void) {
+  /* Process an ISR post service requests. */
+  struct OS_XCB *p_CB;
+  P_TCB next;
+  U32  idx;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  idx = os_psq->last;
+  while (os_psq->count) {
+    p_CB = os_psq->q[idx].id;
+    if (p_CB->cb_type == TCB) {
+      /* Is of TCB type */
+      rt_evt_psh ((P_TCB)p_CB, (U16)os_psq->q[idx].arg);
+    }
+    else if (p_CB->cb_type == MCB) {
+      /* Is of MCB type */
+      rt_mbx_psh ((P_MCB)p_CB, (void *)os_psq->q[idx].arg);
+    }
+    else {
+      /* Must be of SCB type */
+      rt_sem_psh ((P_SCB)p_CB);
+    }
+    if (++idx == os_psq->size) idx = 0;
+    rt_dec (&os_psq->count);
+  }
+  os_psq->last = idx;
+
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+}
+
+
+/*--------------------------- os_tick_init ----------------------------------*/
+
+__weak int os_tick_init (void) {
+  /* Initialize SysTick timer as system tick timer. */
+  rt_systick_init ();
+  return (SYS_TICK_IRQn);  /* Return IRQ number of SysTick timer */
+}
+
+
+/*--------------------------- os_tick_irqack --------------------------------*/
+
+__weak void os_tick_irqack (void) {
+  /* Acknowledge timer interrupt. */
+}
+
+
+/*--------------------------- rt_systick ------------------------------------*/
+
+extern void sysTimerTick(void);
+
+void rt_systick (void) {
+  if(NVIC_Pending(SYS_TICK_IRQn)){
+    rt_pop_req();
+    NVIC_UnpendIRQ(SYS_TICK_IRQn);
+    SYS_TICK_TIMER->IR = 0xF; // clear timer interrupt
+    return;
+  }
+  /* Check for system clock update, suspend running task. */
+  P_TCB next;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  /* Check Round Robin timeout. */
+  rt_chk_robin ();
+
+  /* Update delays. */
+  os_time++;
+  rt_dec_dly ();
+
+  /* Check the user timers. */
+#ifdef __CMSIS_RTOS
+  sysTimerTick();
+#else
+  rt_tmr_tick ();
+#endif
+
+  /* Switch back to highest ready task */
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+  SYS_TICK_TIMER->IR = 0xF; // clear timer interrupt
+}
+
+/*--------------------------- rt_stk_check ----------------------------------*/
+__weak void rt_stk_check (void) {
+    /* Check for stack overflow. */
+    if (os_tsk.run->task_id == 0x01) {
+        // TODO: For the main thread the check should be done against the main heap pointer
+    } else {
+        if ((os_tsk.run->tsk_stack < (U32)os_tsk.run->stack) ||
+            (os_tsk.run->stack[0] != MAGIC_WORD)) {
+            os_error (OS_ERR_STK_OVF);
+        }
+    }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_System.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,52 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SYSTEM.H
+ *      Purpose: System Task Manager definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+#define os_psq  ((P_PSQ)&os_fifo)
+extern int os_tick_irqn;
+
+/* Functions */
+extern U32  rt_suspend    (void);
+extern void rt_resume     (U32 sleep_time);
+extern void rt_tsk_lock   (void);
+extern void rt_tsk_unlock (void);
+extern void rt_psh_req    (void);
+extern void rt_pop_req    (void);
+extern void rt_systick    (void);
+extern void rt_stk_check  (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Task.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,341 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TASK.C
+ *      Purpose: Task functions and system start up.
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_Task.h"
+#include "rt_List.h"
+#include "rt_MemBox.h"
+#include "rt_Robin.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* Running and next task info. */
+struct OS_TSK os_tsk;
+
+/* Task Control Blocks of idle demon */
+struct OS_TCB os_idle_TCB;
+
+
+/*----------------------------------------------------------------------------
+ *      Local Functions
+ *---------------------------------------------------------------------------*/
+
+OS_TID rt_get_TID (void) {
+  U32 tid;
+
+  for (tid = 1; tid <= os_maxtaskrun; tid++) {
+    if (os_active_TCB[tid-1] == NULL) {
+      return ((OS_TID)tid);
+    }
+  }
+  return (0);
+}
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+/*--------------------------- __user_perthread_libspace ---------------------*/
+extern void  *__libspace_start;
+
+void *__user_perthread_libspace (void) {
+  /* Provide a separate libspace for each task. */
+  if (os_tsk.run == NULL) {
+    /* RTX not running yet. */
+    return (&__libspace_start);
+  }
+  return (void *)(os_tsk.run->std_libspace);
+}
+#endif
+
+/*--------------------------- rt_init_context -------------------------------*/
+
+void rt_init_context (P_TCB p_TCB, U8 priority, FUNCP task_body) {
+  /* Initialize general part of the Task Control Block. */
+  p_TCB->cb_type = TCB;
+  p_TCB->state   = READY;
+  p_TCB->prio    = priority;
+  p_TCB->p_lnk   = NULL;
+  p_TCB->p_rlnk  = NULL;
+  p_TCB->p_dlnk  = NULL;
+  p_TCB->p_blnk  = NULL;
+  p_TCB->delta_time    = 0;
+  p_TCB->interval_time = 0;
+  p_TCB->events  = 0;
+  p_TCB->waits   = 0;
+  p_TCB->stack_frame = 0;
+
+  rt_init_stack (p_TCB, task_body);
+}
+
+
+/*--------------------------- rt_switch_req ---------------------------------*/
+
+void rt_switch_req (P_TCB p_new) {
+  /* Switch to next task (identified by "p_new"). */
+  os_tsk.new_tsk   = p_new;
+  p_new->state = RUNNING;
+  DBG_TASK_SWITCH(p_new->task_id);
+}
+
+
+/*--------------------------- rt_dispatch -----------------------------------*/
+
+void rt_dispatch (P_TCB next_TCB) {
+  /* Dispatch next task if any identified or dispatch highest ready task    */
+  /* "next_TCB" identifies a task to run or has value NULL (=no next task)  */
+  if (next_TCB == NULL) {
+    /* Running task was blocked: continue with highest ready task */
+    next_TCB = rt_get_first (&os_rdy);
+    rt_switch_req (next_TCB);
+  }
+  else {
+    /* Check which task continues */
+    if (next_TCB->prio > os_tsk.run->prio) {
+      /* preempt running task */
+      rt_put_rdy_first (os_tsk.run);
+      os_tsk.run->state = READY;
+      rt_switch_req (next_TCB);
+    }
+    else {
+      /* put next task into ready list, no task switch takes place */
+      next_TCB->state = READY;
+      rt_put_prio (&os_rdy, next_TCB);
+    }
+  }
+}
+
+
+/*--------------------------- rt_block --------------------------------------*/
+
+void rt_block (U16 timeout, U8 block_state) {
+  /* Block running task and choose next ready task.                         */
+  /* "timeout" sets a time-out value or is 0xffff (=no time-out).           */
+  /* "block_state" defines the appropriate task state */
+  P_TCB next_TCB;
+
+  if (timeout) {
+    if (timeout < 0xffff) {
+      rt_put_dly (os_tsk.run, timeout);
+    }
+    os_tsk.run->state = block_state;
+    next_TCB = rt_get_first (&os_rdy);
+    rt_switch_req (next_TCB);
+  }
+}
+
+
+/*--------------------------- rt_tsk_pass -----------------------------------*/
+
+void rt_tsk_pass (void) {
+  /* Allow tasks of same priority level to run cooperatively.*/
+  P_TCB p_new;
+
+  p_new = rt_get_same_rdy_prio();
+  if (p_new != NULL) {
+    rt_put_prio ((P_XCB)&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_switch_req (p_new);
+  }
+}
+
+
+/*--------------------------- rt_tsk_self -----------------------------------*/
+
+OS_TID rt_tsk_self (void) {
+  /* Return own task identifier value. */
+  if (os_tsk.run == NULL) {
+    return (0);
+  }
+  return (os_tsk.run->task_id);
+}
+
+
+/*--------------------------- rt_tsk_prio -----------------------------------*/
+
+OS_RESULT rt_tsk_prio (OS_TID task_id, U8 new_prio) {
+  /* Change execution priority of a task to "new_prio". */
+  P_TCB p_task;
+
+  if (task_id == 0) {
+    /* Change execution priority of calling task. */
+    os_tsk.run->prio = new_prio;
+run:if (rt_rdy_prio() > new_prio) {
+      rt_put_prio (&os_rdy, os_tsk.run);
+      os_tsk.run->state   = READY;
+      rt_dispatch (NULL);
+    }
+    return (OS_R_OK);
+  }
+
+  /* Find the task in the "os_active_TCB" array. */
+  if (task_id > os_maxtaskrun || os_active_TCB[task_id-1] == NULL) {
+    /* Task with "task_id" not found or not started. */
+    return (OS_R_NOK);
+  }
+  p_task = os_active_TCB[task_id-1];
+  p_task->prio = new_prio;
+  if (p_task == os_tsk.run) {
+    goto run;
+  }
+  rt_resort_prio (p_task);
+  if (p_task->state == READY) {
+    /* Task enqueued in a ready list. */
+    p_task = rt_get_first (&os_rdy);
+    rt_dispatch (p_task);
+  }
+  return (OS_R_OK);
+}
+
+/*--------------------------- rt_tsk_delete ---------------------------------*/
+
+OS_RESULT rt_tsk_delete (OS_TID task_id) {
+  /* Terminate the task identified with "task_id". */
+  P_TCB task_context;
+
+  if (task_id == 0 || task_id == os_tsk.run->task_id) {
+    /* Terminate itself. */
+    os_tsk.run->state     = INACTIVE;
+    os_tsk.run->tsk_stack = 0;
+    rt_stk_check ();
+    os_active_TCB[os_tsk.run->task_id-1] = NULL;
+
+    os_tsk.run->stack = NULL;
+    DBG_TASK_NOTIFY(os_tsk.run, __FALSE);
+    os_tsk.run = NULL;
+    rt_dispatch (NULL);
+    /* The program should never come to this point. */
+  }
+  else {
+    /* Find the task in the "os_active_TCB" array. */
+    if (task_id > os_maxtaskrun || os_active_TCB[task_id-1] == NULL) {
+      /* Task with "task_id" not found or not started. */
+      return (OS_R_NOK);
+    }
+    task_context = os_active_TCB[task_id-1];
+    rt_rmv_list (task_context);
+    rt_rmv_dly (task_context);
+    os_active_TCB[task_id-1] = NULL;
+
+    task_context->stack = NULL;
+    DBG_TASK_NOTIFY(task_context, __FALSE);
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_sys_init -----------------------------------*/
+
+#ifdef __CMSIS_RTOS
+void rt_sys_init (void) {
+#else
+void rt_sys_init (FUNCP first_task, U32 prio_stksz, void *stk) {
+#endif
+  /* Initialize system and start up task declared with "first_task". */
+  U32 i;
+
+  DBG_INIT();
+
+  /* Initialize dynamic memory and task TCB pointers to NULL. */
+  for (i = 0; i < os_maxtaskrun; i++) {
+    os_active_TCB[i] = NULL;
+  }
+
+  /* Set up TCB of idle demon */
+  os_idle_TCB.task_id = 255;
+  os_idle_TCB.priv_stack = idle_task_stack_size;
+  os_idle_TCB.stack = idle_task_stack;
+  rt_init_context (&os_idle_TCB, 0, os_idle_demon);
+
+  /* Set up ready list: initially empty */
+  os_rdy.cb_type = HCB;
+  os_rdy.p_lnk   = NULL;
+  /* Set up delay list: initially empty */
+  os_dly.cb_type = HCB;
+  os_dly.p_dlnk  = NULL;
+  os_dly.p_blnk  = NULL;
+  os_dly.delta_time = 0;
+
+  /* Fix SP and systemvariables to assume idle task is running  */
+  /* Transform main program into idle task by assuming idle TCB */
+#ifndef __CMSIS_RTOS
+  rt_set_PSP (os_idle_TCB.tsk_stack);
+#endif
+  os_tsk.run = &os_idle_TCB;
+  os_tsk.run->state = RUNNING;
+
+  /* Initialize ps queue */
+  os_psq->first = 0;
+  os_psq->last  = 0;
+  os_psq->size  = os_fifo_size;
+
+  rt_init_robin ();
+
+  /* Intitialize SVC and PendSV */
+  rt_svc_init ();
+
+#ifndef __CMSIS_RTOS
+  /* Intitialize and start system clock timer */
+  os_tick_irqn = os_tick_init ();
+  if (os_tick_irqn >= 0) {
+    OS_X_INIT(os_tick_irqn);
+  }
+
+  /* Start up first user task before entering the endless loop */
+  rt_tsk_create (first_task, prio_stksz, stk, NULL);
+#endif
+}
+
+
+/*--------------------------- rt_sys_start ----------------------------------*/
+
+#ifdef __CMSIS_RTOS
+void rt_sys_start (void) {
+  /* Start system */
+
+  /* Intitialize and start system clock timer */
+  os_tick_irqn = os_tick_init ();
+  if (os_tick_irqn >= 0) {
+    OS_X_INIT(os_tick_irqn);
+  }
+  extern void RestoreContext();
+  RestoreContext(); // Start the first task
+}
+#endif
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Task.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,73 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TASK.H
+ *      Purpose: Task functions and system start up.
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+#define __CMSIS_RTOS    1
+
+/* Values for 'state'   */
+#define INACTIVE        0
+#define READY           1
+#define RUNNING         2
+#define WAIT_DLY        3
+#define WAIT_ITV        4
+#define WAIT_OR         5
+#define WAIT_AND        6
+#define WAIT_SEM        7
+#define WAIT_MBX        8
+#define WAIT_MUT        9
+
+/* Return codes */
+#define OS_R_TMO        0x01
+#define OS_R_EVT        0x02
+#define OS_R_SEM        0x03
+#define OS_R_MBX        0x04
+#define OS_R_MUT        0x05
+
+#define OS_R_OK         0x00
+#define OS_R_NOK        0xff
+
+/* Variables */
+extern struct OS_TSK os_tsk;
+extern struct OS_TCB os_idle_TCB;
+
+/* Functions */
+extern void      rt_switch_req (P_TCB p_new);
+extern void      rt_dispatch   (P_TCB next_TCB);
+extern void      rt_block      (U16 timeout, U8 block_state);
+extern void      rt_tsk_pass   (void);
+extern OS_TID    rt_tsk_self   (void);
+extern OS_RESULT rt_tsk_prio   (OS_TID task_id, U8 new_prio);
+extern OS_RESULT rt_tsk_delete (OS_TID task_id);
+extern void      rt_sys_init   (void);
+extern void      rt_sys_start  (void);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Time.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,94 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TIME.C
+ *      Purpose: Delay and interval wait functions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* Free running system tick counter */
+U32 os_time;
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_time_get -----------------------------------*/
+
+U32 rt_time_get (void) {
+  /* Get system time tick */
+  return (os_time);
+}
+
+
+/*--------------------------- rt_dly_wait -----------------------------------*/
+
+void rt_dly_wait (U16 delay_time) {
+  /* Delay task by "delay_time" */
+  rt_block (delay_time, WAIT_DLY);
+}
+
+
+/*--------------------------- rt_itv_set ------------------------------------*/
+
+void rt_itv_set (U16 interval_time) {
+  /* Set interval length and define start of first interval */
+  os_tsk.run->interval_time = interval_time;
+  os_tsk.run->delta_time = interval_time + (U16)os_time;
+}
+
+
+/*--------------------------- rt_itv_wait -----------------------------------*/
+
+void rt_itv_wait (void) {
+  /* Wait for interval end and define start of next one */
+  U16 delta;
+
+  delta = os_tsk.run->delta_time - (U16)os_time;
+  os_tsk.run->delta_time += os_tsk.run->interval_time;
+  if ((delta & 0x8000) == 0) {
+    rt_block (delta, WAIT_ITV);
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_Time.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,47 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TIME.H
+ *      Purpose: Delay and interval wait functions definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+extern U32 os_time;
+
+/* Functions */
+extern U32  rt_time_get (void);
+extern void rt_dly_wait (U16 delay_time);
+extern void rt_itv_set  (U16 interval_time);
+extern void rt_itv_wait (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_ARM7/rt_TypeDef.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,128 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TYPEDEF.H
+ *      Purpose: Type Definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+#ifndef RT_TYPE_DEF_H
+#define RT_TYPE_DEF_H
+
+#include "os_tcb.h"
+
+typedef U32     OS_TID;
+typedef void    *OS_ID;
+typedef U32     OS_RESULT;
+
+#define TCB_STACKF      32        /* 'stack_frame' offset                    */
+#define TCB_TSTACK      40        /* 'tsk_stack' offset                      */
+
+typedef struct OS_PSFE {          /* Post Service Fifo Entry                 */
+  void  *id;                      /* Object Identification                   */
+  U32    arg;                     /* Object Argument                         */
+} *P_PSFE;
+
+typedef struct OS_PSQ {           /* Post Service Queue                      */
+  U8     first;                   /* FIFO Head Index                         */
+  U8     last;                    /* FIFO Tail Index                         */
+  U8     count;                   /* Number of stored items in FIFO          */
+  U8     size;                    /* FIFO Size                               */
+  struct OS_PSFE q[1];            /* FIFO Content                            */
+} *P_PSQ;
+
+typedef struct OS_TSK {
+  P_TCB  run;                     /* Current running task                    */
+  P_TCB  new_tsk;                 /* Scheduled task to run                   */
+} *P_TSK;
+
+typedef struct OS_ROBIN {         /* Round Robin Control                     */
+  P_TCB  task;                    /* Round Robin task                        */
+  U16    time;                    /* Round Robin switch time                 */
+  U16    tout;                    /* Round Robin timeout                     */
+} *P_ROBIN;
+
+typedef struct OS_XCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  struct OS_TCB *p_lnk;           /* Link pointer for ready/sem. wait list   */
+  struct OS_TCB *p_rlnk;          /* Link pointer for sem./mbx lst backwards */
+  struct OS_TCB *p_dlnk;          /* Link pointer for delay list             */
+  struct OS_TCB *p_blnk;          /* Link pointer for delay list backwards   */
+  U16    delta_time;              /* Time until time out                     */
+} *P_XCB;
+
+typedef struct OS_MCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     state;                   /* State flag variable                     */
+  U8     isr_st;                  /* State flag variable for isr functions   */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for message      */
+  U16    first;                   /* Index of the message list begin         */
+  U16    last;                    /* Index of the message list end           */
+  U16    count;                   /* Actual number of stored messages        */
+  U16    size;                    /* Maximum number of stored messages       */
+  void   *msg[1];                 /* FIFO for Message pointers 1st element   */
+} *P_MCB;
+
+typedef struct OS_SCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     mask;                    /* Semaphore token mask                    */
+  U16    tokens;                  /* Semaphore tokens                        */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for tokens       */
+} *P_SCB;
+
+typedef struct OS_MUCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     prio;                    /* Owner task default priority             */
+  U16    level;                   /* Call nesting level                      */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for mutex        */
+  struct OS_TCB *owner;           /* Mutex owner task                        */
+} *P_MUCB;
+
+typedef struct OS_XTMR {
+  struct OS_TMR  *next;
+  U16    tcnt;
+} *P_XTMR;
+
+typedef struct OS_TMR {
+  struct OS_TMR  *next;           /* Link pointer to Next timer              */
+  U16    tcnt;                    /* Timer delay count                       */
+  U16    info;                    /* User defined call info                  */
+} *P_TMR;
+
+typedef struct OS_BM {
+  void *free;                     /* Pointer to first free memory block      */
+  void *end;                      /* Pointer to memory block end             */
+  U32  blk_size;                  /* Memory block size                       */
+} *P_BM;
+
+/* Definitions */
+#define __TRUE          1
+#define __FALSE         0
+#define NULL            ((void *) 0)
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/HAL_CA.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,124 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CA.C
+ *      Purpose: Hardware Abstraction Layer for Cortex-A
+ *      Rev.:
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 2012 ARM Limited
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_HAL_CA.h"
+
+/*--------------------------- os_init_context -------------------------------*/
+
+void rt_init_stack (P_TCB p_TCB, FUNCP task_body) {
+  /* Prepare TCB and saved context for a first time start of a task. */
+  U32 *stk,i,size;
+
+  /* Prepare a complete interrupt frame for first task start */
+  size = p_TCB->priv_stack >> 2;
+  if (size == 0) {
+    size = (U16)os_stackinfo >> 2;
+  }
+  /* Write to the top of stack. */
+  stk = &p_TCB->stack[size];
+
+  /* Auto correct to 8-byte ARM stack alignment. */
+  if ((U32)stk & 0x04) {
+    stk--;
+  }
+
+  stk -= 16;
+
+  /* Initial PC and default CPSR */
+  stk[14] = (U32)task_body;
+  /* Task run mode is inherited from the startup file. */
+  /*  (non-privileged USER or privileged SYSTEM mode)  */
+  stk[15] = (os_flags & 1) ? INIT_CPSR_SYS : INIT_CPSR_USER;
+  /* Set T-bit if task function in Thumb mode. */
+  if ((U32)task_body & 1) {
+    stk[15] |= CPSR_T_BIT;
+  }
+  /* Assign a void pointer to R0. */
+  stk[8]  = (U32)p_TCB->msg;
+  /* Clear R1-R12,LR registers. */
+  for (i = 0; i < 8; i++) {
+    stk[i] = 0;
+  }
+  for (i = 9; i < 14; i++) {
+    stk[i] = 0;
+  }
+
+  /* Initial Task stack pointer. */
+  p_TCB->tsk_stack = (U32)stk;
+
+  /* Task entry point. */
+  p_TCB->ptask = task_body;
+
+  /* Set a magic word for checking of stack overflow. */
+  p_TCB->stack[0] = MAGIC_WORD;
+}
+
+
+/*--------------------------- rt_ret_val ----------------------------------*/
+
+static __inline U32 *rt_ret_regs (P_TCB p_TCB) {
+  /* Get pointer to task return value registers (R0..R3) in Stack */
+  if (p_TCB->stack_frame & 0x4) {
+    /* NEON/D32 Stack Frame: D0-31,FPSCR,Reserved,R4-R11,R0-R3,R12,LR,PC,xPSR */
+    return (U32 *)(p_TCB->tsk_stack + 8*4 + 2*4 + 32*8);
+  } else if (p_TCB->stack_frame & 0x2) {
+    /* VFP/D16 Stack Frame: D0-D15/S0-31,FPSCR,Reserved,R4-R11,R0-R3,R12,LR,PC,xPSR */
+    return (U32 *)(p_TCB->tsk_stack + 8*4 + 2*4 + 32*4);
+  } else {
+    /* Basic Stack Frame: R4-R11,R0-R3,R12,LR,PC,xPSR */
+    return (U32 *)(p_TCB->tsk_stack + 8*4);
+  }
+}
+
+void rt_ret_val (P_TCB p_TCB, U32 v0) {
+  U32 *ret;
+
+  ret = rt_ret_regs(p_TCB);
+  ret[0] = v0;
+}
+
+void rt_ret_val2(P_TCB p_TCB, U32 v0, U32 v1) {
+  U32 *ret;
+
+  ret = rt_ret_regs(p_TCB);
+  ret[0] = v0;
+  ret[1] = v1;
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/RTX_CM_lib.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,546 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_CM_LIB.H
+ *      Purpose: RTX Kernel System Configuration
+ *      Rev.:    V4.73
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#if   defined (__CC_ARM)
+#pragma O3
+#define __USED __attribute__((used))
+#elif defined (__GNUC__)
+#pragma GCC optimize ("O3")
+#define __USED __attribute__((used))
+#elif defined (__ICCARM__)
+#define __USED __root
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Definitions
+ *---------------------------------------------------------------------------*/
+
+#define _declare_box(pool,size,cnt)  uint32_t pool[(((size)+3)/4)*(cnt) + 3]
+#define _declare_box8(pool,size,cnt) uint64_t pool[(((size)+7)/8)*(cnt) + 2]
+
+#define OS_TCB_SIZE     52
+#define OS_TMR_SIZE     8
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+
+typedef void    *OS_ID;
+typedef uint32_t OS_TID;
+typedef uint32_t OS_MUT[4];
+typedef uint32_t OS_RESULT;
+
+#define runtask_id()    rt_tsk_self()
+#define mutex_init(m)   rt_mut_init(m)
+#define mutex_wait(m)   os_mut_wait(m,0xFFFF)
+#define mutex_rel(m)    os_mut_release(m)
+
+extern OS_TID    rt_tsk_self    (void);
+extern void      rt_mut_init    (OS_ID mutex);
+extern OS_RESULT rt_mut_release (OS_ID mutex);
+extern OS_RESULT rt_mut_wait    (OS_ID mutex, uint16_t timeout);
+
+#define os_mut_wait(mutex,timeout) _os_mut_wait((uint32_t)rt_mut_wait,mutex,timeout)
+#define os_mut_release(mutex)      _os_mut_release((uint32_t)rt_mut_release,mutex)
+
+OS_RESULT _os_mut_release (uint32_t p, OS_ID mutex)                   __svc_indirect(0);
+OS_RESULT _os_mut_wait    (uint32_t p, OS_ID mutex, uint16_t timeout) __svc_indirect(0);
+
+#elif defined (__ICCARM__)
+
+typedef void    *OS_ID;
+typedef uint32_t OS_TID;
+typedef uint32_t OS_MUT[4];
+typedef uint32_t OS_RESULT;
+
+#define runtask_id()    rt_tsk_self()
+#define mutex_init(m)   rt_mut_init(m)
+#define mutex_del(m)    os_mut_delete(m)
+#define mutex_wait(m)   os_mut_wait(m,0xFFFF)
+#define mutex_rel(m)    os_mut_release(m)
+
+extern OS_TID    rt_tsk_self    (void);
+extern void      rt_mut_init    (OS_ID mutex);
+extern OS_RESULT rt_mut_delete  (OS_ID mutex);
+extern OS_RESULT rt_mut_release (OS_ID mutex);
+extern OS_RESULT rt_mut_wait    (OS_ID mutex, uint16_t timeout);
+
+#pragma swi_number=0
+__swi OS_RESULT _os_mut_delete  (OS_ID mutex);
+
+static inline OS_RESULT os_mut_delete(OS_ID mutex)
+{
+    __asm("mov r12,%0\n" :: "r"(&rt_mut_delete) : "r12" );
+    return _os_mut_delete(mutex);
+}
+
+#pragma swi_number=0
+__swi OS_RESULT _os_mut_release (OS_ID mutex);
+
+static inline OS_RESULT os_mut_release(OS_ID mutex)
+{
+    __asm("mov r12,%0\n" :: "r"(&rt_mut_release) : "r12" );
+    return _os_mut_release(mutex);
+}
+
+#pragma swi_number=0
+__swi OS_RESULT _os_mut_wait    (OS_ID mutex, uint16_t timeout);
+
+static inline OS_RESULT os_mut_wait(OS_ID mutex, uint16_t timeout)
+{
+    __asm("mov r12,%0\n" :: "r"(&rt_mut_wait) : "r12" );
+    return _os_mut_wait(mutex, timeout);
+}
+
+#include <yvals.h> /* for include DLib_Thread.h */
+
+void __iar_system_Mtxinit(__iar_Rmtx *);
+void __iar_system_Mtxdst(__iar_Rmtx *);
+void __iar_system_Mtxlock(__iar_Rmtx *);
+void __iar_system_Mtxunlock(__iar_Rmtx *);
+
+
+
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+#if (OS_TIMERS != 0)
+#define OS_TASK_CNT (OS_TASKCNT + 1)
+#ifndef __MBED_CMSIS_RTOS_CA9
+#define OS_PRIV_CNT (OS_PRIVCNT + 2)
+#define OS_STACK_SZ (4*(OS_PRIVSTKSIZE+OS_MAINSTKSIZE+OS_TIMERSTKSZ))
+#endif
+#else
+#define OS_TASK_CNT  OS_TASKCNT
+#ifndef __MBED_CMSIS_RTOS_CA9
+#define OS_PRIV_CNT (OS_PRIVCNT + 1)
+#define OS_STACK_SZ (4*(OS_PRIVSTKSIZE+OS_MAINSTKSIZE))
+#endif
+#endif
+
+uint16_t const os_maxtaskrun = OS_TASK_CNT;
+#ifdef __MBED_CMSIS_RTOS_CA9
+uint32_t const os_stackinfo  = (OS_STKCHECK<<24)| (OS_IDLESTKSIZE*4);
+#else
+uint32_t const os_stackinfo  = (OS_STKCHECK<<24)| (OS_PRIV_CNT<<16) | (OS_STKSIZE*4);
+#endif
+uint32_t const os_rrobin     = (OS_ROBIN << 16) | OS_ROBINTOUT;
+uint32_t const os_tickfreq   = OS_CLOCK;
+uint16_t const os_tickus_i   = OS_CLOCK/1000000;
+uint16_t const os_tickus_f   = (((uint64_t)(OS_CLOCK-1000000*(OS_CLOCK/1000000)))<<16)/1000000;
+uint32_t const os_trv        = OS_TRV;
+uint8_t  const os_flags      = OS_RUNPRIV;
+
+/* Export following defines to uVision debugger. */
+__USED uint32_t const CMSIS_RTOS_API_Version = osCMSIS;
+__USED uint32_t const CMSIS_RTOS_RTX_Version = osCMSIS_RTX;
+__USED uint32_t const os_clockrate = OS_TICK;
+__USED uint32_t const os_timernum  = 0;
+
+/* Memory pool for TCB allocation    */
+_declare_box  (mp_tcb, OS_TCB_SIZE, OS_TASK_CNT);
+uint16_t const mp_tcb_size = sizeof(mp_tcb);
+
+#ifdef __MBED_CMSIS_RTOS_CA9
+/* Memory pool for os_idle_demon stack allocation. */
+_declare_box8 (mp_stk, OS_IDLESTKSIZE*4, 1);
+uint32_t const mp_stk_size = sizeof(mp_stk);
+#else
+/* Memory pool for System stack allocation (+os_idle_demon). */
+_declare_box8 (mp_stk, OS_STKSIZE*4, OS_TASK_CNT-OS_PRIV_CNT+1);
+uint32_t const mp_stk_size = sizeof(mp_stk);
+
+/* Memory pool for user specified stack allocation (+main, +timer) */
+uint64_t       os_stack_mem[2+OS_PRIV_CNT+(OS_STACK_SZ/8)];
+uint32_t const os_stack_sz = sizeof(os_stack_mem);
+#endif
+
+#ifndef OS_FIFOSZ
+ #define OS_FIFOSZ      16
+#endif
+
+/* Fifo Queue buffer for ISR requests.*/
+uint32_t       os_fifo[OS_FIFOSZ*2+1];
+uint8_t  const os_fifo_size = OS_FIFOSZ;
+
+/* An array of Active task pointers. */
+void *os_active_TCB[OS_TASK_CNT];
+
+/* User Timers Resources */
+#if (OS_TIMERS != 0)
+extern void osTimerThread (void const *argument);
+#ifdef __MBED_CMSIS_RTOS_CA9
+osThreadDef(osTimerThread, (osPriority)(OS_TIMERPRIO-3), 4*OS_TIMERSTKSZ);
+#else
+osThreadDef(osTimerThread, (osPriority)(OS_TIMERPRIO-3), 1, 4*OS_TIMERSTKSZ);
+#endif
+osThreadId osThreadId_osTimerThread;
+osMessageQDef(osTimerMessageQ, OS_TIMERCBQS, void *);
+osMessageQId osMessageQId_osTimerMessageQ;
+#else
+osThreadDef_t os_thread_def_osTimerThread = { NULL };
+osThreadId osThreadId_osTimerThread;
+osMessageQDef(osTimerMessageQ, 0, void *);
+osMessageQId osMessageQId_osTimerMessageQ;
+#endif
+
+/* Legacy RTX User Timers not used */
+uint32_t       os_tmr = 0;
+uint32_t const *m_tmr = NULL;
+uint16_t const mp_tmr_size = 0;
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+ /* A memory space for arm standard library. */
+ static uint32_t std_libspace[OS_TASK_CNT][96/4];
+ static OS_MUT   std_libmutex[OS_MUTEXCNT];
+ static uint32_t nr_mutex;
+ extern void  *__libspace_start;
+#elif defined (__ICCARM__)
+typedef struct os_mut_array {
+    OS_MUT   mutex;
+    uint32_t used;
+} os_mut_array_t;
+
+static os_mut_array_t std_libmutex[OS_MUTEXCNT];/* must be Zero clear */
+static uint32_t nr_mutex = 0;
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      RTX Optimizations (empty functions)
+ *---------------------------------------------------------------------------*/
+
+#if OS_ROBIN == 0
+ void rt_init_robin (void) {;}
+ void rt_chk_robin  (void) {;}
+#endif
+
+#if OS_STKCHECK == 0
+ void rt_stk_check  (void) {;}
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Standard Library multithreading interface
+ *---------------------------------------------------------------------------*/
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+
+/*--------------------------- __user_perthread_libspace ---------------------*/
+
+void *__user_perthread_libspace (void) {
+  /* Provide a separate libspace for each task. */
+  uint32_t idx;
+
+  idx = runtask_id ();
+  if (idx == 0) {
+    /* RTX not running yet. */
+    return (&__libspace_start);
+  }
+  return ((void *)&std_libspace[idx-1]);
+}
+
+/*--------------------------- _mutex_initialize -----------------------------*/
+
+int _mutex_initialize (OS_ID *mutex) {
+  /* Allocate and initialize a system mutex. */
+
+  if (nr_mutex >= OS_MUTEXCNT) {
+    /* If you are here, you need to increase the number OS_MUTEXCNT. */
+    for (;;);
+  }
+  *mutex = &std_libmutex[nr_mutex++];
+  mutex_init (*mutex);
+  return (1);
+}
+
+
+/*--------------------------- _mutex_acquire --------------------------------*/
+
+__attribute__((used)) void _mutex_acquire (OS_ID *mutex) {
+  /* Acquire a system mutex, lock stdlib resources. */
+  if (runtask_id ()) {
+    /* RTX running, acquire a mutex. */
+    mutex_wait (*mutex);
+  }
+}
+
+
+/*--------------------------- _mutex_release --------------------------------*/
+
+__attribute__((used)) void _mutex_release (OS_ID *mutex) {
+  /* Release a system mutex, unlock stdlib resources. */
+  if (runtask_id ()) {
+    /* RTX running, release a mutex. */
+    mutex_rel (*mutex);
+  }
+}
+
+#elif defined (__ICCARM__)
+
+/*--------------------------- __iar_system_Mtxinit --------------------------*/
+
+void __iar_system_Mtxinit(__iar_Rmtx *mutex)
+{
+    /* Allocate and initialize a system mutex. */
+    int32_t idx;
+
+    for (idx = 0; idx < OS_MUTEXCNT; idx++)
+    {
+        if (std_libmutex[idx].used == 0)
+        {
+            std_libmutex[idx].used = 1;
+            *mutex = &std_libmutex[idx].mutex;
+            nr_mutex++;
+            break;
+        }
+    }
+    if (nr_mutex >= OS_MUTEXCNT)
+    {
+        /* If you are here, you need to increase the number OS_MUTEXCNT. */
+        for (;;);
+    }
+  
+    mutex_init (*mutex);
+}
+
+/*--------------------------- __iar_system_Mtxdst ---------------------------*/
+
+void __iar_system_Mtxdst(__iar_Rmtx *mutex)
+{
+    /* Free a system mutex. */
+    int32_t idx;
+
+    if (nr_mutex == 0)
+    {
+        for (;;);
+    }
+
+    idx = ((((uint32_t)mutex) - ((uint32_t)&std_libmutex[0].mutex))
+           / sizeof(os_mut_array_t));
+
+    if (idx >= OS_MUTEXCNT)
+    {
+        for (;;);
+    }
+
+    mutex_del (*mutex);
+    std_libmutex[idx].used = 0;
+}
+
+/*--------------------------- __iar_system_Mtxlock --------------------------*/
+
+void __iar_system_Mtxlock(__iar_Rmtx *mutex)
+{
+    /* Acquire a system mutex, lock stdlib resources. */
+    if (runtask_id ())
+    {
+        /* RTX running, acquire a mutex. */
+        mutex_wait (*mutex);
+    }
+}
+
+/*--------------------------- __iar_system_Mtxunlock ------------------------*/
+
+void __iar_system_Mtxunlock(__iar_Rmtx *mutex)
+{
+    /* Release a system mutex, unlock stdlib resources. */
+    if (runtask_id ())
+    {
+        /* RTX running, release a mutex. */
+        mutex_rel (*mutex);
+    }
+}
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      RTX Startup
+ *---------------------------------------------------------------------------*/
+
+/* Main Thread definition */
+extern int main (void);
+#ifdef __MBED_CMSIS_RTOS_CA9
+uint32_t os_thread_def_stack_main [(4 * OS_MAINSTKSIZE) / sizeof(uint32_t)];
+osThreadDef_t os_thread_def_main = {(os_pthread)main, osPriorityNormal, 1, 4*OS_MAINSTKSIZE, os_thread_def_stack_main };
+#else
+osThreadDef_t os_thread_def_main = {(os_pthread)main, osPriorityNormal, 1, 4*OS_MAINSTKSIZE };
+#endif
+
+#if defined (__CC_ARM)
+
+#ifdef __MICROLIB
+void _main_init (void) __attribute__((section(".ARM.Collect$$$$000000FF")));
+#if __TARGET_ARCH_ARM
+#pragma push
+#pragma arm
+#endif
+void _main_init (void) {
+  osKernelInitialize();
+  osThreadCreate(&os_thread_def_main, NULL);
+  osKernelStart();
+  for (;;);
+}
+#if __TARGET_ARCH_ARM
+#pragma pop
+#endif
+#else
+__asm void __rt_entry (void) {
+
+  IMPORT  __user_setup_stackheap
+  IMPORT  __rt_lib_init
+  IMPORT  os_thread_def_main
+  IMPORT  osKernelInitialize
+  IMPORT  osKernelStart
+  IMPORT  osThreadCreate
+  IMPORT  exit
+
+  BL      __user_setup_stackheap
+  MOV     R1,R2
+  BL      __rt_lib_init
+  BL      osKernelInitialize
+  LDR     R0,=os_thread_def_main
+  MOVS    R1,#0
+  BL      osThreadCreate
+  BL      osKernelStart
+  BL      exit
+
+  ALIGN
+}
+#endif
+
+#elif defined (__GNUC__)
+
+#ifdef __CS3__
+
+/* CS3 start_c routine.
+ *
+ * Copyright (c) 2006, 2007 CodeSourcery Inc
+ *
+ * The authors hereby grant permission to use, copy, modify, distribute,
+ * and license this software and its documentation for any purpose, provided
+ * that existing copyright notices are retained in all copies and that this
+ * notice is included verbatim in any distributions. No written agreement,
+ * license, or royalty fee is required for any of the authorized uses.
+ * Modifications to this software may be copyrighted by their authors
+ * and need not follow the licensing terms described here, provided that
+ * the new terms are clearly indicated on the first page of each file where
+ * they apply.
+ */
+
+#include "cs3.h"
+
+extern void __libc_init_array (void);
+
+__attribute ((noreturn)) void __cs3_start_c (void){
+  unsigned regions = __cs3_region_num;
+  const struct __cs3_region *rptr = __cs3_regions;
+
+  /* Initialize memory */
+  for (regions = __cs3_region_num, rptr = __cs3_regions; regions--; rptr++) {
+    long long *src = (long long *)rptr->init;
+    long long *dst = (long long *)rptr->data;
+    unsigned limit = rptr->init_size;
+    unsigned count;
+
+    if (src != dst)
+      for (count = 0; count != limit; count += sizeof (long long))
+        *dst++ = *src++;
+    else
+      dst = (long long *)((char *)dst + limit);
+    limit = rptr->zero_size;
+    for (count = 0; count != limit; count += sizeof (long long))
+      *dst++ = 0;
+  }
+
+  /* Run initializers.  */
+  __libc_init_array ();
+
+  osKernelInitialize();
+  osThreadCreate(&os_thread_def_main, NULL);
+  osKernelStart();
+  for (;;);
+}
+
+#else
+
+__attribute__((naked)) void software_init_hook (void) {
+  __asm (
+    ".syntax unified\n"
+    ".arm\n"
+    "movs r0,#0\n"
+    "movs r1,#0\n"
+    "mov  r4,r0\n"
+    "mov  r5,r1\n"
+    "ldr  r0,= __libc_fini_array\n"
+    "bl   atexit\n"
+    "bl   __libc_init_array\n"
+    "mov  r0,r4\n"
+    "mov  r1,r5\n"
+    "bl   osKernelInitialize\n"
+    "ldr  r0,=os_thread_def_main\n"
+    "movs r1,#0\n"
+    "bl   osThreadCreate\n"
+    "bl   osKernelStart\n"
+    "bl   exit\n"
+  );
+}
+
+#endif
+
+#elif defined (__ICCARM__)
+
+extern void exit(int arg);
+
+void mbed_main(void) {
+  int a;
+
+  osKernelInitialize();
+  osThreadCreate(&os_thread_def_main, NULL);
+  a = osKernelStart();
+  exit(a);
+}
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/RTX_Conf_CA.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,329 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_Conf_CM.C
+ *      Purpose: Configuration of CMSIS RTX Kernel
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "cmsis_os.h"
+
+/*----------------------------------------------------------------------------
+ *      RTX User configuration part BEGIN
+ *---------------------------------------------------------------------------*/
+
+//-------- <<< Use Configuration Wizard in Context Menu >>> -----------------
+//
+// <h>Thread Configuration
+// =======================
+//
+//   <o>Number of concurrent running threads <0-250>
+//   <i> Defines max. number of threads that will run at the same time.
+//   <i> Default: 6
+#ifndef OS_TASKCNT
+ #define OS_TASKCNT     25
+#endif
+
+#ifdef __MBED_CMSIS_RTOS_CA9
+//   <o>Idle stack size [bytes] <64-4096:8><#/4>
+//   <i> Defines default stack size for the Idle thread.
+#ifndef OS_IDLESTKSIZE
+ #define OS_IDLESTKSIZE 128
+#endif
+#else // __MBED_CMSIS_RTOS_CA9
+//   <o>Default Thread stack size [bytes] <64-4096:8><#/4>
+//   <i> Defines default stack size for threads with osThreadDef stacksz = 0
+//   <i> Default: 200
+#ifndef OS_STKSIZE
+ #define OS_STKSIZE     200
+#endif
+#endif // __MBED_CMSIS_RTOS_CA9
+
+//   <o>Main Thread stack size [bytes] <64-4096:8><#/4>
+//   <i> Defines stack size for main thread.
+//   <i> Default: 200
+#ifndef OS_MAINSTKSIZE
+ #define OS_MAINSTKSIZE 2048
+#endif
+
+#ifndef __MBED_CMSIS_RTOS_CA9
+//   <o>Number of threads with user-provided stack size <0-250>
+//   <i> Defines the number of threads with user-provided stack size.
+//   <i> Default: 0
+#ifndef OS_PRIVCNT
+ #define OS_PRIVCNT     0
+#endif
+
+//   <o>Total stack size [bytes] for threads with user-provided stack size <0-4096:8><#/4>
+//   <i> Defines the combined stack size for threads with user-provided stack size.
+//   <i> Default: 0
+#ifndef OS_PRIVSTKSIZE
+ #define OS_PRIVSTKSIZE 0
+#endif
+#endif // __MBED_CMSIS_RTOS_CA9
+
+// <q>Check for stack overflow
+// <i> Includes the stack checking code for stack overflow.
+// <i> Note that additional code reduces the Kernel performance.
+#ifndef OS_STKCHECK
+ #define OS_STKCHECK    1
+#endif
+
+// <o>Processor mode for thread execution
+//   <0=> Unprivileged mode
+//   <1=> Privileged mode
+// <i> Default: Privileged mode
+#ifndef OS_RUNPRIV
+ #define OS_RUNPRIV     1
+#endif
+
+// </h>
+
+// <h>RTX Kernel Timer Tick Configuration
+// ======================================
+// <q> Use Cortex-M SysTick timer as RTX Kernel Timer
+// <i> Use the Cortex-M SysTick timer as a time-base for RTX.
+#ifndef OS_SYSTICK
+ #define OS_SYSTICK     0
+#endif
+//
+//   <o>Timer clock value [Hz] <1-1000000000>
+//   <i> Defines the timer clock value.
+//   <i> Default: 12000000  (12MHz)
+#ifndef OS_CLOCK
+#  if defined(TARGET_RZ_A1H)
+ #define OS_CLOCK       12000000
+#  else
+#    error "no target defined"
+#  endif
+#endif
+
+//   <o>Timer tick value [us] <1-1000000>
+//   <i> Defines the timer tick value.
+//   <i> Default: 1000  (1ms)
+#ifndef OS_TICK
+ #define OS_TICK        1000
+#endif
+
+// </h>
+
+// <h>System Configuration
+// =======================
+//
+// <e>Round-Robin Thread switching
+// ===============================
+//
+// <i> Enables Round-Robin Thread switching.
+#ifndef OS_ROBIN
+ #define OS_ROBIN       1
+#endif
+
+//   <o>Round-Robin Timeout [ticks] <1-1000>
+//   <i> Defines how long a thread will execute before a thread switch.
+//   <i> Default: 5
+#ifndef OS_ROBINTOUT
+ #define OS_ROBINTOUT   5
+#endif
+
+// </e>
+
+// <e>User Timers
+// ==============
+//   <i> Enables user Timers
+#ifndef OS_TIMERS
+ #define OS_TIMERS      1
+#endif
+
+//   <o>Timer Thread Priority
+//                        <1=> Low
+//     <2=> Below Normal  <3=> Normal  <4=> Above Normal
+//                        <5=> High
+//                        <6=> Realtime (highest)
+//   <i> Defines priority for Timer Thread
+//   <i> Default: High
+#ifndef OS_TIMERPRIO
+ #define OS_TIMERPRIO   5
+#endif
+
+//   <o>Timer Thread stack size [bytes] <64-4096:8><#/4>
+//   <i> Defines stack size for Timer thread.
+//   <i> Default: 200
+#ifndef OS_TIMERSTKSZ
+ #define OS_TIMERSTKSZ  WORDS_STACK_SIZE
+#endif
+
+//   <o>Timer Callback Queue size <1-32>
+//   <i> Number of concurrent active timer callback functions.
+//   <i> Default: 4
+#ifndef OS_TIMERCBQS
+ #define OS_TIMERCBQS   4
+#endif
+
+// </e>
+
+//   <o>ISR FIFO Queue size<4=>   4 entries  <8=>   8 entries
+//                         <12=> 12 entries  <16=> 16 entries
+//                         <24=> 24 entries  <32=> 32 entries
+//                         <48=> 48 entries  <64=> 64 entries
+//                         <96=> 96 entries
+//   <i> ISR functions store requests to this buffer,
+//   <i> when they are called from the interrupt handler.
+//   <i> Default: 16 entries
+#ifndef OS_FIFOSZ
+ #define OS_FIFOSZ      16
+#endif
+
+// </h>
+
+//------------- <<< end of configuration section >>> -----------------------
+
+// Standard library system mutexes
+// ===============================
+//  Define max. number system mutexes that are used to protect
+//  the arm standard runtime library. For microlib they are not used.
+#ifndef OS_MUTEXCNT
+ #define OS_MUTEXCNT    12
+#endif
+
+/*----------------------------------------------------------------------------
+ *      RTX User configuration part END
+ *---------------------------------------------------------------------------*/
+
+#define OS_TRV          ((uint32_t)(((double)OS_CLOCK*(double)OS_TICK)/1E6)-1)
+
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+/*--------------------------- os_idle_demon ---------------------------------*/
+
+void os_idle_demon (void) {
+  /* The idle demon is a system thread, running when no other thread is      */
+  /* ready to run.                                                           */
+
+  for (;;) {
+    /* HERE: include optional user code to be executed when no thread runs.*/
+  }
+}
+
+#if (OS_SYSTICK == 0)   // Functions for alternative timer as RTX kernel timer
+
+/*--------------------------- os_tick_init ----------------------------------*/
+#ifdef TARGET_RZ_A1H
+#define OSTM0   (0xFCFEC000uL) /* OSTM0 */
+#define OSTM1   (0xFCFEC400uL) /* OSTM1 */
+#define CPG     (0xFCFE0410uL) /* CPG */
+
+#define CPGSTBCR5 (*((volatile unsigned char*)(CPG    + 0x00000018uL)))
+
+#define OSTM0CMP (*((volatile unsigned long*)(OSTM0   + 0x00000000uL)))
+#define OSTM0CNT (*((volatile unsigned long*)(OSTM0   + 0x00000004uL)))
+#define OSTM0TE  (*((volatile unsigned char*)(OSTM0   + 0x00000010uL)))
+#define OSTM0TS  (*((volatile unsigned char*)(OSTM0   + 0x00000014uL)))
+#define OSTM0TT  (*((volatile unsigned char*)(OSTM0   + 0x00000018uL)))
+#define OSTM0CTL (*((volatile unsigned char*)(OSTM0   + 0x00000020uL)))
+
+#define OSTM1CMP (*((volatile unsigned long*)(OSTM1   + 0x00000000uL)))
+#define OSTM1CNT (*((volatile unsigned long*)(OSTM1   + 0x00000004uL)))
+#define OSTM1TE  (*((volatile unsigned char*)(OSTM1   + 0x00000010uL)))
+#define OSTM1TS  (*((volatile unsigned char*)(OSTM1   + 0x00000014uL)))
+#define OSTM1TT  (*((volatile unsigned char*)(OSTM1   + 0x00000018uL)))
+#define OSTM1CTL (*((volatile unsigned char*)(OSTM1   + 0x00000020uL)))
+
+#define CPG_STBCR5_BIT_MSTP51   (0x02u) /* OSTM0 */
+#define CM1_RENESAS_RZ_A1_P0_CLK ( 32000000u)
+#define CM0_RENESAS_RZ_A1_P0_CLK ( 33333333u)
+
+typedef enum
+{
+    IRQ_SGI0       = 0,
+    IRQ_OSTMI0TINT = 134
+} IRQn_Type;
+
+typedef void(*IRQHandler)();
+
+extern void PendSV_Handler(uint32_t);
+extern void OS_Tick_Handler(uint32_t);
+extern uint32_t InterruptHandlerRegister (IRQn_Type irq, IRQHandler handler);
+#endif
+
+// Initialize alternative hardware timer as RTX kernel timer
+// Return: IRQ number of the alternative hardware timer
+int os_tick_init (void) {
+#ifdef TARGET_RZ_A1H
+  CPGSTBCR5 &= ~(CPG_STBCR5_BIT_MSTP51); /* enable OSTM0 clock */
+
+  OSTM0TT   = 0x1;    /* Stop the counter and clears the OSTM0TE bit.     */
+  OSTM0CTL  = 0x1;    /* Interval timer mode. Interrupt enabled  */
+
+  OSTM0CMP  = (uint32_t)(((double)CM0_RENESAS_RZ_A1_P0_CLK*(double)OS_TICK)/1E6);
+
+  OSTM0TS   = 0x1;    /* Start the counter and sets the OSTM0TE bit.     */
+
+  InterruptHandlerRegister(IRQ_SGI0    , (IRQHandler)PendSV_Handler);
+  InterruptHandlerRegister(IRQ_OSTMI0TINT, (IRQHandler)OS_Tick_Handler);
+
+
+  return IRQ_OSTMI0TINT; /* Return IRQ number of timer (0..239) */
+              /* RTX will set and configure the interrupt */
+#endif
+}
+
+/*--------------------------- os_tick_irqack --------------------------------*/
+
+// Acknowledge alternative hardware timer interrupt
+void os_tick_irqack (void) {
+  /* ... */
+}
+
+#endif   // (OS_SYSTICK == 0)
+
+/*--------------------------- os_error --------------------------------------*/
+extern void mbed_die(void);
+
+void os_error (uint32_t err_code) {
+  /* This function is called when a runtime error is detected. Parameter */
+  /* 'err_code' holds the runtime error code (defined in RTL.H).         */
+    mbed_die();
+
+  /* HERE: include optional code to be executed on runtime error. */
+  for (;;);
+}
+
+
+/*----------------------------------------------------------------------------
+ *      RTX Configuration Functions
+ *---------------------------------------------------------------------------*/
+
+#include "RTX_CM_lib.h"
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/RTX_Config.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,78 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_CONFIG.H
+ *      Purpose: Exported functions of RTX_Config.c
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+
+/* Error Codes */
+#define OS_ERR_STK_OVF          1
+#define OS_ERR_FIFO_OVF         2
+#define OS_ERR_MBX_OVF          3
+
+/* Definitions */
+#define BOX_ALIGN_8                   0x80000000
+#define _declare_box(pool,size,cnt)   U32 pool[(((size)+3)/4)*(cnt) + 3]
+#define _declare_box8(pool,size,cnt)  U64 pool[(((size)+7)/8)*(cnt) + 2]
+#define _init_box8(pool,size,bsize)   _init_box (pool,size,(bsize) | BOX_ALIGN_8)
+
+/* Variables */
+extern U32 mp_tcb[];
+extern U64 mp_stk[];
+extern U32 os_fifo[];
+extern void *os_active_TCB[];
+
+/* Constants */
+extern U16 const os_maxtaskrun;
+extern U32 const os_trv;
+extern U8  const os_flags;
+extern U32 const os_stackinfo;
+extern U32 const os_rrobin;
+extern U32 const os_clockrate;
+extern U32 const os_timernum;
+extern U16 const mp_tcb_size;
+extern U32 const mp_stk_size;
+extern U32 const *m_tmr;
+extern U16 const mp_tmr_size;
+extern U8  const os_fifo_size;
+
+/* Functions */
+extern void os_idle_demon   (void);
+extern int  os_tick_init    (void);
+extern U32  os_tick_val     (void);
+extern U32  os_tick_ovf     (void);
+extern void os_tick_irqack  (void);
+extern void os_tmr_call     (U16  info);
+extern void os_error        (U32 err_code);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_ARM/HAL_CA9.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,437 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CA9.c
+ *      Purpose: Hardware Abstraction Layer for Cortex-A9
+ *      Rev.:    8 April 2015
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 2012 - 2015 ARM Limited
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_System.h"
+#include "rt_Task.h"
+#include "rt_List.h"
+#include "rt_MemBox.h"
+#include "rt_HAL_CA.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+//For A-class, set USR/SYS stack
+__asm void rt_set_PSP (U32 stack) {
+        ARM
+
+        MRS     R1, CPSR
+        CPS     #MODE_SYS   ;no effect in USR mode
+        ISB
+        MOV     SP, R0
+        MSR     CPSR_c, R1  ;no effect in USR mode
+        ISB
+        BX      LR
+
+}
+
+//For A-class, get USR/SYS stack
+__asm U32 rt_get_PSP (void) {
+        ARM
+
+        MRS     R1, CPSR
+        CPS     #MODE_SYS   ;no effect in USR mode
+        ISB
+        MOV     R0, SP
+        MSR     CPSR_c, R1  ;no effect in USR mode
+        ISB
+        BX      LR
+}
+
+/*--------------------------- _alloc_box ------------------------------------*/
+__asm void *_alloc_box (void *box_mem) {
+    /* Function wrapper for Unprivileged/Privileged mode. */
+        ARM
+
+        LDR     R12,=__cpp(rt_alloc_box)
+        MRS     R2, CPSR
+        LSLS    R2, #28
+        BXNE    R12
+        SVC     0
+        BX      LR
+}
+
+
+/*--------------------------- _free_box -------------------------------------*/
+__asm int _free_box (void *box_mem, void *box) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        ARM
+
+        LDR     R12,=__cpp(rt_free_box)
+        MRS     R2, CPSR
+        LSLS    R2, #28
+        BXNE    R12
+        SVC     0
+        BX      LR
+
+}
+
+/*-------------------------- SVC_Handler -----------------------------------*/
+
+#pragma push
+#pragma arm
+__asm void SVC_Handler (void) {
+        PRESERVE8
+        ARM
+
+        IMPORT  rt_tsk_lock
+        IMPORT  rt_tsk_unlock
+        IMPORT  SVC_Count
+        IMPORT  SVC_Table
+        IMPORT  rt_stk_check
+        IMPORT  FPUEnable
+        IMPORT  scheduler_suspended    ; flag set by rt_suspend, cleared by rt_resume, read by SVC_Handler
+
+Mode_SVC        EQU     0x13
+
+        SRSFD   SP!, #Mode_SVC         ; Push LR_SVC and SPRS_SVC onto SVC mode stack
+        PUSH    {R4}                   ; Push R4 so we can use it as a temp
+
+        MRS     R4,SPSR                ; Get SPSR
+        TST     R4,#CPSR_T_BIT         ; Check Thumb Bit
+        LDRNEH  R4,[LR,#-2]            ; Thumb: Load Halfword
+        BICNE   R4,R4,#0xFF00          ;        Extract SVC Number
+        LDREQ   R4,[LR,#-4]            ; ARM:   Load Word
+        BICEQ   R4,R4,#0xFF000000      ;        Extract SVC Number
+
+        /* Lock out systick and re-enable interrupts */
+        PUSH    {R0-R3,R12,LR}
+
+        AND     R12, SP, #4            ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12            ; Adjust stack
+        PUSH    {R12, LR}              ; Store stack adjustment and dummy LR to SVC stack
+
+        BLX     rt_tsk_lock
+        CPSIE   i
+
+        POP     {R12, LR}              ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12            ; Unadjust stack
+
+        POP     {R0-R3,R12,LR}
+
+        CMP     R4,#0
+        BNE     SVC_User
+
+        MRS     R4,SPSR
+        PUSH    {R4}                    ; Push R4 so we can use it as a temp
+        AND     R4, SP, #4              ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              ; Adjust stack
+        PUSH    {R4, LR}                ; Store stack adjustment and dummy LR
+        BLX     R12
+        POP     {R4, LR}                ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              ; Unadjust stack
+        POP     {R4}                    ; Restore R4
+        MSR     SPSR_CXSF,R4
+
+        /* Here we will be in SVC mode (even if coming in from PendSV_Handler or OS_Tick_Handler) */
+Sys_Switch
+        LDR     LR,=__cpp(&os_tsk)
+        LDM     LR,{R4,LR}              ; os_tsk.run, os_tsk.new_tsk
+        CMP     R4,LR
+        BNE     switching
+
+        PUSH    {R0-R3,R12,LR}
+
+        AND     R12, SP, #4             ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12             ; Adjust stack
+        PUSH    {R12, LR}               ; Store stack adjustment and dummy LR to SVC stack
+
+        CPSID   i
+        ; Do not unlock scheduler if it has just been suspended by rt_suspend()
+        LDR     R1,=scheduler_suspended
+        LDRB    R0, [R1]
+        CMP     R0, #1
+        BEQ     dont_unlock
+        BLX     rt_tsk_unlock
+dont_unlock
+
+        POP     {R12, LR}               ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12             ; Unadjust stack
+
+        POP     {R0-R3,R12,LR}
+        POP     {R4}
+        RFEFD   SP!                     ; Return from exception, no task switch
+
+switching
+        CLREX
+        CMP     R4,#0
+        ADDEQ   SP,SP,#12               ; Original R4, LR & SPSR do not need to be popped when we are paging in a different task
+        BEQ     SVC_Next                ; Runtask deleted?
+
+
+        PUSH    {R8-R11} //R4 and LR already stacked
+        MOV     R10,R4                  ; Preserve os_tsk.run
+        MOV     R11,LR                  ; Preserve os_tsk.new_tsk
+
+        ADD     R8,SP,#16               ; Unstack R4,LR
+        LDMIA   R8,{R4,LR}
+
+        SUB     SP,SP,#4                ; Make space on the stack for the next instn
+        STMIA   SP,{SP}^                ; Put User SP onto stack
+        POP     {R8}                    ; Pop User SP into R8
+
+        MRS     R9,SPSR
+        STMDB   R8!,{R9}                ; User CPSR
+        STMDB   R8!,{LR}                ; User PC
+        STMDB   R8,{LR}^                ; User LR
+        SUB     R8,R8,#4                ; No writeback for store of User LR
+        STMDB   R8!,{R0-R3,R12}         ; User R0-R3,R12
+        MOV     R3,R10                  ; os_tsk.run
+        MOV     LR,R11                  ; os_tsk.new_tsk
+        POP     {R9-R12}
+        ADD     SP,SP,#12               ; Fix up SP for unstack of R4, LR & SPSR
+        STMDB   R8!,{R4-R7,R9-R12}      ; User R4-R11
+
+        //If applicable, stack VFP/NEON state
+        MRC     p15,0,R1,c1,c0,2        ; VFP/NEON access enabled? (CPACR)
+        AND     R2,R1,#0x00F00000
+        CMP     R2,#0x00F00000
+        BNE     no_outgoing_vfp
+        VMRS    R2,FPSCR
+        STMDB   R8!,{R2,R4}             ; Push FPSCR, maintain 8-byte alignment
+        VSTMDB  R8!,{D0-D15}
+        VSTMDB  R8!,{D16-D31}
+        LDRB    R2,[R3,#TCB_STACKF]     ; Record in TCB that NEON/D32 state is stacked
+        ORR     R2,#4
+        STRB    R2,[R3,#TCB_STACKF]
+
+no_outgoing_vfp
+        STR     R8,[R3,#TCB_TSTACK]
+        MOV     R4,LR
+
+        PUSH    {R4}                    ; Push R4 so we can use it as a temp
+        AND     R4, SP, #4              ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              ; Adjust stack
+        PUSH    {R4, LR}                ; Store stack adjustment and dummy LR to SVC stack
+
+        BLX     rt_stk_check
+
+        POP     {R4, LR}                ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              ; Unadjust stack
+        POP     {R4}                    ; Restore R4
+
+        MOV     LR,R4
+
+SVC_Next  //R4 == os_tsk.run, LR == os_tsk.new_tsk, R0-R3, R5-R12 corruptible
+        LDR     R1,=__cpp(&os_tsk)      ; os_tsk.run = os_tsk.new_tsk
+        STR     LR,[R1]
+        LDRB    R1,[LR,#TCB_TID]        ; os_tsk.run->task_id
+        LSL     R1,#8                   ; Store PROCID
+        MCR     p15,0,R1,c13,c0,1       ; Write CONTEXTIDR
+
+        LDR     R0,[LR,#TCB_TSTACK]     ; os_tsk.run->tsk_stack
+
+        //Does incoming task have VFP/NEON state in stack?
+        LDRB    R3,[LR,#TCB_STACKF]
+        ANDS    R3, R3, #0x6
+        MRC     p15,0,R1,c1,c0,2        ; Read CPACR
+        ANDEQ   R1,R1,#0xFF0FFFFF       ; Disable VFP/NEON access if incoming task does not have stacked VFP/NEON state
+        ORRNE   R1,R1,#0x00F00000       ; Enable VFP/NEON access if incoming task does have stacked VFP/NEON state
+        MCR     p15,0,R1,c1,c0,2        ; Write CPACR
+        BEQ     no_incoming_vfp
+        ISB                             ; We only need the sync if we enabled, otherwise we will context switch before next VFP/NEON instruction anyway
+        VLDMIA  R0!,{D16-D31}
+        VLDMIA  R0!,{D0-D15}
+        LDR     R2,[R0]
+        VMSR    FPSCR,R2
+        ADD     R0,R0,#8
+
+no_incoming_vfp
+        LDR     R1,[R0,#60]             ; Restore User CPSR
+        MSR     SPSR_CXSF,R1
+        LDMIA   R0!,{R4-R11}            ; Restore User R4-R11
+        ADD     R0,R0,#4                ; Restore User R1-R3,R12
+        LDMIA   R0!,{R1-R3,R12}
+        LDMIA   R0,{LR}^                ; Restore User LR
+        ADD     R0,R0,#4                ; No writeback for load to user LR
+        LDMIA   R0!,{LR}                ; Restore User PC
+        ADD     R0,R0,#4                ; Correct User SP for unstacked user CPSR
+
+        PUSH    {R0}                    ; Push R0 onto stack
+        LDMIA   SP,{SP}^                ; Get R0 off stack into User SP
+        ADD     SP,SP,#4                ; Put SP back
+
+        LDR     R0,[R0,#-32]            ; Restore R0
+
+        PUSH    {R0-R3,R12,LR}
+
+        AND     R12, SP, #4             ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12             ; Adjust stack
+        PUSH    {R12, LR}               ; Store stack adjustment and dummy LR to SVC stack
+
+        CPSID   i
+        BLX     rt_tsk_unlock
+
+        POP     {R12, LR}               ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12             ; Unadjust stack
+
+        POP     {R0-R3,R12,LR}
+
+        MOVS    PC,LR                   ; Return from exception
+
+
+        /*------------------- User SVC -------------------------------*/
+
+SVC_User
+        LDR     R12,=SVC_Count
+        LDR     R12,[R12]
+        CMP     R4,R12                  ; Check for overflow
+        BHI     SVC_Done
+
+        LDR     R12,=SVC_Table-4
+        LDR     R12,[R12,R4,LSL #2]     ; Load SVC Function Address
+        MRS     R4,SPSR                 ; Save SPSR
+        PUSH    {R4}                    ; Push R4 so we can use it as a temp
+        AND     R4, SP, #4              ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              ; Adjust stack
+        PUSH    {R4, LR}                ; Store stack adjustment and dummy LR
+        BLX     R12                     ; Call SVC Function
+        POP     {R4, LR}                ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              ; Unadjust stack
+        POP     {R4}                    ; Restore R4
+        MSR     SPSR_CXSF,R4            ; Restore SPSR
+
+SVC_Done
+        PUSH    {R0-R3,R12,LR}
+
+        PUSH    {R4}                    ; Push R4 so we can use it as a temp
+        AND     R4, SP, #4              ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              ; Adjust stack
+        PUSH    {R4, LR}                ; Store stack adjustment and dummy LR
+
+        CPSID   i
+        BLX     rt_tsk_unlock
+
+        POP     {R4, LR}                ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              ; Unadjust stack
+        POP     {R4}                    ; Restore R4
+
+        POP     {R0-R3,R12,LR}
+        POP     {R4}
+        RFEFD   SP!                     ; Return from exception
+}
+#pragma pop
+
+#pragma push
+#pragma arm
+__asm void PendSV_Handler (U32 IRQn) {
+    ARM
+
+    IMPORT  rt_tsk_lock
+    IMPORT  IRQNestLevel                ; Flag indicates whether inside an ISR, and the depth of nesting.  0 = not in ISR.
+    IMPORT  seen_id0_active             ; Flag used to workaround GIC 390 errata 733075 - set in startup_Renesas_RZ_A1.s
+
+    ADD     SP,SP,#8 //fix up stack pointer (R0 has been pushed and will never be popped, R1 was pushed for stack alignment)
+
+    //Disable systick interrupts, then write EOIR. We want interrupts disabled before we enter the context switcher.
+    PUSH    {R0, R1}
+    BLX     rt_tsk_lock
+    POP     {R0, R1}
+    LDR     R1, =__cpp(&GICInterface_BASE)
+    LDR     R1, [R1, #0]
+    STR     R0, [R1, #0x10]
+
+    ; If it was interrupt ID0, clear the seen flag, otherwise return as normal
+    CMP     R0, #0
+    LDREQ   R1, =seen_id0_active
+    STRBEQ  R0, [R1]                    ; Clear the seen flag, using R0 (which is 0), to save loading another register
+
+    LDR     R0, =IRQNestLevel           ; Get address of nesting counter
+    LDR     R1, [R0]
+    SUB     R1, R1, #1                  ; Decrement nesting counter
+    STR     R1, [R0]
+
+    BLX     __cpp(rt_pop_req)
+
+    POP     {R1, LR}                ; Get stack adjustment & discard dummy LR
+    ADD     SP, SP, R1              ; Unadjust stack
+
+    LDR     R0,[SP,#24]
+    MSR     SPSR_CXSF,R0
+    POP     {R0-R3,R12}             ; Leave SPSR & LR on the stack
+    PUSH    {R4}
+    B       Sys_Switch
+}
+#pragma pop
+
+
+#pragma push
+#pragma arm
+__asm void OS_Tick_Handler (U32 IRQn) {
+    ARM
+
+    IMPORT  rt_tsk_lock
+    IMPORT  IRQNestLevel                ; Flag indicates whether inside an ISR, and the depth of nesting.  0 = not in ISR.
+    IMPORT  seen_id0_active             ; Flag used to workaround GIC 390 errata 733075 - set in startup_Renesas_RZ_A1.s
+
+    ADD     SP,SP,#8 //fix up stack pointer (R0 has been pushed and will never be popped, R1 was pushed for stack alignment)
+
+    PUSH    {R0, R1}
+    BLX     rt_tsk_lock
+    POP     {R0, R1}
+    LDR     R1, =__cpp(&GICInterface_BASE)
+    LDR     R1, [R1, #0]
+    STR     R0, [R1, #0x10]
+
+    ; If it was interrupt ID0, clear the seen flag, otherwise return as normal
+    CMP     R0, #0
+    LDREQ   R1, =seen_id0_active
+    STRBEQ  R0, [R1]                    ; Clear the seen flag, using R0 (which is 0), to save loading another register
+
+    LDR     R0, =IRQNestLevel           ; Get address of nesting counter
+    LDR     R1, [R0]
+    SUB     R1, R1, #1                  ; Decrement nesting counter
+    STR     R1, [R0]
+
+    BLX      __cpp(os_tick_irqack)
+    BLX      __cpp(rt_systick)
+
+    POP     {R1, LR}                ; Get stack adjustment & discard dummy LR
+    ADD     SP, SP, R1              ; Unadjust stack
+
+    LDR     R0,[SP,#24]
+    MSR     SPSR_CXSF,R0
+    POP     {R0-R3,R12}             ; Leave SPSR & LR on the stack
+    PUSH    {R4}
+    B       Sys_Switch
+}
+#pragma pop
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_ARM/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,57 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.70
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                AREA    SVC_TABLE, CODE, READONLY
+
+                EXPORT  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;                IMPORT  __SVC_1
+
+                EXPORT  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;                DCD     __SVC_1                 ; InitMemorySubsystem
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_GCC/HAL_CA9.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,472 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CA9.c
+ *      Purpose: Hardware Abstraction Layer for Cortex-A9
+ *      Rev.:    8 April 2015
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 2012 - 2015 ARM Limited
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+    .global rt_set_PSP
+    .global rt_get_PSP
+    .global _alloc_box
+    .global _free_box
+    .global SVC_Handler
+    .global PendSV_Handler
+    .global OS_Tick_Handler
+
+/* macro defines form rt_HAL_CA.h */
+    .EQU CPSR_T_BIT,    0x20
+    .EQU CPSR_I_BIT,    0x80
+    .EQU CPSR_F_BIT,    0x40
+
+    .EQU MODE_USR,      0x10
+    .EQU MODE_FIQ,      0x11
+    .EQU MODE_IRQ,      0x12
+    .EQU MODE_SVC,      0x13
+    .EQU MODE_ABT,      0x17
+    .EQU MODE_UND,      0x1B
+    .EQU MODE_SYS,      0x1F
+
+/* macro defines form rt_TypeDef.h */
+    .EQU TCB_TID,        3        /* 'task id' offset                        */
+    .EQU TCB_STACKF,    37        /* 'stack_frame' offset                    */
+    .EQU TCB_TSTACK,    44        /* 'tsk_stack' offset for LARGE_STACK      */
+
+
+    .extern rt_alloc_box
+    .extern os_tsk
+    .extern GICInterface_BASE
+    .extern rt_pop_req
+    .extern os_tick_irqack
+    .extern rt_systick
+
+    .text
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+@ For A-class, set USR/SYS stack
+@ __asm void rt_set_PSP (U32 stack) {
+rt_set_PSP:
+        .ARM
+
+        MRS     R1, CPSR
+        CPS     #MODE_SYS   @no effect in USR mode
+        ISB
+        MOV     SP, R0
+        MSR     CPSR_c, R1  @no effect in USR mode
+        ISB
+        BX      LR
+
+@ }
+
+@ For A-class, get USR/SYS stack
+@ __asm U32 rt_get_PSP (void) {
+rt_get_PSP:
+        .ARM
+
+        MRS     R1, CPSR
+        CPS     #MODE_SYS   @no effect in USR mode
+        ISB
+        MOV     R0, SP
+        MSR     CPSR_c, R1  @no effect in USR mode
+        ISB
+        BX      LR
+@ }
+
+/*--------------------------- _alloc_box ------------------------------------*/
+@ __asm void *_alloc_box (void *box_mem) {
+_alloc_box:
+    /* Function wrapper for Unprivileged/Privileged mode. */
+        .ARM
+
+        LDR     R12,=rt_alloc_box
+        MRS     R2, CPSR
+        LSLS    R2, #28
+        BXNE    R12
+        SVC     0
+        BX      LR
+@ }
+
+
+/*--------------------------- _free_box -------------------------------------*/
+@ __asm int _free_box (void *box_mem, void *box) {
+_free_box:
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        .ARM
+
+        LDR     R12,=rt_free_box
+        MRS     R2, CPSR
+        LSLS    R2, #28
+        BXNE    R12
+        SVC     0
+        BX      LR
+
+@ }
+
+/*-------------------------- SVC_Handler -----------------------------------*/
+
+@ #pragma push
+@ #pragma arm
+@ __asm void SVC_Handler (void) {
+SVC_Handler:
+        .eabi_attribute Tag_ABI_align8_preserved,1
+        .ARM
+
+        .extern  rt_tsk_lock
+        .extern  rt_tsk_unlock
+        .extern  SVC_Count
+        .extern  SVC_Table
+        .extern  rt_stk_check
+        .extern  FPUEnable
+        .extern  scheduler_suspended   @ flag set by rt_suspend, cleared by rt_resume, read by SVC_Handler
+
+        .EQU    Mode_SVC, 0x13
+
+        SRSDB   SP!, #Mode_SVC         @ Push LR_SVC and SPRS_SVC onto SVC mode stack  @ Use SRSDB because SRSFD isn't supported by GCC-ARM.
+        PUSH    {R4}                   @ Push R4 so we can use it as a temp
+
+        MRS     R4,SPSR                @ Get SPSR
+        TST     R4,#CPSR_T_BIT         @ Check Thumb Bit
+        LDRNEH  R4,[LR,#-2]            @ Thumb: Load Halfword
+        BICNE   R4,R4,#0xFF00          @        Extract SVC Number
+        LDREQ   R4,[LR,#-4]            @ ARM:   Load Word
+        BICEQ   R4,R4,#0xFF000000      @        Extract SVC Number
+
+        /* Lock out systick and re-enable interrupts */
+        PUSH    {R0-R3,R12,LR}
+
+        AND     R12, SP, #4            @ Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12            @ Adjust stack
+        PUSH    {R12, LR}              @ Store stack adjustment and dummy LR to SVC stack
+
+        BLX     rt_tsk_lock
+        CPSIE   i
+
+        POP     {R12, LR}              @ Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12            @ Unadjust stack
+
+        POP     {R0-R3,R12,LR}
+
+        CMP     R4,#0
+        BNE     SVC_User
+
+        MRS     R4,SPSR
+        PUSH    {R4}                    @ Push R4 so we can use it as a temp
+        AND     R4, SP, #4              @ Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              @ Adjust stack
+        PUSH    {R4, LR}                @ Store stack adjustment and dummy LR
+        BLX     R12
+        POP     {R4, LR}                @ Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              @ Unadjust stack
+        POP     {R4}                    @ Restore R4
+        MSR     SPSR_cxsf,R4
+
+        /* Here we will be in SVC mode (even if coming in from PendSV_Handler or OS_Tick_Handler) */
+Sys_Switch:
+        LDR     LR,=os_tsk
+        LDM     LR,{R4,LR}              @ os_tsk.run, os_tsk.new_tsk
+        CMP     R4,LR
+        BNE     switching
+
+        PUSH    {R0-R3,R12,LR}
+
+        AND     R12, SP, #4             @ Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12             @ Adjust stack
+        PUSH    {R12, LR}               @ Store stack adjustment and dummy LR to SVC stack
+
+        CPSID   i
+        @ Do not unlock scheduler if it has just been suspended by rt_suspend()
+        LDR     R1,=scheduler_suspended
+        LDRB    R0, [R1]
+        CMP     R0, #1
+        BEQ     dont_unlock
+        BLX     rt_tsk_unlock
+dont_unlock:
+
+        POP     {R12, LR}               @ Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12             @ Unadjust stack
+
+        POP     {R0-R3,R12,LR}
+        POP     {R4}
+        RFEFD   SP!                     @ Return from exception, no task switch
+
+switching:
+        CLREX
+        CMP     R4,#0
+        ADDEQ   SP,SP,#12               @ Original R4, LR & SPSR do not need to be popped when we are paging in a different task
+        BEQ     SVC_Next                @ Runtask deleted?
+
+
+        PUSH    {R8-R11} @ R4 and LR already stacked
+        MOV     R10,R4                  @ Preserve os_tsk.run
+        MOV     R11,LR                  @ Preserve os_tsk.new_tsk
+
+        ADD     R8,SP,#16               @ Unstack R4,LR
+        LDMIA   R8,{R4,LR}
+
+        SUB     SP,SP,#4                @ Make space on the stack for the next instn
+        STMIA   SP,{SP}^                @ Put User SP onto stack
+        POP     {R8}                    @ Pop User SP into R8
+
+        MRS     R9,SPSR
+        STMDB   R8!,{R9}                @ User CPSR
+        STMDB   R8!,{LR}                @ User PC
+        STMDB   R8,{LR}^                @ User LR
+        SUB     R8,R8,#4                @ No writeback for store of User LR
+        STMDB   R8!,{R0-R3,R12}         @ User R0-R3,R12
+        MOV     R3,R10                  @ os_tsk.run
+        MOV     LR,R11                  @ os_tsk.new_tsk
+        POP     {R9-R12}
+        ADD     SP,SP,#12               @ Fix up SP for unstack of R4, LR & SPSR
+        STMDB   R8!,{R4-R7,R9-R12}      @ User R4-R11
+
+        @ If applicable, stack VFP/NEON state
+        MRC     p15,0,R1,c1,c0,2        @ VFP/NEON access enabled? (CPACR)
+        AND     R2,R1,#0x00F00000
+        CMP     R2,#0x00F00000
+        BNE     no_outgoing_vfp
+        VMRS    R2,FPSCR
+        STMDB   R8!,{R2,R4}             @ Push FPSCR, maintain 8-byte alignment
+        VSTMDB  R8!,{D0-D15}
+        VSTMDB  R8!,{D16-D31}
+        LDRB    R2,[R3,#TCB_STACKF]     @ Record in TCB that NEON/D32 state is stacked
+        ORR     R2,#4
+        STRB    R2,[R3,#TCB_STACKF]
+
+no_outgoing_vfp:
+        STR     R8,[R3,#TCB_TSTACK]
+        MOV     R4,LR
+
+        PUSH    {R4}                    @ Push R4 so we can use it as a temp
+        AND     R4, SP, #4              @ Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              @ Adjust stack
+        PUSH    {R4, LR}                @ Store stack adjustment and dummy LR to SVC stack
+
+        BLX     rt_stk_check
+
+        POP     {R4, LR}                @ Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              @ Unadjust stack
+        POP     {R4}                    @ Restore R4
+
+        MOV     LR,R4
+
+SVC_Next:  @ R4 == os_tsk.run, LR == os_tsk.new_tsk, R0-R3, R5-R12 corruptible
+        LDR     R1,=os_tsk              @ os_tsk.run = os_tsk.new_tsk
+        STR     LR,[R1]
+        LDRB    R1,[LR,#TCB_TID]        @ os_tsk.run->task_id
+        LSL     R1,#8                   @ Store PROCID
+        MCR     p15,0,R1,c13,c0,1       @ Write CONTEXTIDR
+
+        LDR     R0,[LR,#TCB_TSTACK]     @ os_tsk.run->tsk_stack
+
+        @ Does incoming task have VFP/NEON state in stack?
+        LDRB    R3,[LR,#TCB_STACKF]
+        ANDS    R3, R3, #0x6
+        MRC     p15,0,R1,c1,c0,2        @ Read CPACR
+        ANDEQ   R1,R1,#0xFF0FFFFF       @ Disable VFP/NEON access if incoming task does not have stacked VFP/NEON state
+        ORRNE   R1,R1,#0x00F00000       @ Enable VFP/NEON access if incoming task does have stacked VFP/NEON state
+        MCR     p15,0,R1,c1,c0,2        @ Write CPACR
+        BEQ     no_incoming_vfp
+        ISB                             @ We only need the sync if we enabled, otherwise we will context switch before next VFP/NEON instruction anyway
+        VLDMIA  R0!,{D16-D31}
+        VLDMIA  R0!,{D0-D15}
+        LDR     R2,[R0]
+        VMSR    FPSCR,R2
+        ADD     R0,R0,#8
+
+no_incoming_vfp:
+        LDR     R1,[R0,#60]             @ Restore User CPSR
+        MSR     SPSR_cxsf,R1
+        LDMIA   R0!,{R4-R11}            @ Restore User R4-R11
+        ADD     R0,R0,#4                @ Restore User R1-R3,R12
+        LDMIA   R0!,{R1-R3,R12}
+        LDMIA   R0,{LR}^                @ Restore User LR
+        ADD     R0,R0,#4                @ No writeback for load to user LR
+        LDMIA   R0!,{LR}                @ Restore User PC
+        ADD     R0,R0,#4                @ Correct User SP for unstacked user CPSR
+
+        PUSH    {R0}                    @ Push R0 onto stack
+        LDMIA   SP,{SP}^                @ Get R0 off stack into User SP
+        ADD     SP,SP,#4                @ Put SP back
+
+        LDR     R0,[R0,#-32]            @ Restore R0
+
+        PUSH    {R0-R3,R12,LR}
+
+        AND     R12, SP, #4             @ Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12             @ Adjust stack
+        PUSH    {R12, LR}               @ Store stack adjustment and dummy LR to SVC stack
+
+        CPSID   i
+        BLX     rt_tsk_unlock
+
+        POP     {R12, LR}               @ Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12             @ Unadjust stack
+
+        POP     {R0-R3,R12,LR}
+
+        MOVS    PC,LR                   @ Return from exception
+
+
+        /*------------------- User SVC -------------------------------*/
+
+SVC_User:
+        LDR     R12,=SVC_Count
+        LDR     R12,[R12]
+        CMP     R4,R12                  @ Check for overflow
+        BHI     SVC_Done
+
+        LDR     R12,=SVC_Table-4
+        LDR     R12,[R12,R4,LSL #2]     @ Load SVC Function Address
+        MRS     R4,SPSR                 @ Save SPSR
+        PUSH    {R4}                    @ Push R4 so we can use it as a temp
+        AND     R4, SP, #4              @ Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              @ Adjust stack
+        PUSH    {R4, LR}                @ Store stack adjustment and dummy LR
+        BLX     R12                     @ Call SVC Function
+        POP     {R4, LR}                @ Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              @ Unadjust stack
+        POP     {R4}                    @ Restore R4
+        MSR     SPSR_cxsf,R4            @ Restore SPSR
+
+SVC_Done:
+        PUSH    {R0-R3,R12,LR}
+
+        PUSH    {R4}                    @ Push R4 so we can use it as a temp
+        AND     R4, SP, #4              @ Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              @ Adjust stack
+        PUSH    {R4, LR}                @ Store stack adjustment and dummy LR
+
+        CPSID   i
+        BLX     rt_tsk_unlock
+
+        POP     {R4, LR}                @ Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              @ Unadjust stack
+        POP     {R4}                    @ Restore R4
+
+        POP     {R0-R3,R12,LR}
+        POP     {R4}
+        RFEFD   SP!                     @ Return from exception
+@ }
+@ #pragma pop
+
+@ #pragma push
+@ #pragma arm
+@ __asm void PendSV_Handler (U32 IRQn) {
+PendSV_Handler:
+    .ARM
+
+    .extern  rt_tsk_lock
+    .extern  IRQNestLevel                @ Flag indicates whether inside an ISR, and the depth of nesting.  0 = not in ISR.
+    .extern  seen_id0_active             @ Flag used to workaround GIC 390 errata 733075 - set in startup_Renesas_RZ_A1.s
+
+    ADD     SP,SP,#8 @ fix up stack pointer (R0 has been pushed and will never be popped, R1 was pushed for stack alignment)
+
+    @ Disable systick interrupts, then write EOIR. We want interrupts disabled before we enter the context switcher.
+    PUSH    {R0, R1}
+    BLX     rt_tsk_lock
+    POP     {R0, R1}
+    LDR     R1, =GICInterface_BASE
+    LDR     R1, [R1, #0]
+    STR     R0, [R1, #0x10]
+
+    @ If it was interrupt ID0, clear the seen flag, otherwise return as normal
+    CMP     R0, #0
+    LDREQ   R1, =seen_id0_active
+    STREQB  R0, [R1]                    @ Clear the seen flag, using R0 (which is 0), to save loading another register
+
+    LDR     R0, =IRQNestLevel           @ Get address of nesting counter
+    LDR     R1, [R0]
+    SUB     R1, R1, #1                  @ Decrement nesting counter
+    STR     R1, [R0]
+
+    BLX     rt_pop_req
+
+    POP     {R1, LR}                @ Get stack adjustment & discard dummy LR
+    ADD     SP, SP, R1              @ Unadjust stack
+
+    LDR     R0,[SP,#24]
+    MSR     SPSR_cxsf,R0
+    POP     {R0-R3,R12}             @ Leave SPSR & LR on the stack
+    PUSH    {R4}
+    B       Sys_Switch
+@ }
+@ #pragma pop
+
+
+@ #pragma push
+@ #pragma arm
+@ __asm void OS_Tick_Handler (U32 IRQn) {
+OS_Tick_Handler:
+    .ARM
+
+    .extern  rt_tsk_lock
+    .extern  IRQNestLevel                @ Flag indicates whether inside an ISR, and the depth of nesting.  0 = not in ISR.
+    .extern  seen_id0_active             @ Flag used to workaround GIC 390 errata 733075 - set in startup_Renesas_RZ_A1.s
+
+    ADD     SP,SP,#8 @ fix up stack pointer (R0 has been pushed and will never be popped, R1 was pushed for stack alignment)
+
+    PUSH    {R0, R1}
+    BLX     rt_tsk_lock
+    POP     {R0, R1}
+    LDR     R1, =GICInterface_BASE
+    LDR     R1, [R1, #0]
+    STR     R0, [R1, #0x10]
+
+    @ If it was interrupt ID0, clear the seen flag, otherwise return as normal
+    CMP     R0, #0
+    LDREQ   R1, =seen_id0_active
+    STREQB  R0, [R1]                    @ Clear the seen flag, using R0 (which is 0), to save loading another register
+
+    LDR     R0, =IRQNestLevel           @ Get address of nesting counter
+    LDR     R1, [R0]
+    SUB     R1, R1, #1                  @ Decrement nesting counter
+    STR     R1, [R0]
+
+    BLX      os_tick_irqack
+    BLX      rt_systick
+
+    POP     {R1, LR}                @ Get stack adjustment & discard dummy LR
+    ADD     SP, SP, R1              @ Unadjust stack
+
+    LDR     R0,[SP,#24]
+    MSR     SPSR_cxsf,R0
+    POP     {R0-R3,R12}             @ Leave SPSR & LR on the stack
+    PUSH    {R4}
+    B       Sys_Switch
+@ }
+@ #pragma pop
+
+
+    .END
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_GCC/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,57 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    SVC_TABLE.S
+ *      Purpose: Pre-defined SVC Table for Cortex-M
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+
+                .section    SVC_TABLE @, CODE, READONLY
+
+                .global  SVC_Count
+
+.EQU    SVC_Cnt,        (SVC_End-SVC_Table)/4
+SVC_Count:      .word   SVC_Cnt
+
+@ Import user SVC functions here.
+@                .extern __SVC_1
+
+                .global SVC_Table
+SVC_Table:
+@ Insert user SVC functions here. SVC 0 used by RTL Kernel.
+@                .word   __SVC_1                 @ InitMemorySubsystem
+
+SVC_End:
+
+                .END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_IAR/HAL_CA9.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CA9.c
+ *      Purpose: Hardware Abstraction Layer for Cortex-A9
+ *      Rev.:    23 March 2015
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 2012 - 2015 ARM Limited
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used 
+ *    to endorse or promote products derived from this software without 
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+//unsigned char seen_id0_active = 0; // single byte to hold a flag used in the workaround for GIC errata 733075
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+/* Functions move to HAL_CA9_asm.S */
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_IAR/HAL_CA9_asm.s	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,480 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CA9.c
+ *      Purpose: Hardware Abstraction Layer for Cortex-A9
+ *      Rev.:    8 April 2015
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 2012 - 2015 ARM Limited
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used 
+ *    to endorse or promote products derived from this software without 
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        PUBLIC rt_set_PSP
+        PUBLIC rt_get_PSP
+        PUBLIC _alloc_box
+        PUBLIC _free_box
+        PUBLIC SWI_Handler
+        PUBLIC PendSV_Handler
+        PUBLIC OS_Tick_Handler
+
+/* macro defines form rt_HAL_CA.h */
+#define CPSR_T_BIT      0x20
+#define CPSR_I_BIT      0x80
+#define CPSR_F_BIT      0x40
+
+#define MODE_USR        0x10
+#define MODE_FIQ        0x11
+#define MODE_IRQ        0x12
+#define MODE_SVC        0x13
+#define MODE_ABT        0x17
+#define MODE_UND        0x1B
+#define MODE_SYS        0x1F
+
+/* macro defines form rt_TypeDef.h */
+#define TCB_TID          3        /* 'task id' offset                        */
+#define TCB_STACKF      37        /* 'stack_frame' offset                    */
+#ifndef __LARGE_PRIV_STACK
+#define TCB_TSTACK      40        /* 'tsk_stack' offset                      */
+#else
+#define TCB_TSTACK      44        /* 'tsk_stack' offset for LARGE_STACK      */
+#endif
+
+
+        IMPORT rt_alloc_box
+        IMPORT rt_free_box
+        IMPORT os_tsk
+        IMPORT GICInterface_BASE
+        IMPORT rt_pop_req
+        IMPORT os_tick_irqack
+        IMPORT rt_systick
+
+        SECTION `.text`:CODE:ROOT(2)
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+//For A-class, set USR/SYS stack
+//__asm void rt_set_PSP (U32 stack) {
+rt_set_PSP:
+        ARM
+
+        MRS     R1, CPSR
+        CPS     #MODE_SYS   ;no effect in USR mode
+        ISB
+        MOV     SP, R0
+        MSR     CPSR_c, R1  ;no effect in USR mode
+        ISB
+        BX      LR
+
+//}
+
+//For A-class, get USR/SYS stack
+//__asm U32 rt_get_PSP (void) {
+rt_get_PSP:
+        ARM
+
+        MRS     R1, CPSR
+        CPS     #MODE_SYS   ;no effect in USR mode
+        ISB
+        MOV     R0, SP
+        MSR     CPSR_c, R1  ;no effect in USR mode
+        ISB
+        BX      LR
+//}
+
+/*--------------------------- _alloc_box ------------------------------------*/
+//__asm void *_alloc_box (void *box_mem) {
+_alloc_box:
+    /* Function wrapper for Unprivileged/Privileged mode. */
+        ARM
+
+        LDR     R12,=(rt_alloc_box)
+        MRS     R2, CPSR
+        LSLS    R2, R2,#28
+        BXNE    R12
+        SVC     0
+        BX      LR
+//}
+
+
+/*--------------------------- _free_box -------------------------------------*/
+//__asm int _free_box (void *box_mem, void *box) {
+_free_box:
+   /* Function wrapper for Unprivileged/Privileged mode. */
+
+        LDR     R12,=(rt_free_box)
+        MRS     R2, CPSR
+        LSLS    R2, R2,#28
+        BXNE    R12
+        SVC     0
+        BX      LR
+
+//}
+
+/*-------------------------- SWI_Handler -----------------------------------*/
+
+//#pragma push
+//#pragma arm
+//__asm void SWI_Handler (void) {
+SWI_Handler:
+        PRESERVE8
+        ARM
+
+        IMPORT  rt_tsk_lock
+        IMPORT  rt_tsk_unlock
+        IMPORT  SVC_Count
+        IMPORT  SVC_Table
+        IMPORT  rt_stk_check
+        IMPORT  FPUEnable
+        IMPORT  scheduler_suspended    ; flag set by rt_suspend, cleared by rt_resume, read by SWI_Handler
+
+Mode_SVC        EQU     0x13
+
+        SRSDB   #Mode_SVC!             ; Push LR_SVC and SPRS_SVC onto SVC mode stack
+        STR     R4,[SP,#-0x4]!         ; Push R4 so we can use it as a temp
+
+        MRS     R4,SPSR                ; Get SPSR
+        TST     R4,#CPSR_T_BIT         ; Check Thumb Bit
+        LDRNEH  R4,[LR,#-2]            ; Thumb: Load Halfword
+        BICNE   R4,R4,#0xFF00          ;        Extract SVC Number
+        LDREQ   R4,[LR,#-4]            ; ARM:   Load Word
+        BICEQ   R4,R4,#0xFF000000      ;        Extract SVC Number
+
+        /* Lock out systick and re-enable interrupts */
+        STMDB   SP!,{R0-R3,R12,LR}
+
+        AND     R12, SP, #4            ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12            ; Adjust stack
+        STMDB   SP!,{R12, LR}          ; Store stack adjustment and dummy LR to SVC stack
+
+        BLX     rt_tsk_lock
+        CPSIE   i
+
+        LDMIA   SP!,{R12,LR}           ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12            ; Unadjust stack
+
+        LDMIA   SP!,{R0-R3,R12,LR}
+
+        CMP     R4,#0
+        BNE     SVC_User
+
+        MRS     R4,SPSR
+        STR     R4,[SP,#-0x4]!         ; Push R4 so we can use it as a temp
+        AND     R4, SP, #4              ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              ; Adjust stack
+        STMDB   SP!,{R4, LR}            ; Store stack adjustment and dummy LR
+        BLX     R12
+        LDMIA   SP!,{R4, LR}            ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              ; Unadjust stack
+        LDR     R4,[SP],#0x4            ; Restore R4
+        MSR     SPSR_CXSF,R4
+
+        /* Here we will be in SVC mode (even if coming in from PendSV_Handler or OS_Tick_Handler) */
+Sys_Switch:
+        LDR     LR,=(os_tsk)
+        LDMIA   LR,{R4,LR}              ; os_tsk.run, os_tsk.new
+        CMP     R4,LR
+        BNE     switching
+
+        STMDB   SP!,{R0-R3,R12,LR}
+
+        AND     R12, SP, #4             ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12             ; Adjust stack
+        STMDB   SP!,{R12,LR}            ; Store stack adjustment and dummy LR to SVC stack
+
+        CPSID   i
+        ; Do not unlock scheduler if it has just been suspended by rt_suspend()
+        LDR     R1,=scheduler_suspended
+        LDRB    R0, [R1]
+        CMP     R0, #1
+        BEQ     dont_unlock
+        BLX     rt_tsk_unlock
+dont_unlock:
+
+        LDMIA   SP!,{R12,LR}            ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12             ; Unadjust stack
+
+        LDMIA   SP!,{R0-R3,R12,LR}
+        LDR     R4,[SP],#0x4
+        RFEFD   SP!                     ; Return from exception, no task switch
+
+switching:
+        CLREX
+        CMP     R4,#0
+        ADDEQ   SP,SP,#12               ; Original R4, LR & SPSR do not need to be popped when we are paging in a different task
+        BEQ     SVC_Next                ; Runtask deleted?
+
+
+        STMDB   SP!,{R8-R11} //R4 and LR already stacked
+        MOV     R10,R4                  ; Preserve os_tsk.run
+        MOV     R11,LR                  ; Preserve os_tsk.new
+
+        ADD     R8,SP,#16               ; Unstack R4,LR
+        LDMIA   R8,{R4,LR}
+
+        SUB     SP,SP,#4                ; Make space on the stack for the next instn
+        STMIA   SP,{SP}^                ; Put User SP onto stack
+        LDR     R8,[SP],#0x4            ; Pop User SP into R8
+
+        MRS     R9,SPSR
+        STMDB   R8!,{R9}                ; User CPSR
+        STMDB   R8!,{LR}                ; User PC
+        STMDB   R8,{LR}^                ; User LR
+        SUB     R8,R8,#4                ; No writeback for store of User LR
+        STMDB   R8!,{R0-R3,R12}         ; User R0-R3,R12
+        MOV     R3,R10                  ; os_tsk.run
+        MOV     LR,R11                  ; os_tsk.new
+        LDMIA   SP!,{R9-R12}
+        ADD     SP,SP,#12               ; Fix up SP for unstack of R4, LR & SPSR
+        STMDB   R8!,{R4-R7,R9-R12}      ; User R4-R11
+
+        //If applicable, stack VFP/NEON state
+        MRC     p15,0,R1,c1,c0,2        ; VFP/NEON access enabled? (CPACR)
+        AND     R2,R1,#0x00F00000
+        CMP     R2,#0x00F00000
+        BNE     no_outgoing_vfp
+        VMRS    R2,FPSCR
+        STMDB   R8!,{R2,R4}             ; Push FPSCR, maintain 8-byte alignment
+  //IF {TARGET_FEATURE_EXTENSION_REGISTER_COUNT} == 32
+        VSTMDB  R8!,{D0-D15}
+        VSTMDB  R8!,{D16-D31}
+        LDRB    R2,[R3,#TCB_STACKF]     ; Record in TCB that NEON/D32 state is stacked
+        ORR     R2,R2,#4
+        STRB    R2,[R3,#TCB_STACKF]
+  //ENDIF
+
+no_outgoing_vfp:
+        STR     R8,[R3,#TCB_TSTACK]
+        MOV     R4,LR
+
+        STR     R4,[SP,#-0x4]!          ; Push R4 so we can use it as a temp
+        AND     R4, SP, #4              ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              ; Adjust stack
+        STMDB   SP!,{R4, LR}            ; Store stack adjustment and dummy LR to SVC stack
+
+        BLX     rt_stk_check
+
+        LDMIA   SP!,{R4, LR}            ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              ; Unadjust stack
+        LDR     R4,[SP],#0x4            ; Restore R4
+
+        MOV     LR,R4
+
+SVC_Next:  //R4 == os_tsk.run, LR == os_tsk.new, R0-R3, R5-R12 corruptible
+        LDR     R1,=(os_tsk)            ; os_tsk.run = os_tsk.new
+        STR     LR,[R1]
+        LDRB    R1,[LR,#TCB_TID]        ; os_tsk.run->task_id
+        LSL     R1,R1,#8                ; Store PROCID
+        MCR     p15,0,R1,c13,c0,1       ; Write CONTEXTIDR
+
+        LDR     R0,[LR,#TCB_TSTACK]     ; os_tsk.run->tsk_stack
+
+        //Does incoming task have VFP/NEON state in stack?
+        LDRB    R3,[LR,#TCB_STACKF]
+        ANDS    R3, R3, #0x6
+        MRC     p15,0,R1,c1,c0,2        ; Read CPACR
+        BICEQ   R1,R1,#0x00F00000       ; Disable VFP/NEON access if incoming task does not have stacked VFP/NEON state
+        ORRNE   R1,R1,#0x00F00000       ; Enable VFP/NEON access if incoming task does have stacked VFP/NEON state
+        MCR     p15,0,R1,c1,c0,2        ; Write CPACR
+        BEQ     no_incoming_vfp
+        ISB                             ; We only need the sync if we enabled, otherwise we will context switch before next VFP/NEON instruction anyway
+  //IF {TARGET_FEATURE_EXTENSION_REGISTER_COUNT} == 32
+        VLDMIA  R0!,{D16-D31}
+  //ENDIF
+        VLDMIA  R0!,{D0-D15}
+        LDR     R2,[R0]
+        VMSR    FPSCR,R2
+        ADD     R0,R0,#8
+
+no_incoming_vfp:
+        LDR     R1,[R0,#60]             ; Restore User CPSR
+        MSR     SPSR_CXSF,R1
+        LDMIA   R0!,{R4-R11}            ; Restore User R4-R11
+        ADD     R0,R0,#4                ; Restore User R1-R3,R12
+        LDMIA   R0!,{R1-R3,R12}
+        LDMIA   R0,{LR}^                ; Restore User LR
+        ADD     R0,R0,#4                ; No writeback for load to user LR
+        LDMIA   R0!,{LR}                ; Restore User PC
+        ADD     R0,R0,#4                ; Correct User SP for unstacked user CPSR
+
+        STR     R0,[SP,#-0x4]!          ; Push R0 onto stack
+        LDMIA   SP,{SP}^                ; Get R0 off stack into User SP
+        ADD     SP,SP,#4                ; Put SP back
+
+        LDR     R0,[R0,#-32]            ; Restore R0
+
+        STMDB   SP!,{R0-R3,R12,LR}
+
+        AND     R12, SP, #4             ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R12             ; Adjust stack
+        STMDB   sp!,{R12, LR}           ; Store stack adjustment and dummy LR to SVC stack
+
+        CPSID   i
+        BLX     rt_tsk_unlock
+
+        LDMIA   sp!,{R12, LR}           ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R12             ; Unadjust stack
+
+        LDMIA   SP!,{R0-R3,R12,LR}
+
+        MOVS    PC,LR                   ; Return from exception
+
+
+        /*------------------- User SVC -------------------------------*/
+
+SVC_User:
+        LDR     R12,=SVC_Count
+        LDR     R12,[R12]
+        CMP     R4,R12                  ; Check for overflow
+        BHI     SVC_Done
+
+        LDR     R12,=SVC_Table-4
+        LDR     R12,[R12,R4,LSL #2]     ; Load SVC Function Address
+        MRS     R4,SPSR                 ; Save SPSR
+        STR     R4,[SP,#-0x4]!          ; Push R4 so we can use it as a temp
+        AND     R4, SP, #4              ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              ; Adjust stack
+        STMDB   SP!,{R4, LR}            ; Store stack adjustment and dummy LR
+        BLX     R12                     ; Call SVC Function
+        LDMIA   SP!,{R4, LR}            ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              ; Unadjust stack
+        LDR     R4,[SP],#0x4            ; Restore R4
+        MSR     SPSR_CXSF,R4            ; Restore SPSR
+
+SVC_Done:
+        STMDB   sp!,{R0-R3,R12,LR}
+
+        STR     R4,[sp,#-0x4]!          ; Push R4 so we can use it as a temp
+        AND     R4, SP, #4              ; Ensure stack is 8-byte aligned
+        SUB     SP, SP, R4              ; Adjust stack
+        STMDB   SP!,{R4, LR}            ; Store stack adjustment and dummy LR
+
+        CPSID   i
+        BLX     rt_tsk_unlock
+
+        LDMIA   SP!,{R4, LR}            ; Get stack adjustment & discard dummy LR
+        ADD     SP, SP, R4              ; Unadjust stack
+        LDR     R4,[SP],#0x4            ; Restore R4
+
+        LDMIA   SP!,{R0-R3,R12,LR}
+        LDR     R4,[SP],#0x4
+        RFEFD   SP!                     ; Return from exception
+//}
+//#pragma pop
+
+//#pragma push
+//#pragma arm
+//__asm void PendSV_Handler (U32 IRQn) {
+PendSV_Handler:
+    ARM
+
+    IMPORT  rt_tsk_lock
+    IMPORT  IRQNestLevel                ; Flag indicates whether inside an ISR, and the depth of nesting.  0 = not in ISR.
+    IMPORT  seen_id0_active             ; Flag used to workaround GIC 390 errata 733075 - set in startup_Renesas_RZ_A1.s
+
+    ADD     SP,SP,#8 //fix up stack pointer (R0 has been pushed and will never be popped, R1 was pushed for stack alignment)
+
+    //Disable systick interrupts, then write EOIR. We want interrupts disabled before we enter the context switcher.
+    STMDB   SP!,{R0, R1}
+    BLX     rt_tsk_lock
+    LDMIA   SP!,{R0, R1}
+    LDR     R1,=(GICInterface_BASE)
+    LDR     R1, [R1, #0]
+    STR     R0, [R1, #0x10]
+
+    ; If it was interrupt ID0, clear the seen flag, otherwise return as normal
+    CMP     R0, #0
+    LDREQ   R1, =seen_id0_active
+    STRBEQ  R0, [R1]                    ; Clear the seen flag, using R0 (which is 0), to save loading another register
+
+    LDR     R0, =IRQNestLevel           ; Get address of nesting counter
+    LDR     R1, [R0]
+    SUB     R1, R1, #1                  ; Decrement nesting counter
+    STR     R1, [R0]
+
+    BLX     (rt_pop_req)
+
+    LDMIA   SP!,{R1, LR}            ; Get stack adjustment & discard dummy LR
+    ADD     SP, SP, R1              ; Unadjust stack
+
+    LDR     R0,[SP,#24]
+    MSR     SPSR_CXSF,R0
+    LDMIA   SP!,{R0-R3,R12}         ; Leave SPSR & LR on the stack
+    STR     R4,[SP,#-0x4]!
+    B       Sys_Switch
+//}
+//#pragma pop
+
+
+//#pragma push
+//#pragma arm
+//__asm void OS_Tick_Handler (U32 IRQn) {
+OS_Tick_Handler:
+    ARM
+
+    IMPORT  rt_tsk_lock
+    IMPORT  IRQNestLevel                ; Flag indicates whether inside an ISR, and the depth of nesting.  0 = not in ISR.
+    IMPORT  seen_id0_active             ; Flag used to workaround GIC 390 errata 733075 - set in startup_Renesas_RZ_A1.s
+
+    ADD     SP,SP,#8 //fix up stack pointer (R0 has been pushed and will never be popped, R1 was pushed for stack alignment)
+
+    STMDB   SP!,{R0, R1}
+    BLX     rt_tsk_lock
+    LDMIA   SP!,{R0, R1}
+    LDR     R1, =(GICInterface_BASE)
+    LDR     R1, [R1, #0]
+    STR     R0, [R1, #0x10]
+
+    ; If it was interrupt ID0, clear the seen flag, otherwise return as normal
+    CMP     R0, #0
+    LDREQ   R1, =seen_id0_active
+    STRBEQ  R0, [R1]                    ; Clear the seen flag, using R0 (which is 0), to save loading another register
+
+    LDR     R0, =IRQNestLevel           ; Get address of nesting counter
+    LDR     R1, [R0]
+    SUB     R1, R1, #1                  ; Decrement nesting counter
+    STR     R1, [R0]
+
+    BLX     (os_tick_irqack)
+    BLX     (rt_systick)
+
+    LDMIA   SP!,{R1, LR}            ; Get stack adjustment & discard dummy LR
+    ADD     SP, SP, R1              ; Unadjust stack
+
+    LDR     R0,[SP,#24]
+    MSR     SPSR_CXSF,R0
+    LDMIA   SP!,{R0-R3,R12}         ; Leave SPSR & LR on the stack
+    STR     R4,[SP,#-0x4]!
+    B       Sys_Switch
+//}
+//#pragma pop
+
+
+  END
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/TOOLCHAIN_IAR/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,57 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.70
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used 
+; *    to endorse or promote products derived from this software without 
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                SECTION SVC_TABLE:CODE:ROOT(2)
+
+                EXPORT  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;                IMPORT  __SVC_1
+
+                EXPORT  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;                DCD     __SVC_1                 ; InitMemorySubsystem
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/cmsis_os.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,839 @@
+/* ----------------------------------------------------------------------
+ * $Date:        5. February 2013
+ * $Revision:    V1.02
+ *
+ * Project:      CMSIS-RTOS API
+ * Title:        cmsis_os.h RTX header file
+ *
+ * Version 0.02
+ *    Initial Proposal Phase
+ * Version 0.03
+ *    osKernelStart added, optional feature: main started as thread
+ *    osSemaphores have standard behavior
+ *    osTimerCreate does not start the timer, added osTimerStart
+ *    osThreadPass is renamed to osThreadYield
+ * Version 1.01
+ *    Support for C++ interface
+ *     - const attribute removed from the osXxxxDef_t typedef's
+ *     - const attribute added to the osXxxxDef macros
+ *    Added: osTimerDelete, osMutexDelete, osSemaphoreDelete
+ *    Added: osKernelInitialize
+ * Version 1.02
+ *    Control functions for short timeouts in microsecond resolution:
+ *    Added: osKernelSysTick, osKernelSysTickFrequency, osKernelSysTickMicroSec
+ *    Removed: osSignalGet 
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 2013 ARM LIMITED
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/**
+\page cmsis_os_h Header File Template: cmsis_os.h
+
+The file \b cmsis_os.h is a template header file for a CMSIS-RTOS compliant Real-Time Operating System (RTOS).
+Each RTOS that is compliant with CMSIS-RTOS shall provide a specific \b cmsis_os.h header file that represents
+its implementation.
+
+The file cmsis_os.h contains:
+ - CMSIS-RTOS API function definitions
+ - struct definitions for parameters and return types
+ - status and priority values used by CMSIS-RTOS API functions
+ - macros for defining threads and other kernel objects
+
+
+<b>Name conventions and header file modifications</b>
+
+All definitions are prefixed with \b os to give an unique name space for CMSIS-RTOS functions.
+Definitions that are prefixed \b os_ are not used in the application code but local to this header file.
+All definitions and functions that belong to a module are grouped and have a common prefix, i.e. \b osThread.
+
+Definitions that are marked with <b>CAN BE CHANGED</b> can be adapted towards the needs of the actual CMSIS-RTOS implementation.
+These definitions can be specific to the underlying RTOS kernel.
+
+Definitions that are marked with <b>MUST REMAIN UNCHANGED</b> cannot be altered. Otherwise the CMSIS-RTOS implementation is no longer
+compliant to the standard. Note that some functions are optional and need not to be provided by every CMSIS-RTOS implementation.
+
+
+<b>Function calls from interrupt service routines</b>
+
+The following CMSIS-RTOS functions can be called from threads and interrupt service routines (ISR):
+  - \ref osSignalSet
+  - \ref osSemaphoreRelease
+  - \ref osPoolAlloc, \ref osPoolCAlloc, \ref osPoolFree
+  - \ref osMessagePut, \ref osMessageGet
+  - \ref osMailAlloc, \ref osMailCAlloc, \ref osMailGet, \ref osMailPut, \ref osMailFree
+
+Functions that cannot be called from an ISR are verifying the interrupt status and return in case that they are called
+from an ISR context the status code \b osErrorISR. In some implementations this condition might be caught using the HARD FAULT vector.
+
+Some CMSIS-RTOS implementations support CMSIS-RTOS function calls from multiple ISR at the same time.
+If this is impossible, the CMSIS-RTOS rejects calls by nested ISR functions with the status code \b osErrorISRRecursive.
+
+
+<b>Define and reference object definitions</b>
+
+With <b>\#define osObjectsExternal</b> objects are defined as external symbols. This allows to create a consistent header file
+that is used throughout a project as shown below:
+
+<i>Header File</i>
+\code
+#include <cmsis_os.h>                                         // CMSIS RTOS header file
+
+// Thread definition
+extern void thread_sample (void const *argument);             // function prototype
+osThreadDef (thread_sample, osPriorityBelowNormal, 1, 100);
+
+// Pool definition
+osPoolDef(MyPool, 10, long);
+\endcode
+
+
+This header file defines all objects when included in a C/C++ source file. When <b>\#define osObjectsExternal</b> is
+present before the header file, the objects are defined as external symbols. A single consistent header file can therefore be
+used throughout the whole project.
+
+<i>Example</i>
+\code
+#include "osObjects.h"     // Definition of the CMSIS-RTOS objects
+\endcode
+
+\code
+#define osObjectExternal   // Objects will be defined as external symbols
+#include "osObjects.h"     // Reference to the CMSIS-RTOS objects
+\endcode
+
+*/
+
+#ifndef _CMSIS_OS_H
+#define _CMSIS_OS_H
+
+/// \note MUST REMAIN UNCHANGED: \b osCMSIS identifies the CMSIS-RTOS API version.
+#define osCMSIS           0x10002      ///< API version (main [31:16] .sub [15:0])
+
+/// \note CAN BE CHANGED: \b osCMSIS_KERNEL identifies the underlying RTOS kernel and version number.
+#define osCMSIS_RTX     ((4<<16)|74)   ///< RTOS identification and version (main [31:16] .sub [15:0])
+
+/// \note MUST REMAIN UNCHANGED: \b osKernelSystemId shall be consistent in every CMSIS-RTOS.
+#define osKernelSystemId "RTX V4.74"   ///< RTOS identification string
+
+#define CMSIS_OS_RTX
+#define CMSIS_OS_RTX_CA          /* new define for Coretex-A */
+
+// The stack space occupied is mainly dependent on the underling C standard library
+#if defined(TOOLCHAIN_GCC) || defined(TOOLCHAIN_ARM_STD) || defined(TOOLCHAIN_IAR)
+#    define WORDS_STACK_SIZE   512
+#elif defined(TOOLCHAIN_ARM_MICRO)
+#    define WORDS_STACK_SIZE   128
+#endif
+
+#define DEFAULT_STACK_SIZE         (WORDS_STACK_SIZE*4)
+
+/// \note MUST REMAIN UNCHANGED: \b osFeature_xxx shall be consistent in every CMSIS-RTOS.
+#define osFeature_MainThread   1       ///< main thread      1=main can be thread, 0=not available
+#define osFeature_Pool         1       ///< Memory Pools:    1=available, 0=not available
+#define osFeature_MailQ        1       ///< Mail Queues:     1=available, 0=not available
+#define osFeature_MessageQ     1       ///< Message Queues:  1=available, 0=not available
+#define osFeature_Signals      16      ///< maximum number of Signal Flags available per thread
+#define osFeature_Semaphore    65535   ///< maximum count for \ref osSemaphoreCreate function
+#define osFeature_Wait         0       ///< osWait function: 1=available, 0=not available
+#define osFeature_SysTick      1       ///< osKernelSysTick functions: 1=available, 0=not available
+
+#if defined (__CC_ARM)
+#define os_InRegs __value_in_regs      // Compiler specific: force struct in registers
+#else
+#define os_InRegs
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C"
+{
+#endif
+
+
+// ==== Enumeration, structures, defines ====
+
+/// Priority used for thread control.
+/// \note MUST REMAIN UNCHANGED: \b osPriority shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osPriorityIdle          = -3,          ///< priority: idle (lowest)
+  osPriorityLow           = -2,          ///< priority: low
+  osPriorityBelowNormal   = -1,          ///< priority: below normal
+  osPriorityNormal        =  0,          ///< priority: normal (default)
+  osPriorityAboveNormal   = +1,          ///< priority: above normal
+  osPriorityHigh          = +2,          ///< priority: high
+  osPriorityRealtime      = +3,          ///< priority: realtime (highest)
+  osPriorityError         =  0x84        ///< system cannot determine priority or thread has illegal priority
+} osPriority;
+
+/// Timeout value.
+/// \note MUST REMAIN UNCHANGED: \b osWaitForever shall be consistent in every CMSIS-RTOS.
+#define osWaitForever     0xFFFFFFFF     ///< wait forever timeout value
+
+/// Status code values returned by CMSIS-RTOS functions.
+/// \note MUST REMAIN UNCHANGED: \b osStatus shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osOK                    =     0,       ///< function completed; no error or event occurred.
+  osEventSignal           =  0x08,       ///< function completed; signal event occurred.
+  osEventMessage          =  0x10,       ///< function completed; message event occurred.
+  osEventMail             =  0x20,       ///< function completed; mail event occurred.
+  osEventTimeout          =  0x40,       ///< function completed; timeout occurred.
+  osErrorParameter        =  0x80,       ///< parameter error: a mandatory parameter was missing or specified an incorrect object.
+  osErrorResource         =  0x81,       ///< resource not available: a specified resource was not available.
+  osErrorTimeoutResource  =  0xC1,       ///< resource not available within given time: a specified resource was not available within the timeout period.
+  osErrorISR              =  0x82,       ///< not allowed in ISR context: the function cannot be called from interrupt service routines.
+  osErrorISRRecursive     =  0x83,       ///< function called multiple times from ISR with same object.
+  osErrorPriority         =  0x84,       ///< system cannot determine priority or thread has illegal priority.
+  osErrorNoMemory         =  0x85,       ///< system is out of memory: it was impossible to allocate or reserve memory for the operation.
+  osErrorValue            =  0x86,       ///< value of a parameter is out of range.
+  osErrorOS               =  0xFF,       ///< unspecified RTOS error: run-time error but no other error message fits.
+  os_status_reserved      =  0x7FFFFFFF  ///< prevent from enum down-size compiler optimization.
+} osStatus;
+
+
+/// Timer type value for the timer definition.
+/// \note MUST REMAIN UNCHANGED: \b os_timer_type shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osTimerOnce             =     0,       ///< one-shot timer
+  osTimerPeriodic         =     1        ///< repeating timer
+} os_timer_type;
+
+/// Entry point of a thread.
+/// \note MUST REMAIN UNCHANGED: \b os_pthread shall be consistent in every CMSIS-RTOS.
+typedef void (*os_pthread) (void const *argument);
+
+/// Entry point of a timer call back function.
+/// \note MUST REMAIN UNCHANGED: \b os_ptimer shall be consistent in every CMSIS-RTOS.
+typedef void (*os_ptimer) (void const *argument);
+
+// >>> the following data type definitions may shall adapted towards a specific RTOS
+
+/// Thread ID identifies the thread (pointer to a thread control block).
+/// \note CAN BE CHANGED: \b os_thread_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_thread_cb *osThreadId;
+
+/// Timer ID identifies the timer (pointer to a timer control block).
+/// \note CAN BE CHANGED: \b os_timer_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_timer_cb *osTimerId;
+
+/// Mutex ID identifies the mutex (pointer to a mutex control block).
+/// \note CAN BE CHANGED: \b os_mutex_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_mutex_cb *osMutexId;
+
+/// Semaphore ID identifies the semaphore (pointer to a semaphore control block).
+/// \note CAN BE CHANGED: \b os_semaphore_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_semaphore_cb *osSemaphoreId;
+
+/// Pool ID identifies the memory pool (pointer to a memory pool control block).
+/// \note CAN BE CHANGED: \b os_pool_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_pool_cb *osPoolId;
+
+/// Message ID identifies the message queue (pointer to a message queue control block).
+/// \note CAN BE CHANGED: \b os_messageQ_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_messageQ_cb *osMessageQId;
+
+/// Mail ID identifies the mail queue (pointer to a mail queue control block).
+/// \note CAN BE CHANGED: \b os_mailQ_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_mailQ_cb *osMailQId;
+
+
+/// Thread Definition structure contains startup information of a thread.
+/// \note CAN BE CHANGED: \b os_thread_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_thread_def  {
+  os_pthread               pthread;    ///< start address of thread function
+  osPriority             tpriority;    ///< initial thread priority
+  uint32_t               instances;    ///< maximum number of instances of that thread function
+  uint32_t               stacksize;    ///< stack size requirements in bytes; 0 is default stack size
+#ifdef __MBED_CMSIS_RTOS_CA9
+  uint32_t               *stack_pointer;  ///< pointer to the stack memory block
+#endif
+} osThreadDef_t;
+
+/// Timer Definition structure contains timer parameters.
+/// \note CAN BE CHANGED: \b os_timer_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_timer_def  {
+  os_ptimer                 ptimer;    ///< start address of a timer function
+  void                      *timer;    ///< pointer to internal data
+} osTimerDef_t;
+
+/// Mutex Definition structure contains setup information for a mutex.
+/// \note CAN BE CHANGED: \b os_mutex_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_mutex_def  {
+  void                      *mutex;    ///< pointer to internal data
+} osMutexDef_t;
+
+/// Semaphore Definition structure contains setup information for a semaphore.
+/// \note CAN BE CHANGED: \b os_semaphore_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_semaphore_def  {
+  void                  *semaphore;    ///< pointer to internal data
+} osSemaphoreDef_t;
+
+/// Definition structure for memory block allocation.
+/// \note CAN BE CHANGED: \b os_pool_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_pool_def  {
+  uint32_t                 pool_sz;    ///< number of items (elements) in the pool
+  uint32_t                 item_sz;    ///< size of an item
+  void                       *pool;    ///< pointer to memory for pool
+} osPoolDef_t;
+
+/// Definition structure for message queue.
+/// \note CAN BE CHANGED: \b os_messageQ_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_messageQ_def  {
+  uint32_t                queue_sz;    ///< number of elements in the queue
+  void                       *pool;    ///< memory array for messages
+} osMessageQDef_t;
+
+/// Definition structure for mail queue.
+/// \note CAN BE CHANGED: \b os_mailQ_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_mailQ_def  {
+  uint32_t                queue_sz;    ///< number of elements in the queue
+  uint32_t                 item_sz;    ///< size of an item
+  void                       *pool;    ///< memory array for mail
+} osMailQDef_t;
+
+/// Event structure contains detailed information about an event.
+/// \note MUST REMAIN UNCHANGED: \b os_event shall be consistent in every CMSIS-RTOS.
+///       However the struct may be extended at the end.
+typedef struct  {
+  osStatus                 status;     ///< status code: event or error information
+  union  {
+    uint32_t                    v;     ///< message as 32-bit value
+    void                       *p;     ///< message or mail as void pointer
+    int32_t               signals;     ///< signal flags
+  } value;                             ///< event value
+  union  {
+    osMailQId             mail_id;     ///< mail id obtained by \ref osMailCreate
+    osMessageQId       message_id;     ///< message id obtained by \ref osMessageCreate
+  } def;                               ///< event definition
+} osEvent;
+
+
+//  ==== Kernel Control Functions ====
+
+/// Initialize the RTOS Kernel for creating objects.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osKernelInitialize shall be consistent in every CMSIS-RTOS.
+osStatus osKernelInitialize (void);
+
+/// Start the RTOS Kernel.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osKernelStart shall be consistent in every CMSIS-RTOS.
+osStatus osKernelStart (void);
+
+/// Check if the RTOS kernel is already started.
+/// \note MUST REMAIN UNCHANGED: \b osKernelRunning shall be consistent in every CMSIS-RTOS.
+/// \return 0 RTOS is not started, 1 RTOS is started.
+int32_t osKernelRunning(void);
+
+#if (defined (osFeature_SysTick)  &&  (osFeature_SysTick != 0))     // System Timer available
+
+extern uint32_t const os_tickfreq;
+extern uint16_t const os_tickus_i;
+extern uint16_t const os_tickus_f;
+
+/// Get the RTOS kernel system timer counter.
+/// \note MUST REMAIN UNCHANGED: \b osKernelSysTick shall be consistent in every CMSIS-RTOS.
+/// \return RTOS kernel system timer as 32-bit value 
+uint32_t osKernelSysTick (void);
+
+/// The RTOS kernel system timer frequency in Hz.
+/// \note Reflects the system timer setting and is typically defined in a configuration file.
+#define osKernelSysTickFrequency os_tickfreq
+
+/// Convert a microseconds value to a RTOS kernel system timer value.
+/// \param         microsec     time value in microseconds.
+/// \return time value normalized to the \ref osKernelSysTickFrequency
+/*
+#define osKernelSysTickMicroSec(microsec) (((uint64_t)microsec * (osKernelSysTickFrequency)) / 1000000)
+*/
+#define osKernelSysTickMicroSec(microsec) ((microsec * os_tickus_i) + ((microsec * os_tickus_f) >> 16))
+
+#endif    // System Timer available
+
+//  ==== Thread Management ====
+
+/// Create a Thread Definition with function, priority, and stack requirements.
+/// \param         name         name of the thread function.
+/// \param         priority     initial priority of the thread function.
+/// \param         instances    number of possible thread instances.
+/// \param         stacksz      stack size (in bytes) requirements for the thread function.
+/// \note CAN BE CHANGED: The parameters to \b osThreadDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osThreadDef(name, priority, instances, stacksz)  \
+extern const osThreadDef_t os_thread_def_##name
+#else                            // define the object
+#ifdef __MBED_CMSIS_RTOS_CA9
+#define osThreadDef(name, priority, stacksz)  \
+uint32_t os_thread_def_stack_##name [stacksz / sizeof(uint32_t)]; \
+const osThreadDef_t os_thread_def_##name = \
+{ (name), (priority), 1, (stacksz), (os_thread_def_stack_##name) }
+#else
+#define osThreadDef(name, priority, instances, stacksz)  \
+const osThreadDef_t os_thread_def_##name = \
+{ (name), (priority), (instances), (stacksz)  }
+#endif
+#endif
+
+/// Access a Thread definition.
+/// \param         name          name of the thread definition object.
+/// \note CAN BE CHANGED: The parameter to \b osThread shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osThread(name)  \
+&os_thread_def_##name
+
+/// Create a thread and add it to Active Threads and set it to state READY.
+/// \param[in]     thread_def    thread definition referenced with \ref osThread.
+/// \param[in]     argument      pointer that is passed to the thread function as start argument.
+/// \return thread ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osThreadCreate shall be consistent in every CMSIS-RTOS.
+osThreadId osThreadCreate (const osThreadDef_t *thread_def, void *argument);
+
+/// Return the thread ID of the current running thread.
+/// \return thread ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osThreadGetId shall be consistent in every CMSIS-RTOS.
+osThreadId osThreadGetId (void);
+
+/// Terminate execution of a thread and remove it from Active Threads.
+/// \param[in]     thread_id   thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadTerminate shall be consistent in every CMSIS-RTOS.
+osStatus osThreadTerminate (osThreadId thread_id);
+
+/// Pass control to next thread that is in state \b READY.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadYield shall be consistent in every CMSIS-RTOS.
+osStatus osThreadYield (void);
+
+/// Change priority of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     priority      new priority value for the thread function.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadSetPriority shall be consistent in every CMSIS-RTOS.
+osStatus osThreadSetPriority (osThreadId thread_id, osPriority priority);
+
+/// Get current priority of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \return current priority value of the thread function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadGetPriority shall be consistent in every CMSIS-RTOS.
+osPriority osThreadGetPriority (osThreadId thread_id);
+
+#ifdef __MBED_CMSIS_RTOS_CA9
+/// Get current thread state.
+uint8_t osThreadGetState (osThreadId thread_id);
+#endif
+
+//  ==== Generic Wait Functions ====
+
+/// Wait for Timeout (Time Delay).
+/// \param[in]     millisec      time delay value
+/// \return status code that indicates the execution status of the function.
+osStatus osDelay (uint32_t millisec);
+
+#if (defined (osFeature_Wait)  &&  (osFeature_Wait != 0))     // Generic Wait available
+
+/// Wait for Signal, Message, Mail, or Timeout.
+/// \param[in] millisec          timeout value or 0 in case of no time-out
+/// \return event that contains signal, message, or mail information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osWait shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osWait (uint32_t millisec);
+
+#endif  // Generic Wait available
+
+
+//  ==== Timer Management Functions ====
+/// Define a Timer object.
+/// \param         name          name of the timer object.
+/// \param         function      name of the timer call back function.
+/// \note CAN BE CHANGED: The parameter to \b osTimerDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osTimerDef(name, function)  \
+extern const osTimerDef_t os_timer_def_##name
+#else                            // define the object
+#define osTimerDef(name, function)  \
+uint32_t os_timer_cb_##name[5]; \
+const osTimerDef_t os_timer_def_##name = \
+{ (function), (os_timer_cb_##name) }
+#endif
+
+/// Access a Timer definition.
+/// \param         name          name of the timer object.
+/// \note CAN BE CHANGED: The parameter to \b osTimer shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osTimer(name) \
+&os_timer_def_##name
+
+/// Create a timer.
+/// \param[in]     timer_def     timer object referenced with \ref osTimer.
+/// \param[in]     type          osTimerOnce for one-shot or osTimerPeriodic for periodic behavior.
+/// \param[in]     argument      argument to the timer call back function.
+/// \return timer ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osTimerCreate shall be consistent in every CMSIS-RTOS.
+osTimerId osTimerCreate (const osTimerDef_t *timer_def, os_timer_type type, void *argument);
+
+/// Start or restart a timer.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \param[in]     millisec      time delay value of the timer.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerStart shall be consistent in every CMSIS-RTOS.
+osStatus osTimerStart (osTimerId timer_id, uint32_t millisec);
+
+/// Stop the timer.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerStop shall be consistent in every CMSIS-RTOS.
+osStatus osTimerStop (osTimerId timer_id);
+
+/// Delete a timer that was created by \ref osTimerCreate.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerDelete shall be consistent in every CMSIS-RTOS.
+osStatus osTimerDelete (osTimerId timer_id);
+
+
+//  ==== Signal Management ====
+
+/// Set the specified Signal Flags of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     signals       specifies the signal flags of the thread that should be set.
+/// \return previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSignalSet shall be consistent in every CMSIS-RTOS.
+int32_t osSignalSet (osThreadId thread_id, int32_t signals);
+
+/// Clear the specified Signal Flags of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     signals       specifies the signal flags of the thread that shall be cleared.
+/// \return previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSignalClear shall be consistent in every CMSIS-RTOS.
+int32_t osSignalClear (osThreadId thread_id, int32_t signals);
+
+/// Wait for one or more Signal Flags to become signaled for the current \b RUNNING thread.
+/// \param[in]     signals       wait until all specified signal flags set or 0 for any single signal flag.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return event flag information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osSignalWait shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osSignalWait (int32_t signals, uint32_t millisec);
+
+
+//  ==== Mutex Management ====
+
+/// Define a Mutex.
+/// \param         name          name of the mutex object.
+/// \note CAN BE CHANGED: The parameter to \b osMutexDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMutexDef(name)  \
+extern const osMutexDef_t os_mutex_def_##name
+#else                            // define the object
+#define osMutexDef(name)  \
+uint32_t os_mutex_cb_##name[4] = { 0 }; \
+const osMutexDef_t os_mutex_def_##name = { (os_mutex_cb_##name) }
+#endif
+
+/// Access a Mutex definition.
+/// \param         name          name of the mutex object.
+/// \note CAN BE CHANGED: The parameter to \b osMutex shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMutex(name)  \
+&os_mutex_def_##name
+
+/// Create and Initialize a Mutex object.
+/// \param[in]     mutex_def     mutex definition referenced with \ref osMutex.
+/// \return mutex ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMutexCreate shall be consistent in every CMSIS-RTOS.
+osMutexId osMutexCreate (const osMutexDef_t *mutex_def);
+
+/// Wait until a Mutex becomes available.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexWait shall be consistent in every CMSIS-RTOS.
+osStatus osMutexWait (osMutexId mutex_id, uint32_t millisec);
+
+/// Release a Mutex that was obtained by \ref osMutexWait.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexRelease shall be consistent in every CMSIS-RTOS.
+osStatus osMutexRelease (osMutexId mutex_id);
+
+/// Delete a Mutex that was created by \ref osMutexCreate.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexDelete shall be consistent in every CMSIS-RTOS.
+osStatus osMutexDelete (osMutexId mutex_id);
+
+
+//  ==== Semaphore Management Functions ====
+
+#if (defined (osFeature_Semaphore)  &&  (osFeature_Semaphore != 0))     // Semaphore available
+
+/// Define a Semaphore object.
+/// \param         name          name of the semaphore object.
+/// \note CAN BE CHANGED: The parameter to \b osSemaphoreDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osSemaphoreDef(name)  \
+extern const osSemaphoreDef_t os_semaphore_def_##name
+#else                            // define the object
+#define osSemaphoreDef(name)  \
+uint32_t os_semaphore_cb_##name[2] = { 0 }; \
+const osSemaphoreDef_t os_semaphore_def_##name = { (os_semaphore_cb_##name) }
+#endif
+
+/// Access a Semaphore definition.
+/// \param         name          name of the semaphore object.
+/// \note CAN BE CHANGED: The parameter to \b osSemaphore shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osSemaphore(name)  \
+&os_semaphore_def_##name
+
+/// Create and Initialize a Semaphore object used for managing resources.
+/// \param[in]     semaphore_def semaphore definition referenced with \ref osSemaphore.
+/// \param[in]     count         number of available resources.
+/// \return semaphore ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreCreate shall be consistent in every CMSIS-RTOS.
+osSemaphoreId osSemaphoreCreate (const osSemaphoreDef_t *semaphore_def, int32_t count);
+
+/// Wait until a Semaphore token becomes available.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return number of available tokens, or -1 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreWait shall be consistent in every CMSIS-RTOS.
+int32_t osSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec);
+
+/// Release a Semaphore token.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreRelease shall be consistent in every CMSIS-RTOS.
+osStatus osSemaphoreRelease (osSemaphoreId semaphore_id);
+
+/// Delete a Semaphore that was created by \ref osSemaphoreCreate.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreDelete shall be consistent in every CMSIS-RTOS.
+osStatus osSemaphoreDelete (osSemaphoreId semaphore_id);
+
+#endif     // Semaphore available
+
+
+//  ==== Memory Pool Management Functions ====
+
+#if (defined (osFeature_Pool)  &&  (osFeature_Pool != 0))  // Memory Pool Management available
+
+/// \brief Define a Memory Pool.
+/// \param         name          name of the memory pool.
+/// \param         no            maximum number of blocks (objects) in the memory pool.
+/// \param         type          data type of a single block (object).
+/// \note CAN BE CHANGED: The parameter to \b osPoolDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osPoolDef(name, no, type)   \
+extern const osPoolDef_t os_pool_def_##name
+#else                            // define the object
+#define osPoolDef(name, no, type)   \
+uint32_t os_pool_m_##name[3+((sizeof(type)+3)/4)*(no)]; \
+const osPoolDef_t os_pool_def_##name = \
+{ (no), sizeof(type), (os_pool_m_##name) }
+#endif
+
+/// \brief Access a Memory Pool definition.
+/// \param         name          name of the memory pool
+/// \note CAN BE CHANGED: The parameter to \b osPool shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osPool(name) \
+&os_pool_def_##name
+
+/// Create and Initialize a memory pool.
+/// \param[in]     pool_def      memory pool definition referenced with \ref osPool.
+/// \return memory pool ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osPoolCreate shall be consistent in every CMSIS-RTOS.
+osPoolId osPoolCreate (const osPoolDef_t *pool_def);
+
+/// Allocate a memory block from a memory pool.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \return address of the allocated memory block or NULL in case of no memory available.
+/// \note MUST REMAIN UNCHANGED: \b osPoolAlloc shall be consistent in every CMSIS-RTOS.
+void *osPoolAlloc (osPoolId pool_id);
+
+/// Allocate a memory block from a memory pool and set memory block to zero.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \return address of the allocated memory block or NULL in case of no memory available.
+/// \note MUST REMAIN UNCHANGED: \b osPoolCAlloc shall be consistent in every CMSIS-RTOS.
+void *osPoolCAlloc (osPoolId pool_id);
+
+/// Return an allocated memory block back to a specific memory pool.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \param[in]     block         address of the allocated memory block that is returned to the memory pool.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osPoolFree shall be consistent in every CMSIS-RTOS.
+osStatus osPoolFree (osPoolId pool_id, void *block);
+
+#endif   // Memory Pool Management available
+
+
+//  ==== Message Queue Management Functions ====
+
+#if (defined (osFeature_MessageQ)  &&  (osFeature_MessageQ != 0))     // Message Queues available
+
+/// \brief Create a Message Queue Definition.
+/// \param         name          name of the queue.
+/// \param         queue_sz      maximum number of messages in the queue.
+/// \param         type          data type of a single message element (for debugger).
+/// \note CAN BE CHANGED: The parameter to \b osMessageQDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMessageQDef(name, queue_sz, type)   \
+extern const osMessageQDef_t os_messageQ_def_##name
+#else                            // define the object
+#define osMessageQDef(name, queue_sz, type)   \
+uint32_t os_messageQ_q_##name[4+(queue_sz)] = { 0 }; \
+const osMessageQDef_t os_messageQ_def_##name = \
+{ (queue_sz), (os_messageQ_q_##name) }
+#endif
+
+/// \brief Access a Message Queue Definition.
+/// \param         name          name of the queue
+/// \note CAN BE CHANGED: The parameter to \b osMessageQ shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMessageQ(name) \
+&os_messageQ_def_##name
+
+/// Create and Initialize a Message Queue.
+/// \param[in]     queue_def     queue definition referenced with \ref osMessageQ.
+/// \param[in]     thread_id     thread ID (obtained by \ref osThreadCreate or \ref osThreadGetId) or NULL.
+/// \return message queue ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMessageCreate shall be consistent in every CMSIS-RTOS.
+osMessageQId osMessageCreate (const osMessageQDef_t *queue_def, osThreadId thread_id);
+
+/// Put a Message to a Queue.
+/// \param[in]     queue_id      message queue ID obtained with \ref osMessageCreate.
+/// \param[in]     info          message information.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMessagePut shall be consistent in every CMSIS-RTOS.
+osStatus osMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec);
+
+/// Get a Message or Wait for a Message from a Queue.
+/// \param[in]     queue_id      message queue ID obtained with \ref osMessageCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return event information that includes status code.
+/// \note MUST REMAIN UNCHANGED: \b osMessageGet shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osMessageGet (osMessageQId queue_id, uint32_t millisec);
+
+#endif     // Message Queues available
+
+
+//  ==== Mail Queue Management Functions ====
+
+#if (defined (osFeature_MailQ)  &&  (osFeature_MailQ != 0))     // Mail Queues available
+
+/// \brief Create a Mail Queue Definition.
+/// \param         name          name of the queue
+/// \param         queue_sz      maximum number of messages in queue
+/// \param         type          data type of a single message element
+/// \note CAN BE CHANGED: The parameter to \b osMailQDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMailQDef(name, queue_sz, type) \
+extern const osMailQDef_t os_mailQ_def_##name
+#else                            // define the object
+#define osMailQDef(name, queue_sz, type) \
+uint32_t os_mailQ_q_##name[4+(queue_sz)] = { 0 }; \
+uint32_t os_mailQ_m_##name[3+((sizeof(type)+3)/4)*(queue_sz)]; \
+void *   os_mailQ_p_##name[2] = { (os_mailQ_q_##name), os_mailQ_m_##name }; \
+const osMailQDef_t os_mailQ_def_##name =  \
+{ (queue_sz), sizeof(type), (os_mailQ_p_##name) }
+#endif
+
+/// \brief Access a Mail Queue Definition.
+/// \param         name          name of the queue
+/// \note CAN BE CHANGED: The parameter to \b osMailQ shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMailQ(name)  \
+&os_mailQ_def_##name
+
+/// Create and Initialize mail queue.
+/// \param[in]     queue_def     reference to the mail queue definition obtain with \ref osMailQ
+/// \param[in]     thread_id     thread ID (obtained by \ref osThreadCreate or \ref osThreadGetId) or NULL.
+/// \return mail queue ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailCreate shall be consistent in every CMSIS-RTOS.
+osMailQId osMailCreate (const osMailQDef_t *queue_def, osThreadId thread_id);
+
+/// Allocate a memory block from a mail.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return pointer to memory block that can be filled with mail or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailAlloc shall be consistent in every CMSIS-RTOS.
+void *osMailAlloc (osMailQId queue_id, uint32_t millisec);
+
+/// Allocate a memory block from a mail and set memory block to zero.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return pointer to memory block that can be filled with mail or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailCAlloc shall be consistent in every CMSIS-RTOS.
+void *osMailCAlloc (osMailQId queue_id, uint32_t millisec);
+
+/// Put a mail to a queue.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     mail          memory block previously allocated with \ref osMailAlloc or \ref osMailCAlloc.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMailPut shall be consistent in every CMSIS-RTOS.
+osStatus osMailPut (osMailQId queue_id, void *mail);
+
+/// Get a mail from a queue.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return event that contains mail information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osMailGet shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osMailGet (osMailQId queue_id, uint32_t millisec);
+
+/// Free a memory block from a mail.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     mail          pointer to the memory block that was obtained with \ref osMailGet.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMailFree shall be consistent in every CMSIS-RTOS.
+osStatus osMailFree (osMailQId queue_id, void *mail);
+
+#endif  // Mail Queues available
+
+
+//  ==== RTX Extensions ====
+
+/// os_suspend: http://www.keil.com/support/man/docs/rlarm/rlarm_os_suspend.htm
+uint32_t os_suspend (void);
+
+/// os_resume: http://www.keil.com/support/man/docs/rlarm/rlarm_os_resume.htm
+void os_resume (uint32_t sleep_time);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif  // _CMSIS_OS_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_CMSIS.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2186 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    rt_CMSIS.c
+ *      Purpose: CMSIS RTOS API
+ *      Rev.:    V4.74
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#define __CMSIS_GENERIC
+
+#if defined (__CORTEX_M4) || defined (__CORTEX_M4F)
+  #include "core_cm4.h"
+#elif defined (__CORTEX_M3)
+  #include "core_cm3.h"
+#elif defined (__CORTEX_M0)
+  #include "core_cm0.h"
+#elif defined (__CORTEX_A9)
+  #include "core_ca9.h"
+#else
+  #error "Missing __CORTEX_xx definition"
+#endif
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_System.h"
+#include "rt_Task.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Time.h"
+#include "rt_Mutex.h"
+#include "rt_Semaphore.h"
+#include "rt_Mailbox.h"
+#include "rt_MemBox.h"
+#include "rt_Memory.h"
+#include "rt_HAL_CM.h"
+
+#define os_thread_cb OS_TCB
+
+#include "cmsis_os.h"
+
+#if (osFeature_Signals != 16)
+#error Invalid "osFeature_Signals" value!
+#endif
+#if (osFeature_Semaphore > 65535)
+#error Invalid "osFeature_Semaphore" value!
+#endif
+#if (osFeature_Wait != 0)
+#error osWait not supported!
+#endif
+
+
+// ==== Enumeration, structures, defines ====
+
+// Service Calls defines
+
+#if defined (__CC_ARM)          /* ARM Compiler */
+
+#define __NO_RETURN __declspec(noreturn)
+
+#define osEvent_type       osEvent
+#define osEvent_ret_status ret
+#define osEvent_ret_value  ret
+#define osEvent_ret_msg    ret
+#define osEvent_ret_mail   ret
+
+#define osCallback_type    osCallback
+#define osCallback_ret     ret
+
+#define SVC_0_1(f,t,...)                                                       \
+__svc_indirect(0) t  _##f (t(*)());                                            \
+                  t     f (void);                                              \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (void) {                                             \
+  return _##f(f);                                                              \
+}
+
+#define SVC_1_0(f,t,t1,...)                                                    \
+__svc_indirect(0) t  _##f (t(*)(t1),t1);                                       \
+                  t     f (t1 a1);                                             \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1) {                                            \
+  _##f(f,a1);                                                                  \
+}
+
+#define SVC_1_1(f,t,t1,...)                                                    \
+__svc_indirect(0) t  _##f (t(*)(t1),t1);                                       \
+                  t     f (t1 a1);                                             \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1) {                                            \
+  return _##f(f,a1);                                                           \
+}
+
+#define SVC_2_1(f,t,t1,t2,...)                                                 \
+__svc_indirect(0) t  _##f (t(*)(t1,t2),t1,t2);                                 \
+                  t     f (t1 a1, t2 a2);                                      \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2) {                                     \
+  return _##f(f,a1,a2);                                                        \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,...)                                              \
+__svc_indirect(0) t  _##f (t(*)(t1,t2,t3),t1,t2,t3);                           \
+                  t     f (t1 a1, t2 a2, t3 a3);                               \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2, t3 a3) {                              \
+  return _##f(f,a1,a2,a3);                                                     \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,...)                                           \
+__svc_indirect(0) t  _##f (t(*)(t1,t2,t3,t4),t1,t2,t3,t4);                     \
+                  t     f (t1 a1, t2 a2, t3 a3, t4 a4);                        \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                       \
+  return _##f(f,a1,a2,a3,a4);                                                  \
+}
+
+#define SVC_1_2 SVC_1_1
+#define SVC_1_3 SVC_1_1
+#define SVC_2_3 SVC_2_1
+
+#elif defined (__GNUC__)        /* GNU Compiler */
+
+#define __NO_RETURN __attribute__((noreturn))
+
+typedef uint32_t __attribute__((vector_size(8)))  ret64;
+typedef uint32_t __attribute__((vector_size(16))) ret128;
+
+#define RET_pointer    __r0
+#define RET_int32_t    __r0
+#define RET_uint32_t   __r0
+#define RET_osStatus   __r0
+#define RET_osPriority __r0
+#define RET_osEvent    {(osStatus)__r0, {(uint32_t)__r1}, {(void *)__r2}}
+#define RET_osCallback {(void *)__r0, (void *)__r1}
+
+#if defined (__ARM_PCS_VFP)
+
+#define osEvent_type        void
+#define osEvent_ret_status {  __asm ("MOV r0, %0;"      \
+                                     : /* no outputs */ \
+                                     : "r"(ret.status)  \
+                                     : "r0"             \
+                                     );                 \
+                           }
+#define osEvent_ret_value  {  __asm ("MOV r1, %0;"         \
+                                     "MOV r0, %1;"         \
+                                     :   /* no outputs */  \
+                                     :   "r"(ret.value.v), \
+                                         "r"(ret.status)   \
+                                     : "r0", "r1"          \
+                                     );                    \
+                           }
+#define osEvent_ret_msg    {  __asm ("MOV r2, %0;"                \
+                                     "MOV r1, %1;"                \
+                                     "MOV r0, %2;"                \
+                                     : /* no outputs */           \
+                                     :   "r"(ret.def.message_id), \
+                                         "r"(ret.value.v),        \
+                                         "r"(ret.status)          \
+                                     : "r0", "r1" , "r2"          \
+                                     );                           \
+                           }
+
+#define osEvent_ret_mail   {  __asm ("MOV r2, %0;"             \
+                                     "MOV r1, %1;"             \
+                                     "MOV r0, %2;"             \
+                                     : /* no outputs */        \
+                                     :   "r"(ret.def.mail_id), \
+                                         "r"(ret.value.v),     \
+                                         "r"(ret.status)       \
+                                     : "r0", "r1" , "r2"       \
+                                     );                        \
+                           }
+
+#define osCallback_type     void
+#define osCallback_ret     {  __asm ("MOV r1, %0;"      \
+                                     "MOV r0, %1;"      \
+                                     : /* no outputs */ \
+                                     : "r"(ret.arg),    \
+                                       "r"(ret.fp)      \
+                                     : "r0", "r1"       \
+                                     );                 \
+                           }
+
+#else /* defined (__ARM_PCS_VFP) */
+
+#define osEvent_type        ret128
+#define osEvent_ret_status (ret128){ret.status}
+#define osEvent_ret_value  (ret128){ret.status, ret.value.v}
+#define osEvent_ret_msg    (ret128){ret.status, ret.value.v, (uint32_t)ret.def.message_id}
+#define osEvent_ret_mail   (ret128){ret.status, ret.value.v, (uint32_t)ret.def.mail_id}
+
+#define osCallback_type     ret64
+#define osCallback_ret     (ret64) {(uint32_t)ret.fp, (uint32_t)ret.arg}
+
+#endif /* defined (__ARM_PCS_VFP) */
+
+#define SVC_ArgN(n) \
+  register int __r##n __asm("r"#n);
+
+#define SVC_ArgR(n,t,a) \
+  register t   __r##n __asm("r"#n) = a;
+
+#define SVC_Arg0()                                                             \
+  SVC_ArgN(0)                                                                  \
+  SVC_ArgN(1)                                                                  \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg1(t1)                                                           \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgN(1)                                                                  \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg2(t1,t2)                                                        \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg3(t1,t2,t3)                                                     \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgR(2,t3,a3)                                                            \
+  SVC_ArgN(3)
+
+#define SVC_Arg4(t1,t2,t3,t4)                                                  \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgR(2,t3,a3)                                                            \
+  SVC_ArgR(3,t4,a4)
+
+#if (defined (__CORTEX_M0))
+#define SVC_Call(f)                                                            \
+  __asm volatile                                                                 \
+  (                                                                            \
+    "ldr r7,="#f"\n\t"                                                         \
+    "mov r12,r7\n\t"                                                           \
+    "svc 0"                                                                    \
+    :               "=r" (__r0), "=r" (__r1), "=r" (__r2), "=r" (__r3)         \
+    :                "r" (__r0),  "r" (__r1),  "r" (__r2),  "r" (__r3)         \
+    : "r7", "r12", "lr", "cc"                                                  \
+  );
+#else
+#define SVC_Call(f)                                                            \
+  __asm volatile                                                                 \
+  (                                                                            \
+    "ldr r12,="#f"\n\t"                                                        \
+    "svc 0"                                                                    \
+    :               "=r" (__r0), "=r" (__r1), "=r" (__r2), "=r" (__r3)         \
+    :                "r" (__r0),  "r" (__r1),  "r" (__r2),  "r" (__r3)         \
+    : "r12", "lr", "cc"                                                        \
+  );
+#endif
+
+#define SVC_0_1(f,t,rv)                                                        \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (void) {                                                \
+  SVC_Arg0();                                                                  \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_1_0(f,t,t1)                                                        \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1) {                                               \
+  SVC_Arg1(t1);                                                                \
+  SVC_Call(f);                                                                 \
+}
+
+#define SVC_1_1(f,t,t1,rv)                                                     \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1) {                                               \
+  SVC_Arg1(t1);                                                                \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_2_1(f,t,t1,t2,rv)                                                  \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2) {                                        \
+  SVC_Arg2(t1,t2);                                                             \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,rv)                                               \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2, t3 a3) {                                 \
+  SVC_Arg3(t1,t2,t3);                                                          \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,rv)                                            \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                          \
+  SVC_Arg4(t1,t2,t3,t4);                                                       \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_1_2 SVC_1_1
+#define SVC_1_3 SVC_1_1
+#define SVC_2_3 SVC_2_1
+
+#elif defined (__ICCARM__)      /* IAR Compiler */
+
+#define __NO_RETURN __noreturn
+
+#define RET_osEvent        "=r"(ret.status), "=r"(ret.value), "=r"(ret.def)
+#define RET_osCallback     "=r"(ret.fp), "=r"(ret.arg)
+
+#define osEvent_type       osEvent
+#define osEvent_ret_status ret
+#define osEvent_ret_value  ret
+#define osEvent_ret_msg    ret
+#define osEvent_ret_mail   ret
+
+#define osCallback_type    uint64_t
+#define osCallback_ret     ((uint64_t)ret.fp | ((uint64_t)ret.arg)<<32)
+
+#define SVC_Setup(f)                                                           \
+  __asm(                                                                         \
+    "mov r12,%0\n"                                                             \
+    :: "r"(&f): "r12"                                                          \
+  );
+
+#define SVC_Ret3()                                                             \
+  __asm(                                                                         \
+    "ldr r0,[sp,#0]\n"                                                         \
+    "ldr r1,[sp,#4]\n"                                                         \
+    "ldr r2,[sp,#8]\n"                                                         \
+  );
+
+#define SVC_0_1(f,t,...)                                                       \
+t f (void);                                                                    \
+_Pragma("swi_number=0") __swi t _##f (void);                                   \
+static inline t __##f (void) {                                                 \
+  SVC_Setup(f);                                                                \
+  return _##f();                                                               \
+}
+
+#define SVC_1_0(f,t,t1,...)                                                    \
+t f (t1 a1);                                                                   \
+_Pragma("swi_number=0") __swi t _##f (t1 a1);                                  \
+static inline t __##f (t1 a1) {                                                \
+  SVC_Setup(f);                                                                \
+  _##f(a1);                                                                    \
+}
+
+#define SVC_1_1(f,t,t1,...)                                                    \
+t f (t1 a1);                                                                   \
+_Pragma("swi_number=0") __swi t _##f (t1 a1);                                  \
+static inline t __##f (t1 a1) {                                                \
+  SVC_Setup(f);                                                                \
+  return _##f(a1);                                                             \
+}
+
+#define SVC_2_1(f,t,t1,t2,...)                                                 \
+t f (t1 a1, t2 a2);                                                            \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2);                           \
+static inline t __##f (t1 a1, t2 a2) {                                         \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2);                                                          \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,...)                                              \
+t f (t1 a1, t2 a2, t3 a3);                                                     \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2, t3 a3);                    \
+static inline t __##f (t1 a1, t2 a2, t3 a3) {                                  \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2,a3);                                                       \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,...)                                           \
+t f (t1 a1, t2 a2, t3 a3, t4 a4);                                              \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2, t3 a3, t4 a4);             \
+static inline t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                           \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2,a3,a4);                                                    \
+}
+
+#define SVC_1_2(f,t,t1,rr)                                                     \
+uint64_t f (t1 a1);                                                            \
+_Pragma("swi_number=0") __swi uint64_t _##f (t1 a1);                           \
+static inline t __##f (t1 a1) {                                                \
+  t ret;                                                                       \
+  SVC_Setup(f);                                                                \
+  _##f(a1);                                                                    \
+  __asm("" : rr : :);                                                            \
+  return ret;                                                                  \
+}
+
+#define SVC_1_3(f,t,t1,rr)                                                     \
+t f (t1 a1);                                                                   \
+void f##_ (t1 a1) {                                                            \
+  f(a1);                                                                       \
+  SVC_Ret3();                                                                  \
+}                                                                              \
+_Pragma("swi_number=0") __swi void _##f (t1 a1);                               \
+static inline t __##f (t1 a1) {                                                \
+  t ret;                                                                       \
+  SVC_Setup(f##_);                                                             \
+  _##f(a1);                                                                    \
+  __asm("" : rr : :);                                                            \
+  return ret;                                                                  \
+}
+
+#define SVC_2_3(f,t,t1,t2,rr)                                                  \
+t f (t1 a1, t2 a2);                                                            \
+void f##_ (t1 a1, t2 a2) {                                                     \
+  f(a1,a2);                                                                    \
+  SVC_Ret3();                                                                  \
+}                                                                              \
+_Pragma("swi_number=0") __swi void _##f (t1 a1, t2 a2);                        \
+static inline t __##f (t1 a1, t2 a2) {                                         \
+  t ret;                                                                       \
+  SVC_Setup(f##_);                                                             \
+  _##f(a1,a2);                                                                 \
+  __asm("" : rr : :);                                                            \
+  return ret;                                                                  \
+}
+
+#endif
+
+
+// Callback structure
+typedef struct {
+  void *fp;             // Function pointer
+  void *arg;            // Function argument
+} osCallback;
+
+
+// OS Section definitions
+#ifdef OS_SECTIONS_LINK_INFO
+extern const uint32_t  os_section_id$$Base;
+extern const uint32_t  os_section_id$$Limit;
+#endif
+
+#ifndef __MBED_CMSIS_RTOS_CA9
+// OS Stack Memory for Threads definitions
+extern       uint64_t  os_stack_mem[];
+extern const uint32_t  os_stack_sz;
+#endif
+
+// OS Timers external resources
+extern const osThreadDef_t   os_thread_def_osTimerThread;
+extern       osThreadId      osThreadId_osTimerThread;
+extern const osMessageQDef_t os_messageQ_def_osTimerMessageQ;
+extern       osMessageQId    osMessageQId_osTimerMessageQ;
+
+extern U32 IRQNestLevel; /* Indicates whether inside an ISR, and the depth of nesting.  0 = not in ISR. */
+
+
+// ==== Helper Functions ====
+
+/// Convert timeout in millisec to system ticks
+static uint32_t rt_ms2tick (uint32_t millisec) {
+  uint32_t tick;
+
+  if (millisec == osWaitForever) return 0xFFFF; // Indefinite timeout
+  if (millisec > 4000000) return 0xFFFE;        // Max ticks supported
+
+  tick = ((1000 * millisec) + os_clockrate - 1)  / os_clockrate;
+  if (tick > 0xFFFE) return 0xFFFE;
+
+  return tick;
+}
+
+/// Convert Thread ID to TCB pointer
+static P_TCB rt_tid2ptcb (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  if (thread_id == NULL) return NULL;
+
+  if ((uint32_t)thread_id & 3) return NULL;
+
+#ifdef OS_SECTIONS_LINK_INFO
+  if ((os_section_id$$Base != 0) && (os_section_id$$Limit != 0)) {
+    if (thread_id  < (osThreadId)os_section_id$$Base)  return NULL;
+    if (thread_id >= (osThreadId)os_section_id$$Limit) return NULL;
+  }
+#endif
+
+  ptcb = thread_id;
+
+  if (ptcb->cb_type != TCB) return NULL;
+
+  return ptcb;
+}
+
+/// Convert ID pointer to Object pointer
+static void *rt_id2obj (void *id) {
+
+  if ((uint32_t)id & 3) return NULL;
+
+#ifdef OS_SECTIONS_LINK_INFO
+  if ((os_section_id$$Base != 0) && (os_section_id$$Limit != 0)) {
+    if (id  < (void *)os_section_id$$Base)  return NULL;
+    if (id >= (void *)os_section_id$$Limit) return NULL;
+  }
+#endif
+
+  return id;
+}
+
+// === Helper functions for system call interface ===
+
+static __inline char __get_mode(void) {
+    return (char)(__get_CPSR() & 0x1f);
+}
+
+static __inline char __exceptional_mode(void) {
+    switch(__get_mode()) {
+        case MODE_USR:
+        case MODE_SYS:
+            return 0;
+        case MODE_SVC:
+            if (IRQNestLevel == 0)
+                return 0; /* handling a regular service call */
+            else
+                return 1; /* handling an ISR in SVC mode */
+        default:
+            return 1;
+    }
+}
+
+// ==== Kernel Control ====
+
+uint8_t os_initialized;                         // Kernel Initialized flag
+uint8_t os_running;                             // Kernel Running flag
+
+// Kernel Control Service Calls declarations
+SVC_0_1(svcKernelInitialize, osStatus, RET_osStatus)
+SVC_0_1(svcKernelStart,      osStatus, RET_osStatus)
+SVC_0_1(svcKernelRunning,    int32_t,  RET_int32_t)
+SVC_0_1(svcKernelSysTick,    uint32_t, RET_uint32_t)
+
+static void  sysThreadError   (osStatus status);
+osThreadId   svcThreadCreate  (const osThreadDef_t *thread_def, void *argument);
+osMessageQId svcMessageCreate (const osMessageQDef_t *queue_def, osThreadId thread_id);
+
+// Kernel Control Service Calls
+
+/// Initialize the RTOS Kernel for creating objects
+osStatus svcKernelInitialize (void) {
+#ifdef __MBED_CMSIS_RTOS_CA9
+  if (!os_initialized) {
+    rt_sys_init();                              // RTX System Initialization
+  }
+#else
+  int ret;
+
+  if (!os_initialized) {
+
+    // Init Thread Stack Memory (must be 8-byte aligned)
+    if ((uint32_t)os_stack_mem & 7) return osErrorNoMemory;
+    ret = rt_init_mem(os_stack_mem, os_stack_sz);
+    if (ret != 0) return osErrorNoMemory;
+
+    rt_sys_init();                              // RTX System Initialization
+  }
+#endif
+
+  os_tsk.run->prio = 255;                       // Highest priority
+
+  if (!os_initialized) {
+    // Create OS Timers resources (Message Queue & Thread)
+    osMessageQId_osTimerMessageQ = svcMessageCreate (&os_messageQ_def_osTimerMessageQ, NULL);
+    osThreadId_osTimerThread = svcThreadCreate(&os_thread_def_osTimerThread, NULL);
+  }
+
+  sysThreadError(osOK);
+
+  os_initialized = 1;
+  os_running = 0;
+
+  return osOK;
+}
+
+/// Start the RTOS Kernel
+osStatus svcKernelStart (void) {
+
+  if (os_running) return osOK;
+
+  rt_tsk_prio(0, os_tsk.run->prio_base);        // Restore priority
+  if (os_tsk.run->task_id == 0xFF) {            // Idle Thread
+    __set_PSP(os_tsk.run->tsk_stack + 8*4);     // Setup PSP
+  }
+  os_tsk.run = NULL;                            // Force context switch
+
+  rt_sys_start();
+
+  os_running = 1;
+
+  return osOK;
+}
+
+/// Check if the RTOS kernel is already started
+int32_t svcKernelRunning(void) {
+  return os_running;
+}
+
+/// Get the RTOS kernel system timer counter
+uint32_t svcKernelSysTick (void) {
+  uint32_t tick, tick0;
+
+  tick = os_tick_val();
+  if (os_tick_ovf()) {
+    tick0 = os_tick_val();
+    if (tick0 < tick) tick = tick0;
+    tick += (os_trv + 1) * (os_time + 1);
+  } else {
+    tick += (os_trv + 1) *  os_time;
+  }
+
+  return tick;
+}
+
+// Kernel Control Public API
+
+/// Initialize the RTOS Kernel for creating objects
+osStatus osKernelInitialize (void) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  if (__get_mode() != MODE_USR) {
+    return   svcKernelInitialize();
+  } else {
+    return __svcKernelInitialize();
+  }
+}
+
+/// Start the RTOS Kernel
+osStatus osKernelStart (void) {
+  char mode = __get_mode();
+
+  switch(mode) {
+    case MODE_USR:
+      if (os_flags & 1) return osErrorOS;  // Privileged Thread mode requested from Unprivileged
+      break;
+    case MODE_SYS:
+      if (!(os_flags & 1)) {
+        __set_CPS_USR();
+      }
+      break;
+    default:
+      return osErrorISR;                   // Not allowed in ISR
+  }
+  return __svcKernelStart();
+}
+
+/// Check if the RTOS kernel is already started
+int32_t osKernelRunning(void) {
+  if(__get_mode() != MODE_USR) {
+    return os_running;
+  } else {
+    return __svcKernelRunning();
+  }
+}
+
+/// Get the RTOS kernel system timer counter
+uint32_t osKernelSysTick (void) {
+  if (__exceptional_mode()) return 0;              // Not allowed in ISR
+  return __svcKernelSysTick();
+}
+
+
+// ==== Thread Management ====
+
+/// Set Thread Error (for Create functions which return IDs)
+static void sysThreadError (osStatus status) {
+  // To Do
+}
+
+__NO_RETURN void osThreadExit (void);
+
+// Thread Service Calls declarations
+SVC_2_1(svcThreadCreate,      osThreadId, const osThreadDef_t *, void *,     RET_pointer)
+SVC_0_1(svcThreadGetId,       osThreadId,                                    RET_pointer)
+SVC_1_1(svcThreadTerminate,   osStatus,         osThreadId,                  RET_osStatus)
+SVC_0_1(svcThreadYield,       osStatus,                                      RET_osStatus)
+SVC_2_1(svcThreadSetPriority, osStatus,         osThreadId,      osPriority, RET_osStatus)
+SVC_1_1(svcThreadGetPriority, osPriority,       osThreadId,                  RET_osPriority)
+
+// Thread Service Calls
+
+/// Create a thread and add it to Active Threads and set it to state READY
+osThreadId svcThreadCreate (const osThreadDef_t *thread_def, void *argument) {
+  P_TCB  ptcb;
+  OS_TID tsk;
+  void  *stk;
+
+  if ((thread_def == NULL) ||
+      (thread_def->pthread == NULL) ||
+      (thread_def->tpriority < osPriorityIdle) ||
+      (thread_def->tpriority > osPriorityRealtime)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+#ifdef __MBED_CMSIS_RTOS_CA9
+  if (thread_def->stacksize != 0) {             // Custom stack size
+    stk = (void *)thread_def->stack_pointer;
+  } else {                                      // Default stack size
+    stk = NULL;
+  }
+#else
+  if (thread_def->stacksize != 0) {             // Custom stack size
+    stk = rt_alloc_mem(                         // Allocate stack
+      os_stack_mem,
+      thread_def->stacksize
+    );
+    if (stk == NULL) {
+      sysThreadError(osErrorNoMemory);          // Out of memory
+      return NULL;
+    }
+  } else {                                      // Default stack size
+    stk = NULL;
+  }
+#endif
+
+  tsk = rt_tsk_create(                          // Create task
+    (FUNCP)thread_def->pthread,                 // Task function pointer
+    (thread_def->tpriority-osPriorityIdle+1) |  // Task priority
+    (thread_def->stacksize << 8),               // Task stack size in bytes
+    stk,                                        // Pointer to task's stack
+    argument                                    // Argument to the task
+  );
+
+  if (tsk == 0) {                               // Invalid task ID
+#ifndef __MBED_CMSIS_RTOS_CA9
+    if (stk != NULL) {
+      rt_free_mem(os_stack_mem, stk);           // Free allocated stack
+    }
+#endif
+    sysThreadError(osErrorNoMemory);            // Create task failed (Out of memory)
+    return NULL;
+  }
+
+  ptcb = (P_TCB)os_active_TCB[tsk - 1];         // TCB pointer
+
+  *((uint32_t *)ptcb->tsk_stack + 13) = (uint32_t)osThreadExit;
+
+  return ptcb;
+}
+
+/// Return the thread ID of the current running thread
+osThreadId svcThreadGetId (void) {
+  OS_TID tsk;
+
+  tsk = rt_tsk_self();
+  if (tsk == 0) return NULL;
+  return (P_TCB)os_active_TCB[tsk - 1];
+}
+
+/// Terminate execution of a thread and remove it from ActiveThreads
+osStatus svcThreadTerminate (osThreadId thread_id) {
+  OS_RESULT res;
+  P_TCB     ptcb;
+#ifndef __MBED_CMSIS_RTOS_CA9
+  void     *stk;
+#endif
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osErrorParameter;
+
+#ifndef __MBED_CMSIS_RTOS_CA9
+  stk = ptcb->priv_stack ? ptcb->stack : NULL;  // Private stack
+#endif
+
+  res = rt_tsk_delete(ptcb->task_id);           // Delete task
+
+  if (res == OS_R_NOK) return osErrorResource;  // Delete task failed
+
+#ifndef __MBED_CMSIS_RTOS_CA9
+  if (stk != NULL) {
+    rt_free_mem(os_stack_mem, stk);             // Free private stack
+  }
+#endif
+
+  return osOK;
+}
+
+/// Pass control to next thread that is in state READY
+osStatus svcThreadYield (void) {
+  rt_tsk_pass();                                // Pass control to next task
+  return osOK;
+}
+
+/// Change priority of an active thread
+osStatus svcThreadSetPriority (osThreadId thread_id, osPriority priority) {
+  OS_RESULT res;
+  P_TCB     ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osErrorParameter;
+
+  if ((priority < osPriorityIdle) || (priority > osPriorityRealtime)) {
+    return osErrorValue;
+  }
+
+  res = rt_tsk_prio(                            // Change task priority
+    ptcb->task_id,                              // Task ID
+    priority - osPriorityIdle + 1               // New task priority
+  );
+
+  if (res == OS_R_NOK) return osErrorResource;  // Change task priority failed
+
+  return osOK;
+}
+
+/// Get current priority of an active thread
+osPriority svcThreadGetPriority (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osPriorityError;
+
+  return (osPriority)(ptcb->prio - 1 + osPriorityIdle);
+}
+
+
+// Thread Public API
+
+/// Create a thread and add it to Active Threads and set it to state READY
+osThreadId osThreadCreate (const osThreadDef_t *thread_def, void *argument) {
+  if (__exceptional_mode()) return NULL;           // Not allowed in ISR
+  if ((__get_mode() != MODE_USR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcThreadCreate(thread_def, argument);
+  } else {
+    return __svcThreadCreate(thread_def, argument);
+  }
+}
+
+/// Return the thread ID of the current running thread
+osThreadId osThreadGetId (void) {
+  if (__exceptional_mode()) return NULL;           // Not allowed in ISR
+  return __svcThreadGetId();
+}
+
+/// Terminate execution of a thread and remove it from ActiveThreads
+osStatus osThreadTerminate (osThreadId thread_id) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadTerminate(thread_id);
+}
+
+/// Pass control to next thread that is in state READY
+osStatus osThreadYield (void) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadYield();
+}
+
+/// Change priority of an active thread
+osStatus osThreadSetPriority (osThreadId thread_id, osPriority priority) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadSetPriority(thread_id, priority);
+}
+
+/// Get current priority of an active thread
+osPriority osThreadGetPriority (osThreadId thread_id) {
+  if (__exceptional_mode()) return osPriorityError;// Not allowed in ISR
+  return __svcThreadGetPriority(thread_id);
+}
+
+/// INTERNAL - Not Public
+/// Auto Terminate Thread on exit (used implicitly when thread exists)
+__NO_RETURN void osThreadExit (void) {
+  __svcThreadTerminate(__svcThreadGetId());
+  for (;;);                                     // Should never come here
+}
+
+#ifdef __MBED_CMSIS_RTOS_CA9
+/// Get current thread state
+uint8_t osThreadGetState (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osErrorParameter;
+
+  return ptcb->state;
+}
+#endif
+
+// ==== Generic Wait Functions ====
+
+// Generic Wait Service Calls declarations
+SVC_1_1(svcDelay,           osStatus, uint32_t, RET_osStatus)
+#if osFeature_Wait != 0
+SVC_1_3(svcWait,  os_InRegs osEvent,  uint32_t, RET_osEvent)
+#endif
+
+// Generic Wait Service Calls
+
+/// Wait for Timeout (Time Delay)
+osStatus svcDelay (uint32_t millisec) {
+  if (millisec == 0) return osOK;
+  rt_dly_wait(rt_ms2tick(millisec));
+  return osEventTimeout;
+}
+
+/// Wait for Signal, Message, Mail, or Timeout
+#if osFeature_Wait != 0
+os_InRegs osEvent_type svcWait (uint32_t millisec) {
+  osEvent ret;
+
+  if (millisec == 0) {
+    ret.status = osOK;
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+    osEvent_ret_status;
+    return;
+#else
+    return osEvent_ret_status;
+#endif
+  }
+
+  /* To Do: osEventSignal, osEventMessage, osEventMail */
+  rt_dly_wait(rt_ms2tick(millisec));
+  ret.status = osEventTimeout;
+
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+  osEvent_ret_status;
+  return;
+#else
+  return osEvent_ret_status;
+#endif
+}
+#endif
+
+
+// Generic Wait API
+
+/// Wait for Timeout (Time Delay)
+osStatus osDelay (uint32_t millisec) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcDelay(millisec);
+}
+
+/// Wait for Signal, Message, Mail, or Timeout
+os_InRegs osEvent osWait (uint32_t millisec) {
+  osEvent ret;
+
+#if osFeature_Wait == 0
+  ret.status = osErrorOS;
+  return ret;
+#else
+  if (__exceptional_mode()) {                      // Not allowed in ISR
+    ret.status = osErrorISR;
+    return ret;
+  }
+  return __svcWait(millisec);
+#endif
+}
+
+
+// ==== Timer Management ====
+
+// Timer definitions
+#define osTimerInvalid  0
+#define osTimerStopped  1
+#define osTimerRunning  2
+
+// Timer structures
+
+typedef struct os_timer_cb_ {                   // Timer Control Block
+  struct os_timer_cb_ *next;                    // Pointer to next active Timer
+  uint8_t             state;                    // Timer State
+  uint8_t              type;                    // Timer Type (Periodic/One-shot)
+  uint16_t         reserved;                    // Reserved
+  uint16_t             tcnt;                    // Timer Delay Count
+  uint16_t             icnt;                    // Timer Initial Count
+  void                 *arg;                    // Timer Function Argument
+  const osTimerDef_t *timer;                    // Pointer to Timer definition
+} os_timer_cb;
+
+// Timer variables
+os_timer_cb *os_timer_head;                     // Pointer to first active Timer
+
+
+// Timer Helper Functions
+
+// Insert Timer into the list sorted by time
+static void rt_timer_insert (os_timer_cb *pt, uint32_t tcnt) {
+  os_timer_cb *p, *prev;
+
+  prev = NULL;
+  p = os_timer_head;
+  while (p != NULL) {
+    if (tcnt < p->tcnt) break;
+    tcnt -= p->tcnt;
+    prev = p;
+    p = p->next;
+  }
+  pt->next = p;
+  pt->tcnt = (uint16_t)tcnt;
+  if (p != NULL) {
+    p->tcnt -= pt->tcnt;
+  }
+  if (prev != NULL) {
+    prev->next = pt;
+  } else {
+    os_timer_head = pt;
+  }
+}
+
+// Remove Timer from the list
+static int rt_timer_remove (os_timer_cb *pt) {
+  os_timer_cb *p, *prev;
+
+  prev = NULL;
+  p = os_timer_head;
+  while (p != NULL) {
+    if (p == pt) break;
+    prev = p;
+    p = p->next;
+  }
+  if (p == NULL) return -1;
+  if (prev != NULL) {
+    prev->next = pt->next;
+  } else {
+    os_timer_head = pt->next;
+  }
+  if (pt->next != NULL) {
+    pt->next->tcnt += pt->tcnt;
+  }
+
+  return 0;
+}
+
+
+// Timer Service Calls declarations
+SVC_3_1(svcTimerCreate,           osTimerId,  const osTimerDef_t *, os_timer_type, void *, RET_pointer)
+SVC_2_1(svcTimerStart,            osStatus,         osTimerId,      uint32_t,              RET_osStatus)
+SVC_1_1(svcTimerStop,             osStatus,         osTimerId,                             RET_osStatus)
+SVC_1_1(svcTimerDelete,           osStatus,         osTimerId,                             RET_osStatus)
+SVC_1_2(svcTimerCall,   os_InRegs osCallback,       osTimerId,                             RET_osCallback)
+
+// Timer Management Service Calls
+
+/// Create timer
+osTimerId svcTimerCreate (const osTimerDef_t *timer_def, os_timer_type type, void *argument) {
+  os_timer_cb *pt;
+
+  if ((timer_def == NULL) || (timer_def->ptimer == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  pt = timer_def->timer;
+  if (pt == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if ((type != osTimerOnce) && (type != osTimerPeriodic)) {
+    sysThreadError(osErrorValue);
+    return NULL;
+  }
+
+  if (osThreadId_osTimerThread == NULL) {
+    sysThreadError(osErrorResource);
+    return NULL;
+  }
+
+  if (pt->state != osTimerInvalid){
+    sysThreadError(osErrorResource);
+    return NULL;
+  }
+
+  pt->next  = NULL;
+  pt->state = osTimerStopped;
+  pt->type  =  (uint8_t)type;
+  pt->arg   = argument;
+  pt->timer = timer_def;
+
+  return (osTimerId)pt;
+}
+
+/// Start or restart timer
+osStatus svcTimerStart (osTimerId timer_id, uint32_t millisec) {
+  os_timer_cb *pt;
+  uint32_t     tcnt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  tcnt = rt_ms2tick(millisec);
+  if (tcnt == 0) return osErrorValue;
+
+  switch (pt->state) {
+    case osTimerRunning:
+      if (rt_timer_remove(pt) != 0) {
+        return osErrorResource;
+      }
+      break;
+    case osTimerStopped:
+      pt->state = osTimerRunning;
+      pt->icnt  = (uint16_t)tcnt;
+      break;
+    default:
+      return osErrorResource;
+  }
+
+  rt_timer_insert(pt, tcnt);
+
+  return osOK;
+}
+
+/// Stop timer
+osStatus svcTimerStop (osTimerId timer_id) {
+  os_timer_cb *pt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  if (pt->state != osTimerRunning) return osErrorResource;
+
+  pt->state = osTimerStopped;
+
+  if (rt_timer_remove(pt) != 0) {
+    return osErrorResource;
+  }
+
+  return osOK;
+}
+
+/// Delete timer
+osStatus svcTimerDelete (osTimerId timer_id) {
+  os_timer_cb *pt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  switch (pt->state) {
+    case osTimerRunning:
+      rt_timer_remove(pt);
+      break;
+    case osTimerStopped:
+      break;
+    default:
+      return osErrorResource;
+  }
+
+  pt->state = osTimerInvalid;
+
+  return osOK;
+}
+
+/// Get timer callback parameters
+os_InRegs osCallback_type svcTimerCall (osTimerId timer_id) {
+  os_timer_cb *pt;
+  osCallback   ret;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) {
+    ret.fp  = NULL;
+    ret.arg = NULL;
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+    osCallback_ret;
+    return;
+#else
+    return osCallback_ret;
+#endif
+  }
+
+  ret.fp  = (void *)pt->timer->ptimer;
+  ret.arg = pt->arg;
+
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+  osCallback_ret;
+  return;
+#else
+  return osCallback_ret;
+#endif
+}
+
+static __INLINE osStatus isrMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec);
+
+/// Timer Tick (called each SysTick)
+void sysTimerTick (void) {
+  os_timer_cb *pt, *p;
+
+  p = os_timer_head;
+  if (p == NULL) return;
+
+  p->tcnt--;
+  while ((p != NULL) && (p->tcnt == 0)) {
+    pt = p;
+    p = p->next;
+    os_timer_head = p;
+    isrMessagePut(osMessageQId_osTimerMessageQ, (uint32_t)pt, 0);
+    if (pt->type == osTimerPeriodic) {
+      rt_timer_insert(pt, pt->icnt);
+    } else {
+      pt->state = osTimerStopped;
+    }
+  }
+}
+
+/// Get user timers wake-up time 
+uint32_t sysUserTimerWakeupTime (void) {
+
+  if (os_timer_head) {
+    return os_timer_head->tcnt;
+  }
+  return 0xFFFF;
+}
+
+/// Update user timers on resume
+void sysUserTimerUpdate (uint32_t sleep_time) {
+
+  while (os_timer_head && sleep_time) {
+    if (sleep_time >= os_timer_head->tcnt) {
+      sleep_time -= os_timer_head->tcnt;
+      os_timer_head->tcnt = 1;
+      sysTimerTick();
+    } else {
+      os_timer_head->tcnt -= sleep_time;
+      break;
+    }
+  }
+}
+
+
+// Timer Management Public API
+
+/// Create timer
+osTimerId osTimerCreate (const osTimerDef_t *timer_def, os_timer_type type, void *argument) {
+  if (__exceptional_mode()) return NULL;           // Not allowed in ISR
+  if ((__get_mode() != MODE_USR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcTimerCreate(timer_def, type, argument);
+  } else {
+    return __svcTimerCreate(timer_def, type, argument);
+  }
+}
+
+/// Start or restart timer
+osStatus osTimerStart (osTimerId timer_id, uint32_t millisec) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerStart(timer_id, millisec);
+}
+
+/// Stop timer
+osStatus osTimerStop (osTimerId timer_id) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerStop(timer_id);
+}
+
+/// Delete timer
+osStatus osTimerDelete (osTimerId timer_id) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerDelete(timer_id);
+}
+
+/// INTERNAL - Not Public
+/// Get timer callback parameters (used by OS Timer Thread)
+os_InRegs osCallback osTimerCall (osTimerId timer_id) {
+  return __svcTimerCall(timer_id);
+}
+
+
+// Timer Thread
+__NO_RETURN void osTimerThread (void const *argument) {
+  osCallback cb;
+  osEvent    evt;
+
+  for (;;) {
+    evt = osMessageGet(osMessageQId_osTimerMessageQ, osWaitForever);
+    if (evt.status == osEventMessage) {
+      cb = osTimerCall(evt.value.p);
+      if (cb.fp != NULL) {
+        (*(os_ptimer)cb.fp)(cb.arg);
+      }
+    }
+  }
+}
+
+
+// ==== Signal Management ====
+
+// Signal Service Calls declarations
+SVC_2_1(svcSignalSet,             int32_t, osThreadId, int32_t,  RET_int32_t)
+SVC_2_1(svcSignalClear,           int32_t, osThreadId, int32_t,  RET_int32_t)
+SVC_2_3(svcSignalWait,  os_InRegs osEvent, int32_t,    uint32_t, RET_osEvent)
+
+// Signal Service Calls
+
+/// Set the specified Signal Flags of an active thread
+int32_t svcSignalSet (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  rt_evt_set(signals, ptcb->task_id);           // Set event flags
+
+  return sig;
+}
+
+/// Clear the specified Signal Flags of an active thread
+int32_t svcSignalClear (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  rt_evt_clr(signals, ptcb->task_id);           // Clear event flags
+
+  return sig;
+}
+
+/// Wait for one or more Signal Flags to become signaled for the current RUNNING thread
+os_InRegs osEvent_type svcSignalWait (int32_t signals, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) {
+    ret.status = osErrorValue;
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+    osEvent_ret_status;
+    return;
+#else
+    return osEvent_ret_status;
+#endif
+  }
+
+  if (signals != 0) {                           // Wait for all specified signals
+    res = rt_evt_wait(signals, rt_ms2tick(millisec), __TRUE);
+  } else {                                      // Wait for any signal
+    res = rt_evt_wait(0xFFFF,  rt_ms2tick(millisec), __FALSE);
+  }
+
+  if (res == OS_R_EVT) {
+    ret.status = osEventSignal;
+    ret.value.signals = signals ? signals : os_tsk.run->waits;
+  } else {
+    ret.status = millisec ? osEventTimeout : osOK;
+    ret.value.signals = 0;
+  }
+
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+  osEvent_ret_value;
+  return;
+#else
+  return osEvent_ret_value;
+#endif
+}
+
+
+// Signal ISR Calls
+
+/// Set the specified Signal Flags of an active thread
+static __INLINE int32_t isrSignalSet (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  isr_evt_set(signals, ptcb->task_id);          // Set event flags
+
+  return sig;
+}
+
+
+// Signal Public API
+
+/// Set the specified Signal Flags of an active thread
+int32_t osSignalSet (osThreadId thread_id, int32_t signals) {
+  if (__exceptional_mode()) {                      // in ISR
+    return   isrSignalSet(thread_id, signals);
+  } else {                                      // in Thread
+    return __svcSignalSet(thread_id, signals);
+  }
+}
+
+/// Clear the specified Signal Flags of an active thread
+int32_t osSignalClear (osThreadId thread_id, int32_t signals) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcSignalClear(thread_id, signals);
+}
+
+/// Wait for one or more Signal Flags to become signaled for the current RUNNING thread
+os_InRegs osEvent osSignalWait (int32_t signals, uint32_t millisec) {
+  osEvent ret;
+
+  if (__exceptional_mode()) {                      // Not allowed in ISR
+    ret.status = osErrorISR;
+    return ret;
+  }
+  return __svcSignalWait(signals, millisec);
+}
+
+
+// ==== Mutex Management ====
+
+// Mutex Service Calls declarations
+SVC_1_1(svcMutexCreate,  osMutexId, const osMutexDef_t *,           RET_pointer)
+SVC_2_1(svcMutexWait,    osStatus,        osMutexId,      uint32_t, RET_osStatus)
+SVC_1_1(svcMutexRelease, osStatus,        osMutexId,                RET_osStatus)
+SVC_1_1(svcMutexDelete,  osStatus,        osMutexId,                RET_osStatus)
+
+// Mutex Service Calls
+
+/// Create and Initialize a Mutex object
+osMutexId svcMutexCreate (const osMutexDef_t *mutex_def) {
+  OS_ID mut;
+
+  if (mutex_def == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  mut = mutex_def->mutex;
+  if (mut == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_MUCB)mut)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  rt_mut_init(mut);                             // Initialize Mutex
+
+  return mut;
+}
+
+/// Wait until a Mutex becomes available
+osStatus svcMutexWait (osMutexId mutex_id, uint32_t millisec) {
+  OS_ID     mut;
+  OS_RESULT res;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  res = rt_mut_wait(mut, rt_ms2tick(millisec)); // Wait for Mutex
+
+  if (res == OS_R_TMO) {
+    return (millisec ? osErrorTimeoutResource : osErrorResource);
+  }
+
+  return osOK;
+}
+
+/// Release a Mutex that was obtained with osMutexWait
+osStatus svcMutexRelease (osMutexId mutex_id) {
+  OS_ID     mut;
+  OS_RESULT res;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  res = rt_mut_release(mut);                    // Release Mutex
+
+  if (res == OS_R_NOK) return osErrorResource;  // Thread not owner or Zero Counter
+
+  return osOK;
+}
+
+/// Delete a Mutex that was created by osMutexCreate
+osStatus svcMutexDelete (osMutexId mutex_id) {
+  OS_ID mut;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  rt_mut_delete(mut);                           // Release Mutex
+
+  return osOK;
+}
+
+
+// Mutex Public API
+
+/// Create and Initialize a Mutex object
+osMutexId osMutexCreate (const osMutexDef_t *mutex_def) {
+  if (__exceptional_mode()) return NULL;           // Not allowed in ISR
+  if ((__get_mode() != MODE_USR) && (os_running == 0)) {
+    // Privileged and not running
+    return    svcMutexCreate(mutex_def);
+  } else {
+    return __svcMutexCreate(mutex_def);
+  }
+}
+
+/// Wait until a Mutex becomes available
+osStatus osMutexWait (osMutexId mutex_id, uint32_t millisec) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexWait(mutex_id, millisec);
+}
+
+/// Release a Mutex that was obtained with osMutexWait
+osStatus osMutexRelease (osMutexId mutex_id) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexRelease(mutex_id);
+}
+
+/// Delete a Mutex that was created by osMutexCreate
+osStatus osMutexDelete (osMutexId mutex_id) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexDelete(mutex_id);
+}
+
+
+// ==== Semaphore Management ====
+
+// Semaphore Service Calls declarations
+SVC_2_1(svcSemaphoreCreate,  osSemaphoreId, const osSemaphoreDef_t *,  int32_t, RET_pointer)
+SVC_2_1(svcSemaphoreWait,    int32_t,             osSemaphoreId,      uint32_t, RET_int32_t)
+SVC_1_1(svcSemaphoreRelease, osStatus,            osSemaphoreId,                RET_osStatus)
+SVC_1_1(svcSemaphoreDelete,  osStatus,            osSemaphoreId,                RET_osStatus)
+
+// Semaphore Service Calls
+
+/// Create and Initialize a Semaphore object
+osSemaphoreId svcSemaphoreCreate (const osSemaphoreDef_t *semaphore_def, int32_t count) {
+  OS_ID sem;
+
+  if (semaphore_def == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  sem = semaphore_def->semaphore;
+  if (sem == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_SCB)sem)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (count > osFeature_Semaphore) {
+    sysThreadError(osErrorValue);
+    return NULL;
+  }
+
+  rt_sem_init(sem, count);                      // Initialize Semaphore
+
+  return sem;
+}
+
+/// Wait until a Semaphore becomes available
+int32_t svcSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec) {
+  OS_ID     sem;
+  OS_RESULT res;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return -1;
+
+  if (((P_SCB)sem)->cb_type != SCB) return -1;
+
+  res = rt_sem_wait(sem, rt_ms2tick(millisec)); // Wait for Semaphore
+
+  if (res == OS_R_TMO) return 0;                // Timeout
+
+  return (((P_SCB)sem)->tokens + 1);
+}
+
+/// Release a Semaphore
+osStatus svcSemaphoreRelease (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  if (((P_SCB)sem)->tokens == osFeature_Semaphore) return osErrorResource;
+
+  rt_sem_send(sem);                             // Release Semaphore
+
+  return osOK;
+}
+
+/// Delete a Semaphore that was created by osSemaphoreCreate
+osStatus svcSemaphoreDelete (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  rt_sem_delete(sem);                           // Delete Semaphore
+
+  return osOK;
+}
+
+
+// Semaphore ISR Calls
+
+/// Release a Semaphore
+static __INLINE osStatus isrSemaphoreRelease (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  if (((P_SCB)sem)->tokens == osFeature_Semaphore) return osErrorResource;
+
+  isr_sem_send(sem);                            // Release Semaphore
+
+  return osOK;
+}
+
+
+// Semaphore Public API
+
+/// Create and Initialize a Semaphore object
+osSemaphoreId osSemaphoreCreate (const osSemaphoreDef_t *semaphore_def, int32_t count) {
+  if (__exceptional_mode()) return NULL;           // Not allowed in ISR
+  if ((__get_mode() != MODE_USR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcSemaphoreCreate(semaphore_def, count);
+  } else {
+    return __svcSemaphoreCreate(semaphore_def, count);
+  }
+}
+
+/// Wait until a Semaphore becomes available
+int32_t osSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec) {
+  if (__exceptional_mode()) return -1;             // Not allowed in ISR
+  return __svcSemaphoreWait(semaphore_id, millisec);
+}
+
+/// Release a Semaphore
+osStatus osSemaphoreRelease (osSemaphoreId semaphore_id) {
+  if (__exceptional_mode()) {                      // in ISR
+    return   isrSemaphoreRelease(semaphore_id);
+  } else {                                      // in Thread
+    return __svcSemaphoreRelease(semaphore_id);
+  }
+}
+
+/// Delete a Semaphore that was created by osSemaphoreCreate
+osStatus osSemaphoreDelete (osSemaphoreId semaphore_id) {
+  if (__exceptional_mode()) return osErrorISR;     // Not allowed in ISR
+  return __svcSemaphoreDelete(semaphore_id);
+}
+
+
+// ==== Memory Management Functions ====
+
+// Memory Management Helper Functions
+
+// Clear Memory Box (Zero init)
+static void rt_clr_box (void *box_mem, void *box) {
+  uint32_t *p, n;
+
+  if (box) {
+    p = box;
+    for (n = ((P_BM)box_mem)->blk_size; n; n -= 4) {
+      *p++ = 0;
+    }
+  }
+}
+
+// Memory Management Service Calls declarations
+SVC_1_1(svcPoolCreate, osPoolId, const osPoolDef_t *,           RET_pointer)
+SVC_2_1(sysPoolAlloc,  void *,         osPoolId,      uint32_t, RET_pointer)
+SVC_2_1(sysPoolFree,   osStatus,       osPoolId,      void *,   RET_osStatus)
+
+// Memory Management Service & ISR Calls
+
+/// Create and Initialize memory pool
+osPoolId svcPoolCreate (const osPoolDef_t *pool_def) {
+  uint32_t blk_sz;
+
+  if ((pool_def == NULL) ||
+      (pool_def->pool_sz == 0) ||
+      (pool_def->item_sz == 0) ||
+      (pool_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  blk_sz = (pool_def->item_sz + 3) & ~3;
+
+  _init_box(pool_def->pool, sizeof(struct OS_BM) + pool_def->pool_sz * blk_sz, blk_sz);
+
+  return pool_def->pool;
+}
+
+/// Allocate a memory block from a memory pool
+void *sysPoolAlloc (osPoolId pool_id, uint32_t clr) {
+  void *ptr;
+
+  if (pool_id == NULL) return NULL;
+
+  ptr = rt_alloc_box(pool_id);
+  if (clr) {
+    rt_clr_box(pool_id, ptr);
+  }
+
+  return ptr;
+}
+
+/// Return an allocated memory block back to a specific memory pool
+osStatus sysPoolFree (osPoolId pool_id, void *block) {
+  int32_t res;
+
+  if (pool_id == NULL) return osErrorParameter;
+
+  res = rt_free_box(pool_id, block);
+  if (res != 0) return osErrorValue;
+
+  return osOK;
+}
+
+
+// Memory Management Public API
+
+/// Create and Initialize memory pool
+osPoolId osPoolCreate (const osPoolDef_t *pool_def) {
+  if (__exceptional_mode()) return NULL;           // Not allowed in ISR
+  if ((__get_mode() != MODE_USR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcPoolCreate(pool_def);
+  } else {
+    return __svcPoolCreate(pool_def);
+  }
+}
+
+/// Allocate a memory block from a memory pool
+void *osPoolAlloc (osPoolId pool_id) {
+  if (__get_mode() != MODE_USR) {               // in ISR or Privileged
+    return   sysPoolAlloc(pool_id, 0);
+  } else {                                      // in Thread
+    return __sysPoolAlloc(pool_id, 0);
+  }
+}
+
+/// Allocate a memory block from a memory pool and set memory block to zero
+void *osPoolCAlloc (osPoolId pool_id) {
+  if (__get_mode() != MODE_USR) {               // in ISR or Privileged
+    return   sysPoolAlloc(pool_id, 1);
+  } else {                                      // in Thread
+    return __sysPoolAlloc(pool_id, 1);
+  }
+}
+
+/// Return an allocated memory block back to a specific memory pool
+osStatus osPoolFree (osPoolId pool_id, void *block) {
+  if (__get_mode() != MODE_USR) {               // in ISR or Privileged
+    return   sysPoolFree(pool_id, block);
+  } else {                                      // in Thread
+    return __sysPoolFree(pool_id, block);
+  }
+}
+
+
+// ==== Message Queue Management Functions ====
+
+// Message Queue Management Service Calls declarations
+SVC_2_1(svcMessageCreate,        osMessageQId, const osMessageQDef_t *, osThreadId,           RET_pointer)
+SVC_3_1(svcMessagePut,           osStatus,           osMessageQId,      uint32_t,   uint32_t, RET_osStatus)
+SVC_2_3(svcMessageGet, os_InRegs osEvent,            osMessageQId,      uint32_t,             RET_osEvent)
+
+// Message Queue Service Calls
+
+/// Create and Initialize Message Queue
+osMessageQId svcMessageCreate (const osMessageQDef_t *queue_def, osThreadId thread_id) {
+
+  if ((queue_def == NULL) ||
+      (queue_def->queue_sz == 0) ||
+      (queue_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_MCB)queue_def->pool)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  rt_mbx_init(queue_def->pool, 4*(queue_def->queue_sz + 4));
+
+  return queue_def->pool;
+}
+
+/// Put a Message to a Queue
+osStatus svcMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+  OS_RESULT res;
+
+  if (queue_id == NULL) return osErrorParameter;
+
+  if (((P_MCB)queue_id)->cb_type != MCB) return osErrorParameter;
+
+  res = rt_mbx_send(queue_id, (void *)info, rt_ms2tick(millisec));
+
+  if (res == OS_R_TMO) {
+    return (millisec ? osErrorTimeoutResource : osErrorResource);
+  }
+
+  return osOK;
+}
+
+/// Get a Message or Wait for a Message from a Queue
+os_InRegs osEvent_type svcMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if (queue_id == NULL) {
+    ret.status = osErrorParameter;
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+    osEvent_ret_status;
+    return;
+#else
+    return osEvent_ret_status;
+#endif
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) {
+    ret.status = osErrorParameter;
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+    osEvent_ret_status;
+    return;
+#else
+    return osEvent_ret_status;
+#endif
+  }
+
+  res = rt_mbx_wait(queue_id, &ret.value.p, rt_ms2tick(millisec));
+
+  if (res == OS_R_TMO) {
+    ret.status = millisec ? osEventTimeout : osOK;
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+    osEvent_ret_value;
+    return;
+#else
+    return osEvent_ret_value;
+#endif
+  }
+
+  ret.status = osEventMessage;
+
+#if defined (__GNUC__) && defined (__ARM_PCS_VFP)
+  osEvent_ret_value;
+  return;
+#else
+  return osEvent_ret_value;
+#endif
+}
+
+
+// Message Queue ISR Calls
+
+/// Put a Message to a Queue
+static __INLINE osStatus isrMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+
+  if ((queue_id == NULL) || (millisec != 0)) {
+    return osErrorParameter;
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) return osErrorParameter;
+
+  if (rt_mbx_check(queue_id) == 0) {            // Check if Queue is full
+    return osErrorResource;
+  }
+
+  isr_mbx_send(queue_id, (void *)info);
+
+  return osOK;
+}
+
+/// Get a Message or Wait for a Message from a Queue
+static __INLINE os_InRegs osEvent isrMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if ((queue_id == NULL) || (millisec != 0)) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  res = isr_mbx_receive(queue_id, &ret.value.p);
+
+  if (res != OS_R_MBX) {
+    ret.status = osOK;
+    return ret;
+  }
+
+  ret.status = osEventMessage;
+
+  return ret;
+}
+
+
+// Message Queue Management Public API
+
+/// Create and Initialize Message Queue
+osMessageQId osMessageCreate (const osMessageQDef_t *queue_def, osThreadId thread_id) {
+  if (__exceptional_mode()) return NULL;           // Not allowed in ISR
+  if ((__get_mode() != MODE_USR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcMessageCreate(queue_def, thread_id);
+  } else {
+    return __svcMessageCreate(queue_def, thread_id);
+  }
+}
+
+/// Put a Message to a Queue
+osStatus osMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+  if (__exceptional_mode()) {                      // in ISR
+    return   isrMessagePut(queue_id, info, millisec);
+  } else {                                      // in Thread
+    return __svcMessagePut(queue_id, info, millisec);
+  }
+}
+
+/// Get a Message or Wait for a Message from a Queue
+os_InRegs osEvent osMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  if (__exceptional_mode()) {                      // in ISR
+    return   isrMessageGet(queue_id, millisec);
+  } else {                                      // in Thread
+    return __svcMessageGet(queue_id, millisec);
+  }
+}
+
+
+// ==== Mail Queue Management Functions ====
+
+// Mail Queue Management Service Calls declarations
+SVC_2_1(svcMailCreate, osMailQId, const osMailQDef_t *, osThreadId,                   RET_pointer)
+SVC_4_1(sysMailAlloc,  void *,          osMailQId,      uint32_t, uint32_t, uint32_t, RET_pointer)
+SVC_3_1(sysMailFree,   osStatus,        osMailQId,      void *,   uint32_t,           RET_osStatus)
+
+// Mail Queue Management Service & ISR Calls
+
+/// Create and Initialize mail queue
+osMailQId svcMailCreate (const osMailQDef_t *queue_def, osThreadId thread_id) {
+  uint32_t blk_sz;
+  P_MCB    pmcb;
+  void    *pool;
+
+  if ((queue_def == NULL) ||
+      (queue_def->queue_sz == 0) ||
+      (queue_def->item_sz  == 0) ||
+      (queue_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  pmcb = *(((void **)queue_def->pool) + 0);
+  pool = *(((void **)queue_def->pool) + 1);
+
+  if ((pool == NULL) || (pmcb == NULL) || (pmcb->cb_type != 0)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  blk_sz = (queue_def->item_sz + 3) & ~3;
+
+  _init_box(pool, sizeof(struct OS_BM) + queue_def->queue_sz * blk_sz, blk_sz);
+
+  rt_mbx_init(pmcb, 4*(queue_def->queue_sz + 4));
+
+  return queue_def->pool;
+}
+
+/// Allocate a memory block from a mail
+void *sysMailAlloc (osMailQId queue_id, uint32_t millisec, uint32_t isr, uint32_t clr) {
+  P_MCB pmcb;
+  void *pool;
+  void *mem;
+
+  if (queue_id == NULL) return NULL;
+
+  pmcb = *(((void **)queue_id) + 0);
+  pool = *(((void **)queue_id) + 1);
+
+  if ((pool == NULL) || (pmcb == NULL)) return NULL;
+
+  if (isr && (millisec != 0)) return NULL;
+
+  mem = rt_alloc_box(pool);
+  if (clr) {
+    rt_clr_box(pool, mem);
+  }
+
+  if ((mem == NULL) && (millisec != 0)) {
+    // Put Task to sleep when Memory not available
+    if (pmcb->p_lnk != NULL) {
+      rt_put_prio((P_XCB)pmcb, os_tsk.run);
+    } else {
+      pmcb->p_lnk = os_tsk.run;
+      os_tsk.run->p_lnk = NULL;
+      os_tsk.run->p_rlnk = (P_TCB)pmcb;
+      // Task is waiting to allocate a message
+      pmcb->state = 3;
+    }
+    rt_block(rt_ms2tick(millisec), WAIT_MBX);
+  }
+
+  return mem;
+}
+
+/// Free a memory block from a mail
+osStatus sysMailFree (osMailQId queue_id, void *mail, uint32_t isr) {
+  P_MCB   pmcb;
+  P_TCB   ptcb;
+  void   *pool;
+  void   *mem;
+  int32_t res;
+
+  if (queue_id == NULL) return osErrorParameter;
+
+  pmcb = *(((void **)queue_id) + 0);
+  pool = *(((void **)queue_id) + 1);
+
+  if ((pmcb == NULL) || (pool == NULL)) return osErrorParameter;
+
+  res = rt_free_box(pool, mail);
+
+  if (res != 0) return osErrorValue;
+
+  if ((pmcb->p_lnk != NULL) && (pmcb->state == 3)) {
+    // Task is waiting to allocate a message
+    if (isr) {
+      rt_psq_enq (pmcb, (U32)pool);
+      rt_psh_req ();
+    } else {
+      mem = rt_alloc_box(pool);
+      if (mem != NULL) {
+        ptcb = rt_get_first((P_XCB)pmcb);
+        rt_ret_val(ptcb, (U32)mem);
+        rt_rmv_dly(ptcb);
+        rt_dispatch(ptcb);
+      }
+    }
+  }
+
+  return osOK;
+}
+
+
+// Mail Queue Management Public API
+
+/// Create and Initialize mail queue
+osMailQId osMailCreate (const osMailQDef_t *queue_def, osThreadId thread_id) {
+  if (__exceptional_mode()) return NULL;           // Not allowed in ISR
+  if ((__get_mode() != MODE_USR) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcMailCreate(queue_def, thread_id);
+  } else {
+    return __svcMailCreate(queue_def, thread_id);
+  }
+}
+
+/// Allocate a memory block from a mail
+void *osMailAlloc (osMailQId queue_id, uint32_t millisec) {
+  if (__exceptional_mode()) {                      // in ISR
+    return   sysMailAlloc(queue_id, millisec, 1, 0);
+  } else {                                      // in Thread
+    return __sysMailAlloc(queue_id, millisec, 0, 0);
+  }
+}
+
+/// Allocate a memory block from a mail and set memory block to zero
+void *osMailCAlloc (osMailQId queue_id, uint32_t millisec) {
+  if (__exceptional_mode()) {                      // in ISR
+    return   sysMailAlloc(queue_id, millisec, 1, 1);
+  } else {                                      // in Thread
+    return __sysMailAlloc(queue_id, millisec, 0, 1);
+  }
+}
+
+/// Free a memory block from a mail
+osStatus osMailFree (osMailQId queue_id, void *mail) {
+  if (__exceptional_mode()) {                      // in ISR
+    return   sysMailFree(queue_id, mail, 1);
+  } else {                                      // in Thread
+    return __sysMailFree(queue_id, mail, 0);
+  }
+}
+
+/// Put a mail to a queue
+osStatus osMailPut (osMailQId queue_id, void *mail) {
+  if (queue_id == NULL) return osErrorParameter;
+  if (mail == NULL)     return osErrorValue;
+  return osMessagePut(*((void **)queue_id), (uint32_t)mail, 0);
+}
+
+#ifdef __CC_ARM
+#pragma push
+#pragma Ospace
+#endif // __arm__
+/// Get a mail from a queue
+os_InRegs osEvent osMailGet (osMailQId queue_id, uint32_t millisec) {
+  osEvent ret;
+
+  if (queue_id == NULL) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  ret = osMessageGet(*((void **)queue_id), millisec);
+  if (ret.status == osEventMessage) ret.status = osEventMail;
+
+  return ret;
+}
+#ifdef __CC_ARM
+#pragma pop
+#endif // __arm__
+
+
+//  ==== RTX Extensions ====
+
+// Service Calls declarations
+SVC_0_1(rt_suspend, uint32_t, RET_uint32_t)
+SVC_1_0(rt_resume,  void,     uint32_t)
+
+
+// Public API
+
+/// Suspends the OS task scheduler
+uint32_t os_suspend (void) {
+  return __rt_suspend();
+}
+
+/// Resumes the OS task scheduler
+void os_resume (uint32_t sleep_time) {
+  __rt_resume(sleep_time);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Event.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,194 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_EVENT.C
+ *      Purpose: Implements waits and wake-ups for event flags
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_System.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_evt_wait -----------------------------------*/
+
+OS_RESULT rt_evt_wait (U16 wait_flags, U16 timeout, BOOL and_wait) {
+  /* Wait for one or more event flags with optional time-out.                */
+  /* "wait_flags" identifies the flags to wait for.                          */
+  /* "timeout" is the time-out limit in system ticks (0xffff if no time-out) */
+  /* "and_wait" specifies the AND-ing of "wait_flags" as condition to be met */
+  /* to complete the wait. (OR-ing if set to 0).                             */
+  U32 block_state;
+
+  if (and_wait) {
+    /* Check for AND-connected events */
+    if ((os_tsk.run->events & wait_flags) == wait_flags) {
+      os_tsk.run->events &= ~wait_flags;
+      return (OS_R_EVT);
+    }
+    block_state = WAIT_AND;
+  }
+  else {
+    /* Check for OR-connected events */
+    if (os_tsk.run->events & wait_flags) {
+      os_tsk.run->waits = os_tsk.run->events & wait_flags;
+      os_tsk.run->events &= ~wait_flags;
+      return (OS_R_EVT);
+    }
+    block_state = WAIT_OR;
+  }
+  /* Task has to wait */
+  os_tsk.run->waits = wait_flags;
+  rt_block (timeout, (U8)block_state);
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- rt_evt_set ------------------------------------*/
+
+void rt_evt_set (U16 event_flags, OS_TID task_id) {
+  /* Set one or more event flags of a selectable task. */
+  P_TCB p_tcb;
+
+  p_tcb = os_active_TCB[task_id-1];
+  if (p_tcb == NULL) {
+    return;
+  }
+  p_tcb->events |= event_flags;
+  event_flags    = p_tcb->waits;
+  /* If the task is not waiting for an event, it should not be put */
+  /* to ready state. */
+  if (p_tcb->state == WAIT_AND) {
+    /* Check for AND-connected events */
+    if ((p_tcb->events & event_flags) == event_flags) {
+      goto wkup;
+    }
+  }
+  if (p_tcb->state == WAIT_OR) {
+    /* Check for OR-connected events */
+    if (p_tcb->events & event_flags) {
+      p_tcb->waits  &= p_tcb->events;
+wkup: p_tcb->events &= ~event_flags;
+      rt_rmv_dly (p_tcb);
+      p_tcb->state   = READY;
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_tcb, 0x08/*osEventSignal*/, p_tcb->waits);
+#else
+      rt_ret_val (p_tcb, OS_R_EVT);
+#endif
+      rt_dispatch (p_tcb);
+    }
+  }
+}
+
+
+/*--------------------------- rt_evt_clr ------------------------------------*/
+
+void rt_evt_clr (U16 clear_flags, OS_TID task_id) {
+  /* Clear one or more event flags (identified by "clear_flags") of a */
+  /* selectable task (identified by "task"). */
+  P_TCB task = os_active_TCB[task_id-1];
+
+  if (task == NULL) {
+    return;
+  }
+  task->events &= ~clear_flags;
+}
+
+
+/*--------------------------- isr_evt_set -----------------------------------*/
+
+void isr_evt_set (U16 event_flags, OS_TID task_id) {
+  /* Same function as "os_evt_set", but to be called by ISRs. */
+  P_TCB p_tcb = os_active_TCB[task_id-1];
+
+  if (p_tcb == NULL) {
+    return;
+  }
+  rt_psq_enq (p_tcb, event_flags);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- rt_evt_get ------------------------------------*/
+
+U16 rt_evt_get (void) {
+  /* Get events of a running task after waiting for OR connected events. */
+  return (os_tsk.run->waits);
+}
+
+
+/*--------------------------- rt_evt_psh ------------------------------------*/
+
+void rt_evt_psh (P_TCB p_CB, U16 set_flags) {
+  /* Check if task has to be waken up */
+  U16 event_flags;
+
+  p_CB->events |= set_flags;
+  event_flags = p_CB->waits;
+  if (p_CB->state == WAIT_AND) {
+    /* Check for AND-connected events */
+    if ((p_CB->events & event_flags) == event_flags) {
+      goto rdy;
+    }
+  }
+  if (p_CB->state == WAIT_OR) {
+    /* Check for OR-connected events */
+    if (p_CB->events & event_flags) {
+      p_CB->waits  &= p_CB->events;
+rdy:  p_CB->events &= ~event_flags;
+      rt_rmv_dly (p_CB);
+      p_CB->state   = READY;
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_CB, 0x08/*osEventSignal*/, p_CB->waits);
+#else
+      rt_ret_val (p_CB, OS_R_EVT);
+#endif
+      rt_put_prio (&os_rdy, p_CB);
+    }
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Event.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_EVENT.H
+ *      Purpose: Implements waits and wake-ups for event flags
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern OS_RESULT rt_evt_wait (U16 wait_flags,  U16 timeout, BOOL and_wait);
+extern void      rt_evt_set  (U16 event_flags, OS_TID task_id);
+extern void      rt_evt_clr  (U16 clear_flags, OS_TID task_id);
+extern void      isr_evt_set (U16 event_flags, OS_TID task_id);
+extern U16       rt_evt_get  (void);
+extern void      rt_evt_psh  (P_TCB p_CB, U16 set_flags);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_HAL_CA.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,237 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_HAL_CA.H
+ *      Purpose: Hardware Abstraction Layer for Cortex-A definitions
+ *      Rev.:    14th Jan 2014
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+#define INIT_CPSR_SYS   0x4000001F
+#define INIT_CPSR_USER  0x40000010
+
+#define CPSR_T_BIT      0x20
+#define CPSR_I_BIT      0x80
+#define CPSR_F_BIT      0x40
+
+#define MODE_USR        0x10
+#define MODE_FIQ        0x11
+#define MODE_IRQ        0x12
+#define MODE_SVC        0x13
+#define MODE_ABT        0x17
+#define MODE_UND        0x1B
+#define MODE_SYS        0x1F
+
+#define MAGIC_WORD      0xE25A2EA5
+
+#include "core_ca9.h"
+
+#if defined (__CC_ARM)          /* ARM Compiler */
+
+#if ((__TARGET_ARCH_7_M || __TARGET_ARCH_7E_M || __TARGET_ARCH_7_A) && !defined(NO_EXCLUSIVE_ACCESS))
+ #define __USE_EXCLUSIVE_ACCESS
+#else
+ #undef  __USE_EXCLUSIVE_ACCESS
+#endif
+
+#elif defined (__GNUC__)        /* GNU Compiler */
+
+#undef  __USE_EXCLUSIVE_ACCESS
+
+#if defined (__VFP_FP__) && !defined(__SOFTFP__)
+#define __TARGET_FPU_VFP 1
+#else
+#define __TARGET_FPU_VFP 0
+#endif
+
+#define __inline inline
+#define __weak   __attribute__((weak))
+
+#elif defined (__ICCARM__)      /* IAR Compiler */
+
+#endif
+
+static U8 priority = 0xff;
+
+extern const U32 GICDistributor_BASE;
+extern const U32 GICInterface_BASE;
+
+/* GIC registers - Distributor */
+#define GICD_ICDICER0   (*((volatile U32 *)(GICDistributor_BASE + 0x180))) /* - RW - Interrupt Clear-Enable Registers */
+#define GICD_ICDISER0   (*((volatile U32 *)(GICDistributor_BASE + 0x100))) /* - RW - Interrupt Set-Enable Registers */
+#define GICD_ICDIPR0    (*((volatile U32 *)(GICDistributor_BASE + 0x400))) /* - RW - Interrupt Priority Registers */
+#define GICD_ICDSGIR    (*((volatile U32 *)(GICDistributor_BASE + 0xf00))) /* - RW - Interrupt Software Interrupt Register */
+#define GICD_ICDICERx(irq)   *(volatile U32 *)(&GICD_ICDICER0 + irq/32)
+#define GICD_ICDISERx(irq)   *(volatile U32 *)(&GICD_ICDISER0 + irq/32)
+
+/* GIC register  - CPU Interface  */
+#define GICI_ICCPMR     (*((volatile U32 *)(GICInterface_BASE + 0x004))) /* - RW - Interrupt Priority Mask Register */
+
+#define SGI_PENDSV      0 /* SGI0 */
+#define SGI_PENDSV_BIT  ((U32)(1 << (SGI_PENDSV & 0xf)))
+
+//Increase priority filter to prevent timer and PendSV interrupts signaling. Guarantees that interrupts will not be forwarded.
+#if defined (__ICCARM__)
+#define OS_LOCK() int irq_dis = __disable_irq_iar();\
+                  priority = GICI_ICCPMR; \
+                  GICI_ICCPMR = 0xff; \
+                  GICI_ICCPMR = GICI_ICCPMR - 1; \
+                  __DSB();\
+                  if(!irq_dis) __enable_irq(); \
+
+#else
+#define OS_LOCK() int irq_dis = __disable_irq();\
+                  priority = GICI_ICCPMR; \
+                  GICI_ICCPMR = 0xff; \
+                  GICI_ICCPMR = GICI_ICCPMR - 1; \
+                  __DSB();\
+                  if(!irq_dis) __enable_irq(); \
+
+#endif
+
+//Restore priority filter. Re-enable timer and PendSV signaling
+#define OS_UNLOCK() __DSB(); \
+                    GICI_ICCPMR = priority; \
+
+#define OS_PEND_IRQ() GICD_ICDSGIR = 0x0010000 | SGI_PENDSV
+#define OS_PEND(fl,p) if(p) OS_PEND_IRQ();
+#define OS_UNPEND(fl)
+
+/* HW initialization needs to be done in os_tick_init (void) -RTX_Conf_CM.c-
+ * OS_X_INIT enables the IRQ n in the GIC */
+#define OS_X_INIT(n) volatile char *reg; \
+                     reg = (char *)(&GICD_ICDIPR0 + n / 4); \
+                     reg += n % 4; \
+                     *reg = (char)0xff; \
+                     *reg = *reg - 1; \
+                     GICD_ICDISERx(n) = (U32)(1 << n % 32);
+#define OS_X_LOCK(n) OS_LOCK()
+#define OS_X_UNLOCK(n) OS_UNLOCK()
+#define OS_X_PEND_IRQ() OS_PEND_IRQ()
+#define OS_X_PEND(fl,p) if(p) OS_X_PEND_IRQ();
+#define OS_X_UNPEND(fl)
+
+
+/* Functions */
+#ifdef __USE_EXCLUSIVE_ACCESS
+ #define rt_inc(p)     while(__strex((__ldrex(p)+1),p))
+ #define rt_dec(p)     while(__strex((__ldrex(p)-1),p))
+#else
+#if defined (__ICCARM__)
+ #define rt_inc(p)     { int irq_dis = __disable_irq_iar();(*p)++;if(!irq_dis) __enable_irq(); }
+ #define rt_dec(p)     { int irq_dis = __disable_irq_iar();(*p)--;if(!irq_dis) __enable_irq(); }
+#else
+ #define rt_inc(p)     { int irq_dis = __disable_irq();(*p)++;if(!irq_dis) __enable_irq(); }
+ #define rt_dec(p)     { int irq_dis = __disable_irq();(*p)--;if(!irq_dis) __enable_irq(); }
+#endif /* __ICCARM__ */
+#endif /* __USE_EXCLUSIVE_ACCESS */
+
+__inline static U32 rt_inc_qi (U32 size, U8 *count, U8 *first) {
+  U32 cnt,c2;
+#ifdef __USE_EXCLUSIVE_ACCESS
+  do {
+    if ((cnt = __ldrex(count)) == size) {
+      __clrex();
+      return (cnt); }
+  } while (__strex(cnt+1, count));
+  do {
+    c2 = (cnt = __ldrex(first)) + 1;
+    if (c2 == size) c2 = 0;
+  } while (__strex(c2, first));
+#else
+  int irq_dis;
+ #if defined (__ICCARM__)
+  irq_dis = __disable_irq_iar();
+ #else
+  irq_dis = __disable_irq();
+ #endif /* __ICCARM__ */
+  if ((cnt = *count) < size) {
+    *count = cnt+1;
+    c2 = (cnt = *first) + 1;
+    if (c2 == size) c2 = 0;
+    *first = c2;
+  }
+  if(!irq_dis) __enable_irq ();
+#endif
+  return (cnt);
+}
+
+__inline static void rt_systick_init (void) {
+  /* Cortex-A doesn't have a Systick. User needs to provide an alternative timer using RTX_Conf_CM configuration */
+  /* HW initialization needs to be done in os_tick_init (void) -RTX_Conf_CM.c- */
+}
+
+__inline static U32 rt_systick_val (void) {
+  /* Cortex-A doesn't have a Systick. User needs to provide an alternative timer using RTX_Conf_CM configuration */
+  /* HW initialization needs to be done in os_tick_init (void) -RTX_Conf_CM.c- */
+  return 0;
+}
+
+__inline static U32 rt_systick_ovf (void) {
+  /* Cortex-A doesn't have a Systick. User needs to provide an alternative timer using RTX_Conf_CM configuration */
+  /* HW initialization needs to be done in os_tick_init (void) -RTX_Conf_CM.c- */
+  return 0;
+}
+
+__inline static void rt_svc_init (void) {
+  /* Register pendSV - through SGI */
+  volatile char *reg;
+
+  reg = (char *)(&GICD_ICDIPR0 + SGI_PENDSV/4);
+  reg += SGI_PENDSV % 4;
+  /* Write 0xff to read priority level */
+  *reg = (char)0xff;
+  /* Read priority level and set the lowest possible*/
+  *reg = *reg - 1;
+
+  GICD_ICDISERx(SGI_PENDSV) = (U32)SGI_PENDSV_BIT;
+}
+
+extern void rt_set_PSP (U32 stack);
+extern U32  rt_get_PSP (void);
+extern void os_set_env (P_TCB p_TCB);
+extern void *_alloc_box (void *box_mem);
+extern int  _free_box (void *box_mem, void *box);
+
+extern void rt_init_stack (P_TCB p_TCB, FUNCP task_body);
+extern void rt_ret_val  (P_TCB p_TCB, U32 v0);
+extern void rt_ret_val2 (P_TCB p_TCB, U32 v0, U32 v1);
+
+extern void dbg_init (void);
+extern void dbg_task_notify (P_TCB p_tcb, BOOL create);
+extern void dbg_task_switch (U32 task_id);
+
+#define DBG_INIT()
+#define DBG_TASK_NOTIFY(p_tcb,create)
+#define DBG_TASK_SWITCH(task_id)
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_HAL_CM.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,284 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_HAL_CM.H
+ *      Purpose: Hardware Abstraction Layer for Cortex-M definitions
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+#define INITIAL_xPSR    0x01000000
+#define DEMCR_TRCENA    0x01000000
+#define ITM_ITMENA      0x00000001
+#define MAGIC_WORD      0xE25A2EA5
+
+#if defined (__CC_ARM)          /* ARM Compiler */
+
+#if ((__TARGET_ARCH_7_M || __TARGET_ARCH_7E_M) && !defined(NO_EXCLUSIVE_ACCESS))
+ #define __USE_EXCLUSIVE_ACCESS
+#else
+ #undef  __USE_EXCLUSIVE_ACCESS
+#endif
+
+#elif defined (__GNUC__)        /* GNU Compiler */
+
+#undef  __USE_EXCLUSIVE_ACCESS
+
+#if defined (__CORTEX_M0)
+#define __TARGET_ARCH_6S_M 1
+#else
+#define __TARGET_ARCH_6S_M 0
+#endif
+
+#if defined (__VFP_FP__) && !defined(__SOFTFP__)
+#define __TARGET_FPU_VFP 1
+#else
+#define __TARGET_FPU_VFP 0
+#endif
+
+#define __inline inline
+#define __weak   __attribute__((weak))
+
+#ifndef __CMSIS_GENERIC
+
+__attribute__((always_inline)) static inline void __enable_irq(void)
+{
+  __asm volatile ("cpsie i");
+}
+
+__attribute__((always_inline)) static inline U32 __disable_irq(void)
+{
+  U32 result;
+
+  __asm volatile ("mrs %0, primask" : "=r" (result));
+  __asm volatile ("cpsid i");
+  return(result & 1);
+}
+
+#endif
+
+__attribute__(( always_inline)) static inline U8 __clz(U32 value)
+{
+  U8 result;
+
+  __asm volatile ("clz %0, %1" : "=r" (result) : "r" (value));
+  return(result);
+}
+
+#elif defined (__ICCARM__)      /* IAR Compiler */
+
+#undef  __USE_EXCLUSIVE_ACCESS
+
+#if (__CORE__ == __ARM6M__)
+#define __TARGET_ARCH_6S_M 1
+#else
+#define __TARGET_ARCH_6S_M 0
+#endif
+
+#if defined __ARMVFP__
+#define __TARGET_FPU_VFP 1
+#else
+#define __TARGET_FPU_VFP 0
+#endif
+
+#define __inline inline
+
+#ifndef __CMSIS_GENERIC
+
+static inline void __enable_irq(void)
+{
+  __asm volatile ("cpsie i");
+}
+
+static inline U32 __disable_irq(void)
+{
+  U32 result;
+
+  __asm volatile ("mrs %0, primask" : "=r" (result));
+  __asm volatile ("cpsid i");
+  return(result & 1);
+}
+
+#endif
+
+static inline U8 __clz(U32 value)
+{
+  U8 result;
+
+  __asm volatile ("clz %0, %1" : "=r" (result) : "r" (value));
+  return(result);
+}
+
+#endif
+
+/* NVIC registers */
+#define NVIC_ST_CTRL    (*((volatile U32 *)0xE000E010))
+#define NVIC_ST_RELOAD  (*((volatile U32 *)0xE000E014))
+#define NVIC_ST_CURRENT (*((volatile U32 *)0xE000E018))
+#define NVIC_ISER         ((volatile U32 *)0xE000E100)
+#define NVIC_ICER         ((volatile U32 *)0xE000E180)
+#if (__TARGET_ARCH_6S_M)
+#define NVIC_IP           ((volatile U32 *)0xE000E400)
+#else
+#define NVIC_IP           ((volatile U8  *)0xE000E400)
+#endif
+#define NVIC_INT_CTRL   (*((volatile U32 *)0xE000ED04))
+#define NVIC_AIR_CTRL   (*((volatile U32 *)0xE000ED0C))
+#define NVIC_SYS_PRI2   (*((volatile U32 *)0xE000ED1C))
+#define NVIC_SYS_PRI3   (*((volatile U32 *)0xE000ED20))
+
+#define OS_PEND_IRQ()   NVIC_INT_CTRL  = (1<<28)
+#define OS_PENDING      ((NVIC_INT_CTRL >> 26) & (1<<2 | 1))
+#define OS_UNPEND(fl)   NVIC_INT_CTRL  = (*fl = OS_PENDING) << 25
+#define OS_PEND(fl,p)   NVIC_INT_CTRL  = (fl | p<<2) << 26
+#define OS_LOCK()       NVIC_ST_CTRL   =  0x0005
+#define OS_UNLOCK()     NVIC_ST_CTRL   =  0x0007
+
+#define OS_X_PENDING    ((NVIC_INT_CTRL >> 28) & 1)
+#define OS_X_UNPEND(fl) NVIC_INT_CTRL  = (*fl = OS_X_PENDING) << 27
+#define OS_X_PEND(fl,p) NVIC_INT_CTRL  = (fl | p) << 28
+#if (__TARGET_ARCH_6S_M)
+#define OS_X_INIT(n)    NVIC_IP[n>>2] |= 0xFF << (8*(n & 0x03)); \
+                        NVIC_ISER[n>>5] = 1 << (n & 0x1F)
+#else
+#define OS_X_INIT(n)    NVIC_IP[n] = 0xFF; \
+                        NVIC_ISER[n>>5] = 1 << (n & 0x1F)
+#endif
+#define OS_X_LOCK(n)    NVIC_ICER[n>>5] = 1 << (n & 0x1F)
+#define OS_X_UNLOCK(n)  NVIC_ISER[n>>5] = 1 << (n & 0x1F)
+
+/* Core Debug registers */
+#define DEMCR           (*((volatile U32 *)0xE000EDFC))
+
+/* ITM registers */
+#define ITM_CONTROL     (*((volatile U32 *)0xE0000E80))
+#define ITM_ENABLE      (*((volatile U32 *)0xE0000E00))
+#define ITM_PORT30_U32  (*((volatile U32 *)0xE0000078))
+#define ITM_PORT31_U32  (*((volatile U32 *)0xE000007C))
+#define ITM_PORT31_U16  (*((volatile U16 *)0xE000007C))
+#define ITM_PORT31_U8   (*((volatile U8  *)0xE000007C))
+
+/* Variables */
+extern BIT dbg_msg;
+
+/* Functions */
+#ifdef __USE_EXCLUSIVE_ACCESS
+ #define rt_inc(p)     while(__strex((__ldrex(p)+1),p))
+ #define rt_dec(p)     while(__strex((__ldrex(p)-1),p))
+#else
+ #define rt_inc(p)     __disable_irq();(*p)++;__enable_irq();
+ #define rt_dec(p)     __disable_irq();(*p)--;__enable_irq();
+#endif
+
+__inline static U32 rt_inc_qi (U32 size, U8 *count, U8 *first) {
+  U32 cnt,c2;
+#ifdef __USE_EXCLUSIVE_ACCESS
+  do {
+    if ((cnt = __ldrex(count)) == size) {
+      __clrex();
+      return (cnt); }
+  } while (__strex(cnt+1, count));
+  do {
+    c2 = (cnt = __ldrex(first)) + 1;
+    if (c2 == size) c2 = 0;
+  } while (__strex(c2, first));
+#else
+  __disable_irq();
+  if ((cnt = *count) < size) {
+    *count = cnt+1;
+    c2 = (cnt = *first) + 1;
+    if (c2 == size) c2 = 0;
+    *first = c2;
+  }
+  __enable_irq ();
+#endif
+  return (cnt);
+}
+
+__inline static void rt_systick_init (void) {
+  NVIC_ST_RELOAD  = os_trv;
+  NVIC_ST_CURRENT = 0;
+  NVIC_ST_CTRL    = 0x0007;
+  NVIC_SYS_PRI3  |= 0xFF000000;
+}
+
+__inline static U32 rt_systick_val (void) {
+  return (os_trv - NVIC_ST_CURRENT);
+}
+
+__inline static U32 rt_systick_ovf (void) {
+  return ((NVIC_INT_CTRL >> 26) & 1);
+}
+
+__inline static void rt_svc_init (void) {
+#if !(__TARGET_ARCH_6S_M)
+  int sh,prigroup;
+#endif
+  NVIC_SYS_PRI3 |= 0x00FF0000;
+#if (__TARGET_ARCH_6S_M)
+  NVIC_SYS_PRI2 |= (NVIC_SYS_PRI3<<(8+1)) & 0xFC000000;
+#else
+  sh       = 8 - __clz (~((NVIC_SYS_PRI3 << 8) & 0xFF000000));
+  prigroup = ((NVIC_AIR_CTRL >> 8) & 0x07);
+  if (prigroup >= sh) {
+    sh = prigroup + 1;
+  }
+  NVIC_SYS_PRI2 = ((0xFEFFFFFF << sh) & 0xFF000000) | (NVIC_SYS_PRI2 & 0x00FFFFFF);
+#endif
+}
+
+extern void rt_set_PSP (U32 stack);
+extern U32  rt_get_PSP (void);
+extern void os_set_env (void);
+extern void *_alloc_box (void *box_mem);
+extern int  _free_box (void *box_mem, void *box);
+
+extern void rt_init_stack (P_TCB p_TCB, FUNCP task_body);
+extern void rt_ret_val  (P_TCB p_TCB, U32 v0);
+extern void rt_ret_val2 (P_TCB p_TCB, U32 v0, U32 v1);
+
+extern void dbg_init (void);
+extern void dbg_task_notify (P_TCB p_tcb, BOOL create);
+extern void dbg_task_switch (U32 task_id);
+
+#ifdef DBG_MSG
+#define DBG_INIT() dbg_init()
+#define DBG_TASK_NOTIFY(p_tcb,create) if (dbg_msg) dbg_task_notify(p_tcb,create)
+#define DBG_TASK_SWITCH(task_id)      if (dbg_msg && (os_tsk.new_tsk!=os_tsk.run)) \
+                                                   dbg_task_switch(task_id)
+#else
+#define DBG_INIT()
+#define DBG_TASK_NOTIFY(p_tcb,create)
+#define DBG_TASK_SWITCH(task_id)
+#endif
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_List.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,324 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_LIST.C
+ *      Purpose: Functions for the management of different lists
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* List head of chained ready tasks */
+struct OS_XCB  os_rdy;
+/* List head of chained delay tasks */
+struct OS_XCB  os_dly;
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_put_prio -----------------------------------*/
+
+void rt_put_prio (P_XCB p_CB, P_TCB p_task) {
+  /* Put task identified with "p_task" into list ordered by priority.       */
+  /* "p_CB" points to head of list; list has always an element at end with  */
+  /* a priority less than "p_task->prio".                                   */
+  P_TCB p_CB2;
+  U32 prio;
+  BOOL sem_mbx = __FALSE;
+
+  if (p_CB->cb_type == SCB || p_CB->cb_type == MCB || p_CB->cb_type == MUCB) {
+    sem_mbx = __TRUE;
+  }
+  prio = p_task->prio;
+  p_CB2 = p_CB->p_lnk;
+  /* Search for an entry in the list */
+  while (p_CB2 != NULL && prio <= p_CB2->prio) {
+    p_CB = (P_XCB)p_CB2;
+    p_CB2 = p_CB2->p_lnk;
+  }
+  /* Entry found, insert the task into the list */
+  p_task->p_lnk = p_CB2;
+  p_CB->p_lnk = p_task;
+  if (sem_mbx) {
+    if (p_CB2 != NULL) {
+      p_CB2->p_rlnk = p_task;
+    }
+    p_task->p_rlnk = (P_TCB)p_CB;
+  }
+  else {
+    p_task->p_rlnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_get_first ----------------------------------*/
+
+P_TCB rt_get_first (P_XCB p_CB) {
+  /* Get task at head of list: it is the task with highest priority. */
+  /* "p_CB" points to head of list. */
+  P_TCB p_first;
+
+  p_first = p_CB->p_lnk;
+  p_CB->p_lnk = p_first->p_lnk;
+  if (p_CB->cb_type == SCB || p_CB->cb_type == MCB || p_CB->cb_type == MUCB) {
+    if (p_first->p_lnk != NULL) {
+      p_first->p_lnk->p_rlnk = (P_TCB)p_CB;
+      p_first->p_lnk = NULL;
+    }
+    p_first->p_rlnk = NULL;
+  }
+  else {
+    p_first->p_lnk = NULL;
+  }
+  return (p_first);
+}
+
+
+/*--------------------------- rt_put_rdy_first ------------------------------*/
+
+void rt_put_rdy_first (P_TCB p_task) {
+  /* Put task identified with "p_task" at the head of the ready list. The   */
+  /* task must have at least a priority equal to highest priority in list.  */
+  p_task->p_lnk = os_rdy.p_lnk;
+  p_task->p_rlnk = NULL;
+  os_rdy.p_lnk = p_task;
+}
+
+
+/*--------------------------- rt_get_same_rdy_prio --------------------------*/
+
+P_TCB rt_get_same_rdy_prio (void) {
+  /* Remove a task of same priority from ready list if any exists. Other-   */
+  /* wise return NULL.                                                      */
+  P_TCB p_first;
+
+  p_first = os_rdy.p_lnk;
+  if (p_first->prio == os_tsk.run->prio) {
+    os_rdy.p_lnk = os_rdy.p_lnk->p_lnk;
+    return (p_first);
+  }
+  return (NULL);
+}
+
+
+/*--------------------------- rt_resort_prio --------------------------------*/
+
+void rt_resort_prio (P_TCB p_task) {
+  /* Re-sort ordered lists after the priority of 'p_task' has changed.      */
+  P_TCB p_CB;
+
+  if (p_task->p_rlnk == NULL) {
+    if (p_task->state == READY) {
+      /* Task is chained into READY list. */
+      p_CB = (P_TCB)&os_rdy;
+      goto res;
+    }
+  }
+  else {
+    p_CB = p_task->p_rlnk;
+    while (p_CB->cb_type == TCB) {
+      /* Find a header of this task chain list. */
+      p_CB = p_CB->p_rlnk;
+    }
+res:rt_rmv_list (p_task);
+    rt_put_prio ((P_XCB)p_CB, p_task);
+  }
+}
+
+
+/*--------------------------- rt_put_dly ------------------------------------*/
+
+void rt_put_dly (P_TCB p_task, U16 delay) {
+  /* Put a task identified with "p_task" into chained delay wait list using */
+  /* a delay value of "delay".                                              */
+  P_TCB p;
+  U32 delta,idelay = delay;
+
+  p = (P_TCB)&os_dly;
+  if (p->p_dlnk == NULL) {
+    /* Delay list empty */
+    delta = 0;
+    goto last;
+  }
+  delta = os_dly.delta_time;
+  while (delta < idelay) {
+    if (p->p_dlnk == NULL) {
+      /* End of list found */
+last: p_task->p_dlnk = NULL;
+      p->p_dlnk = p_task;
+      p_task->p_blnk = p;
+      p->delta_time = (U16)(idelay - delta);
+      p_task->delta_time = 0;
+      return;
+    }
+    p = p->p_dlnk;
+    delta += p->delta_time;
+  }
+  /* Right place found */
+  p_task->p_dlnk = p->p_dlnk;
+  p->p_dlnk = p_task;
+  p_task->p_blnk = p;
+  if (p_task->p_dlnk != NULL) {
+    p_task->p_dlnk->p_blnk = p_task;
+  }
+  p_task->delta_time = (U16)(delta - idelay);
+  p->delta_time -= p_task->delta_time;
+}
+
+
+/*--------------------------- rt_dec_dly ------------------------------------*/
+
+void rt_dec_dly (void) {
+  /* Decrement delta time of list head: remove tasks having a value of zero.*/
+  P_TCB p_rdy;
+
+  if (os_dly.p_dlnk == NULL) {
+    return;
+  }
+  os_dly.delta_time--;
+  while ((os_dly.delta_time == 0) && (os_dly.p_dlnk != NULL)) {
+    p_rdy = os_dly.p_dlnk;
+    if (p_rdy->p_rlnk != NULL) {
+      /* Task is really enqueued, remove task from semaphore/mailbox */
+      /* timeout waiting list. */
+      p_rdy->p_rlnk->p_lnk = p_rdy->p_lnk;
+      if (p_rdy->p_lnk != NULL) {
+        p_rdy->p_lnk->p_rlnk = p_rdy->p_rlnk;
+        p_rdy->p_lnk = NULL;
+      }
+      p_rdy->p_rlnk = NULL;
+    }
+    rt_put_prio (&os_rdy, p_rdy);
+    os_dly.delta_time = p_rdy->delta_time;
+    if (p_rdy->state == WAIT_ITV) {
+      /* Calculate the next time for interval wait. */
+      p_rdy->delta_time = p_rdy->interval_time + (U16)os_time;
+    }
+    p_rdy->state   = READY;
+    os_dly.p_dlnk = p_rdy->p_dlnk;
+    if (p_rdy->p_dlnk != NULL) {
+      p_rdy->p_dlnk->p_blnk =  (P_TCB)&os_dly;
+      p_rdy->p_dlnk = NULL;
+    }
+    p_rdy->p_blnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_rmv_list -----------------------------------*/
+
+void rt_rmv_list (P_TCB p_task) {
+  /* Remove task identified with "p_task" from ready, semaphore or mailbox  */
+  /* waiting list if enqueued.                                              */
+  P_TCB p_b;
+
+  if (p_task->p_rlnk != NULL) {
+    /* A task is enqueued in semaphore / mailbox waiting list. */
+    p_task->p_rlnk->p_lnk = p_task->p_lnk;
+    if (p_task->p_lnk != NULL) {
+      p_task->p_lnk->p_rlnk = p_task->p_rlnk;
+    }
+    return;
+  }
+
+  p_b = (P_TCB)&os_rdy;
+  while (p_b != NULL) {
+    /* Search the ready list for task "p_task" */
+    if (p_b->p_lnk == p_task) {
+      p_b->p_lnk = p_task->p_lnk;
+      return;
+    }
+    p_b = p_b->p_lnk;
+  }
+}
+
+
+/*--------------------------- rt_rmv_dly ------------------------------------*/
+
+void rt_rmv_dly (P_TCB p_task) {
+  /* Remove task identified with "p_task" from delay list if enqueued.      */
+  P_TCB p_b;
+
+  p_b = p_task->p_blnk;
+  if (p_b != NULL) {
+    /* Task is really enqueued */
+    p_b->p_dlnk = p_task->p_dlnk;
+    if (p_task->p_dlnk != NULL) {
+      /* 'p_task' is in the middle of list */
+      p_b->delta_time += p_task->delta_time;
+      p_task->p_dlnk->p_blnk = p_b;
+      p_task->p_dlnk = NULL;
+    }
+    else {
+      /* 'p_task' is at the end of list */
+      p_b->delta_time = 0;
+    }
+    p_task->p_blnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_psq_enq ------------------------------------*/
+
+void rt_psq_enq (OS_ID entry, U32 arg) {
+  /* Insert post service request "entry" into ps-queue. */
+  U32 idx;
+
+  idx = rt_inc_qi (os_psq->size, &os_psq->count, &os_psq->first);
+  if (idx < os_psq->size) {
+    os_psq->q[idx].id  = entry;
+    os_psq->q[idx].arg = arg;
+  }
+  else {
+    os_error (OS_ERR_FIFO_OVF);
+  }
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_List.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,67 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_LIST.H
+ *      Purpose: Functions for the management of different lists
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+
+/* Values for 'cb_type' */
+#define TCB             0
+#define MCB             1
+#define SCB             2
+#define MUCB            3
+#define HCB             4
+
+/* Variables */
+extern struct OS_XCB os_rdy;
+extern struct OS_XCB os_dly;
+
+/* Functions */
+extern void  rt_put_prio      (P_XCB p_CB, P_TCB p_task);
+extern P_TCB rt_get_first     (P_XCB p_CB);
+extern void  rt_put_rdy_first (P_TCB p_task);
+extern P_TCB rt_get_same_rdy_prio (void);
+extern void  rt_resort_prio   (P_TCB p_task);
+extern void  rt_put_dly       (P_TCB p_task, U16 delay);
+extern void  rt_dec_dly       (void);
+extern void  rt_rmv_list      (P_TCB p_task);
+extern void  rt_rmv_dly       (P_TCB p_task);
+extern void  rt_psq_enq       (OS_ID entry, U32 arg);
+
+/* This is a fast macro generating in-line code */
+#define rt_rdy_prio(void) (os_rdy.p_lnk->prio)
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Mailbox.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,296 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MAILBOX.C
+ *      Purpose: Implements waits and wake-ups for mailbox messages
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Mailbox.h"
+#include "rt_MemBox.h"
+#include "rt_Task.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_mbx_init -----------------------------------*/
+
+void rt_mbx_init (OS_ID mailbox, U16 mbx_size) {
+  /* Initialize a mailbox */
+  P_MCB p_MCB = mailbox;
+
+  p_MCB->cb_type = MCB;
+  p_MCB->state   = 0;
+  p_MCB->isr_st  = 0;
+  p_MCB->p_lnk   = NULL;
+  p_MCB->first   = 0;
+  p_MCB->last    = 0;
+  p_MCB->count   = 0;
+  p_MCB->size    = (mbx_size + sizeof(void *) - sizeof(struct OS_MCB)) /
+                                                     (U32)sizeof (void *);
+}
+
+
+/*--------------------------- rt_mbx_send -----------------------------------*/
+
+OS_RESULT rt_mbx_send (OS_ID mailbox, void *p_msg, U16 timeout) {
+  /* Send message to a mailbox */
+  P_MCB p_MCB = mailbox;
+  P_TCB p_TCB;
+
+  if ((p_MCB->p_lnk != NULL) && (p_MCB->state == 1)) {
+    /* A task is waiting for message */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val2(p_TCB, 0x10/*osEventMessage*/, (U32)p_msg);
+#else
+    *p_TCB->msg = p_msg;
+    rt_ret_val (p_TCB, OS_R_MBX);
+#endif
+    rt_rmv_dly (p_TCB);
+    rt_dispatch (p_TCB);
+  }
+  else {
+    /* Store message in mailbox queue */
+    if (p_MCB->count == p_MCB->size) {
+      /* No free message entry, wait for one. If message queue is full, */
+      /* then no task is waiting for message. The 'p_MCB->p_lnk' list   */
+      /* pointer can now be reused for send message waits task list.    */
+      if (timeout == 0) {
+        return (OS_R_TMO);
+      }
+      if (p_MCB->p_lnk != NULL) {
+        rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+      }
+      else {
+        p_MCB->p_lnk = os_tsk.run;
+        os_tsk.run->p_lnk  = NULL;
+        os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+        /* Task is waiting to send a message */
+        p_MCB->state = 2;
+      }
+      os_tsk.run->msg = p_msg;
+      rt_block (timeout, WAIT_MBX);
+      return (OS_R_TMO);
+    }
+    /* Yes, there is a free entry in a mailbox. */
+    p_MCB->msg[p_MCB->first] = p_msg;
+    rt_inc (&p_MCB->count);
+    if (++p_MCB->first == p_MCB->size) {
+      p_MCB->first = 0;
+    }
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mbx_wait -----------------------------------*/
+
+OS_RESULT rt_mbx_wait (OS_ID mailbox, void **message, U16 timeout) {
+  /* Receive a message; possibly wait for it */
+  P_MCB p_MCB = mailbox;
+  P_TCB p_TCB;
+
+  /* If a message is available in the fifo buffer */
+  /* remove it from the fifo buffer and return. */
+  if (p_MCB->count) {
+    *message = p_MCB->msg[p_MCB->last];
+    if (++p_MCB->last == p_MCB->size) {
+      p_MCB->last = 0;
+    }
+    if ((p_MCB->p_lnk != NULL) && (p_MCB->state == 2)) {
+      /* A task is waiting to send message */
+      p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+      rt_ret_val(p_TCB, OS_R_OK);
+#endif
+      p_MCB->msg[p_MCB->first] = p_TCB->msg;
+      if (++p_MCB->first == p_MCB->size) {
+        p_MCB->first = 0;
+      }
+      rt_rmv_dly (p_TCB);
+      rt_dispatch (p_TCB);
+    }
+    else {
+      rt_dec (&p_MCB->count);
+    }
+    return (OS_R_OK);
+  }
+  /* No message available: wait for one */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  if (p_MCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+  }
+  else {
+    p_MCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+    /* Task is waiting to receive a message */
+    p_MCB->state = 1;
+  }
+  rt_block(timeout, WAIT_MBX);
+#ifndef __CMSIS_RTOS
+  os_tsk.run->msg = message;
+#endif
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- rt_mbx_check ----------------------------------*/
+
+OS_RESULT rt_mbx_check (OS_ID mailbox) {
+  /* Check for free space in a mailbox. Returns the number of messages     */
+  /* that can be stored to a mailbox. It returns 0 when mailbox is full.   */
+  P_MCB p_MCB = mailbox;
+
+  return (p_MCB->size - p_MCB->count);
+}
+
+
+/*--------------------------- isr_mbx_send ----------------------------------*/
+
+void isr_mbx_send (OS_ID mailbox, void *p_msg) {
+  /* Same function as "os_mbx_send", but to be called by ISRs. */
+  P_MCB p_MCB = mailbox;
+
+  rt_psq_enq (p_MCB, (U32)p_msg);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- isr_mbx_receive -------------------------------*/
+
+OS_RESULT isr_mbx_receive (OS_ID mailbox, void **message) {
+  /* Receive a message in the interrupt function. The interrupt function   */
+  /* should not wait for a message since this would block the rtx os.      */
+  P_MCB p_MCB = mailbox;
+
+  if (p_MCB->count) {
+    /* A message is available in the fifo buffer. */
+    *message = p_MCB->msg[p_MCB->last];
+    if (p_MCB->state == 2) {
+      /* A task is locked waiting to send message */
+      rt_psq_enq (p_MCB, 0);
+      rt_psh_req ();
+    }
+    rt_dec (&p_MCB->count);
+    if (++p_MCB->last == p_MCB->size) {
+      p_MCB->last = 0;
+    }
+    return (OS_R_MBX);
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mbx_psh ------------------------------------*/
+
+void rt_mbx_psh (P_MCB p_CB, void *p_msg) {
+  /* Store the message to the mailbox queue or pass it to task directly. */
+  P_TCB p_TCB;
+  void *mem;
+
+  if (p_CB->p_lnk != NULL) switch (p_CB->state) {
+#ifdef __CMSIS_RTOS
+    case 3:
+      /* Task is waiting to allocate memory, remove it from the waiting list */
+      mem = rt_alloc_box(p_msg);
+      if (mem == NULL) break;
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+      rt_ret_val(p_TCB, (U32)mem);
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+#endif
+    case 2:
+      /* Task is waiting to send a message, remove it from the waiting list */
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+      rt_ret_val(p_TCB, OS_R_OK);
+#endif
+      p_CB->msg[p_CB->first] = p_TCB->msg;
+      rt_inc (&p_CB->count);
+      if (++p_CB->first == p_CB->size) {
+        p_CB->first = 0;
+      }
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+    case 1:
+      /* Task is waiting for a message, pass the message to the task directly */
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_TCB, 0x10/*osEventMessage*/, (U32)p_msg);
+#else
+      *p_TCB->msg = p_msg;
+      rt_ret_val (p_TCB, OS_R_MBX);
+#endif
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+  } else {
+    /* No task is waiting for a message, store it to the mailbox queue */
+    if (p_CB->count < p_CB->size) {
+      p_CB->msg[p_CB->first] = p_msg;
+      rt_inc (&p_CB->count);
+      if (++p_CB->first == p_CB->size) {
+        p_CB->first = 0;
+      }
+    }
+    else {
+      os_error (OS_ERR_MBX_OVF);
+    }
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Mailbox.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,48 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MAILBOX.H
+ *      Purpose: Implements waits and wake-ups for mailbox messages
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_mbx_init  (OS_ID mailbox, U16 mbx_size);
+extern OS_RESULT rt_mbx_send  (OS_ID mailbox, void *p_msg,    U16 timeout);
+extern OS_RESULT rt_mbx_wait  (OS_ID mailbox, void **message, U16 timeout);
+extern OS_RESULT rt_mbx_check (OS_ID mailbox);
+extern void      isr_mbx_send (OS_ID mailbox, void *p_msg);
+extern OS_RESULT isr_mbx_receive (OS_ID mailbox, void **message);
+extern void      rt_mbx_psh   (P_MCB p_CB,    void *p_msg);
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_MemBox.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,179 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MEMBOX.C
+ *      Purpose: Interface functions for fixed memory block management system
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_System.h"
+#include "rt_MemBox.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- _init_box -------------------------------------*/
+
+int _init_box  (void *box_mem, U32 box_size, U32 blk_size) {
+  /* Initialize memory block system, returns 0 if OK, 1 if fails. */
+  void *end;
+  void *blk;
+  void *next;
+  U32  sizeof_bm;
+
+  /* Create memory structure. */
+  if (blk_size & BOX_ALIGN_8) {
+    /* Memory blocks 8-byte aligned. */
+    blk_size = ((blk_size & ~BOX_ALIGN_8) + 7) & ~7;
+    sizeof_bm = (sizeof (struct OS_BM) + 7) & ~7;
+  }
+  else {
+    /* Memory blocks 4-byte aligned. */
+    blk_size = (blk_size + 3) & ~3;
+    sizeof_bm = sizeof (struct OS_BM);
+  }
+  if (blk_size == 0) {
+    return (1);
+  }
+  if ((blk_size + sizeof_bm) > box_size) {
+    return (1);
+  }
+  /* Create a Memory structure. */
+  blk = ((U8 *) box_mem) + sizeof_bm;
+  ((P_BM) box_mem)->free = blk;
+  end = ((U8 *) box_mem) + box_size;
+  ((P_BM) box_mem)->end      = end;
+  ((P_BM) box_mem)->blk_size = blk_size;
+
+  /* Link all free blocks using offsets. */
+  end = ((U8 *) end) - blk_size;
+  while (1)  {
+    next = ((U8 *) blk) + blk_size;
+    if (next > end)  break;
+    *((void **)blk) = next;
+    blk = next;
+  }
+  /* end marker */
+  *((void **)blk) = 0;
+  return (0);
+}
+
+/*--------------------------- rt_alloc_box ----------------------------------*/
+
+void *rt_alloc_box (void *box_mem) {
+  /* Allocate a memory block and return start address. */
+  void **free;
+#ifndef __USE_EXCLUSIVE_ACCESS
+  int  irq_dis;
+
+
+#if defined (__ICCARM__)
+  irq_dis = __disable_irq_iar();
+#else
+  irq_dis = __disable_irq ();
+#endif /* __ICCARM__ */
+  free = ((P_BM) box_mem)->free;
+  if (free) {
+    ((P_BM) box_mem)->free = *free;
+  }
+  if (!irq_dis) __enable_irq ();
+#else
+  do {
+    if ((free = (void **)__ldrex(&((P_BM) box_mem)->free)) == 0) {
+      __clrex();
+      break;
+    }
+  } while (__strex((U32)*free, &((P_BM) box_mem)->free));
+#endif
+  return (free);
+}
+
+
+/*--------------------------- _calloc_box -----------------------------------*/
+
+void *_calloc_box (void *box_mem)  {
+  /* Allocate a 0-initialized memory block and return start address. */
+  void *free;
+  U32 *p;
+  U32 i;
+
+  free = _alloc_box (box_mem);
+  if (free)  {
+    p = free;
+    for (i = ((P_BM) box_mem)->blk_size; i; i -= 4)  {
+      *p = 0;
+      p++;
+    }
+  }
+  return (free);
+}
+
+
+/*--------------------------- rt_free_box -----------------------------------*/
+
+int rt_free_box (void *box_mem, void *box) {
+  /* Free a memory block, returns 0 if OK, 1 if box does not belong to box_mem */
+#ifndef __USE_EXCLUSIVE_ACCESS
+  int irq_dis;
+#endif
+
+  if (box < box_mem || box >= ((P_BM) box_mem)->end) {
+    return (1);
+  }
+
+#ifndef __USE_EXCLUSIVE_ACCESS
+#if defined (__ICCARM__)
+  irq_dis = __disable_irq_iar();
+#else
+  irq_dis = __disable_irq ();
+#endif /* __ICCARM__ */
+  *((void **)box) = ((P_BM) box_mem)->free;
+  ((P_BM) box_mem)->free = box;
+  if (!irq_dis) __enable_irq ();
+#else
+  do {
+    *((void **)box) = (void *)__ldrex(&((P_BM) box_mem)->free);
+  } while (__strex ((U32)box, &((P_BM) box_mem)->free));
+#endif
+  return (0);
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_MemBox.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MEMBOX.H
+ *      Purpose: Interface functions for fixed memory block management system
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+#define rt_init_box     _init_box
+#define rt_calloc_box   _calloc_box
+extern int     _init_box   (void *box_mem, U32 box_size, U32 blk_size);
+extern void *rt_alloc_box  (void *box_mem);
+extern void *  _calloc_box (void *box_mem);
+extern int   rt_free_box   (void *box_mem, void *box);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Memory.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,140 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MEMORY.C
+ *      Purpose: Interface functions for Dynamic Memory Management System
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "rt_Memory.h"
+
+
+/* Functions */
+
+// Initialize Dynamic Memory pool
+//   Parameters:
+//     pool:    Pointer to memory pool
+//     size:    Size of memory pool in bytes
+//   Return:    0 - OK, 1 - Error
+
+int rt_init_mem (void *pool, U32 size) {
+  MEMP *ptr;
+
+  if ((pool == NULL) || (size < sizeof(MEMP))) return (1);
+
+  ptr = (MEMP *)pool;
+  ptr->next = (MEMP *)((U32)pool + size - sizeof(MEMP *));
+  ptr->next->next = NULL;
+  ptr->len = 0;
+
+  return (0);
+}
+
+// Allocate Memory from Memory pool
+//   Parameters:
+//     pool:    Pointer to memory pool
+//     size:    Size of memory in bytes to allocate
+//   Return:    Pointer to allocated memory
+
+void *rt_alloc_mem (void *pool, U32 size) {
+  MEMP *p, *p_search, *p_new;
+  U32   hole_size;
+
+  if ((pool == NULL) || (size == 0)) return NULL;
+
+  /* Add header offset to 'size' */
+  size += sizeof(MEMP);
+  /* Make sure that block is 4-byte aligned  */
+  size = (size + 3) & ~3;
+
+  p_search = (MEMP *)pool;
+  while (1) {
+    hole_size  = (U32)p_search->next - (U32)p_search;
+    hole_size -= p_search->len;
+    /* Check if hole size is big enough */
+    if (hole_size >= size) break;
+    p_search = p_search->next;
+    if (p_search->next == NULL) {
+      /* Failed, we are at the end of the list */
+      return NULL;
+    }
+  }
+
+  if (p_search->len == 0) {
+    /* No block is allocated, set the Length of the first element */
+    p_search->len = size;
+    p = (MEMP *)(((U32)p_search) + sizeof(MEMP));
+  } else {
+    /* Insert new list element into the memory list */
+    p_new       = (MEMP *)((U32)p_search + p_search->len);
+    p_new->next = p_search->next;
+    p_new->len  = size;
+    p_search->next = p_new;
+    p = (MEMP *)(((U32)p_new) + sizeof(MEMP));
+  }
+
+  return (p);
+}
+
+// Free Memory and return it to Memory pool
+//   Parameters:
+//     pool:    Pointer to memory pool
+//     mem:     Pointer to memory to free
+//   Return:    0 - OK, 1 - Error
+
+int rt_free_mem (void *pool, void *mem) {
+  MEMP *p_search, *p_prev, *p_return;
+
+  if ((pool == NULL) || (mem == NULL)) return (1);
+
+  p_return = (MEMP *)((U32)mem - sizeof(MEMP));
+
+  /* Set list header */
+  p_prev = NULL;
+  p_search = (MEMP *)pool;
+  while (p_search != p_return) {
+    p_prev   = p_search;
+    p_search = p_search->next;
+    if (p_search == NULL) {
+      /* Valid Memory block not found */
+      return (1);
+    }
+  }
+
+  if (p_prev == NULL) {
+    /* First block to be released, only set length to 0 */
+    p_search->len = 0;
+  } else {
+    /* Discard block from chain list */
+    p_prev->next = p_search->next;
+  }
+
+  return (0);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Memory.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,44 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MEMORY.H
+ *      Purpose: Interface functions for Dynamic Memory Management System
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Types */
+typedef struct mem {              /* << Memory Pool management struct >>     */
+  struct mem *next;               /* Next Memory Block in the list           */
+  U32         len;                /* Length of data block                    */
+} MEMP;
+
+/* Functions */
+extern int   rt_init_mem  (void *pool, U32  size);
+extern void *rt_alloc_mem (void *pool, U32  size);
+extern int   rt_free_mem  (void *pool, void *mem);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Mutex.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,267 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MUTEX.C
+ *      Purpose: Implements mutex synchronization objects
+ *      Rev.:    V4.73
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Mutex.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_mut_init -----------------------------------*/
+
+void rt_mut_init (OS_ID mutex) {
+  /* Initialize a mutex object */
+  P_MUCB p_MCB = mutex;
+
+  p_MCB->cb_type = MUCB;
+  p_MCB->level   = 0;
+  p_MCB->p_lnk   = NULL;
+  p_MCB->owner   = NULL;
+  p_MCB->p_mlnk  = NULL;
+}
+
+
+/*--------------------------- rt_mut_delete ---------------------------------*/
+
+#ifdef __CMSIS_RTOS
+OS_RESULT rt_mut_delete (OS_ID mutex) {
+  /* Delete a mutex object */
+  P_MUCB p_MCB = mutex;
+  P_TCB  p_TCB;
+  P_MUCB p_mlnk;
+  U8     prio;
+
+  __DMB();
+  /* Restore owner task's priority. */
+  if (p_MCB->level != 0) {
+
+    p_TCB = p_MCB->owner;
+
+    /* Remove mutex from task mutex owner list. */
+    p_mlnk = p_TCB->p_mlnk;
+    if (p_mlnk == p_MCB) {
+      p_TCB->p_mlnk = p_MCB->p_mlnk;
+    }
+    else {
+      while (p_mlnk) {
+        if (p_mlnk->p_mlnk == p_MCB) {
+          p_mlnk->p_mlnk = p_MCB->p_mlnk;
+          break;
+        }
+        p_mlnk = p_mlnk->p_mlnk;
+      }
+    }
+
+    /* Restore owner task's priority. */
+    prio = p_TCB->prio_base;
+    p_mlnk = p_TCB->p_mlnk;
+    while (p_mlnk) {
+      if (p_mlnk->p_lnk && (p_mlnk->p_lnk->prio > prio)) {
+        /* A task with higher priority is waiting for mutex. */
+        prio = p_mlnk->p_lnk->prio;
+      }
+      p_mlnk = p_mlnk->p_mlnk;
+    }
+    if (p_TCB->prio != prio) {
+      p_TCB->prio = prio;
+      if (p_TCB != os_tsk.run) {
+        rt_resort_prio (p_TCB);
+    }
+  }
+
+  }
+
+  while (p_MCB->p_lnk != NULL) {
+    /* A task is waiting for mutex. */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+    rt_ret_val(p_TCB, 0/*osOK*/);
+    rt_rmv_dly(p_TCB);
+    p_TCB->state = READY;
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+
+  if (os_rdy.p_lnk && (os_rdy.p_lnk->prio > os_tsk.run->prio)) {
+    /* preempt running task */
+    rt_put_prio (&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_dispatch (NULL);
+  }
+
+  p_MCB->cb_type = 0;
+
+  return (OS_R_OK);
+}
+#endif
+
+
+/*--------------------------- rt_mut_release --------------------------------*/
+
+OS_RESULT rt_mut_release (OS_ID mutex) {
+  /* Release a mutex object */
+  P_MUCB p_MCB = mutex;
+  P_TCB  p_TCB;
+  P_MUCB p_mlnk;
+  U8     prio;
+
+  if (p_MCB->level == 0 || p_MCB->owner != os_tsk.run) {
+    /* Unbalanced mutex release or task is not the owner */
+    return (OS_R_NOK);
+  }
+  __DMB();
+  if (--p_MCB->level != 0) {
+    return (OS_R_OK);
+  }
+
+  /* Remove mutex from task mutex owner list. */
+  p_mlnk = os_tsk.run->p_mlnk;
+  if (p_mlnk == p_MCB) {
+    os_tsk.run->p_mlnk = p_MCB->p_mlnk;
+  }
+  else {
+    while (p_mlnk) {
+      if (p_mlnk->p_mlnk == p_MCB) {
+        p_mlnk->p_mlnk = p_MCB->p_mlnk;
+        break;
+      }
+      p_mlnk = p_mlnk->p_mlnk;
+    }
+  }
+
+  /* Restore owner task's priority. */
+  prio = os_tsk.run->prio_base;
+  p_mlnk = os_tsk.run->p_mlnk;
+  while (p_mlnk) {
+    if (p_mlnk->p_lnk && (p_mlnk->p_lnk->prio > prio)) {
+      /* A task with higher priority is waiting for mutex. */
+      prio = p_mlnk->p_lnk->prio;
+    }
+    p_mlnk = p_mlnk->p_mlnk;
+  }
+  os_tsk.run->prio = prio;
+
+  if (p_MCB->p_lnk != NULL) {
+    /* A task is waiting for mutex. */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+    rt_ret_val(p_TCB, OS_R_MUT);
+#endif
+    rt_rmv_dly (p_TCB);
+    /* A waiting task becomes the owner of this mutex. */
+    p_MCB->level     = 1;
+    p_MCB->owner     = p_TCB;
+    p_MCB->p_mlnk = p_TCB->p_mlnk;
+    p_TCB->p_mlnk = p_MCB; 
+    /* Priority inversion, check which task continues. */
+    if (os_tsk.run->prio >= rt_rdy_prio()) {
+      rt_dispatch (p_TCB);
+    }
+    else {
+      /* Ready task has higher priority than running task. */
+      rt_put_prio (&os_rdy, os_tsk.run);
+      rt_put_prio (&os_rdy, p_TCB);
+      os_tsk.run->state = READY;
+      p_TCB->state      = READY;
+      rt_dispatch (NULL);
+    }
+  }
+  else {
+    /* Check if own priority lowered by priority inversion. */
+    if (rt_rdy_prio() > os_tsk.run->prio) {
+      rt_put_prio (&os_rdy, os_tsk.run);
+      os_tsk.run->state = READY;
+      rt_dispatch (NULL);
+    }
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mut_wait -----------------------------------*/
+
+OS_RESULT rt_mut_wait (OS_ID mutex, U16 timeout) {
+  /* Wait for a mutex, continue when mutex is free. */
+  P_MUCB p_MCB = mutex;
+
+  if (p_MCB->level == 0) {
+    p_MCB->owner = os_tsk.run;
+    p_MCB->p_mlnk = os_tsk.run->p_mlnk;
+    os_tsk.run->p_mlnk = p_MCB; 
+    goto inc;
+  }
+  if (p_MCB->owner == os_tsk.run) {
+    /* OK, running task is the owner of this mutex. */
+inc:p_MCB->level++;
+    __DMB();
+    return (OS_R_OK);
+  }
+  /* Mutex owned by another task, wait until released. */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  /* Raise the owner task priority if lower than current priority. */
+  /* This priority inversion is called priority inheritance.       */
+  if (p_MCB->owner->prio < os_tsk.run->prio) {
+    p_MCB->owner->prio = os_tsk.run->prio;
+    rt_resort_prio (p_MCB->owner);
+  }
+  if (p_MCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+  }
+  else {
+    p_MCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk  = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+  }
+  rt_block(timeout, WAIT_MUT);
+  return (OS_R_TMO);
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Mutex.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,44 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MUTEX.H
+ *      Purpose: Implements mutex synchronization objects
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_mut_init    (OS_ID mutex);
+extern OS_RESULT rt_mut_delete  (OS_ID mutex);
+extern OS_RESULT rt_mut_release (OS_ID mutex);
+extern OS_RESULT rt_mut_wait    (OS_ID mutex, U16 timeout);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Robin.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,88 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_ROBIN.C
+ *      Purpose: Round Robin Task switching
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+#include "rt_Robin.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+struct OS_ROBIN os_robin;
+
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+/*--------------------------- rt_init_robin ---------------------------------*/
+
+__weak void rt_init_robin (void) {
+  /* Initialize Round Robin variables. */
+  os_robin.task = NULL;
+  os_robin.tout = (U16)os_rrobin;
+}
+
+/*--------------------------- rt_chk_robin ----------------------------------*/
+
+__weak void rt_chk_robin (void) {
+  /* Check if Round Robin timeout expired and switch to the next ready task.*/
+  P_TCB p_new;
+
+  if (os_robin.task != os_rdy.p_lnk) {
+    /* New task was suspended, reset Round Robin timeout. */
+    os_robin.task = os_rdy.p_lnk;
+    os_robin.time = (U16)os_time + os_robin.tout - 1;
+  }
+  if (os_robin.time == (U16)os_time) {
+    /* Round Robin timeout has expired, swap Robin tasks. */
+    os_robin.task = NULL;
+    p_new = rt_get_first (&os_rdy);
+    rt_put_prio ((P_XCB)&os_rdy, p_new);
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Robin.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,45 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_ROBIN.H
+ *      Purpose: Round Robin Task switching definitions
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+extern struct OS_ROBIN os_robin;
+
+/* Functions */
+extern void rt_init_robin (void);
+extern void rt_chk_robin  (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Semaphore.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,191 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SEMAPHORE.C
+ *      Purpose: Implements binary and counting semaphores
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Semaphore.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_sem_init -----------------------------------*/
+
+void rt_sem_init (OS_ID semaphore, U16 token_count) {
+  /* Initialize a semaphore */
+  P_SCB p_SCB = semaphore;
+
+  p_SCB->cb_type = SCB;
+  p_SCB->p_lnk  = NULL;
+  p_SCB->tokens = token_count;
+}
+
+
+/*--------------------------- rt_sem_delete ---------------------------------*/
+
+#ifdef __CMSIS_RTOS
+OS_RESULT rt_sem_delete (OS_ID semaphore) {
+  /* Delete semaphore */
+  P_SCB p_SCB = semaphore;
+  P_TCB p_TCB;
+
+  __DMB();
+  while (p_SCB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_SCB);
+    rt_ret_val(p_TCB, 0);
+    rt_rmv_dly(p_TCB);
+    p_TCB->state = READY;
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+
+  if (os_rdy.p_lnk && (os_rdy.p_lnk->prio > os_tsk.run->prio)) {
+    /* preempt running task */
+    rt_put_prio (&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_dispatch (NULL);
+  }
+
+  p_SCB->cb_type = 0;
+
+  return (OS_R_OK);
+}
+#endif
+
+
+/*--------------------------- rt_sem_send -----------------------------------*/
+
+OS_RESULT rt_sem_send (OS_ID semaphore) {
+  /* Return a token to semaphore */
+  P_SCB p_SCB = semaphore;
+  P_TCB p_TCB;
+
+  __DMB();
+  if (p_SCB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_SCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 1);
+#else
+    rt_ret_val(p_TCB, OS_R_SEM);
+#endif
+    rt_rmv_dly (p_TCB);
+    rt_dispatch (p_TCB);
+  }
+  else {
+    /* Store token. */
+    p_SCB->tokens++;
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_sem_wait -----------------------------------*/
+
+OS_RESULT rt_sem_wait (OS_ID semaphore, U16 timeout) {
+  /* Obtain a token; possibly wait for it */
+  P_SCB p_SCB = semaphore;
+
+  if (p_SCB->tokens) {
+    p_SCB->tokens--;
+    __DMB();
+    return (OS_R_OK);
+  }
+  /* No token available: wait for one */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  if (p_SCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_SCB, os_tsk.run);
+  }
+  else {
+    p_SCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_SCB;
+  }
+  rt_block(timeout, WAIT_SEM);
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- isr_sem_send ----------------------------------*/
+
+void isr_sem_send (OS_ID semaphore) {
+  /* Same function as "os_sem_send", but to be called by ISRs */
+  P_SCB p_SCB = semaphore;
+
+  rt_psq_enq (p_SCB, 0);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- rt_sem_psh ------------------------------------*/
+
+void rt_sem_psh (P_SCB p_CB) {
+  /* Check if task has to be waken up */
+  P_TCB p_TCB;
+
+  __DMB();
+  if (p_CB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_CB);
+    rt_rmv_dly (p_TCB);
+    p_TCB->state   = READY;
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 1);
+#else
+    rt_ret_val(p_TCB, OS_R_SEM);
+#endif
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+  else {
+    /* Store token */
+    p_CB->tokens++;
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Semaphore.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SEMAPHORE.H
+ *      Purpose: Implements binary and counting semaphores
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_sem_init  (OS_ID semaphore, U16 token_count);
+extern OS_RESULT rt_sem_delete(OS_ID semaphore);
+extern OS_RESULT rt_sem_send  (OS_ID semaphore);
+extern OS_RESULT rt_sem_wait  (OS_ID semaphore, U16 timeout);
+extern void      isr_sem_send (OS_ID semaphore);
+extern void      rt_sem_psh (P_SCB p_CB);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_System.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,337 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SYSTEM.C
+ *      Purpose: System Task Manager
+ *      Rev.:    8 April 2015
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_Task.h"
+#include "rt_System.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Mailbox.h"
+#include "rt_Semaphore.h"
+#include "rt_Time.h"
+#include "rt_Timer.h"
+#include "rt_Robin.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+int os_tick_irqn;
+U8  scheduler_suspended = 0;    // flag set by rt_suspend, cleared by rt_resume, read by SVC_Handler
+
+/*----------------------------------------------------------------------------
+ *      Local Variables
+ *---------------------------------------------------------------------------*/
+
+static volatile BIT os_lock;
+static volatile BIT os_psh_flag;
+#ifndef __CORTEX_A9
+static          U8  pend_flags;
+#endif
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+#define RL_RTX_VER      0x473
+
+#if defined (__CC_ARM)
+__asm void $$RTX$$version (void) {
+   /* Export a version number symbol for a version control. */
+
+                EXPORT  __RL_RTX_VER
+
+__RL_RTX_VER    EQU     RL_RTX_VER
+}
+#endif
+
+
+/*--------------------------- rt_suspend ------------------------------------*/
+
+extern U32 sysUserTimerWakeupTime(void);
+
+U32 rt_suspend (void) {
+  /* Suspend OS scheduler */
+  U32 delta = 0xFFFF;
+#ifdef __CMSIS_RTOS
+  U32 sleep;
+#endif
+
+  rt_tsk_lock();
+  scheduler_suspended = 1;
+
+  if (os_dly.p_dlnk) {
+    delta = os_dly.delta_time;
+  }
+#ifdef __CMSIS_RTOS
+  sleep = sysUserTimerWakeupTime();
+  if (sleep < delta) delta = sleep;
+#else
+  if (os_tmr.next) {
+    if (os_tmr.tcnt < delta) delta = os_tmr.tcnt;
+  }
+#endif
+
+  return (delta);
+}
+
+
+/*--------------------------- rt_resume -------------------------------------*/
+
+extern void sysUserTimerUpdate (U32 sleep_time);
+
+void rt_resume (U32 sleep_time) {
+  /* Resume OS scheduler after suspend */
+  P_TCB next;
+  U32   delta;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  os_robin.task = NULL;
+
+  /* Update delays. */
+  if (os_dly.p_dlnk) {
+    delta = sleep_time;
+    if (delta >= os_dly.delta_time) {
+      delta   -= os_dly.delta_time;
+      os_time += os_dly.delta_time;
+      os_dly.delta_time = 1;
+      while (os_dly.p_dlnk) {
+        rt_dec_dly();
+        if (delta == 0) break;
+        delta--;
+        os_time++;
+      }
+    } else {
+      os_time           += delta;
+      os_dly.delta_time -= delta;
+    }
+  } else {
+    os_time += sleep_time;
+  }
+
+  /* Check the user timers. */
+#ifdef __CMSIS_RTOS
+  sysUserTimerUpdate(sleep_time);
+#else
+  if (os_tmr.next) {
+    delta = sleep_time;
+    if (delta >= os_tmr.tcnt) {
+      delta   -= os_tmr.tcnt;
+      os_tmr.tcnt = 1;
+      while (os_tmr.next) {
+        rt_tmr_tick();
+        if (delta == 0) break;
+        delta--;
+      }
+    } else {
+      os_tmr.tcnt -= delta;
+    }
+  }
+#endif
+
+  /* Switch back to highest ready task */
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+
+  scheduler_suspended = 0;
+  rt_tsk_unlock();
+}
+
+
+/*--------------------------- rt_tsk_lock -----------------------------------*/
+
+void rt_tsk_lock (void) {
+  /* Prevent task switching by locking out scheduler */
+  if (os_lock == __TRUE) // don't lock again if already locked
+    return;
+
+  if (os_tick_irqn < 0) {
+    OS_LOCK();
+    os_lock = __TRUE;
+    OS_UNPEND (&pend_flags);
+  } else {
+    OS_X_LOCK(os_tick_irqn);
+    os_lock = __TRUE;
+    OS_X_UNPEND (&pend_flags);
+  }
+}
+
+
+/*--------------------------- rt_tsk_unlock ---------------------------------*/
+
+void rt_tsk_unlock (void) {
+  /* Unlock scheduler and re-enable task switching */
+  if (os_tick_irqn < 0) {
+    OS_UNLOCK();
+    os_lock = __FALSE;
+    OS_PEND (pend_flags, os_psh_flag);
+    os_psh_flag = __FALSE;
+  } else {
+    OS_X_UNLOCK(os_tick_irqn);
+    os_lock = __FALSE;
+    OS_X_PEND (pend_flags, os_psh_flag);
+    os_psh_flag = __FALSE;
+  }
+}
+
+
+/*--------------------------- rt_psh_req ------------------------------------*/
+
+void rt_psh_req (void) {
+  /* Initiate a post service handling request if required. */
+  if (os_lock == __FALSE) {
+    OS_PEND_IRQ ();
+  }
+  else {
+    os_psh_flag = __TRUE;
+  }
+}
+
+
+/*--------------------------- rt_pop_req ------------------------------------*/
+
+void rt_pop_req (void) {
+  /* Process an ISR post service requests. */
+  struct OS_XCB *p_CB;
+  P_TCB next;
+  U32  idx;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  idx = os_psq->last;
+  while (os_psq->count) {
+    p_CB = os_psq->q[idx].id;
+    if (p_CB->cb_type == TCB) {
+      /* Is of TCB type */
+      rt_evt_psh ((P_TCB)p_CB, (U16)os_psq->q[idx].arg);
+    }
+    else if (p_CB->cb_type == MCB) {
+      /* Is of MCB type */
+      rt_mbx_psh ((P_MCB)p_CB, (void *)os_psq->q[idx].arg);
+    }
+    else {
+      /* Must be of SCB type */
+      rt_sem_psh ((P_SCB)p_CB);
+    }
+    if (++idx == os_psq->size) idx = 0;
+    rt_dec (&os_psq->count);
+  }
+  os_psq->last = idx;
+
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+}
+
+
+/*--------------------------- os_tick_init ----------------------------------*/
+
+__weak int os_tick_init (void) {
+  /* Initialize SysTick timer as system tick timer. */
+  rt_systick_init ();
+  return (-1);  /* Return IRQ number of SysTick timer */
+}
+
+/*--------------------------- os_tick_val -----------------------------------*/
+
+__weak U32 os_tick_val (void) {
+  /* Get SysTick timer current value (0 .. OS_TRV). */
+  return rt_systick_val();
+}
+
+/*--------------------------- os_tick_ovf -----------------------------------*/
+
+__weak U32 os_tick_ovf (void) {
+  /* Get SysTick timer overflow flag */
+  return rt_systick_ovf();
+}
+
+/*--------------------------- os_tick_irqack --------------------------------*/
+
+__weak void os_tick_irqack (void) {
+  /* Acknowledge timer interrupt. */
+}
+
+
+/*--------------------------- rt_systick ------------------------------------*/
+
+extern void sysTimerTick(void);
+
+void rt_systick (void) {
+  /* Check for system clock update, suspend running task. */
+  P_TCB next;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  /* Check Round Robin timeout. */
+  rt_chk_robin ();
+
+  /* Update delays. */
+  os_time++;
+  rt_dec_dly ();
+
+  /* Check the user timers. */
+#ifdef __CMSIS_RTOS
+  sysTimerTick();
+#else
+  rt_tmr_tick ();
+#endif
+
+  /* Switch back to highest ready task */
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+}
+
+/*--------------------------- rt_stk_check ----------------------------------*/
+
+__weak void rt_stk_check (void) {
+  /* Check for stack overflow. */
+  if ((os_tsk.run->tsk_stack < (U32)os_tsk.run->stack) ||
+      (os_tsk.run->stack[0] != MAGIC_WORD)) {
+    os_error (OS_ERR_STK_OVF);
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_System.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,52 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SYSTEM.H
+ *      Purpose: System Task Manager definitions
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+#define os_psq  ((P_PSQ)&os_fifo)
+extern int os_tick_irqn;
+
+/* Functions */
+extern U32  rt_suspend    (void);
+extern void rt_resume     (U32 sleep_time);
+extern void rt_tsk_lock   (void);
+extern void rt_tsk_unlock (void);
+extern void rt_psh_req    (void);
+extern void rt_pop_req    (void);
+extern void rt_systick    (void);
+extern void rt_stk_check  (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Task.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,436 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TASK.C
+ *      Purpose: Task functions and system start up.
+ *      Rev.:    V4.73
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_System.h"
+#include "rt_Task.h"
+#include "rt_List.h"
+#include "rt_MemBox.h"
+#include "rt_Robin.h"
+#ifdef __CORTEX_A9
+#include "rt_HAL_CA.h"
+#else
+#include "rt_HAL_CM.h"
+#endif
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* Running and next task info. */
+struct OS_TSK os_tsk;
+
+/* Task Control Blocks of idle demon */
+struct OS_TCB os_idle_TCB;
+
+
+/*----------------------------------------------------------------------------
+ *      Local Functions
+ *---------------------------------------------------------------------------*/
+
+static OS_TID rt_get_TID (void) {
+  U32 tid;
+
+  for (tid = 1; tid <= os_maxtaskrun; tid++) {
+    if (os_active_TCB[tid-1] == NULL) {
+      return ((OS_TID)tid);
+    }
+  }
+  return (0);
+}
+
+
+/*--------------------------- rt_init_context -------------------------------*/
+
+static void rt_init_context (P_TCB p_TCB, U8 priority, FUNCP task_body) {
+  /* Initialize general part of the Task Control Block. */
+  p_TCB->cb_type = TCB;
+  p_TCB->state   = READY;
+  p_TCB->prio    = priority;
+  p_TCB->prio_base = priority;
+  p_TCB->p_lnk   = NULL;
+  p_TCB->p_rlnk  = NULL;
+  p_TCB->p_dlnk  = NULL;
+  p_TCB->p_blnk  = NULL;
+  p_TCB->p_mlnk    = NULL;
+  p_TCB->delta_time    = 0;
+  p_TCB->interval_time = 0;
+  p_TCB->events  = 0;
+  p_TCB->waits   = 0;
+  p_TCB->stack_frame = 0;
+
+  if (p_TCB->priv_stack == 0) {
+    /* Allocate the memory space for the stack. */
+    p_TCB->stack = rt_alloc_box (mp_stk);
+  }
+  rt_init_stack (p_TCB, task_body);
+}
+
+
+/*--------------------------- rt_switch_req ---------------------------------*/
+
+void rt_switch_req (P_TCB p_new) {
+  /* Switch to next task (identified by "p_new"). */
+  os_tsk.new_tsk   = p_new;
+  p_new->state = RUNNING;
+  DBG_TASK_SWITCH(p_new->task_id);
+}
+
+
+/*--------------------------- rt_dispatch -----------------------------------*/
+
+void rt_dispatch (P_TCB next_TCB) {
+  /* Dispatch next task if any identified or dispatch highest ready task    */
+  /* "next_TCB" identifies a task to run or has value NULL (=no next task)  */
+  if (next_TCB == NULL) {
+    /* Running task was blocked: continue with highest ready task */
+    next_TCB = rt_get_first (&os_rdy);
+    rt_switch_req (next_TCB);
+  }
+  else {
+    /* Check which task continues */
+    if (next_TCB->prio > os_tsk.run->prio) {
+      /* preempt running task */
+      rt_put_rdy_first (os_tsk.run);
+      os_tsk.run->state = READY;
+      rt_switch_req (next_TCB);
+    }
+    else {
+      /* put next task into ready list, no task switch takes place */
+      next_TCB->state = READY;
+      rt_put_prio (&os_rdy, next_TCB);
+    }
+  }
+}
+
+
+/*--------------------------- rt_block --------------------------------------*/
+
+void rt_block (U16 timeout, U8 block_state) {
+  /* Block running task and choose next ready task.                         */
+  /* "timeout" sets a time-out value or is 0xffff (=no time-out).           */
+  /* "block_state" defines the appropriate task state */
+  P_TCB next_TCB;
+
+  if (timeout) {
+    if (timeout < 0xffff) {
+      rt_put_dly (os_tsk.run, timeout);
+    }
+    os_tsk.run->state = block_state;
+    next_TCB = rt_get_first (&os_rdy);
+    rt_switch_req (next_TCB);
+  }
+}
+
+
+/*--------------------------- rt_tsk_pass -----------------------------------*/
+
+void rt_tsk_pass (void) {
+  /* Allow tasks of same priority level to run cooperatively.*/
+  P_TCB p_new;
+
+  p_new = rt_get_same_rdy_prio();
+  if (p_new != NULL) {
+    rt_put_prio ((P_XCB)&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_switch_req (p_new);
+  }
+}
+
+
+/*--------------------------- rt_tsk_self -----------------------------------*/
+
+OS_TID rt_tsk_self (void) {
+  /* Return own task identifier value. */
+  if (os_tsk.run == NULL) {
+    return (0);
+  }
+  return (os_tsk.run->task_id);
+}
+
+
+/*--------------------------- rt_tsk_prio -----------------------------------*/
+
+OS_RESULT rt_tsk_prio (OS_TID task_id, U8 new_prio) {
+  /* Change execution priority of a task to "new_prio". */
+  P_TCB p_task;
+
+  if (task_id == 0) {
+    /* Change execution priority of calling task. */
+    os_tsk.run->prio = new_prio;
+    os_tsk.run->prio_base = new_prio;
+run:if (rt_rdy_prio() > new_prio) {
+      rt_put_prio (&os_rdy, os_tsk.run);
+      os_tsk.run->state   = READY;
+      rt_dispatch (NULL);
+    }
+    return (OS_R_OK);
+  }
+
+  /* Find the task in the "os_active_TCB" array. */
+  if (task_id > os_maxtaskrun || os_active_TCB[task_id-1] == NULL) {
+    /* Task with "task_id" not found or not started. */
+    return (OS_R_NOK);
+  }
+  p_task = os_active_TCB[task_id-1];
+  p_task->prio = new_prio;
+  p_task->prio_base = new_prio;
+  if (p_task == os_tsk.run) {
+    goto run;
+  }
+  rt_resort_prio (p_task);
+  if (p_task->state == READY) {
+    /* Task enqueued in a ready list. */
+    p_task = rt_get_first (&os_rdy);
+    rt_dispatch (p_task);
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_tsk_create ---------------------------------*/
+
+OS_TID rt_tsk_create (FUNCP task, U32 prio_stksz, void *stk, void *argv) {
+  /* Start a new task declared with "task". */
+  P_TCB task_context;
+  U32 i;
+
+  /* Priority 0 is reserved for idle task! */
+  if ((prio_stksz & 0xFF) == 0) {
+    prio_stksz += 1;
+  }
+  task_context = rt_alloc_box (mp_tcb);
+  if (task_context == NULL) {
+    return (0);
+  }
+  /* If "size != 0" use a private user provided stack. */
+  task_context->stack      = stk;
+  task_context->priv_stack = prio_stksz >> 8;
+  /* Pass parameter 'argv' to 'rt_init_context' */
+  task_context->msg = argv;
+  /* For 'size == 0' system allocates the user stack from the memory pool. */
+  rt_init_context (task_context, prio_stksz & 0xFF, task);
+
+  /* Find a free entry in 'os_active_TCB' table. */
+  i = rt_get_TID ();
+  os_active_TCB[i-1] = task_context;
+  task_context->task_id = i;
+  DBG_TASK_NOTIFY(task_context, __TRUE);
+  rt_dispatch (task_context);
+  return ((OS_TID)i);
+}
+
+
+/*--------------------------- rt_tsk_delete ---------------------------------*/
+
+OS_RESULT rt_tsk_delete (OS_TID task_id) {
+  /* Terminate the task identified with "task_id". */
+  P_TCB task_context;
+  P_TCB  p_TCB;
+  P_MUCB p_MCB, p_MCB0;
+
+  if (task_id == 0 || task_id == os_tsk.run->task_id) {
+    /* Terminate itself. */
+    os_tsk.run->state     = INACTIVE;
+    os_tsk.run->tsk_stack = rt_get_PSP ();
+    rt_stk_check ();
+    p_MCB = os_tsk.run->p_mlnk;
+    while (p_MCB) {
+      /* Release mutexes owned by this task */
+      if (p_MCB->p_lnk) {
+        /* A task is waiting for mutex. */
+        p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+        rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+        rt_ret_val(p_TCB, OS_R_MUT); 
+#endif
+        rt_rmv_dly (p_TCB);
+        p_TCB->state = READY;
+        rt_put_prio (&os_rdy, p_TCB);
+        /* A waiting task becomes the owner of this mutex. */
+        p_MCB0 = p_MCB;
+        p_MCB->level  = 1;
+        p_MCB->owner  = p_TCB;
+        p_MCB->p_mlnk = p_TCB->p_mlnk;
+        p_TCB->p_mlnk = p_MCB; 
+        p_MCB = p_MCB0->p_mlnk;
+      }
+      else {
+        p_MCB = p_MCB->p_mlnk;
+      }
+    }
+    os_active_TCB[os_tsk.run->task_id-1] = NULL;
+    rt_free_box (mp_stk, os_tsk.run->stack);
+    os_tsk.run->stack = NULL;
+    DBG_TASK_NOTIFY(os_tsk.run, __FALSE);
+    rt_free_box (mp_tcb, os_tsk.run);
+    os_tsk.run = NULL;
+    rt_dispatch (NULL);
+    /* The program should never come to this point. */
+  }
+  else {
+    /* Find the task in the "os_active_TCB" array. */
+    if (task_id > os_maxtaskrun || os_active_TCB[task_id-1] == NULL) {
+      /* Task with "task_id" not found or not started. */
+      return (OS_R_NOK);
+    }
+    task_context = os_active_TCB[task_id-1];
+    rt_rmv_list (task_context);
+    rt_rmv_dly (task_context);
+    p_MCB = task_context->p_mlnk;
+    while (p_MCB) {
+      /* Release mutexes owned by this task */
+      if (p_MCB->p_lnk) {
+        /* A task is waiting for mutex. */
+        p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+        rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+        rt_ret_val(p_TCB, OS_R_MUT); 
+#endif
+        rt_rmv_dly (p_TCB);
+        p_TCB->state = READY;
+        rt_put_prio (&os_rdy, p_TCB);
+        /* A waiting task becomes the owner of this mutex. */
+        p_MCB0 = p_MCB;
+        p_MCB->level  = 1;
+        p_MCB->owner  = p_TCB;
+        p_MCB->p_mlnk = p_TCB->p_mlnk;
+        p_TCB->p_mlnk = p_MCB; 
+        p_MCB = p_MCB0->p_mlnk;
+      }
+      else {
+        p_MCB = p_MCB->p_mlnk;
+      }
+    }
+    os_active_TCB[task_id-1] = NULL;
+    rt_free_box (mp_stk, task_context->stack);
+    task_context->stack = NULL;
+    DBG_TASK_NOTIFY(task_context, __FALSE);
+    rt_free_box (mp_tcb, task_context);
+    if (rt_rdy_prio() > os_tsk.run->prio) {
+      /* Ready task has higher priority than running task. */
+      os_tsk.run->state = READY;
+      rt_put_prio (&os_rdy, os_tsk.run);
+      rt_dispatch (NULL);
+    }
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_sys_init -----------------------------------*/
+
+#ifdef __CMSIS_RTOS
+void rt_sys_init (void) {
+#else
+void rt_sys_init (FUNCP first_task, U32 prio_stksz, void *stk) {
+#endif
+  /* Initialize system and start up task declared with "first_task". */
+  U32 i;
+
+  DBG_INIT();
+
+  /* Initialize dynamic memory and task TCB pointers to NULL. */
+  for (i = 0; i < os_maxtaskrun; i++) {
+    os_active_TCB[i] = NULL;
+  }
+  rt_init_box (&mp_tcb, mp_tcb_size, sizeof(struct OS_TCB));
+  rt_init_box (&mp_stk, mp_stk_size, BOX_ALIGN_8 | (U16)(os_stackinfo));
+  rt_init_box ((U32 *)m_tmr, mp_tmr_size, sizeof(struct OS_TMR));
+
+  /* Set up TCB of idle demon */
+  os_idle_TCB.task_id    = 255;
+  os_idle_TCB.priv_stack = 0;
+  rt_init_context (&os_idle_TCB, 0, os_idle_demon);
+
+  /* Set up ready list: initially empty */
+  os_rdy.cb_type = HCB;
+  os_rdy.p_lnk   = NULL;
+  /* Set up delay list: initially empty */
+  os_dly.cb_type = HCB;
+  os_dly.p_dlnk  = NULL;
+  os_dly.p_blnk  = NULL;
+  os_dly.delta_time = 0;
+
+  /* Fix SP and system variables to assume idle task is running  */
+  /* Transform main program into idle task by assuming idle TCB */
+#ifndef __CMSIS_RTOS
+  rt_set_PSP (os_idle_TCB.tsk_stack+32);
+#endif
+  os_tsk.run = &os_idle_TCB;
+  os_tsk.run->state = RUNNING;
+
+  /* Initialize ps queue */
+  os_psq->first = 0;
+  os_psq->last  = 0;
+  os_psq->size  = os_fifo_size;
+
+  rt_init_robin ();
+
+  /* Initialize SVC and PendSV */
+  rt_svc_init ();
+
+#ifndef __CMSIS_RTOS
+  /* Initialize and start system clock timer */
+  os_tick_irqn = os_tick_init ();
+  if (os_tick_irqn >= 0) {
+    OS_X_INIT(os_tick_irqn);
+  }
+
+  /* Start up first user task before entering the endless loop */
+  rt_tsk_create (first_task, prio_stksz, stk, NULL);
+#endif
+}
+
+
+/*--------------------------- rt_sys_start ----------------------------------*/
+
+#ifdef __CMSIS_RTOS
+void rt_sys_start (void) {
+  /* Start system */
+
+  /* Initialize and start system clock timer */
+  os_tick_irqn = os_tick_init ();
+  if (os_tick_irqn >= 0) {
+    OS_X_INIT(os_tick_irqn);
+  }
+}
+#endif
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Task.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,87 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TASK.H
+ *      Purpose: Task functions and system start up.
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+
+/* Values for 'state'   */
+#define INACTIVE        0
+#define READY           1
+#define RUNNING         2
+#define WAIT_DLY        3
+#define WAIT_ITV        4
+#define WAIT_OR         5
+#define WAIT_AND        6
+#define WAIT_SEM        7
+#define WAIT_MBX        8
+#define WAIT_MUT        9
+
+/* Return codes */
+#define OS_R_TMO        0x01
+#define OS_R_EVT        0x02
+#define OS_R_SEM        0x03
+#define OS_R_MBX        0x04
+#define OS_R_MUT        0x05
+
+#define OS_R_OK         0x00
+#define OS_R_NOK        0xff
+
+/* Variables */
+extern struct OS_TSK os_tsk;
+extern struct OS_TCB os_idle_TCB;
+
+/* Functions */
+extern void      rt_switch_req (P_TCB p_new);
+extern void      rt_dispatch   (P_TCB next_TCB);
+extern void      rt_block      (U16 timeout, U8 block_state);
+extern void      rt_tsk_pass   (void);
+extern OS_TID    rt_tsk_self   (void);
+extern OS_RESULT rt_tsk_prio   (OS_TID task_id, U8 new_prio);
+extern OS_TID    rt_tsk_create (FUNCP task, U32 prio_stksz, void *stk, void *argv);
+extern OS_RESULT rt_tsk_delete (OS_TID task_id);
+#ifdef __CMSIS_RTOS
+extern void      rt_sys_init   (void);
+extern void      rt_sys_start  (void);
+#else
+extern void      rt_sys_init   (FUNCP first_task, U32 prio_stksz, void *stk);
+#endif
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
+
+
+
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Time.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,94 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TIME.C
+ *      Purpose: Delay and interval wait functions
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Config.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* Free running system tick counter */
+U32 os_time;
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_time_get -----------------------------------*/
+
+U32 rt_time_get (void) {
+  /* Get system time tick */
+  return (os_time);
+}
+
+
+/*--------------------------- rt_dly_wait -----------------------------------*/
+
+void rt_dly_wait (U16 delay_time) {
+  /* Delay task by "delay_time" */
+  rt_block (delay_time, WAIT_DLY);
+}
+
+
+/*--------------------------- rt_itv_set ------------------------------------*/
+
+void rt_itv_set (U16 interval_time) {
+  /* Set interval length and define start of first interval */
+  os_tsk.run->interval_time = interval_time;
+  os_tsk.run->delta_time = interval_time + (U16)os_time;
+}
+
+
+/*--------------------------- rt_itv_wait -----------------------------------*/
+
+void rt_itv_wait (void) {
+  /* Wait for interval end and define start of next one */
+  U16 delta;
+
+  delta = os_tsk.run->delta_time - (U16)os_time;
+  os_tsk.run->delta_time += os_tsk.run->interval_time;
+  if ((delta & 0x8000) == 0) {
+    rt_block (delta, WAIT_ITV);
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Time.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,47 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TIME.H
+ *      Purpose: Delay and interval wait functions definitions
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+extern U32 os_time;
+
+/* Functions */
+extern U32  rt_time_get (void);
+extern void rt_dly_wait (U16 delay_time);
+extern void rt_itv_set  (U16 interval_time);
+extern void rt_itv_wait (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_Timer.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TIMER.H
+ *      Purpose: User timer functions
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+extern struct OS_XTMR os_tmr;
+
+/* Functions */
+extern void  rt_tmr_tick   (void);
+extern OS_ID rt_tmr_create (U16 tcnt, U16 info);
+extern OS_ID rt_tmr_kill   (OS_ID timer);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_A/rt_TypeDef.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,186 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TYPEDEF.H
+ *      Purpose: Type Definitions
+ *      Rev.:    V4.73 (plus large stack)
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2015 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Types */
+typedef char               S8;
+typedef unsigned char      U8;
+typedef short              S16;
+typedef unsigned short     U16;
+typedef int                S32;
+typedef unsigned int       U32;
+typedef long long          S64;
+typedef unsigned long long U64;
+typedef unsigned char      BIT;
+typedef unsigned int       BOOL;
+typedef void               (*FUNCP)(void);
+
+typedef U32     OS_TID;
+typedef void    *OS_ID;
+typedef U32     OS_RESULT;
+
+typedef struct OS_TCB {
+  /* General part: identical for all implementations.                        */
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     state;                   /* Task state                              */
+  U8     prio;                    /* Execution priority                      */
+  U8     task_id;                 /* Task ID value for optimized TCB access  */
+  struct OS_TCB *p_lnk;           /* Link pointer for ready/sem. wait list   */
+  struct OS_TCB *p_rlnk;          /* Link pointer for sem./mbx lst backwards */
+  struct OS_TCB *p_dlnk;          /* Link pointer for delay list             */
+  struct OS_TCB *p_blnk;          /* Link pointer for delay list backwards   */
+  U16    delta_time;              /* Time until time out                     */
+  U16    interval_time;           /* Time interval for periodic waits        */
+  U16    events;                  /* Event flags                             */
+  U16    waits;                   /* Wait flags                              */
+  void   **msg;                   /* Direct message passing when task waits  */
+  struct OS_MUCB *p_mlnk;         /* Link pointer for mutex owner list       */
+  U8     prio_base;               /* Base priority                           */
+
+  /* Hardware dependant part: specific for Cortex processor                  */
+  U8     stack_frame;             /* Stack frame: 0x0 Basic, 0x1 Extended, 0x2 VFP/D16 stacked, 0x4 NEON/D32 stacked */
+#if defined (__ICCARM__)
+#ifndef __LARGE_PRIV_STACK
+  U16    priv_stack;              /* Private stack size, 0= system assigned  */
+#else
+  U16    reserved;                /* Reserved (padding)                      */
+  U32    priv_stack;              /* Private stack size for LARGE_STACK, 0= system assigned  */
+#endif /* __LARGE_PRIV_STACK */
+#else
+  U16    reserved;                /* Reserved (padding)                      */
+  U32    priv_stack;              /* Private stack size for LARGE_STACK, 0= system assigned  */
+#endif
+  U32    tsk_stack;               /* Current task Stack pointer (R13)        */
+  U32    *stack;                  /* Pointer to Task Stack memory block      */
+
+  /* Task entry point used for uVision debugger                              */
+  FUNCP  ptask;                   /* Task entry address                      */
+} *P_TCB;
+#define TCB_TID          3        /* 'task id' offset                        */
+#define TCB_STACKF      37        /* 'stack_frame' offset                    */
+#if defined (__ICCARM__)
+#ifndef __LARGE_PRIV_STACK
+#define TCB_TSTACK      40        /* 'tsk_stack' offset                      */
+#else
+#define TCB_TSTACK      44        /* 'tsk_stack' offset for LARGE_STACK      */
+#endif /* __LARGE_PRIV_STACK */
+#else
+#define TCB_TSTACK      44        /* 'tsk_stack' offset for LARGE_STACK      */
+#endif
+
+typedef struct OS_PSFE {          /* Post Service Fifo Entry                 */
+  void  *id;                      /* Object Identification                   */
+  U32    arg;                     /* Object Argument                         */
+} *P_PSFE;
+
+typedef struct OS_PSQ {           /* Post Service Queue                      */
+  U8     first;                   /* FIFO Head Index                         */
+  U8     last;                    /* FIFO Tail Index                         */
+  U8     count;                   /* Number of stored items in FIFO          */
+  U8     size;                    /* FIFO Size                               */
+  struct OS_PSFE q[1];            /* FIFO Content                            */
+} *P_PSQ;
+
+typedef struct OS_TSK {
+  P_TCB  run;                     /* Current running task                    */
+  P_TCB  new_tsk;                 /* Scheduled task to run                   */
+} *P_TSK;
+
+typedef struct OS_ROBIN {         /* Round Robin Control                     */
+  P_TCB  task;                    /* Round Robin task                        */
+  U16    time;                    /* Round Robin switch time                 */
+  U16    tout;                    /* Round Robin timeout                     */
+} *P_ROBIN;
+
+typedef struct OS_XCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  struct OS_TCB *p_lnk;           /* Link pointer for ready/sem. wait list   */
+  struct OS_TCB *p_rlnk;          /* Link pointer for sem./mbx lst backwards */
+  struct OS_TCB *p_dlnk;          /* Link pointer for delay list             */
+  struct OS_TCB *p_blnk;          /* Link pointer for delay list backwards   */
+  U16    delta_time;              /* Time until time out                     */
+} *P_XCB;
+
+typedef struct OS_MCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     state;                   /* State flag variable                     */
+  U8     isr_st;                  /* State flag variable for isr functions   */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for message      */
+  U16    first;                   /* Index of the message list begin         */
+  U16    last;                    /* Index of the message list end           */
+  U16    count;                   /* Actual number of stored messages        */
+  U16    size;                    /* Maximum number of stored messages       */
+  void   *msg[1];                 /* FIFO for Message pointers 1st element   */
+} *P_MCB;
+
+typedef struct OS_SCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     mask;                    /* Semaphore token mask                    */
+  U16    tokens;                  /* Semaphore tokens                        */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for tokens       */
+} *P_SCB;
+
+typedef struct OS_MUCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U16    level;                   /* Call nesting level                      */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for mutex        */
+  struct OS_TCB *owner;           /* Mutex owner task                        */
+  struct OS_MUCB *p_mlnk;         /* Chain of mutexes by owner task          */
+} *P_MUCB;
+
+typedef struct OS_XTMR {
+  struct OS_TMR  *next;
+  U16    tcnt;
+} *P_XTMR;
+
+typedef struct OS_TMR {
+  struct OS_TMR  *next;           /* Link pointer to Next timer              */
+  U16    tcnt;                    /* Timer delay count                       */
+  U16    info;                    /* User defined call info                  */
+} *P_TMR;
+
+typedef struct OS_BM {
+  void *free;                     /* Pointer to first free memory block      */
+  void *end;                      /* Pointer to memory block end             */
+  U32  blk_size;                  /* Memory block size                       */
+} *P_BM;
+
+/* Definitions */
+#define __TRUE          1
+#define __FALSE         0
+#define NULL            ((void *) 0)
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/HAL_CM.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,170 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM.C
+ *      Purpose: Hardware Abstraction Layer for Cortex-M
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+#ifdef DBG_MSG
+BIT dbg_msg;
+#endif
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_init_stack ---------------------------------*/
+
+void rt_init_stack (P_TCB p_TCB, FUNCP task_body) {
+  /* Prepare TCB and saved context for a first time start of a task. */
+  U32 *stk,i,size;
+
+  /* Prepare a complete interrupt frame for first task start */
+  size = p_TCB->priv_stack >> 2;
+
+  /* Write to the top of stack. */
+  stk = &p_TCB->stack[size];
+
+  /* Auto correct to 8-byte ARM stack alignment. */
+  if ((U32)stk & 0x04) {
+    stk--;
+  }
+
+  stk -= 16;
+
+  /* Default xPSR and initial PC */
+  stk[15] = INITIAL_xPSR;
+  stk[14] = (U32)task_body;
+
+  /* Clear R4-R11,R0-R3,R12,LR registers. */
+  for (i = 0; i < 14; i++) {
+    stk[i] = 0;
+  }
+
+  /* Assign a void pointer to R0. */
+  stk[8] = (U32)p_TCB->msg;
+
+  /* Initial Task stack pointer. */
+  p_TCB->tsk_stack = (U32)stk;
+
+  /* Task entry point. */
+  p_TCB->ptask = task_body;
+
+  /* Set a magic word for checking of stack overflow.
+   For the main thread (ID: 0x01) the stack is in a memory area shared with the
+   heap, therefore the last word of the stack is a moving target.
+   We want to do stack/heap collision detection instead.
+  */
+  if (p_TCB->task_id != 0x01)
+      p_TCB->stack[0] = MAGIC_WORD;
+}
+
+
+/*--------------------------- rt_ret_val ----------------------------------*/
+
+static __inline U32 *rt_ret_regs (P_TCB p_TCB) {
+  /* Get pointer to task return value registers (R0..R3) in Stack */
+#if (__TARGET_FPU_VFP)
+  if (p_TCB->stack_frame) {
+    /* Extended Stack Frame: R4-R11,S16-S31,R0-R3,R12,LR,PC,xPSR,S0-S15,FPSCR */
+    return (U32 *)(p_TCB->tsk_stack + 8*4 + 16*4);
+  } else {
+    /* Basic Stack Frame: R4-R11,R0-R3,R12,LR,PC,xPSR */
+    return (U32 *)(p_TCB->tsk_stack + 8*4);
+  }
+#else
+  /* Stack Frame: R4-R11,R0-R3,R12,LR,PC,xPSR */
+  return (U32 *)(p_TCB->tsk_stack + 8*4);
+#endif
+}
+
+void rt_ret_val (P_TCB p_TCB, U32 v0) {
+  U32 *ret;
+
+  ret = rt_ret_regs(p_TCB);
+  ret[0] = v0;
+}
+
+void rt_ret_val2(P_TCB p_TCB, U32 v0, U32 v1) {
+  U32 *ret;
+
+  ret = rt_ret_regs(p_TCB);
+  ret[0] = v0;
+  ret[1] = v1;
+}
+
+
+/*--------------------------- dbg_init --------------------------------------*/
+
+#ifdef DBG_MSG
+void dbg_init (void) {
+  if ((DEMCR & DEMCR_TRCENA)     &&
+      (ITM_CONTROL & ITM_ITMENA) &&
+      (ITM_ENABLE & (1UL << 31))) {
+    dbg_msg = __TRUE;
+  }
+}
+#endif
+
+/*--------------------------- dbg_task_notify -------------------------------*/
+
+#ifdef DBG_MSG
+void dbg_task_notify (P_TCB p_tcb, BOOL create) {
+  while (ITM_PORT31_U32 == 0);
+  ITM_PORT31_U32 = (U32)p_tcb->ptask;
+  while (ITM_PORT31_U32 == 0);
+  ITM_PORT31_U16 = (create << 8) | p_tcb->task_id;
+}
+#endif
+
+/*--------------------------- dbg_task_switch -------------------------------*/
+
+#ifdef DBG_MSG
+void dbg_task_switch (U32 task_id) {
+  while (ITM_PORT31_U32 == 0);
+  ITM_PORT31_U8 = task_id;
+}
+#endif
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/RTX_CM_lib.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,537 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_CM_LIB.H
+ *      Purpose: RTX Kernel System Configuration
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+#include "mbed_error.h"
+
+#if   defined (__CC_ARM)
+#pragma O3
+#define __USED __attribute__((used))
+#elif defined (__GNUC__)
+#pragma GCC optimize ("O3")
+#define __USED __attribute__((used))
+#elif defined (__ICCARM__)
+#define __USED __root
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Definitions
+ *---------------------------------------------------------------------------*/
+
+#define _declare_box(pool,size,cnt)  uint32_t pool[(((size)+3)/4)*(cnt) + 3]
+#define _declare_box8(pool,size,cnt) uint64_t pool[(((size)+7)/8)*(cnt) + 2]
+
+#define OS_TCB_SIZE     48
+#define OS_TMR_SIZE     8
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+
+typedef void    *OS_ID;
+typedef uint32_t OS_TID;
+typedef uint32_t OS_MUT[3];
+typedef uint32_t OS_RESULT;
+
+#define runtask_id()    rt_tsk_self()
+#define mutex_init(m)   rt_mut_init(m)
+#define mutex_wait(m)   os_mut_wait(m,0xFFFF)
+#define mutex_rel(m)    os_mut_release(m)
+
+extern OS_TID    rt_tsk_self    (void);
+extern void      rt_mut_init    (OS_ID mutex);
+extern OS_RESULT rt_mut_release (OS_ID mutex);
+extern OS_RESULT rt_mut_wait    (OS_ID mutex, uint16_t timeout);
+
+#define os_mut_wait(mutex,timeout) _os_mut_wait((uint32_t)rt_mut_wait,mutex,timeout)
+#define os_mut_release(mutex)      _os_mut_release((uint32_t)rt_mut_release,mutex)
+
+OS_RESULT _os_mut_release (uint32_t p, OS_ID mutex)                   __svc_indirect(0);
+OS_RESULT _os_mut_wait    (uint32_t p, OS_ID mutex, uint16_t timeout) __svc_indirect(0);
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+#if (OS_TIMERS != 0)
+#define OS_TASK_CNT (OS_TASKCNT + 1)
+#else
+#define OS_TASK_CNT  OS_TASKCNT
+#endif
+
+uint16_t const os_maxtaskrun = OS_TASK_CNT;
+uint32_t const os_rrobin     = (OS_ROBIN << 16) | OS_ROBINTOUT;
+uint32_t const os_trv        = OS_TRV;
+uint8_t  const os_flags      = OS_RUNPRIV;
+
+/* Export following defines to uVision debugger. */
+__USED uint32_t const os_clockrate = OS_TICK;
+__USED uint32_t const os_timernum  = 0;
+
+/* Stack for the os_idle_demon */
+unsigned int idle_task_stack[OS_IDLESTKSIZE];
+unsigned short const idle_task_stack_size = OS_IDLESTKSIZE;
+
+#ifndef OS_FIFOSZ
+ #define OS_FIFOSZ      16
+#endif
+
+/* Fifo Queue buffer for ISR requests.*/
+uint32_t       os_fifo[OS_FIFOSZ*2+1];
+uint8_t  const os_fifo_size = OS_FIFOSZ;
+
+/* An array of Active task pointers. */
+void *os_active_TCB[OS_TASK_CNT];
+
+/* User Timers Resources */
+#if (OS_TIMERS != 0)
+extern void osTimerThread (void const *argument);
+osThreadDef(osTimerThread, (osPriority)(OS_TIMERPRIO-3), 4*OS_TIMERSTKSZ);
+osThreadId osThreadId_osTimerThread;
+osMessageQDef(osTimerMessageQ, OS_TIMERCBQS, void *);
+osMessageQId osMessageQId_osTimerMessageQ;
+#else
+osThreadDef_t os_thread_def_osTimerThread = { NULL };
+osThreadId osThreadId_osTimerThread;
+osMessageQDef(osTimerMessageQ, 0, void *);
+osMessageQId osMessageQId_osTimerMessageQ;
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      RTX Optimizations (empty functions)
+ *---------------------------------------------------------------------------*/
+
+#if OS_ROBIN == 0
+ void rt_init_robin (void) {;}
+ void rt_chk_robin  (void) {;}
+#endif
+
+#if OS_STKCHECK == 0
+ void rt_stk_check  (void) {;}
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      Standard Library multithreading interface
+ *---------------------------------------------------------------------------*/
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+ static OS_MUT   std_libmutex[OS_MUTEXCNT];
+ static uint32_t nr_mutex;
+
+ /*--------------------------- _mutex_initialize -----------------------------*/
+
+int _mutex_initialize (OS_ID *mutex) {
+  /* Allocate and initialize a system mutex. */
+
+  if (nr_mutex >= OS_MUTEXCNT) {
+    /* If you are here, you need to increase the number OS_MUTEXCNT. */
+    error("Not enough stdlib mutexes\n");
+  }
+  *mutex = &std_libmutex[nr_mutex++];
+  mutex_init (*mutex);
+  return (1);
+}
+
+
+/*--------------------------- _mutex_acquire --------------------------------*/
+
+__attribute__((used)) void _mutex_acquire (OS_ID *mutex) {
+  /* Acquire a system mutex, lock stdlib resources. */
+  if (runtask_id ()) {
+    /* RTX running, acquire a mutex. */
+    mutex_wait (*mutex);
+  }
+}
+
+
+/*--------------------------- _mutex_release --------------------------------*/
+
+__attribute__((used)) void _mutex_release (OS_ID *mutex) {
+  /* Release a system mutex, unlock stdlib resources. */
+  if (runtask_id ()) {
+    /* RTX running, release a mutex. */
+    mutex_rel (*mutex);
+  }
+}
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ *      RTX Startup
+ *---------------------------------------------------------------------------*/
+
+/* Main Thread definition */
+extern int main (void);
+osThreadDef_t os_thread_def_main = {(os_pthread)main, osPriorityNormal, 0, NULL};
+
+// This define should be probably moved to the CMSIS layer
+#if   defined(TARGET_LPC1768)
+#define INITIAL_SP            (0x10008000UL)
+
+#elif defined(TARGET_LPC11U24)
+#define INITIAL_SP            (0x10002000UL)
+
+#elif defined(TARGET_LPC11U35_401) || defined(TARGET_LPC11U35_501) || defined(TARGET_LPCCAPPUCCINO)
+#define INITIAL_SP            (0x10002000UL)
+
+#elif defined(TARGET_LPC1114)
+#define INITIAL_SP            (0x10001000UL)
+
+#elif defined(TARGET_LPC812)
+#define INITIAL_SP            (0x10001000UL)
+
+#elif defined(TARGET_LPC824) || defined(TARGET_SSCI824)
+#define INITIAL_SP            (0x10002000UL)
+
+#elif defined(TARGET_KL25Z)
+#define INITIAL_SP            (0x20003000UL)
+
+#elif defined(TARGET_KL26Z)
+#define INITIAL_SP            (0x20003000UL)
+
+#elif defined(TARGET_K64F)
+#define INITIAL_SP            (0x20030000UL)
+
+#elif defined(TARGET_K22F)
+#define INITIAL_SP            (0x20010000UL)
+
+#elif defined(TARGET_KL46Z)
+#define INITIAL_SP            (0x20006000UL)
+
+#elif defined(TARGET_KL43Z)
+#define INITIAL_SP            (0x20006000UL)
+
+#elif defined(TARGET_KL05Z)
+#define INITIAL_SP            (0x20000C00UL)
+
+#elif defined(TARGET_LPC4088) || defined(TARGET_LPC4088_DM)
+#define INITIAL_SP            (0x10010000UL)
+
+#elif defined(TARGET_LPC4330)
+#define INITIAL_SP            (0x10008000UL)
+
+#elif defined(TARGET_LPC4337)
+#define INITIAL_SP            (0x10008000UL)
+
+#elif defined(TARGET_LPC1347)
+#define INITIAL_SP            (0x10002000UL)
+
+#elif defined(TARGET_STM32F100RB) || defined(TARGET_STM32F051R8)
+#define INITIAL_SP            (0x20002000UL)
+
+#elif defined(TARGET_DISCO_F303VC)
+#define INITIAL_SP            (0x2000A000UL)
+
+#elif defined(TARGET_STM32F407) || defined(TARGET_F407VG)
+#define INITIAL_SP            (0x20020000UL)
+
+#elif defined(TARGET_STM32F401RE)
+#define INITIAL_SP            (0x20018000UL)
+
+#elif defined(TARGET_LPC1549)
+#define INITIAL_SP            (0x02009000UL)
+
+#elif defined(TARGET_LPC11U68)
+#define INITIAL_SP            (0x10008000UL)
+
+#elif defined(TARGET_STM32F411RE)
+#define INITIAL_SP            (0x20020000UL)
+
+#elif defined(TARGET_STM32F410RB)
+#define INITIAL_SP            (0x20008000UL)
+
+#elif defined(TARGET_STM32F103RB)
+#define INITIAL_SP            (0x20005000UL)
+
+#elif defined(TARGET_STM32F302R8)
+#define INITIAL_SP            (0x20004000UL)
+
+#elif  defined(TARGET_STM32F334R8)
+#define INITIAL_SP            (0x20003000UL)
+
+#elif  defined(TARGET_STM32F334C8)
+#define INITIAL_SP            (0x20003000UL)
+
+#elif  defined(TARGET_STM32F405RG)
+#define INITIAL_SP            (0x20020000UL)
+
+#elif defined(TARGET_STM32F429ZI)
+#define INITIAL_SP            (0x20030000UL)
+
+#elif defined(TARGET_STM32L053R8) || defined(TARGET_STM32L053C8)
+#define INITIAL_SP            (0x20002000UL)
+
+#elif defined(TARGET_STM32F072RB)
+#define INITIAL_SP            (0x20004000UL)
+
+#elif defined(TARGET_STM32F091RC)
+#define INITIAL_SP            (0x20008000UL)
+
+#elif defined(TARGET_STM32F401VC)
+#define INITIAL_SP            (0x20010000UL)
+
+#elif defined(TARGET_STM32F303RE)
+#define INITIAL_SP            (0x20010000UL)
+
+#elif defined(TARGET_STM32F303K8)
+#define INITIAL_SP            (0x20003000UL)
+
+#elif defined(TARGET_STM32F746NG)
+#define INITIAL_SP            (0x20050000UL)
+
+#elif defined(TARGET_MAX32610) || defined(TARGET_MAX32600)
+#define INITIAL_SP            (0x20008000UL)
+
+#elif defined(TARGET_TEENSY3_1)
+#define INITIAL_SP            (0x20008000UL)
+
+#elif defined(TARGET_STM32L152RE)
+#define INITIAL_SP            (0x20014000UL)
+
+#elif defined(TARGET_NZ32_SC151)
+#define INITIAL_SP            (0x20008000UL)
+
+#elif (defined(TARGET_STM32F446RE) || defined(TARGET_STM32F446VE)) 
+#define INITIAL_SP            (0x20020000UL)
+
+#elif defined(TARGET_STM32F070RB) || defined(TARGET_STM32F030R8)
+#define INITIAL_SP            (0x20002000UL)
+
+#elif defined(TARGET_STM32L476VG)
+#define INITIAL_SP            (0x20018000UL)
+
+#elif defined(TARGET_STM32L476RG)
+#define INITIAL_SP            (0x20018000UL)
+
+#elif defined(TARGET_STM32F469NI)
+#define INITIAL_SP            (0x20050000UL)
+
+#elif defined(TARGET_STM32L152RC)
+#define INITIAL_SP            (0x20008000UL)
+
+
+#else
+#error "no target defined"
+
+#endif
+
+#ifdef __CC_ARM
+extern uint32_t          Image$$RW_IRAM1$$ZI$$Limit[];
+#define HEAP_START      (Image$$RW_IRAM1$$ZI$$Limit)
+#elif defined(__GNUC__)
+extern uint32_t          __end__[];
+#define HEAP_START      (__end__)
+#elif defined(__ICCARM__)
+#pragma section="HEAP"
+#define HEAP_START     (void *)__section_begin("HEAP")
+#endif
+
+void set_main_stack(void) {
+    // That is the bottom of the main stack block: no collision detection
+    os_thread_def_main.stack_pointer = HEAP_START;
+
+    // Leave OS_SCHEDULERSTKSIZE words for the scheduler and interrupts
+    os_thread_def_main.stacksize = (INITIAL_SP - (unsigned int)HEAP_START) - (OS_SCHEDULERSTKSIZE * 4);
+}
+
+#if defined (__CC_ARM)
+#ifdef __MICROLIB
+void _main_init (void) __attribute__((section(".ARM.Collect$$$$000000FF")));
+void _main_init (void) {
+  osKernelInitialize();
+  set_main_stack();
+  osThreadCreate(&os_thread_def_main, NULL);
+  osKernelStart();
+  for (;;);
+}
+#else
+
+/* The single memory model is checking for stack collision at run time, verifing
+   that the heap pointer is underneath the stack pointer.
+
+   With the RTOS there is not only one stack above the heap, there are multiple
+   stacks and some of them are underneath the heap pointer.
+*/
+#pragma import(__use_two_region_memory)
+
+__asm void __rt_entry (void) {
+
+  IMPORT  __user_setup_stackheap
+  IMPORT  __rt_lib_init
+  IMPORT  os_thread_def_main
+  IMPORT  osKernelInitialize
+  IMPORT  set_main_stack
+  IMPORT  osKernelStart
+  IMPORT  osThreadCreate
+  IMPORT  exit
+
+  BL      __user_setup_stackheap
+  MOV     R1,R2
+  BL      __rt_lib_init
+  BL      osKernelInitialize
+  BL      set_main_stack
+  LDR     R0,=os_thread_def_main
+  MOVS    R1,#0
+  BL      osThreadCreate
+  BL      osKernelStart
+  BL      exit
+
+  ALIGN
+}
+#endif
+
+#elif defined (__GNUC__)
+
+#ifdef __CS3__
+
+/* CS3 start_c routine.
+ *
+ * Copyright (c) 2006, 2007 CodeSourcery Inc
+ *
+ * The authors hereby grant permission to use, copy, modify, distribute,
+ * and license this software and its documentation for any purpose, provided
+ * that existing copyright notices are retained in all copies and that this
+ * notice is included verbatim in any distributions. No written agreement,
+ * license, or royalty fee is required for any of the authorized uses.
+ * Modifications to this software may be copyrighted by their authors
+ * and need not follow the licensing terms described here, provided that
+ * the new terms are clearly indicated on the first page of each file where
+ * they apply.
+ */
+
+#include "cs3.h"
+
+extern void __libc_init_array (void);
+
+__attribute ((noreturn)) void __cs3_start_c (void){
+  unsigned regions = __cs3_region_num;
+  const struct __cs3_region *rptr = __cs3_regions;
+
+  /* Initialize memory */
+  for (regions = __cs3_region_num, rptr = __cs3_regions; regions--; rptr++) {
+    long long *src = (long long *)rptr->init;
+    long long *dst = (long long *)rptr->data;
+    unsigned limit = rptr->init_size;
+    unsigned count;
+
+    if (src != dst)
+      for (count = 0; count != limit; count += sizeof (long long))
+        *dst++ = *src++;
+    else
+      dst = (long long *)((char *)dst + limit);
+    limit = rptr->zero_size;
+    for (count = 0; count != limit; count += sizeof (long long))
+      *dst++ = 0;
+  }
+
+  /* Run initializers.  */
+  __libc_init_array ();
+
+  osKernelInitialize();
+  set_main_stack();
+  osThreadCreate(&os_thread_def_main, NULL);
+  osKernelStart();
+  for (;;);
+}
+
+#else
+
+__attribute__((naked)) void software_init_hook (void) {
+  __asm (
+    ".syntax unified\n"
+    ".thumb\n"
+    "movs r0,#0\n"
+    "movs r1,#0\n"
+    "mov  r4,r0\n"
+    "mov  r5,r1\n"
+    "ldr  r0,= __libc_fini_array\n"
+    "bl   atexit\n"
+    "bl   __libc_init_array\n"
+    "mov  r0,r4\n"
+    "mov  r1,r5\n"
+    "bl   osKernelInitialize\n"
+    "bl   set_main_stack\n"
+    "ldr  r0,=os_thread_def_main\n"
+    "movs r1,#0\n"
+    "bl   osThreadCreate\n"
+    "bl   osKernelStart\n"
+    "bl   exit\n"
+  );
+}
+
+#endif
+
+#elif defined (__ICCARM__)
+
+extern void* __vector_table;
+extern int  __low_level_init(void);
+extern void __iar_data_init3(void);
+extern __weak void __iar_init_core( void );
+extern __weak void __iar_init_vfp( void );
+extern void __iar_dynamic_initialization(void);
+extern void mbed_sdk_init(void);
+extern void exit(int arg);
+
+#pragma required=__vector_table
+void __iar_program_start( void )
+{
+  __iar_init_core();
+  __iar_init_vfp();
+
+  int a;
+
+  if (__low_level_init() != 0) {
+    __iar_data_init3();
+    mbed_sdk_init();
+    __iar_dynamic_initialization();
+  }
+  osKernelInitialize();
+  set_main_stack();
+  osThreadCreate(&os_thread_def_main, NULL);
+  a = osKernelStart();
+  exit(a);
+
+}
+
+#endif
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/RTX_Conf.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,72 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_CONFIG.H
+ *      Purpose: Exported functions of RTX_Config.c
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+
+/* Error Codes */
+#define OS_ERR_STK_OVF          1
+#define OS_ERR_FIFO_OVF         2
+#define OS_ERR_MBX_OVF          3
+
+/* Definitions */
+#define BOX_ALIGN_8                   0x80000000
+#define _declare_box(pool,size,cnt)   U32 pool[(((size)+3)/4)*(cnt) + 3]
+#define _declare_box8(pool,size,cnt)  U64 pool[(((size)+7)/8)*(cnt) + 2]
+#define _init_box8(pool,size,bsize)   _init_box (pool,size,(bsize) | BOX_ALIGN_8)
+
+/* Variables */
+extern U32 idle_task_stack[];
+extern U32 os_fifo[];
+extern void *os_active_TCB[];
+
+/* Constants */
+extern U16 const os_maxtaskrun;
+extern U32 const os_trv;
+extern U8  const os_flags;
+extern U32 const os_rrobin;
+extern U32 const os_clockrate;
+extern U32 const os_timernum;
+extern U16 const idle_task_stack_size;
+
+extern U8  const os_fifo_size;
+
+/* Functions */
+extern void os_idle_demon   (void);
+extern int  os_tick_init    (void);
+extern void os_tick_irqack  (void);
+extern void os_tmr_call     (U16  info);
+extern void os_error        (U32 err_code);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/RTX_Conf_CM.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,347 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RTX_Conf_CM.C
+ *      Purpose: Configuration of CMSIS RTX Kernel for Cortex-M
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "cmsis_os.h"
+
+
+/*----------------------------------------------------------------------------
+ *      RTX User configuration part BEGIN
+ *---------------------------------------------------------------------------*/
+
+//-------- <<< Use Configuration Wizard in Context Menu >>> -----------------
+//
+// <h>Thread Configuration
+// =======================
+//
+//   <o>Number of concurrent running threads <0-250>
+//   <i> Defines max. number of threads that will run at the same time.
+//       counting "main", but not counting "osTimerThread"
+//   <i> Default: 6
+#ifndef OS_TASKCNT
+#  if   defined(TARGET_LPC1768) || defined(TARGET_LPC2368)   || defined(TARGET_LPC4088) || defined(TARGET_LPC4088_DM) || defined(TARGET_LPC4330) || defined(TARGET_LPC4337) || defined(TARGET_LPC1347) || defined(TARGET_K64F) || defined(TARGET_STM32F401RE)\
+   || defined(TARGET_STM32F410RB) || defined(TARGET_KL46Z) || defined(TARGET_KL43Z)  || defined(TARGET_STM32F407) || defined(TARGET_F407VG)  || defined(TARGET_STM32F303VC) || defined(TARGET_LPC1549) || defined(TARGET_LPC11U68) \
+   || defined(TARGET_STM32F411RE) || defined(TARGET_STM32F405RG) || defined(TARGET_K22F) || defined(TARGET_STM32F429ZI) || defined(TARGET_STM32F401VC) || defined(TARGET_MAX32610) || defined(TARGET_MAX32600) || defined(TARGET_TEENSY3_1) \
+   || defined(TARGET_STM32L152RE) || defined(TARGET_STM32F446RE) || defined(TARGET_STM32F446VE) || defined(TARGET_STM32L476VG) || defined(TARGET_STM32L476RG) || defined(TARGET_STM32F469NI) || defined(TARGET_STM32F746NG) || defined(TARGET_STM32L152RC)
+#    define OS_TASKCNT         14
+#  elif defined(TARGET_LPC11U24) || defined(TARGET_STM32F303RE) || defined(TARGET_STM32F303K8) || defined(TARGET_LPC11U35_401)  || defined(TARGET_LPC11U35_501) || defined(TARGET_LPCCAPPUCCINO) || defined(TARGET_LPC1114) \
+   || defined(TARGET_LPC812)   || defined(TARGET_KL25Z)         || defined(TARGET_KL26Z)         || defined(TARGET_KL05Z)        || defined(TARGET_STM32F100RB)  || defined(TARGET_STM32F051R8) \
+   || defined(TARGET_STM32F103RB) || defined(TARGET_LPC824) || defined(TARGET_STM32F302R8) || defined(TARGET_STM32F334R8) || defined(TARGET_STM32F334C8) \
+   || defined(TARGET_STM32L053R8) || defined(TARGET_STM32L053C8) || defined(TARGET_STM32F072RB) || defined(TARGET_STM32F091RC) || defined(TARGET_NZ32_SC151) \
+   || defined(TARGET_SSCI824)  || defined(TARGET_STM32F030R8) || defined(TARGET_STM32F070RB)
+#    define OS_TASKCNT         6
+#  else
+#    error "no target defined"
+#  endif
+#endif
+
+//   <o>Scheduler (+ interrupts) stack size [bytes] <64-4096:8><#/4>
+#ifndef OS_SCHEDULERSTKSIZE
+#  if   defined(TARGET_LPC1768) || defined(TARGET_LPC2368)   || defined(TARGET_LPC4088) || defined(TARGET_LPC4088_DM) || defined(TARGET_LPC4330) || defined(TARGET_LPC4337) || defined(TARGET_LPC1347)  || defined(TARGET_K64F) || defined(TARGET_STM32F401RE)\
+   || defined(TARGET_STM32F410RB) || defined(TARGET_KL46Z) || defined(TARGET_KL43Z) || defined(TARGET_STM32F407) || defined(TARGET_F407VG)  || defined(TARGET_STM32F303VC) || defined(TARGET_LPC1549) || defined(TARGET_LPC11U68) \
+   || defined(TARGET_STM32F411RE) || defined(TARGET_STM32F405RG) || defined(TARGET_K22F) || defined(TARGET_STM32F429ZI) || defined(TARGET_STM32F401VC) || defined(TARGET_MAX32610) || defined(TARGET_MAX32600) || defined(TARGET_TEENSY3_1) \
+   || defined(TARGET_STM32L152RE) || defined(TARGET_STM32F446RE) || defined(TARGET_STM32F446VE) || defined(TARGET_STM32L476VG) || defined(TARGET_STM32L476RG) || defined(TARGET_STM32F469NI) || defined(TARGET_STM32F746NG) || defined(TARGET_STM32L152RC)
+#      define OS_SCHEDULERSTKSIZE    256
+#  elif defined(TARGET_LPC11U24) || defined(TARGET_LPC11U35_401)  || defined(TARGET_LPC11U35_501) || defined(TARGET_LPCCAPPUCCINO)  || defined(TARGET_LPC1114) \
+   || defined(TARGET_LPC812)   || defined(TARGET_KL25Z)         || defined(TARGET_KL26Z)        || defined(TARGET_KL05Z)        || defined(TARGET_STM32F100RB)  || defined(TARGET_STM32F051R8) \
+   || defined(TARGET_STM32F103RB) || defined(TARGET_LPC824) || defined(TARGET_STM32F302R8) || defined(TARGET_STM32F072RB) || defined(TARGET_STM32F091RC) || defined(TARGET_NZ32_SC151) \
+   || defined(TARGET_SSCI824) || defined(TARGET_STM32F030R8) || defined(TARGET_STM32F070RB)
+#      define OS_SCHEDULERSTKSIZE    128
+#  elif defined(TARGET_STM32F334R8) || defined(TARGET_STM32F303RE) ||  defined(TARGET_STM32F303K8) ||  defined(TARGET_STM32F334C8) || defined(TARGET_STM32L053R8) || defined(TARGET_STM32L053C8)
+#      define OS_SCHEDULERSTKSIZE    112
+#  else
+#    error "no target defined"
+#  endif
+#endif
+
+//   <o>Idle stack size [bytes] <64-4096:8><#/4>
+//   <i> Defines default stack size for the Idle thread.
+#ifndef OS_IDLESTKSIZE
+ #define OS_IDLESTKSIZE         128
+#endif
+
+//   <o>Timer Thread stack size [bytes] <64-4096:8><#/4>
+//   <i> Defines stack size for Timer thread.
+//   <i> Default: 200
+#ifndef OS_TIMERSTKSZ
+ #define OS_TIMERSTKSZ  WORDS_STACK_SIZE
+#endif
+
+// <q>Check for stack overflow
+// <i> Includes the stack checking code for stack overflow.
+// <i> Note that additional code reduces the Kernel performance.
+#ifndef OS_STKCHECK
+ #define OS_STKCHECK    1
+#endif
+
+// <o>Processor mode for thread execution
+//   <0=> Unprivileged mode
+//   <1=> Privileged mode
+// <i> Default: Privileged mode
+#ifndef OS_RUNPRIV
+ #define OS_RUNPRIV     1
+#endif
+
+// </h>
+// <h>SysTick Timer Configuration
+// ==============================
+//
+//   <o>Timer clock value [Hz] <1-1000000000>
+//   <i> Defines the timer clock value.
+//   <i> Default: 6000000  (6MHz)
+#ifndef OS_CLOCK
+#  if defined(TARGET_LPC1768) || defined(TARGET_LPC2368) || defined(TARGET_TEENSY3_1)
+#    define OS_CLOCK       96000000
+
+#  elif defined(TARGET_LPC1347) || defined(TARGET_STM32F303VC) || defined(TARGET_LPC1549) || defined(TARGET_STM32F334R8) || defined(TARGET_STM32F334C8) || defined(TARGET_STM32F303RE)
+#    define OS_CLOCK       72000000
+
+#  elif defined(TARGET_STM32F303K8)
+#    define OS_CLOCK       64000000
+
+#  elif defined(TARGET_LPC11U24) || defined(TARGET_LPC11U35_401)  || defined(TARGET_LPC11U35_501) || defined(TARGET_LPCCAPPUCCINO)  || defined(TARGET_LPC1114) || defined(TARGET_KL25Z) \
+     || defined(TARGET_KL26Z) || defined(TARGET_KL05Z) || defined(TARGET_KL46Z) || defined(TARGET_KL43Z) || defined(TARGET_STM32F051R8) || defined(TARGET_LPC11U68) || defined(TARGET_STM32F072RB) || defined(TARGET_STM32F091RC)
+#    define OS_CLOCK       48000000
+
+#  elif defined(TARGET_LPC812)
+#    define OS_CLOCK       36000000
+
+#  elif defined(TARGET_LPC824) || defined(TARGET_SSCI824)
+#    define OS_CLOCK       30000000
+
+#  elif  defined(TARGET_STM32F100RB)
+#    define OS_CLOCK       24000000
+
+#  elif defined(TARGET_LPC4088) || defined(TARGET_LPC4088_DM) || defined(TARGET_K64F) || defined(TARGET_K22F)
+#    define OS_CLOCK       120000000
+
+#  elif defined(TARGET_LPC4330)
+#    define OS_CLOCK       204000000
+
+#  elif defined(TARGET_LPC4337)
+#    define OS_CLOCK       204000000
+
+#  elif defined(TARGET_STM32F407) || defined(TARGET_F407VG)
+#    define OS_CLOCK       168000000
+
+#  elif defined(TARGET_STM32F401RE)
+#    define OS_CLOCK       84000000
+
+#  elif defined(TARGET_STM32F411RE)
+#     define OS_CLOCK      100000000
+
+#  elif defined(TARGET_STM32F410RB)
+#     define OS_CLOCK      100000000
+
+#elif defined(TARGET_STM32F103RB)
+#    define OS_CLOCK       72000000
+
+#elif defined(TARGET_STM32F429ZI)
+#    define OS_CLOCK       168000000
+
+#elif defined(TARGET_STM32F302R8)
+#    define OS_CLOCK       72000000
+
+#elif defined(TARGET_STM32L053R8) || defined(TARGET_STM32L053C8)
+#    define OS_CLOCK       32000000
+
+#elif defined(TARGET_STM32F401VC)
+#    define OS_CLOCK       84000000
+
+#  elif defined(TARGET_STM32F746NG)
+#     define OS_CLOCK      216000000
+
+#elif defined(TARGET_MAX32610) || defined(TARGET_MAX32600)
+#    define OS_CLOCK       24000000
+
+#elif defined(TARGET_NZ32_SC151)
+#    define OS_CLOCK       32000000
+
+#elif defined(TARGET_STM32L152RE)
+#    define OS_CLOCK       24000000
+
+#elif (defined(TARGET_STM32F446RE) || defined(TARGET_STM32F446VE))
+#    define OS_CLOCK       180000000
+
+#elif defined(TARGET_STM32F030R8)
+#    define OS_CLOCK       48000000
+
+#elif defined(TARGET_STM32F070RB)
+#    define OS_CLOCK       48000000
+
+#elif defined(TARGET_STM32L476VG) || defined(TARGET_STM32L476RG)
+#    define OS_CLOCK       80000000
+
+#elif defined(TARGET_STM32F469NI)
+#    define OS_CLOCK       168000000
+
+#elif defined(TARGET_STM32L152RC)
+#    define OS_CLOCK       24000000
+
+#  else
+#    error "no target defined"
+#  endif
+#endif
+
+//   <o>Timer tick value [us] <1-1000000>
+//   <i> Defines the timer tick value.
+//   <i> Default: 1000  (1ms)
+#ifndef OS_TICK
+ #define OS_TICK        1000
+#endif
+
+// </h>
+
+// <h>System Configuration
+// =======================
+//
+// <e>Round-Robin Thread switching
+// ===============================
+//
+// <i> Enables Round-Robin Thread switching.
+#ifndef OS_ROBIN
+ #define OS_ROBIN       1
+#endif
+
+//   <o>Round-Robin Timeout [ticks] <1-1000>
+//   <i> Defines how long a thread will execute before a thread switch.
+//   <i> Default: 5
+#ifndef OS_ROBINTOUT
+ #define OS_ROBINTOUT   5
+#endif
+
+// </e>
+
+// <e>User Timers
+// ==============
+//   <i> Enables user Timers
+#ifndef OS_TIMERS
+ #define OS_TIMERS      1
+#endif
+
+//   <o>Timer Thread Priority
+//                        <1=> Low
+//                        <2=> Below Normal
+//                        <3=> Normal
+//                        <4=> Above Normal
+//                        <5=> High
+//                        <6=> Realtime (highest)
+//   <i> Defines priority for Timer Thread
+//   <i> Default: High
+#ifndef OS_TIMERPRIO
+ #define OS_TIMERPRIO   5
+#endif
+
+//   <o>Timer Callback Queue size <1-32>
+//   <i> Number of concurrent active timer callback functions.
+//   <i> Default: 4
+#ifndef OS_TIMERCBQSZ
+ #define OS_TIMERCBQS   4
+#endif
+
+// </e>
+
+//   <o>ISR FIFO Queue size<4=>   4 entries  <8=>   8 entries
+//                         <12=> 12 entries  <16=> 16 entries
+//                         <24=> 24 entries  <32=> 32 entries
+//                         <48=> 48 entries  <64=> 64 entries
+//                         <96=> 96 entries
+//   <i> ISR functions store requests to this buffer,
+//   <i> when they are called from the interrupt handler.
+//   <i> Default: 16 entries
+#ifndef OS_FIFOSZ
+ #define OS_FIFOSZ      16
+#endif
+
+// </h>
+
+//------------- <<< end of configuration section >>> -----------------------
+
+// Standard library system mutexes
+// ===============================
+//  Define max. number system mutexes that are used to protect
+//  the arm standard runtime library. For microlib they are not used.
+#ifndef OS_MUTEXCNT
+ #define OS_MUTEXCNT    12
+#endif
+
+/*----------------------------------------------------------------------------
+ *      RTX User configuration part END
+ *---------------------------------------------------------------------------*/
+
+#define OS_TRV          ((uint32_t)(((double)OS_CLOCK*(double)OS_TICK)/1E6)-1)
+
+
+/*----------------------------------------------------------------------------
+ *      OS Idle daemon
+ *---------------------------------------------------------------------------*/
+void os_idle_demon (void) {
+  /* The idle demon is a system thread, running when no other thread is      */
+  /* ready to run.                                                           */
+
+  /* Sleep: ideally, we should put the chip to sleep.
+     Unfortunately, this usually requires disconnecting the interface chip (debugger).
+     This can be done, but it would break the local file system.
+  */
+  for (;;) {
+      // sleep();
+  }
+}
+
+/*----------------------------------------------------------------------------
+ *      RTX Errors
+ *---------------------------------------------------------------------------*/
+extern void mbed_die(void);
+
+void os_error (uint32_t err_code) {
+    /* This function is called when a runtime error is detected. Parameter     */
+    /* 'err_code' holds the runtime error code (defined in RTX_Conf.h).      */
+    mbed_die();
+}
+
+void sysThreadError(osStatus status) {
+    if (status != osOK) {
+        mbed_die();
+    }
+}
+
+/*----------------------------------------------------------------------------
+ *      RTX Configuration Functions
+ *---------------------------------------------------------------------------*/
+
+#include "RTX_CM_lib.h"
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_ARM/HAL_CM0.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,301 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM0.C
+ *      Purpose: Hardware Abstraction Layer for Cortex-M0
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_HAL_CM.h"
+#include "rt_Task.h"
+#include "rt_MemBox.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+__asm void rt_set_PSP (U32 stack) {
+        MSR     PSP,R0
+        BX      LR
+}
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+__asm U32 rt_get_PSP (void) {
+        MRS     R0,PSP
+        BX      LR
+}
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+__asm void os_set_env (void) {
+   /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+        MOV     R0,SP                   ; PSP = MSP
+        MSR     PSP,R0
+        LDR     R0,=__cpp(&os_flags)
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        BNE     PrivilegedE
+        MOVS    R0,#0x03                ; Unprivileged Thread mode, use PSP
+        MSR     CONTROL,R0
+        BX      LR
+PrivilegedE
+        MOVS    R0,#0x02                ; Privileged Thread mode, use PSP
+        MSR     CONTROL,R0
+        BX      LR
+
+        ALIGN
+}
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+__asm void *_alloc_box (void *box_mem) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        LDR     R3,=__cpp(rt_alloc_box)
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedA
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedA
+        SVC     0
+        BX      LR
+PrivilegedA
+        BX      R12
+
+        ALIGN
+}
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+__asm int _free_box (void *box_mem, void *box) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        LDR     R3,=__cpp(rt_free_box)
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedF
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedF
+        SVC     0
+        BX      LR
+PrivilegedF
+        BX      R12
+
+        ALIGN
+}
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+__asm void SVC_Handler (void) {
+        PRESERVE8
+
+        IMPORT  SVC_Count
+        IMPORT  SVC_Table
+        IMPORT  rt_stk_check
+
+        MRS     R0,PSP                  ; Read PSP
+        LDR     R1,[R0,#24]             ; Read Saved PC from Stack
+        SUBS    R1,R1,#2                ; Point to SVC Instruction
+        LDRB    R1,[R1]                 ; Load SVC Number
+        CMP     R1,#0
+        BNE     SVC_User                ; User SVC Number > 0
+
+        MOV     LR,R4
+        LDMIA   R0,{R0-R3,R4}           ; Read R0-R3,R12 from stack
+        MOV     R12,R4
+        MOV     R4,LR
+        BLX     R12                     ; Call SVC Function
+
+        MRS     R3,PSP                  ; Read PSP
+        STMIA   R3!,{R0-R2}             ; Store return values
+
+        LDR     R3,=__cpp(&os_tsk)
+        LDMIA   R3!,{R1,R2}             ; os_tsk.run, os_tsk.new
+        CMP     R1,R2
+        BEQ     SVC_Exit                ; no task switch
+
+        SUBS    R3,#8
+        CMP     R1,#0                   ; Runtask deleted?
+        BEQ     SVC_Next
+
+        MRS     R0,PSP                  ; Read PSP
+        SUBS    R0,R0,#32               ; Adjust Start Address
+        STR     R0,[R1,#TCB_TSTACK]     ; Update os_tsk.run->tsk_stack
+        STMIA   R0!,{R4-R7}             ; Save old context (R4-R7)
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             ; Save old context (R8-R11)
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            ; Check for Stack overflow
+        POP     {R2,R3}
+
+SVC_Next
+        STR     R2,[R3]                 ; os_tsk.run = os_tsk.new
+
+        LDR     R0,[R2,#TCB_TSTACK]     ; os_tsk.new->tsk_stack
+        ADDS    R0,R0,#16               ; Adjust Start Address
+        LDMIA   R0!,{R4-R7}             ; Restore new Context (R8-R11)
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  ; Write PSP
+        SUBS    R0,R0,#32               ; Adjust Start Address
+        LDMIA   R0!,{R4-R7}             ; Restore new Context (R4-R7)
+
+SVC_Exit
+        MOVS    R0,#:NOT:0xFFFFFFFD     ; Set EXC_RETURN value
+        MVNS    R0,R0
+        BX      R0                      ; RETI to Thread Mode, use PSP
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User
+        PUSH    {R4,LR}                 ; Save Registers
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                ; Overflow
+
+        LDR     R4,=SVC_Table-4
+        LSLS    R1,R1,#2
+        LDR     R4,[R4,R1]              ; Load SVC Function Address
+        MOV     LR,R4
+
+        LDMIA   R0,{R0-R3,R4}           ; Read R0-R3,R12 from stack
+        MOV     R12,R4
+        BLX     LR                      ; Call SVC Function
+
+        MRS     R4,PSP                  ; Read PSP
+        STMIA   R4!,{R0-R3}             ; Function return values
+SVC_Done
+        POP     {R4,PC}                 ; RETI
+
+        ALIGN
+}
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+__asm void PendSV_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(rt_pop_req)
+
+Sys_Switch
+        LDR     R3,=__cpp(&os_tsk)
+        LDMIA   R3!,{R1,R2}             ; os_tsk.run, os_tsk.new
+        CMP     R1,R2
+        BEQ     Sys_Exit                ; no task switch
+
+        SUBS    R3,#8
+
+        MRS     R0,PSP                  ; Read PSP
+        SUBS    R0,R0,#32               ; Adjust Start Address
+        STR     R0,[R1,#TCB_TSTACK]     ; Update os_tsk.run->tsk_stack
+        STMIA   R0!,{R4-R7}             ; Save old context (R4-R7)
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             ; Save old context (R8-R11)
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            ; Check for Stack overflow
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 ; os_tsk.run = os_tsk.new
+
+        LDR     R0,[R2,#TCB_TSTACK]     ; os_tsk.new->tsk_stack
+        ADDS    R0,R0,#16               ; Adjust Start Address
+        LDMIA   R0!,{R4-R7}             ; Restore new Context (R8-R11)
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  ; Write PSP
+        SUBS    R0,R0,#32               ; Adjust Start Address
+        LDMIA   R0!,{R4-R7}             ; Restore new Context (R4-R7)
+
+Sys_Exit
+        MOVS    R0,#:NOT:0xFFFFFFFD     ; Set EXC_RETURN value
+        MVNS    R0,R0
+        BX      R0                      ; RETI to Thread Mode, use PSP
+
+        ALIGN
+}
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+__asm void SysTick_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(rt_systick)
+        B       Sys_Switch
+
+        ALIGN
+}
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+__asm void OS_Tick_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(os_tick_irqack)
+        BL      __cpp(rt_systick)
+        B       Sys_Switch
+
+        ALIGN
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_ARM/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,57 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.60
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                AREA    SVC_TABLE, CODE, READONLY
+
+                EXPORT  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;               IMPORT  __SVC_1
+
+                EXPORT  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;               DCD     __SVC_1                 ; user SVC function
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_GCC/HAL_CM0.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,370 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM0.S
+ *      Purpose: Hardware Abstraction Layer for Cortex-M0
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        .file   "HAL_CM0.S"
+        .syntax unified
+
+        .equ    TCB_TSTACK, 40
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        .thumb
+
+        .section ".text"
+        .align  2
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+#       void rt_set_PSP (U32 stack);
+
+        .thumb_func
+        .type   rt_set_PSP, %function
+        .global rt_set_PSP
+rt_set_PSP:
+        .fnstart
+        .cantunwind
+
+        MSR     PSP,R0
+        BX      LR
+
+        .fnend
+        .size   rt_set_PSP, .-rt_set_PSP
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+#       U32 rt_get_PSP (void);
+
+        .thumb_func
+        .type   rt_get_PSP, %function
+        .global rt_get_PSP
+rt_get_PSP:
+        .fnstart
+        .cantunwind
+
+        MRS     R0,PSP
+        BX      LR
+
+        .fnend
+        .size   rt_get_PSP, .-rt_get_PSP
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+#       void os_set_env (void);
+        /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+
+        .thumb_func
+        .type   os_set_env, %function
+        .global os_set_env
+os_set_env:
+        .fnstart
+        .cantunwind
+
+        MOV     R0,SP                   /* PSP = MSP */
+        MSR     PSP,R0
+        LDR     R0,=os_flags
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        BNE     PrivilegedE
+        MOVS    R0,#0x03                /* Unprivileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+PrivilegedE:
+        MOVS    R0,#0x02                /* Privileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+
+        .fnend
+        .size   os_set_env, .-os_set_env
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+#      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .thumb_func
+        .type   _alloc_box, %function
+        .global _alloc_box
+_alloc_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R3,=rt_alloc_box
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedA
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedA
+        SVC     0
+        BX      LR
+PrivilegedA:
+        BX      R12
+
+        .fnend
+        .size   _alloc_box, .-_alloc_box
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+#       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .thumb_func
+        .type   _free_box, %function
+        .global _free_box
+_free_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R3,=rt_free_box
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedF
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedF
+        SVC     0
+        BX      LR
+PrivilegedF:
+        BX      R12
+
+        .fnend
+        .size   _free_box, .-_free_box
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+#       void SVC_Handler (void);
+
+        .thumb_func
+        .type   SVC_Handler, %function
+        .global SVC_Handler
+SVC_Handler:
+        .fnstart
+        .cantunwind
+
+        MRS     R0,PSP                  /* Read PSP */
+        LDR     R1,[R0,#24]             /* Read Saved PC from Stack */
+        SUBS    R1,R1,#2                /* Point to SVC Instruction */
+        LDRB    R1,[R1]                 /* Load SVC Number */
+        CMP     R1,#0
+        BNE     SVC_User                /* User SVC Number > 0 */
+
+        MOV     LR,R4
+        LDMIA   R0,{R0-R3,R4}           /* Read R0-R3,R12 from stack */
+        MOV     R12,R4
+        MOV     R4,LR
+        BLX     R12                     /* Call SVC Function */
+
+        MRS     R3,PSP                  /* Read PSP */
+        STMIA   R3!,{R0-R2}             /* Store return values */
+
+        LDR     R3,=os_tsk
+        LDMIA   R3!,{R1,R2}             /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     SVC_Exit                /* no task switch */
+
+        SUBS    R3,#8
+        CMP     R1,#0                   /* Runtask deleted? */
+        BEQ     SVC_Next
+
+        MRS     R0,PSP                  /* Read PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        STR     R0,[R1,#TCB_TSTACK]     /* Update os_tsk.run->tsk_stack */
+        STMIA   R0!,{R4-R7}             /* Save old context (R4-R7) */
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             /* Save old context (R8-R11) */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+SVC_Next:
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R0,[R2,#TCB_TSTACK]     /* os_tsk.new->tsk_stack */
+        ADDS    R0,R0,#16               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R8-R11) */
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  /* Write PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R4-R7) */
+
+SVC_Exit:
+        MOVS    R0,#~0xFFFFFFFD         /* Set EXC_RETURN value */
+        MVNS    R0,R0
+        BX      R0                      /* RETI to Thread Mode, use PSP */
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        PUSH    {R4,LR}                 /* Save Registers */
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table-4
+        LSLS    R1,R1,#2
+        LDR     R4,[R4,R1]              /* Load SVC Function Address */
+        MOV     LR,R4
+
+        LDMIA   R0,{R0-R3,R4}           /* Read R0-R3,R12 from stack */
+        MOV     R12,R4
+        BLX     LR                      /* Call SVC Function */
+
+        MRS     R4,PSP                  /* Read PSP */
+        STMIA   R4!,{R0-R3}             /* Function return values */
+SVC_Done:
+        POP     {R4,PC}                 /* RETI */
+
+        .fnend
+        .size   SVC_Handler, .-SVC_Handler
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+#       void PendSV_Handler (void);
+
+        .thumb_func
+        .type   PendSV_Handler, %function
+        .global PendSV_Handler
+        .global Sys_Switch
+PendSV_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      rt_pop_req
+
+Sys_Switch:
+        LDR     R3,=os_tsk
+        LDMIA   R3!,{R1,R2}             /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     Sys_Exit                /* no task switch */
+
+        SUBS    R3,#8
+
+        MRS     R0,PSP                  /* Read PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        STR     R0,[R1,#TCB_TSTACK]     /* Update os_tsk.run->tsk_stack */
+        STMIA   R0!,{R4-R7}             /* Save old context (R4-R7) */
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             /* Save old context (R8-R11) */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R0,[R2,#TCB_TSTACK]     /* os_tsk.new->tsk_stack */
+        ADDS    R0,R0,#16               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R8-R11) */
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  /* Write PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R4-R7) */
+
+Sys_Exit:
+        MOVS    R0,#~0xFFFFFFFD         /* Set EXC_RETURN value */
+        MVNS    R0,R0
+        BX      R0                      /* RETI to Thread Mode, use PSP */
+
+        .fnend
+        .size   PendSV_Handler, .-PendSV_Handler
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+#       void SysTick_Handler (void);
+
+        .thumb_func
+        .type   SysTick_Handler, %function
+        .global SysTick_Handler
+SysTick_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      rt_systick
+        B       Sys_Switch
+
+        .fnend
+        .size   SysTick_Handler, .-SysTick_Handler
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+#       void OS_Tick_Handler (void);
+
+        .thumb_func
+        .type   OS_Tick_Handler, %function
+        .global OS_Tick_Handler
+OS_Tick_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      os_tick_irqack
+        BL      rt_systick
+        B       Sys_Switch
+
+        .fnend
+        .size   OS_Tick_Handler, .-OS_Tick_Handler
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_GCC/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.60
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+        .file   "SVC_Table.S"
+
+
+        .section ".svc_table"
+
+        .global  SVC_Table
+SVC_Table:
+/* Insert user SVC functions here. SVC 0 used by RTL Kernel. */
+#       .long   __SVC_1                 /* user SVC function */
+SVC_End:
+
+        .global  SVC_Count
+SVC_Count:
+        .long   (SVC_End-SVC_Table)/4
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_IAR/HAL_CM0.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,312 @@
+/*----------------------------------------------------------------------------
+ *      CMSIS-RTOS  -  RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM0.S
+ *      Purpose: Hardware Abstraction Layer for Cortex-M0
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        NAME    HAL_CM0.S
+
+        #define TCB_TSTACK 40
+
+        EXTERN  os_flags
+        EXTERN  os_tsk
+        EXTERN  rt_alloc_box
+        EXTERN  rt_free_box
+        EXTERN  rt_stk_check
+        EXTERN  rt_pop_req
+        EXTERN  rt_systick
+        EXTERN  os_tick_irqack
+        EXTERN  SVC_Table
+        EXTERN  SVC_Count
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        SECTION .text:CODE:NOROOT(2)
+        THUMB
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+;       void rt_set_PSP (U32 stack);
+
+        PUBLIC  rt_set_PSP
+rt_set_PSP:
+
+        MSR     PSP,R0
+        BX      LR
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+;       U32 rt_get_PSP (void);
+
+        PUBLIC  rt_get_PSP
+rt_get_PSP:
+
+        MRS     R0,PSP
+        BX      LR
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+;       void os_set_env (void);
+        /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+
+        PUBLIC  os_set_env
+os_set_env:
+
+        MOV     R0,SP                   /* PSP = MSP */
+        MSR     PSP,R0
+        LDR     R0,=os_flags
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        BNE     PrivilegedE
+        MOVS    R0,#0x03                /* Unprivileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+PrivilegedE:
+        MOVS    R0,#0x02                /* Privileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+;      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        PUBLIC  _alloc_box
+_alloc_box:
+
+        LDR     R3,=rt_alloc_box
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedA
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedA
+        SVC     0
+        BX      LR
+PrivilegedA:
+        BX      R12
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+;       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        PUBLIC  _free_box
+_free_box:
+
+        LDR     R3,=rt_free_box
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedF
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedF
+        SVC     0
+        BX      LR
+PrivilegedF:
+        BX      R12
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+;       void SVC_Handler (void);
+
+        PUBLIC  SVC_Handler
+SVC_Handler:
+
+        MRS     R0,PSP                  /* Read PSP */
+        LDR     R1,[R0,#24]             /* Read Saved PC from Stack */
+        SUBS    R1,R1,#2                /* Point to SVC Instruction */
+        LDRB    R1,[R1]                 /* Load SVC Number */
+        CMP     R1,#0
+        BNE     SVC_User                /* User SVC Number > 0 */
+
+        MOV     LR,R4
+        LDMIA   R0,{R0-R3,R4}           /* Read R0-R3,R12 from stack */
+        MOV     R12,R4
+        MOV     R4,LR
+        BLX     R12                     /* Call SVC Function */
+
+        MRS     R3,PSP                  /* Read PSP */
+        STMIA   R3!,{R0-R2}             /* Store return values */
+
+        LDR     R3,=os_tsk
+        LDMIA   R3!,{R1,R2}             /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     SVC_Exit                /* no task switch */
+
+        SUBS    R3,#8
+        CMP     R1,#0                   /* Runtask deleted? */
+        BEQ     SVC_Next
+
+        MRS     R0,PSP                  /* Read PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        STR     R0,[R1,#TCB_TSTACK]     /* Update os_tsk.run->tsk_stack */
+        STMIA   R0!,{R4-R7}             /* Save old context (R4-R7) */
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             /* Save old context (R8-R11) */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+SVC_Next:
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R0,[R2,#TCB_TSTACK]     /* os_tsk.new->tsk_stack */
+        ADDS    R0,R0,#16               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R8-R11) */
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  /* Write PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R4-R7) */
+
+SVC_Exit:
+        MOVS    R0,#~0xFFFFFFFD         /* Set EXC_RETURN value */
+        MVNS    R0,R0
+        BX      R0                      /* RETI to Thread Mode, use PSP */
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        PUSH    {R4,LR}                 /* Save Registers */
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table-4
+        LSLS    R1,R1,#2
+        LDR     R4,[R4,R1]              /* Load SVC Function Address */
+        MOV     LR,R4
+
+        LDMIA   R0,{R0-R3,R4}           /* Read R0-R3,R12 from stack */
+        MOV     R12,R4
+        BLX     LR                      /* Call SVC Function */
+
+        MRS     R4,PSP                  /* Read PSP */
+        STMIA   R4!,{R0-R3}             /* Function return values */
+SVC_Done:
+        POP     {R4,PC}                 /* RETI */
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+;       void PendSV_Handler (void);
+
+        PUBLIC  PendSV_Handler
+PendSV_Handler:
+
+        BL      rt_pop_req
+
+Sys_Switch:
+        LDR     R3,=os_tsk
+        LDMIA   R3!,{R1,R2}             /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     Sys_Exit                /* no task switch */
+
+        SUBS    R3,#8
+
+        MRS     R0,PSP                  /* Read PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        STR     R0,[R1,#TCB_TSTACK]     /* Update os_tsk.run->tsk_stack */
+        STMIA   R0!,{R4-R7}             /* Save old context (R4-R7) */
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             /* Save old context (R8-R11) */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R0,[R2,#TCB_TSTACK]     /* os_tsk.new->tsk_stack */
+        ADDS    R0,R0,#16               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R8-R11) */
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  /* Write PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R4-R7) */
+
+Sys_Exit:
+        MOVS    R0,#~0xFFFFFFFD         /* Set EXC_RETURN value */
+        MVNS    R0,R0
+        BX      R0                      /* RETI to Thread Mode, use PSP */
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+;       void SysTick_Handler (void);
+
+        PUBLIC  SysTick_Handler
+SysTick_Handler:
+
+        BL      rt_systick
+        B       Sys_Switch
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+;       void OS_Tick_Handler (void);
+
+        PUBLIC  OS_Tick_Handler
+OS_Tick_Handler:
+
+        BL      os_tick_irqack
+        BL      rt_systick
+        B       Sys_Switch
+
+
+        END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0/TOOLCHAIN_IAR/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,58 @@
+;/*----------------------------------------------------------------------------
+; *      CMSIS-RTOS  -  RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.70
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                NAME    SVC_TABLE
+                SECTION .text:CONST (2)
+
+                PUBLIC  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;               IMPORT  __SVC_1
+
+                PUBLIC  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;               DCD     __SVC_1                 ; user SVC function
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_ARM/HAL_CM0.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,301 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM0.C
+ *      Purpose: Hardware Abstraction Layer for Cortex-M0
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_HAL_CM.h"
+#include "rt_Task.h"
+#include "rt_MemBox.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+__asm void rt_set_PSP (U32 stack) {
+        MSR     PSP,R0
+        BX      LR
+}
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+__asm U32 rt_get_PSP (void) {
+        MRS     R0,PSP
+        BX      LR
+}
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+__asm void os_set_env (void) {
+   /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+        MOV     R0,SP                   ; PSP = MSP
+        MSR     PSP,R0
+        LDR     R0,=__cpp(&os_flags)
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        BNE     PrivilegedE
+        MOVS    R0,#0x03                ; Unprivileged Thread mode, use PSP
+        MSR     CONTROL,R0
+        BX      LR
+PrivilegedE
+        MOVS    R0,#0x02                ; Privileged Thread mode, use PSP
+        MSR     CONTROL,R0
+        BX      LR
+
+        ALIGN
+}
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+__asm void *_alloc_box (void *box_mem) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        LDR     R3,=__cpp(rt_alloc_box)
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedA
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedA
+        SVC     0
+        BX      LR
+PrivilegedA
+        BX      R12
+
+        ALIGN
+}
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+__asm int _free_box (void *box_mem, void *box) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        LDR     R3,=__cpp(rt_free_box)
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedF
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedF
+        SVC     0
+        BX      LR
+PrivilegedF
+        BX      R12
+
+        ALIGN
+}
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+__asm void SVC_Handler (void) {
+        PRESERVE8
+
+        IMPORT  SVC_Count
+        IMPORT  SVC_Table
+        IMPORT  rt_stk_check
+
+        MRS     R0,PSP                  ; Read PSP
+        LDR     R1,[R0,#24]             ; Read Saved PC from Stack
+        SUBS    R1,R1,#2                ; Point to SVC Instruction
+        LDRB    R1,[R1]                 ; Load SVC Number
+        CMP     R1,#0
+        BNE     SVC_User                ; User SVC Number > 0
+
+        MOV     LR,R4
+        LDMIA   R0,{R0-R3,R4}           ; Read R0-R3,R12 from stack
+        MOV     R12,R4
+        MOV     R4,LR
+        BLX     R12                     ; Call SVC Function
+
+        MRS     R3,PSP                  ; Read PSP
+        STMIA   R3!,{R0-R2}             ; Store return values
+
+        LDR     R3,=__cpp(&os_tsk)
+        LDMIA   R3!,{R1,R2}             ; os_tsk.run, os_tsk.new
+        CMP     R1,R2
+        BEQ     SVC_Exit                ; no task switch
+
+        SUBS    R3,#8
+        CMP     R1,#0                   ; Runtask deleted?
+        BEQ     SVC_Next
+
+        MRS     R0,PSP                  ; Read PSP
+        SUBS    R0,R0,#32               ; Adjust Start Address
+        STR     R0,[R1,#TCB_TSTACK]     ; Update os_tsk.run->tsk_stack
+        STMIA   R0!,{R4-R7}             ; Save old context (R4-R7)
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             ; Save old context (R8-R11)
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            ; Check for Stack overflow
+        POP     {R2,R3}
+
+SVC_Next
+        STR     R2,[R3]                 ; os_tsk.run = os_tsk.new
+
+        LDR     R0,[R2,#TCB_TSTACK]     ; os_tsk.new->tsk_stack
+        ADDS    R0,R0,#16               ; Adjust Start Address
+        LDMIA   R0!,{R4-R7}             ; Restore new Context (R8-R11)
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  ; Write PSP
+        SUBS    R0,R0,#32               ; Adjust Start Address
+        LDMIA   R0!,{R4-R7}             ; Restore new Context (R4-R7)
+
+SVC_Exit
+        MOVS    R0,#:NOT:0xFFFFFFFD     ; Set EXC_RETURN value
+        MVNS    R0,R0
+        BX      R0                      ; RETI to Thread Mode, use PSP
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User
+        PUSH    {R4,LR}                 ; Save Registers
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                ; Overflow
+
+        LDR     R4,=SVC_Table-4
+        LSLS    R1,R1,#2
+        LDR     R4,[R4,R1]              ; Load SVC Function Address
+        MOV     LR,R4
+
+        LDMIA   R0,{R0-R3,R4}           ; Read R0-R3,R12 from stack
+        MOV     R12,R4
+        BLX     LR                      ; Call SVC Function
+
+        MRS     R4,PSP                  ; Read PSP
+        STMIA   R4!,{R0-R3}             ; Function return values
+SVC_Done
+        POP     {R4,PC}                 ; RETI
+
+        ALIGN
+}
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+__asm void PendSV_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(rt_pop_req)
+
+Sys_Switch
+        LDR     R3,=__cpp(&os_tsk)
+        LDMIA   R3!,{R1,R2}             ; os_tsk.run, os_tsk.new
+        CMP     R1,R2
+        BEQ     Sys_Exit                ; no task switch
+
+        SUBS    R3,#8
+
+        MRS     R0,PSP                  ; Read PSP
+        SUBS    R0,R0,#32               ; Adjust Start Address
+        STR     R0,[R1,#TCB_TSTACK]     ; Update os_tsk.run->tsk_stack
+        STMIA   R0!,{R4-R7}             ; Save old context (R4-R7)
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             ; Save old context (R8-R11)
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            ; Check for Stack overflow
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 ; os_tsk.run = os_tsk.new
+
+        LDR     R0,[R2,#TCB_TSTACK]     ; os_tsk.new->tsk_stack
+        ADDS    R0,R0,#16               ; Adjust Start Address
+        LDMIA   R0!,{R4-R7}             ; Restore new Context (R8-R11)
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  ; Write PSP
+        SUBS    R0,R0,#32               ; Adjust Start Address
+        LDMIA   R0!,{R4-R7}             ; Restore new Context (R4-R7)
+
+Sys_Exit
+        MOVS    R0,#:NOT:0xFFFFFFFD     ; Set EXC_RETURN value
+        MVNS    R0,R0
+        BX      R0                      ; RETI to Thread Mode, use PSP
+
+        ALIGN
+}
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+__asm void SysTick_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(rt_systick)
+        B       Sys_Switch
+
+        ALIGN
+}
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+__asm void OS_Tick_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(os_tick_irqack)
+        BL      __cpp(rt_systick)
+        B       Sys_Switch
+
+        ALIGN
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_ARM/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,57 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.60
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                AREA    SVC_TABLE, CODE, READONLY
+
+                EXPORT  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;               IMPORT  __SVC_1
+
+                EXPORT  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;               DCD     __SVC_1                 ; user SVC function
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_GCC/HAL_CM0.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,370 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM0.S
+ *      Purpose: Hardware Abstraction Layer for Cortex-M0
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        .file   "HAL_CM0.S"
+        .syntax unified
+
+        .equ    TCB_TSTACK, 40
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        .thumb
+
+        .section ".text"
+        .align  2
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+#       void rt_set_PSP (U32 stack);
+
+        .thumb_func
+        .type   rt_set_PSP, %function
+        .global rt_set_PSP
+rt_set_PSP:
+        .fnstart
+        .cantunwind
+
+        MSR     PSP,R0
+        BX      LR
+
+        .fnend
+        .size   rt_set_PSP, .-rt_set_PSP
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+#       U32 rt_get_PSP (void);
+
+        .thumb_func
+        .type   rt_get_PSP, %function
+        .global rt_get_PSP
+rt_get_PSP:
+        .fnstart
+        .cantunwind
+
+        MRS     R0,PSP
+        BX      LR
+
+        .fnend
+        .size   rt_get_PSP, .-rt_get_PSP
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+#       void os_set_env (void);
+        /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+
+        .thumb_func
+        .type   os_set_env, %function
+        .global os_set_env
+os_set_env:
+        .fnstart
+        .cantunwind
+
+        MOV     R0,SP                   /* PSP = MSP */
+        MSR     PSP,R0
+        LDR     R0,=os_flags
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        BNE     PrivilegedE
+        MOVS    R0,#0x03                /* Unprivileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+PrivilegedE:
+        MOVS    R0,#0x02                /* Privileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+
+        .fnend
+        .size   os_set_env, .-os_set_env
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+#      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .thumb_func
+        .type   _alloc_box, %function
+        .global _alloc_box
+_alloc_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R3,=rt_alloc_box
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedA
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedA
+        SVC     0
+        BX      LR
+PrivilegedA:
+        BX      R12
+
+        .fnend
+        .size   _alloc_box, .-_alloc_box
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+#       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .thumb_func
+        .type   _free_box, %function
+        .global _free_box
+_free_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R3,=rt_free_box
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedF
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedF
+        SVC     0
+        BX      LR
+PrivilegedF:
+        BX      R12
+
+        .fnend
+        .size   _free_box, .-_free_box
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+#       void SVC_Handler (void);
+
+        .thumb_func
+        .type   SVC_Handler, %function
+        .global SVC_Handler
+SVC_Handler:
+        .fnstart
+        .cantunwind
+
+        MRS     R0,PSP                  /* Read PSP */
+        LDR     R1,[R0,#24]             /* Read Saved PC from Stack */
+        SUBS    R1,R1,#2                /* Point to SVC Instruction */
+        LDRB    R1,[R1]                 /* Load SVC Number */
+        CMP     R1,#0
+        BNE     SVC_User                /* User SVC Number > 0 */
+
+        MOV     LR,R4
+        LDMIA   R0,{R0-R3,R4}           /* Read R0-R3,R12 from stack */
+        MOV     R12,R4
+        MOV     R4,LR
+        BLX     R12                     /* Call SVC Function */
+
+        MRS     R3,PSP                  /* Read PSP */
+        STMIA   R3!,{R0-R2}             /* Store return values */
+
+        LDR     R3,=os_tsk
+        LDMIA   R3!,{R1,R2}             /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     SVC_Exit                /* no task switch */
+
+        SUBS    R3,#8
+        CMP     R1,#0                   /* Runtask deleted? */
+        BEQ     SVC_Next
+
+        MRS     R0,PSP                  /* Read PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        STR     R0,[R1,#TCB_TSTACK]     /* Update os_tsk.run->tsk_stack */
+        STMIA   R0!,{R4-R7}             /* Save old context (R4-R7) */
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             /* Save old context (R8-R11) */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+SVC_Next:
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R0,[R2,#TCB_TSTACK]     /* os_tsk.new->tsk_stack */
+        ADDS    R0,R0,#16               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R8-R11) */
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  /* Write PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R4-R7) */
+
+SVC_Exit:
+        MOVS    R0,#~0xFFFFFFFD         /* Set EXC_RETURN value */
+        MVNS    R0,R0
+        BX      R0                      /* RETI to Thread Mode, use PSP */
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        PUSH    {R4,LR}                 /* Save Registers */
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table-4
+        LSLS    R1,R1,#2
+        LDR     R4,[R4,R1]              /* Load SVC Function Address */
+        MOV     LR,R4
+
+        LDMIA   R0,{R0-R3,R4}           /* Read R0-R3,R12 from stack */
+        MOV     R12,R4
+        BLX     LR                      /* Call SVC Function */
+
+        MRS     R4,PSP                  /* Read PSP */
+        STMIA   R4!,{R0-R3}             /* Function return values */
+SVC_Done:
+        POP     {R4,PC}                 /* RETI */
+
+        .fnend
+        .size   SVC_Handler, .-SVC_Handler
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+#       void PendSV_Handler (void);
+
+        .thumb_func
+        .type   PendSV_Handler, %function
+        .global PendSV_Handler
+        .global Sys_Switch
+PendSV_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      rt_pop_req
+
+Sys_Switch:
+        LDR     R3,=os_tsk
+        LDMIA   R3!,{R1,R2}             /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     Sys_Exit                /* no task switch */
+
+        SUBS    R3,#8
+
+        MRS     R0,PSP                  /* Read PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        STR     R0,[R1,#TCB_TSTACK]     /* Update os_tsk.run->tsk_stack */
+        STMIA   R0!,{R4-R7}             /* Save old context (R4-R7) */
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             /* Save old context (R8-R11) */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R0,[R2,#TCB_TSTACK]     /* os_tsk.new->tsk_stack */
+        ADDS    R0,R0,#16               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R8-R11) */
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  /* Write PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R4-R7) */
+
+Sys_Exit:
+        MOVS    R0,#~0xFFFFFFFD         /* Set EXC_RETURN value */
+        MVNS    R0,R0
+        BX      R0                      /* RETI to Thread Mode, use PSP */
+
+        .fnend
+        .size   PendSV_Handler, .-PendSV_Handler
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+#       void SysTick_Handler (void);
+
+        .thumb_func
+        .type   SysTick_Handler, %function
+        .global SysTick_Handler
+SysTick_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      rt_systick
+        B       Sys_Switch
+
+        .fnend
+        .size   SysTick_Handler, .-SysTick_Handler
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+#       void OS_Tick_Handler (void);
+
+        .thumb_func
+        .type   OS_Tick_Handler, %function
+        .global OS_Tick_Handler
+OS_Tick_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      os_tick_irqack
+        BL      rt_systick
+        B       Sys_Switch
+
+        .fnend
+        .size   OS_Tick_Handler, .-OS_Tick_Handler
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_GCC/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.60
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+        .file   "SVC_Table.S"
+
+
+        .section ".svc_table"
+
+        .global  SVC_Table
+SVC_Table:
+/* Insert user SVC functions here. SVC 0 used by RTL Kernel. */
+#       .long   __SVC_1                 /* user SVC function */
+SVC_End:
+
+        .global  SVC_Count
+SVC_Count:
+        .long   (SVC_End-SVC_Table)/4
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_IAR/HAL_CM0.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,312 @@
+/*----------------------------------------------------------------------------
+ *      CMSIS-RTOS  -  RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM0.S
+ *      Purpose: Hardware Abstraction Layer for Cortex-M0
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        NAME    HAL_CM0.S
+
+        #define TCB_TSTACK 40
+
+        EXTERN  os_flags
+        EXTERN  os_tsk
+        EXTERN  rt_alloc_box
+        EXTERN  rt_free_box
+        EXTERN  rt_stk_check
+        EXTERN  rt_pop_req
+        EXTERN  rt_systick
+        EXTERN  os_tick_irqack
+        EXTERN  SVC_Table
+        EXTERN  SVC_Count
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        SECTION .text:CODE:NOROOT(2)
+        THUMB
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+;       void rt_set_PSP (U32 stack);
+
+        PUBLIC  rt_set_PSP
+rt_set_PSP:
+
+        MSR     PSP,R0
+        BX      LR
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+;       U32 rt_get_PSP (void);
+
+        PUBLIC  rt_get_PSP
+rt_get_PSP:
+
+        MRS     R0,PSP
+        BX      LR
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+;       void os_set_env (void);
+        /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+
+        PUBLIC  os_set_env
+os_set_env:
+
+        MOV     R0,SP                   /* PSP = MSP */
+        MSR     PSP,R0
+        LDR     R0,=os_flags
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        BNE     PrivilegedE
+        MOVS    R0,#0x03                /* Unprivileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+PrivilegedE:
+        MOVS    R0,#0x02                /* Privileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+;      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        PUBLIC  _alloc_box
+_alloc_box:
+
+        LDR     R3,=rt_alloc_box
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedA
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedA
+        SVC     0
+        BX      LR
+PrivilegedA:
+        BX      R12
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+;       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        PUBLIC  _free_box
+_free_box:
+
+        LDR     R3,=rt_free_box
+        MOV     R12,R3
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BNE     PrivilegedF
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BEQ     PrivilegedF
+        SVC     0
+        BX      LR
+PrivilegedF:
+        BX      R12
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+;       void SVC_Handler (void);
+
+        PUBLIC  SVC_Handler
+SVC_Handler:
+
+        MRS     R0,PSP                  /* Read PSP */
+        LDR     R1,[R0,#24]             /* Read Saved PC from Stack */
+        SUBS    R1,R1,#2                /* Point to SVC Instruction */
+        LDRB    R1,[R1]                 /* Load SVC Number */
+        CMP     R1,#0
+        BNE     SVC_User                /* User SVC Number > 0 */
+
+        MOV     LR,R4
+        LDMIA   R0,{R0-R3,R4}           /* Read R0-R3,R12 from stack */
+        MOV     R12,R4
+        MOV     R4,LR
+        BLX     R12                     /* Call SVC Function */
+
+        MRS     R3,PSP                  /* Read PSP */
+        STMIA   R3!,{R0-R2}             /* Store return values */
+
+        LDR     R3,=os_tsk
+        LDMIA   R3!,{R1,R2}             /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     SVC_Exit                /* no task switch */
+
+        SUBS    R3,#8
+        CMP     R1,#0                   /* Runtask deleted? */
+        BEQ     SVC_Next
+
+        MRS     R0,PSP                  /* Read PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        STR     R0,[R1,#TCB_TSTACK]     /* Update os_tsk.run->tsk_stack */
+        STMIA   R0!,{R4-R7}             /* Save old context (R4-R7) */
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             /* Save old context (R8-R11) */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+SVC_Next:
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R0,[R2,#TCB_TSTACK]     /* os_tsk.new->tsk_stack */
+        ADDS    R0,R0,#16               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R8-R11) */
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  /* Write PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R4-R7) */
+
+SVC_Exit:
+        MOVS    R0,#~0xFFFFFFFD         /* Set EXC_RETURN value */
+        MVNS    R0,R0
+        BX      R0                      /* RETI to Thread Mode, use PSP */
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        PUSH    {R4,LR}                 /* Save Registers */
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table-4
+        LSLS    R1,R1,#2
+        LDR     R4,[R4,R1]              /* Load SVC Function Address */
+        MOV     LR,R4
+
+        LDMIA   R0,{R0-R3,R4}           /* Read R0-R3,R12 from stack */
+        MOV     R12,R4
+        BLX     LR                      /* Call SVC Function */
+
+        MRS     R4,PSP                  /* Read PSP */
+        STMIA   R4!,{R0-R3}             /* Function return values */
+SVC_Done:
+        POP     {R4,PC}                 /* RETI */
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+;       void PendSV_Handler (void);
+
+        PUBLIC  PendSV_Handler
+PendSV_Handler:
+
+        BL      rt_pop_req
+
+Sys_Switch:
+        LDR     R3,=os_tsk
+        LDMIA   R3!,{R1,R2}             /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     Sys_Exit                /* no task switch */
+
+        SUBS    R3,#8
+
+        MRS     R0,PSP                  /* Read PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        STR     R0,[R1,#TCB_TSTACK]     /* Update os_tsk.run->tsk_stack */
+        STMIA   R0!,{R4-R7}             /* Save old context (R4-R7) */
+        MOV     R4,R8
+        MOV     R5,R9
+        MOV     R6,R10
+        MOV     R7,R11
+        STMIA   R0!,{R4-R7}             /* Save old context (R8-R11) */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R0,[R2,#TCB_TSTACK]     /* os_tsk.new->tsk_stack */
+        ADDS    R0,R0,#16               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R8-R11) */
+        MOV     R8,R4
+        MOV     R9,R5
+        MOV     R10,R6
+        MOV     R11,R7
+        MSR     PSP,R0                  /* Write PSP */
+        SUBS    R0,R0,#32               /* Adjust Start Address */
+        LDMIA   R0!,{R4-R7}             /* Restore new Context (R4-R7) */
+
+Sys_Exit:
+        MOVS    R0,#~0xFFFFFFFD         /* Set EXC_RETURN value */
+        MVNS    R0,R0
+        BX      R0                      /* RETI to Thread Mode, use PSP */
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+;       void SysTick_Handler (void);
+
+        PUBLIC  SysTick_Handler
+SysTick_Handler:
+
+        BL      rt_systick
+        B       Sys_Switch
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+;       void OS_Tick_Handler (void);
+
+        PUBLIC  OS_Tick_Handler
+OS_Tick_Handler:
+
+        BL      os_tick_irqack
+        BL      rt_systick
+        B       Sys_Switch
+
+
+        END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M0P/TOOLCHAIN_IAR/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,58 @@
+;/*----------------------------------------------------------------------------
+; *      CMSIS-RTOS  -  RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.70
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                NAME    SVC_TABLE
+                SECTION .text:CONST (2)
+
+                PUBLIC  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;               IMPORT  __SVC_1
+
+                PUBLIC  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;               DCD     __SVC_1                 ; user SVC function
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_ARM/HAL_CM3.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,249 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM3.C
+ *      Purpose: Hardware Abstraction Layer for Cortex-M3
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_HAL_CM.h"
+#include "rt_Task.h"
+#include "rt_MemBox.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+__asm void rt_set_PSP (U32 stack) {
+        MSR     PSP,R0
+        BX      LR
+}
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+__asm U32 rt_get_PSP (void) {
+        MRS     R0,PSP
+        BX      LR
+}
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+__asm void os_set_env (void) {
+   /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+        MOV     R0,SP                   ; PSP = MSP
+        MSR     PSP,R0
+        LDR     R0,=__cpp(&os_flags)
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        MOVNE   R0,#0x02                ; Privileged Thread mode, use PSP
+        MOVEQ   R0,#0x03                ; Unprivileged Thread mode, use PSP
+        MSR     CONTROL,R0
+        BX      LR
+
+        ALIGN
+}
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+__asm void *_alloc_box (void *box_mem) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        LDR     R12,=__cpp(rt_alloc_box)
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+        ALIGN
+}
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+__asm int _free_box (void *box_mem, void *box) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        LDR     R12,=__cpp(rt_free_box)
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+        ALIGN
+}
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+__asm void SVC_Handler (void) {
+        PRESERVE8
+
+        IMPORT  SVC_Count
+        IMPORT  SVC_Table
+        IMPORT  rt_stk_check
+
+        MRS     R0,PSP                  ; Read PSP
+        LDR     R1,[R0,#24]             ; Read Saved PC from Stack
+        LDRB    R1,[R1,#-2]             ; Load SVC Number
+        CBNZ    R1,SVC_User
+
+        LDM     R0,{R0-R3,R12}          ; Read R0-R3,R12 from stack
+        BLX     R12                     ; Call SVC Function
+
+        MRS     R12,PSP                 ; Read PSP
+        STM     R12,{R0-R2}             ; Store return values
+
+        LDR     R3,=__cpp(&os_tsk)
+        LDM     R3,{R1,R2}              ; os_tsk.run, os_tsk.new
+        CMP     R1,R2
+        BEQ     SVC_Exit                ; no task switch
+
+        CBZ     R1,SVC_Next             ; Runtask deleted?
+        STMDB   R12!,{R4-R11}           ; Save Old context
+        STR     R12,[R1,#TCB_TSTACK]    ; Update os_tsk.run->tsk_stack
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            ; Check for Stack overflow
+        POP     {R2,R3}
+
+SVC_Next
+        STR     R2,[R3]                 ; os_tsk.run = os_tsk.new
+
+        LDR     R12,[R2,#TCB_TSTACK]    ; os_tsk.new->tsk_stack
+        LDMIA   R12!,{R4-R11}           ; Restore New Context
+        MSR     PSP,R12                 ; Write PSP
+
+SVC_Exit
+        MVN     LR,#:NOT:0xFFFFFFFD     ; set EXC_RETURN value
+        BX      LR
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User
+        PUSH    {R4,LR}                 ; Save Registers
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                ; Overflow
+
+        LDR     R4,=SVC_Table-4
+        LDR     R4,[R4,R1,LSL #2]       ; Load SVC Function Address
+
+        LDM     R0,{R0-R3,R12}          ; Read R0-R3,R12 from stack
+        BLX     R4                      ; Call SVC Function
+
+        MRS     R12,PSP
+        STM     R12,{R0-R3}             ; Function return values
+SVC_Done
+        POP     {R4,PC}                 ; RETI
+
+        ALIGN
+}
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+__asm void PendSV_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(rt_pop_req)
+
+Sys_Switch
+        LDR     R3,=__cpp(&os_tsk)
+        LDM     R3,{R1,R2}              ; os_tsk.run, os_tsk.new
+        CMP     R1,R2
+        BEQ     Sys_Exit
+
+        MRS     R12,PSP                 ; Read PSP
+        STMDB   R12!,{R4-R11}           ; Save Old context
+        STR     R12,[R1,#TCB_TSTACK]    ; Update os_tsk.run->tsk_stack
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            ; Check for Stack overflow
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 ; os_tsk.run = os_tsk.new
+
+        LDR     R12,[R2,#TCB_TSTACK]    ; os_tsk.new->tsk_stack
+        LDMIA   R12!,{R4-R11}           ; Restore New Context
+        MSR     PSP,R12                 ; Write PSP
+
+Sys_Exit
+        MVN     LR,#:NOT:0xFFFFFFFD     ; set EXC_RETURN value
+        BX      LR                      ; Return to Thread Mode
+
+        ALIGN
+}
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+__asm void SysTick_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(rt_systick)
+        B       Sys_Switch
+
+        ALIGN
+}
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+__asm void OS_Tick_Handler (void) {
+        PRESERVE8
+
+        BL      __cpp(os_tick_irqack)
+        BL      __cpp(rt_systick)
+        B       Sys_Switch
+
+        ALIGN
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_ARM/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,57 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.60
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                AREA    SVC_TABLE, CODE, READONLY
+
+                EXPORT  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;               IMPORT  __SVC_1
+
+                EXPORT  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;               DCD     __SVC_1                 ; user SVC function
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_GCC/HAL_CM3.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,323 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM3.S
+ *      Purpose: Hardware Abstraction Layer for Cortex-M3
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        .file   "HAL_CM3.S"
+        .syntax unified
+
+        .equ    TCB_TSTACK, 40
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        .thumb
+
+        .section ".text"
+        .align  2
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+#       void rt_set_PSP (U32 stack);
+
+        .thumb_func
+        .type   rt_set_PSP, %function
+        .global rt_set_PSP
+rt_set_PSP:
+        .fnstart
+        .cantunwind
+
+        MSR     PSP,R0
+        BX      LR
+
+        .fnend
+        .size   rt_set_PSP, .-rt_set_PSP
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+#       U32 rt_get_PSP (void);
+
+        .thumb_func
+        .type   rt_get_PSP, %function
+        .global rt_get_PSP
+rt_get_PSP:
+        .fnstart
+        .cantunwind
+
+        MRS     R0,PSP
+        BX      LR
+
+        .fnend
+        .size   rt_get_PSP, .-rt_get_PSP
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+#       void os_set_env (void);
+        /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+
+        .thumb_func
+        .type   os_set_env, %function
+        .global os_set_env
+os_set_env:
+        .fnstart
+        .cantunwind
+
+        MOV     R0,SP                   /* PSP = MSP */
+        MSR     PSP,R0
+        LDR     R0,=os_flags
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        ITE     NE
+        MOVNE   R0,#0x02                /* Privileged Thread mode, use PSP */
+        MOVEQ   R0,#0x03                /* Unprivileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+
+        .fnend
+        .size   os_set_env, .-os_set_env
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+#      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .thumb_func
+        .type   _alloc_box, %function
+        .global _alloc_box
+_alloc_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R12,=rt_alloc_box
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        IT      NE
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        IT      EQ
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+        .fnend
+        .size   _alloc_box, .-_alloc_box
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+#       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .thumb_func
+        .type   _free_box, %function
+        .global _free_box
+_free_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R12,=rt_free_box
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        IT      NE
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        IT      EQ
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+        .fnend
+        .size   _free_box, .-_free_box
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+#       void SVC_Handler (void);
+
+        .thumb_func
+        .type   SVC_Handler, %function
+        .global SVC_Handler
+SVC_Handler:
+        .fnstart
+        .cantunwind
+
+        MRS     R0,PSP                  /* Read PSP */
+        LDR     R1,[R0,#24]             /* Read Saved PC from Stack */
+        LDRB    R1,[R1,#-2]             /* Load SVC Number */
+        CBNZ    R1,SVC_User
+
+        LDM     R0,{R0-R3,R12}          /* Read R0-R3,R12 from stack */
+        BLX     R12                     /* Call SVC Function */
+
+        MRS     R12,PSP                 /* Read PSP */
+        STM     R12,{R0-R2}             /* Store return values */
+
+        LDR     R3,=os_tsk
+        LDM     R3,{R1,R2}              /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     SVC_Exit                /* no task switch */
+
+        CBZ     R1,SVC_Next             /* Runtask deleted? */
+        STMDB   R12!,{R4-R11}           /* Save Old context */
+        STR     R12,[R1,#TCB_TSTACK]    /* Update os_tsk.run->tsk_stack */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+SVC_Next:
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R12,[R2,#TCB_TSTACK]    /* os_tsk.new->tsk_stack */
+        LDMIA   R12!,{R4-R11}           /* Restore New Context */
+        MSR     PSP,R12                 /* Write PSP */
+
+SVC_Exit:
+        MVN     LR,#~0xFFFFFFFD         /* set EXC_RETURN value */
+        BX      LR
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        PUSH    {R4,LR}                 /* Save Registers */
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table-4
+        LDR     R4,[R4,R1,LSL #2]       /* Load SVC Function Address */
+
+        LDM     R0,{R0-R3,R12}          /* Read R0-R3,R12 from stack */
+        BLX     R4                      /* Call SVC Function */
+
+        MRS     R12,PSP
+        STM     R12,{R0-R3}             /* Function return values */
+SVC_Done:
+        POP     {R4,PC}                 /* RETI */
+
+        .fnend
+        .size   SVC_Handler, .-SVC_Handler
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+#       void PendSV_Handler (void);
+
+        .thumb_func
+        .type   PendSV_Handler, %function
+        .global PendSV_Handler
+        .global Sys_Switch
+PendSV_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      rt_pop_req
+
+Sys_Switch:
+        LDR     R3,=os_tsk
+        LDM     R3,{R1,R2}              /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     Sys_Exit
+
+        MRS     R12,PSP                 /* Read PSP */
+        STMDB   R12!,{R4-R11}           /* Save Old context */
+        STR     R12,[R1,#TCB_TSTACK]    /* Update os_tsk.run->tsk_stack */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R12,[R2,#TCB_TSTACK]    /* os_tsk.new->tsk_stack */
+        LDMIA   R12!,{R4-R11}           /* Restore New Context */
+        MSR     PSP,R12                 /* Write PSP */
+
+Sys_Exit:
+        MVN     LR,#~0xFFFFFFFD         /* set EXC_RETURN value */
+        BX      LR                      /* Return to Thread Mode */
+
+        .fnend
+        .size   PendSV_Handler, .-PendSV_Handler
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+#       void SysTick_Handler (void);
+
+        .thumb_func
+        .type   SysTick_Handler, %function
+        .global SysTick_Handler
+SysTick_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      rt_systick
+        B       Sys_Switch
+
+        .fnend
+        .size   SysTick_Handler, .-SysTick_Handler
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+#       void OS_Tick_Handler (void);
+
+        .thumb_func
+        .type   OS_Tick_Handler, %function
+        .global OS_Tick_Handler
+OS_Tick_Handler:
+        .fnstart
+        .cantunwind
+
+        BL      os_tick_irqack
+        BL      rt_systick
+        B       Sys_Switch
+
+        .fnend
+        .size   OS_Tick_Handler, .-OS_Tick_Handler
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_GCC/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.60
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+        .file   "SVC_Table.S"
+
+
+        .section ".svc_table"
+
+        .global  SVC_Table
+SVC_Table:
+/* Insert user SVC functions here. SVC 0 used by RTL Kernel. */
+#       .long   __SVC_1                 /* user SVC function */
+SVC_End:
+
+        .global  SVC_Count
+SVC_Count:
+        .long   (SVC_End-SVC_Table)/4
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_IAR/HAL_CM3.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,265 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM3.S
+ *      Purpose: Hardware Abstraction Layer for Cortex-M3
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        NAME    HAL_CM3.S
+
+        #define TCB_TSTACK 40
+
+        EXTERN  os_flags
+        EXTERN  os_tsk
+        EXTERN  rt_alloc_box
+        EXTERN  rt_free_box
+        EXTERN  rt_stk_check
+        EXTERN  rt_pop_req
+        EXTERN  rt_systick
+        EXTERN  os_tick_irqack
+        EXTERN  SVC_Table
+        EXTERN  SVC_Count
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        SECTION .text:CODE:NOROOT(2)
+        THUMB
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+;       void rt_set_PSP (U32 stack);
+
+        PUBLIC  rt_set_PSP
+rt_set_PSP:
+
+        MSR     PSP,R0
+        BX      LR
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+;       U32 rt_get_PSP (void);
+
+        PUBLIC  rt_get_PSP
+rt_get_PSP:
+
+        MRS     R0,PSP
+        BX      LR
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+;       void os_set_env (void);
+        /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+
+        PUBLIC  os_set_env
+os_set_env:
+
+        MOV     R0,SP                   /* PSP = MSP */
+        MSR     PSP,R0
+        LDR     R0,=os_flags
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        ITE     NE
+        MOVNE   R0,#0x02                /* Privileged Thread mode, use PSP */
+        MOVEQ   R0,#0x03                /* Unprivileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+;      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        PUBLIC  _alloc_box
+_alloc_box:
+
+        LDR     R12,=rt_alloc_box
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        IT      NE
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        IT      EQ
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+;       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        PUBLIC  _free_box
+_free_box:
+
+        LDR     R12,=rt_free_box
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        IT      NE
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        IT      EQ
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+;       void SVC_Handler (void);
+
+        PUBLIC  SVC_Handler
+SVC_Handler:
+
+        MRS     R0,PSP                  /* Read PSP */
+        LDR     R1,[R0,#24]             /* Read Saved PC from Stack */
+        LDRB    R1,[R1,#-2]             /* Load SVC Number */
+        CBNZ    R1,SVC_User
+
+        LDM     R0,{R0-R3,R12}          /* Read R0-R3,R12 from stack */
+        BLX     R12                     /* Call SVC Function */
+
+        MRS     R12,PSP                 /* Read PSP */
+        STM     R12,{R0-R2}             /* Store return values */
+
+        LDR     R3,=os_tsk
+        LDM     R3,{R1,R2}              /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     SVC_Exit                /* no task switch */
+
+        CBZ     R1,SVC_Next             /* Runtask deleted? */
+        STMDB   R12!,{R4-R11}           /* Save Old context */
+        STR     R12,[R1,#TCB_TSTACK]    /* Update os_tsk.run->tsk_stack */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+SVC_Next:
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R12,[R2,#TCB_TSTACK]    /* os_tsk.new->tsk_stack */
+        LDMIA   R12!,{R4-R11}           /* Restore New Context */
+        MSR     PSP,R12                 /* Write PSP */
+
+SVC_Exit:
+        MVN     LR,#~0xFFFFFFFD         /* set EXC_RETURN value */
+        BX      LR
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        PUSH    {R4,LR}                 /* Save Registers */
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table-4
+        LDR     R4,[R4,R1,LSL #2]       /* Load SVC Function Address */
+
+        LDM     R0,{R0-R3,R12}          /* Read R0-R3,R12 from stack */
+        BLX     R4                      /* Call SVC Function */
+
+        MRS     R12,PSP
+        STM     R12,{R0-R3}             /* Function return values */
+SVC_Done:
+        POP     {R4,PC}                 /* RETI */
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+;       void PendSV_Handler (void);
+
+        PUBLIC  PendSV_Handler
+PendSV_Handler:
+
+        BL      rt_pop_req
+
+Sys_Switch:
+        LDR     R3,=os_tsk
+        LDM     R3,{R1,R2}              /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        BEQ     Sys_Exit
+
+        MRS     R12,PSP                 /* Read PSP */
+        STMDB   R12!,{R4-R11}           /* Save Old context */
+        STR     R12,[R1,#TCB_TSTACK]    /* Update os_tsk.run->tsk_stack */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R12,[R2,#TCB_TSTACK]    /* os_tsk.new->tsk_stack */
+        LDMIA   R12!,{R4-R11}           /* Restore New Context */
+        MSR     PSP,R12                 /* Write PSP */
+
+Sys_Exit:
+        MVN     LR,#~0xFFFFFFFD         /* set EXC_RETURN value */
+        BX      LR                      /* Return to Thread Mode */
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+;       void SysTick_Handler (void);
+
+        PUBLIC  SysTick_Handler
+SysTick_Handler:
+
+        BL      rt_systick
+        B       Sys_Switch
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+;       void OS_Tick_Handler (void);
+
+        PUBLIC  OS_Tick_Handler
+OS_Tick_Handler:
+
+        BL      os_tick_irqack
+        BL      rt_systick
+        B       Sys_Switch
+
+
+        END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_M3/TOOLCHAIN_IAR/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,58 @@
+;/*----------------------------------------------------------------------------
+; *      CMSIS-RTOS  -  RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.70
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                NAME    SVC_TABLE
+                SECTION .text:CONST (2)
+
+                PUBLIC  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;               IMPORT  __SVC_1
+
+                PUBLIC  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;               DCD     __SVC_1                 ; user SVC function
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_ARM/HAL_CM4.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,309 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM4.C
+ *      Purpose: Hardware Abstraction Layer for Cortex-M4
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_HAL_CM.h"
+#include "rt_Task.h"
+#include "rt_MemBox.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+__asm void rt_set_PSP (U32 stack) {
+        MSR     PSP,R0
+        BX      LR
+}
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+__asm U32 rt_get_PSP (void) {
+        MRS     R0,PSP
+        BX      LR
+}
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+__asm void os_set_env (void) {
+   /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+        MOV     R0,SP                   ; PSP = MSP
+        MSR     PSP,R0
+        LDR     R0,=__cpp(&os_flags)
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        MOVNE   R0,#0x02                ; Privileged Thread mode, use PSP
+        MOVEQ   R0,#0x03                ; Unprivileged Thread mode, use PSP
+        MSR     CONTROL,R0
+        BX      LR
+
+        ALIGN
+}
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+__asm void *_alloc_box (void *box_mem) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        LDR     R12,=__cpp(rt_alloc_box)
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+        ALIGN
+}
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+__asm int _free_box (void *box_mem, void *box) {
+   /* Function wrapper for Unprivileged/Privileged mode. */
+        LDR     R12,=__cpp(rt_free_box)
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+        ALIGN
+}
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+__asm void SVC_Handler (void) {
+        PRESERVE8
+
+        IMPORT  SVC_Count
+        IMPORT  SVC_Table
+        IMPORT  rt_stk_check
+
+#ifdef  IFX_XMC4XXX
+        EXPORT  SVC_Handler_Veneer
+SVC_Handler_Veneer
+#endif
+
+        MRS     R0,PSP                  ; Read PSP
+        LDR     R1,[R0,#24]             ; Read Saved PC from Stack
+        LDRB    R1,[R1,#-2]             ; Load SVC Number
+        CBNZ    R1,SVC_User
+
+        LDM     R0,{R0-R3,R12}          ; Read R0-R3,R12 from stack
+        PUSH    {R4,LR}                 ; Save EXC_RETURN
+        BLX     R12                     ; Call SVC Function
+        POP     {R4,LR}                 ; Restore EXC_RETURN
+
+        MRS     R12,PSP                 ; Read PSP
+        STM     R12,{R0-R2}             ; Store return values
+
+        LDR     R3,=__cpp(&os_tsk)
+        LDM     R3,{R1,R2}              ; os_tsk.run, os_tsk.new
+        CMP     R1,R2
+#ifdef  IFX_XMC4XXX
+        PUSHEQ  {LR}
+        POPEQ   {PC}
+#else
+        BXEQ    LR                      ; RETI, no task switch
+#endif
+
+        CBZ     R1,SVC_Next             ; Runtask deleted?
+        TST     LR,#0x10                ; is it extended frame?
+        VSTMDBEQ R12!,{S16-S31}         ; yes, stack also VFP hi-regs
+        MOVEQ   R0,#0x01                ; os_tsk->stack_frame val
+        MOVNE   R0,#0x00
+        STRB    R0,[R1,#TCB_STACKF]     ; os_tsk.run->stack_frame = val
+        STMDB   R12!,{R4-R11}           ; Save Old context
+        STR     R12,[R1,#TCB_TSTACK]    ; Update os_tsk.run->tsk_stack
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            ; Check for Stack overflow
+        POP     {R2,R3}
+
+SVC_Next
+        STR     R2,[R3]                 ; os_tsk.run = os_tsk.new
+
+        LDR     R12,[R2,#TCB_TSTACK]    ; os_tsk.new->tsk_stack
+        LDMIA   R12!,{R4-R11}           ; Restore New Context
+        LDRB    R0,[R2,#TCB_STACKF]     ; Stack Frame
+        CMP     R0,#0                   ; Basic/Extended Stack Frame
+        VLDMIANE R12!,{S16-S31}         ; restore VFP hi-registers
+        MVNNE   LR,#:NOT:0xFFFFFFED     ; set EXC_RETURN value
+        MVNEQ   LR,#:NOT:0xFFFFFFFD
+        MSR     PSP,R12                 ; Write PSP
+
+SVC_Exit
+#ifdef  IFX_XMC4XXX
+        PUSH    {LR}
+        POP     {PC}
+#else
+        BX      LR
+#endif
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User
+        PUSH    {R4,LR}                 ; Save Registers
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                ; Overflow
+
+        LDR     R4,=SVC_Table-4
+        LDR     R4,[R4,R1,LSL #2]       ; Load SVC Function Address
+
+        LDM     R0,{R0-R3,R12}          ; Read R0-R3,R12 from stack
+        BLX     R4                      ; Call SVC Function
+
+        MRS     R12,PSP
+        STM     R12,{R0-R3}             ; Function return values
+SVC_Done
+        POP     {R4,PC}                 ; RETI
+
+        ALIGN
+}
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+__asm void PendSV_Handler (void) {
+        PRESERVE8
+
+#ifdef  IFX_XMC4XXX
+        EXPORT  PendSV_Handler_Veneer
+PendSV_Handler_Veneer
+#endif
+
+        PUSH    {R4,LR}                 ; Save EXC_RETURN
+        BL      __cpp(rt_pop_req)
+
+Sys_Switch
+        POP     {R4,LR}                 ; Restore EXC_RETURN
+
+        LDR     R3,=__cpp(&os_tsk)
+        LDM     R3,{R1,R2}              ; os_tsk.run, os_tsk.new
+        CMP     R1,R2
+#ifdef  IFX_XMC4XXX
+        PUSHEQ  {LR}
+        POPEQ   {PC}
+#else
+        BXEQ    LR                      ; RETI, no task switch
+#endif
+
+        MRS     R12,PSP                 ; Read PSP
+        TST     LR,#0x10                ; is it extended frame?
+        VSTMDBEQ R12!,{S16-S31}         ; yes, stack also VFP hi-regs
+        MOVEQ   R0,#0x01                ; os_tsk->stack_frame val
+        MOVNE   R0,#0x00
+        STRB    R0,[R1,#TCB_STACKF]     ; os_tsk.run->stack_frame = val
+        STMDB   R12!,{R4-R11}           ; Save Old context
+        STR     R12,[R1,#TCB_TSTACK]    ; Update os_tsk.run->tsk_stack
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            ; Check for Stack overflow
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 ; os_tsk.run = os_tsk.new
+
+        LDR     R12,[R2,#TCB_TSTACK]    ; os_tsk.new->tsk_stack
+        LDMIA   R12!,{R4-R11}           ; Restore New Context
+        LDRB    R0,[R2,#TCB_STACKF]     ; Stack Frame
+        CMP     R0,#0                   ; Basic/Extended Stack Frame
+        VLDMIANE R12!,{S16-S31}         ; restore VFP hi-regs
+        MVNNE   LR,#:NOT:0xFFFFFFED     ; set EXC_RETURN value
+        MVNEQ   LR,#:NOT:0xFFFFFFFD
+        MSR     PSP,R12                 ; Write PSP
+
+Sys_Exit
+#ifdef  IFX_XMC4XXX
+        PUSH    {LR}
+        POP     {PC}
+#else
+        BX      LR                      ; Return to Thread Mode
+#endif
+
+        ALIGN
+}
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+__asm void SysTick_Handler (void) {
+        PRESERVE8
+
+#ifdef  IFX_XMC4XXX
+        EXPORT  SysTick_Handler_Veneer
+SysTick_Handler_Veneer
+#endif
+
+        PUSH    {R4,LR}                 ; Save EXC_RETURN
+        BL      __cpp(rt_systick)
+        B       Sys_Switch
+
+        ALIGN
+}
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+__asm void OS_Tick_Handler (void) {
+        PRESERVE8
+
+        PUSH    {R4,LR}                 ; Save EXC_RETURN
+        BL      __cpp(os_tick_irqack)
+        BL      __cpp(rt_systick)
+        B       Sys_Switch
+
+        ALIGN
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_ARM/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,57 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.70
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                AREA    SVC_TABLE, CODE, READONLY
+
+                EXPORT  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;               IMPORT  __SVC_1
+
+                EXPORT  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;               DCD     __SVC_1                 ; user SVC function
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_GCC/HAL_CM4.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,405 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM4.S
+ *      Purpose: Hardware Abstraction Layer for Cortex-M4
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        .file   "HAL_CM4.S"
+        .syntax unified
+
+        .equ    TCB_STACKF, 32
+        .equ    TCB_TSTACK, 40
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        .thumb
+
+        .section ".text"
+        .align  2
+
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+#       void rt_set_PSP (U32 stack);
+
+        .thumb_func
+        .type   rt_set_PSP, %function
+        .global rt_set_PSP
+rt_set_PSP:
+        .fnstart
+        .cantunwind
+
+        MSR     PSP,R0
+        BX      LR
+
+        .fnend
+        .size   rt_set_PSP, .-rt_set_PSP
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+#       U32 rt_get_PSP (void);
+
+        .thumb_func
+        .type   rt_get_PSP, %function
+        .global rt_get_PSP
+rt_get_PSP:
+        .fnstart
+        .cantunwind
+
+        MRS     R0,PSP
+        BX      LR
+
+        .fnend
+        .size   rt_get_PSP, .-rt_get_PSP
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+#       void os_set_env (void);
+        /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+
+        .thumb_func
+        .type   os_set_env, %function
+        .global os_set_env
+os_set_env:
+        .fnstart
+        .cantunwind
+
+        MOV     R0,SP                   /* PSP = MSP */
+        MSR     PSP,R0
+        LDR     R0,=os_flags
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        ITE     NE
+        MOVNE   R0,#0x02                /* Privileged Thread mode, use PSP */
+        MOVEQ   R0,#0x03                /* Unprivileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+
+        .fnend
+        .size   os_set_env, .-os_set_env
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+#      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .thumb_func
+        .type   _alloc_box, %function
+        .global _alloc_box
+_alloc_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R12,=rt_alloc_box
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        IT      NE
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        IT      EQ
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+        .fnend
+        .size   _alloc_box, .-_alloc_box
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+#       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        .thumb_func
+        .type   _free_box, %function
+        .global _free_box
+_free_box:
+        .fnstart
+        .cantunwind
+
+        LDR     R12,=rt_free_box
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        IT      NE
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        IT      EQ
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+        .fnend
+        .size   _free_box, .-_free_box
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+#       void SVC_Handler (void);
+
+        .thumb_func
+        .type   SVC_Handler, %function
+        .global SVC_Handler
+SVC_Handler:
+        .ifdef  IFX_XMC4XXX
+        .global SVC_Handler_Veneer
+SVC_Handler_Veneer:
+        .endif
+        .fnstart
+        .cantunwind
+
+        MRS     R0,PSP                  /* Read PSP */
+        LDR     R1,[R0,#24]             /* Read Saved PC from Stack */
+        LDRB    R1,[R1,#-2]             /* Load SVC Number */
+        CBNZ    R1,SVC_User
+
+        LDM     R0,{R0-R3,R12}          /* Read R0-R3,R12 from stack */
+        PUSH    {R4,LR}                 /* Save EXC_RETURN */
+        BLX     R12                     /* Call SVC Function */
+        POP     {R4,LR}                 /* Restore EXC_RETURN */
+
+        MRS     R12,PSP                 /* Read PSP */
+        STM     R12,{R0-R2}             /* Store return values */
+
+        LDR     R3,=os_tsk
+        LDM     R3,{R1,R2}              /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        .ifdef  IFX_XMC4XXX
+        ITT     EQ
+        PUSHEQ  {LR}
+        POPEQ   {PC}
+        .else
+        IT      EQ
+        BXEQ    LR                      /* RETI, no task switch */
+        .endif
+
+        CBZ     R1,SVC_Next             /* Runtask deleted? */
+        TST     LR,#0x10                /* is it extended frame? */
+        #ifdef  __FPU_PRESENT
+        ITTE    EQ
+        VSTMDBEQ R12!,{S16-S31}         /* yes, stack also VFP hi-regs */
+        #else
+        ITE    EQ
+        #endif
+        MOVEQ   R0,#0x01                /* os_tsk->stack_frame val */
+        MOVNE   R0,#0x00
+        STRB    R0,[R1,#TCB_STACKF]     /* os_tsk.run->stack_frame = val */
+        STMDB   R12!,{R4-R11}           /* Save Old context */
+        STR     R12,[R1,#TCB_TSTACK]    /* Update os_tsk.run->tsk_stack */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+SVC_Next:
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R12,[R2,#TCB_TSTACK]    /* os_tsk.new->tsk_stack */
+        LDMIA   R12!,{R4-R11}           /* Restore New Context */
+        LDRB    R0,[R2,#TCB_STACKF]     /* Stack Frame */
+        CMP     R0,#0                   /* Basic/Extended Stack Frame */
+        #ifdef  __FPU_PRESENT
+        ITTE    NE
+        VLDMIANE R12!,{S16-S31}         /* restore VFP hi-registers */
+        #else
+        ITE    NE
+        #endif
+        MVNNE   LR,#~0xFFFFFFED         /* set EXC_RETURN value */
+        MVNEQ   LR,#~0xFFFFFFFD
+        MSR     PSP,R12                 /* Write PSP */
+
+SVC_Exit:
+        .ifdef  IFX_XMC4XXX
+        PUSH    {LR}
+        POP     {PC}
+        .else
+        BX      LR
+        .endif
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        PUSH    {R4,LR}                 /* Save Registers */
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table-4
+        LDR     R4,[R4,R1,LSL #2]       /* Load SVC Function Address */
+
+        LDM     R0,{R0-R3,R12}          /* Read R0-R3,R12 from stack */
+        BLX     R4                      /* Call SVC Function */
+
+        MRS     R12,PSP
+        STM     R12,{R0-R3}             /* Function return values */
+SVC_Done:
+        POP     {R4,PC}                 /* RETI */
+
+        .fnend
+        .size   SVC_Handler, .-SVC_Handler
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+#       void PendSV_Handler (void);
+
+        .thumb_func
+        .type   PendSV_Handler, %function
+        .global PendSV_Handler
+        .global Sys_Switch
+PendSV_Handler:
+        .ifdef  IFX_XMC4XXX
+        .global PendSV_Handler_Veneer
+PendSV_Handler_Veneer:
+        .endif
+        .fnstart
+        .cantunwind
+
+        PUSH    {R4,LR}                 /* Save EXC_RETURN */
+        BL      rt_pop_req
+
+Sys_Switch:
+        POP     {R4,LR}                 /* Restore EXC_RETURN */
+
+        LDR     R3,=os_tsk
+        LDM     R3,{R1,R2}              /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+        .ifdef  IFX_XMC4XXX
+        ITT     EQ
+        PUSHEQ  {LR}
+        POPEQ   {PC}
+        .else
+        IT      EQ
+        BXEQ    LR                      /* RETI, no task switch */
+        .endif
+
+        MRS     R12,PSP                 /* Read PSP */
+        TST     LR,#0x10                /* is it extended frame? */
+        #ifdef  __FPU_PRESENT
+        ITTE    EQ
+        VSTMDBEQ R12!,{S16-S31}         /* yes, stack also VFP hi-regs */
+        #else
+        ITE    EQ
+        #endif
+        MOVEQ   R0,#0x01                /* os_tsk->stack_frame val */
+        MOVNE   R0,#0x00
+        STRB    R0,[R1,#TCB_STACKF]     /* os_tsk.run->stack_frame = val */
+        STMDB   R12!,{R4-R11}           /* Save Old context */
+        STR     R12,[R1,#TCB_TSTACK]    /* Update os_tsk.run->tsk_stack */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R12,[R2,#TCB_TSTACK]    /* os_tsk.new->tsk_stack */
+        LDMIA   R12!,{R4-R11}           /* Restore New Context */
+        LDRB    R0,[R2,#TCB_STACKF]     /* Stack Frame */
+        CMP     R0,#0                   /* Basic/Extended Stack Frame */
+        #ifdef  __FPU_PRESENT
+        ITTE    NE
+        VLDMIANE R12!,{S16-S31}         /* restore VFP hi-registers */
+        #else
+        ITE    NE
+        #endif
+        MVNNE   LR,#~0xFFFFFFED         /* set EXC_RETURN value */
+        MVNEQ   LR,#~0xFFFFFFFD
+        MSR     PSP,R12                 /* Write PSP */
+
+Sys_Exit:
+        .ifdef  IFX_XMC4XXX
+        PUSH    {LR}
+        POP     {PC}
+        .else
+        BX      LR                      /* Return to Thread Mode */
+        .endif
+
+        .fnend
+        .size   PendSV_Handler, .-PendSV_Handler
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+#       void SysTick_Handler (void);
+
+        .thumb_func
+        .type   SysTick_Handler, %function
+        .global SysTick_Handler
+SysTick_Handler:
+        .ifdef  IFX_XMC4XXX
+        .global SysTick_Handler_Veneer
+SysTick_Handler_Veneer:
+        .endif
+        .fnstart
+        .cantunwind
+
+        PUSH    {R4,LR}                 /* Save EXC_RETURN */
+        BL      rt_systick
+        B       Sys_Switch
+
+        .fnend
+        .size   SysTick_Handler, .-SysTick_Handler
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+#       void OS_Tick_Handler (void);
+
+        .thumb_func
+        .type   OS_Tick_Handler, %function
+        .global OS_Tick_Handler
+OS_Tick_Handler:
+        .fnstart
+        .cantunwind
+
+        PUSH    {R4,LR}                 /* Save EXC_RETURN */
+        BL      os_tick_irqack
+        BL      rt_systick
+        B       Sys_Switch
+
+        .fnend
+        .size   OS_Tick_Handler, .-OS_Tick_Handler
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_GCC/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+;/*----------------------------------------------------------------------------
+; *      RL-ARM - RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.70
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+        .file   "SVC_Table.S"
+
+
+        .section ".svc_table"
+
+        .global  SVC_Table
+SVC_Table:
+/* Insert user SVC functions here. SVC 0 used by RTL Kernel. */
+#       .long   __SVC_1                 /* user SVC function */
+SVC_End:
+
+        .global  SVC_Count
+SVC_Count:
+        .long   (SVC_End-SVC_Table)/4
+
+
+        .end
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_IAR/HAL_CM4.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,333 @@
+/*----------------------------------------------------------------------------
+ *      CMSIS-RTOS  -  RTX
+ *----------------------------------------------------------------------------
+ *      Name:    HAL_CM4.S
+ *      Purpose: Hardware Abstraction Layer for Cortex-M4
+ *      Rev.:    V4.70
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+        NAME    HAL_CM4.S
+
+        #define TCB_STACKF 32
+        #define TCB_TSTACK 40
+
+        EXTERN  os_flags
+        EXTERN  os_tsk
+        EXTERN  rt_alloc_box
+        EXTERN  rt_free_box
+        EXTERN  rt_stk_check
+        EXTERN  rt_pop_req
+        EXTERN  rt_systick
+        EXTERN  os_tick_irqack
+        EXTERN  SVC_Table
+        EXTERN  SVC_Count
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+        SECTION .text:CODE:NOROOT(2)
+        THUMB
+
+/*--------------------------- rt_set_PSP ------------------------------------*/
+
+;       void rt_set_PSP (U32 stack);
+
+        PUBLIC  rt_set_PSP
+rt_set_PSP:
+
+        MSR     PSP,R0
+        BX      LR
+
+
+/*--------------------------- rt_get_PSP ------------------------------------*/
+
+;       U32 rt_get_PSP (void);
+
+        PUBLIC  rt_get_PSP
+rt_get_PSP:
+
+        MRS     R0,PSP
+        BX      LR
+
+
+/*--------------------------- os_set_env ------------------------------------*/
+
+;       void os_set_env (void);
+        /* Switch to Unprivileged/Privileged Thread mode, use PSP. */
+
+        PUBLIC  os_set_env
+os_set_env:
+
+        MOV     R0,SP                   /* PSP = MSP */
+        MSR     PSP,R0
+        LDR     R0,=os_flags
+        LDRB    R0,[R0]
+        LSLS    R0,#31
+        ITE     NE
+        MOVNE   R0,#0x02                /* Privileged Thread mode, use PSP */
+        MOVEQ   R0,#0x03                /* Unprivileged Thread mode, use PSP */
+        MSR     CONTROL,R0
+        BX      LR
+
+
+/*--------------------------- _alloc_box ------------------------------------*/
+
+;      void *_alloc_box (void *box_mem);
+       /* Function wrapper for Unprivileged/Privileged mode. */
+
+        PUBLIC  _alloc_box
+_alloc_box:
+
+        LDR     R12,=rt_alloc_box
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        IT      NE
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        IT      EQ
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+
+/*--------------------------- _free_box -------------------------------------*/
+
+;       int _free_box (void *box_mem, void *box);
+        /* Function wrapper for Unprivileged/Privileged mode. */
+
+        PUBLIC  _free_box
+_free_box:
+
+        LDR     R12,=rt_free_box
+        MRS     R3,IPSR
+        LSLS    R3,#24
+        IT      NE
+        BXNE    R12
+        MRS     R3,CONTROL
+        LSLS    R3,#31
+        IT      EQ
+        BXEQ    R12
+        SVC     0
+        BX      LR
+
+
+/*-------------------------- SVC_Handler ------------------------------------*/
+
+;       void SVC_Handler (void);
+
+        PUBLIC  SVC_Handler
+SVC_Handler:
+
+#ifdef IFX_XMC4XXX
+        PUBLIC  SVC_Handler_Veneer
+SVC_Handler_Veneer:
+#endif
+
+        MRS     R0,PSP                  /* Read PSP */
+        LDR     R1,[R0,#24]             /* Read Saved PC from Stack */
+        LDRB    R1,[R1,#-2]             /* Load SVC Number */
+        CBNZ    R1,SVC_User
+
+        LDM     R0,{R0-R3,R12}          /* Read R0-R3,R12 from stack */
+        PUSH    {R4,LR}                 /* Save EXC_RETURN */
+        BLX     R12                     /* Call SVC Function */
+        POP     {R4,LR}                 /* Restore EXC_RETURN */
+
+        MRS     R12,PSP                 /* Read PSP */
+        STM     R12,{R0-R2}             /* Store return values */
+
+        LDR     R3,=os_tsk
+        LDM     R3,{R1,R2}              /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+#ifdef  IFX_XMC4XXX
+        ITT      EQ
+        PUSHEQ  {LR}
+        POPEQ   {PC}
+#else
+        IT      EQ
+        BXEQ    LR                      /* RETI, no task switch */
+#endif
+
+        CBZ     R1,SVC_Next             /* Runtask deleted? */
+        TST     LR,#0x10                /* is it extended frame? */
+        ITTE    EQ
+        VSTMDBEQ R12!,{S16-S31}         /* yes, stack also VFP hi-regs */
+        MOVEQ   R0,#0x01                /* os_tsk->stack_frame val */
+        MOVNE   R0,#0x00
+        STRB    R0,[R1,#TCB_STACKF]     /* os_tsk.run->stack_frame = val */
+        STMDB   R12!,{R4-R11}           /* Save Old context */
+        STR     R12,[R1,#TCB_TSTACK]    /* Update os_tsk.run->tsk_stack */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+SVC_Next:
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R12,[R2,#TCB_TSTACK]    /* os_tsk.new->tsk_stack */
+        LDMIA   R12!,{R4-R11}           /* Restore New Context */
+        LDRB    R0,[R2,#TCB_STACKF]     /* Stack Frame */
+        CMP     R0,#0                   /* Basic/Extended Stack Frame */
+        ITTE    NE
+        VLDMIANE R12!,{S16-S31}         /* restore VFP hi-registers */
+        MVNNE   LR,#~0xFFFFFFED         /* set EXC_RETURN value */
+        MVNEQ   LR,#~0xFFFFFFFD
+        MSR     PSP,R12                 /* Write PSP */
+
+SVC_Exit:
+#ifdef  IFX_XMC4XXX
+        PUSH    {LR}
+        POP     {PC}
+#else
+        BX      LR
+#endif
+
+        /*------------------- User SVC ------------------------------*/
+
+SVC_User:
+        PUSH    {R4,LR}                 /* Save Registers */
+        LDR     R2,=SVC_Count
+        LDR     R2,[R2]
+        CMP     R1,R2
+        BHI     SVC_Done                /* Overflow */
+
+        LDR     R4,=SVC_Table-4
+        LDR     R4,[R4,R1,LSL #2]       /* Load SVC Function Address */
+
+        LDM     R0,{R0-R3,R12}          /* Read R0-R3,R12 from stack */
+        BLX     R4                      /* Call SVC Function */
+
+        MRS     R12,PSP
+        STM     R12,{R0-R3}             /* Function return values */
+SVC_Done:
+        POP     {R4,PC}                 /* RETI */
+
+
+/*-------------------------- PendSV_Handler ---------------------------------*/
+
+;       void PendSV_Handler (void);
+
+        PUBLIC  PendSV_Handler
+PendSV_Handler:
+
+#ifdef  IFX_XMC4XXX
+        PUBLIC  PendSV_Handler_Veneer
+PendSV_Handler_Veneer:
+#endif
+
+        PUSH    {R4,LR}                 /* Save EXC_RETURN */
+        BL      rt_pop_req
+
+Sys_Switch:
+        POP     {R4,LR}                 /* Restore EXC_RETURN */
+
+        LDR     R3,=os_tsk
+        LDM     R3,{R1,R2}              /* os_tsk.run, os_tsk.new */
+        CMP     R1,R2
+#ifdef  IFX_XMC4XXX
+        ITT     EQ
+        PUSHEQ  {LR}
+        POPEQ   {PC}
+#else
+        IT      EQ
+        BXEQ    LR                      /* RETI, no task switch */
+#endif
+
+        MRS     R12,PSP                 /* Read PSP */
+        TST     LR,#0x10                /* is it extended frame? */
+        ITTE    EQ
+        VSTMDBEQ R12!,{S16-S31}         /* yes, stack also VFP hi-regs */
+        MOVEQ   R0,#0x01                /* os_tsk->stack_frame val */
+        MOVNE   R0,#0x00
+        STRB    R0,[R1,#TCB_STACKF]     /* os_tsk.run->stack_frame = val */
+        STMDB   R12!,{R4-R11}           /* Save Old context */
+        STR     R12,[R1,#TCB_TSTACK]    /* Update os_tsk.run->tsk_stack */
+
+        PUSH    {R2,R3}
+        BL      rt_stk_check            /* Check for Stack overflow */
+        POP     {R2,R3}
+
+        STR     R2,[R3]                 /* os_tsk.run = os_tsk.new */
+
+        LDR     R12,[R2,#TCB_TSTACK]    /* os_tsk.new->tsk_stack */
+        LDMIA   R12!,{R4-R11}           /* Restore New Context */
+        LDRB    R0,[R2,#TCB_STACKF]     /* Stack Frame */
+        CMP     R0,#0                   /* Basic/Extended Stack Frame */
+        ITTE    NE
+        VLDMIANE R12!,{S16-S31}         /* restore VFP hi-registers */
+        MVNNE   LR,#~0xFFFFFFED         /* set EXC_RETURN value */
+        MVNEQ   LR,#~0xFFFFFFFD
+        MSR     PSP,R12                 /* Write PSP */
+
+Sys_Exit:
+#ifdef  IFX_XMC4XXX
+        PUSH    {LR}
+        POP     {PC}
+#else
+        BX      LR                      /* Return to Thread Mode */
+#endif
+
+
+/*-------------------------- SysTick_Handler --------------------------------*/
+
+;       void SysTick_Handler (void);
+
+        PUBLIC  SysTick_Handler
+SysTick_Handler:
+#ifdef  IFX_XMC4XXX
+        PUBLIC  SysTick_Handler_Veneer
+SysTick_Handler_Veneer:
+#endif
+
+        PUSH    {R4,LR}                 /* Save EXC_RETURN */
+        BL      rt_systick
+        B       Sys_Switch
+
+
+/*-------------------------- OS_Tick_Handler --------------------------------*/
+
+;       void OS_Tick_Handler (void);
+
+        PUBLIC  OS_Tick_Handler
+OS_Tick_Handler:
+
+        PUSH    {R4,LR}                 /* Save EXC_RETURN */
+        BL      os_tick_irqack
+        BL      rt_systick
+        B       Sys_Switch
+
+
+        END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/TARGET_RTOS_M4_M7/TOOLCHAIN_IAR/SVC_Table.S	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,58 @@
+;/*----------------------------------------------------------------------------
+; *      CMSIS-RTOS  -  RTX
+; *----------------------------------------------------------------------------
+; *      Name:    SVC_TABLE.S
+; *      Purpose: Pre-defined SVC Table for Cortex-M
+; *      Rev.:    V4.70
+; *----------------------------------------------------------------------------
+; *
+; * Copyright (c) 1999-2009 KEIL, 2009-2013 ARM Germany GmbH
+; * All rights reserved.
+; * Redistribution and use in source and binary forms, with or without
+; * modification, are permitted provided that the following conditions are met:
+; *  - Redistributions of source code must retain the above copyright
+; *    notice, this list of conditions and the following disclaimer.
+; *  - Redistributions in binary form must reproduce the above copyright
+; *    notice, this list of conditions and the following disclaimer in the
+; *    documentation and/or other materials provided with the distribution.
+; *  - Neither the name of ARM  nor the names of its contributors may be used
+; *    to endorse or promote products derived from this software without
+; *    specific prior written permission.
+; *
+; * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+; * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+; * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+; * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+; * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+; * POSSIBILITY OF SUCH DAMAGE.
+; *---------------------------------------------------------------------------*/
+
+
+                NAME    SVC_TABLE
+                SECTION .text:CONST (2)
+
+                PUBLIC  SVC_Count
+
+SVC_Cnt         EQU    (SVC_End-SVC_Table)/4
+SVC_Count       DCD     SVC_Cnt
+
+; Import user SVC functions here.
+;               IMPORT  __SVC_1
+
+                PUBLIC  SVC_Table
+SVC_Table
+; Insert user SVC functions here. SVC 0 used by RTL Kernel.
+;               DCD     __SVC_1                 ; user SVC function
+
+SVC_End
+
+                END
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/cmsis_os.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,774 @@
+/* ----------------------------------------------------------------------
+ * Copyright (C) 2012 ARM Limited. All rights reserved.
+ *
+ * $Date:        5. June 2012
+ * $Revision:    V1.01
+ *
+ * Project:      CMSIS-RTOS API
+ * Title:        cmsis_os.h RTX header file
+ *
+ * Version 0.02
+ *    Initial Proposal Phase
+ * Version 0.03
+ *    osKernelStart added, optional feature: main started as thread
+ *    osSemaphores have standard behavior
+ *    osTimerCreate does not start the timer, added osTimerStart
+ *    osThreadPass is renamed to osThreadYield
+ * Version 1.01
+ *    Support for C++ interface
+ *     - const attribute removed from the osXxxxDef_t typedef's
+ *     - const attribute added to the osXxxxDef macros
+ *    Added: osTimerDelete, osMutexDelete, osSemaphoreDelete
+ *    Added: osKernelInitialize
+ * -------------------------------------------------------------------- */
+
+/**
+\page cmsis_os_h Header File Template: cmsis_os.h
+
+The file \b cmsis_os.h is a template header file for a CMSIS-RTOS compliant Real-Time Operating System (RTOS).
+Each RTOS that is compliant with CMSIS-RTOS shall provide a specific \b cmsis_os.h header file that represents
+its implementation.
+
+The file cmsis_os.h contains:
+ - CMSIS-RTOS API function definitions
+ - struct definitions for parameters and return types
+ - status and priority values used by CMSIS-RTOS API functions
+ - macros for defining threads and other kernel objects
+
+
+<b>Name conventions and header file modifications</b>
+
+All definitions are prefixed with \b os to give an unique name space for CMSIS-RTOS functions.
+Definitions that are prefixed \b os_ are not used in the application code but local to this header file.
+All definitions and functions that belong to a module are grouped and have a common prefix, i.e. \b osThread.
+
+Definitions that are marked with <b>CAN BE CHANGED</b> can be adapted towards the needs of the actual CMSIS-RTOS implementation.
+These definitions can be specific to the underlying RTOS kernel.
+
+Definitions that are marked with <b>MUST REMAIN UNCHANGED</b> cannot be altered. Otherwise the CMSIS-RTOS implementation is no longer
+compliant to the standard. Note that some functions are optional and need not to be provided by every CMSIS-RTOS implementation.
+
+
+<b>Function calls from interrupt service routines</b>
+
+The following CMSIS-RTOS functions can be called from threads and interrupt service routines (ISR):
+  - \ref osSignalSet
+  - \ref osSemaphoreRelease
+  - \ref osPoolAlloc, \ref osPoolCAlloc, \ref osPoolFree
+  - \ref osMessagePut, \ref osMessageGet
+  - \ref osMailAlloc, \ref osMailCAlloc, \ref osMailGet, \ref osMailPut, \ref osMailFree
+
+Functions that cannot be called from an ISR are verifying the interrupt status and return in case that they are called
+from an ISR context the status code \b osErrorISR. In some implementations this condition might be caught using the HARD FAULT vector.
+
+Some CMSIS-RTOS implementations support CMSIS-RTOS function calls from multiple ISR at the same time.
+If this is impossible, the CMSIS-RTOS rejects calls by nested ISR functions with the status code \b osErrorISRRecursive.
+
+
+<b>Define and reference object definitions</b>
+
+With <b>\#define osObjectsExternal</b> objects are defined as external symbols. This allows to create a consistent header file
+that is used throughout a project as shown below:
+
+<i>Header File</i>
+\code
+#include <cmsis_os.h>                                         // CMSIS RTOS header file
+
+// Thread definition
+extern void thread_sample (void const *argument);             // function prototype
+osThreadDef (thread_sample, osPriorityBelowNormal, 1, 100);
+
+// Pool definition
+osPoolDef(MyPool, 10, long);
+\endcode
+
+
+This header file defines all objects when included in a C/C++ source file. When <b>\#define osObjectsExternal</b> is
+present before the header file, the objects are defined as external symbols. A single consistent header file can therefore be
+used throughout the whole project.
+
+<i>Example</i>
+\code
+#include "osObjects.h"     // Definition of the CMSIS-RTOS objects
+\endcode
+
+\code
+#define osObjectExternal   // Objects will be defined as external symbols
+#include "osObjects.h"     // Reference to the CMSIS-RTOS objects
+\endcode
+
+*/
+
+#ifndef _CMSIS_OS_H
+#define _CMSIS_OS_H
+
+/// \note MUST REMAIN UNCHANGED: \b osCMSIS identifies the CMSIS-RTOS API version.
+#define osCMSIS           0x10001      ///< API version (main [31:16] .sub [15:0])
+
+/// \note CAN BE CHANGED: \b osCMSIS_KERNEL identifies the underlying RTOS kernel and version number.
+#define osCMSIS_RTX     ((4<<16)|61)   ///< RTOS identification and version (main [31:16] .sub [15:0])
+
+/// \note MUST REMAIN UNCHANGED: \b osKernelSystemId shall be consistent in every CMSIS-RTOS.
+#define osKernelSystemId "RTX V4.61"   ///< RTOS identification string
+
+
+#define CMSIS_OS_RTX
+
+// The stack space occupied is mainly dependent on the underling C standard library
+#if defined(TOOLCHAIN_GCC) || defined(TOOLCHAIN_ARM_STD) || defined(TOOLCHAIN_IAR)
+#    define WORDS_STACK_SIZE   512
+#elif defined(TOOLCHAIN_ARM_MICRO)
+#    define WORDS_STACK_SIZE   128
+#endif
+
+#define DEFAULT_STACK_SIZE         (WORDS_STACK_SIZE*4)
+
+
+/// \note MUST REMAIN UNCHANGED: \b osFeature_xxx shall be consistent in every CMSIS-RTOS.
+#define osFeature_MainThread   1       ///< main thread      1=main can be thread, 0=not available
+#define osFeature_Pool         1       ///< Memory Pools:    1=available, 0=not available
+#define osFeature_MailQ        1       ///< Mail Queues:     1=available, 0=not available
+#define osFeature_MessageQ     1       ///< Message Queues:  1=available, 0=not available
+#define osFeature_Signals      16      ///< maximum number of Signal Flags available per thread
+#define osFeature_Semaphore    65535   ///< maximum count for \ref osSemaphoreCreate function
+#define osFeature_Wait         0       ///< osWait function: 1=available, 0=not available
+
+#if defined (__CC_ARM)
+#define os_InRegs __value_in_regs      // Compiler specific: force struct in registers
+#elif defined (__ICCARM__)
+#define os_InRegs __value_in_regs      // Compiler specific: force struct in registers
+#else
+#define os_InRegs
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C"
+{
+#endif
+
+#include "os_tcb.h"
+
+// ==== Enumeration, structures, defines ====
+
+/// Priority used for thread control.
+/// \note MUST REMAIN UNCHANGED: \b osPriority shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osPriorityIdle          = -3,          ///< priority: idle (lowest)
+  osPriorityLow           = -2,          ///< priority: low
+  osPriorityBelowNormal   = -1,          ///< priority: below normal
+  osPriorityNormal        =  0,          ///< priority: normal (default)
+  osPriorityAboveNormal   = +1,          ///< priority: above normal
+  osPriorityHigh          = +2,          ///< priority: high
+  osPriorityRealtime      = +3,          ///< priority: realtime (highest)
+  osPriorityError         =  0x84        ///< system cannot determine priority or thread has illegal priority
+} osPriority;
+
+/// Timeout value.
+/// \note MUST REMAIN UNCHANGED: \b osWaitForever shall be consistent in every CMSIS-RTOS.
+#define osWaitForever     0xFFFFFFFF     ///< wait forever timeout value
+
+/// Status code values returned by CMSIS-RTOS functions.
+/// \note MUST REMAIN UNCHANGED: \b osStatus shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osOK                    =     0,       ///< function completed; no error or event occurred.
+  osEventSignal           =  0x08,       ///< function completed; signal event occurred.
+  osEventMessage          =  0x10,       ///< function completed; message event occurred.
+  osEventMail             =  0x20,       ///< function completed; mail event occurred.
+  osEventTimeout          =  0x40,       ///< function completed; timeout occurred.
+  osErrorParameter        =  0x80,       ///< parameter error: a mandatory parameter was missing or specified an incorrect object.
+  osErrorResource         =  0x81,       ///< resource not available: a specified resource was not available.
+  osErrorTimeoutResource  =  0xC1,       ///< resource not available within given time: a specified resource was not available within the timeout period.
+  osErrorISR              =  0x82,       ///< not allowed in ISR context: the function cannot be called from interrupt service routines.
+  osErrorISRRecursive     =  0x83,       ///< function called multiple times from ISR with same object.
+  osErrorPriority         =  0x84,       ///< system cannot determine priority or thread has illegal priority.
+  osErrorNoMemory         =  0x85,       ///< system is out of memory: it was impossible to allocate or reserve memory for the operation.
+  osErrorValue            =  0x86,       ///< value of a parameter is out of range.
+  osErrorOS               =  0xFF,       ///< unspecified RTOS error: run-time error but no other error message fits.
+  os_status_reserved      =  0x7FFFFFFF  ///< prevent from enum down-size compiler optimization.
+} osStatus;
+
+
+/// Timer type value for the timer definition.
+/// \note MUST REMAIN UNCHANGED: \b os_timer_type shall be consistent in every CMSIS-RTOS.
+typedef enum  {
+  osTimerOnce             =     0,       ///< one-shot timer
+  osTimerPeriodic         =     1        ///< repeating timer
+} os_timer_type;
+
+/// Entry point of a thread.
+/// \note MUST REMAIN UNCHANGED: \b os_pthread shall be consistent in every CMSIS-RTOS.
+typedef void (*os_pthread) (void const *argument);
+
+/// Entry point of a timer call back function.
+/// \note MUST REMAIN UNCHANGED: \b os_ptimer shall be consistent in every CMSIS-RTOS.
+typedef void (*os_ptimer) (void const *argument);
+
+// >>> the following data type definitions may shall adapted towards a specific RTOS
+
+/// Thread ID identifies the thread (pointer to a thread control block).
+/// \note CAN BE CHANGED: \b os_thread_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_thread_cb *osThreadId;
+
+/// Timer ID identifies the timer (pointer to a timer control block).
+/// \note CAN BE CHANGED: \b os_timer_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_timer_cb *osTimerId;
+
+/// Mutex ID identifies the mutex (pointer to a mutex control block).
+/// \note CAN BE CHANGED: \b os_mutex_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_mutex_cb *osMutexId;
+
+/// Semaphore ID identifies the semaphore (pointer to a semaphore control block).
+/// \note CAN BE CHANGED: \b os_semaphore_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_semaphore_cb *osSemaphoreId;
+
+/// Pool ID identifies the memory pool (pointer to a memory pool control block).
+/// \note CAN BE CHANGED: \b os_pool_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_pool_cb *osPoolId;
+
+/// Message ID identifies the message queue (pointer to a message queue control block).
+/// \note CAN BE CHANGED: \b os_messageQ_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_messageQ_cb *osMessageQId;
+
+/// Mail ID identifies the mail queue (pointer to a mail queue control block).
+/// \note CAN BE CHANGED: \b os_mailQ_cb is implementation specific in every CMSIS-RTOS.
+typedef struct os_mailQ_cb *osMailQId;
+
+
+/// Thread Definition structure contains startup information of a thread.
+/// \note CAN BE CHANGED: \b os_thread_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_thread_def  {
+  os_pthread               pthread;      ///< start address of thread function
+  osPriority             tpriority;      ///< initial thread priority
+  uint32_t               stacksize;      ///< stack size requirements in bytes
+  uint32_t               *stack_pointer;  ///< pointer to the stack memory block
+  struct OS_TCB          tcb;
+} osThreadDef_t;
+
+/// Timer Definition structure contains timer parameters.
+/// \note CAN BE CHANGED: \b os_timer_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_timer_def  {
+  os_ptimer                 ptimer;    ///< start address of a timer function
+  void                      *timer;    ///< pointer to internal data
+} osTimerDef_t;
+
+/// Mutex Definition structure contains setup information for a mutex.
+/// \note CAN BE CHANGED: \b os_mutex_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_mutex_def  {
+  void                      *mutex;    ///< pointer to internal data
+} osMutexDef_t;
+
+/// Semaphore Definition structure contains setup information for a semaphore.
+/// \note CAN BE CHANGED: \b os_semaphore_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_semaphore_def  {
+  void                  *semaphore;    ///< pointer to internal data
+} osSemaphoreDef_t;
+
+/// Definition structure for memory block allocation.
+/// \note CAN BE CHANGED: \b os_pool_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_pool_def  {
+  uint32_t                 pool_sz;    ///< number of items (elements) in the pool
+  uint32_t                 item_sz;    ///< size of an item
+  void                       *pool;    ///< pointer to memory for pool
+} osPoolDef_t;
+
+/// Definition structure for message queue.
+/// \note CAN BE CHANGED: \b os_messageQ_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_messageQ_def  {
+  uint32_t                queue_sz;    ///< number of elements in the queue
+  void                       *pool;    ///< memory array for messages
+} osMessageQDef_t;
+
+/// Definition structure for mail queue.
+/// \note CAN BE CHANGED: \b os_mailQ_def is implementation specific in every CMSIS-RTOS.
+typedef struct os_mailQ_def  {
+  uint32_t                queue_sz;    ///< number of elements in the queue
+  uint32_t                 item_sz;    ///< size of an item
+  void                       *pool;    ///< memory array for mail
+} osMailQDef_t;
+
+/// Event structure contains detailed information about an event.
+/// \note MUST REMAIN UNCHANGED: \b os_event shall be consistent in every CMSIS-RTOS.
+///       However the struct may be extended at the end.
+typedef struct  {
+  osStatus                 status;     ///< status code: event or error information
+  union  {
+    uint32_t                    v;     ///< message as 32-bit value
+    void                       *p;     ///< message or mail as void pointer
+    int32_t               signals;     ///< signal flags
+  } value;                             ///< event value
+  union  {
+    osMailQId             mail_id;     ///< mail id obtained by \ref osMailCreate
+    osMessageQId       message_id;     ///< message id obtained by \ref osMessageCreate
+  } def;                               ///< event definition
+} osEvent;
+
+
+//  ==== Kernel Control Functions ====
+
+/// Initialize the RTOS Kernel for creating objects.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osKernelInitialize shall be consistent in every CMSIS-RTOS.
+osStatus osKernelInitialize (void);
+
+/// Start the RTOS Kernel.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osKernelStart shall be consistent in every CMSIS-RTOS.
+osStatus osKernelStart (void);
+
+/// Check if the RTOS kernel is already started.
+/// \note MUST REMAIN UNCHANGED: \b osKernelRunning shall be consistent in every CMSIS-RTOS.
+/// \return 0 RTOS is not started, 1 RTOS is started.
+int32_t osKernelRunning(void);
+
+
+//  ==== Thread Management ====
+
+/// Create a Thread Definition with function, priority, and stack requirements.
+/// \param         name         name of the thread function.
+/// \param         priority     initial priority of the thread function.
+/// \param         stacksz      stack size (in bytes) requirements for the thread function.
+/// \note CAN BE CHANGED: The parameters to \b osThreadDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osThreadDef(name, priority, stacksz)  \
+extern osThreadDef_t os_thread_def_##name
+#else                            // define the object
+#define osThreadDef(name, priority, stacksz)  \
+uint32_t os_thread_def_stack_##name [stacksz / sizeof(uint32_t)]; \
+osThreadDef_t os_thread_def_##name = \
+{ (name), (priority), (stacksz), (os_thread_def_stack_##name)}
+#endif
+
+/// Access a Thread definition.
+/// \param         name          name of the thread definition object.
+/// \note CAN BE CHANGED: The parameter to \b osThread shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osThread(name)  \
+&os_thread_def_##name
+
+/// Create a thread and add it to Active Threads and set it to state READY.
+/// \param[in]     thread_def    thread definition referenced with \ref osThread.
+/// \param[in]     argument      pointer that is passed to the thread function as start argument.
+/// \return thread ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osThreadCreate shall be consistent in every CMSIS-RTOS.
+osThreadId osThreadCreate (osThreadDef_t *thread_def, void *argument);
+
+/// Return the thread ID of the current running thread.
+/// \return thread ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osThreadGetId shall be consistent in every CMSIS-RTOS.
+osThreadId osThreadGetId (void);
+
+/// Terminate execution of a thread and remove it from Active Threads.
+/// \param[in]     thread_id   thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadTerminate shall be consistent in every CMSIS-RTOS.
+osStatus osThreadTerminate (osThreadId thread_id);
+
+/// Pass control to next thread that is in state \b READY.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadYield shall be consistent in every CMSIS-RTOS.
+osStatus osThreadYield (void);
+
+/// Change priority of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     priority      new priority value for the thread function.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadSetPriority shall be consistent in every CMSIS-RTOS.
+osStatus osThreadSetPriority (osThreadId thread_id, osPriority priority);
+
+/// Get current priority of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \return current priority value of the thread function.
+/// \note MUST REMAIN UNCHANGED: \b osThreadGetPriority shall be consistent in every CMSIS-RTOS.
+osPriority osThreadGetPriority (osThreadId thread_id);
+
+
+//  ==== Generic Wait Functions ====
+
+/// Wait for Timeout (Time Delay).
+/// \param[in]     millisec      time delay value
+/// \return status code that indicates the execution status of the function.
+osStatus osDelay (uint32_t millisec);
+
+#if (defined (osFeature_Wait)  &&  (osFeature_Wait != 0))     // Generic Wait available
+
+/// Wait for Signal, Message, Mail, or Timeout.
+/// \param[in] millisec          timeout value or 0 in case of no time-out
+/// \return event that contains signal, message, or mail information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osWait shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osWait (uint32_t millisec);
+
+#endif  // Generic Wait available
+
+
+//  ==== Timer Management Functions ====
+/// Define a Timer object.
+/// \param         name          name of the timer object.
+/// \param         function      name of the timer call back function.
+/// \note CAN BE CHANGED: The parameter to \b osTimerDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osTimerDef(name, function)  \
+extern osTimerDef_t os_timer_def_##name
+#else                            // define the object
+#define osTimerDef(name, function)  \
+uint32_t os_timer_cb_##name[5]; \
+osTimerDef_t os_timer_def_##name = \
+{ (function), (os_timer_cb_##name) }
+#endif
+
+/// Access a Timer definition.
+/// \param         name          name of the timer object.
+/// \note CAN BE CHANGED: The parameter to \b osTimer shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osTimer(name) \
+&os_timer_def_##name
+
+/// Create a timer.
+/// \param[in]     timer_def     timer object referenced with \ref osTimer.
+/// \param[in]     type          osTimerOnce for one-shot or osTimerPeriodic for periodic behavior.
+/// \param[in]     argument      argument to the timer call back function.
+/// \return timer ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osTimerCreate shall be consistent in every CMSIS-RTOS.
+osTimerId osTimerCreate (osTimerDef_t *timer_def, os_timer_type type, void *argument);
+
+/// Start or restart a timer.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \param[in]     millisec      time delay value of the timer.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerStart shall be consistent in every CMSIS-RTOS.
+osStatus osTimerStart (osTimerId timer_id, uint32_t millisec);
+
+/// Stop the timer.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerStop shall be consistent in every CMSIS-RTOS.
+osStatus osTimerStop (osTimerId timer_id);
+
+/// Delete a timer that was created by \ref osTimerCreate.
+/// \param[in]     timer_id      timer ID obtained by \ref osTimerCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osTimerDelete shall be consistent in every CMSIS-RTOS.
+osStatus osTimerDelete (osTimerId timer_id);
+
+
+//  ==== Signal Management ====
+
+/// Set the specified Signal Flags of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     signals       specifies the signal flags of the thread that should be set.
+/// \return previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSignalSet shall be consistent in every CMSIS-RTOS.
+int32_t osSignalSet (osThreadId thread_id, int32_t signals);
+
+/// Clear the specified Signal Flags of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \param[in]     signals       specifies the signal flags of the thread that shall be cleared.
+/// \return previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSignalClear shall be consistent in every CMSIS-RTOS.
+int32_t osSignalClear (osThreadId thread_id, int32_t signals);
+
+/// Get Signal Flags status of an active thread.
+/// \param[in]     thread_id     thread ID obtained by \ref osThreadCreate or \ref osThreadGetId.
+/// \return previous signal flags of the specified thread or 0x80000000 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSignalGet shall be consistent in every CMSIS-RTOS.
+int32_t osSignalGet (osThreadId thread_id);
+
+/// Wait for one or more Signal Flags to become signaled for the current \b RUNNING thread.
+/// \param[in]     signals       wait until all specified signal flags set or 0 for any single signal flag.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return event flag information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osSignalWait shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osSignalWait (int32_t signals, uint32_t millisec);
+
+
+//  ==== Mutex Management ====
+
+/// Define a Mutex.
+/// \param         name          name of the mutex object.
+/// \note CAN BE CHANGED: The parameter to \b osMutexDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMutexDef(name)  \
+extern osMutexDef_t os_mutex_def_##name
+#else                            // define the object
+#define osMutexDef(name)  \
+uint32_t os_mutex_cb_##name[3]; \
+osMutexDef_t os_mutex_def_##name = { (os_mutex_cb_##name) }
+#endif
+
+/// Access a Mutex definition.
+/// \param         name          name of the mutex object.
+/// \note CAN BE CHANGED: The parameter to \b osMutex shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMutex(name)  \
+&os_mutex_def_##name
+
+/// Create and Initialize a Mutex object.
+/// \param[in]     mutex_def     mutex definition referenced with \ref osMutex.
+/// \return mutex ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMutexCreate shall be consistent in every CMSIS-RTOS.
+osMutexId osMutexCreate (osMutexDef_t *mutex_def);
+
+/// Wait until a Mutex becomes available.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexWait shall be consistent in every CMSIS-RTOS.
+osStatus osMutexWait (osMutexId mutex_id, uint32_t millisec);
+
+/// Release a Mutex that was obtained by \ref osMutexWait.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexRelease shall be consistent in every CMSIS-RTOS.
+osStatus osMutexRelease (osMutexId mutex_id);
+
+/// Delete a Mutex that was created by \ref osMutexCreate.
+/// \param[in]     mutex_id      mutex ID obtained by \ref osMutexCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMutexDelete shall be consistent in every CMSIS-RTOS.
+osStatus osMutexDelete (osMutexId mutex_id);
+
+
+//  ==== Semaphore Management Functions ====
+
+#if (defined (osFeature_Semaphore)  &&  (osFeature_Semaphore != 0))     // Semaphore available
+
+/// Define a Semaphore object.
+/// \param         name          name of the semaphore object.
+/// \note CAN BE CHANGED: The parameter to \b osSemaphoreDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osSemaphoreDef(name)  \
+extern osSemaphoreDef_t os_semaphore_def_##name
+#else                            // define the object
+#define osSemaphoreDef(name)  \
+uint32_t os_semaphore_cb_##name[2]; \
+osSemaphoreDef_t os_semaphore_def_##name = { (os_semaphore_cb_##name) }
+#endif
+
+/// Access a Semaphore definition.
+/// \param         name          name of the semaphore object.
+/// \note CAN BE CHANGED: The parameter to \b osSemaphore shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osSemaphore(name)  \
+&os_semaphore_def_##name
+
+/// Create and Initialize a Semaphore object used for managing resources.
+/// \param[in]     semaphore_def semaphore definition referenced with \ref osSemaphore.
+/// \param[in]     count         number of available resources.
+/// \return semaphore ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreCreate shall be consistent in every CMSIS-RTOS.
+osSemaphoreId osSemaphoreCreate (osSemaphoreDef_t *semaphore_def, int32_t count);
+
+/// Wait until a Semaphore token becomes available.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return number of available tokens, or -1 in case of incorrect parameters.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreWait shall be consistent in every CMSIS-RTOS.
+int32_t osSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec);
+
+/// Release a Semaphore token.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreRelease shall be consistent in every CMSIS-RTOS.
+osStatus osSemaphoreRelease (osSemaphoreId semaphore_id);
+
+/// Delete a Semaphore that was created by \ref osSemaphoreCreate.
+/// \param[in]     semaphore_id  semaphore object referenced with \ref osSemaphoreCreate.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osSemaphoreDelete shall be consistent in every CMSIS-RTOS.
+osStatus osSemaphoreDelete (osSemaphoreId semaphore_id);
+
+#endif     // Semaphore available
+
+
+//  ==== Memory Pool Management Functions ====
+
+#if (defined (osFeature_Pool)  &&  (osFeature_Pool != 0))  // Memory Pool Management available
+
+/// \brief Define a Memory Pool.
+/// \param         name          name of the memory pool.
+/// \param         no            maximum number of blocks (objects) in the memory pool.
+/// \param         type          data type of a single block (object).
+/// \note CAN BE CHANGED: The parameter to \b osPoolDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osPoolDef(name, no, type)   \
+extern osPoolDef_t os_pool_def_##name
+#else                            // define the object
+#define osPoolDef(name, no, type)   \
+uint32_t os_pool_m_##name[3+((sizeof(type)+3)/4)*(no)]; \
+osPoolDef_t os_pool_def_##name = \
+{ (no), sizeof(type), (os_pool_m_##name) }
+#endif
+
+/// \brief Access a Memory Pool definition.
+/// \param         name          name of the memory pool
+/// \note CAN BE CHANGED: The parameter to \b osPool shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osPool(name) \
+&os_pool_def_##name
+
+/// Create and Initialize a memory pool.
+/// \param[in]     pool_def      memory pool definition referenced with \ref osPool.
+/// \return memory pool ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osPoolCreate shall be consistent in every CMSIS-RTOS.
+osPoolId osPoolCreate (osPoolDef_t *pool_def);
+
+/// Allocate a memory block from a memory pool.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \return address of the allocated memory block or NULL in case of no memory available.
+/// \note MUST REMAIN UNCHANGED: \b osPoolAlloc shall be consistent in every CMSIS-RTOS.
+void *osPoolAlloc (osPoolId pool_id);
+
+/// Allocate a memory block from a memory pool and set memory block to zero.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \return address of the allocated memory block or NULL in case of no memory available.
+/// \note MUST REMAIN UNCHANGED: \b osPoolCAlloc shall be consistent in every CMSIS-RTOS.
+void *osPoolCAlloc (osPoolId pool_id);
+
+/// Return an allocated memory block back to a specific memory pool.
+/// \param[in]     pool_id       memory pool ID obtain referenced with \ref osPoolCreate.
+/// \param[in]     block         address of the allocated memory block that is returned to the memory pool.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osPoolFree shall be consistent in every CMSIS-RTOS.
+osStatus osPoolFree (osPoolId pool_id, void *block);
+
+#endif   // Memory Pool Management available
+
+
+//  ==== Message Queue Management Functions ====
+
+#if (defined (osFeature_MessageQ)  &&  (osFeature_MessageQ != 0))     // Message Queues available
+
+/// \brief Create a Message Queue Definition.
+/// \param         name          name of the queue.
+/// \param         queue_sz      maximum number of messages in the queue.
+/// \param         type          data type of a single message element (for debugger).
+/// \note CAN BE CHANGED: The parameter to \b osMessageQDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMessageQDef(name, queue_sz, type)   \
+extern osMessageQDef_t os_messageQ_def_##name
+#else                            // define the object
+#define osMessageQDef(name, queue_sz, type)   \
+uint32_t os_messageQ_q_##name[4+(queue_sz)]; \
+osMessageQDef_t os_messageQ_def_##name = \
+{ (queue_sz), (os_messageQ_q_##name) }
+#endif
+
+/// \brief Access a Message Queue Definition.
+/// \param         name          name of the queue
+/// \note CAN BE CHANGED: The parameter to \b osMessageQ shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMessageQ(name) \
+&os_messageQ_def_##name
+
+/// Create and Initialize a Message Queue.
+/// \param[in]     queue_def     queue definition referenced with \ref osMessageQ.
+/// \param[in]     thread_id     thread ID (obtained by \ref osThreadCreate or \ref osThreadGetId) or NULL.
+/// \return message queue ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMessageCreate shall be consistent in every CMSIS-RTOS.
+osMessageQId osMessageCreate (osMessageQDef_t *queue_def, osThreadId thread_id);
+
+/// Put a Message to a Queue.
+/// \param[in]     queue_id      message queue ID obtained with \ref osMessageCreate.
+/// \param[in]     info          message information.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMessagePut shall be consistent in every CMSIS-RTOS.
+osStatus osMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec);
+
+/// Get a Message or Wait for a Message from a Queue.
+/// \param[in]     queue_id      message queue ID obtained with \ref osMessageCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out.
+/// \return event information that includes status code.
+/// \note MUST REMAIN UNCHANGED: \b osMessageGet shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osMessageGet (osMessageQId queue_id, uint32_t millisec);
+
+#endif     // Message Queues available
+
+
+//  ==== Mail Queue Management Functions ====
+
+#if (defined (osFeature_MailQ)  &&  (osFeature_MailQ != 0))     // Mail Queues available
+
+/// \brief Create a Mail Queue Definition.
+/// \param         name          name of the queue
+/// \param         queue_sz      maximum number of messages in queue
+/// \param         type          data type of a single message element
+/// \note CAN BE CHANGED: The parameter to \b osMailQDef shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#if defined (osObjectsExternal)  // object is external
+#define osMailQDef(name, queue_sz, type) \
+extern osMailQDef_t os_mailQ_def_##name
+#else                            // define the object
+#define osMailQDef(name, queue_sz, type) \
+uint32_t os_mailQ_q_##name[4+(queue_sz)]; \
+uint32_t os_mailQ_m_##name[3+((sizeof(type)+3)/4)*(queue_sz)]; \
+void *   os_mailQ_p_##name[2] = { (os_mailQ_q_##name), os_mailQ_m_##name }; \
+osMailQDef_t os_mailQ_def_##name =  \
+{ (queue_sz), sizeof(type), (os_mailQ_p_##name) }
+#endif
+
+/// \brief Access a Mail Queue Definition.
+/// \param         name          name of the queue
+/// \note CAN BE CHANGED: The parameter to \b osMailQ shall be consistent but the
+///       macro body is implementation specific in every CMSIS-RTOS.
+#define osMailQ(name)  \
+&os_mailQ_def_##name
+
+/// Create and Initialize mail queue.
+/// \param[in]     queue_def     reference to the mail queue definition obtain with \ref osMailQ
+/// \param[in]     thread_id     thread ID (obtained by \ref osThreadCreate or \ref osThreadGetId) or NULL.
+/// \return mail queue ID for reference by other functions or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailCreate shall be consistent in every CMSIS-RTOS.
+osMailQId osMailCreate (osMailQDef_t *queue_def, osThreadId thread_id);
+
+/// Allocate a memory block from a mail.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return pointer to memory block that can be filled with mail or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailAlloc shall be consistent in every CMSIS-RTOS.
+void *osMailAlloc (osMailQId queue_id, uint32_t millisec);
+
+/// Allocate a memory block from a mail and set memory block to zero.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return pointer to memory block that can be filled with mail or NULL in case of error.
+/// \note MUST REMAIN UNCHANGED: \b osMailCAlloc shall be consistent in every CMSIS-RTOS.
+void *osMailCAlloc (osMailQId queue_id, uint32_t millisec);
+
+/// Put a mail to a queue.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     mail          memory block previously allocated with \ref osMailAlloc or \ref osMailCAlloc.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMailPut shall be consistent in every CMSIS-RTOS.
+osStatus osMailPut (osMailQId queue_id, void *mail);
+
+/// Get a mail from a queue.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     millisec      timeout value or 0 in case of no time-out
+/// \return event that contains mail information or error code.
+/// \note MUST REMAIN UNCHANGED: \b osMailGet shall be consistent in every CMSIS-RTOS.
+os_InRegs osEvent osMailGet (osMailQId queue_id, uint32_t millisec);
+
+/// Free a memory block from a mail.
+/// \param[in]     queue_id      mail queue ID obtained with \ref osMailCreate.
+/// \param[in]     mail          pointer to the memory block that was obtained with \ref osMailGet.
+/// \return status code that indicates the execution status of the function.
+/// \note MUST REMAIN UNCHANGED: \b osMailFree shall be consistent in every CMSIS-RTOS.
+osStatus osMailFree (osMailQId queue_id, void *mail);
+
+#endif  // Mail Queues available
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif  // _CMSIS_OS_H
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/os_tcb.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,51 @@
+#ifndef OS_TCB_H
+#define OS_TCB_H
+
+/* Types */
+typedef char               S8;
+typedef unsigned char      U8;
+typedef short              S16;
+typedef unsigned short     U16;
+typedef int                S32;
+typedef unsigned int       U32;
+typedef long long          S64;
+typedef unsigned long long U64;
+typedef unsigned char      BIT;
+typedef unsigned int       BOOL;
+typedef void               (*FUNCP)(void);
+
+typedef struct OS_TCB {
+  /* General part: identical for all implementations.                        */
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     state;                   /* Task state                              */
+  U8     prio;                    /* Execution priority                      */
+  U8     task_id;                 /* Task ID value for optimized TCB access  */
+  struct OS_TCB *p_lnk;           /* Link pointer for ready/sem. wait list   */
+  struct OS_TCB *p_rlnk;          /* Link pointer for sem./mbx lst backwards */
+  struct OS_TCB *p_dlnk;          /* Link pointer for delay list             */
+  struct OS_TCB *p_blnk;          /* Link pointer for delay list backwards   */
+  U16    delta_time;              /* Time until time out                     */
+  U16    interval_time;           /* Time interval for periodic waits        */
+  U16    events;                  /* Event flags                             */
+  U16    waits;                   /* Wait flags                              */
+  void   **msg;                   /* Direct message passing when task waits  */
+
+  /* Hardware dependant part: specific for CM processor                      */
+  U8     stack_frame;             /* Stack frame: 0=Basic, 1=Extended        */
+  U8     reserved1;
+  U16    reserved2;
+  U32    priv_stack;              /* Private stack size in bytes             */
+  U32    tsk_stack;               /* Current task Stack pointer (R13)        */
+  U32    *stack;                  /* Pointer to Task Stack memory block      */
+
+  /* Library dependant part                                                   */
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+ /* A memory space for arm standard library. */
+  U32 std_libspace[96/4];
+#endif
+
+  /* Task entry point used for uVision debugger                              */
+  FUNCP  ptask;                   /* Task entry address                      */
+} *P_TCB;
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_CMSIS.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1887 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    rt_CMSIS.c
+ *      Purpose: CMSIS RTOS API
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#define __CMSIS_GENERIC
+
+#if defined (__CORTEX_M4) || defined (__CORTEX_M4F)
+  #include "core_cm4.h"
+#elif defined (__CORTEX_M7) || defined (__CORTEX_M7F)
+  #include "core_cm7.h"
+#elif defined (__CORTEX_M3)
+  #include "core_cm3.h"
+#elif defined (__CORTEX_M0)
+  #include "core_cm0.h"
+#elif defined (__CORTEX_M0PLUS)
+  #include "core_cm0plus.h"
+#else
+  #error "Missing __CORTEX_Mx definition"
+#endif
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_Task.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Time.h"
+#include "rt_Mutex.h"
+#include "rt_Semaphore.h"
+#include "rt_Mailbox.h"
+#include "rt_MemBox.h"
+#include "rt_HAL_CM.h"
+
+#define os_thread_cb OS_TCB
+
+#include "cmsis_os.h"
+
+#if (osFeature_Signals != 16)
+#error Invalid "osFeature_Signals" value!
+#endif
+#if (osFeature_Semaphore > 65535)
+#error Invalid "osFeature_Semaphore" value!
+#endif
+#if (osFeature_Wait != 0)
+#error osWait not supported!
+#endif
+
+
+// ==== Enumeration, structures, defines ====
+
+// Service Calls defines
+
+#if defined (__CC_ARM)          /* ARM Compiler */
+
+#define __NO_RETURN __declspec(noreturn)
+
+#define osEvent_type       osEvent
+#define osEvent_ret_status ret
+#define osEvent_ret_value  ret
+#define osEvent_ret_msg    ret
+#define osEvent_ret_mail   ret
+
+#define osCallback_type    osCallback
+#define osCallback_ret     ret
+
+#define SVC_0_1(f,t,...)                                                       \
+__svc_indirect(0) t  _##f (t(*)());                                            \
+                  t     f (void);                                              \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (void) {                                             \
+  return _##f(f);                                                              \
+}
+
+#define SVC_1_1(f,t,t1,...)                                                    \
+__svc_indirect(0) t  _##f (t(*)(t1),t1);                                       \
+                  t     f (t1 a1);                                             \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1) {                                            \
+  return _##f(f,a1);                                                           \
+}
+
+#define SVC_2_1(f,t,t1,t2,...)                                                 \
+__svc_indirect(0) t  _##f (t(*)(t1,t2),t1,t2);                                 \
+                  t     f (t1 a1, t2 a2);                                      \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2) {                                     \
+  return _##f(f,a1,a2);                                                        \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,...)                                              \
+__svc_indirect(0) t  _##f (t(*)(t1,t2,t3),t1,t2,t3);                           \
+                  t     f (t1 a1, t2 a2, t3 a3);                               \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2, t3 a3) {                              \
+  return _##f(f,a1,a2,a3);                                                     \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,...)                                           \
+__svc_indirect(0) t  _##f (t(*)(t1,t2,t3,t4),t1,t2,t3,t4);                     \
+                  t     f (t1 a1, t2 a2, t3 a3, t4 a4);                        \
+__attribute__((always_inline))                                                 \
+static __inline   t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                       \
+  return _##f(f,a1,a2,a3,a4);                                                  \
+}
+
+#define SVC_1_2 SVC_1_1
+#define SVC_1_3 SVC_1_1
+#define SVC_2_3 SVC_2_1
+
+#elif defined (__GNUC__)        /* GNU Compiler */
+
+#define __NO_RETURN __attribute__((noreturn))
+
+typedef uint32_t __attribute__((vector_size(8)))  ret64;
+typedef uint32_t __attribute__((vector_size(16))) ret128;
+
+#define RET_pointer    __r0
+#define RET_int32_t    __r0
+#define RET_osStatus   __r0
+#define RET_osPriority __r0
+#define RET_osEvent    {(osStatus)__r0, {(uint32_t)__r1}, {(void *)__r2}}
+#define RET_osCallback {(void *)__r0, (void *)__r1}
+
+#define osEvent_type        ret128
+#define osEvent_ret_status (ret128){ret.status}
+#define osEvent_ret_value  (ret128){ret.status, ret.value.v}
+#define osEvent_ret_msg    (ret128){ret.status, ret.value.v, (uint32_t)ret.def.message_id}
+#define osEvent_ret_mail   (ret128){ret.status, ret.value.v, (uint32_t)ret.def.mail_id}
+
+#define osCallback_type     ret64
+#define osCallback_ret     (ret64) {(uint32_t)ret.fp, (uint32_t)ret.arg}
+
+#define SVC_ArgN(n) \
+  register int __r##n __asm("r"#n);
+
+#define SVC_ArgR(n,t,a) \
+  register t   __r##n __asm("r"#n) = a;
+
+#define SVC_Arg0()                                                             \
+  SVC_ArgN(0)                                                                  \
+  SVC_ArgN(1)                                                                  \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg1(t1)                                                           \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgN(1)                                                                  \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg2(t1,t2)                                                        \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgN(2)                                                                  \
+  SVC_ArgN(3)
+
+#define SVC_Arg3(t1,t2,t3)                                                     \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgR(2,t3,a3)                                                            \
+  SVC_ArgN(3)
+
+#define SVC_Arg4(t1,t2,t3,t4)                                                  \
+  SVC_ArgR(0,t1,a1)                                                            \
+  SVC_ArgR(1,t2,a2)                                                            \
+  SVC_ArgR(2,t3,a3)                                                            \
+  SVC_ArgR(3,t4,a4)
+
+#if (defined (__CORTEX_M0)) || defined (__CORTEX_M0PLUS)
+#define SVC_Call(f)                                                            \
+  __asm volatile                                                                 \
+  (                                                                            \
+    "ldr r7,="#f"\n\t"                                                         \
+    "mov r12,r7\n\t"                                                           \
+    "svc 0"                                                                    \
+    :               "=r" (__r0), "=r" (__r1), "=r" (__r2), "=r" (__r3)         \
+    :                "r" (__r0),  "r" (__r1),  "r" (__r2),  "r" (__r3)         \
+    : "r7", "r12", "lr", "cc"                                                  \
+  );
+#else
+#define SVC_Call(f)                                                            \
+  __asm volatile                                                                 \
+  (                                                                            \
+    "ldr r12,="#f"\n\t"                                                        \
+    "svc 0"                                                                    \
+    :               "=r" (__r0), "=r" (__r1), "=r" (__r2), "=r" (__r3)         \
+    :                "r" (__r0),  "r" (__r1),  "r" (__r2),  "r" (__r3)         \
+    : "r12", "lr", "cc"                                                        \
+  );
+#endif
+
+#define SVC_0_1(f,t,rv)                                                        \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (void) {                                                \
+  SVC_Arg0();                                                                  \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_1_1(f,t,t1,rv)                                                     \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1) {                                               \
+  SVC_Arg1(t1);                                                                \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_2_1(f,t,t1,t2,rv)                                                  \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2) {                                        \
+  SVC_Arg2(t1,t2);                                                             \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,rv)                                               \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2, t3 a3) {                                 \
+  SVC_Arg3(t1,t2,t3);                                                          \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,rv)                                            \
+__attribute__((always_inline))                                                 \
+static inline  t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                          \
+  SVC_Arg4(t1,t2,t3,t4);                                                       \
+  SVC_Call(f);                                                                 \
+  return (t) rv;                                                               \
+}
+
+#define SVC_1_2 SVC_1_1
+#define SVC_1_3 SVC_1_1
+#define SVC_2_3 SVC_2_1
+
+#elif defined (__ICCARM__)      /* IAR Compiler */
+
+#define __NO_RETURN __noreturn
+
+#define osEvent_type       osEvent
+#define osEvent_ret_status ret
+#define osEvent_ret_value  ret
+#define osEvent_ret_msg    ret
+#define osEvent_ret_mail   ret
+
+#define osCallback_type    osCallback
+#define osCallback_ret     ret
+
+#define RET_osEvent     osEvent
+#define RET_osCallback  osCallback
+
+#define SVC_Setup(f)                                                           \
+  __asm(                                                                       \
+    "mov r12,%0\n"                                                             \
+    :: "r"(&f): "r12"                                                          \
+  );
+
+
+#define SVC_0_1(f,t,...)                                                       \
+t f (void);                                                                    \
+_Pragma("swi_number=0") __swi t _##f (void);                                   \
+static inline t __##f (void) {                                                 \
+  SVC_Setup(f);                                                                \
+  return _##f();                                                               \
+}
+
+#define SVC_1_1(f,t,t1,...)                                                    \
+t f (t1 a1);                                                                   \
+_Pragma("swi_number=0") __swi t _##f (t1 a1);                                  \
+static inline t __##f (t1 a1) {                                                \
+  SVC_Setup(f);                                                                \
+  return _##f(a1);                                                             \
+}
+
+#define SVC_2_1(f,t,t1,t2,...)                                                 \
+t f (t1 a1, t2 a2);                                                            \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2);                           \
+static inline t __##f (t1 a1, t2 a2) {                                         \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2);                                                          \
+}
+
+#define SVC_3_1(f,t,t1,t2,t3,...)                                              \
+t f (t1 a1, t2 a2, t3 a3);                                                     \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2, t3 a3);                    \
+static inline t __##f (t1 a1, t2 a2, t3 a3) {                                  \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2,a3);                                                       \
+}
+
+#define SVC_4_1(f,t,t1,t2,t3,t4,...)                                           \
+t f (t1 a1, t2 a2, t3 a3, t4 a4);                                              \
+_Pragma("swi_number=0") __swi t _##f (t1 a1, t2 a2, t3 a3, t4 a4);             \
+static inline t __##f (t1 a1, t2 a2, t3 a3, t4 a4) {                           \
+  SVC_Setup(f);                                                                \
+  return _##f(a1,a2,a3,a4);                                                    \
+}
+
+#define SVC_1_2 SVC_1_1
+#define SVC_1_3 SVC_1_1
+#define SVC_2_3 SVC_2_1
+
+#endif
+
+
+// Callback structure
+typedef struct {
+  void *fp;             // Function pointer
+  void *arg;            // Function argument
+} osCallback;
+
+
+// OS Section definitions
+#ifdef OS_SECTIONS_LINK_INFO
+extern const uint32_t  os_section_id$$Base;
+extern const uint32_t  os_section_id$$Limit;
+#endif
+
+// OS Timers external resources
+extern osThreadDef_t   os_thread_def_osTimerThread;
+extern osThreadId      osThreadId_osTimerThread;
+extern osMessageQDef_t os_messageQ_def_osTimerMessageQ;
+extern osMessageQId    osMessageQId_osTimerMessageQ;
+
+
+// ==== Helper Functions ====
+
+/// Convert timeout in millisec to system ticks
+static uint32_t rt_ms2tick (uint32_t millisec) {
+  uint32_t tick;
+
+  if (millisec == osWaitForever) return 0xFFFF; // Indefinite timeout
+  if (millisec > 4000000) return 0xFFFE;        // Max ticks supported
+
+  tick = ((1000 * millisec) + os_clockrate - 1)  / os_clockrate;
+  if (tick > 0xFFFE) return 0xFFFE;
+
+  return tick;
+}
+
+/// Convert Thread ID to TCB pointer
+static P_TCB rt_tid2ptcb (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  if (thread_id == NULL) return NULL;
+
+  if ((uint32_t)thread_id & 3) return NULL;
+
+#ifdef OS_SECTIONS_LINK_INFO
+  if ((os_section_id$$Base != 0) && (os_section_id$$Limit != 0)) {
+    if (thread_id  < (osThreadId)os_section_id$$Base)  return NULL;
+    if (thread_id >= (osThreadId)os_section_id$$Limit) return NULL;
+  }
+#endif
+
+  ptcb = thread_id;
+
+  if (ptcb->cb_type != TCB) return NULL;
+
+  return ptcb;
+}
+
+/// Convert ID pointer to Object pointer
+static void *rt_id2obj (void *id) {
+
+  if ((uint32_t)id & 3) return NULL;
+
+#ifdef OS_SECTIONS_LINK_INFO
+  if ((os_section_id$$Base != 0) && (os_section_id$$Limit != 0)) {
+    if (id  < (void *)os_section_id$$Base)  return NULL;
+    if (id >= (void *)os_section_id$$Limit) return NULL;
+  }
+#endif
+
+  return id;
+}
+
+
+// ==== Kernel Control ====
+
+uint8_t os_initialized;                         // Kernel Initialized flag
+uint8_t os_running;                             // Kernel Running flag
+
+// Kernel Control Service Calls declarations
+SVC_0_1(svcKernelInitialize, osStatus, RET_osStatus)
+SVC_0_1(svcKernelStart,      osStatus, RET_osStatus)
+SVC_0_1(svcKernelRunning,    int32_t,  RET_int32_t)
+
+extern void  sysThreadError   (osStatus status);
+osThreadId   svcThreadCreate  (osThreadDef_t *thread_def, void *argument);
+osMessageQId svcMessageCreate (osMessageQDef_t *queue_def, osThreadId thread_id);
+
+// Kernel Control Service Calls
+
+/// Initialize the RTOS Kernel for creating objects
+osStatus svcKernelInitialize (void) {
+  if (os_initialized) return osOK;
+
+  rt_sys_init();                                // RTX System Initialization
+  os_tsk.run->prio = 255;                       // Highest priority
+
+  sysThreadError(osOK);
+
+  os_initialized = 1;
+
+  return osOK;
+}
+
+/// Start the RTOS Kernel
+osStatus svcKernelStart (void) {
+
+  if (os_running) return osOK;
+
+  // Create OS Timers resources (Message Queue & Thread)
+  osMessageQId_osTimerMessageQ = svcMessageCreate (&os_messageQ_def_osTimerMessageQ, NULL);
+  osThreadId_osTimerThread = svcThreadCreate(&os_thread_def_osTimerThread, NULL);
+
+  rt_tsk_prio(0, 0);                            // Lowest priority
+  __set_PSP(os_tsk.run->tsk_stack + 8*4);       // New context
+  os_tsk.run = NULL;                            // Force context switch
+
+  rt_sys_start();
+
+  os_running = 1;
+
+  return osOK;
+}
+
+/// Check if the RTOS kernel is already started
+int32_t svcKernelRunning(void) {
+  return os_running;
+}
+
+// Kernel Control Public API
+
+/// Initialize the RTOS Kernel for creating objects
+osStatus osKernelInitialize (void) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  if ((__get_CONTROL() & 1) == 0) {             // Privileged mode
+    return   svcKernelInitialize();
+  } else {
+    return __svcKernelInitialize();
+  }
+}
+
+/// Start the RTOS Kernel
+osStatus osKernelStart (void) {
+  uint32_t stack[8];
+
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  switch (__get_CONTROL() & 0x03) {
+    case 0x00:                                  // Privileged Thread mode & MSP
+      __set_PSP((uint32_t)(stack + 8));         // Initial PSP
+      if (os_flags & 1) {
+        __set_CONTROL(0x02);                    // Set Privileged Thread mode & PSP
+      } else {
+        __set_CONTROL(0x03);                    // Set Unprivileged Thread mode & PSP
+      }
+      __DSB();
+      __ISB();
+      break;
+    case 0x01:                                  // Unprivileged Thread mode & MSP
+      return osErrorOS;
+    case 0x02:                                  // Privileged Thread mode & PSP
+      if ((os_flags & 1) == 0) {                // Unprivileged Thread mode requested
+        __set_CONTROL(0x03);                    // Set Unprivileged Thread mode & PSP
+        __DSB();
+        __ISB();
+      }
+      break;
+    case 0x03:                                  // Unprivileged Thread mode & PSP
+      if  (os_flags & 1) return osErrorOS;      // Privileged Thread mode requested
+      break;
+  }
+  return __svcKernelStart();
+}
+
+/// Check if the RTOS kernel is already started
+int32_t osKernelRunning(void) {
+  if ((__get_IPSR() != 0) || ((__get_CONTROL() & 1) == 0)) {
+    // in ISR or Privileged
+    return os_running;
+  } else {
+    return __svcKernelRunning();
+  }
+}
+
+
+// ==== Thread Management ====
+
+__NO_RETURN void osThreadExit (void);
+
+// Thread Service Calls declarations
+SVC_2_1(svcThreadCreate,      osThreadId, osThreadDef_t *, void *,     RET_pointer)
+SVC_0_1(svcThreadGetId,       osThreadId,                              RET_pointer)
+SVC_1_1(svcThreadTerminate,   osStatus,   osThreadId,                  RET_osStatus)
+SVC_0_1(svcThreadYield,       osStatus,                                RET_osStatus)
+SVC_2_1(svcThreadSetPriority, osStatus,   osThreadId,      osPriority, RET_osStatus)
+SVC_1_1(svcThreadGetPriority, osPriority, osThreadId,                  RET_osPriority)
+
+// Thread Service Calls
+extern OS_TID rt_get_TID (void);
+extern void   rt_init_context (P_TCB p_TCB, U8 priority, FUNCP task_body);
+
+/// Create a thread and add it to Active Threads and set it to state READY
+osThreadId svcThreadCreate (osThreadDef_t *thread_def, void *argument) {
+  P_TCB  ptcb;
+
+  if ((thread_def == NULL) ||
+      (thread_def->pthread == NULL) ||
+      (thread_def->tpriority < osPriorityIdle) ||
+      (thread_def->tpriority > osPriorityRealtime) ||
+      (thread_def->stacksize == 0) ||
+      (thread_def->stack_pointer == NULL) ) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  U8 priority = thread_def->tpriority - osPriorityIdle + 1;
+  P_TCB task_context = &thread_def->tcb;
+
+  /* Utilize the user provided stack. */
+  task_context->stack      = (U32*)thread_def->stack_pointer;
+  task_context->priv_stack = thread_def->stacksize;
+  /* Find a free entry in 'os_active_TCB' table. */
+  OS_TID tsk = rt_get_TID ();
+  os_active_TCB[tsk-1] = task_context;
+  task_context->task_id = tsk;
+  /* Pass parameter 'argv' to 'rt_init_context' */
+  task_context->msg = argument;
+  /* Initialize thread context structure, including the thread's stack. */
+  rt_init_context (task_context, priority, (FUNCP)thread_def->pthread);
+
+  /* Dispatch this task to the scheduler for execution. */
+  DBG_TASK_NOTIFY(task_context, __TRUE);
+  rt_dispatch (task_context);
+
+  ptcb = (P_TCB)os_active_TCB[tsk - 1];         // TCB pointer
+
+  *((uint32_t *)ptcb->tsk_stack + 13) = (uint32_t)osThreadExit;
+
+  return ptcb;
+}
+
+/// Return the thread ID of the current running thread
+osThreadId svcThreadGetId (void) {
+  OS_TID tsk;
+
+  tsk = rt_tsk_self();
+  if (tsk == 0) return NULL;
+  return (P_TCB)os_active_TCB[tsk - 1];
+}
+
+/// Terminate execution of a thread and remove it from ActiveThreads
+osStatus svcThreadTerminate (osThreadId thread_id) {
+  OS_RESULT res;
+  P_TCB     ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osErrorParameter;
+
+  res = rt_tsk_delete(ptcb->task_id);           // Delete task
+
+  if (res == OS_R_NOK) return osErrorResource;  // Delete task failed
+
+  return osOK;
+}
+
+/// Pass control to next thread that is in state READY
+osStatus svcThreadYield (void) {
+  rt_tsk_pass();                                // Pass control to next task
+  return osOK;
+}
+
+/// Change priority of an active thread
+osStatus svcThreadSetPriority (osThreadId thread_id, osPriority priority) {
+  OS_RESULT res;
+  P_TCB     ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osErrorParameter;
+
+  if ((priority < osPriorityIdle) || (priority > osPriorityRealtime)) {
+    return osErrorValue;
+  }
+
+  res = rt_tsk_prio(                            // Change task priority
+    ptcb->task_id,                              // Task ID
+    priority - osPriorityIdle + 1               // New task priority
+  );
+
+  if (res == OS_R_NOK) return osErrorResource;  // Change task priority failed
+
+  return osOK;
+}
+
+/// Get current priority of an active thread
+osPriority svcThreadGetPriority (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return osPriorityError;
+
+  return (osPriority)(ptcb->prio - 1 + osPriorityIdle);
+}
+
+
+// Thread Public API
+
+/// Create a thread and add it to Active Threads and set it to state READY
+osThreadId osThreadCreate (osThreadDef_t *thread_def, void *argument) {
+  if (__get_IPSR() != 0) return NULL;           // Not allowed in ISR
+  if (((__get_CONTROL() & 1) == 0) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcThreadCreate(thread_def, argument);
+  } else {
+    return __svcThreadCreate(thread_def, argument);
+  }
+}
+
+/// Return the thread ID of the current running thread
+osThreadId osThreadGetId (void) {
+  if (__get_IPSR() != 0) return NULL;           // Not allowed in ISR
+  return __svcThreadGetId();
+}
+
+/// Terminate execution of a thread and remove it from ActiveThreads
+osStatus osThreadTerminate (osThreadId thread_id) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadTerminate(thread_id);
+}
+
+/// Pass control to next thread that is in state READY
+osStatus osThreadYield (void) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadYield();
+}
+
+/// Change priority of an active thread
+osStatus osThreadSetPriority (osThreadId thread_id, osPriority priority) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcThreadSetPriority(thread_id, priority);
+}
+
+/// Get current priority of an active thread
+osPriority osThreadGetPriority (osThreadId thread_id) {
+  if (__get_IPSR() != 0) return osPriorityError;// Not allowed in ISR
+  return __svcThreadGetPriority(thread_id);
+}
+
+/// INTERNAL - Not Public
+/// Auto Terminate Thread on exit (used implicitly when thread exists)
+__NO_RETURN void osThreadExit (void) {
+  __svcThreadTerminate(__svcThreadGetId());
+  for (;;);                                     // Should never come here
+}
+
+
+// ==== Generic Wait Functions ====
+
+// Generic Wait Service Calls declarations
+SVC_1_1(svcDelay,           osStatus, uint32_t, RET_osStatus)
+#if osFeature_Wait != 0
+SVC_1_3(svcWait,  os_InRegs osEvent,  uint32_t, RET_osEvent)
+#endif
+
+// Generic Wait Service Calls
+
+/// Wait for Timeout (Time Delay)
+osStatus svcDelay (uint32_t millisec) {
+  if (millisec == 0) return osOK;
+  rt_dly_wait(rt_ms2tick(millisec));
+  return osEventTimeout;
+}
+
+/// Wait for Signal, Message, Mail, or Timeout
+#if osFeature_Wait != 0
+os_InRegs osEvent_type svcWait (uint32_t millisec) {
+  osEvent ret;
+
+  if (millisec == 0) {
+    ret.status = osOK;
+    return osEvent_ret_status;
+  }
+
+  /* To Do: osEventSignal, osEventMessage, osEventMail */
+  rt_dly_wait(rt_ms2tick(millisec));
+  ret.status = osEventTimeout;
+
+  return osEvent_ret_status;
+}
+#endif
+
+
+// Generic Wait API
+
+/// Wait for Timeout (Time Delay)
+osStatus osDelay (uint32_t millisec) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcDelay(millisec);
+}
+
+/// Wait for Signal, Message, Mail, or Timeout
+os_InRegs osEvent osWait (uint32_t millisec) {
+  osEvent ret;
+
+#if osFeature_Wait == 0
+  ret.status = osErrorOS;
+  return ret;
+#else
+  if (__get_IPSR() != 0) {                      // Not allowed in ISR
+    ret.status = osErrorISR;
+    return ret;
+  }
+  return __svcWait(millisec);
+#endif
+}
+
+
+// ==== Timer Management ====
+
+// Timer definitions
+#define osTimerInvalid  0
+#define osTimerStopped  1
+#define osTimerRunning  2
+
+// Timer structures
+
+typedef struct os_timer_cb_ {                   // Timer Control Block
+  struct os_timer_cb_ *next;                    // Pointer to next active Timer
+  uint8_t             state;                    // Timer State
+  uint8_t              type;                    // Timer Type (Periodic/One-shot)
+  uint16_t         reserved;                    // Reserved
+  uint16_t             tcnt;                    // Timer Delay Count
+  uint16_t             icnt;                    // Timer Initial Count
+  void                 *arg;                    // Timer Function Argument
+  osTimerDef_t       *timer;                    // Pointer to Timer definition
+} os_timer_cb;
+
+// Timer variables
+os_timer_cb *os_timer_head;                     // Pointer to first active Timer
+
+
+// Timer Helper Functions
+
+// Insert Timer into the list sorted by time
+static void rt_timer_insert (os_timer_cb *pt, uint32_t tcnt) {
+  os_timer_cb *p, *prev;
+
+  prev = NULL;
+  p = os_timer_head;
+  while (p != NULL) {
+    if (tcnt < p->tcnt) break;
+    tcnt -= p->tcnt;
+    prev = p;
+    p = p->next;
+  }
+  pt->next = p;
+  pt->tcnt = (uint16_t)tcnt;
+  if (p != NULL) {
+    p->tcnt -= pt->tcnt;
+  }
+  if (prev != NULL) {
+    prev->next = pt;
+  } else {
+    os_timer_head = pt;
+  }
+}
+
+// Remove Timer from the list
+static int rt_timer_remove (os_timer_cb *pt) {
+  os_timer_cb *p, *prev;
+
+  prev = NULL;
+  p = os_timer_head;
+  while (p != NULL) {
+    if (p == pt) break;
+    prev = p;
+    p = p->next;
+  }
+  if (p == NULL) return -1;
+  if (prev != NULL) {
+    prev->next = pt->next;
+  } else {
+    os_timer_head = pt->next;
+  }
+  if (pt->next != NULL) {
+    pt->next->tcnt += pt->tcnt;
+  }
+
+  return 0;
+}
+
+
+// Timer Service Calls declarations
+SVC_3_1(svcTimerCreate,           osTimerId,  osTimerDef_t *, os_timer_type, void *, RET_pointer)
+SVC_2_1(svcTimerStart,            osStatus,   osTimerId,      uint32_t,              RET_osStatus)
+SVC_1_1(svcTimerStop,             osStatus,   osTimerId,                             RET_osStatus)
+SVC_1_1(svcTimerDelete,           osStatus,   osTimerId,                             RET_osStatus)
+SVC_1_2(svcTimerCall,   os_InRegs osCallback, osTimerId,                             RET_osCallback)
+
+// Timer Management Service Calls
+
+/// Create timer
+osTimerId svcTimerCreate (osTimerDef_t *timer_def, os_timer_type type, void *argument) {
+  os_timer_cb *pt;
+
+  if ((timer_def == NULL) || (timer_def->ptimer == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  pt = timer_def->timer;
+  if (pt == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if ((type != osTimerOnce) && (type != osTimerPeriodic)) {
+    sysThreadError(osErrorValue);
+    return NULL;
+  }
+
+  if (osThreadId_osTimerThread == NULL) {
+    sysThreadError(osErrorResource);
+    return NULL;
+  }
+
+  if (pt->state != osTimerInvalid){
+    sysThreadError(osErrorResource);
+    return NULL;
+  }
+
+  pt->state = osTimerStopped;
+  pt->type  =  (uint8_t)type;
+  pt->arg   = argument;
+  pt->timer = timer_def;
+
+  return (osTimerId)pt;
+}
+
+/// Start or restart timer
+osStatus svcTimerStart (osTimerId timer_id, uint32_t millisec) {
+  os_timer_cb *pt;
+  uint32_t     tcnt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  tcnt = rt_ms2tick(millisec);
+  if (tcnt == 0) return osErrorValue;
+
+  switch (pt->state) {
+    case osTimerRunning:
+      if (rt_timer_remove(pt) != 0) {
+        return osErrorResource;
+      }
+      break;
+    case osTimerStopped:
+      pt->state = osTimerRunning;
+      pt->icnt  = (uint16_t)tcnt;
+      break;
+    default:
+      return osErrorResource;
+  }
+
+  rt_timer_insert(pt, tcnt);
+
+  return osOK;
+}
+
+/// Stop timer
+osStatus svcTimerStop (osTimerId timer_id) {
+  os_timer_cb *pt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  if (pt->state != osTimerRunning) return osErrorResource;
+
+  pt->state = osTimerStopped;
+
+  if (rt_timer_remove(pt) != 0) {
+    return osErrorResource;
+  }
+
+  return osOK;
+}
+
+/// Delete timer
+osStatus svcTimerDelete (osTimerId timer_id) {
+  os_timer_cb *pt;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) return osErrorParameter;
+
+  switch (pt->state) {
+    case osTimerRunning:
+      rt_timer_remove(pt);
+      break;
+    case osTimerStopped:
+      break;
+    default:
+      return osErrorResource;
+  }
+
+  pt->state = osTimerInvalid;
+
+  return osOK;
+}
+
+/// Get timer callback parameters
+os_InRegs osCallback_type svcTimerCall (osTimerId timer_id) {
+  os_timer_cb *pt;
+  osCallback   ret;
+
+  pt = rt_id2obj(timer_id);
+  if (pt == NULL) {
+    ret.fp  = NULL;
+    ret.arg = NULL;
+    return osCallback_ret;
+  }
+
+  ret.fp  = (void *)pt->timer->ptimer;
+  ret.arg = pt->arg;
+
+  return osCallback_ret;
+}
+
+static __INLINE osStatus isrMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec);
+
+/// Timer Tick (called each SysTick)
+void sysTimerTick (void) {
+  os_timer_cb *pt, *p;
+
+  p = os_timer_head;
+  if (p == NULL) return;
+
+  p->tcnt--;
+  while ((p != NULL) && (p->tcnt == 0)) {
+    pt = p;
+    p = p->next;
+    os_timer_head = p;
+    isrMessagePut(osMessageQId_osTimerMessageQ, (uint32_t)pt, 0);
+    if (pt->type == osTimerPeriodic) {
+      rt_timer_insert(pt, pt->icnt);
+    } else {
+      pt->state = osTimerStopped;
+    }
+  }
+}
+
+
+// Timer Management Public API
+
+/// Create timer
+osTimerId osTimerCreate (osTimerDef_t *timer_def, os_timer_type type, void *argument) {
+  if (__get_IPSR() != 0) return NULL;           // Not allowed in ISR
+  if (((__get_CONTROL() & 1) == 0) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcTimerCreate(timer_def, type, argument);
+  } else {
+    return __svcTimerCreate(timer_def, type, argument);
+  }
+}
+
+/// Start or restart timer
+osStatus osTimerStart (osTimerId timer_id, uint32_t millisec) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerStart(timer_id, millisec);
+}
+
+/// Stop timer
+osStatus osTimerStop (osTimerId timer_id) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerStop(timer_id);
+}
+
+/// Delete timer
+osStatus osTimerDelete (osTimerId timer_id) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcTimerDelete(timer_id);
+}
+
+/// INTERNAL - Not Public
+/// Get timer callback parameters (used by OS Timer Thread)
+os_InRegs osCallback osTimerCall (osTimerId timer_id) {
+  return __svcTimerCall(timer_id);
+}
+
+
+// Timer Thread
+__NO_RETURN void osTimerThread (void const *argument) {
+  osCallback cb;
+  osEvent    evt;
+
+  for (;;) {
+    evt = osMessageGet(osMessageQId_osTimerMessageQ, osWaitForever);
+    if (evt.status == osEventMessage) {
+      cb = osTimerCall(evt.value.p);
+      if (cb.fp != NULL) {
+        (*(os_ptimer)cb.fp)(cb.arg);
+      }
+    }
+  }
+}
+
+
+// ==== Signal Management ====
+
+// Signal Service Calls declarations
+SVC_2_1(svcSignalSet,             int32_t, osThreadId, int32_t,  RET_int32_t)
+SVC_2_1(svcSignalClear,           int32_t, osThreadId, int32_t,  RET_int32_t)
+SVC_1_1(svcSignalGet,             int32_t, osThreadId,           RET_int32_t)
+SVC_2_3(svcSignalWait,  os_InRegs osEvent, int32_t,    uint32_t, RET_osEvent)
+
+// Signal Service Calls
+
+/// Set the specified Signal Flags of an active thread
+int32_t svcSignalSet (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  rt_evt_set(signals, ptcb->task_id);           // Set event flags
+
+  return sig;
+}
+
+/// Clear the specified Signal Flags of an active thread
+int32_t svcSignalClear (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  rt_evt_clr(signals, ptcb->task_id);           // Clear event flags
+
+  return sig;
+}
+
+/// Get Signal Flags status of an active thread
+int32_t svcSignalGet (osThreadId thread_id) {
+  P_TCB ptcb;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  return ptcb->events;                          // Return event flags
+}
+
+/// Wait for one or more Signal Flags to become signaled for the current RUNNING thread
+os_InRegs osEvent_type svcSignalWait (int32_t signals, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) {
+    ret.status = osErrorValue;
+    return osEvent_ret_status;
+  }
+
+  if (signals != 0) {                           // Wait for all specified signals
+    res = rt_evt_wait(signals, rt_ms2tick(millisec), __TRUE);
+  } else {                                      // Wait for any signal
+    res = rt_evt_wait(0xFFFF,  rt_ms2tick(millisec), __FALSE);
+  }
+
+  if (res == OS_R_EVT) {
+    ret.status = osEventSignal;
+    ret.value.signals = signals ? signals : os_tsk.run->waits;
+  } else {
+    ret.status = millisec ? osEventTimeout : osOK;
+    ret.value.signals = 0;
+  }
+
+  return osEvent_ret_value;
+}
+
+
+// Signal ISR Calls
+
+/// Set the specified Signal Flags of an active thread
+static __INLINE int32_t isrSignalSet (osThreadId thread_id, int32_t signals) {
+  P_TCB   ptcb;
+  int32_t sig;
+
+  ptcb = rt_tid2ptcb(thread_id);                // Get TCB pointer
+  if (ptcb == NULL) return 0x80000000;
+
+  if (signals & (0xFFFFFFFF << osFeature_Signals)) return 0x80000000;
+
+  sig = ptcb->events;                           // Previous signal flags
+
+  isr_evt_set(signals, ptcb->task_id);          // Set event flags
+
+  return sig;
+}
+
+
+// Signal Public API
+
+/// Set the specified Signal Flags of an active thread
+int32_t osSignalSet (osThreadId thread_id, int32_t signals) {
+  if (__get_IPSR() != 0) {                      // in ISR
+    return   isrSignalSet(thread_id, signals);
+  } else {                                      // in Thread
+    return __svcSignalSet(thread_id, signals);
+  }
+}
+
+/// Clear the specified Signal Flags of an active thread
+int32_t osSignalClear (osThreadId thread_id, int32_t signals) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcSignalClear(thread_id, signals);
+}
+
+/// Get Signal Flags status of an active thread
+int32_t osSignalGet (osThreadId thread_id) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcSignalGet(thread_id);
+}
+
+/// Wait for one or more Signal Flags to become signaled for the current RUNNING thread
+os_InRegs osEvent osSignalWait (int32_t signals, uint32_t millisec) {
+  osEvent ret;
+
+  if (__get_IPSR() != 0) {                      // Not allowed in ISR
+    ret.status = osErrorISR;
+    return ret;
+  }
+  return __svcSignalWait(signals, millisec);
+}
+
+
+// ==== Mutex Management ====
+
+// Mutex Service Calls declarations
+SVC_1_1(svcMutexCreate,  osMutexId, osMutexDef_t *,           RET_pointer)
+SVC_2_1(svcMutexWait,    osStatus,  osMutexId,      uint32_t, RET_osStatus)
+SVC_1_1(svcMutexRelease, osStatus,  osMutexId,                RET_osStatus)
+SVC_1_1(svcMutexDelete,  osStatus,  osMutexId,                RET_osStatus)
+
+// Mutex Service Calls
+
+/// Create and Initialize a Mutex object
+osMutexId svcMutexCreate (osMutexDef_t *mutex_def) {
+  OS_ID mut;
+
+  if (mutex_def == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  mut = mutex_def->mutex;
+  if (mut == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_MUCB)mut)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  rt_mut_init(mut);                             // Initialize Mutex
+
+  return mut;
+}
+
+/// Wait until a Mutex becomes available
+osStatus svcMutexWait (osMutexId mutex_id, uint32_t millisec) {
+  OS_ID     mut;
+  OS_RESULT res;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  res = rt_mut_wait(mut, rt_ms2tick(millisec)); // Wait for Mutex
+
+  if (res == OS_R_TMO) {
+    return (millisec ? osErrorTimeoutResource : osErrorResource);
+  }
+
+  return osOK;
+}
+
+/// Release a Mutex that was obtained with osMutexWait
+osStatus svcMutexRelease (osMutexId mutex_id) {
+  OS_ID     mut;
+  OS_RESULT res;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  res = rt_mut_release(mut);                    // Release Mutex
+
+  if (res == OS_R_NOK) return osErrorResource;  // Thread not owner or Zero Counter
+
+  return osOK;
+}
+
+/// Delete a Mutex that was created by osMutexCreate
+osStatus svcMutexDelete (osMutexId mutex_id) {
+  OS_ID mut;
+
+  mut = rt_id2obj(mutex_id);
+  if (mut == NULL) return osErrorParameter;
+
+  if (((P_MUCB)mut)->cb_type != MUCB) return osErrorParameter;
+
+  rt_mut_delete(mut);                           // Release Mutex
+
+  return osOK;
+}
+
+
+// Mutex Public API
+
+/// Create and Initialize a Mutex object
+osMutexId osMutexCreate (osMutexDef_t *mutex_def) {
+  if (__get_IPSR() != 0) return NULL;           // Not allowed in ISR
+  if (((__get_CONTROL() & 1) == 0) && (os_running == 0)) {
+    // Privileged and not running
+    return    svcMutexCreate(mutex_def);
+  } else {
+    return __svcMutexCreate(mutex_def);
+  }
+}
+
+/// Wait until a Mutex becomes available
+osStatus osMutexWait (osMutexId mutex_id, uint32_t millisec) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexWait(mutex_id, millisec);
+}
+
+/// Release a Mutex that was obtained with osMutexWait
+osStatus osMutexRelease (osMutexId mutex_id) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexRelease(mutex_id);
+}
+
+/// Delete a Mutex that was created by osMutexCreate
+osStatus osMutexDelete (osMutexId mutex_id) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcMutexDelete(mutex_id);
+}
+
+
+// ==== Semaphore Management ====
+
+// Semaphore Service Calls declarations
+SVC_2_1(svcSemaphoreCreate,  osSemaphoreId, const osSemaphoreDef_t *,  int32_t, RET_pointer)
+SVC_2_1(svcSemaphoreWait,    int32_t,       osSemaphoreId,      uint32_t, RET_int32_t)
+SVC_1_1(svcSemaphoreRelease, osStatus,      osSemaphoreId,                RET_osStatus)
+SVC_1_1(svcSemaphoreDelete,  osStatus,            osSemaphoreId,                RET_osStatus)
+
+// Semaphore Service Calls
+
+/// Create and Initialize a Semaphore object
+osSemaphoreId svcSemaphoreCreate (const osSemaphoreDef_t *semaphore_def, int32_t count) {
+  OS_ID sem;
+
+  if (semaphore_def == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  sem = semaphore_def->semaphore;
+  if (sem == NULL) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_SCB)sem)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (count > osFeature_Semaphore) {
+    sysThreadError(osErrorValue);
+    return NULL;
+  }
+
+  rt_sem_init(sem, count);                      // Initialize Semaphore
+
+  return sem;
+}
+
+/// Wait until a Semaphore becomes available
+int32_t svcSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec) {
+  OS_ID     sem;
+  OS_RESULT res;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return -1;
+
+  if (((P_SCB)sem)->cb_type != SCB) return -1;
+
+  res = rt_sem_wait(sem, rt_ms2tick(millisec)); // Wait for Semaphore
+
+  if (res == OS_R_TMO) return 0;                // Timeout
+
+  return (((P_SCB)sem)->tokens + 1);
+}
+
+/// Release a Semaphore
+osStatus svcSemaphoreRelease (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  if (((P_SCB)sem)->tokens == osFeature_Semaphore) return osErrorResource;
+
+  rt_sem_send(sem);                             // Release Semaphore
+
+  return osOK;
+}
+
+/// Delete a Semaphore that was created by osSemaphoreCreate
+osStatus svcSemaphoreDelete (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  rt_sem_delete(sem);                           // Delete Semaphore
+
+  return osOK;
+}
+
+
+// Semaphore ISR Calls
+
+/// Release a Semaphore
+static __INLINE osStatus isrSemaphoreRelease (osSemaphoreId semaphore_id) {
+  OS_ID sem;
+
+  sem = rt_id2obj(semaphore_id);
+  if (sem == NULL) return osErrorParameter;
+
+  if (((P_SCB)sem)->cb_type != SCB) return osErrorParameter;
+
+  if (((P_SCB)sem)->tokens == osFeature_Semaphore) return osErrorResource;
+
+  isr_sem_send(sem);                            // Release Semaphore
+
+  return osOK;
+}
+
+
+// Semaphore Public API
+
+/// Create and Initialize a Semaphore object
+osSemaphoreId osSemaphoreCreate (osSemaphoreDef_t *semaphore_def, int32_t count) {
+  if (__get_IPSR() != 0) return NULL;           // Not allowed in ISR
+  if (((__get_CONTROL() & 1) == 0) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcSemaphoreCreate(semaphore_def, count);
+  } else {
+    return __svcSemaphoreCreate(semaphore_def, count);
+  }
+}
+
+/// Wait until a Semaphore becomes available
+int32_t osSemaphoreWait (osSemaphoreId semaphore_id, uint32_t millisec) {
+  if (__get_IPSR() != 0) return -1;             // Not allowed in ISR
+  return __svcSemaphoreWait(semaphore_id, millisec);
+}
+
+/// Release a Semaphore
+osStatus osSemaphoreRelease (osSemaphoreId semaphore_id) {
+  if (__get_IPSR() != 0) {                      // in ISR
+    return   isrSemaphoreRelease(semaphore_id);
+  } else {                                      // in Thread
+    return __svcSemaphoreRelease(semaphore_id);
+  }
+}
+
+/// Delete a Semaphore that was created by osSemaphoreCreate
+osStatus osSemaphoreDelete (osSemaphoreId semaphore_id) {
+  if (__get_IPSR() != 0) return osErrorISR;     // Not allowed in ISR
+  return __svcSemaphoreDelete(semaphore_id);
+}
+
+
+// ==== Memory Management Functions ====
+
+// Memory Management Helper Functions
+
+// Clear Memory Box (Zero init)
+static void rt_clr_box (void *box_mem, void *box) {
+  uint32_t *p, n;
+
+  if (box) {
+    p = box;
+    for (n = ((P_BM)box_mem)->blk_size; n; n -= 4) {
+      *p++ = 0;
+    }
+  }
+}
+
+// Memory Management Service Calls declarations
+SVC_1_1(svcPoolCreate, osPoolId, const osPoolDef_t *,           RET_pointer)
+SVC_2_1(sysPoolAlloc,  void *,   osPoolId,      uint32_t, RET_pointer)
+SVC_2_1(sysPoolFree,   osStatus, osPoolId,      void *,   RET_osStatus)
+
+// Memory Management Service & ISR Calls
+
+/// Create and Initialize memory pool
+osPoolId svcPoolCreate (const osPoolDef_t *pool_def) {
+  uint32_t blk_sz;
+
+  if ((pool_def == NULL) ||
+      (pool_def->pool_sz == 0) ||
+      (pool_def->item_sz == 0) ||
+      (pool_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  blk_sz = (pool_def->item_sz + 3) & ~3;
+
+  _init_box(pool_def->pool, sizeof(struct OS_BM) + pool_def->pool_sz * blk_sz, blk_sz);
+
+  return pool_def->pool;
+}
+
+/// Allocate a memory block from a memory pool
+void *sysPoolAlloc (osPoolId pool_id, uint32_t clr) {
+  void *ptr;
+
+  if (pool_id == NULL) return NULL;
+
+  ptr = rt_alloc_box(pool_id);
+  if (clr) {
+    rt_clr_box(pool_id, ptr);
+  }
+
+  return ptr;
+}
+
+/// Return an allocated memory block back to a specific memory pool
+osStatus sysPoolFree (osPoolId pool_id, void *block) {
+  int32_t res;
+
+  if (pool_id == NULL) return osErrorParameter;
+
+  res = rt_free_box(pool_id, block);
+  if (res != 0) return osErrorValue;
+
+  return osOK;
+}
+
+
+// Memory Management Public API
+
+/// Create and Initialize memory pool
+osPoolId osPoolCreate (osPoolDef_t *pool_def) {
+  if (__get_IPSR() != 0) return NULL;           // Not allowed in ISR
+  if (((__get_CONTROL() & 1) == 0) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcPoolCreate(pool_def);
+  } else {
+    return __svcPoolCreate(pool_def);
+  }
+}
+
+/// Allocate a memory block from a memory pool
+void *osPoolAlloc (osPoolId pool_id) {
+  if ((__get_IPSR() != 0) || ((__get_CONTROL() & 1) == 0)) {    // in ISR or Privileged
+    return   sysPoolAlloc(pool_id, 0);
+  } else {                                      // in Thread
+    return __sysPoolAlloc(pool_id, 0);
+  }
+}
+
+/// Allocate a memory block from a memory pool and set memory block to zero
+void *osPoolCAlloc (osPoolId pool_id) {
+  if ((__get_IPSR() != 0) || ((__get_CONTROL() & 1) == 0)) {    // in ISR or Privileged
+    return   sysPoolAlloc(pool_id, 1);
+  } else {                                      // in Thread
+    return __sysPoolAlloc(pool_id, 1);
+  }
+}
+
+/// Return an allocated memory block back to a specific memory pool
+osStatus osPoolFree (osPoolId pool_id, void *block) {
+  if ((__get_IPSR() != 0) || ((__get_CONTROL() & 1) == 0)) {    // in ISR or Privileged
+    return   sysPoolFree(pool_id, block);
+  } else {                                      // in Thread
+    return __sysPoolFree(pool_id, block);
+  }
+}
+
+
+// ==== Message Queue Management Functions ====
+
+// Message Queue Management Service Calls declarations
+SVC_2_1(svcMessageCreate,        osMessageQId,    osMessageQDef_t *, osThreadId,           RET_pointer)
+SVC_3_1(svcMessagePut,              osStatus,     osMessageQId,      uint32_t,   uint32_t, RET_osStatus)
+SVC_2_3(svcMessageGet,    os_InRegs osEvent,      osMessageQId,      uint32_t,             RET_osEvent)
+
+// Message Queue Service Calls
+
+/// Create and Initialize Message Queue
+osMessageQId svcMessageCreate (osMessageQDef_t *queue_def, osThreadId thread_id) {
+
+  if ((queue_def == NULL) ||
+      (queue_def->queue_sz == 0) ||
+      (queue_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  if (((P_MCB)queue_def->pool)->cb_type != 0) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  rt_mbx_init(queue_def->pool, 4*(queue_def->queue_sz + 4));
+
+  return queue_def->pool;
+}
+
+/// Put a Message to a Queue
+osStatus svcMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+  OS_RESULT res;
+
+  if (queue_id == NULL) return osErrorParameter;
+
+  if (((P_MCB)queue_id)->cb_type != MCB) return osErrorParameter;
+
+  res = rt_mbx_send(queue_id, (void *)info, rt_ms2tick(millisec));
+
+  if (res == OS_R_TMO) {
+    return (millisec ? osErrorTimeoutResource : osErrorResource);
+  }
+
+  return osOK;
+}
+
+/// Get a Message or Wait for a Message from a Queue
+os_InRegs osEvent_type svcMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if (queue_id == NULL) {
+    ret.status = osErrorParameter;
+    return osEvent_ret_status;
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) {
+    ret.status = osErrorParameter;
+    return osEvent_ret_status;
+  }
+
+  res = rt_mbx_wait(queue_id, &ret.value.p, rt_ms2tick(millisec));
+
+  if (res == OS_R_TMO) {
+    ret.status = millisec ? osEventTimeout : osOK;
+    return osEvent_ret_value;
+  }
+
+  ret.status = osEventMessage;
+
+  return osEvent_ret_value;
+}
+
+
+// Message Queue ISR Calls
+
+/// Put a Message to a Queue
+static __INLINE osStatus isrMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+
+  if ((queue_id == NULL) || (millisec != 0)) {
+    return osErrorParameter;
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) return osErrorParameter;
+
+  if (rt_mbx_check(queue_id) == 0) {            // Check if Queue is full
+    return osErrorResource;
+  }
+
+  isr_mbx_send(queue_id, (void *)info);
+
+  return osOK;
+}
+
+/// Get a Message or Wait for a Message from a Queue
+static __INLINE os_InRegs osEvent isrMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  OS_RESULT res;
+  osEvent   ret;
+
+  if ((queue_id == NULL) || (millisec != 0)) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  if (((P_MCB)queue_id)->cb_type != MCB) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  res = isr_mbx_receive(queue_id, &ret.value.p);
+
+  if (res != OS_R_MBX) {
+    ret.status = osOK;
+    return ret;
+  }
+
+  ret.status = osEventMessage;
+
+  return ret;
+}
+
+
+// Message Queue Management Public API
+
+/// Create and Initialize Message Queue
+osMessageQId osMessageCreate (osMessageQDef_t *queue_def, osThreadId thread_id) {
+  if (__get_IPSR() != 0) return NULL;           // Not allowed in ISR
+  if (((__get_CONTROL() & 1) == 0) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcMessageCreate(queue_def, thread_id);
+  } else {
+    return __svcMessageCreate(queue_def, thread_id);
+  }
+}
+
+/// Put a Message to a Queue
+osStatus osMessagePut (osMessageQId queue_id, uint32_t info, uint32_t millisec) {
+  if (__get_IPSR() != 0) {                      // in ISR
+    return   isrMessagePut(queue_id, info, millisec);
+  } else {                                      // in Thread
+    return __svcMessagePut(queue_id, info, millisec);
+  }
+}
+
+/// Get a Message or Wait for a Message from a Queue
+os_InRegs osEvent osMessageGet (osMessageQId queue_id, uint32_t millisec) {
+  if (__get_IPSR() != 0) {                      // in ISR
+    return   isrMessageGet(queue_id, millisec);
+  } else {                                      // in Thread
+    return __svcMessageGet(queue_id, millisec);
+  }
+}
+
+
+// ==== Mail Queue Management Functions ====
+
+// Mail Queue Management Service Calls declarations
+SVC_2_1(svcMailCreate, osMailQId, osMailQDef_t *, osThreadId,                   RET_pointer)
+SVC_4_1(sysMailAlloc,  void *,    osMailQId,      uint32_t, uint32_t, uint32_t, RET_pointer)
+SVC_3_1(sysMailFree,   osStatus,  osMailQId,      void *,   uint32_t,           RET_osStatus)
+
+// Mail Queue Management Service & ISR Calls
+
+/// Create and Initialize mail queue
+osMailQId svcMailCreate (osMailQDef_t *queue_def, osThreadId thread_id) {
+  uint32_t blk_sz;
+  P_MCB    pmcb;
+  void    *pool;
+
+  if ((queue_def == NULL) ||
+      (queue_def->queue_sz == 0) ||
+      (queue_def->item_sz  == 0) ||
+      (queue_def->pool == NULL)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  pmcb = *(((void **)queue_def->pool) + 0);
+  pool = *(((void **)queue_def->pool) + 1);
+
+  if ((pool == NULL) || (pmcb == NULL) || (pmcb->cb_type != 0)) {
+    sysThreadError(osErrorParameter);
+    return NULL;
+  }
+
+  blk_sz = (queue_def->item_sz + 3) & ~3;
+
+  _init_box(pool, sizeof(struct OS_BM) + queue_def->queue_sz * blk_sz, blk_sz);
+
+  rt_mbx_init(pmcb, 4*(queue_def->queue_sz + 4));
+
+
+  return queue_def->pool;
+}
+
+/// Allocate a memory block from a mail
+void *sysMailAlloc (osMailQId queue_id, uint32_t millisec, uint32_t isr, uint32_t clr) {
+  P_MCB pmcb;
+  void *pool;
+  void *mem;
+
+  if (queue_id == NULL) return NULL;
+
+  pmcb = *(((void **)queue_id) + 0);
+  pool = *(((void **)queue_id) + 1);
+
+  if ((pool == NULL) || (pmcb == NULL)) return NULL;
+
+  if (isr && (millisec != 0)) return NULL;
+
+  mem = rt_alloc_box(pool);
+  if (clr) {
+    rt_clr_box(pool, mem);
+  }
+
+  if ((mem == NULL) && (millisec != 0)) {
+    // Put Task to sleep when Memory not available
+    if (pmcb->p_lnk != NULL) {
+      rt_put_prio((P_XCB)pmcb, os_tsk.run);
+    } else {
+      pmcb->p_lnk = os_tsk.run;
+      os_tsk.run->p_lnk = NULL;
+      os_tsk.run->p_rlnk = (P_TCB)pmcb;
+      // Task is waiting to allocate a message
+      pmcb->state = 3;
+    }
+    rt_block(rt_ms2tick(millisec), WAIT_MBX);
+  }
+
+  return mem;
+}
+
+/// Free a memory block from a mail
+osStatus sysMailFree (osMailQId queue_id, void *mail, uint32_t isr) {
+  P_MCB   pmcb;
+  P_TCB   ptcb;
+  void   *pool;
+  void   *mem;
+  int32_t res;
+
+  if (queue_id == NULL) return osErrorParameter;
+
+  pmcb = *(((void **)queue_id) + 0);
+  pool = *(((void **)queue_id) + 1);
+
+  if ((pmcb == NULL) || (pool == NULL)) return osErrorParameter;
+
+  res = rt_free_box(pool, mail);
+
+  if (res != 0) return osErrorValue;
+
+  if (pmcb->state == 3) {
+    // Task is waiting to allocate a message
+    if (isr) {
+      rt_psq_enq (pmcb, (U32)pool);
+      rt_psh_req ();
+    } else {
+      mem = rt_alloc_box(pool);
+      if (mem != NULL) {
+        ptcb = rt_get_first((P_XCB)pmcb);
+        if (pmcb->p_lnk == NULL) {
+          pmcb->state = 0;
+        }
+        rt_ret_val(ptcb, (U32)mem);
+        rt_rmv_dly(ptcb);
+        rt_dispatch(ptcb);
+      }
+    }
+  }
+
+  return osOK;
+}
+
+
+// Mail Queue Management Public API
+
+/// Create and Initialize mail queue
+osMailQId osMailCreate (osMailQDef_t *queue_def, osThreadId thread_id) {
+  if (__get_IPSR() != 0) return NULL;           // Not allowed in ISR
+  if (((__get_CONTROL() & 1) == 0) && (os_running == 0)) {
+    // Privileged and not running
+    return   svcMailCreate(queue_def, thread_id);
+  } else {
+    return __svcMailCreate(queue_def, thread_id);
+  }
+}
+
+/// Allocate a memory block from a mail
+void *osMailAlloc (osMailQId queue_id, uint32_t millisec) {
+  if (__get_IPSR() != 0) {                      // in ISR
+    return   sysMailAlloc(queue_id, millisec, 1, 0);
+  } else {                                      // in Thread
+    return __sysMailAlloc(queue_id, millisec, 0, 0);
+  }
+}
+
+/// Allocate a memory block from a mail and set memory block to zero
+void *osMailCAlloc (osMailQId queue_id, uint32_t millisec) {
+  if (__get_IPSR() != 0) {                      // in ISR
+    return   sysMailAlloc(queue_id, millisec, 1, 1);
+  } else {                                      // in Thread
+    return __sysMailAlloc(queue_id, millisec, 0, 1);
+  }
+}
+
+/// Free a memory block from a mail
+osStatus osMailFree (osMailQId queue_id, void *mail) {
+  if (__get_IPSR() != 0) {                      // in ISR
+    return   sysMailFree(queue_id, mail, 1);
+  } else {                                      // in Thread
+    return __sysMailFree(queue_id, mail, 0);
+  }
+}
+
+/// Put a mail to a queue
+osStatus osMailPut (osMailQId queue_id, void *mail) {
+  if (queue_id == NULL) return osErrorParameter;
+  if (mail == NULL)     return osErrorValue;
+  return osMessagePut(*((void **)queue_id), (uint32_t)mail, 0);
+}
+
+#ifdef __CC_ARM
+#pragma push
+#pragma Ospace
+#endif // __arm__
+/// Get a mail from a queue
+os_InRegs osEvent osMailGet (osMailQId queue_id, uint32_t millisec) {
+  osEvent ret;
+
+  if (queue_id == NULL) {
+    ret.status = osErrorParameter;
+    return ret;
+  }
+
+  ret = osMessageGet(*((void **)queue_id), millisec);
+  if (ret.status == osEventMessage) ret.status = osEventMail;
+
+  return ret;
+}
+#ifdef __CC_ARM
+#pragma pop
+#endif // __arm__
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Event.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,190 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_EVENT.C
+ *      Purpose: Implements waits and wake-ups for event flags
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_evt_wait -----------------------------------*/
+
+OS_RESULT rt_evt_wait (U16 wait_flags, U16 timeout, BOOL and_wait) {
+  /* Wait for one or more event flags with optional time-out.                */
+  /* "wait_flags" identifies the flags to wait for.                          */
+  /* "timeout" is the time-out limit in system ticks (0xffff if no time-out) */
+  /* "and_wait" specifies the AND-ing of "wait_flags" as condition to be met */
+  /* to complete the wait. (OR-ing if set to 0).                             */
+  U32 block_state;
+
+  if (and_wait) {
+    /* Check for AND-connected events */
+    if ((os_tsk.run->events & wait_flags) == wait_flags) {
+      os_tsk.run->events &= ~wait_flags;
+      return (OS_R_EVT);
+    }
+    block_state = WAIT_AND;
+  }
+  else {
+    /* Check for OR-connected events */
+    if (os_tsk.run->events & wait_flags) {
+      os_tsk.run->waits = os_tsk.run->events & wait_flags;
+      os_tsk.run->events &= ~wait_flags;
+      return (OS_R_EVT);
+    }
+    block_state = WAIT_OR;
+  }
+  /* Task has to wait */
+  os_tsk.run->waits = wait_flags;
+  rt_block (timeout, (U8)block_state);
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- rt_evt_set ------------------------------------*/
+
+void rt_evt_set (U16 event_flags, OS_TID task_id) {
+  /* Set one or more event flags of a selectable task. */
+  P_TCB p_tcb;
+
+  p_tcb = os_active_TCB[task_id-1];
+  if (p_tcb == NULL) {
+    return;
+  }
+  p_tcb->events |= event_flags;
+  event_flags    = p_tcb->waits;
+  /* If the task is not waiting for an event, it should not be put */
+  /* to ready state. */
+  if (p_tcb->state == WAIT_AND) {
+    /* Check for AND-connected events */
+    if ((p_tcb->events & event_flags) == event_flags) {
+      goto wkup;
+    }
+  }
+  if (p_tcb->state == WAIT_OR) {
+    /* Check for OR-connected events */
+    if (p_tcb->events & event_flags) {
+      p_tcb->waits  &= p_tcb->events;
+wkup: p_tcb->events &= ~event_flags;
+      rt_rmv_dly (p_tcb);
+      p_tcb->state   = READY;
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_tcb, 0x08/*osEventSignal*/, p_tcb->waits);
+#else
+      rt_ret_val (p_tcb, OS_R_EVT);
+#endif
+      rt_dispatch (p_tcb);
+    }
+  }
+}
+
+
+/*--------------------------- rt_evt_clr ------------------------------------*/
+
+void rt_evt_clr (U16 clear_flags, OS_TID task_id) {
+  /* Clear one or more event flags (identified by "clear_flags") of a */
+  /* selectable task (identified by "task"). */
+  P_TCB task = os_active_TCB[task_id-1];
+
+  if (task == NULL) {
+    return;
+  }
+  task->events &= ~clear_flags;
+}
+
+
+/*--------------------------- isr_evt_set -----------------------------------*/
+
+void isr_evt_set (U16 event_flags, OS_TID task_id) {
+  /* Same function as "os_evt_set", but to be called by ISRs. */
+  P_TCB p_tcb = os_active_TCB[task_id-1];
+
+  if (p_tcb == NULL) {
+    return;
+  }
+  rt_psq_enq (p_tcb, event_flags);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- rt_evt_get ------------------------------------*/
+
+U16 rt_evt_get (void) {
+  /* Get events of a running task after waiting for OR connected events. */
+  return (os_tsk.run->waits);
+}
+
+
+/*--------------------------- rt_evt_psh ------------------------------------*/
+
+void rt_evt_psh (P_TCB p_CB, U16 set_flags) {
+  /* Check if task has to be waken up */
+  U16 event_flags;
+
+  p_CB->events |= set_flags;
+  event_flags = p_CB->waits;
+  if (p_CB->state == WAIT_AND) {
+    /* Check for AND-connected events */
+    if ((p_CB->events & event_flags) == event_flags) {
+      goto rdy;
+    }
+  }
+  if (p_CB->state == WAIT_OR) {
+    /* Check for OR-connected events */
+    if (p_CB->events & event_flags) {
+      p_CB->waits  &= p_CB->events;
+rdy:  p_CB->events &= ~event_flags;
+      rt_rmv_dly (p_CB);
+      p_CB->state   = READY;
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_CB, 0x08/*osEventSignal*/, p_CB->waits);
+#else
+      rt_ret_val (p_CB, OS_R_EVT);
+#endif
+      rt_put_prio (&os_rdy, p_CB);
+    }
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Event.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_EVENT.H
+ *      Purpose: Implements waits and wake-ups for event flags
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern OS_RESULT rt_evt_wait (U16 wait_flags,  U16 timeout, BOOL and_wait);
+extern void      rt_evt_set  (U16 event_flags, OS_TID task_id);
+extern void      rt_evt_clr  (U16 clear_flags, OS_TID task_id);
+extern void      isr_evt_set (U16 event_flags, OS_TID task_id);
+extern U16       rt_evt_get  (void);
+extern void      rt_evt_psh  (P_TCB p_CB, U16 set_flags);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_HAL_CM.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,276 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_HAL_CM.H
+ *      Purpose: Hardware Abstraction Layer for Cortex-M definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+#define INITIAL_xPSR    0x01000000
+#define DEMCR_TRCENA    0x01000000
+#define ITM_ITMENA      0x00000001
+#define MAGIC_WORD      0xE25A2EA5
+
+#if defined (__CC_ARM)          /* ARM Compiler */
+
+#if ((__TARGET_ARCH_7_M || __TARGET_ARCH_7E_M) && !NO_EXCLUSIVE_ACCESS)
+ #define __USE_EXCLUSIVE_ACCESS
+#else
+ #undef  __USE_EXCLUSIVE_ACCESS
+#endif
+
+#elif defined (__GNUC__)        /* GNU Compiler */
+
+#undef  __USE_EXCLUSIVE_ACCESS
+
+#if defined (__CORTEX_M0) || defined (__CORTEX_M0PLUS)
+#define __TARGET_ARCH_6S_M 1
+#else
+#define __TARGET_ARCH_6S_M 0
+#endif
+
+#if defined (__VFP_FP__) && !defined(__SOFTFP__)
+#define __TARGET_FPU_VFP 1
+#else
+#define __TARGET_FPU_VFP 0
+#endif
+
+#define __inline inline
+#define __weak   __attribute__((weak))
+
+#ifndef __CMSIS_GENERIC
+
+__attribute__((always_inline)) static inline void __enable_irq(void)
+{
+  __asm volatile ("cpsie i");
+}
+
+__attribute__((always_inline)) static inline U32 __disable_irq(void)
+{
+  U32 result;
+
+  __asm volatile ("mrs %0, primask" : "=r" (result));
+  __asm volatile ("cpsid i");
+  return(result & 1);
+}
+
+#endif
+
+__attribute__(( always_inline)) static inline U8 __clz(U32 value)
+{
+  U8 result;
+
+  __asm volatile ("clz %0, %1" : "=r" (result) : "r" (value));
+  return(result);
+}
+
+#elif defined (__ICCARM__)      /* IAR Compiler */
+
+#undef  __USE_EXCLUSIVE_ACCESS
+
+#if (__CORE__ == __ARM6M__)
+#define __TARGET_ARCH_6S_M 1
+#else
+#define __TARGET_ARCH_6S_M 0
+#endif
+
+#if defined __ARMVFP__
+#define __TARGET_FPU_VFP 1
+#else
+#define __TARGET_FPU_VFP 0
+#endif
+
+#define __inline inline
+
+#ifndef __CMSIS_GENERIC
+
+static inline void __enable_irq(void)
+{
+  __asm volatile ("cpsie i");
+}
+
+static inline U32 __disable_irq(void)
+{
+  U32 result;
+
+  __asm volatile ("mrs %0, primask" : "=r" (result));
+  __asm volatile ("cpsid i");
+  return(result & 1);
+}
+
+#endif
+
+static inline U8 __clz(U32 value)
+{
+  U8 result;
+
+  __asm volatile ("clz %0, %1" : "=r" (result) : "r" (value));
+  return(result);
+}
+
+#endif
+
+/* NVIC registers */
+#define NVIC_ST_CTRL    (*((volatile U32 *)0xE000E010))
+#define NVIC_ST_RELOAD  (*((volatile U32 *)0xE000E014))
+#define NVIC_ST_CURRENT (*((volatile U32 *)0xE000E018))
+#define NVIC_ISER         ((volatile U32 *)0xE000E100)
+#define NVIC_ICER         ((volatile U32 *)0xE000E180)
+#if (__TARGET_ARCH_6S_M)
+#define NVIC_IP           ((volatile U32 *)0xE000E400)
+#else
+#define NVIC_IP           ((volatile U8  *)0xE000E400)
+#endif
+#define NVIC_INT_CTRL   (*((volatile U32 *)0xE000ED04))
+#define NVIC_AIR_CTRL   (*((volatile U32 *)0xE000ED0C))
+#define NVIC_SYS_PRI2   (*((volatile U32 *)0xE000ED1C))
+#define NVIC_SYS_PRI3   (*((volatile U32 *)0xE000ED20))
+
+#define OS_PEND_IRQ()   NVIC_INT_CTRL  = (1<<28)
+#define OS_PENDING      ((NVIC_INT_CTRL >> 26) & (1<<2 | 1))
+#define OS_UNPEND(fl)   NVIC_INT_CTRL  = (*fl = OS_PENDING) << 25
+#define OS_PEND(fl,p)   NVIC_INT_CTRL  = (fl | p<<2) << 26
+#define OS_LOCK()       NVIC_ST_CTRL   =  0x0005
+#define OS_UNLOCK()     NVIC_ST_CTRL   =  0x0007
+
+#define OS_X_PENDING    ((NVIC_INT_CTRL >> 28) & 1)
+#define OS_X_UNPEND(fl) NVIC_INT_CTRL  = (*fl = OS_X_PENDING) << 27
+#define OS_X_PEND(fl,p) NVIC_INT_CTRL  = (fl | p) << 28
+#if (__TARGET_ARCH_6S_M)
+#define OS_X_INIT(n)    NVIC_IP[n>>2] |= 0xFF << (8*(n & 0x03)); \
+                        NVIC_ISER[n>>5] = 1 << (n & 0x1F)
+#else
+#define OS_X_INIT(n)    NVIC_IP[n] = 0xFF; \
+                        NVIC_ISER[n>>5] = 1 << (n & 0x1F)
+#endif
+#define OS_X_LOCK(n)    NVIC_ICER[n>>5] = 1 << (n & 0x1F)
+#define OS_X_UNLOCK(n)  NVIC_ISER[n>>5] = 1 << (n & 0x1F)
+
+/* Core Debug registers */
+#define DEMCR           (*((volatile U32 *)0xE000EDFC))
+
+/* ITM registers */
+#define ITM_CONTROL     (*((volatile U32 *)0xE0000E80))
+#define ITM_ENABLE      (*((volatile U32 *)0xE0000E00))
+#define ITM_PORT30_U32  (*((volatile U32 *)0xE0000078))
+#define ITM_PORT31_U32  (*((volatile U32 *)0xE000007C))
+#define ITM_PORT31_U16  (*((volatile U16 *)0xE000007C))
+#define ITM_PORT31_U8   (*((volatile U8  *)0xE000007C))
+
+/* Variables */
+extern BIT dbg_msg;
+
+/* Functions */
+#ifdef __USE_EXCLUSIVE_ACCESS
+ #define rt_inc(p)     while(__strex((__ldrex(p)+1),p))
+ #define rt_dec(p)     while(__strex((__ldrex(p)-1),p))
+#else
+ #define rt_inc(p)     __disable_irq();(*p)++;__enable_irq();
+ #define rt_dec(p)     __disable_irq();(*p)--;__enable_irq();
+#endif
+
+__inline static U32 rt_inc_qi (U32 size, U8 *count, U8 *first) {
+  U32 cnt,c2;
+#ifdef __USE_EXCLUSIVE_ACCESS
+  do {
+    if ((cnt = __ldrex(count)) == size) {
+      __clrex();
+      return (cnt); }
+  } while (__strex(cnt+1, count));
+  do {
+    c2 = (cnt = __ldrex(first)) + 1;
+    if (c2 == size) c2 = 0;
+  } while (__strex(c2, first));
+#else
+  __disable_irq();
+  if ((cnt = *count) < size) {
+    *count = cnt+1;
+    c2 = (cnt = *first) + 1;
+    if (c2 == size) c2 = 0;
+    *first = c2;
+  }
+  __enable_irq ();
+#endif
+  return (cnt);
+}
+
+__inline static void rt_systick_init (void) {
+  NVIC_ST_RELOAD  = os_trv;
+  NVIC_ST_CURRENT = 0;
+  NVIC_ST_CTRL    = 0x0007;
+  NVIC_SYS_PRI3  |= 0xFF000000;
+}
+
+__inline static void rt_svc_init (void) {
+#if !(__TARGET_ARCH_6S_M)
+  int sh,prigroup;
+#endif
+  NVIC_SYS_PRI3 |= 0x00FF0000;
+#if (__TARGET_ARCH_6S_M)
+  NVIC_SYS_PRI2 |= (NVIC_SYS_PRI3<<(8+1)) & 0xFC000000;
+#else
+  sh       = 8 - __clz (~((NVIC_SYS_PRI3 << 8) & 0xFF000000));
+  prigroup = ((NVIC_AIR_CTRL >> 8) & 0x07);
+  if (prigroup >= sh) {
+    sh = prigroup + 1;
+  }
+  NVIC_SYS_PRI2 = ((0xFEFFFFFF << sh) & 0xFF000000) | (NVIC_SYS_PRI2 & 0x00FFFFFF);
+#endif
+}
+
+extern void rt_set_PSP (U32 stack);
+extern U32  rt_get_PSP (void);
+extern void os_set_env (void);
+extern void *_alloc_box (void *box_mem);
+extern int  _free_box (void *box_mem, void *box);
+
+extern void rt_init_stack (P_TCB p_TCB, FUNCP task_body);
+extern void rt_ret_val  (P_TCB p_TCB, U32 v0);
+extern void rt_ret_val2 (P_TCB p_TCB, U32 v0, U32 v1);
+
+extern void dbg_init (void);
+extern void dbg_task_notify (P_TCB p_tcb, BOOL create);
+extern void dbg_task_switch (U32 task_id);
+
+#ifdef DBG_MSG
+#define DBG_INIT() dbg_init()
+#define DBG_TASK_NOTIFY(p_tcb,create) if (dbg_msg) dbg_task_notify(p_tcb,create)
+#define DBG_TASK_SWITCH(task_id)      if (dbg_msg && (os_tsk.new_tsk != os_tsk.run)) \
+                                                   dbg_task_switch(task_id)
+#else
+#define DBG_INIT()
+#define DBG_TASK_NOTIFY(p_tcb,create)
+#define DBG_TASK_SWITCH(task_id)
+#endif
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_List.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,320 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_LIST.C
+ *      Purpose: Functions for the management of different lists
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* List head of chained ready tasks */
+struct OS_XCB  os_rdy;
+/* List head of chained delay tasks */
+struct OS_XCB  os_dly;
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_put_prio -----------------------------------*/
+
+void rt_put_prio (P_XCB p_CB, P_TCB p_task) {
+  /* Put task identified with "p_task" into list ordered by priority.       */
+  /* "p_CB" points to head of list; list has always an element at end with  */
+  /* a priority less than "p_task->prio".                                   */
+  P_TCB p_CB2;
+  U32 prio;
+  BOOL sem_mbx = __FALSE;
+
+  if (p_CB->cb_type == SCB || p_CB->cb_type == MCB || p_CB->cb_type == MUCB) {
+    sem_mbx = __TRUE;
+  }
+  prio = p_task->prio;
+  p_CB2 = p_CB->p_lnk;
+  /* Search for an entry in the list */
+  while (p_CB2 != NULL && prio <= p_CB2->prio) {
+    p_CB = (P_XCB)p_CB2;
+    p_CB2 = p_CB2->p_lnk;
+  }
+  /* Entry found, insert the task into the list */
+  p_task->p_lnk = p_CB2;
+  p_CB->p_lnk = p_task;
+  if (sem_mbx) {
+    if (p_CB2 != NULL) {
+      p_CB2->p_rlnk = p_task;
+    }
+    p_task->p_rlnk = (P_TCB)p_CB;
+  }
+  else {
+    p_task->p_rlnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_get_first ----------------------------------*/
+
+P_TCB rt_get_first (P_XCB p_CB) {
+  /* Get task at head of list: it is the task with highest priority. */
+  /* "p_CB" points to head of list. */
+  P_TCB p_first;
+
+  p_first = p_CB->p_lnk;
+  p_CB->p_lnk = p_first->p_lnk;
+  if (p_CB->cb_type == SCB || p_CB->cb_type == MCB || p_CB->cb_type == MUCB) {
+    if (p_first->p_lnk != NULL) {
+      p_first->p_lnk->p_rlnk = (P_TCB)p_CB;
+      p_first->p_lnk = NULL;
+    }
+    p_first->p_rlnk = NULL;
+  }
+  else {
+    p_first->p_lnk = NULL;
+  }
+  return (p_first);
+}
+
+
+/*--------------------------- rt_put_rdy_first ------------------------------*/
+
+void rt_put_rdy_first (P_TCB p_task) {
+  /* Put task identified with "p_task" at the head of the ready list. The   */
+  /* task must have at least a priority equal to highest priority in list.  */
+  p_task->p_lnk = os_rdy.p_lnk;
+  p_task->p_rlnk = NULL;
+  os_rdy.p_lnk = p_task;
+}
+
+
+/*--------------------------- rt_get_same_rdy_prio --------------------------*/
+
+P_TCB rt_get_same_rdy_prio (void) {
+  /* Remove a task of same priority from ready list if any exists. Other-   */
+  /* wise return NULL.                                                      */
+  P_TCB p_first;
+
+  p_first = os_rdy.p_lnk;
+  if (p_first->prio == os_tsk.run->prio) {
+    os_rdy.p_lnk = os_rdy.p_lnk->p_lnk;
+    return (p_first);
+  }
+  return (NULL);
+}
+
+
+/*--------------------------- rt_resort_prio --------------------------------*/
+
+void rt_resort_prio (P_TCB p_task) {
+  /* Re-sort ordered lists after the priority of 'p_task' has changed.      */
+  P_TCB p_CB;
+
+  if (p_task->p_rlnk == NULL) {
+    if (p_task->state == READY) {
+      /* Task is chained into READY list. */
+      p_CB = (P_TCB)&os_rdy;
+      goto res;
+    }
+  }
+  else {
+    p_CB = p_task->p_rlnk;
+    while (p_CB->cb_type == TCB) {
+      /* Find a header of this task chain list. */
+      p_CB = p_CB->p_rlnk;
+    }
+res:rt_rmv_list (p_task);
+    rt_put_prio ((P_XCB)p_CB, p_task);
+  }
+}
+
+
+/*--------------------------- rt_put_dly ------------------------------------*/
+
+void rt_put_dly (P_TCB p_task, U16 delay) {
+  /* Put a task identified with "p_task" into chained delay wait list using */
+  /* a delay value of "delay".                                              */
+  P_TCB p;
+  U32 delta,idelay = delay;
+
+  p = (P_TCB)&os_dly;
+  if (p->p_dlnk == NULL) {
+    /* Delay list empty */
+    delta = 0;
+    goto last;
+  }
+  delta = os_dly.delta_time;
+  while (delta < idelay) {
+    if (p->p_dlnk == NULL) {
+      /* End of list found */
+last: p_task->p_dlnk = NULL;
+      p->p_dlnk = p_task;
+      p_task->p_blnk = p;
+      p->delta_time = (U16)(idelay - delta);
+      p_task->delta_time = 0;
+      return;
+    }
+    p = p->p_dlnk;
+    delta += p->delta_time;
+  }
+  /* Right place found */
+  p_task->p_dlnk = p->p_dlnk;
+  p->p_dlnk = p_task;
+  p_task->p_blnk = p;
+  if (p_task->p_dlnk != NULL) {
+    p_task->p_dlnk->p_blnk = p_task;
+  }
+  p_task->delta_time = (U16)(delta - idelay);
+  p->delta_time -= p_task->delta_time;
+}
+
+
+/*--------------------------- rt_dec_dly ------------------------------------*/
+
+void rt_dec_dly (void) {
+  /* Decrement delta time of list head: remove tasks having a value of zero.*/
+  P_TCB p_rdy;
+
+  if (os_dly.p_dlnk == NULL) {
+    return;
+  }
+  os_dly.delta_time--;
+  while ((os_dly.delta_time == 0) && (os_dly.p_dlnk != NULL)) {
+    p_rdy = os_dly.p_dlnk;
+    if (p_rdy->p_rlnk != NULL) {
+      /* Task is really enqueued, remove task from semaphore/mailbox */
+      /* timeout waiting list. */
+      p_rdy->p_rlnk->p_lnk = p_rdy->p_lnk;
+      if (p_rdy->p_lnk != NULL) {
+        p_rdy->p_lnk->p_rlnk = p_rdy->p_rlnk;
+        p_rdy->p_lnk = NULL;
+      }
+      p_rdy->p_rlnk = NULL;
+    }
+    rt_put_prio (&os_rdy, p_rdy);
+    os_dly.delta_time = p_rdy->delta_time;
+    if (p_rdy->state == WAIT_ITV) {
+      /* Calculate the next time for interval wait. */
+      p_rdy->delta_time = p_rdy->interval_time + (U16)os_time;
+    }
+    p_rdy->state   = READY;
+    os_dly.p_dlnk = p_rdy->p_dlnk;
+    if (p_rdy->p_dlnk != NULL) {
+      p_rdy->p_dlnk->p_blnk =  (P_TCB)&os_dly;
+      p_rdy->p_dlnk = NULL;
+    }
+    p_rdy->p_blnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_rmv_list -----------------------------------*/
+
+void rt_rmv_list (P_TCB p_task) {
+  /* Remove task identified with "p_task" from ready, semaphore or mailbox  */
+  /* waiting list if enqueued.                                              */
+  P_TCB p_b;
+
+  if (p_task->p_rlnk != NULL) {
+    /* A task is enqueued in semaphore / mailbox waiting list. */
+    p_task->p_rlnk->p_lnk = p_task->p_lnk;
+    if (p_task->p_lnk != NULL) {
+      p_task->p_lnk->p_rlnk = p_task->p_rlnk;
+    }
+    return;
+  }
+
+  p_b = (P_TCB)&os_rdy;
+  while (p_b != NULL) {
+    /* Search the ready list for task "p_task" */
+    if (p_b->p_lnk == p_task) {
+      p_b->p_lnk = p_task->p_lnk;
+      return;
+    }
+    p_b = p_b->p_lnk;
+  }
+}
+
+
+/*--------------------------- rt_rmv_dly ------------------------------------*/
+
+void rt_rmv_dly (P_TCB p_task) {
+  /* Remove task identified with "p_task" from delay list if enqueued.      */
+  P_TCB p_b;
+
+  p_b = p_task->p_blnk;
+  if (p_b != NULL) {
+    /* Task is really enqueued */
+    p_b->p_dlnk = p_task->p_dlnk;
+    if (p_task->p_dlnk != NULL) {
+      /* 'p_task' is in the middle of list */
+      p_b->delta_time += p_task->delta_time;
+      p_task->p_dlnk->p_blnk = p_b;
+      p_task->p_dlnk = NULL;
+    }
+    else {
+      /* 'p_task' is at the end of list */
+      p_b->delta_time = 0;
+    }
+    p_task->p_blnk = NULL;
+  }
+}
+
+
+/*--------------------------- rt_psq_enq ------------------------------------*/
+
+void rt_psq_enq (OS_ID entry, U32 arg) {
+  /* Insert post service request "entry" into ps-queue. */
+  U32 idx;
+
+  idx = rt_inc_qi (os_psq->size, &os_psq->count, &os_psq->first);
+  if (idx < os_psq->size) {
+    os_psq->q[idx].id  = entry;
+    os_psq->q[idx].arg = arg;
+  }
+  else {
+    os_error (OS_ERR_FIFO_OVF);
+  }
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_List.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,67 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_LIST.H
+ *      Purpose: Functions for the management of different lists
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+
+/* Values for 'cb_type' */
+#define TCB             0
+#define MCB             1
+#define SCB             2
+#define MUCB            3
+#define HCB             4
+
+/* Variables */
+extern struct OS_XCB os_rdy;
+extern struct OS_XCB os_dly;
+
+/* Functions */
+extern void  rt_put_prio      (P_XCB p_CB, P_TCB p_task);
+extern P_TCB rt_get_first     (P_XCB p_CB);
+extern void  rt_put_rdy_first (P_TCB p_task);
+extern P_TCB rt_get_same_rdy_prio (void);
+extern void  rt_resort_prio   (P_TCB p_task);
+extern void  rt_put_dly       (P_TCB p_task, U16 delay);
+extern void  rt_dec_dly       (void);
+extern void  rt_rmv_list      (P_TCB p_task);
+extern void  rt_rmv_dly       (P_TCB p_task);
+extern void  rt_psq_enq       (OS_ID entry, U32 arg);
+
+/* This is a fast macro generating in-line code */
+#define rt_rdy_prio(void) (os_rdy.p_lnk->prio)
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Mailbox.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,292 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MAILBOX.C
+ *      Purpose: Implements waits and wake-ups for mailbox messages
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Mailbox.h"
+#include "rt_MemBox.h"
+#include "rt_Task.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_mbx_init -----------------------------------*/
+
+void rt_mbx_init (OS_ID mailbox, U16 mbx_size) {
+  /* Initialize a mailbox */
+  P_MCB p_MCB = mailbox;
+
+  p_MCB->cb_type = MCB;
+  p_MCB->state   = 0;
+  p_MCB->isr_st  = 0;
+  p_MCB->p_lnk   = NULL;
+  p_MCB->first   = 0;
+  p_MCB->last    = 0;
+  p_MCB->count   = 0;
+  p_MCB->size    = (mbx_size + sizeof(void *) - sizeof(struct OS_MCB)) /
+                                                     (U32)sizeof (void *);
+}
+
+
+/*--------------------------- rt_mbx_send -----------------------------------*/
+
+OS_RESULT rt_mbx_send (OS_ID mailbox, void *p_msg, U16 timeout) {
+  /* Send message to a mailbox */
+  P_MCB p_MCB = mailbox;
+  P_TCB p_TCB;
+
+  if ((p_MCB->p_lnk != NULL) && (p_MCB->state == 1)) {
+    /* A task is waiting for message */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val2(p_TCB, 0x10/*osEventMessage*/, (U32)p_msg);
+#else
+    *p_TCB->msg = p_msg;
+    rt_ret_val (p_TCB, OS_R_MBX);
+#endif
+    rt_rmv_dly (p_TCB);
+    rt_dispatch (p_TCB);
+  }
+  else {
+    /* Store message in mailbox queue */
+    if (p_MCB->count == p_MCB->size) {
+      /* No free message entry, wait for one. If message queue is full, */
+      /* then no task is waiting for message. The 'p_MCB->p_lnk' list   */
+      /* pointer can now be reused for send message waits task list.    */
+      if (timeout == 0) {
+        return (OS_R_TMO);
+      }
+      if (p_MCB->p_lnk != NULL) {
+        rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+      }
+      else {
+        p_MCB->p_lnk = os_tsk.run;
+        os_tsk.run->p_lnk  = NULL;
+        os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+        /* Task is waiting to send a message */
+        p_MCB->state = 2;
+      }
+      os_tsk.run->msg = p_msg;
+      rt_block (timeout, WAIT_MBX);
+      return (OS_R_TMO);
+    }
+    /* Yes, there is a free entry in a mailbox. */
+    p_MCB->msg[p_MCB->first] = p_msg;
+    rt_inc (&p_MCB->count);
+    if (++p_MCB->first == p_MCB->size) {
+      p_MCB->first = 0;
+    }
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mbx_wait -----------------------------------*/
+
+OS_RESULT rt_mbx_wait (OS_ID mailbox, void **message, U16 timeout) {
+  /* Receive a message; possibly wait for it */
+  P_MCB p_MCB = mailbox;
+  P_TCB p_TCB;
+
+  /* If a message is available in the fifo buffer */
+  /* remove it from the fifo buffer and return. */
+  if (p_MCB->count) {
+    *message = p_MCB->msg[p_MCB->last];
+    if (++p_MCB->last == p_MCB->size) {
+      p_MCB->last = 0;
+    }
+    if ((p_MCB->p_lnk != NULL) && (p_MCB->state == 2)) {
+      /* A task is waiting to send message */
+      p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+      rt_ret_val(p_TCB, OS_R_OK);
+#endif
+      p_MCB->msg[p_MCB->first] = p_TCB->msg;
+      if (++p_MCB->first == p_MCB->size) {
+        p_MCB->first = 0;
+      }
+      rt_rmv_dly (p_TCB);
+      rt_dispatch (p_TCB);
+    }
+    else {
+      rt_dec (&p_MCB->count);
+    }
+    return (OS_R_OK);
+  }
+  /* No message available: wait for one */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  if (p_MCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+  }
+  else {
+    p_MCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+    /* Task is waiting to receive a message */
+    p_MCB->state = 1;
+  }
+  rt_block(timeout, WAIT_MBX);
+#ifndef __CMSIS_RTOS
+  os_tsk.run->msg = message;
+#endif
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- rt_mbx_check ----------------------------------*/
+
+OS_RESULT rt_mbx_check (OS_ID mailbox) {
+  /* Check for free space in a mailbox. Returns the number of messages     */
+  /* that can be stored to a mailbox. It returns 0 when mailbox is full.   */
+  P_MCB p_MCB = mailbox;
+
+  return (p_MCB->size - p_MCB->count);
+}
+
+
+/*--------------------------- isr_mbx_send ----------------------------------*/
+
+void isr_mbx_send (OS_ID mailbox, void *p_msg) {
+  /* Same function as "os_mbx_send", but to be called by ISRs. */
+  P_MCB p_MCB = mailbox;
+
+  rt_psq_enq (p_MCB, (U32)p_msg);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- isr_mbx_receive -------------------------------*/
+
+OS_RESULT isr_mbx_receive (OS_ID mailbox, void **message) {
+  /* Receive a message in the interrupt function. The interrupt function   */
+  /* should not wait for a message since this would block the rtx os.      */
+  P_MCB p_MCB = mailbox;
+
+  if (p_MCB->count) {
+    /* A message is available in the fifo buffer. */
+    *message = p_MCB->msg[p_MCB->last];
+    if (p_MCB->state == 2) {
+      /* A task is locked waiting to send message */
+      rt_psq_enq (p_MCB, 0);
+      rt_psh_req ();
+    }
+    rt_dec (&p_MCB->count);
+    if (++p_MCB->last == p_MCB->size) {
+      p_MCB->last = 0;
+    }
+    return (OS_R_MBX);
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mbx_psh ------------------------------------*/
+
+void rt_mbx_psh (P_MCB p_CB, void *p_msg) {
+  /* Store the message to the mailbox queue or pass it to task directly. */
+  P_TCB p_TCB;
+  void *mem;
+
+  if (p_CB->p_lnk != NULL) switch (p_CB->state) {
+#ifdef __CMSIS_RTOS
+    case 3:
+      /* Task is waiting to allocate memory, remove it from the waiting list */
+      mem = rt_alloc_box(p_msg);
+      if (mem == NULL) break;
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+      rt_ret_val(p_TCB, (U32)mem);
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+#endif
+    case 2:
+      /* Task is waiting to send a message, remove it from the waiting list */
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+      rt_ret_val(p_TCB, OS_R_OK);
+#endif
+      p_CB->msg[p_CB->first] = p_TCB->msg;
+      rt_inc (&p_CB->count);
+      if (++p_CB->first == p_CB->size) {
+        p_CB->first = 0;
+      }
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+    case 1:
+      /* Task is waiting for a message, pass the message to the task directly */
+      p_TCB = rt_get_first ((P_XCB)p_CB);
+#ifdef __CMSIS_RTOS
+      rt_ret_val2(p_TCB, 0x10/*osEventMessage*/, (U32)p_msg);
+#else
+      *p_TCB->msg = p_msg;
+      rt_ret_val (p_TCB, OS_R_MBX);
+#endif
+      p_TCB->state = READY;
+      rt_rmv_dly (p_TCB);
+      rt_put_prio (&os_rdy, p_TCB);
+      break;
+  } else {
+      /* No task is waiting for a message, store it to the mailbox queue */
+      if (p_CB->count < p_CB->size) {
+        p_CB->msg[p_CB->first] = p_msg;
+        rt_inc (&p_CB->count);
+        if (++p_CB->first == p_CB->size) {
+          p_CB->first = 0;
+        }
+      }
+      else {
+        os_error (OS_ERR_MBX_OVF);
+      }
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Mailbox.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,48 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MAILBOX.H
+ *      Purpose: Implements waits and wake-ups for mailbox messages
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_mbx_init  (OS_ID mailbox, U16 mbx_size);
+extern OS_RESULT rt_mbx_send  (OS_ID mailbox, void *p_msg,    U16 timeout);
+extern OS_RESULT rt_mbx_wait  (OS_ID mailbox, void **message, U16 timeout);
+extern OS_RESULT rt_mbx_check (OS_ID mailbox);
+extern void      isr_mbx_send (OS_ID mailbox, void *p_msg);
+extern OS_RESULT isr_mbx_receive (OS_ID mailbox, void **message);
+extern void      rt_mbx_psh   (P_MCB p_CB,    void *p_msg);
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_MemBox.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,166 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MEMBOX.C
+ *      Purpose: Interface functions for fixed memory block management system
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_MemBox.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- _init_box -------------------------------------*/
+
+int _init_box  (void *box_mem, U32 box_size, U32 blk_size) {
+  /* Initialize memory block system, returns 0 if OK, 1 if fails. */
+  void *end;
+  void *blk;
+  void *next;
+  U32  sizeof_bm;
+
+  /* Create memory structure. */
+  if (blk_size & BOX_ALIGN_8) {
+    /* Memory blocks 8-byte aligned. */
+    blk_size = ((blk_size & ~BOX_ALIGN_8) + 7) & ~7;
+    sizeof_bm = (sizeof (struct OS_BM) + 7) & ~7;
+  }
+  else {
+    /* Memory blocks 4-byte aligned. */
+    blk_size = (blk_size + 3) & ~3;
+    sizeof_bm = sizeof (struct OS_BM);
+  }
+  if (blk_size == 0) {
+    return (1);
+  }
+  if ((blk_size + sizeof_bm) > box_size) {
+    return (1);
+  }
+  /* Create a Memory structure. */
+  blk = ((U8 *) box_mem) + sizeof_bm;
+  ((P_BM) box_mem)->free = blk;
+  end = ((U8 *) box_mem) + box_size;
+  ((P_BM) box_mem)->end      = end;
+  ((P_BM) box_mem)->blk_size = blk_size;
+
+  /* Link all free blocks using offsets. */
+  end = ((U8 *) end) - blk_size;
+  while (1)  {
+    next = ((U8 *) blk) + blk_size;
+    if (next > end)  break;
+    *((void **)blk) = next;
+    blk = next;
+  }
+  /* end marker */
+  *((void **)blk) = 0;
+  return (0);
+}
+
+/*--------------------------- rt_alloc_box ----------------------------------*/
+
+void *rt_alloc_box (void *box_mem) {
+  /* Allocate a memory block and return start address. */
+  void **free;
+#ifndef __USE_EXCLUSIVE_ACCESS
+  int  irq_dis;
+
+  irq_dis = __disable_irq ();
+  free = ((P_BM) box_mem)->free;
+  if (free) {
+    ((P_BM) box_mem)->free = *free;
+  }
+  if (!irq_dis) __enable_irq ();
+#else
+  do {
+    if ((free = (void **)__ldrex(&((P_BM) box_mem)->free)) == 0) {
+      __clrex();
+      break;
+    }
+  } while (__strex((U32)*free, &((P_BM) box_mem)->free));
+#endif
+  return (free);
+}
+
+
+/*--------------------------- _calloc_box -----------------------------------*/
+
+void *_calloc_box (void *box_mem)  {
+  /* Allocate a 0-initialized memory block and return start address. */
+  void *free;
+  U32 *p;
+  U32 i;
+
+  free = _alloc_box (box_mem);
+  if (free)  {
+    p = free;
+    for (i = ((P_BM) box_mem)->blk_size; i; i -= 4)  {
+      *p = 0;
+      p++;
+    }
+  }
+  return (free);
+}
+
+
+/*--------------------------- rt_free_box -----------------------------------*/
+
+int rt_free_box (void *box_mem, void *box) {
+  /* Free a memory block, returns 0 if OK, 1 if box does not belong to box_mem */
+#ifndef __USE_EXCLUSIVE_ACCESS
+  int irq_dis;
+#endif
+
+  if (box < box_mem || box >= ((P_BM) box_mem)->end) {
+    return (1);
+  }
+
+#ifndef __USE_EXCLUSIVE_ACCESS
+  irq_dis = __disable_irq ();
+  *((void **)box) = ((P_BM) box_mem)->free;
+  ((P_BM) box_mem)->free = box;
+  if (!irq_dis) __enable_irq ();
+#else
+  do {
+    *((void **)box) = (void *)__ldrex(&((P_BM) box_mem)->free);
+  } while (__strex ((U32)box, &((P_BM) box_mem)->free));
+#endif
+  return (0);
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_MemBox.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MEMBOX.H
+ *      Purpose: Interface functions for fixed memory block management system
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+#define rt_init_box     _init_box
+#define rt_calloc_box   _calloc_box
+extern int     _init_box   (void *box_mem, U32 box_size, U32 blk_size);
+extern void *rt_alloc_box  (void *box_mem);
+extern void *  _calloc_box (void *box_mem);
+extern int   rt_free_box   (void *box_mem, void *box);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Mutex.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,197 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MUTEX.C
+ *      Purpose: Implements mutex synchronization objects
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Mutex.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_mut_init -----------------------------------*/
+
+void rt_mut_init (OS_ID mutex) {
+  /* Initialize a mutex object */
+  P_MUCB p_MCB = mutex;
+
+  p_MCB->cb_type = MUCB;
+  p_MCB->prio    = 0;
+  p_MCB->level   = 0;
+  p_MCB->p_lnk   = NULL;
+  p_MCB->owner   = NULL;
+}
+
+
+/*--------------------------- rt_mut_delete ---------------------------------*/
+
+#ifdef __CMSIS_RTOS
+OS_RESULT rt_mut_delete (OS_ID mutex) {
+  /* Delete a mutex object */
+  P_MUCB p_MCB = mutex;
+  P_TCB  p_TCB;
+
+  /* Restore owner task's priority. */
+  if (p_MCB->level != 0) {
+    p_MCB->owner->prio = p_MCB->prio;
+    if (p_MCB->owner != os_tsk.run) {
+      rt_resort_prio (p_MCB->owner);
+    }
+  }
+
+  while (p_MCB->p_lnk != NULL) {
+    /* A task is waiting for mutex. */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+    rt_ret_val(p_TCB, 0/*osOK*/);
+    rt_rmv_dly(p_TCB);
+    p_TCB->state = READY;
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+
+  if (os_rdy.p_lnk && (os_rdy.p_lnk->prio > os_tsk.run->prio)) {
+    /* preempt running task */
+    rt_put_prio (&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_dispatch (NULL);
+  }
+
+  p_MCB->cb_type = 0;
+
+  return (OS_R_OK);
+}
+#endif
+
+
+/*--------------------------- rt_mut_release --------------------------------*/
+
+OS_RESULT rt_mut_release (OS_ID mutex) {
+  /* Release a mutex object */
+  P_MUCB p_MCB = mutex;
+  P_TCB  p_TCB;
+
+  if (p_MCB->level == 0 || p_MCB->owner != os_tsk.run) {
+    /* Unbalanced mutex release or task is not the owner */
+    return (OS_R_NOK);
+  }
+  if (--p_MCB->level != 0) {
+    return (OS_R_OK);
+  }
+  /* Restore owner task's priority. */
+  os_tsk.run->prio = p_MCB->prio;
+  if (p_MCB->p_lnk != NULL) {
+    /* A task is waiting for mutex. */
+    p_TCB = rt_get_first ((P_XCB)p_MCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 0/*osOK*/);
+#else
+    rt_ret_val(p_TCB, OS_R_MUT);
+#endif
+    rt_rmv_dly (p_TCB);
+    /* A waiting task becomes the owner of this mutex. */
+    p_MCB->level     = 1;
+    p_MCB->owner     = p_TCB;
+    p_MCB->prio      = p_TCB->prio;
+    /* Priority inversion, check which task continues. */
+    if (os_tsk.run->prio >= rt_rdy_prio()) {
+      rt_dispatch (p_TCB);
+    }
+    else {
+      /* Ready task has higher priority than running task. */
+      rt_put_prio (&os_rdy, os_tsk.run);
+      rt_put_prio (&os_rdy, p_TCB);
+      os_tsk.run->state = READY;
+      p_TCB->state      = READY;
+      rt_dispatch (NULL);
+    }
+  }
+  else {
+    /* Check if own priority raised by priority inversion. */
+    if (rt_rdy_prio() > os_tsk.run->prio) {
+      rt_put_prio (&os_rdy, os_tsk.run);
+      os_tsk.run->state = READY;
+      rt_dispatch (NULL);
+    }
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_mut_wait -----------------------------------*/
+
+OS_RESULT rt_mut_wait (OS_ID mutex, U16 timeout) {
+  /* Wait for a mutex, continue when mutex is free. */
+  P_MUCB p_MCB = mutex;
+
+  if (p_MCB->level == 0) {
+    p_MCB->owner = os_tsk.run;
+    p_MCB->prio  = os_tsk.run->prio;
+    goto inc;
+  }
+  if (p_MCB->owner == os_tsk.run) {
+    /* OK, running task is the owner of this mutex. */
+inc:p_MCB->level++;
+    return (OS_R_OK);
+  }
+  /* Mutex owned by another task, wait until released. */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  /* Raise the owner task priority if lower than current priority. */
+  /* This priority inversion is called priority inheritance.       */
+  if (p_MCB->prio < os_tsk.run->prio) {
+    p_MCB->owner->prio = os_tsk.run->prio;
+    rt_resort_prio (p_MCB->owner);
+  }
+  if (p_MCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_MCB, os_tsk.run);
+  }
+  else {
+    p_MCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk  = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_MCB;
+  }
+  rt_block(timeout, WAIT_MUT);
+  return (OS_R_TMO);
+}
+
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Mutex.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,44 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_MUTEX.H
+ *      Purpose: Implements mutex synchronization objects
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_mut_init    (OS_ID mutex);
+extern OS_RESULT rt_mut_delete  (OS_ID mutex);
+extern OS_RESULT rt_mut_release (OS_ID mutex);
+extern OS_RESULT rt_mut_wait    (OS_ID mutex, U16 timeout);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Robin.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,84 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_ROBIN.C
+ *      Purpose: Round Robin Task switching
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+#include "rt_Robin.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+struct OS_ROBIN os_robin;
+
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+/*--------------------------- rt_init_robin ---------------------------------*/
+
+__weak void rt_init_robin (void) {
+  /* Initialize Round Robin variables. */
+  os_robin.task = NULL;
+  os_robin.tout = (U16)os_rrobin;
+}
+
+/*--------------------------- rt_chk_robin ----------------------------------*/
+
+__weak void rt_chk_robin (void) {
+  /* Check if Round Robin timeout expired and switch to the next ready task.*/
+  P_TCB p_new;
+
+  if (os_robin.task != os_rdy.p_lnk) {
+    /* New task was suspended, reset Round Robin timeout. */
+    os_robin.task = os_rdy.p_lnk;
+    os_robin.time = (U16)os_time + os_robin.tout - 1;
+  }
+  if (os_robin.time == (U16)os_time) {
+    /* Round Robin timeout has expired, swap Robin tasks. */
+    os_robin.task = NULL;
+    p_new = rt_get_first (&os_rdy);
+    rt_put_prio ((P_XCB)&os_rdy, p_new);
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Robin.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,45 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_ROBIN.H
+ *      Purpose: Round Robin Task switching definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+extern struct OS_ROBIN os_robin;
+
+/* Functions */
+extern void rt_init_robin (void);
+extern void rt_chk_robin  (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Semaphore.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,183 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SEMAPHORE.C
+ *      Purpose: Implements binary and counting semaphores
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_List.h"
+#include "rt_Task.h"
+#include "rt_Semaphore.h"
+#include "rt_HAL_CM.h"
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_sem_init -----------------------------------*/
+
+void rt_sem_init (OS_ID semaphore, U16 token_count) {
+  /* Initialize a semaphore */
+  P_SCB p_SCB = semaphore;
+
+  p_SCB->cb_type = SCB;
+  p_SCB->p_lnk  = NULL;
+  p_SCB->tokens = token_count;
+}
+
+
+/*--------------------------- rt_sem_delete ---------------------------------*/
+
+#ifdef __CMSIS_RTOS
+OS_RESULT rt_sem_delete (OS_ID semaphore) {
+  /* Delete semaphore */
+  P_SCB p_SCB = semaphore;
+  P_TCB p_TCB;
+
+  while (p_SCB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_SCB);
+    rt_ret_val(p_TCB, 0);
+    rt_rmv_dly(p_TCB);
+    p_TCB->state = READY;
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+
+  if (os_rdy.p_lnk && (os_rdy.p_lnk->prio > os_tsk.run->prio)) {
+    /* preempt running task */
+    rt_put_prio (&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_dispatch (NULL);
+  }
+
+  p_SCB->cb_type = 0;
+
+  return (OS_R_OK);
+}
+#endif
+
+
+/*--------------------------- rt_sem_send -----------------------------------*/
+
+OS_RESULT rt_sem_send (OS_ID semaphore) {
+  /* Return a token to semaphore */
+  P_SCB p_SCB = semaphore;
+  P_TCB p_TCB;
+
+  if (p_SCB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_SCB);
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 1);
+#else
+    rt_ret_val(p_TCB, OS_R_SEM);
+#endif
+    rt_rmv_dly (p_TCB);
+    rt_dispatch (p_TCB);
+  }
+  else {
+    /* Store token. */
+    p_SCB->tokens++;
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_sem_wait -----------------------------------*/
+
+OS_RESULT rt_sem_wait (OS_ID semaphore, U16 timeout) {
+  /* Obtain a token; possibly wait for it */
+  P_SCB p_SCB = semaphore;
+
+  if (p_SCB->tokens) {
+    p_SCB->tokens--;
+    return (OS_R_OK);
+  }
+  /* No token available: wait for one */
+  if (timeout == 0) {
+    return (OS_R_TMO);
+  }
+  if (p_SCB->p_lnk != NULL) {
+    rt_put_prio ((P_XCB)p_SCB, os_tsk.run);
+  }
+  else {
+    p_SCB->p_lnk = os_tsk.run;
+    os_tsk.run->p_lnk = NULL;
+    os_tsk.run->p_rlnk = (P_TCB)p_SCB;
+  }
+  rt_block(timeout, WAIT_SEM);
+  return (OS_R_TMO);
+}
+
+
+/*--------------------------- isr_sem_send ----------------------------------*/
+
+void isr_sem_send (OS_ID semaphore) {
+  /* Same function as "os_sem"send", but to be called by ISRs */
+  P_SCB p_SCB = semaphore;
+
+  rt_psq_enq (p_SCB, 0);
+  rt_psh_req ();
+}
+
+
+/*--------------------------- rt_sem_psh ------------------------------------*/
+
+void rt_sem_psh (P_SCB p_CB) {
+  /* Check if task has to be waken up */
+  P_TCB p_TCB;
+
+  if (p_CB->p_lnk != NULL) {
+    /* A task is waiting for token */
+    p_TCB = rt_get_first ((P_XCB)p_CB);
+    rt_rmv_dly (p_TCB);
+    p_TCB->state   = READY;
+#ifdef __CMSIS_RTOS
+    rt_ret_val(p_TCB, 1);
+#else
+    rt_ret_val(p_TCB, OS_R_SEM);
+#endif
+    rt_put_prio (&os_rdy, p_TCB);
+  }
+  else {
+    /* Store token */
+    p_CB->tokens++;
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Semaphore.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,46 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SEMAPHORE.H
+ *      Purpose: Implements binary and counting semaphores
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Functions */
+extern void      rt_sem_init  (OS_ID semaphore, U16 token_count);
+extern OS_RESULT rt_sem_delete(OS_ID semaphore);
+extern OS_RESULT rt_sem_send  (OS_ID semaphore);
+extern OS_RESULT rt_sem_wait  (OS_ID semaphore, U16 timeout);
+extern void      isr_sem_send (OS_ID semaphore);
+extern void      rt_sem_psh (P_SCB p_CB);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_System.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,299 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SYSTEM.C
+ *      Purpose: System Task Manager
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_Task.h"
+#include "rt_System.h"
+#include "rt_Event.h"
+#include "rt_List.h"
+#include "rt_Mailbox.h"
+#include "rt_Semaphore.h"
+#include "rt_Time.h"
+#include "rt_Robin.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+int os_tick_irqn;
+
+/*----------------------------------------------------------------------------
+ *      Local Variables
+ *---------------------------------------------------------------------------*/
+
+static volatile BIT os_lock;
+static volatile BIT os_psh_flag;
+static          U8  pend_flags;
+
+/*----------------------------------------------------------------------------
+ *      Global Functions
+ *---------------------------------------------------------------------------*/
+
+#if defined (__CC_ARM)
+__asm void $$RTX$$version (void) {
+   /* Export a version number symbol for a version control. */
+
+                EXPORT  __RL_RTX_VER
+
+__RL_RTX_VER    EQU     0x450
+}
+#endif
+
+
+/*--------------------------- rt_suspend ------------------------------------*/
+U32 rt_suspend (void) {
+  /* Suspend OS scheduler */
+  U32 delta = 0xFFFF;
+
+  rt_tsk_lock();
+
+  if (os_dly.p_dlnk) {
+    delta = os_dly.delta_time;
+  }
+#ifndef __CMSIS_RTOS
+  if (os_tmr.next) {
+    if (os_tmr.tcnt < delta) delta = os_tmr.tcnt;
+  }
+#endif
+
+  return (delta);
+}
+
+
+/*--------------------------- rt_resume -------------------------------------*/
+void rt_resume (U32 sleep_time) {
+  /* Resume OS scheduler after suspend */
+  P_TCB next;
+  U32   delta;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  os_robin.task = NULL;
+
+  /* Update delays. */
+  if (os_dly.p_dlnk) {
+    delta = sleep_time;
+    if (delta >= os_dly.delta_time) {
+      delta   -= os_dly.delta_time;
+      os_time += os_dly.delta_time;
+      os_dly.delta_time = 1;
+      while (os_dly.p_dlnk) {
+        rt_dec_dly();
+        if (delta == 0) break;
+        delta--;
+        os_time++;
+      }
+    } else {
+      os_time           += delta;
+      os_dly.delta_time -= delta;
+    }
+  } else {
+    os_time += sleep_time;
+  }
+
+#ifndef __CMSIS_RTOS
+  /* Check the user timers. */
+  if (os_tmr.next) {
+    delta = sleep_time;
+    if (delta >= os_tmr.tcnt) {
+      delta   -= os_tmr.tcnt;
+      os_tmr.tcnt = 1;
+      while (os_tmr.next) {
+        rt_tmr_tick();
+        if (delta == 0) break;
+        delta--;
+      }
+    } else {
+      os_tmr.tcnt -= delta;
+    }
+  }
+#endif
+
+  /* Switch back to highest ready task */
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+
+  rt_tsk_unlock();
+}
+
+
+/*--------------------------- rt_tsk_lock -----------------------------------*/
+
+void rt_tsk_lock (void) {
+  /* Prevent task switching by locking out scheduler */
+  if (os_tick_irqn < 0) {
+    OS_LOCK();
+    os_lock = __TRUE;
+    OS_UNPEND (&pend_flags);
+  } else {
+    OS_X_LOCK(os_tick_irqn);
+    os_lock = __TRUE;
+    OS_X_UNPEND (&pend_flags);
+  }
+}
+
+
+/*--------------------------- rt_tsk_unlock ---------------------------------*/
+
+void rt_tsk_unlock (void) {
+  /* Unlock scheduler and re-enable task switching */
+  if (os_tick_irqn < 0) {
+    OS_UNLOCK();
+    os_lock = __FALSE;
+    OS_PEND (pend_flags, os_psh_flag);
+    os_psh_flag = __FALSE;
+  } else {
+    OS_X_UNLOCK(os_tick_irqn);
+    os_lock = __FALSE;
+    OS_X_PEND (pend_flags, os_psh_flag);
+    os_psh_flag = __FALSE;
+  }
+}
+
+
+/*--------------------------- rt_psh_req ------------------------------------*/
+
+void rt_psh_req (void) {
+  /* Initiate a post service handling request if required. */
+  if (os_lock == __FALSE) {
+    OS_PEND_IRQ ();
+  }
+  else {
+    os_psh_flag = __TRUE;
+  }
+}
+
+
+/*--------------------------- rt_pop_req ------------------------------------*/
+
+void rt_pop_req (void) {
+  /* Process an ISR post service requests. */
+  struct OS_XCB *p_CB;
+  P_TCB next;
+  U32  idx;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  idx = os_psq->last;
+  while (os_psq->count) {
+    p_CB = os_psq->q[idx].id;
+    if (p_CB->cb_type == TCB) {
+      /* Is of TCB type */
+      rt_evt_psh ((P_TCB)p_CB, (U16)os_psq->q[idx].arg);
+    }
+    else if (p_CB->cb_type == MCB) {
+      /* Is of MCB type */
+      rt_mbx_psh ((P_MCB)p_CB, (void *)os_psq->q[idx].arg);
+    }
+    else {
+      /* Must be of SCB type */
+      rt_sem_psh ((P_SCB)p_CB);
+    }
+    if (++idx == os_psq->size) idx = 0;
+    rt_dec (&os_psq->count);
+  }
+  os_psq->last = idx;
+
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+}
+
+
+/*--------------------------- os_tick_init ----------------------------------*/
+
+__weak int os_tick_init (void) {
+  /* Initialize SysTick timer as system tick timer. */
+  rt_systick_init ();
+  return (-1);  /* Return IRQ number of SysTick timer */
+}
+
+
+/*--------------------------- os_tick_irqack --------------------------------*/
+
+__weak void os_tick_irqack (void) {
+  /* Acknowledge timer interrupt. */
+}
+
+
+/*--------------------------- rt_systick ------------------------------------*/
+
+extern void sysTimerTick(void);
+
+void rt_systick (void) {
+  /* Check for system clock update, suspend running task. */
+  P_TCB next;
+
+  os_tsk.run->state = READY;
+  rt_put_rdy_first (os_tsk.run);
+
+  /* Check Round Robin timeout. */
+  rt_chk_robin ();
+
+  /* Update delays. */
+  os_time++;
+  rt_dec_dly ();
+
+  /* Check the user timers. */
+#ifdef __CMSIS_RTOS
+  sysTimerTick();
+#else
+  rt_tmr_tick ();
+#endif
+
+  /* Switch back to highest ready task */
+  next = rt_get_first (&os_rdy);
+  rt_switch_req (next);
+}
+
+/*--------------------------- rt_stk_check ----------------------------------*/
+__weak void rt_stk_check (void) {
+    /* Check for stack overflow. */
+    if (os_tsk.run->task_id == 0x01) {
+        // TODO: For the main thread the check should be done against the main heap pointer
+    } else {
+        if ((os_tsk.run->tsk_stack < (U32)os_tsk.run->stack) ||
+            (os_tsk.run->stack[0] != MAGIC_WORD)) {
+            os_error (OS_ERR_STK_OVF);
+        }
+    }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_System.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,52 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_SYSTEM.H
+ *      Purpose: System Task Manager definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+#define os_psq  ((P_PSQ)&os_fifo)
+extern int os_tick_irqn;
+
+/* Functions */
+extern U32  rt_suspend    (void);
+extern void rt_resume     (U32 sleep_time);
+extern void rt_tsk_lock   (void);
+extern void rt_tsk_unlock (void);
+extern void rt_psh_req    (void);
+extern void rt_pop_req    (void);
+extern void rt_systick    (void);
+extern void rt_stk_check  (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Task.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,339 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TASK.C
+ *      Purpose: Task functions and system start up.
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_System.h"
+#include "rt_Task.h"
+#include "rt_List.h"
+#include "rt_MemBox.h"
+#include "rt_Robin.h"
+#include "rt_HAL_CM.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* Running and next task info. */
+struct OS_TSK os_tsk;
+
+/* Task Control Blocks of idle demon */
+struct OS_TCB os_idle_TCB;
+
+
+/*----------------------------------------------------------------------------
+ *      Local Functions
+ *---------------------------------------------------------------------------*/
+
+OS_TID rt_get_TID (void) {
+  U32 tid;
+
+  for (tid = 1; tid <= os_maxtaskrun; tid++) {
+    if (os_active_TCB[tid-1] == NULL) {
+      return ((OS_TID)tid);
+    }
+  }
+  return (0);
+}
+
+#if defined (__CC_ARM) && !defined (__MICROLIB)
+/*--------------------------- __user_perthread_libspace ---------------------*/
+extern void  *__libspace_start;
+
+void *__user_perthread_libspace (void) {
+  /* Provide a separate libspace for each task. */
+  if (os_tsk.run == NULL) {
+    /* RTX not running yet. */
+    return (&__libspace_start);
+  }
+  return (void *)(os_tsk.run->std_libspace);
+}
+#endif
+
+/*--------------------------- rt_init_context -------------------------------*/
+
+void rt_init_context (P_TCB p_TCB, U8 priority, FUNCP task_body) {
+  /* Initialize general part of the Task Control Block. */
+  p_TCB->cb_type = TCB;
+  p_TCB->state   = READY;
+  p_TCB->prio    = priority;
+  p_TCB->p_lnk   = NULL;
+  p_TCB->p_rlnk  = NULL;
+  p_TCB->p_dlnk  = NULL;
+  p_TCB->p_blnk  = NULL;
+  p_TCB->delta_time    = 0;
+  p_TCB->interval_time = 0;
+  p_TCB->events  = 0;
+  p_TCB->waits   = 0;
+  p_TCB->stack_frame = 0;
+
+  rt_init_stack (p_TCB, task_body);
+}
+
+
+/*--------------------------- rt_switch_req ---------------------------------*/
+
+void rt_switch_req (P_TCB p_new) {
+  /* Switch to next task (identified by "p_new"). */
+  os_tsk.new_tsk   = p_new;
+  p_new->state = RUNNING;
+  DBG_TASK_SWITCH(p_new->task_id);
+}
+
+
+/*--------------------------- rt_dispatch -----------------------------------*/
+
+void rt_dispatch (P_TCB next_TCB) {
+  /* Dispatch next task if any identified or dispatch highest ready task    */
+  /* "next_TCB" identifies a task to run or has value NULL (=no next task)  */
+  if (next_TCB == NULL) {
+    /* Running task was blocked: continue with highest ready task */
+    next_TCB = rt_get_first (&os_rdy);
+    rt_switch_req (next_TCB);
+  }
+  else {
+    /* Check which task continues */
+    if (next_TCB->prio > os_tsk.run->prio) {
+      /* preempt running task */
+      rt_put_rdy_first (os_tsk.run);
+      os_tsk.run->state = READY;
+      rt_switch_req (next_TCB);
+    }
+    else {
+      /* put next task into ready list, no task switch takes place */
+      next_TCB->state = READY;
+      rt_put_prio (&os_rdy, next_TCB);
+    }
+  }
+}
+
+
+/*--------------------------- rt_block --------------------------------------*/
+
+void rt_block (U16 timeout, U8 block_state) {
+  /* Block running task and choose next ready task.                         */
+  /* "timeout" sets a time-out value or is 0xffff (=no time-out).           */
+  /* "block_state" defines the appropriate task state */
+  P_TCB next_TCB;
+
+  if (timeout) {
+    if (timeout < 0xffff) {
+      rt_put_dly (os_tsk.run, timeout);
+    }
+    os_tsk.run->state = block_state;
+    next_TCB = rt_get_first (&os_rdy);
+    rt_switch_req (next_TCB);
+  }
+}
+
+
+/*--------------------------- rt_tsk_pass -----------------------------------*/
+
+void rt_tsk_pass (void) {
+  /* Allow tasks of same priority level to run cooperatively.*/
+  P_TCB p_new;
+
+  p_new = rt_get_same_rdy_prio();
+  if (p_new != NULL) {
+    rt_put_prio ((P_XCB)&os_rdy, os_tsk.run);
+    os_tsk.run->state = READY;
+    rt_switch_req (p_new);
+  }
+}
+
+
+/*--------------------------- rt_tsk_self -----------------------------------*/
+
+OS_TID rt_tsk_self (void) {
+  /* Return own task identifier value. */
+  if (os_tsk.run == NULL) {
+    return (0);
+  }
+  return (os_tsk.run->task_id);
+}
+
+
+/*--------------------------- rt_tsk_prio -----------------------------------*/
+
+OS_RESULT rt_tsk_prio (OS_TID task_id, U8 new_prio) {
+  /* Change execution priority of a task to "new_prio". */
+  P_TCB p_task;
+
+  if (task_id == 0) {
+    /* Change execution priority of calling task. */
+    os_tsk.run->prio = new_prio;
+run:if (rt_rdy_prio() > new_prio) {
+      rt_put_prio (&os_rdy, os_tsk.run);
+      os_tsk.run->state   = READY;
+      rt_dispatch (NULL);
+    }
+    return (OS_R_OK);
+  }
+
+  /* Find the task in the "os_active_TCB" array. */
+  if (task_id > os_maxtaskrun || os_active_TCB[task_id-1] == NULL) {
+    /* Task with "task_id" not found or not started. */
+    return (OS_R_NOK);
+  }
+  p_task = os_active_TCB[task_id-1];
+  p_task->prio = new_prio;
+  if (p_task == os_tsk.run) {
+    goto run;
+  }
+  rt_resort_prio (p_task);
+  if (p_task->state == READY) {
+    /* Task enqueued in a ready list. */
+    p_task = rt_get_first (&os_rdy);
+    rt_dispatch (p_task);
+  }
+  return (OS_R_OK);
+}
+
+/*--------------------------- rt_tsk_delete ---------------------------------*/
+
+OS_RESULT rt_tsk_delete (OS_TID task_id) {
+  /* Terminate the task identified with "task_id". */
+  P_TCB task_context;
+
+  if (task_id == 0 || task_id == os_tsk.run->task_id) {
+    /* Terminate itself. */
+    os_tsk.run->state     = INACTIVE;
+    os_tsk.run->tsk_stack = rt_get_PSP ();
+    rt_stk_check ();
+    os_active_TCB[os_tsk.run->task_id-1] = NULL;
+
+    os_tsk.run->stack = NULL;
+    DBG_TASK_NOTIFY(os_tsk.run, __FALSE);
+    os_tsk.run = NULL;
+    rt_dispatch (NULL);
+    /* The program should never come to this point. */
+  }
+  else {
+    /* Find the task in the "os_active_TCB" array. */
+    if (task_id > os_maxtaskrun || os_active_TCB[task_id-1] == NULL) {
+      /* Task with "task_id" not found or not started. */
+      return (OS_R_NOK);
+    }
+    task_context = os_active_TCB[task_id-1];
+    rt_rmv_list (task_context);
+    rt_rmv_dly (task_context);
+    os_active_TCB[task_id-1] = NULL;
+
+    task_context->stack = NULL;
+    DBG_TASK_NOTIFY(task_context, __FALSE);
+  }
+  return (OS_R_OK);
+}
+
+
+/*--------------------------- rt_sys_init -----------------------------------*/
+
+#ifdef __CMSIS_RTOS
+void rt_sys_init (void) {
+#else
+void rt_sys_init (FUNCP first_task, U32 prio_stksz, void *stk) {
+#endif
+  /* Initialize system and start up task declared with "first_task". */
+  U32 i;
+
+  DBG_INIT();
+
+  /* Initialize dynamic memory and task TCB pointers to NULL. */
+  for (i = 0; i < os_maxtaskrun; i++) {
+    os_active_TCB[i] = NULL;
+  }
+
+  /* Set up TCB of idle demon */
+  os_idle_TCB.task_id = 255;
+  os_idle_TCB.priv_stack = idle_task_stack_size;
+  os_idle_TCB.stack = idle_task_stack;
+  rt_init_context (&os_idle_TCB, 0, os_idle_demon);
+
+  /* Set up ready list: initially empty */
+  os_rdy.cb_type = HCB;
+  os_rdy.p_lnk   = NULL;
+  /* Set up delay list: initially empty */
+  os_dly.cb_type = HCB;
+  os_dly.p_dlnk  = NULL;
+  os_dly.p_blnk  = NULL;
+  os_dly.delta_time = 0;
+
+  /* Fix SP and systemvariables to assume idle task is running  */
+  /* Transform main program into idle task by assuming idle TCB */
+#ifndef __CMSIS_RTOS
+  rt_set_PSP (os_idle_TCB.tsk_stack+32);
+#endif
+  os_tsk.run = &os_idle_TCB;
+  os_tsk.run->state = RUNNING;
+
+  /* Initialize ps queue */
+  os_psq->first = 0;
+  os_psq->last  = 0;
+  os_psq->size  = os_fifo_size;
+
+  rt_init_robin ();
+
+  /* Intitialize SVC and PendSV */
+  rt_svc_init ();
+
+#ifndef __CMSIS_RTOS
+  /* Intitialize and start system clock timer */
+  os_tick_irqn = os_tick_init ();
+  if (os_tick_irqn >= 0) {
+    OS_X_INIT(os_tick_irqn);
+  }
+
+  /* Start up first user task before entering the endless loop */
+  rt_tsk_create (first_task, prio_stksz, stk, NULL);
+#endif
+}
+
+
+/*--------------------------- rt_sys_start ----------------------------------*/
+
+#ifdef __CMSIS_RTOS
+void rt_sys_start (void) {
+  /* Start system */
+
+  /* Intitialize and start system clock timer */
+  os_tick_irqn = os_tick_init ();
+  if (os_tick_irqn >= 0) {
+    OS_X_INIT(os_tick_irqn);
+  }
+}
+#endif
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Task.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,73 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TASK.H
+ *      Purpose: Task functions and system start up.
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Definitions */
+#define __CMSIS_RTOS    1
+
+/* Values for 'state'   */
+#define INACTIVE        0
+#define READY           1
+#define RUNNING         2
+#define WAIT_DLY        3
+#define WAIT_ITV        4
+#define WAIT_OR         5
+#define WAIT_AND        6
+#define WAIT_SEM        7
+#define WAIT_MBX        8
+#define WAIT_MUT        9
+
+/* Return codes */
+#define OS_R_TMO        0x01
+#define OS_R_EVT        0x02
+#define OS_R_SEM        0x03
+#define OS_R_MBX        0x04
+#define OS_R_MUT        0x05
+
+#define OS_R_OK         0x00
+#define OS_R_NOK        0xff
+
+/* Variables */
+extern struct OS_TSK os_tsk;
+extern struct OS_TCB os_idle_TCB;
+
+/* Functions */
+extern void      rt_switch_req (P_TCB p_new);
+extern void      rt_dispatch   (P_TCB next_TCB);
+extern void      rt_block      (U16 timeout, U8 block_state);
+extern void      rt_tsk_pass   (void);
+extern OS_TID    rt_tsk_self   (void);
+extern OS_RESULT rt_tsk_prio   (OS_TID task_id, U8 new_prio);
+extern OS_RESULT rt_tsk_delete (OS_TID task_id);
+extern void      rt_sys_init   (void);
+extern void      rt_sys_start  (void);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Time.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,94 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TIME.C
+ *      Purpose: Delay and interval wait functions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+#include "rt_TypeDef.h"
+#include "RTX_Conf.h"
+#include "rt_Task.h"
+#include "rt_Time.h"
+
+/*----------------------------------------------------------------------------
+ *      Global Variables
+ *---------------------------------------------------------------------------*/
+
+/* Free running system tick counter */
+U32 os_time;
+
+
+/*----------------------------------------------------------------------------
+ *      Functions
+ *---------------------------------------------------------------------------*/
+
+
+/*--------------------------- rt_time_get -----------------------------------*/
+
+U32 rt_time_get (void) {
+  /* Get system time tick */
+  return (os_time);
+}
+
+
+/*--------------------------- rt_dly_wait -----------------------------------*/
+
+void rt_dly_wait (U16 delay_time) {
+  /* Delay task by "delay_time" */
+  rt_block (delay_time, WAIT_DLY);
+}
+
+
+/*--------------------------- rt_itv_set ------------------------------------*/
+
+void rt_itv_set (U16 interval_time) {
+  /* Set interval length and define start of first interval */
+  os_tsk.run->interval_time = interval_time;
+  os_tsk.run->delta_time = interval_time + (U16)os_time;
+}
+
+
+/*--------------------------- rt_itv_wait -----------------------------------*/
+
+void rt_itv_wait (void) {
+  /* Wait for interval end and define start of next one */
+  U16 delta;
+
+  delta = os_tsk.run->delta_time - (U16)os_time;
+  os_tsk.run->delta_time += os_tsk.run->interval_time;
+  if ((delta & 0x8000) == 0) {
+    rt_block (delta, WAIT_ITV);
+  }
+}
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_Time.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,47 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TIME.H
+ *      Purpose: Delay and interval wait functions definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+
+/* Variables */
+extern U32 os_time;
+
+/* Functions */
+extern U32  rt_time_get (void);
+extern void rt_dly_wait (U16 delay_time);
+extern void rt_itv_set  (U16 interval_time);
+extern void rt_itv_wait (void);
+
+/*----------------------------------------------------------------------------
+ * end of file
+ *---------------------------------------------------------------------------*/
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbed-rtos/rtx/TARGET_CORTEX_M/rt_TypeDef.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,128 @@
+/*----------------------------------------------------------------------------
+ *      RL-ARM - RTX
+ *----------------------------------------------------------------------------
+ *      Name:    RT_TYPEDEF.H
+ *      Purpose: Type Definitions
+ *      Rev.:    V4.60
+ *----------------------------------------------------------------------------
+ *
+ * Copyright (c) 1999-2009 KEIL, 2009-2012 ARM Germany GmbH
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *  - Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *  - Neither the name of ARM  nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS AND CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *---------------------------------------------------------------------------*/
+#ifndef RT_TYPE_DEF_H
+#define RT_TYPE_DEF_H
+
+#include "os_tcb.h"
+
+typedef U32     OS_TID;
+typedef void    *OS_ID;
+typedef U32     OS_RESULT;
+
+#define TCB_STACKF      32        /* 'stack_frame' offset                    */
+#define TCB_TSTACK      40        /* 'tsk_stack' offset                      */
+
+typedef struct OS_PSFE {          /* Post Service Fifo Entry                 */
+  void  *id;                      /* Object Identification                   */
+  U32    arg;                     /* Object Argument                         */
+} *P_PSFE;
+
+typedef struct OS_PSQ {           /* Post Service Queue                      */
+  U8     first;                   /* FIFO Head Index                         */
+  U8     last;                    /* FIFO Tail Index                         */
+  U8     count;                   /* Number of stored items in FIFO          */
+  U8     size;                    /* FIFO Size                               */
+  struct OS_PSFE q[1];            /* FIFO Content                            */
+} *P_PSQ;
+
+typedef struct OS_TSK {
+  P_TCB  run;                     /* Current running task                    */
+  P_TCB  new_tsk;                 /* Scheduled task to run                   */
+} *P_TSK;
+
+typedef struct OS_ROBIN {         /* Round Robin Control                     */
+  P_TCB  task;                    /* Round Robin task                        */
+  U16    time;                    /* Round Robin switch time                 */
+  U16    tout;                    /* Round Robin timeout                     */
+} *P_ROBIN;
+
+typedef struct OS_XCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  struct OS_TCB *p_lnk;           /* Link pointer for ready/sem. wait list   */
+  struct OS_TCB *p_rlnk;          /* Link pointer for sem./mbx lst backwards */
+  struct OS_TCB *p_dlnk;          /* Link pointer for delay list             */
+  struct OS_TCB *p_blnk;          /* Link pointer for delay list backwards   */
+  U16    delta_time;              /* Time until time out                     */
+} *P_XCB;
+
+typedef struct OS_MCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     state;                   /* State flag variable                     */
+  U8     isr_st;                  /* State flag variable for isr functions   */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for message      */
+  U16    first;                   /* Index of the message list begin         */
+  U16    last;                    /* Index of the message list end           */
+  U16    count;                   /* Actual number of stored messages        */
+  U16    size;                    /* Maximum number of stored messages       */
+  void   *msg[1];                 /* FIFO for Message pointers 1st element   */
+} *P_MCB;
+
+typedef struct OS_SCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     mask;                    /* Semaphore token mask                    */
+  U16    tokens;                  /* Semaphore tokens                        */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for tokens       */
+} *P_SCB;
+
+typedef struct OS_MUCB {
+  U8     cb_type;                 /* Control Block Type                      */
+  U8     prio;                    /* Owner task default priority             */
+  U16    level;                   /* Call nesting level                      */
+  struct OS_TCB *p_lnk;           /* Chain of tasks waiting for mutex        */
+  struct OS_TCB *owner;           /* Mutex owner task                        */
+} *P_MUCB;
+
+typedef struct OS_XTMR {
+  struct OS_TMR  *next;
+  U16    tcnt;
+} *P_XTMR;
+
+typedef struct OS_TMR {
+  struct OS_TMR  *next;           /* Link pointer to Next timer              */
+  U16    tcnt;                    /* Timer delay count                       */
+  U16    info;                    /* User defined call info                  */
+} *P_TMR;
+
+typedef struct OS_BM {
+  void *free;                     /* Pointer to first free memory block      */
+  void *end;                      /* Pointer to memory block end             */
+  U32  blk_size;                  /* Memory block size                       */
+} *P_BM;
+
+/* Definitions */
+#define __TRUE          1
+#define __FALSE         0
+#define NULL            ((void *) 0)
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/LICENSE	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2 @@
+Unless specifically indicated otherwise in a file, files are licensed
+under the Apache 2.0 license, as can be found in: apache-2.0.txt
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/README.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,103 @@
+# mbed TLS
+
+mbed TLS makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their embedded products, with a minimal code footprint. It offers an SSL library with an intuitive API and readable source code.
+
+**Note:** The current release is beta, and implements no secure source of random numbers, weakening its security.
+
+Currently the only supported yotta targets are:
+- `frdm-k64f-gcc`
+- `frdm-k64f-armcc`
+- `x86-linux-native`
+- `x86-osx-native`
+
+## Sample programs
+
+This release includes the following examples:
+
+1. [**Self test:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-selftest) Tests different basic functions in the mbed TLS library.
+
+2. [**Benchmark:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-benchmark) Measures the time taken to perform basic cryptographic functions used in the library.
+
+3. [**Hashing:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-hashing) Demonstrates the various APIs for computing hashes of data (also known as message digests) with SHA-256.
+
+4. [**Authenticated encryption:**](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/example-authcrypt) Demonstrates usage of the Cipher API for encrypting and authenticating data with AES-CCM.
+
+These examples are integrated as yotta tests, so that they are built automatically when you build mbed TLS. Each of them comes with complete usage instructions as a Readme file in the repository.
+
+## Performing TLS and DTLS connections
+
+A high-level API for performing TLS and DTLS connections with mbed TLS in mbed OS is provided in a separate yotta module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). We recommend this API for TLS and DTLS connections. It is very similar to the API provided by the [sockets](https://github.com/ARMmbed/sockets) module for unencrypted TCP and UDP connections.
+
+The `mbed-tls-sockets` module includes a complete [example TLS client](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/main.cpp) with [usage instructions](https://github.com/ARMmbed/mbed-tls-sockets/blob/master/test/tls-client/README.md).
+
+## Configuring mbed TLS features
+
+mbed TLS makes it easy to disable any feature during compilation, if that feature isn't required for a particular project. The default configuration enables all modern and widely-used features, which should meet the needs of new projects, and disables all features that are older or less common, to minimize the code footprint.
+
+The list of available compilation flags is available in the fully documented [config.h file](https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/config.h).
+
+If you need to adjust those flags, you can provide your own configuration-adjustment file with suitable `#define` and `#undef` statements. These will be included between the default definitions and the sanity checks. Your configuration file should be in your application's include directory, and can be named freely; you just need to let mbed TLS know the file's name. To do that, use yotta's [configuration system](http://docs.yottabuild.org/reference/config.html). The file's name should be in your `config.json` file, under mbedtls, as the key `user-config-file`.
+
+For example, in an application called `myapp`, if you want to enable the EC J-PAKE key exchange and disable the CBC cipher mode, you can create a file named  `mbedtls-config-changes.h` in the `myapp` directory containing the following lines:
+
+    #define MBEDTLS_ECJPAKE_C
+    #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+    #undef MBEDTLS_CIPHER_MODE_CBC
+
+And then create a file named `config.json` at the root of your application with the following contents:
+
+    {
+       "mbedtls": {
+          "user-config-file": "\"myapp/mbedtls-config-changes.h\""
+       }
+    }
+
+Please note: you need to provide the exact name that will be used in the `#include` directive, including the `<>` or quotes around the name.
+
+## Getting mbed TLS from GitHub
+
+Like most components of mbed OS, mbed TLS is developed in the open and its source can be found on GitHub: [ARMmbed/mbedtls](https://github.com/ARMmbed/mbedtls). Unlike most other mbed OS components, however, you cannot just clone the repository and run `yotta build` from its root. This is because mbed TLS also exists as an independent component, so its repository includes things that are not relevant for mbed OS, as well as other build systems.
+
+The way to use mbed TLS from a clone of the GitHub repository is to run the following commands from the root of a checkout:
+
+    yotta/create-module.sh
+    cd yotta/module
+
+You can then run any yotta command you would normally run, such as `yotta build` or `yotta link`.
+
+## Differences between the standalone and mbed OS editions
+
+While the two editions share the same code base, there are still a number of differences, mainly in configuration and integration. You should keep in mind those differences when reading some articles in our [knowledge base](https://tls.mbed.org/kb), as currently all the articles are about the standalone edition.
+
+* The mbed OS edition has a smaller set of features enabled by default in `config.h`, in order to reduce footprint. While the default configuration of the standalone edition puts more emphasize on maintaining interoperability with old peers, the mbed OS edition only enables the most modern ciphers and the latest version of (D)TLS.
+
+* The following components of mbed TLS are disabled in the mbed OS edition: `net.c` and `timing.c`. This is because mbed OS includes their equivalents.
+
+* The mbed OS edition comes with a fully integrated API for (D)TLS connections in a companion module: [mbed-tls-sockets](https://github.com/ARMmbed/mbed-tls-sockets). See "Performing TLS and DTLS connections" above.
+
+## Other resources
+
+The [mbed TLS website](https://tls.mbed.org) contains many other useful
+resources for the developer, such as [developer
+documentation](https://tls.mbed.org/dev-corner), [knowledgebase
+articles](https://tls.mbed.org/kb), and a [support forum](https://tls.mbed.org/discussions).
+
+## Contributing
+
+We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
+
+* Simple bug fixes to existing code do not contain copyright themselves and we can integrate without issue. The same is true of trivial contributions.
+
+* For larger contributions, such as a new feature, the code can possibly fall under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for this, which we will send to you in case you submit a contribution or pull request that we deem this necessary for.
+
+To contribute, please:
+
+* [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
+
+* Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
+
+* Write a test that shows that the bug was fixed or that the feature works as expected.
+
+* Send a pull request and bug us until it gets merged and published. We will include your name in the ChangeLog.
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/apache-2.0.txt	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/aes.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,297 @@
+/**
+ * \file aes.h
+ *
+ * \brief AES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AES_H
+#define MBEDTLS_AES_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+/* padlock.c and aesni.c rely on these values! */
+#define MBEDTLS_AES_ENCRYPT     1
+#define MBEDTLS_AES_DECRYPT     0
+
+#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
+#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_AES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          AES context structure
+ *
+ * \note           buf is able to hold 32 extra bytes, which can be used:
+ *                 - for alignment purposes if VIA padlock is used, and/or
+ *                 - to simplify key expansion in the 256-bit case by
+ *                 generating an extra round key
+ */
+typedef struct
+{
+    int nr;                     /*!<  number of rounds  */
+    uint32_t *rk;               /*!<  AES round keys    */
+    uint32_t buf[68];           /*!<  unaligned data    */
+}
+mbedtls_aes_context;
+
+/**
+ * \brief          Initialize AES context
+ *
+ * \param ctx      AES context to be initialized
+ */
+void mbedtls_aes_init( mbedtls_aes_context *ctx );
+
+/**
+ * \brief          Clear AES context
+ *
+ * \param ctx      AES context to be cleared
+ */
+void mbedtls_aes_free( mbedtls_aes_context *ctx );
+
+/**
+ * \brief          AES key schedule (encryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits );
+
+/**
+ * \brief          AES key schedule (decryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      decryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits );
+
+/**
+ * \brief          AES-ECB block encryption/decryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          AES-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          AES-CFB128 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          AES-CFB8 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               AES-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
+ *
+ * \param ctx           AES context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+/**
+ * \brief           Internal AES block encryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see MBEDTLS_AES_ENCRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Plaintext block
+ * \param output    Output (ciphertext) block
+ */
+void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] );
+
+/**
+ * \brief           Internal AES block decryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see MBEDTLS_AES_DECRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Ciphertext block
+ * \param output    Output (plaintext) block
+ */
+void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_AES_ALT */
+#include "aes_alt.h"
+#endif /* MBEDTLS_AES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_aes_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* aes.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/aesni.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,111 @@
+/**
+ * \file aesni.h
+ *
+ * \brief AES-NI for hardware AES acceleration on some Intel processors
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AESNI_H
+#define MBEDTLS_AESNI_H
+
+#include "aes.h"
+
+#define MBEDTLS_AESNI_AES      0x02000000u
+#define MBEDTLS_AESNI_CLMUL    0x00000002u
+
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
+    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
+    ! defined(MBEDTLS_HAVE_X86_64)
+#define MBEDTLS_HAVE_X86_64
+#endif
+
+#if defined(MBEDTLS_HAVE_X86_64)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          AES-NI features detection routine
+ *
+ * \param what     The feature to detect
+ *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
+ *
+ * \return         1 if CPU has support for the feature, 0 otherwise
+ */
+int mbedtls_aesni_has_support( unsigned int what );
+
+/**
+ * \brief          AES-NI AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 on success (cannot fail)
+ */
+int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
+                     int mode,
+                     const unsigned char input[16],
+                     unsigned char output[16] );
+
+/**
+ * \brief          GCM multiplication: c = a * b in GF(2^128)
+ *
+ * \param c        Result
+ * \param a        First operand
+ * \param b        Second operand
+ *
+ * \note           Both operands and result are bit strings interpreted as
+ *                 elements of GF(2^128) as per the GCM spec.
+ */
+void mbedtls_aesni_gcm_mult( unsigned char c[16],
+                     const unsigned char a[16],
+                     const unsigned char b[16] );
+
+/**
+ * \brief           Compute decryption round keys from encryption round keys
+ *
+ * \param invkey    Round keys for the equivalent inverse cipher
+ * \param fwdkey    Original round keys (for encryption)
+ * \param nr        Number of rounds (that is, number of round keys minus one)
+ */
+void mbedtls_aesni_inverse_key( unsigned char *invkey,
+                        const unsigned char *fwdkey, int nr );
+
+/**
+ * \brief           Perform key expansion (for encryption)
+ *
+ * \param rk        Destination buffer where the round keys are written
+ * \param key       Encryption key
+ * \param bits      Key size in bits (must be 128, 192 or 256)
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+ */
+int mbedtls_aesni_setkey_enc( unsigned char *rk,
+                      const unsigned char *key,
+                      size_t bits );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_HAVE_X86_64 */
+
+#endif /* MBEDTLS_AESNI_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/arc4.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,113 @@
+/**
+ * \file arc4.h
+ *
+ * \brief The ARCFOUR stream cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ARC4_H
+#define MBEDTLS_ARC4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if !defined(MBEDTLS_ARC4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          ARC4 context structure
+ */
+typedef struct
+{
+    int x;                      /*!< permutation index */
+    int y;                      /*!< permutation index */
+    unsigned char m[256];       /*!< permutation table */
+}
+mbedtls_arc4_context;
+
+/**
+ * \brief          Initialize ARC4 context
+ *
+ * \param ctx      ARC4 context to be initialized
+ */
+void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
+
+/**
+ * \brief          Clear ARC4 context
+ *
+ * \param ctx      ARC4 context to be cleared
+ */
+void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
+
+/**
+ * \brief          ARC4 key schedule
+ *
+ * \param ctx      ARC4 context to be setup
+ * \param key      the secret key
+ * \param keylen   length of the key, in bytes
+ */
+void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
+                 unsigned int keylen );
+
+/**
+ * \brief          ARC4 cipher function
+ *
+ * \param ctx      ARC4 context
+ * \param length   length of the input data
+ * \param input    buffer holding the input data
+ * \param output   buffer for the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
+                unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_ARC4_ALT */
+#include "arc4_alt.h"
+#endif /* MBEDTLS_ARC4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_arc4_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* arc4.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/asn1.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,342 @@
+/**
+ * \file asn1.h
+ *
+ * \brief Generic ASN.1 parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ASN1_H
+#define MBEDTLS_ASN1_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "bignum.h"
+#endif
+
+/**
+ * \addtogroup asn1_module
+ * \{
+ */
+
+/**
+ * \name ASN1 Error codes
+ * These error codes are OR'ed to X509 error codes for
+ * higher error granularity.
+ * ASN1 is a standard to specify data structures.
+ * \{
+ */
+#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
+#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
+#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
+#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
+#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
+#define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A  /**< Memory allocation failed */
+#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
+
+/* \} name */
+
+/**
+ * \name DER constants
+ * These constants comply with DER encoded the ANS1 type tags.
+ * DER encoding uses hexadecimal representation.
+ * An example DER sequence is:\n
+ * - 0x02 -- tag indicating INTEGER
+ * - 0x01 -- length in octets
+ * - 0x05 -- value
+ * Such sequences are typically read into \c ::mbedtls_x509_buf.
+ * \{
+ */
+#define MBEDTLS_ASN1_BOOLEAN                 0x01
+#define MBEDTLS_ASN1_INTEGER                 0x02
+#define MBEDTLS_ASN1_BIT_STRING              0x03
+#define MBEDTLS_ASN1_OCTET_STRING            0x04
+#define MBEDTLS_ASN1_NULL                    0x05
+#define MBEDTLS_ASN1_OID                     0x06
+#define MBEDTLS_ASN1_UTF8_STRING             0x0C
+#define MBEDTLS_ASN1_SEQUENCE                0x10
+#define MBEDTLS_ASN1_SET                     0x11
+#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
+#define MBEDTLS_ASN1_T61_STRING              0x14
+#define MBEDTLS_ASN1_IA5_STRING              0x16
+#define MBEDTLS_ASN1_UTC_TIME                0x17
+#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
+#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
+#define MBEDTLS_ASN1_BMP_STRING              0x1E
+#define MBEDTLS_ASN1_PRIMITIVE               0x00
+#define MBEDTLS_ASN1_CONSTRUCTED             0x20
+#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
+/* \} name */
+/* \} addtogroup asn1_module */
+
+/** Returns the size of the binary string, without the trailing \\0 */
+#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
+
+/**
+ * Compares an mbedtls_asn1_buf structure to a reference OID.
+ *
+ * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
+ * 'unsigned char *oid' here!
+ */
+#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
+        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
+          memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name Functions to parse ASN.1 data structures
+ * \{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
+ */
+typedef struct mbedtls_asn1_buf
+{
+    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+    size_t len;             /**< ASN1 length, in octets. */
+    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
+}
+mbedtls_asn1_buf;
+
+/**
+ * Container for ASN1 bit strings.
+ */
+typedef struct mbedtls_asn1_bitstring
+{
+    size_t len;                 /**< ASN1 length, in octets. */
+    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
+    unsigned char *p;           /**< Raw ASN1 data for the bit string */
+}
+mbedtls_asn1_bitstring;
+
+/**
+ * Container for a sequence of ASN.1 items
+ */
+typedef struct mbedtls_asn1_sequence
+{
+    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
+    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
+}
+mbedtls_asn1_sequence;
+
+/**
+ * Container for a sequence or list of 'named' ASN.1 data items
+ */
+typedef struct mbedtls_asn1_named_data
+{
+    mbedtls_asn1_buf oid;                   /**< The object identifier. */
+    mbedtls_asn1_buf val;                   /**< The named value. */
+    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
+    unsigned char next_merged;      /**< Merge next item into the current one? */
+}
+mbedtls_asn1_named_data;
+
+/**
+ * \brief       Get the length of an ASN.1 element.
+ *              Updates the pointer to immediately behind the length.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   The variable that will receive the value
+ *
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
+ *              end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
+ *              unparseable.
+ */
+int mbedtls_asn1_get_len( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len );
+
+/**
+ * \brief       Get the tag and length of the tag. Check for the requested tag.
+ *              Updates the pointer to immediately behind the tag and length.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   The variable that will receive the length
+ * \param tag   The expected tag
+ *
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
+ *              not match requested tag, or another specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_tag( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len, int tag );
+
+/**
+ * \brief       Retrieve a boolean ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param val   The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bool( unsigned char **p,
+                   const unsigned char *end,
+                   int *val );
+
+/**
+ * \brief       Retrieve an integer ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param val   The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_int( unsigned char **p,
+                  const unsigned char *end,
+                  int *val );
+
+/**
+ * \brief       Retrieve a bitstring ASN.1 tag and its value.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param bs    The variable that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
+                        mbedtls_asn1_bitstring *bs);
+
+/**
+ * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
+ *              value.
+ *              Updates the pointer to the beginning of the bit/octet string.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param len   Length of the actual bit/octect string in bytes
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
+                             size_t *len );
+
+/**
+ * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>"
+ *              Updated the pointer to immediately behind the full sequence tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param cur   First variable in the chain to fill
+ * \param tag   Type of sequence
+ *
+ * \return      0 if successful or a specific ASN.1 error code.
+ */
+int mbedtls_asn1_get_sequence_of( unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_asn1_sequence *cur,
+                          int tag);
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief       Retrieve a MPI value from an integer ASN.1 tag.
+ *              Updates the pointer to immediately behind the full tag.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param X     The MPI that will receive the value
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_mpi( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+/**
+ * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
+ *              Updates the pointer to immediately behind the full
+ *              AlgorithmIdentifier.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param alg   The buffer to receive the OID
+ * \param params The buffer to receive the params (if any)
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_alg( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
+
+/**
+ * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+ *              params.
+ *              Updates the pointer to immediately behind the full
+ *              AlgorithmIdentifier.
+ *
+ * \param p     The position in the ASN.1 data
+ * \param end   End of data
+ * \param alg   The buffer to receive the OID
+ *
+ * \return      0 if successful or a specific ASN.1 or MPI error code.
+ */
+int mbedtls_asn1_get_alg_null( unsigned char **p,
+                       const unsigned char *end,
+                       mbedtls_asn1_buf *alg );
+
+/**
+ * \brief       Find a specific named_data entry in a sequence or list based on
+ *              the OID.
+ *
+ * \param list  The list to seek through
+ * \param oid   The OID to look for
+ * \param len   Size of the OID
+ *
+ * \return      NULL if not found, or a pointer to the existing entry.
+ */
+mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
+                                       const char *oid, size_t len );
+
+/**
+ * \brief       Free a mbedtls_asn1_named_data entry
+ *
+ * \param entry The named data entry to free
+ */
+void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+
+/**
+ * \brief       Free all entries in a mbedtls_asn1_named_data list
+ *              Head will be set to NULL
+ *
+ * \param head  Pointer to the head of the list of named data entries to free
+ */
+void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* asn1.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/asn1write.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,239 @@
+/**
+ * \file asn1write.h
+ *
+ * \brief ASN.1 buffer writing functionality
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ASN1_WRITE_H
+#define MBEDTLS_ASN1_WRITE_H
+
+#include "asn1.h"
+
+#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else   \
+                                g += ret; } while( 0 )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Write a length field in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param len       the length to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
+
+/**
+ * \brief           Write a ASN.1 tag in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param tag       the tag to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
+                    unsigned char tag );
+
+/**
+ * \brief           Write raw buffer data
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       data buffer to write
+ * \param size      length of the data buffer
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+                           const unsigned char *buf, size_t size );
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief           Write a big number (MBEDTLS_ASN1_INTEGER) in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param X         the MPI to write
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
+
+/**
+ * \brief           Write a NULL tag (MBEDTLS_ASN1_NULL) with zero data in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
+
+/**
+ * \brief           Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param oid       the OID to write
+ * \param oid_len   length of the OID
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len );
+
+/**
+ * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param oid       the OID of the algorithm
+ * \param oid_len   length of the OID
+ * \param par_len   length of parameters, which must be already written.
+ *                  If 0, NULL parameters are added
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+                                     const char *oid, size_t oid_len,
+                                     size_t par_len );
+
+/**
+ * \brief           Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param boolean   0 or 1
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
+
+/**
+ * \brief           Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param val       the integer value
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
+
+/**
+ * \brief           Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param text      the text to write
+ * \param text_len  length of the text
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
+                                 const char *text, size_t text_len );
+
+/**
+ * \brief           Write an IA5 string tag (MBEDTLS_ASN1_IA5_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param text      the text to write
+ * \param text_len  length of the text
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+                           const char *text, size_t text_len );
+
+/**
+ * \brief           Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       the bitstring
+ * \param bits      the total number of bits in the bitstring
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
+                          const unsigned char *buf, size_t bits );
+
+/**
+ * \brief           Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
+ *                  value in ASN.1 format
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param buf       data buffer to write
+ * \param size      length of the data buffer
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
+                             const unsigned char *buf, size_t size );
+
+/**
+ * \brief           Create or find a specific named_data entry for writing in a
+ *                  sequence or list based on the OID. If not already in there,
+ *                  a new entry is added to the head of the list.
+ *                  Warning: Destructive behaviour for the val data!
+ *
+ * \param list      Pointer to the location of the head of the list to seek
+ *                  through (will be updated in case of a new entry)
+ * \param oid       The OID to look for
+ * \param oid_len   Size of the OID
+ * \param val       Data to store (can be NULL if you want to fill it by hand)
+ * \param val_len   Minimum length of the data buffer needed
+ *
+ * \return      NULL if if there was a memory allocation error, or a pointer
+ *              to the new / existing entry.
+ */
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
+                                        const char *oid, size_t oid_len,
+                                        const unsigned char *val,
+                                        size_t val_len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_ASN1_WRITE_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/base64.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,88 @@
+/**
+ * \file base64.h
+ *
+ * \brief RFC 1521 base64 encoding/decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BASE64_H
+#define MBEDTLS_BASE64_H
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
+#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Encode a buffer into base64 format
+ *
+ * \param dst      destination buffer
+ * \param dlen     size of the destination buffer
+ * \param olen     number of bytes written
+ * \param src      source buffer
+ * \param slen     amount of data to be encoded
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
+ *                 *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *                 If that length cannot be represented, then no data is
+ *                 written to the buffer and *olen is set to the maximum
+ *                 length representable as a size_t.
+ *
+ * \note           Call this function with dlen = 0 to obtain the
+ *                 required buffer size in *olen
+ */
+int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen );
+
+/**
+ * \brief          Decode a base64-formatted buffer
+ *
+ * \param dst      destination buffer (can be NULL for checking size)
+ * \param dlen     size of the destination buffer
+ * \param olen     number of bytes written
+ * \param src      source buffer
+ * \param slen     amount of data to be decoded
+ *
+ * \return         0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
+ *                 MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
+ *                 not correct. *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *
+ * \note           Call this function with *dst = NULL or dlen = 0 to obtain
+ *                 the required buffer size in *olen
+ */
+int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_base64_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* base64.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/bignum.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,716 @@
+/**
+ * \file bignum.h
+ *
+ * \brief  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BIGNUM_H
+#define MBEDTLS_BIGNUM_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#endif
+
+#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002  /**< An error occurred while reading from or writing to a file. */
+#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006  /**< There is an invalid character in the digit string. */
+#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A  /**< The input arguments are negative or result in illegal output. */
+#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C  /**< The input argument for division is zero, which is not allowed. */
+#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E  /**< The input arguments are not acceptable. */
+#define MBEDTLS_ERR_MPI_ALLOC_FAILED                      -0x0010  /**< Memory allocation failed. */
+
+#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
+
+/*
+ * Maximum size MPIs are allowed to grow to in number of limbs.
+ */
+#define MBEDTLS_MPI_MAX_LIMBS                             10000
+
+#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
+/*
+ * Maximum window size used for modular exponentiation. Default: 6
+ * Minimum value: 1. Maximum value: 6.
+ *
+ * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
+ * for the sliding window calculation. (So 64 by default)
+ *
+ * Reduction in size, reduces speed.
+ */
+#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
+#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_MPI_MAX_SIZE)
+/*
+ * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
+ * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
+ *
+ * Note: Calculations can results temporarily in larger MPIs. So the number
+ * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
+ */
+#define MBEDTLS_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */
+#endif /* !MBEDTLS_MPI_MAX_SIZE */
+
+#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
+
+/*
+ * When reading from files with mbedtls_mpi_read_file() and writing to files with
+ * mbedtls_mpi_write_file() the buffer should have space
+ * for a (short) label, the MPI (in the provided radix), the newline
+ * characters and the '\0'.
+ *
+ * By default we assume at least a 10 char label, a minimum radix of 10
+ * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
+ * Autosized at compile time for at least a 10 char label, a minimum radix
+ * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
+ *
+ * This used to be statically sized to 1250 for a maximum of 4096 bit
+ * numbers (1234 decimal chars).
+ *
+ * Calculate using the formula:
+ *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
+ *                                LabelSize + 6
+ */
+#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )
+#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
+#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+
+/*
+ * Define the base integer type, architecture-wise.
+ *
+ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes)
+ * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM
+ */
+#if ( ! defined(MBEDTLS_HAVE_INT32) && \
+        defined(_MSC_VER) && defined(_M_AMD64) )
+  #define MBEDTLS_HAVE_INT64
+  typedef  int64_t mbedtls_mpi_sint;
+  typedef uint64_t mbedtls_mpi_uint;
+#else
+  #if ( ! defined(MBEDTLS_HAVE_INT32) &&               \
+        defined(__GNUC__) && (                          \
+        defined(__amd64__) || defined(__x86_64__)    || \
+        defined(__ppc64__) || defined(__powerpc64__) || \
+        defined(__ia64__)  || defined(__alpha__)     || \
+        (defined(__sparc__) && defined(__arch64__))  || \
+        defined(__s390x__) || defined(__mips64) ) )
+     #define MBEDTLS_HAVE_INT64
+     typedef  int64_t mbedtls_mpi_sint;
+     typedef uint64_t mbedtls_mpi_uint;
+     typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
+     #define MBEDTLS_HAVE_UDBL
+  #else
+     #define MBEDTLS_HAVE_INT32
+     typedef  int32_t mbedtls_mpi_sint;
+     typedef uint32_t mbedtls_mpi_uint;
+     typedef uint64_t mbedtls_t_udbl;
+     #define MBEDTLS_HAVE_UDBL
+  #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */
+#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MPI structure
+ */
+typedef struct
+{
+    int s;              /*!<  integer sign      */
+    size_t n;           /*!<  total # of limbs  */
+    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
+}
+mbedtls_mpi;
+
+/**
+ * \brief           Initialize one MPI (make internal references valid)
+ *                  This just makes it ready to be set or freed,
+ *                  but does not define a value for the MPI.
+ *
+ * \param X         One MPI to initialize.
+ */
+void mbedtls_mpi_init( mbedtls_mpi *X );
+
+/**
+ * \brief          Unallocate one MPI
+ *
+ * \param X        One MPI to unallocate.
+ */
+void mbedtls_mpi_free( mbedtls_mpi *X );
+
+/**
+ * \brief          Enlarge to the specified number of limbs
+ *
+ * \param X        MPI to grow
+ * \param nblimbs  The target number of limbs
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
+
+/**
+ * \brief          Resize down, keeping at least the specified number of limbs
+ *
+ * \param X        MPI to shrink
+ * \param nblimbs  The minimum number of limbs to keep
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
+
+/**
+ * \brief          Copy the contents of Y into X
+ *
+ * \param X        Destination MPI
+ * \param Y        Source MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Swap the contents of X and Y
+ *
+ * \param X        First MPI value
+ * \param Y        Second MPI value
+ */
+void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
+
+/**
+ * \brief          Safe conditional assignement X = Y if assign is 1
+ *
+ * \param X        MPI to conditionally assign to
+ * \param Y        Value to be assigned
+ * \param assign   1: perform the assignment, 0: keep X's original value
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *
+ * \note           This function is equivalent to
+ *                      if( assign ) mbedtls_mpi_copy( X, Y );
+ *                 except that it avoids leaking any information about whether
+ *                 the assignment was done or not (the above code may leak
+ *                 information through branch prediction and/or memory access
+ *                 patterns analysis).
+ */
+int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
+
+/**
+ * \brief          Safe conditional swap X <-> Y if swap is 1
+ *
+ * \param X        First mbedtls_mpi value
+ * \param Y        Second mbedtls_mpi value
+ * \param assign   1: perform the swap, 0: keep X and Y's original values
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *
+ * \note           This function is equivalent to
+ *                      if( assign ) mbedtls_mpi_swap( X, Y );
+ *                 except that it avoids leaking any information about whether
+ *                 the assignment was done or not (the above code may leak
+ *                 information through branch prediction and/or memory access
+ *                 patterns analysis).
+ */
+int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
+
+/**
+ * \brief          Set value from integer
+ *
+ * \param X        MPI to set
+ * \param z        Value to use
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
+
+/**
+ * \brief          Get a specific bit from X
+ *
+ * \param X        MPI to use
+ * \param pos      Zero-based index of the bit in X
+ *
+ * \return         Either a 0 or a 1
+ */
+int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
+
+/**
+ * \brief          Set a bit of X to a specific value of 0 or 1
+ *
+ * \note           Will grow X if necessary to set a bit to 1 in a not yet
+ *                 existing limb. Will not grow if bit should be set to 0
+ *
+ * \param X        MPI to use
+ * \param pos      Zero-based index of the bit in X
+ * \param val      The value to set the bit to (0 or 1)
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
+ */
+int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
+
+/**
+ * \brief          Return the number of zero-bits before the least significant
+ *                 '1' bit
+ *
+ * Note: Thus also the zero-based index of the least significant '1' bit
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
+
+/**
+ * \brief          Return the number of bits up to and including the most
+ *                 significant '1' bit'
+ *
+ * Note: Thus also the one-based index of the most significant '1' bit
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
+
+/**
+ * \brief          Return the total size in bytes
+ *
+ * \param X        MPI to use
+ */
+size_t mbedtls_mpi_size( const mbedtls_mpi *X );
+
+/**
+ * \brief          Import from an ASCII string
+ *
+ * \param X        Destination MPI
+ * \param radix    Input numeric base
+ * \param s        Null-terminated string buffer
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
+
+/**
+ * \brief          Export into an ASCII string
+ *
+ * \param X        Source MPI
+ * \param radix    Output numeric base
+ * \param buf      Buffer to write the string to
+ * \param buflen   Length of buf
+ * \param olen     Length of the string written, including final NUL byte
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
+ *                 *olen is always updated to reflect the amount
+ *                 of data that has (or would have) been written.
+ *
+ * \note           Call this function with buflen = 0 to obtain the
+ *                 minimum required buffer size in *olen.
+ */
+int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
+                              char *buf, size_t buflen, size_t *olen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Read X from an opened file
+ *
+ * \param X        Destination MPI
+ * \param radix    Input numeric base
+ * \param fin      Input file handle
+ *
+ * \return         0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
+ *                 the file read buffer is too small or a
+ *                 MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
+
+/**
+ * \brief          Write X into an opened file, or stdout if fout is NULL
+ *
+ * \param p        Prefix, can be NULL
+ * \param X        Source MPI
+ * \param radix    Output numeric base
+ * \param fout     Output file handle (can be NULL)
+ *
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ *
+ * \note           Set fout == NULL to print X on the console.
+ */
+int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Import X from unsigned binary data, big endian
+ *
+ * \param X        Destination MPI
+ * \param buf      Input buffer
+ * \param buflen   Input buffer size
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Export X into unsigned binary data, big endian.
+ *                 Always fills the whole buffer, which will start with zeros
+ *                 if the number is smaller.
+ *
+ * \param X        Source MPI
+ * \param buf      Output buffer
+ * \param buflen   Output buffer size
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
+ */
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Left-shift: X <<= count
+ *
+ * \param X        MPI to shift
+ * \param count    Amount to shift
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
+
+/**
+ * \brief          Right-shift: X >>= count
+ *
+ * \param X        MPI to shift
+ * \param count    Amount to shift
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
+
+/**
+ * \brief          Compare unsigned values
+ *
+ * \param X        Left-hand MPI
+ * \param Y        Right-hand MPI
+ *
+ * \return         1 if |X| is greater than |Y|,
+ *                -1 if |X| is lesser  than |Y| or
+ *                 0 if |X| is equal to |Y|
+ */
+int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Compare signed values
+ *
+ * \param X        Left-hand MPI
+ * \param Y        Right-hand MPI
+ *
+ * \return         1 if X is greater than Y,
+ *                -1 if X is lesser  than Y or
+ *                 0 if X is equal to Y
+ */
+int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+
+/**
+ * \brief          Compare signed values
+ *
+ * \param X        Left-hand MPI
+ * \param z        The integer value to compare to
+ *
+ * \return         1 if X is greater than z,
+ *                -1 if X is lesser  than z or
+ *                 0 if X is equal to z
+ */
+int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
+
+/**
+ * \brief          Unsigned addition: X = |A| + |B|
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Unsigned subtraction: X = |A| - |B|
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
+ */
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed addition: X = A + B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed subtraction: X = A - B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Signed addition: X = A + b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The integer value to add
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Signed subtraction: X = A - b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The integer value to subtract
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Baseline multiplication: X = A * B
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Baseline multiplication: X = A * b
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param b        The unsigned integer value to multiply with
+ *
+ * \note           b is unsigned
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
+
+/**
+ * \brief          Division by mbedtls_mpi: A = Q * B + R
+ *
+ * \param Q        Destination MPI for the quotient
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
+ *
+ * \note           Either Q or R can be NULL.
+ */
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Division by int: A = Q * b + R
+ *
+ * \param Q        Destination MPI for the quotient
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param b        Integer to divide by
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
+ *
+ * \note           Either Q or R can be NULL.
+ */
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Modulo: R = A mod B
+ *
+ * \param R        Destination MPI for the rest value
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
+ */
+int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Modulo: r = A mod b
+ *
+ * \param r        Destination mbedtls_mpi_uint
+ * \param A        Left-hand MPI
+ * \param b        Integer to divide by
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
+ */
+int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
+
+/**
+ * \brief          Sliding-window exponentiation: X = A^E mod N
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param E        Exponent MPI
+ * \param N        Modular MPI
+ * \param _RR      Speed-up MPI used for recalculations
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
+ *                 if E is negative
+ *
+ * \note           _RR is used to avoid re-computing R*R mod N across
+ *                 multiple calls, which speeds up things a bit. It can
+ *                 be set to NULL if the extra performance is unneeded.
+ */
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
+
+/**
+ * \brief          Fill an MPI X with size bytes of random
+ *
+ * \param X        Destination MPI
+ * \param size     Size in bytes
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Greatest common divisor: G = gcd(A, B)
+ *
+ * \param G        Destination MPI
+ * \param A        Left-hand MPI
+ * \param B        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
+
+/**
+ * \brief          Modular inverse: X = A^-1 mod N
+ *
+ * \param X        Destination MPI
+ * \param A        Left-hand MPI
+ * \param N        Right-hand MPI
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
+                   MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
+ */
+int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
+
+/**
+ * \brief          Miller-Rabin primality test
+ *
+ * \param X        MPI to check
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful (probably prime),
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ */
+int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng );
+
+/**
+ * \brief          Prime number generation
+ *
+ * \param X        Destination MPI
+ * \param nbits    Required size of X in bits
+ *                 ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
+ * \param dh_flag  If 1, then (X-1)/2 will be prime too
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful (probably prime),
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
+ */
+int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
+                   int (*f_rng)(void *, unsigned char *, size_t),
+                   void *p_rng );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_mpi_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* bignum.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/blowfish.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,203 @@
+/**
+ * \file blowfish.h
+ *
+ * \brief Blowfish block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_BLOWFISH_H
+#define MBEDTLS_BLOWFISH_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_BLOWFISH_ENCRYPT     1
+#define MBEDTLS_BLOWFISH_DECRYPT     0
+#define MBEDTLS_BLOWFISH_MAX_KEY_BITS     448
+#define MBEDTLS_BLOWFISH_MIN_KEY_BITS     32
+#define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
+#define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
+
+#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH                -0x0016  /**< Invalid key length. */
+#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH              -0x0018  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_BLOWFISH_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Blowfish context structure
+ */
+typedef struct
+{
+    uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
+    uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
+}
+mbedtls_blowfish_context;
+
+/**
+ * \brief          Initialize Blowfish context
+ *
+ * \param ctx      Blowfish context to be initialized
+ */
+void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
+
+/**
+ * \brief          Clear Blowfish context
+ *
+ * \param ctx      Blowfish context to be cleared
+ */
+void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
+
+/**
+ * \brief          Blowfish key schedule
+ *
+ * \param ctx      Blowfish context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be between 32 and 448 bits
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ */
+int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
+                     unsigned int keybits );
+
+/**
+ * \brief          Blowfish-ECB block encryption/decryption
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param input    8-byte input block
+ * \param output   8-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
+                        int mode,
+                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          Blowfish-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (8 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ */
+int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
+                        int mode,
+                        size_t length,
+                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        const unsigned char *input,
+                        unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          Blowfish CFB buffer encryption/decryption.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      Blowfish context
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
+                          int mode,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                          const unsigned char *input,
+                          unsigned char *output );
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               Blowfish-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * \param ctx           Blowfish context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 64-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
+                        size_t length,
+                        size_t *nc_off,
+                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        const unsigned char *input,
+                        unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_BLOWFISH_ALT */
+#include "blowfish_alt.h"
+#endif /* MBEDTLS_BLOWFISH_ALT */
+
+#endif /* blowfish.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/bn_mul.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,876 @@
+/**
+ * \file bn_mul.h
+ *
+ * \brief  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *      Multiply source vector [s] with b, add result
+ *       to destination vector [d] and set carry c.
+ *
+ *      Currently supports:
+ *
+ *         . IA-32 (386+)         . AMD64 / EM64T
+ *         . IA-32 (SSE2)         . Motorola 68000
+ *         . PowerPC, 32-bit      . MicroBlaze
+ *         . PowerPC, 64-bit      . TriCore
+ *         . SPARC v8             . ARM v3+
+ *         . Alpha                . MIPS32
+ *         . C, longlong          . C, generic
+ */
+#ifndef MBEDTLS_BN_MUL_H
+#define MBEDTLS_BN_MUL_H
+
+#include "bignum.h"
+
+#if defined(MBEDTLS_HAVE_ASM)
+
+#ifndef asm
+#define asm __asm
+#endif
+
+/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
+#if defined(__GNUC__) && \
+    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
+#if defined(__i386__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "movl   %%ebx, %0           \n\t"   \
+        "movl   %5, %%esi           \n\t"   \
+        "movl   %6, %%edi           \n\t"   \
+        "movl   %7, %%ecx           \n\t"   \
+        "movl   %8, %%ebx           \n\t"
+
+#define MULADDC_CORE                        \
+        "lodsl                      \n\t"   \
+        "mull   %%ebx               \n\t"   \
+        "addl   %%ecx,   %%eax      \n\t"   \
+        "adcl   $0,      %%edx      \n\t"   \
+        "addl   (%%edi), %%eax      \n\t"   \
+        "adcl   $0,      %%edx      \n\t"   \
+        "movl   %%edx,   %%ecx      \n\t"   \
+        "stosl                      \n\t"
+
+#if defined(MBEDTLS_HAVE_SSE2)
+
+#define MULADDC_HUIT                            \
+        "movd     %%ecx,     %%mm1      \n\t"   \
+        "movd     %%ebx,     %%mm0      \n\t"   \
+        "movd     (%%edi),   %%mm3      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     (%%esi),   %%mm2      \n\t"   \
+        "pmuludq  %%mm0,     %%mm2      \n\t"   \
+        "movd     4(%%esi),  %%mm4      \n\t"   \
+        "pmuludq  %%mm0,     %%mm4      \n\t"   \
+        "movd     8(%%esi),  %%mm6      \n\t"   \
+        "pmuludq  %%mm0,     %%mm6      \n\t"   \
+        "movd     12(%%esi), %%mm7      \n\t"   \
+        "pmuludq  %%mm0,     %%mm7      \n\t"   \
+        "paddq    %%mm2,     %%mm1      \n\t"   \
+        "movd     4(%%edi),  %%mm3      \n\t"   \
+        "paddq    %%mm4,     %%mm3      \n\t"   \
+        "movd     8(%%edi),  %%mm5      \n\t"   \
+        "paddq    %%mm6,     %%mm5      \n\t"   \
+        "movd     12(%%edi), %%mm4      \n\t"   \
+        "paddq    %%mm4,     %%mm7      \n\t"   \
+        "movd     %%mm1,     (%%edi)    \n\t"   \
+        "movd     16(%%esi), %%mm2      \n\t"   \
+        "pmuludq  %%mm0,     %%mm2      \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     20(%%esi), %%mm4      \n\t"   \
+        "pmuludq  %%mm0,     %%mm4      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     24(%%esi), %%mm6      \n\t"   \
+        "pmuludq  %%mm0,     %%mm6      \n\t"   \
+        "movd     %%mm1,     4(%%edi)   \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     28(%%esi), %%mm3      \n\t"   \
+        "pmuludq  %%mm0,     %%mm3      \n\t"   \
+        "paddq    %%mm5,     %%mm1      \n\t"   \
+        "movd     16(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm2      \n\t"   \
+        "movd     %%mm1,     8(%%edi)   \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm7,     %%mm1      \n\t"   \
+        "movd     20(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm4      \n\t"   \
+        "movd     %%mm1,     12(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm2,     %%mm1      \n\t"   \
+        "movd     24(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm6      \n\t"   \
+        "movd     %%mm1,     16(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm4,     %%mm1      \n\t"   \
+        "movd     28(%%edi), %%mm5      \n\t"   \
+        "paddq    %%mm5,     %%mm3      \n\t"   \
+        "movd     %%mm1,     20(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm6,     %%mm1      \n\t"   \
+        "movd     %%mm1,     24(%%edi)  \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "paddq    %%mm3,     %%mm1      \n\t"   \
+        "movd     %%mm1,     28(%%edi)  \n\t"   \
+        "addl     $32,       %%edi      \n\t"   \
+        "addl     $32,       %%esi      \n\t"   \
+        "psrlq    $32,       %%mm1      \n\t"   \
+        "movd     %%mm1,     %%ecx      \n\t"
+
+#define MULADDC_STOP                    \
+        "emms                   \n\t"   \
+        "movl   %4, %%ebx       \n\t"   \
+        "movl   %%ecx, %1       \n\t"   \
+        "movl   %%edi, %2       \n\t"   \
+        "movl   %%esi, %3       \n\t"   \
+        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
+        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
+        : "eax", "ecx", "edx", "esi", "edi"             \
+    );
+
+#else
+
+#define MULADDC_STOP                    \
+        "movl   %4, %%ebx       \n\t"   \
+        "movl   %%ecx, %1       \n\t"   \
+        "movl   %%edi, %2       \n\t"   \
+        "movl   %%esi, %3       \n\t"   \
+        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
+        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
+        : "eax", "ecx", "edx", "esi", "edi"             \
+    );
+#endif /* SSE2 */
+#endif /* i386 */
+
+#if defined(__amd64__) || defined (__x86_64__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "movq   %3, %%rsi           \n\t"   \
+        "movq   %4, %%rdi           \n\t"   \
+        "movq   %5, %%rcx           \n\t"   \
+        "movq   %6, %%rbx           \n\t"   \
+        "xorq   %%r8, %%r8          \n\t"
+
+#define MULADDC_CORE                        \
+        "movq   (%%rsi), %%rax      \n\t"   \
+        "mulq   %%rbx               \n\t"   \
+        "addq   $8,      %%rsi      \n\t"   \
+        "addq   %%rcx,   %%rax      \n\t"   \
+        "movq   %%r8,    %%rcx      \n\t"   \
+        "adcq   $0,      %%rdx      \n\t"   \
+        "nop                        \n\t"   \
+        "addq   %%rax,   (%%rdi)    \n\t"   \
+        "adcq   %%rdx,   %%rcx      \n\t"   \
+        "addq   $8,      %%rdi      \n\t"
+
+#define MULADDC_STOP                        \
+        "movq   %%rcx, %0           \n\t"   \
+        "movq   %%rdi, %1           \n\t"   \
+        "movq   %%rsi, %2           \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)                      \
+        : "m" (s), "m" (d), "m" (c), "m" (b)                \
+        : "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8"    \
+    );
+
+#endif /* AMD64 */
+
+#if defined(__mc68020__) || defined(__mcpu32__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "movl   %3, %%a2        \n\t"   \
+        "movl   %4, %%a3        \n\t"   \
+        "movl   %5, %%d3        \n\t"   \
+        "movl   %6, %%d2        \n\t"   \
+        "moveq  #0, %%d0        \n\t"
+
+#define MULADDC_CORE                    \
+        "movel  %%a2@+, %%d1    \n\t"   \
+        "mulul  %%d2, %%d4:%%d1 \n\t"   \
+        "addl   %%d3, %%d1      \n\t"   \
+        "addxl  %%d0, %%d4      \n\t"   \
+        "moveq  #0,   %%d3      \n\t"   \
+        "addl   %%d1, %%a3@+    \n\t"   \
+        "addxl  %%d4, %%d3      \n\t"
+
+#define MULADDC_STOP                    \
+        "movl   %%d3, %0        \n\t"   \
+        "movl   %%a3, %1        \n\t"   \
+        "movl   %%a2, %2        \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "d0", "d1", "d2", "d3", "d4", "a2", "a3"  \
+    );
+
+#define MULADDC_HUIT                        \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
+        "addxl  %%d3,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d4       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "movel  %%a2@+,  %%d1       \n\t"   \
+        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
+        "addxl  %%d4,    %%d1       \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"   \
+        "addl   %%d1,    %%a3@+     \n\t"   \
+        "addxl  %%d0,    %%d3       \n\t"
+
+#endif /* MC68000 */
+
+#if defined(__powerpc64__) || defined(__ppc64__)
+
+#if defined(__MACH__) && defined(__APPLE__)
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "ld     r3, %3              \n\t"   \
+        "ld     r4, %4              \n\t"   \
+        "ld     r5, %5              \n\t"   \
+        "ld     r6, %6              \n\t"   \
+        "addi   r3, r3, -8          \n\t"   \
+        "addi   r4, r4, -8          \n\t"   \
+        "addic  r5, r5,  0          \n\t"
+
+#define MULADDC_CORE                        \
+        "ldu    r7, 8(r3)           \n\t"   \
+        "mulld  r8, r7, r6          \n\t"   \
+        "mulhdu r9, r7, r6          \n\t"   \
+        "adde   r8, r8, r5          \n\t"   \
+        "ld     r7, 8(r4)           \n\t"   \
+        "addze  r5, r9              \n\t"   \
+        "addc   r8, r8, r7          \n\t"   \
+        "stdu   r8, 8(r4)           \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  r5, r5              \n\t"   \
+        "addi   r4, r4, 8           \n\t"   \
+        "addi   r3, r3, 8           \n\t"   \
+        "std    r5, %0              \n\t"   \
+        "std    r4, %1              \n\t"   \
+        "std    r3, %2              \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+
+#else /* __MACH__ && __APPLE__ */
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "ld     %%r3, %3            \n\t"   \
+        "ld     %%r4, %4            \n\t"   \
+        "ld     %%r5, %5            \n\t"   \
+        "ld     %%r6, %6            \n\t"   \
+        "addi   %%r3, %%r3, -8      \n\t"   \
+        "addi   %%r4, %%r4, -8      \n\t"   \
+        "addic  %%r5, %%r5,  0      \n\t"
+
+#define MULADDC_CORE                        \
+        "ldu    %%r7, 8(%%r3)       \n\t"   \
+        "mulld  %%r8, %%r7, %%r6    \n\t"   \
+        "mulhdu %%r9, %%r7, %%r6    \n\t"   \
+        "adde   %%r8, %%r8, %%r5    \n\t"   \
+        "ld     %%r7, 8(%%r4)       \n\t"   \
+        "addze  %%r5, %%r9          \n\t"   \
+        "addc   %%r8, %%r8, %%r7    \n\t"   \
+        "stdu   %%r8, 8(%%r4)       \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  %%r5, %%r5          \n\t"   \
+        "addi   %%r4, %%r4, 8       \n\t"   \
+        "addi   %%r3, %%r3, 8       \n\t"   \
+        "std    %%r5, %0            \n\t"   \
+        "std    %%r4, %1            \n\t"   \
+        "std    %%r3, %2            \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#endif /* __MACH__ && __APPLE__ */
+
+#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32  */
+
+#if defined(__MACH__) && defined(__APPLE__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lwz    r3, %3          \n\t"   \
+        "lwz    r4, %4          \n\t"   \
+        "lwz    r5, %5          \n\t"   \
+        "lwz    r6, %6          \n\t"   \
+        "addi   r3, r3, -4      \n\t"   \
+        "addi   r4, r4, -4      \n\t"   \
+        "addic  r5, r5,  0      \n\t"
+
+#define MULADDC_CORE                    \
+        "lwzu   r7, 4(r3)       \n\t"   \
+        "mullw  r8, r7, r6      \n\t"   \
+        "mulhwu r9, r7, r6      \n\t"   \
+        "adde   r8, r8, r5      \n\t"   \
+        "lwz    r7, 4(r4)       \n\t"   \
+        "addze  r5, r9          \n\t"   \
+        "addc   r8, r8, r7      \n\t"   \
+        "stwu   r8, 4(r4)       \n\t"
+
+#define MULADDC_STOP                    \
+        "addze  r5, r5          \n\t"   \
+        "addi   r4, r4, 4       \n\t"   \
+        "addi   r3, r3, 4       \n\t"   \
+        "stw    r5, %0          \n\t"   \
+        "stw    r4, %1          \n\t"   \
+        "stw    r3, %2          \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#else /* __MACH__ && __APPLE__ */
+
+#define MULADDC_INIT                        \
+    asm(                                    \
+        "lwz    %%r3, %3            \n\t"   \
+        "lwz    %%r4, %4            \n\t"   \
+        "lwz    %%r5, %5            \n\t"   \
+        "lwz    %%r6, %6            \n\t"   \
+        "addi   %%r3, %%r3, -4      \n\t"   \
+        "addi   %%r4, %%r4, -4      \n\t"   \
+        "addic  %%r5, %%r5,  0      \n\t"
+
+#define MULADDC_CORE                        \
+        "lwzu   %%r7, 4(%%r3)       \n\t"   \
+        "mullw  %%r8, %%r7, %%r6    \n\t"   \
+        "mulhwu %%r9, %%r7, %%r6    \n\t"   \
+        "adde   %%r8, %%r8, %%r5    \n\t"   \
+        "lwz    %%r7, 4(%%r4)       \n\t"   \
+        "addze  %%r5, %%r9          \n\t"   \
+        "addc   %%r8, %%r8, %%r7    \n\t"   \
+        "stwu   %%r8, 4(%%r4)       \n\t"
+
+#define MULADDC_STOP                        \
+        "addze  %%r5, %%r5          \n\t"   \
+        "addi   %%r4, %%r4, 4       \n\t"   \
+        "addi   %%r3, %%r3, 4       \n\t"   \
+        "stw    %%r5, %0            \n\t"   \
+        "stw    %%r4, %1            \n\t"   \
+        "stw    %%r3, %2            \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
+    );
+
+#endif /* __MACH__ && __APPLE__ */
+
+#endif /* PPC32 */
+
+/*
+ * The Sparc(64) assembly is reported to be broken.
+ * Disable it for now, until we're able to fix it.
+ */
+#if 0 && defined(__sparc__)
+#if defined(__sparc64__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+                "ldx     %3, %%o0               \n\t"   \
+                "ldx     %4, %%o1               \n\t"   \
+                "ld      %5, %%o2               \n\t"   \
+                "ld      %6, %%o3               \n\t"
+
+#define MULADDC_CORE                                    \
+                "ld      [%%o0], %%o4           \n\t"   \
+                "inc     4, %%o0                \n\t"   \
+                "ld      [%%o1], %%o5           \n\t"   \
+                "umul    %%o3, %%o4, %%o4       \n\t"   \
+                "addcc   %%o4, %%o2, %%o4       \n\t"   \
+                "rd      %%y, %%g1              \n\t"   \
+                "addx    %%g1, 0, %%g1          \n\t"   \
+                "addcc   %%o4, %%o5, %%o4       \n\t"   \
+                "st      %%o4, [%%o1]           \n\t"   \
+                "addx    %%g1, 0, %%o2          \n\t"   \
+                "inc     4, %%o1                \n\t"
+
+        #define MULADDC_STOP                            \
+                "st      %%o2, %0               \n\t"   \
+                "stx     %%o1, %1               \n\t"   \
+                "stx     %%o0, %2               \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "g1", "o0", "o1", "o2", "o3", "o4",   \
+          "o5"                                  \
+        );
+
+#else /* __sparc64__ */
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+                "ld      %3, %%o0               \n\t"   \
+                "ld      %4, %%o1               \n\t"   \
+                "ld      %5, %%o2               \n\t"   \
+                "ld      %6, %%o3               \n\t"
+
+#define MULADDC_CORE                                    \
+                "ld      [%%o0], %%o4           \n\t"   \
+                "inc     4, %%o0                \n\t"   \
+                "ld      [%%o1], %%o5           \n\t"   \
+                "umul    %%o3, %%o4, %%o4       \n\t"   \
+                "addcc   %%o4, %%o2, %%o4       \n\t"   \
+                "rd      %%y, %%g1              \n\t"   \
+                "addx    %%g1, 0, %%g1          \n\t"   \
+                "addcc   %%o4, %%o5, %%o4       \n\t"   \
+                "st      %%o4, [%%o1]           \n\t"   \
+                "addx    %%g1, 0, %%o2          \n\t"   \
+                "inc     4, %%o1                \n\t"
+
+#define MULADDC_STOP                                    \
+                "st      %%o2, %0               \n\t"   \
+                "st      %%o1, %1               \n\t"   \
+                "st      %%o0, %2               \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "g1", "o0", "o1", "o2", "o3", "o4",   \
+          "o5"                                  \
+        );
+
+#endif /* __sparc64__ */
+#endif /* __sparc__ */
+
+#if defined(__microblaze__) || defined(microblaze)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lwi   r3,   %3         \n\t"   \
+        "lwi   r4,   %4         \n\t"   \
+        "lwi   r5,   %5         \n\t"   \
+        "lwi   r6,   %6         \n\t"   \
+        "andi  r7,   r6, 0xffff \n\t"   \
+        "bsrli r6,   r6, 16     \n\t"
+
+#define MULADDC_CORE                    \
+        "lhui  r8,   r3,   0    \n\t"   \
+        "addi  r3,   r3,   2    \n\t"   \
+        "lhui  r9,   r3,   0    \n\t"   \
+        "addi  r3,   r3,   2    \n\t"   \
+        "mul   r10,  r9,  r6    \n\t"   \
+        "mul   r11,  r8,  r7    \n\t"   \
+        "mul   r12,  r9,  r7    \n\t"   \
+        "mul   r13,  r8,  r6    \n\t"   \
+        "bsrli  r8, r10,  16    \n\t"   \
+        "bsrli  r9, r11,  16    \n\t"   \
+        "add   r13, r13,  r8    \n\t"   \
+        "add   r13, r13,  r9    \n\t"   \
+        "bslli r10, r10,  16    \n\t"   \
+        "bslli r11, r11,  16    \n\t"   \
+        "add   r12, r12, r10    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "add   r12, r12, r11    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "lwi   r10,  r4,   0    \n\t"   \
+        "add   r12, r12, r10    \n\t"   \
+        "addc  r13, r13,  r0    \n\t"   \
+        "add   r12, r12,  r5    \n\t"   \
+        "addc   r5, r13,  r0    \n\t"   \
+        "swi   r12,  r4,   0    \n\t"   \
+        "addi   r4,  r4,   4    \n\t"
+
+#define MULADDC_STOP                    \
+        "swi   r5,   %0         \n\t"   \
+        "swi   r4,   %1         \n\t"   \
+        "swi   r3,   %2         \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "r3", "r4"  "r5", "r6", "r7", "r8",       \
+          "r9", "r10", "r11", "r12", "r13"          \
+    );
+
+#endif /* MicroBlaze */
+
+#if defined(__tricore__)
+
+#define MULADDC_INIT                            \
+    asm(                                        \
+        "ld.a   %%a2, %3                \n\t"   \
+        "ld.a   %%a3, %4                \n\t"   \
+        "ld.w   %%d4, %5                \n\t"   \
+        "ld.w   %%d1, %6                \n\t"   \
+        "xor    %%d5, %%d5              \n\t"
+
+#define MULADDC_CORE                            \
+        "ld.w   %%d0,   [%%a2+]         \n\t"   \
+        "madd.u %%e2, %%e4, %%d0, %%d1  \n\t"   \
+        "ld.w   %%d0,   [%%a3]          \n\t"   \
+        "addx   %%d2,    %%d2,  %%d0    \n\t"   \
+        "addc   %%d3,    %%d3,    0     \n\t"   \
+        "mov    %%d4,    %%d3           \n\t"   \
+        "st.w  [%%a3+],  %%d2           \n\t"
+
+#define MULADDC_STOP                            \
+        "st.w   %0, %%d4                \n\t"   \
+        "st.a   %1, %%a3                \n\t"   \
+        "st.a   %2, %%a2                \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)          \
+        : "m" (s), "m" (d), "m" (c), "m" (b)    \
+        : "d0", "d1", "e2", "d4", "a2", "a3"    \
+    );
+
+#endif /* TriCore */
+
+#if defined(__arm__)
+
+#if defined(__thumb__) && !defined(__thumb2__)
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+            "ldr    r0, %3                      \n\t"   \
+            "ldr    r1, %4                      \n\t"   \
+            "ldr    r2, %5                      \n\t"   \
+            "ldr    r3, %6                      \n\t"   \
+            "lsr    r7, r3, #16                 \n\t"   \
+            "mov    r9, r7                      \n\t"   \
+            "lsl    r7, r3, #16                 \n\t"   \
+            "lsr    r7, r7, #16                 \n\t"   \
+            "mov    r8, r7                      \n\t"
+
+#define MULADDC_CORE                                    \
+            "ldmia  r0!, {r6}                   \n\t"   \
+            "lsr    r7, r6, #16                 \n\t"   \
+            "lsl    r6, r6, #16                 \n\t"   \
+            "lsr    r6, r6, #16                 \n\t"   \
+            "mov    r4, r8                      \n\t"   \
+            "mul    r4, r6                      \n\t"   \
+            "mov    r3, r9                      \n\t"   \
+            "mul    r6, r3                      \n\t"   \
+            "mov    r5, r9                      \n\t"   \
+            "mul    r5, r7                      \n\t"   \
+            "mov    r3, r8                      \n\t"   \
+            "mul    r7, r3                      \n\t"   \
+            "lsr    r3, r6, #16                 \n\t"   \
+            "add    r5, r5, r3                  \n\t"   \
+            "lsr    r3, r7, #16                 \n\t"   \
+            "add    r5, r5, r3                  \n\t"   \
+            "add    r4, r4, r2                  \n\t"   \
+            "mov    r2, #0                      \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "lsl    r3, r6, #16                 \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "lsl    r3, r7, #16                 \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r5, r2                      \n\t"   \
+            "ldr    r3, [r1]                    \n\t"   \
+            "add    r4, r4, r3                  \n\t"   \
+            "adc    r2, r5                      \n\t"   \
+            "stmia  r1!, {r4}                   \n\t"
+
+#define MULADDC_STOP                                    \
+            "str    r2, %0                      \n\t"   \
+            "str    r1, %1                      \n\t"   \
+            "str    r0, %2                      \n\t"   \
+         : "=m" (c),  "=m" (d), "=m" (s)        \
+         : "m" (s), "m" (d), "m" (c), "m" (b)   \
+         : "r0", "r1", "r2", "r3", "r4", "r5",  \
+           "r6", "r7", "r8", "r9", "cc"         \
+         );
+
+#else
+
+#define MULADDC_INIT                                    \
+    asm(                                                \
+            "ldr    r0, %3                      \n\t"   \
+            "ldr    r1, %4                      \n\t"   \
+            "ldr    r2, %5                      \n\t"   \
+            "ldr    r3, %6                      \n\t"
+
+#define MULADDC_CORE                                    \
+            "ldr    r4, [r0], #4                \n\t"   \
+            "mov    r5, #0                      \n\t"   \
+            "ldr    r6, [r1]                    \n\t"   \
+            "umlal  r2, r5, r3, r4              \n\t"   \
+            "adds   r7, r6, r2                  \n\t"   \
+            "adc    r2, r5, #0                  \n\t"   \
+            "str    r7, [r1], #4                \n\t"
+
+#define MULADDC_STOP                                    \
+            "str    r2, %0                      \n\t"   \
+            "str    r1, %1                      \n\t"   \
+            "str    r0, %2                      \n\t"   \
+         : "=m" (c),  "=m" (d), "=m" (s)        \
+         : "m" (s), "m" (d), "m" (c), "m" (b)   \
+         : "r0", "r1", "r2", "r3", "r4", "r5",  \
+           "r6", "r7", "cc"                     \
+         );
+
+#endif /* Thumb */
+
+#endif /* ARMv3 */
+
+#if defined(__alpha__)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "ldq    $1, %3          \n\t"   \
+        "ldq    $2, %4          \n\t"   \
+        "ldq    $3, %5          \n\t"   \
+        "ldq    $4, %6          \n\t"
+
+#define MULADDC_CORE                    \
+        "ldq    $6,  0($1)      \n\t"   \
+        "addq   $1,  8, $1      \n\t"   \
+        "mulq   $6, $4, $7      \n\t"   \
+        "umulh  $6, $4, $6      \n\t"   \
+        "addq   $7, $3, $7      \n\t"   \
+        "cmpult $7, $3, $3      \n\t"   \
+        "ldq    $5,  0($2)      \n\t"   \
+        "addq   $7, $5, $7      \n\t"   \
+        "cmpult $7, $5, $5      \n\t"   \
+        "stq    $7,  0($2)      \n\t"   \
+        "addq   $2,  8, $2      \n\t"   \
+        "addq   $6, $3, $3      \n\t"   \
+        "addq   $5, $3, $3      \n\t"
+
+#define MULADDC_STOP                                    \
+        "stq    $3, %0          \n\t"   \
+        "stq    $2, %1          \n\t"   \
+        "stq    $1, %2          \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)              \
+        : "m" (s), "m" (d), "m" (c), "m" (b)        \
+        : "$1", "$2", "$3", "$4", "$5", "$6", "$7"  \
+    );
+#endif /* Alpha */
+
+#if defined(__mips__) && !defined(__mips64)
+
+#define MULADDC_INIT                    \
+    asm(                                \
+        "lw     $10, %3         \n\t"   \
+        "lw     $11, %4         \n\t"   \
+        "lw     $12, %5         \n\t"   \
+        "lw     $13, %6         \n\t"
+
+#define MULADDC_CORE                    \
+        "lw     $14, 0($10)     \n\t"   \
+        "multu  $13, $14        \n\t"   \
+        "addi   $10, $10, 4     \n\t"   \
+        "mflo   $14             \n\t"   \
+        "mfhi   $9              \n\t"   \
+        "addu   $14, $12, $14   \n\t"   \
+        "lw     $15, 0($11)     \n\t"   \
+        "sltu   $12, $14, $12   \n\t"   \
+        "addu   $15, $14, $15   \n\t"   \
+        "sltu   $14, $15, $14   \n\t"   \
+        "addu   $12, $12, $9    \n\t"   \
+        "sw     $15, 0($11)     \n\t"   \
+        "addu   $12, $12, $14   \n\t"   \
+        "addi   $11, $11, 4     \n\t"
+
+#define MULADDC_STOP                    \
+        "sw     $12, %0         \n\t"   \
+        "sw     $11, %1         \n\t"   \
+        "sw     $10, %2         \n\t"   \
+        : "=m" (c), "=m" (d), "=m" (s)                      \
+        : "m" (s), "m" (d), "m" (c), "m" (b)                \
+        : "$9", "$10", "$11", "$12", "$13", "$14", "$15"    \
+    );
+
+#endif /* MIPS */
+#endif /* GNUC */
+
+#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
+
+#define MULADDC_INIT                            \
+    __asm   mov     esi, s                      \
+    __asm   mov     edi, d                      \
+    __asm   mov     ecx, c                      \
+    __asm   mov     ebx, b
+
+#define MULADDC_CORE                            \
+    __asm   lodsd                               \
+    __asm   mul     ebx                         \
+    __asm   add     eax, ecx                    \
+    __asm   adc     edx, 0                      \
+    __asm   add     eax, [edi]                  \
+    __asm   adc     edx, 0                      \
+    __asm   mov     ecx, edx                    \
+    __asm   stosd
+
+#if defined(MBEDTLS_HAVE_SSE2)
+
+#define EMIT __asm _emit
+
+#define MULADDC_HUIT                            \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x1F             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x16             \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x7E  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF8             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x5F  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xDC             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xEE             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x67  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xFC             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x0F             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x56  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x04  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x5E  EMIT 0x1C  \
+    EMIT 0x0F  EMIT 0xF4  EMIT 0xD8             \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCD             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xD5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x08  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCF             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xE5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x0C  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xF5             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x10  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCC             \
+    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x1C  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xDD             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x14  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCE             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x18  \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x1C  \
+    EMIT 0x83  EMIT 0xC7  EMIT 0x20             \
+    EMIT 0x83  EMIT 0xC6  EMIT 0x20             \
+    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
+    EMIT 0x0F  EMIT 0x7E  EMIT 0xC9
+
+#define MULADDC_STOP                            \
+    EMIT 0x0F  EMIT 0x77                        \
+    __asm   mov     c, ecx                      \
+    __asm   mov     d, edi                      \
+    __asm   mov     s, esi                      \
+
+#else
+
+#define MULADDC_STOP                            \
+    __asm   mov     c, ecx                      \
+    __asm   mov     d, edi                      \
+    __asm   mov     s, esi                      \
+
+#endif /* SSE2 */
+#endif /* MSVC */
+
+#endif /* MBEDTLS_HAVE_ASM */
+
+#if !defined(MULADDC_CORE)
+#if defined(MBEDTLS_HAVE_UDBL)
+
+#define MULADDC_INIT                    \
+{                                       \
+    mbedtls_t_udbl r;                           \
+    mbedtls_mpi_uint r0, r1;
+
+#define MULADDC_CORE                    \
+    r   = *(s++) * (mbedtls_t_udbl) b;          \
+    r0  = (mbedtls_mpi_uint) r;                   \
+    r1  = (mbedtls_mpi_uint)( r >> biL );         \
+    r0 += c;  r1 += (r0 <  c);          \
+    r0 += *d; r1 += (r0 < *d);          \
+    c = r1; *(d++) = r0;
+
+#define MULADDC_STOP                    \
+}
+
+#else
+#define MULADDC_INIT                    \
+{                                       \
+    mbedtls_mpi_uint s0, s1, b0, b1;              \
+    mbedtls_mpi_uint r0, r1, rx, ry;              \
+    b0 = ( b << biH ) >> biH;           \
+    b1 = ( b >> biH );
+
+#define MULADDC_CORE                    \
+    s0 = ( *s << biH ) >> biH;          \
+    s1 = ( *s >> biH ); s++;            \
+    rx = s0 * b1; r0 = s0 * b0;         \
+    ry = s1 * b0; r1 = s1 * b1;         \
+    r1 += ( rx >> biH );                \
+    r1 += ( ry >> biH );                \
+    rx <<= biH; ry <<= biH;             \
+    r0 += rx; r1 += (r0 < rx);          \
+    r0 += ry; r1 += (r0 < ry);          \
+    r0 +=  c; r1 += (r0 <  c);          \
+    r0 += *d; r1 += (r0 < *d);          \
+    c = r1; *(d++) = r0;
+
+#define MULADDC_STOP                    \
+}
+
+#endif /* C (generic)  */
+#endif /* C (longlong) */
+
+#endif /* bn_mul.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/camellia.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,235 @@
+/**
+ * \file camellia.h
+ *
+ * \brief Camellia block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CAMELLIA_H
+#define MBEDTLS_CAMELLIA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_CAMELLIA_ENCRYPT     1
+#define MBEDTLS_CAMELLIA_DECRYPT     0
+
+#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
+#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
+
+#if !defined(MBEDTLS_CAMELLIA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CAMELLIA context structure
+ */
+typedef struct
+{
+    int nr;                     /*!<  number of rounds  */
+    uint32_t rk[68];            /*!<  CAMELLIA round keys    */
+}
+mbedtls_camellia_context;
+
+/**
+ * \brief          Initialize CAMELLIA context
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ */
+void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
+
+/**
+ * \brief          Clear CAMELLIA context
+ *
+ * \param ctx      CAMELLIA context to be cleared
+ */
+void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
+
+/**
+ * \brief          CAMELLIA key schedule (encryption)
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ */
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits );
+
+/**
+ * \brief          CAMELLIA key schedule (decryption)
+ *
+ * \param ctx      CAMELLIA context to be initialized
+ * \param key      decryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ */
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits );
+
+/**
+ * \brief          CAMELLIA-ECB block encryption/decryption
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          CAMELLIA-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ */
+int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/**
+ * \brief          CAMELLIA-CFB128 buffer encryption/decryption
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      CAMELLIA context
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ */
+int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/**
+ * \brief               CAMELLIA-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
+ *
+ * \param ctx           CAMELLIA context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_CAMELLIA_ALT */
+#include "camellia_alt.h"
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_camellia_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* camellia.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ccm.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,141 @@
+/**
+ * \file ccm.h
+ *
+ * \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CCM_H
+#define MBEDTLS_CCM_H
+
+#include "cipher.h"
+
+#define MBEDTLS_ERR_CCM_BAD_INPUT      -0x000D /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CCM_AUTH_FAILED    -0x000F /**< Authenticated decryption failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CCM context structure
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;    /*!< cipher context used */
+}
+mbedtls_ccm_context;
+
+/**
+ * \brief           Initialize CCM context (just makes references valid)
+ *                  Makes the context ready for mbedtls_ccm_setkey() or
+ *                  mbedtls_ccm_free().
+ *
+ * \param ctx       CCM context to initialize
+ */
+void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
+
+/**
+ * \brief           CCM initialization (encryption and decryption)
+ *
+ * \param ctx       CCM context to be initialized
+ * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param key       encryption key
+ * \param keybits   key size in bits (must be acceptable by the cipher)
+ *
+ * \return          0 if successful, or a cipher specific error code
+ */
+int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits );
+
+/**
+ * \brief           Free a CCM context and underlying cipher sub-context
+ *
+ * \param ctx       CCM context to free
+ */
+void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
+
+/**
+ * \brief           CCM buffer encryption
+ *
+ * \param ctx       CCM context
+ * \param length    length of the input data in bytes
+ * \param iv        nonce (initialization vector)
+ * \param iv_len    length of IV in bytes
+ *                  must be 2, 3, 4, 5, 6, 7 or 8
+ * \param add       additional data
+ * \param add_len   length of additional data in bytes
+ *                  must be less than 2^16 - 2^8
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *                  must be at least 'length' bytes wide
+ * \param tag       buffer for holding the tag
+ * \param tag_len   length of the tag to generate in bytes
+ *                  must be 4, 6, 8, 10, 14 or 16
+ *
+ * \note            The tag is written to a separate buffer. To get the tag
+ *                  concatenated with the output as in the CCM spec, use
+ *                  tag = output + length and make sure the output buffer is
+ *                  at least length + tag_len wide.
+ *
+ * \return          0 if successful
+ */
+int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *add, size_t add_len,
+                         const unsigned char *input, unsigned char *output,
+                         unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief           CCM buffer authenticated decryption
+ *
+ * \param ctx       CCM context
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ * \param tag       buffer holding the tag
+ * \param tag_len   length of the tag
+ *
+ * \return         0 if successful and authenticated,
+ *                 MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match
+ */
+int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
+                      const unsigned char *iv, size_t iv_len,
+                      const unsigned char *add, size_t add_len,
+                      const unsigned char *input, unsigned char *output,
+                      const unsigned char *tag, size_t tag_len );
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_ccm_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CCM_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/certs.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,99 @@
+/**
+ * \file certs.h
+ *
+ * \brief Sample certificates and DHM parameters for testing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CERTS_H
+#define MBEDTLS_CERTS_H
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/* Concatenation of all CA certificates in PEM format if available */
+extern const char   mbedtls_test_cas_pem[];
+extern const size_t mbedtls_test_cas_pem_len;
+#endif
+
+/* List of all CA certificates, terminated by NULL */
+extern const char * mbedtls_test_cas[];
+extern const size_t mbedtls_test_cas_len[];
+
+/*
+ * Convenience for users who just want a certificate:
+ * RSA by default, or ECDSA if RSA is not available
+ */
+extern const char * mbedtls_test_ca_crt;
+extern const size_t mbedtls_test_ca_crt_len;
+extern const char * mbedtls_test_ca_key;
+extern const size_t mbedtls_test_ca_key_len;
+extern const char * mbedtls_test_ca_pwd;
+extern const size_t mbedtls_test_ca_pwd_len;
+extern const char * mbedtls_test_srv_crt;
+extern const size_t mbedtls_test_srv_crt_len;
+extern const char * mbedtls_test_srv_key;
+extern const size_t mbedtls_test_srv_key_len;
+extern const char * mbedtls_test_cli_crt;
+extern const size_t mbedtls_test_cli_crt_len;
+extern const char * mbedtls_test_cli_key;
+extern const size_t mbedtls_test_cli_key_len;
+
+#if defined(MBEDTLS_ECDSA_C)
+extern const char   mbedtls_test_ca_crt_ec[];
+extern const size_t mbedtls_test_ca_crt_ec_len;
+extern const char   mbedtls_test_ca_key_ec[];
+extern const size_t mbedtls_test_ca_key_ec_len;
+extern const char   mbedtls_test_ca_pwd_ec[];
+extern const size_t mbedtls_test_ca_pwd_ec_len;
+extern const char   mbedtls_test_srv_crt_ec[];
+extern const size_t mbedtls_test_srv_crt_ec_len;
+extern const char   mbedtls_test_srv_key_ec[];
+extern const size_t mbedtls_test_srv_key_ec_len;
+extern const char   mbedtls_test_cli_crt_ec[];
+extern const size_t mbedtls_test_cli_crt_ec_len;
+extern const char   mbedtls_test_cli_key_ec[];
+extern const size_t mbedtls_test_cli_key_ec_len;
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+extern const char   mbedtls_test_ca_crt_rsa[];
+extern const size_t mbedtls_test_ca_crt_rsa_len;
+extern const char   mbedtls_test_ca_key_rsa[];
+extern const size_t mbedtls_test_ca_key_rsa_len;
+extern const char   mbedtls_test_ca_pwd_rsa[];
+extern const size_t mbedtls_test_ca_pwd_rsa_len;
+extern const char   mbedtls_test_srv_crt_rsa[];
+extern const size_t mbedtls_test_srv_crt_rsa_len;
+extern const char   mbedtls_test_srv_key_rsa[];
+extern const size_t mbedtls_test_srv_key_rsa_len;
+extern const char   mbedtls_test_cli_crt_rsa[];
+extern const size_t mbedtls_test_cli_crt_rsa_len;
+extern const char   mbedtls_test_cli_key_rsa[];
+extern const size_t mbedtls_test_cli_key_rsa_len;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* certs.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/check_config.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,540 @@
+/**
+ * \file check_config.h
+ *
+ * \brief Consistency checks for configuration options
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * It is recommended to include this file from your config.h
+ * in order to catch dependency issues early.
+ */
+
+#ifndef MBEDTLS_CHECK_CONFIG_H
+#define MBEDTLS_CHECK_CONFIG_H
+
+/*
+ * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
+ * target platforms, so not an issue, but let's just be extra sure.
+ */
+#include <limits.h>
+#if CHAR_BIT != 8
+#error "mbed TLS requires a platform with 8-bit chars"
+#endif
+
+#if defined(_WIN32)
+#if !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_C is required on Windows"
+#endif
+
+/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
+ * it would confuse config.pl. */
+#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#endif /* _WIN32 */
+
+#if defined(TARGET_LIKE_MBED) && \
+    ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
+#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
+#endif
+
+#if defined(MBEDTLS_DEPRECATED_WARNING) && \
+    !defined(__GNUC__) && !defined(__clang__)
+#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
+#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+#endif
+
+#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
+#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
+#error "MBEDTLS_DHM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C) &&            \
+    ( !defined(MBEDTLS_ECP_C) ||           \
+      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
+      !defined(MBEDTLS_ASN1_WRITE_C) )
+#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECJPAKE_C) &&           \
+    ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
+#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (   \
+    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+#error "MBEDTLS_ECP_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
+                                    !defined(MBEDTLS_SHA256_C))
+#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
+    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) &&                                            \
+    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
+    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(MBEDTLS_ENTROPY_C) && \
+    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
+#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_GCM_C) && (                                        \
+        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
+#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
+#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
+    !defined(MBEDTLS_ECDH_C)
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
+    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
+    ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) ||      \
+      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
+#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_C) && \
+    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
+#error "MBEDTLS_PK_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
+        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
+#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_FREE)
+#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
+#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
+        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
+    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
+    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
+#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
+    !defined(MBEDTLS_OID_C) )
+#error "MBEDTLS_RSA_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
+#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
+    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)  && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
+    !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
+#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
+#error "Illegal protocol selection"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
+#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
+    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#endif
+
+#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
+    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
+#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+        !defined(MBEDTLS_X509_CRT_PARSE_C)
+#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL
+#endif
+
+#if defined(MBEDTLS_THREADING_ALT)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
+#endif
+#define MBEDTLS_THREADING_IMPL
+#endif
+
+#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_C defined, single threading implementation required"
+#endif
+#undef MBEDTLS_THREADING_IMPL
+
+#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
+#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
+    !defined(MBEDTLS_PK_PARSE_C) )
+#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
+    !defined(MBEDTLS_PK_WRITE_C) )
+#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
+#endif
+
+/*
+ * Avoid warning from -pedantic. This is a convenient place for this
+ * workaround since this is included by every single file before the
+ * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
+ */
+typedef int mbedtls_iso_c_forbids_empty_translation_units;
+
+#endif /* MBEDTLS_CHECK_CONFIG_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/cipher.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,698 @@
+/**
+ * \file cipher.h
+ *
+ * \brief Generic cipher wrapper.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_CIPHER_H
+#define MBEDTLS_CIPHER_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#define MBEDTLS_CIPHER_MODE_AEAD
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_CIPHER_MODE_WITH_PADDING
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+#define MBEDTLS_CIPHER_MODE_STREAM
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE            -0x6080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA                 -0x6100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED                   -0x6180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_CIPHER_INVALID_PADDING                -0x6200  /**< Input data contains invalid padding and is rejected. */
+#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED            -0x6280  /**< Decryption of block requires a full block. */
+#define MBEDTLS_ERR_CIPHER_AUTH_FAILED                    -0x6300  /**< Authentication failed (for AEAD modes). */
+
+#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length */
+#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+    MBEDTLS_CIPHER_ID_NONE = 0,
+    MBEDTLS_CIPHER_ID_NULL,
+    MBEDTLS_CIPHER_ID_AES,
+    MBEDTLS_CIPHER_ID_DES,
+    MBEDTLS_CIPHER_ID_3DES,
+    MBEDTLS_CIPHER_ID_CAMELLIA,
+    MBEDTLS_CIPHER_ID_BLOWFISH,
+    MBEDTLS_CIPHER_ID_ARC4,
+} mbedtls_cipher_id_t;
+
+typedef enum {
+    MBEDTLS_CIPHER_NONE = 0,
+    MBEDTLS_CIPHER_NULL,
+    MBEDTLS_CIPHER_AES_128_ECB,
+    MBEDTLS_CIPHER_AES_192_ECB,
+    MBEDTLS_CIPHER_AES_256_ECB,
+    MBEDTLS_CIPHER_AES_128_CBC,
+    MBEDTLS_CIPHER_AES_192_CBC,
+    MBEDTLS_CIPHER_AES_256_CBC,
+    MBEDTLS_CIPHER_AES_128_CFB128,
+    MBEDTLS_CIPHER_AES_192_CFB128,
+    MBEDTLS_CIPHER_AES_256_CFB128,
+    MBEDTLS_CIPHER_AES_128_CTR,
+    MBEDTLS_CIPHER_AES_192_CTR,
+    MBEDTLS_CIPHER_AES_256_CTR,
+    MBEDTLS_CIPHER_AES_128_GCM,
+    MBEDTLS_CIPHER_AES_192_GCM,
+    MBEDTLS_CIPHER_AES_256_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
+    MBEDTLS_CIPHER_DES_ECB,
+    MBEDTLS_CIPHER_DES_CBC,
+    MBEDTLS_CIPHER_DES_EDE_ECB,
+    MBEDTLS_CIPHER_DES_EDE_CBC,
+    MBEDTLS_CIPHER_DES_EDE3_ECB,
+    MBEDTLS_CIPHER_DES_EDE3_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_ECB,
+    MBEDTLS_CIPHER_BLOWFISH_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_CFB64,
+    MBEDTLS_CIPHER_BLOWFISH_CTR,
+    MBEDTLS_CIPHER_ARC4_128,
+    MBEDTLS_CIPHER_AES_128_CCM,
+    MBEDTLS_CIPHER_AES_192_CCM,
+    MBEDTLS_CIPHER_AES_256_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
+} mbedtls_cipher_type_t;
+
+typedef enum {
+    MBEDTLS_MODE_NONE = 0,
+    MBEDTLS_MODE_ECB,
+    MBEDTLS_MODE_CBC,
+    MBEDTLS_MODE_CFB,
+    MBEDTLS_MODE_OFB, /* Unused! */
+    MBEDTLS_MODE_CTR,
+    MBEDTLS_MODE_GCM,
+    MBEDTLS_MODE_STREAM,
+    MBEDTLS_MODE_CCM,
+} mbedtls_cipher_mode_t;
+
+typedef enum {
+    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default)        */
+    MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding         */
+    MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding             */
+    MBEDTLS_PADDING_ZEROS,         /**< zero padding (not reversible!) */
+    MBEDTLS_PADDING_NONE,          /**< never pad (full blocks only)   */
+} mbedtls_cipher_padding_t;
+
+typedef enum {
+    MBEDTLS_OPERATION_NONE = -1,
+    MBEDTLS_DECRYPT = 0,
+    MBEDTLS_ENCRYPT,
+} mbedtls_operation_t;
+
+enum {
+    /** Undefined key length */
+    MBEDTLS_KEY_LENGTH_NONE = 0,
+    /** Key length, in bits (including parity), for DES keys */
+    MBEDTLS_KEY_LENGTH_DES  = 64,
+    /** Key length, in bits (including parity), for DES in two key EDE */
+    MBEDTLS_KEY_LENGTH_DES_EDE = 128,
+    /** Key length, in bits (including parity), for DES in three-key EDE */
+    MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
+};
+
+/** Maximum length of any IV, in bytes */
+#define MBEDTLS_MAX_IV_LENGTH      16
+/** Maximum block size of any cipher, in bytes */
+#define MBEDTLS_MAX_BLOCK_LENGTH   16
+
+/**
+ * Base cipher information (opaque struct).
+ */
+typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
+
+/**
+ * Cipher information. Allows cipher functions to be called in a generic way.
+ */
+typedef struct {
+    /** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */
+    mbedtls_cipher_type_t type;
+
+    /** Cipher mode (e.g. MBEDTLS_MODE_CBC) */
+    mbedtls_cipher_mode_t mode;
+
+    /** Cipher key length, in bits (default length for variable sized ciphers)
+     *  (Includes parity bits for ciphers like DES) */
+    unsigned int key_bitlen;
+
+    /** Name of the cipher */
+    const char * name;
+
+    /** IV/NONCE size, in bytes.
+     *  For cipher that accept many sizes: recommended size */
+    unsigned int iv_size;
+
+    /** Flags for variable IV size, variable key size, etc. */
+    int flags;
+
+    /** block size, in bytes */
+    unsigned int block_size;
+
+    /** Base cipher information and functions */
+    const mbedtls_cipher_base_t *base;
+
+} mbedtls_cipher_info_t;
+
+/**
+ * Generic cipher context.
+ */
+typedef struct {
+    /** Information about the associated cipher */
+    const mbedtls_cipher_info_t *cipher_info;
+
+    /** Key length to use */
+    int key_bitlen;
+
+    /** Operation that the context's key has been initialised for */
+    mbedtls_operation_t operation;
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+    /** Padding functions to use, if relevant for cipher mode */
+    void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
+    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+#endif
+
+    /** Buffer for data that hasn't been encrypted yet */
+    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+
+    /** Number of bytes that still need processing */
+    size_t unprocessed_len;
+
+    /** Current IV or NONCE_COUNTER for CTR-mode */
+    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
+
+    /** IV size in bytes (for ciphers with variable-length IVs) */
+    size_t iv_size;
+
+    /** Cipher-specific context */
+    void *cipher_ctx;
+} mbedtls_cipher_context_t;
+
+/**
+ * \brief Returns the list of ciphers supported by the generic cipher module.
+ *
+ * \return              a statically allocated array of ciphers, the last entry
+ *                      is 0.
+ */
+const int *mbedtls_cipher_list( void );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher name.
+ *
+ * \param cipher_name   Name of the cipher to search for.
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_name, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher type.
+ *
+ * \param cipher_type   Type of the cipher to search for.
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_type, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
+
+/**
+ * \brief               Returns the cipher information structure associated
+ *                      with the given cipher id, key size and mode.
+ *
+ * \param cipher_id     Id of the cipher to search for
+ *                      (e.g. MBEDTLS_CIPHER_ID_AES)
+ * \param key_bitlen    Length of the key in bits
+ * \param mode          Cipher mode (e.g. MBEDTLS_MODE_CBC)
+ *
+ * \return              the cipher information structure associated with the
+ *                      given cipher_type, or NULL if not found.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
+                                              int key_bitlen,
+                                              const mbedtls_cipher_mode_t mode );
+
+/**
+ * \brief               Initialize a cipher_context (as NONE)
+ */
+void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Free and clear the cipher-specific context of ctx.
+ *                      Freeing ctx itself remains the responsibility of the
+ *                      caller.
+ */
+void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
+
+/**
+ * \brief               Initialises and fills the cipher context structure with
+ *                      the appropriate values.
+ *
+ * \note                Currently also clears structure. In future versions you
+ *                      will be required to call mbedtls_cipher_init() on the structure
+ *                      first.
+ *
+ * \param ctx           context to initialise. May not be NULL.
+ * \param cipher_info   cipher to use.
+ *
+ * \return              0 on success,
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
+ *                      MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+ *                      cipher-specific context failed.
+ */
+int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
+
+/**
+ * \brief               Returns the block size of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              size of the cipher's blocks, or 0 if ctx has not been
+ *                      initialised.
+ */
+static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    return ctx->cipher_info->block_size;
+}
+
+/**
+ * \brief               Returns the mode of operation for the cipher.
+ *                      (e.g. MBEDTLS_MODE_CBC)
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              mode of operation, or MBEDTLS_MODE_NONE if ctx
+ *                      has not been initialised.
+ */
+static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_MODE_NONE;
+
+    return ctx->cipher_info->mode;
+}
+
+/**
+ * \brief               Returns the size of the cipher's IV/NONCE in bytes.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              If IV has not been set yet: (recommended) IV size
+ *                      (0 for ciphers not using IV/NONCE).
+ *                      If IV has already been set: actual size.
+ */
+static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    if( ctx->iv_size != 0 )
+        return (int) ctx->iv_size;
+
+    return (int) ctx->cipher_info->iv_size;
+}
+
+/**
+ * \brief               Returns the type of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has
+ *                      not been initialised.
+ */
+static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_CIPHER_NONE;
+
+    return ctx->cipher_info->type;
+}
+
+/**
+ * \brief               Returns the name of the given cipher, as a string.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              name of the cipher, or NULL if ctx was not initialised.
+ */
+static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return 0;
+
+    return ctx->cipher_info->name;
+}
+
+/**
+ * \brief               Returns the key length of the cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              cipher's key length, in bits, or
+ *                      MBEDTLS_KEY_LENGTH_NONE if ctx has not been
+ *                      initialised.
+ */
+static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_KEY_LENGTH_NONE;
+
+    return (int) ctx->cipher_info->key_bitlen;
+}
+
+/**
+ * \brief               Returns the operation of the given cipher.
+ *
+ * \param ctx           cipher's context. Must have been initialised.
+ *
+ * \return              operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT),
+ *                      or MBEDTLS_OPERATION_NONE if ctx has not been
+ *                      initialised.
+ */
+static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return MBEDTLS_OPERATION_NONE;
+
+    return ctx->operation;
+}
+
+/**
+ * \brief               Set the key to use with the given context.
+ *
+ * \param ctx           generic cipher context. May not be NULL. Must have been
+ *                      initialised using cipher_context_from_type or
+ *                      cipher_context_from_string.
+ * \param key           The key to use.
+ * \param key_bitlen    key length to use, in bits.
+ * \param operation     Operation that the key will be used for, either
+ *                      MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails or a cipher specific
+ *                      error code.
+ */
+int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
+                   int key_bitlen, const mbedtls_operation_t operation );
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+/**
+ * \brief               Set padding mode, for cipher modes that use padding.
+ *                      (Default: PKCS7 padding.)
+ *
+ * \param ctx           generic cipher context
+ * \param mode          padding mode
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+ *                      if selected padding mode is not supported, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+ *                      does not support padding.
+ */
+int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
+/**
+ * \brief               Set the initialization vector (IV) or nonce
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ *
+ * \returns             0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+ *
+ * \note                Some ciphers don't use IVs nor NONCE. For these
+ *                      ciphers, this function has no effect.
+ */
+int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
+                   const unsigned char *iv, size_t iv_len );
+
+/**
+ * \brief               Finish preparation of the given context
+ *
+ * \param ctx           generic cipher context
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+ *                      if parameter verification fails.
+ */
+int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
+
+#if defined(MBEDTLS_GCM_C)
+/**
+ * \brief               Add additional data (for AEAD ciphers).
+ *                      Currently only supported with GCM.
+ *                      Must be called exactly once, after mbedtls_cipher_reset().
+ *
+ * \param ctx           generic cipher context
+ * \param ad            Additional data to use.
+ * \param ad_len        Length of ad.
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *ad, size_t ad_len );
+#endif /* MBEDTLS_GCM_C */
+
+/**
+ * \brief               Generic cipher update function. Encrypts/decrypts
+ *                      using the given cipher context. Writes as many block
+ *                      size'd blocks of data as possible to output. Any data
+ *                      that cannot be written immediately will either be added
+ *                      to the next block, or flushed when cipher_final is
+ *                      called.
+ *                      Exception: for MBEDTLS_MODE_ECB, expects single block
+ *                                 in size (e.g. 16 bytes for AES)
+ *
+ * \param ctx           generic cipher context
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data. Should be able to hold at
+ *                      least ilen + block_size. Cannot be the same buffer as
+ *                      input!
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails,
+ *                      MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+ *                      unsupported mode for a cipher or a cipher specific
+ *                      error code.
+ *
+ * \note                If the underlying cipher is GCM, all calls to this
+ *                      function, except the last one before mbedtls_cipher_finish(),
+ *                      must have ilen a multiple of the block size.
+ */
+int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
+                   size_t ilen, unsigned char *output, size_t *olen );
+
+/**
+ * \brief               Generic cipher finalisation function. If data still
+ *                      needs to be flushed from an incomplete block, data
+ *                      contained within it will be padded with the size of
+ *                      the last block, and written to the output buffer.
+ *
+ * \param ctx           Generic cipher context
+ * \param output        buffer to write data to. Needs block_size available.
+ * \param olen          length of the data written to the output buffer.
+ *
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
+ *                      parameter verification fails,
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      expected a full block but was not provided one,
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      while decrypting or a cipher specific error code.
+ */
+int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
+                   unsigned char *output, size_t *olen );
+
+#if defined(MBEDTLS_GCM_C)
+/**
+ * \brief               Write tag for AEAD ciphers.
+ *                      Currently only supported with GCM.
+ *                      Must be called after mbedtls_cipher_finish().
+ *
+ * \param ctx           Generic cipher context
+ * \param tag           buffer to write the tag
+ * \param tag_len       Length of the tag to write
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
+                      unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief               Check tag for AEAD ciphers.
+ *                      Currently only supported with GCM.
+ *                      Must be called after mbedtls_cipher_finish().
+ *
+ * \param ctx           Generic cipher context
+ * \param tag           Buffer holding the tag
+ * \param tag_len       Length of the tag to check
+ *
+ * \return              0 on success, or a specific error code.
+ */
+int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *tag, size_t tag_len );
+#endif /* MBEDTLS_GCM_C */
+
+/**
+ * \brief               Generic all-in-one encryption/decryption
+ *                      (for all ciphers except AEAD constructs).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data. Should be able to hold at
+ *                      least ilen + block_size. Cannot be the same buffer as
+ *                      input!
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ *
+ * \note                Some ciphers don't use IVs nor NONCE. For these
+ *                      ciphers, use iv = NULL and iv_len = 0.
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      expected a full block but was not provided one, or
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      while decrypting, or
+ *                      a cipher specific error code.
+ */
+int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
+                  const unsigned char *iv, size_t iv_len,
+                  const unsigned char *input, size_t ilen,
+                  unsigned char *output, size_t *olen );
+
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
+/**
+ * \brief               Generic autenticated encryption (AEAD ciphers).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param ad            Additional data to authenticate.
+ * \param ad_len        Length of ad.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data.
+ *                      Should be able to hold at least ilen.
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ * \param tag           buffer for the authentication tag
+ * \param tag_len       desired tag length
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      a cipher specific error code.
+ */
+int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         unsigned char *tag, size_t tag_len );
+
+/**
+ * \brief               Generic autenticated decryption (AEAD ciphers).
+ *
+ * \param ctx           generic cipher context
+ * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
+ * \param ad            Additional data to be authenticated.
+ * \param ad_len        Length of ad.
+ * \param input         buffer holding the input data
+ * \param ilen          length of the input data
+ * \param output        buffer for the output data.
+ *                      Should be able to hold at least ilen.
+ * \param olen          length of the output data, will be filled with the
+ *                      actual number of bytes written.
+ * \param tag           buffer holding the authentication tag
+ * \param tag_len       length of the authentication tag
+ *
+ * \returns             0 on success, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
+ *                      or a cipher specific error code.
+ *
+ * \note                If the data is not authentic, then the output buffer
+ *                      is zeroed out to prevent the unauthentic plaintext to
+ *                      be used by mistake, making this interface safer.
+ */
+int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         const unsigned char *tag, size_t tag_len );
+#endif /* MBEDTLS_CIPHER_MODE_AEAD */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CIPHER_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/cipher_internal.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,109 @@
+/**
+ * \file cipher_internal.h
+ *
+ * \brief Cipher wrappers.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CIPHER_WRAP_H
+#define MBEDTLS_CIPHER_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "cipher.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Base cipher information. The non-mode specific functions and values.
+ */
+struct mbedtls_cipher_base_t
+{
+    /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
+    mbedtls_cipher_id_t cipher;
+
+    /** Encrypt using ECB */
+    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
+                     const unsigned char *input, unsigned char *output );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    /** Encrypt using CBC */
+    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
+                     unsigned char *iv, const unsigned char *input,
+                     unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    /** Encrypt using CFB (Full length) */
+    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
+                     unsigned char *iv, const unsigned char *input,
+                     unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    /** Encrypt using CTR */
+    int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
+                     unsigned char *nonce_counter, unsigned char *stream_block,
+                     const unsigned char *input, unsigned char *output );
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    /** Encrypt using STREAM */
+    int (*stream_func)( void *ctx, size_t length,
+                        const unsigned char *input, unsigned char *output );
+#endif
+
+    /** Set key for encryption purposes */
+    int (*setkey_enc_func)( void *ctx, const unsigned char *key,
+                            unsigned int key_bitlen );
+
+    /** Set key for decryption purposes */
+    int (*setkey_dec_func)( void *ctx, const unsigned char *key,
+                            unsigned int key_bitlen);
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+};
+
+typedef struct
+{
+    mbedtls_cipher_type_t type;
+    const mbedtls_cipher_info_t *info;
+} mbedtls_cipher_definition_t;
+
+extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
+
+extern int mbedtls_cipher_supported[];
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_CIPHER_WRAP_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/compat-1.3.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2633 @@
+/**
+ * \file config.h
+ *
+ * \brief Compatibility names (set of defines)
+ *
+ * \deprecated Use the new names directly instead
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Including compat-1.3.h is deprecated"
+#endif
+
+#ifndef MBEDTLS_COMPAT13_H
+#define MBEDTLS_COMPAT13_H
+
+/*
+ * config.h options
+ */
+#if defined MBEDTLS_AESNI_C
+#define POLARSSL_AESNI_C MBEDTLS_AESNI_C
+#endif
+#if defined MBEDTLS_AES_ALT
+#define POLARSSL_AES_ALT MBEDTLS_AES_ALT
+#endif
+#if defined MBEDTLS_AES_C
+#define POLARSSL_AES_C MBEDTLS_AES_C
+#endif
+#if defined MBEDTLS_AES_ROM_TABLES
+#define POLARSSL_AES_ROM_TABLES MBEDTLS_AES_ROM_TABLES
+#endif
+#if defined MBEDTLS_ARC4_ALT
+#define POLARSSL_ARC4_ALT MBEDTLS_ARC4_ALT
+#endif
+#if defined MBEDTLS_ARC4_C
+#define POLARSSL_ARC4_C MBEDTLS_ARC4_C
+#endif
+#if defined MBEDTLS_ASN1_PARSE_C
+#define POLARSSL_ASN1_PARSE_C MBEDTLS_ASN1_PARSE_C
+#endif
+#if defined MBEDTLS_ASN1_WRITE_C
+#define POLARSSL_ASN1_WRITE_C MBEDTLS_ASN1_WRITE_C
+#endif
+#if defined MBEDTLS_BASE64_C
+#define POLARSSL_BASE64_C MBEDTLS_BASE64_C
+#endif
+#if defined MBEDTLS_BIGNUM_C
+#define POLARSSL_BIGNUM_C MBEDTLS_BIGNUM_C
+#endif
+#if defined MBEDTLS_BLOWFISH_ALT
+#define POLARSSL_BLOWFISH_ALT MBEDTLS_BLOWFISH_ALT
+#endif
+#if defined MBEDTLS_BLOWFISH_C
+#define POLARSSL_BLOWFISH_C MBEDTLS_BLOWFISH_C
+#endif
+#if defined MBEDTLS_CAMELLIA_ALT
+#define POLARSSL_CAMELLIA_ALT MBEDTLS_CAMELLIA_ALT
+#endif
+#if defined MBEDTLS_CAMELLIA_C
+#define POLARSSL_CAMELLIA_C MBEDTLS_CAMELLIA_C
+#endif
+#if defined MBEDTLS_CAMELLIA_SMALL_MEMORY
+#define POLARSSL_CAMELLIA_SMALL_MEMORY MBEDTLS_CAMELLIA_SMALL_MEMORY
+#endif
+#if defined MBEDTLS_CCM_C
+#define POLARSSL_CCM_C MBEDTLS_CCM_C
+#endif
+#if defined MBEDTLS_CERTS_C
+#define POLARSSL_CERTS_C MBEDTLS_CERTS_C
+#endif
+#if defined MBEDTLS_CIPHER_C
+#define POLARSSL_CIPHER_C MBEDTLS_CIPHER_C
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CBC
+#define POLARSSL_CIPHER_MODE_CBC MBEDTLS_CIPHER_MODE_CBC
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CFB
+#define POLARSSL_CIPHER_MODE_CFB MBEDTLS_CIPHER_MODE_CFB
+#endif
+#if defined MBEDTLS_CIPHER_MODE_CTR
+#define POLARSSL_CIPHER_MODE_CTR MBEDTLS_CIPHER_MODE_CTR
+#endif
+#if defined MBEDTLS_CIPHER_NULL_CIPHER
+#define POLARSSL_CIPHER_NULL_CIPHER MBEDTLS_CIPHER_NULL_CIPHER
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_PKCS7
+#define POLARSSL_CIPHER_PADDING_PKCS7 MBEDTLS_CIPHER_PADDING_PKCS7
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ZEROS
+#define POLARSSL_CIPHER_PADDING_ZEROS MBEDTLS_CIPHER_PADDING_ZEROS
+#endif
+#if defined MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#endif
+#if defined MBEDTLS_CTR_DRBG_C
+#define POLARSSL_CTR_DRBG_C MBEDTLS_CTR_DRBG_C
+#endif
+#if defined MBEDTLS_DEBUG_C
+#define POLARSSL_DEBUG_C MBEDTLS_DEBUG_C
+#endif
+#if defined MBEDTLS_DEPRECATED_REMOVED
+#define POLARSSL_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
+#endif
+#if defined MBEDTLS_DEPRECATED_WARNING
+#define POLARSSL_DEPRECATED_WARNING MBEDTLS_DEPRECATED_WARNING
+#endif
+#if defined MBEDTLS_DES_ALT
+#define POLARSSL_DES_ALT MBEDTLS_DES_ALT
+#endif
+#if defined MBEDTLS_DES_C
+#define POLARSSL_DES_C MBEDTLS_DES_C
+#endif
+#if defined MBEDTLS_DHM_C
+#define POLARSSL_DHM_C MBEDTLS_DHM_C
+#endif
+#if defined MBEDTLS_ECDH_C
+#define POLARSSL_ECDH_C MBEDTLS_ECDH_C
+#endif
+#if defined MBEDTLS_ECDSA_C
+#define POLARSSL_ECDSA_C MBEDTLS_ECDSA_C
+#endif
+#if defined MBEDTLS_ECDSA_DETERMINISTIC
+#define POLARSSL_ECDSA_DETERMINISTIC MBEDTLS_ECDSA_DETERMINISTIC
+#endif
+#if defined MBEDTLS_ECP_C
+#define POLARSSL_ECP_C MBEDTLS_ECP_C
+#endif
+#if defined MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define POLARSSL_ECP_DP_BP256R1_ENABLED MBEDTLS_ECP_DP_BP256R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define POLARSSL_ECP_DP_BP384R1_ENABLED MBEDTLS_ECP_DP_BP384R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define POLARSSL_ECP_DP_BP512R1_ENABLED MBEDTLS_ECP_DP_BP512R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define POLARSSL_ECP_DP_M255_ENABLED MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define POLARSSL_ECP_DP_SECP192K1_ENABLED MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define POLARSSL_ECP_DP_SECP192R1_ENABLED MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define POLARSSL_ECP_DP_SECP224K1_ENABLED MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define POLARSSL_ECP_DP_SECP224R1_ENABLED MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define POLARSSL_ECP_DP_SECP256K1_ENABLED MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define POLARSSL_ECP_DP_SECP256R1_ENABLED MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define POLARSSL_ECP_DP_SECP384R1_ENABLED MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define POLARSSL_ECP_DP_SECP521R1_ENABLED MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#endif
+#if defined MBEDTLS_ECP_FIXED_POINT_OPTIM
+#define POLARSSL_ECP_FIXED_POINT_OPTIM MBEDTLS_ECP_FIXED_POINT_OPTIM
+#endif
+#if defined MBEDTLS_ECP_MAX_BITS
+#define POLARSSL_ECP_MAX_BITS MBEDTLS_ECP_MAX_BITS
+#endif
+#if defined MBEDTLS_ECP_NIST_OPTIM
+#define POLARSSL_ECP_NIST_OPTIM MBEDTLS_ECP_NIST_OPTIM
+#endif
+#if defined MBEDTLS_ECP_WINDOW_SIZE
+#define POLARSSL_ECP_WINDOW_SIZE MBEDTLS_ECP_WINDOW_SIZE
+#endif
+#if defined MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+#define POLARSSL_ENABLE_WEAK_CIPHERSUITES MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+#endif
+#if defined MBEDTLS_ENTROPY_C
+#define POLARSSL_ENTROPY_C MBEDTLS_ENTROPY_C
+#endif
+#if defined MBEDTLS_ENTROPY_FORCE_SHA256
+#define POLARSSL_ENTROPY_FORCE_SHA256 MBEDTLS_ENTROPY_FORCE_SHA256
+#endif
+#if defined MBEDTLS_ERROR_C
+#define POLARSSL_ERROR_C MBEDTLS_ERROR_C
+#endif
+#if defined MBEDTLS_ERROR_STRERROR_BC
+#define POLARSSL_ERROR_STRERROR_BC MBEDTLS_ERROR_STRERROR_BC
+#endif
+#if defined MBEDTLS_ERROR_STRERROR_DUMMY
+#define POLARSSL_ERROR_STRERROR_DUMMY MBEDTLS_ERROR_STRERROR_DUMMY
+#endif
+#if defined MBEDTLS_FS_IO
+#define POLARSSL_FS_IO MBEDTLS_FS_IO
+#endif
+#if defined MBEDTLS_GCM_C
+#define POLARSSL_GCM_C MBEDTLS_GCM_C
+#endif
+#if defined MBEDTLS_GENPRIME
+#define POLARSSL_GENPRIME MBEDTLS_GENPRIME
+#endif
+#if defined MBEDTLS_HAVEGE_C
+#define POLARSSL_HAVEGE_C MBEDTLS_HAVEGE_C
+#endif
+#if defined MBEDTLS_HAVE_ASM
+#define POLARSSL_HAVE_ASM MBEDTLS_HAVE_ASM
+#endif
+#if defined MBEDTLS_HAVE_SSE2
+#define POLARSSL_HAVE_SSE2 MBEDTLS_HAVE_SSE2
+#endif
+#if defined MBEDTLS_HAVE_TIME
+#define POLARSSL_HAVE_TIME MBEDTLS_HAVE_TIME
+#endif
+#if defined MBEDTLS_HMAC_DRBG_C
+#define POLARSSL_HMAC_DRBG_C MBEDTLS_HMAC_DRBG_C
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_INPUT
+#define POLARSSL_HMAC_DRBG_MAX_INPUT MBEDTLS_HMAC_DRBG_MAX_INPUT
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#define POLARSSL_HMAC_DRBG_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#endif
+#if defined MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
+#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
+#endif
+#if defined MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#endif
+#if defined MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#endif
+#if defined MBEDTLS_MD2_ALT
+#define POLARSSL_MD2_ALT MBEDTLS_MD2_ALT
+#endif
+#if defined MBEDTLS_MD2_C
+#define POLARSSL_MD2_C MBEDTLS_MD2_C
+#endif
+#if defined MBEDTLS_MD2_PROCESS_ALT
+#define POLARSSL_MD2_PROCESS_ALT MBEDTLS_MD2_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD4_ALT
+#define POLARSSL_MD4_ALT MBEDTLS_MD4_ALT
+#endif
+#if defined MBEDTLS_MD4_C
+#define POLARSSL_MD4_C MBEDTLS_MD4_C
+#endif
+#if defined MBEDTLS_MD4_PROCESS_ALT
+#define POLARSSL_MD4_PROCESS_ALT MBEDTLS_MD4_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD5_ALT
+#define POLARSSL_MD5_ALT MBEDTLS_MD5_ALT
+#endif
+#if defined MBEDTLS_MD5_C
+#define POLARSSL_MD5_C MBEDTLS_MD5_C
+#endif
+#if defined MBEDTLS_MD5_PROCESS_ALT
+#define POLARSSL_MD5_PROCESS_ALT MBEDTLS_MD5_PROCESS_ALT
+#endif
+#if defined MBEDTLS_MD_C
+#define POLARSSL_MD_C MBEDTLS_MD_C
+#endif
+#if defined MBEDTLS_MEMORY_ALIGN_MULTIPLE
+#define POLARSSL_MEMORY_ALIGN_MULTIPLE MBEDTLS_MEMORY_ALIGN_MULTIPLE
+#endif
+#if defined MBEDTLS_MEMORY_BACKTRACE
+#define POLARSSL_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
+#endif
+#if defined MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#define POLARSSL_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
+#endif
+#if defined MBEDTLS_MEMORY_C
+#define POLARSSL_MEMORY_C MBEDTLS_MEMORY_C
+#endif
+#if defined MBEDTLS_MEMORY_DEBUG
+#define POLARSSL_MEMORY_DEBUG MBEDTLS_MEMORY_DEBUG
+#endif
+#if defined MBEDTLS_MPI_MAX_SIZE
+#define POLARSSL_MPI_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+#if defined MBEDTLS_MPI_WINDOW_SIZE
+#define POLARSSL_MPI_WINDOW_SIZE MBEDTLS_MPI_WINDOW_SIZE
+#endif
+#if defined MBEDTLS_NET_C
+#define POLARSSL_NET_C MBEDTLS_NET_C
+#endif
+#if defined MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#endif
+#if defined MBEDTLS_NO_PLATFORM_ENTROPY
+#define POLARSSL_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
+#endif
+#if defined MBEDTLS_OID_C
+#define POLARSSL_OID_C MBEDTLS_OID_C
+#endif
+#if defined MBEDTLS_PADLOCK_C
+#define POLARSSL_PADLOCK_C MBEDTLS_PADLOCK_C
+#endif
+#if defined MBEDTLS_PBKDF2_C
+#define POLARSSL_PBKDF2_C MBEDTLS_PBKDF2_C
+#endif
+#if defined MBEDTLS_PEM_PARSE_C
+#define POLARSSL_PEM_PARSE_C MBEDTLS_PEM_PARSE_C
+#endif
+#if defined MBEDTLS_PEM_WRITE_C
+#define POLARSSL_PEM_WRITE_C MBEDTLS_PEM_WRITE_C
+#endif
+#if defined MBEDTLS_PKCS11_C
+#define POLARSSL_PKCS11_C MBEDTLS_PKCS11_C
+#endif
+#if defined MBEDTLS_PKCS12_C
+#define POLARSSL_PKCS12_C MBEDTLS_PKCS12_C
+#endif
+#if defined MBEDTLS_PKCS1_V15
+#define POLARSSL_PKCS1_V15 MBEDTLS_PKCS1_V15
+#endif
+#if defined MBEDTLS_PKCS1_V21
+#define POLARSSL_PKCS1_V21 MBEDTLS_PKCS1_V21
+#endif
+#if defined MBEDTLS_PKCS5_C
+#define POLARSSL_PKCS5_C MBEDTLS_PKCS5_C
+#endif
+#if defined MBEDTLS_PK_C
+#define POLARSSL_PK_C MBEDTLS_PK_C
+#endif
+#if defined MBEDTLS_PK_PARSE_C
+#define POLARSSL_PK_PARSE_C MBEDTLS_PK_PARSE_C
+#endif
+#if defined MBEDTLS_PK_PARSE_EC_EXTENDED
+#define POLARSSL_PK_PARSE_EC_EXTENDED MBEDTLS_PK_PARSE_EC_EXTENDED
+#endif
+#if defined MBEDTLS_PK_RSA_ALT_SUPPORT
+#define POLARSSL_PK_RSA_ALT_SUPPORT MBEDTLS_PK_RSA_ALT_SUPPORT
+#endif
+#if defined MBEDTLS_PK_WRITE_C
+#define POLARSSL_PK_WRITE_C MBEDTLS_PK_WRITE_C
+#endif
+#if defined MBEDTLS_PLATFORM_C
+#define POLARSSL_PLATFORM_C MBEDTLS_PLATFORM_C
+#endif
+#if defined MBEDTLS_PLATFORM_EXIT_ALT
+#define POLARSSL_PLATFORM_EXIT_ALT MBEDTLS_PLATFORM_EXIT_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_EXIT_MACRO
+#define POLARSSL_PLATFORM_EXIT_MACRO MBEDTLS_PLATFORM_EXIT_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_FPRINTF_ALT
+#define POLARSSL_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_FPRINTF_MACRO
+#define POLARSSL_PLATFORM_FPRINTF_MACRO MBEDTLS_PLATFORM_FPRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_FREE_MACRO
+#define POLARSSL_PLATFORM_FREE_MACRO MBEDTLS_PLATFORM_FREE_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_MEMORY
+#define POLARSSL_PLATFORM_MEMORY MBEDTLS_PLATFORM_MEMORY
+#endif
+#if defined MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+#endif
+#if defined MBEDTLS_PLATFORM_PRINTF_ALT
+#define POLARSSL_PLATFORM_PRINTF_ALT MBEDTLS_PLATFORM_PRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_PRINTF_MACRO
+#define POLARSSL_PLATFORM_PRINTF_MACRO MBEDTLS_PLATFORM_PRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_SNPRINTF_ALT
+#define POLARSSL_PLATFORM_SNPRINTF_ALT MBEDTLS_PLATFORM_SNPRINTF_ALT
+#endif
+#if defined MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#define POLARSSL_PLATFORM_SNPRINTF_MACRO MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#endif
+#if defined MBEDTLS_PLATFORM_STD_EXIT
+#define POLARSSL_PLATFORM_STD_EXIT MBEDTLS_PLATFORM_STD_EXIT
+#endif
+#if defined MBEDTLS_PLATFORM_STD_FPRINTF
+#define POLARSSL_PLATFORM_STD_FPRINTF MBEDTLS_PLATFORM_STD_FPRINTF
+#endif
+#if defined MBEDTLS_PLATFORM_STD_FREE
+#define POLARSSL_PLATFORM_STD_FREE MBEDTLS_PLATFORM_STD_FREE
+#endif
+#if defined MBEDTLS_PLATFORM_STD_MALLOC
+#define POLARSSL_PLATFORM_STD_MALLOC MBEDTLS_PLATFORM_STD_MALLOC
+#endif
+#if defined MBEDTLS_PLATFORM_STD_MEM_HDR
+#define POLARSSL_PLATFORM_STD_MEM_HDR MBEDTLS_PLATFORM_STD_MEM_HDR
+#endif
+#if defined MBEDTLS_PLATFORM_STD_PRINTF
+#define POLARSSL_PLATFORM_STD_PRINTF MBEDTLS_PLATFORM_STD_PRINTF
+#endif
+#if defined MBEDTLS_PLATFORM_STD_SNPRINTF
+#define POLARSSL_PLATFORM_STD_SNPRINTF MBEDTLS_PLATFORM_STD_SNPRINTF
+#endif
+#if defined MBEDTLS_PSK_MAX_LEN
+#define POLARSSL_PSK_MAX_LEN MBEDTLS_PSK_MAX_LEN
+#endif
+#if defined MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#define POLARSSL_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#endif
+#if defined MBEDTLS_RIPEMD160_ALT
+#define POLARSSL_RIPEMD160_ALT MBEDTLS_RIPEMD160_ALT
+#endif
+#if defined MBEDTLS_RIPEMD160_C
+#define POLARSSL_RIPEMD160_C MBEDTLS_RIPEMD160_C
+#endif
+#if defined MBEDTLS_RIPEMD160_PROCESS_ALT
+#define POLARSSL_RIPEMD160_PROCESS_ALT MBEDTLS_RIPEMD160_PROCESS_ALT
+#endif
+#if defined MBEDTLS_RSA_C
+#define POLARSSL_RSA_C MBEDTLS_RSA_C
+#endif
+#if defined MBEDTLS_RSA_NO_CRT
+#define POLARSSL_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
+#endif
+#if defined MBEDTLS_SELF_TEST
+#define POLARSSL_SELF_TEST MBEDTLS_SELF_TEST
+#endif
+#if defined MBEDTLS_SHA1_ALT
+#define POLARSSL_SHA1_ALT MBEDTLS_SHA1_ALT
+#endif
+#if defined MBEDTLS_SHA1_C
+#define POLARSSL_SHA1_C MBEDTLS_SHA1_C
+#endif
+#if defined MBEDTLS_SHA1_PROCESS_ALT
+#define POLARSSL_SHA1_PROCESS_ALT MBEDTLS_SHA1_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SHA256_ALT
+#define POLARSSL_SHA256_ALT MBEDTLS_SHA256_ALT
+#endif
+#if defined MBEDTLS_SHA256_C
+#define POLARSSL_SHA256_C MBEDTLS_SHA256_C
+#endif
+#if defined MBEDTLS_SHA256_PROCESS_ALT
+#define POLARSSL_SHA256_PROCESS_ALT MBEDTLS_SHA256_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SHA512_ALT
+#define POLARSSL_SHA512_ALT MBEDTLS_SHA512_ALT
+#endif
+#if defined MBEDTLS_SHA512_C
+#define POLARSSL_SHA512_C MBEDTLS_SHA512_C
+#endif
+#if defined MBEDTLS_SHA512_PROCESS_ALT
+#define POLARSSL_SHA512_PROCESS_ALT MBEDTLS_SHA512_PROCESS_ALT
+#endif
+#if defined MBEDTLS_SSL_AEAD_RANDOM_IV
+#define POLARSSL_SSL_AEAD_RANDOM_IV MBEDTLS_SSL_AEAD_RANDOM_IV
+#endif
+#if defined MBEDTLS_SSL_ALERT_MESSAGES
+#define POLARSSL_SSL_ALERT_MESSAGES MBEDTLS_SSL_ALERT_MESSAGES
+#endif
+#if defined MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#define POLARSSL_SSL_ALL_ALERT_MESSAGES MBEDTLS_SSL_ALL_ALERT_MESSAGES
+#endif
+#if defined MBEDTLS_SSL_ALPN
+#define POLARSSL_SSL_ALPN MBEDTLS_SSL_ALPN
+#endif
+#if defined MBEDTLS_SSL_CACHE_C
+#define POLARSSL_SSL_CACHE_C MBEDTLS_SSL_CACHE_C
+#endif
+#if defined MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#define POLARSSL_SSL_CBC_RECORD_SPLITTING MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#endif
+#if defined MBEDTLS_SSL_CLI_C
+#define POLARSSL_SSL_CLI_C MBEDTLS_SSL_CLI_C
+#endif
+#if defined MBEDTLS_SSL_COOKIE_C
+#define POLARSSL_SSL_COOKIE_C MBEDTLS_SSL_COOKIE_C
+#endif
+#if defined MBEDTLS_SSL_COOKIE_TIMEOUT
+#define POLARSSL_SSL_COOKIE_TIMEOUT MBEDTLS_SSL_COOKIE_TIMEOUT
+#endif
+#if defined MBEDTLS_SSL_DEBUG_ALL
+#define POLARSSL_SSL_DEBUG_ALL MBEDTLS_SSL_DEBUG_ALL
+#endif
+#if defined MBEDTLS_SSL_DISABLE_RENEGOTIATION
+#define POLARSSL_SSL_DISABLE_RENEGOTIATION MBEDTLS_SSL_DISABLE_RENEGOTIATION
+#endif
+#if defined MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define POLARSSL_SSL_DTLS_ANTI_REPLAY MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#endif
+#if defined MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#define POLARSSL_SSL_DTLS_BADMAC_LIMIT MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#endif
+#if defined MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define POLARSSL_SSL_DTLS_HELLO_VERIFY MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#endif
+#if defined MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#define POLARSSL_SSL_ENCRYPT_THEN_MAC MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#endif
+#if defined MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#define POLARSSL_SSL_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#endif
+#if defined MBEDTLS_SSL_FALLBACK_SCSV
+#define POLARSSL_SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
+#endif
+#if defined MBEDTLS_SSL_HW_RECORD_ACCEL
+#define POLARSSL_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
+#endif
+#if defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#endif
+#if defined MBEDTLS_SSL_PROTO_DTLS
+#define POLARSSL_SSL_PROTO_DTLS MBEDTLS_SSL_PROTO_DTLS
+#endif
+#if defined MBEDTLS_SSL_PROTO_SSL3
+#define POLARSSL_SSL_PROTO_SSL3 MBEDTLS_SSL_PROTO_SSL3
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1
+#define POLARSSL_SSL_PROTO_TLS1 MBEDTLS_SSL_PROTO_TLS1
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1_1
+#define POLARSSL_SSL_PROTO_TLS1_1 MBEDTLS_SSL_PROTO_TLS1_1
+#endif
+#if defined MBEDTLS_SSL_PROTO_TLS1_2
+#define POLARSSL_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_2
+#endif
+#if defined MBEDTLS_SSL_RENEGOTIATION
+#define POLARSSL_SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
+#endif
+#if defined MBEDTLS_SSL_SERVER_NAME_INDICATION
+#define POLARSSL_SSL_SERVER_NAME_INDICATION MBEDTLS_SSL_SERVER_NAME_INDICATION
+#endif
+#if defined MBEDTLS_SSL_SESSION_TICKETS
+#define POLARSSL_SSL_SESSION_TICKETS MBEDTLS_SSL_SESSION_TICKETS
+#endif
+#if defined MBEDTLS_SSL_SRV_C
+#define POLARSSL_SSL_SRV_C MBEDTLS_SSL_SRV_C
+#endif
+#if defined MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#endif
+#if defined MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+#endif
+#if defined MBEDTLS_SSL_TLS_C
+#define POLARSSL_SSL_TLS_C MBEDTLS_SSL_TLS_C
+#endif
+#if defined MBEDTLS_SSL_TRUNCATED_HMAC
+#define POLARSSL_SSL_TRUNCATED_HMAC MBEDTLS_SSL_TRUNCATED_HMAC
+#endif
+#if defined MBEDTLS_THREADING_ALT
+#define POLARSSL_THREADING_ALT MBEDTLS_THREADING_ALT
+#endif
+#if defined MBEDTLS_THREADING_C
+#define POLARSSL_THREADING_C MBEDTLS_THREADING_C
+#endif
+#if defined MBEDTLS_THREADING_PTHREAD
+#define POLARSSL_THREADING_PTHREAD MBEDTLS_THREADING_PTHREAD
+#endif
+#if defined MBEDTLS_TIMING_ALT
+#define POLARSSL_TIMING_ALT MBEDTLS_TIMING_ALT
+#endif
+#if defined MBEDTLS_TIMING_C
+#define POLARSSL_TIMING_C MBEDTLS_TIMING_C
+#endif
+#if defined MBEDTLS_VERSION_C
+#define POLARSSL_VERSION_C MBEDTLS_VERSION_C
+#endif
+#if defined MBEDTLS_VERSION_FEATURES
+#define POLARSSL_VERSION_FEATURES MBEDTLS_VERSION_FEATURES
+#endif
+#if defined MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+#endif
+#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+#endif
+#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+#endif
+#if defined MBEDTLS_X509_CHECK_KEY_USAGE
+#define POLARSSL_X509_CHECK_KEY_USAGE MBEDTLS_X509_CHECK_KEY_USAGE
+#endif
+#if defined MBEDTLS_X509_CREATE_C
+#define POLARSSL_X509_CREATE_C MBEDTLS_X509_CREATE_C
+#endif
+#if defined MBEDTLS_X509_CRL_PARSE_C
+#define POLARSSL_X509_CRL_PARSE_C MBEDTLS_X509_CRL_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CRT_PARSE_C
+#define POLARSSL_X509_CRT_PARSE_C MBEDTLS_X509_CRT_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CRT_WRITE_C
+#define POLARSSL_X509_CRT_WRITE_C MBEDTLS_X509_CRT_WRITE_C
+#endif
+#if defined MBEDTLS_X509_CSR_PARSE_C
+#define POLARSSL_X509_CSR_PARSE_C MBEDTLS_X509_CSR_PARSE_C
+#endif
+#if defined MBEDTLS_X509_CSR_WRITE_C
+#define POLARSSL_X509_CSR_WRITE_C MBEDTLS_X509_CSR_WRITE_C
+#endif
+#if defined MBEDTLS_X509_MAX_INTERMEDIATE_CA
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA MBEDTLS_X509_MAX_INTERMEDIATE_CA
+#endif
+#if defined MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#define POLARSSL_X509_RSASSA_PSS_SUPPORT MBEDTLS_X509_RSASSA_PSS_SUPPORT
+#endif
+#if defined MBEDTLS_X509_USE_C
+#define POLARSSL_X509_USE_C MBEDTLS_X509_USE_C
+#endif
+#if defined MBEDTLS_XTEA_ALT
+#define POLARSSL_XTEA_ALT MBEDTLS_XTEA_ALT
+#endif
+#if defined MBEDTLS_XTEA_C
+#define POLARSSL_XTEA_C MBEDTLS_XTEA_C
+#endif
+#if defined MBEDTLS_ZLIB_SUPPORT
+#define POLARSSL_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
+#endif
+
+/*
+ * Misc names (macros, types, functions, enum constants...)
+ */
+#define AES_DECRYPT MBEDTLS_AES_DECRYPT
+#define AES_ENCRYPT MBEDTLS_AES_ENCRYPT
+#define ASN1_BIT_STRING MBEDTLS_ASN1_BIT_STRING
+#define ASN1_BMP_STRING MBEDTLS_ASN1_BMP_STRING
+#define ASN1_BOOLEAN MBEDTLS_ASN1_BOOLEAN
+#define ASN1_CHK_ADD MBEDTLS_ASN1_CHK_ADD
+#define ASN1_CONSTRUCTED MBEDTLS_ASN1_CONSTRUCTED
+#define ASN1_CONTEXT_SPECIFIC MBEDTLS_ASN1_CONTEXT_SPECIFIC
+#define ASN1_GENERALIZED_TIME MBEDTLS_ASN1_GENERALIZED_TIME
+#define ASN1_IA5_STRING MBEDTLS_ASN1_IA5_STRING
+#define ASN1_INTEGER MBEDTLS_ASN1_INTEGER
+#define ASN1_NULL MBEDTLS_ASN1_NULL
+#define ASN1_OCTET_STRING MBEDTLS_ASN1_OCTET_STRING
+#define ASN1_OID MBEDTLS_ASN1_OID
+#define ASN1_PRIMITIVE MBEDTLS_ASN1_PRIMITIVE
+#define ASN1_PRINTABLE_STRING MBEDTLS_ASN1_PRINTABLE_STRING
+#define ASN1_SEQUENCE MBEDTLS_ASN1_SEQUENCE
+#define ASN1_SET MBEDTLS_ASN1_SET
+#define ASN1_T61_STRING MBEDTLS_ASN1_T61_STRING
+#define ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
+#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
+#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
+#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
+#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
+#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
+#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
+#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
+#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
+#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
+#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
+#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
+#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
+#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
+#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
+#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
+#define BLOWFISH_ENCRYPT MBEDTLS_BLOWFISH_ENCRYPT
+#define BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
+#define BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
+#define BLOWFISH_ROUNDS MBEDTLS_BLOWFISH_ROUNDS
+#define CAMELLIA_DECRYPT MBEDTLS_CAMELLIA_DECRYPT
+#define CAMELLIA_ENCRYPT MBEDTLS_CAMELLIA_ENCRYPT
+#define COLLECT_SIZE MBEDTLS_HAVEGE_COLLECT_SIZE
+#define CTR_DRBG_BLOCKSIZE MBEDTLS_CTR_DRBG_BLOCKSIZE
+#define CTR_DRBG_ENTROPY_LEN MBEDTLS_CTR_DRBG_ENTROPY_LEN
+#define CTR_DRBG_KEYBITS MBEDTLS_CTR_DRBG_KEYBITS
+#define CTR_DRBG_KEYSIZE MBEDTLS_CTR_DRBG_KEYSIZE
+#define CTR_DRBG_MAX_INPUT MBEDTLS_CTR_DRBG_MAX_INPUT
+#define CTR_DRBG_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
+#define CTR_DRBG_MAX_SEED_INPUT MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+#define CTR_DRBG_PR_OFF MBEDTLS_CTR_DRBG_PR_OFF
+#define CTR_DRBG_PR_ON MBEDTLS_CTR_DRBG_PR_ON
+#define CTR_DRBG_RESEED_INTERVAL MBEDTLS_CTR_DRBG_RESEED_INTERVAL
+#define CTR_DRBG_SEEDLEN MBEDTLS_CTR_DRBG_SEEDLEN
+#define DEPRECATED MBEDTLS_DEPRECATED
+#define DES_DECRYPT MBEDTLS_DES_DECRYPT
+#define DES_ENCRYPT MBEDTLS_DES_ENCRYPT
+#define DES_KEY_SIZE MBEDTLS_DES_KEY_SIZE
+#define ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_BLOCK_SIZE
+#define ENTROPY_MAX_GATHER MBEDTLS_ENTROPY_MAX_GATHER
+#define ENTROPY_MAX_SEED_SIZE MBEDTLS_ENTROPY_MAX_SEED_SIZE
+#define ENTROPY_MAX_SOURCES MBEDTLS_ENTROPY_MAX_SOURCES
+#define ENTROPY_MIN_HARDCLOCK MBEDTLS_ENTROPY_MIN_HARDCLOCK
+#define ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
+#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
+#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
+#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
+#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
+#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
+#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
+#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
+#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
+#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
+#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
+#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
+#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
+#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
+#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
+#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
+#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
+#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
+#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
+#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
+#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
+#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
+#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
+#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
+#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
+#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
+#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
+#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
+#define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
+#define MEMORY_VERIFY_ALLOC MBEDTLS_MEMORY_VERIFY_ALLOC
+#define MEMORY_VERIFY_ALWAYS MBEDTLS_MEMORY_VERIFY_ALWAYS
+#define MEMORY_VERIFY_FREE MBEDTLS_MEMORY_VERIFY_FREE
+#define MEMORY_VERIFY_NONE MBEDTLS_MEMORY_VERIFY_NONE
+#define MPI_CHK MBEDTLS_MPI_CHK
+#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
+#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
+#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
+#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
+#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
+#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
+#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
+#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
+#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
+#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
+#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
+#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
+#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD
+#define OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62_SIG
+#define OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2
+#define OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
+#define OID_AT MBEDTLS_OID_AT
+#define OID_AT_CN MBEDTLS_OID_AT_CN
+#define OID_AT_COUNTRY MBEDTLS_OID_AT_COUNTRY
+#define OID_AT_DN_QUALIFIER MBEDTLS_OID_AT_DN_QUALIFIER
+#define OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT_GENERATION_QUALIFIER
+#define OID_AT_GIVEN_NAME MBEDTLS_OID_AT_GIVEN_NAME
+#define OID_AT_INITIALS MBEDTLS_OID_AT_INITIALS
+#define OID_AT_LOCALITY MBEDTLS_OID_AT_LOCALITY
+#define OID_AT_ORGANIZATION MBEDTLS_OID_AT_ORGANIZATION
+#define OID_AT_ORG_UNIT MBEDTLS_OID_AT_ORG_UNIT
+#define OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT_POSTAL_ADDRESS
+#define OID_AT_POSTAL_CODE MBEDTLS_OID_AT_POSTAL_CODE
+#define OID_AT_PSEUDONYM MBEDTLS_OID_AT_PSEUDONYM
+#define OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT_SERIAL_NUMBER
+#define OID_AT_STATE MBEDTLS_OID_AT_STATE
+#define OID_AT_SUR_NAME MBEDTLS_OID_AT_SUR_NAME
+#define OID_AT_TITLE MBEDTLS_OID_AT_TITLE
+#define OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT_UNIQUE_IDENTIFIER
+#define OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER
+#define OID_BASIC_CONSTRAINTS MBEDTLS_OID_BASIC_CONSTRAINTS
+#define OID_CERTICOM MBEDTLS_OID_CERTICOM
+#define OID_CERTIFICATE_POLICIES MBEDTLS_OID_CERTIFICATE_POLICIES
+#define OID_CLIENT_AUTH MBEDTLS_OID_CLIENT_AUTH
+#define OID_CMP MBEDTLS_OID_CMP
+#define OID_CODE_SIGNING MBEDTLS_OID_CODE_SIGNING
+#define OID_COUNTRY_US MBEDTLS_OID_COUNTRY_US
+#define OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_CRL_DISTRIBUTION_POINTS
+#define OID_CRL_NUMBER MBEDTLS_OID_CRL_NUMBER
+#define OID_DES_CBC MBEDTLS_OID_DES_CBC
+#define OID_DES_EDE3_CBC MBEDTLS_OID_DES_EDE3_CBC
+#define OID_DIGEST_ALG_MD2 MBEDTLS_OID_DIGEST_ALG_MD2
+#define OID_DIGEST_ALG_MD4 MBEDTLS_OID_DIGEST_ALG_MD4
+#define OID_DIGEST_ALG_MD5 MBEDTLS_OID_DIGEST_ALG_MD5
+#define OID_DIGEST_ALG_SHA1 MBEDTLS_OID_DIGEST_ALG_SHA1
+#define OID_DIGEST_ALG_SHA224 MBEDTLS_OID_DIGEST_ALG_SHA224
+#define OID_DIGEST_ALG_SHA256 MBEDTLS_OID_DIGEST_ALG_SHA256
+#define OID_DIGEST_ALG_SHA384 MBEDTLS_OID_DIGEST_ALG_SHA384
+#define OID_DIGEST_ALG_SHA512 MBEDTLS_OID_DIGEST_ALG_SHA512
+#define OID_DOMAIN_COMPONENT MBEDTLS_OID_DOMAIN_COMPONENT
+#define OID_ECDSA_SHA1 MBEDTLS_OID_ECDSA_SHA1
+#define OID_ECDSA_SHA224 MBEDTLS_OID_ECDSA_SHA224
+#define OID_ECDSA_SHA256 MBEDTLS_OID_ECDSA_SHA256
+#define OID_ECDSA_SHA384 MBEDTLS_OID_ECDSA_SHA384
+#define OID_ECDSA_SHA512 MBEDTLS_OID_ECDSA_SHA512
+#define OID_EC_ALG_ECDH MBEDTLS_OID_EC_ALG_ECDH
+#define OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_EC_ALG_UNRESTRICTED
+#define OID_EC_BRAINPOOL_V1 MBEDTLS_OID_EC_BRAINPOOL_V1
+#define OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_GRP_BP256R1
+#define OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_GRP_BP384R1
+#define OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_GRP_BP512R1
+#define OID_EC_GRP_SECP192K1 MBEDTLS_OID_EC_GRP_SECP192K1
+#define OID_EC_GRP_SECP192R1 MBEDTLS_OID_EC_GRP_SECP192R1
+#define OID_EC_GRP_SECP224K1 MBEDTLS_OID_EC_GRP_SECP224K1
+#define OID_EC_GRP_SECP224R1 MBEDTLS_OID_EC_GRP_SECP224R1
+#define OID_EC_GRP_SECP256K1 MBEDTLS_OID_EC_GRP_SECP256K1
+#define OID_EC_GRP_SECP256R1 MBEDTLS_OID_EC_GRP_SECP256R1
+#define OID_EC_GRP_SECP384R1 MBEDTLS_OID_EC_GRP_SECP384R1
+#define OID_EC_GRP_SECP521R1 MBEDTLS_OID_EC_GRP_SECP521R1
+#define OID_EMAIL_PROTECTION MBEDTLS_OID_EMAIL_PROTECTION
+#define OID_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE
+#define OID_FRESHEST_CRL MBEDTLS_OID_FRESHEST_CRL
+#define OID_GOV MBEDTLS_OID_GOV
+#define OID_HMAC_SHA1 MBEDTLS_OID_HMAC_SHA1
+#define OID_ID_CE MBEDTLS_OID_ID_CE
+#define OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_INIHIBIT_ANYPOLICY
+#define OID_ISO_CCITT_DS MBEDTLS_OID_ISO_CCITT_DS
+#define OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ISO_IDENTIFIED_ORG
+#define OID_ISO_ITU_COUNTRY MBEDTLS_OID_ISO_ITU_COUNTRY
+#define OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_US_ORG
+#define OID_ISO_MEMBER_BODIES MBEDTLS_OID_ISO_MEMBER_BODIES
+#define OID_ISSUER_ALT_NAME MBEDTLS_OID_ISSUER_ALT_NAME
+#define OID_KEY_USAGE MBEDTLS_OID_KEY_USAGE
+#define OID_KP MBEDTLS_OID_KP
+#define OID_MGF1 MBEDTLS_OID_MGF1
+#define OID_NAME_CONSTRAINTS MBEDTLS_OID_NAME_CONSTRAINTS
+#define OID_NETSCAPE MBEDTLS_OID_NETSCAPE
+#define OID_NS_BASE_URL MBEDTLS_OID_NS_BASE_URL
+#define OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CA_POLICY_URL
+#define OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CA_REVOCATION_URL
+#define OID_NS_CERT MBEDTLS_OID_NS_CERT
+#define OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_CERT_SEQUENCE
+#define OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT_TYPE
+#define OID_NS_COMMENT MBEDTLS_OID_NS_COMMENT
+#define OID_NS_DATA_TYPE MBEDTLS_OID_NS_DATA_TYPE
+#define OID_NS_RENEWAL_URL MBEDTLS_OID_NS_RENEWAL_URL
+#define OID_NS_REVOCATION_URL MBEDTLS_OID_NS_REVOCATION_URL
+#define OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_SSL_SERVER_NAME
+#define OID_OCSP_SIGNING MBEDTLS_OID_OCSP_SIGNING
+#define OID_OIW_SECSIG MBEDTLS_OID_OIW_SECSIG
+#define OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG_ALG
+#define OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_SHA1
+#define OID_ORGANIZATION MBEDTLS_OID_ORGANIZATION
+#define OID_ORG_ANSI_X9_62 MBEDTLS_OID_ORG_ANSI_X9_62
+#define OID_ORG_CERTICOM MBEDTLS_OID_ORG_CERTICOM
+#define OID_ORG_DOD MBEDTLS_OID_ORG_DOD
+#define OID_ORG_GOV MBEDTLS_OID_ORG_GOV
+#define OID_ORG_NETSCAPE MBEDTLS_OID_ORG_NETSCAPE
+#define OID_ORG_OIW MBEDTLS_OID_ORG_OIW
+#define OID_ORG_RSA_DATA_SECURITY MBEDTLS_OID_ORG_RSA_DATA_SECURITY
+#define OID_ORG_TELETRUST MBEDTLS_OID_ORG_TELETRUST
+#define OID_PKCS MBEDTLS_OID_PKCS
+#define OID_PKCS1 MBEDTLS_OID_PKCS1
+#define OID_PKCS12 MBEDTLS_OID_PKCS12
+#define OID_PKCS12_PBE MBEDTLS_OID_PKCS12_PBE
+#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
+#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
+#define OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC
+#define OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC
+#define OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128
+#define OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40
+#define OID_PKCS1_MD2 MBEDTLS_OID_PKCS1_MD2
+#define OID_PKCS1_MD4 MBEDTLS_OID_PKCS1_MD4
+#define OID_PKCS1_MD5 MBEDTLS_OID_PKCS1_MD5
+#define OID_PKCS1_RSA MBEDTLS_OID_PKCS1_RSA
+#define OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1_SHA1
+#define OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1_SHA224
+#define OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1_SHA256
+#define OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1_SHA384
+#define OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1_SHA512
+#define OID_PKCS5 MBEDTLS_OID_PKCS5
+#define OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5_PBES2
+#define OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC
+#define OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC
+#define OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC
+#define OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC
+#define OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC
+#define OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC
+#define OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5_PBKDF2
+#define OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5_PBMAC1
+#define OID_PKCS9 MBEDTLS_OID_PKCS9
+#define OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9_CSR_EXT_REQ
+#define OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9_EMAIL
+#define OID_PKIX MBEDTLS_OID_PKIX
+#define OID_POLICY_CONSTRAINTS MBEDTLS_OID_POLICY_CONSTRAINTS
+#define OID_POLICY_MAPPINGS MBEDTLS_OID_POLICY_MAPPINGS
+#define OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD
+#define OID_RSASSA_PSS MBEDTLS_OID_RSASSA_PSS
+#define OID_RSA_COMPANY MBEDTLS_OID_RSA_COMPANY
+#define OID_RSA_SHA_OBS MBEDTLS_OID_RSA_SHA_OBS
+#define OID_SERVER_AUTH MBEDTLS_OID_SERVER_AUTH
+#define OID_SIZE MBEDTLS_OID_SIZE
+#define OID_SUBJECT_ALT_NAME MBEDTLS_OID_SUBJECT_ALT_NAME
+#define OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS
+#define OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER
+#define OID_TELETRUST MBEDTLS_OID_TELETRUST
+#define OID_TIME_STAMPING MBEDTLS_OID_TIME_STAMPING
+#define PADLOCK_ACE MBEDTLS_PADLOCK_ACE
+#define PADLOCK_ALIGN16 MBEDTLS_PADLOCK_ALIGN16
+#define PADLOCK_PHE MBEDTLS_PADLOCK_PHE
+#define PADLOCK_PMM MBEDTLS_PADLOCK_PMM
+#define PADLOCK_RNG MBEDTLS_PADLOCK_RNG
+#define PKCS12_DERIVE_IV MBEDTLS_PKCS12_DERIVE_IV
+#define PKCS12_DERIVE_KEY MBEDTLS_PKCS12_DERIVE_KEY
+#define PKCS12_DERIVE_MAC_KEY MBEDTLS_PKCS12_DERIVE_MAC_KEY
+#define PKCS12_PBE_DECRYPT MBEDTLS_PKCS12_PBE_DECRYPT
+#define PKCS12_PBE_ENCRYPT MBEDTLS_PKCS12_PBE_ENCRYPT
+#define PKCS5_DECRYPT MBEDTLS_PKCS5_DECRYPT
+#define PKCS5_ENCRYPT MBEDTLS_PKCS5_ENCRYPT
+#define POLARSSL_AESNI_AES MBEDTLS_AESNI_AES
+#define POLARSSL_AESNI_CLMUL MBEDTLS_AESNI_CLMUL
+#define POLARSSL_AESNI_H MBEDTLS_AESNI_H
+#define POLARSSL_AES_H MBEDTLS_AES_H
+#define POLARSSL_ARC4_H MBEDTLS_ARC4_H
+#define POLARSSL_ASN1_H MBEDTLS_ASN1_H
+#define POLARSSL_ASN1_WRITE_H MBEDTLS_ASN1_WRITE_H
+#define POLARSSL_BASE64_H MBEDTLS_BASE64_H
+#define POLARSSL_BIGNUM_H MBEDTLS_BIGNUM_H
+#define POLARSSL_BLOWFISH_H MBEDTLS_BLOWFISH_H
+#define POLARSSL_BN_MUL_H MBEDTLS_BN_MUL_H
+#define POLARSSL_CAMELLIA_H MBEDTLS_CAMELLIA_H
+#define POLARSSL_CCM_H MBEDTLS_CCM_H
+#define POLARSSL_CERTS_H MBEDTLS_CERTS_H
+#define POLARSSL_CHECK_CONFIG_H MBEDTLS_CHECK_CONFIG_H
+#define POLARSSL_CIPHERSUITE_NODTLS MBEDTLS_CIPHERSUITE_NODTLS
+#define POLARSSL_CIPHERSUITE_SHORT_TAG MBEDTLS_CIPHERSUITE_SHORT_TAG
+#define POLARSSL_CIPHERSUITE_WEAK MBEDTLS_CIPHERSUITE_WEAK
+#define POLARSSL_CIPHER_AES_128_CBC MBEDTLS_CIPHER_AES_128_CBC
+#define POLARSSL_CIPHER_AES_128_CCM MBEDTLS_CIPHER_AES_128_CCM
+#define POLARSSL_CIPHER_AES_128_CFB128 MBEDTLS_CIPHER_AES_128_CFB128
+#define POLARSSL_CIPHER_AES_128_CTR MBEDTLS_CIPHER_AES_128_CTR
+#define POLARSSL_CIPHER_AES_128_ECB MBEDTLS_CIPHER_AES_128_ECB
+#define POLARSSL_CIPHER_AES_128_GCM MBEDTLS_CIPHER_AES_128_GCM
+#define POLARSSL_CIPHER_AES_192_CBC MBEDTLS_CIPHER_AES_192_CBC
+#define POLARSSL_CIPHER_AES_192_CCM MBEDTLS_CIPHER_AES_192_CCM
+#define POLARSSL_CIPHER_AES_192_CFB128 MBEDTLS_CIPHER_AES_192_CFB128
+#define POLARSSL_CIPHER_AES_192_CTR MBEDTLS_CIPHER_AES_192_CTR
+#define POLARSSL_CIPHER_AES_192_ECB MBEDTLS_CIPHER_AES_192_ECB
+#define POLARSSL_CIPHER_AES_192_GCM MBEDTLS_CIPHER_AES_192_GCM
+#define POLARSSL_CIPHER_AES_256_CBC MBEDTLS_CIPHER_AES_256_CBC
+#define POLARSSL_CIPHER_AES_256_CCM MBEDTLS_CIPHER_AES_256_CCM
+#define POLARSSL_CIPHER_AES_256_CFB128 MBEDTLS_CIPHER_AES_256_CFB128
+#define POLARSSL_CIPHER_AES_256_CTR MBEDTLS_CIPHER_AES_256_CTR
+#define POLARSSL_CIPHER_AES_256_ECB MBEDTLS_CIPHER_AES_256_ECB
+#define POLARSSL_CIPHER_AES_256_GCM MBEDTLS_CIPHER_AES_256_GCM
+#define POLARSSL_CIPHER_ARC4_128 MBEDTLS_CIPHER_ARC4_128
+#define POLARSSL_CIPHER_BLOWFISH_CBC MBEDTLS_CIPHER_BLOWFISH_CBC
+#define POLARSSL_CIPHER_BLOWFISH_CFB64 MBEDTLS_CIPHER_BLOWFISH_CFB64
+#define POLARSSL_CIPHER_BLOWFISH_CTR MBEDTLS_CIPHER_BLOWFISH_CTR
+#define POLARSSL_CIPHER_BLOWFISH_ECB MBEDTLS_CIPHER_BLOWFISH_ECB
+#define POLARSSL_CIPHER_CAMELLIA_128_CBC MBEDTLS_CIPHER_CAMELLIA_128_CBC
+#define POLARSSL_CIPHER_CAMELLIA_128_CCM MBEDTLS_CIPHER_CAMELLIA_128_CCM
+#define POLARSSL_CIPHER_CAMELLIA_128_CFB128 MBEDTLS_CIPHER_CAMELLIA_128_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_128_CTR MBEDTLS_CIPHER_CAMELLIA_128_CTR
+#define POLARSSL_CIPHER_CAMELLIA_128_ECB MBEDTLS_CIPHER_CAMELLIA_128_ECB
+#define POLARSSL_CIPHER_CAMELLIA_128_GCM MBEDTLS_CIPHER_CAMELLIA_128_GCM
+#define POLARSSL_CIPHER_CAMELLIA_192_CBC MBEDTLS_CIPHER_CAMELLIA_192_CBC
+#define POLARSSL_CIPHER_CAMELLIA_192_CCM MBEDTLS_CIPHER_CAMELLIA_192_CCM
+#define POLARSSL_CIPHER_CAMELLIA_192_CFB128 MBEDTLS_CIPHER_CAMELLIA_192_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_192_CTR MBEDTLS_CIPHER_CAMELLIA_192_CTR
+#define POLARSSL_CIPHER_CAMELLIA_192_ECB MBEDTLS_CIPHER_CAMELLIA_192_ECB
+#define POLARSSL_CIPHER_CAMELLIA_192_GCM MBEDTLS_CIPHER_CAMELLIA_192_GCM
+#define POLARSSL_CIPHER_CAMELLIA_256_CBC MBEDTLS_CIPHER_CAMELLIA_256_CBC
+#define POLARSSL_CIPHER_CAMELLIA_256_CCM MBEDTLS_CIPHER_CAMELLIA_256_CCM
+#define POLARSSL_CIPHER_CAMELLIA_256_CFB128 MBEDTLS_CIPHER_CAMELLIA_256_CFB128
+#define POLARSSL_CIPHER_CAMELLIA_256_CTR MBEDTLS_CIPHER_CAMELLIA_256_CTR
+#define POLARSSL_CIPHER_CAMELLIA_256_ECB MBEDTLS_CIPHER_CAMELLIA_256_ECB
+#define POLARSSL_CIPHER_CAMELLIA_256_GCM MBEDTLS_CIPHER_CAMELLIA_256_GCM
+#define POLARSSL_CIPHER_DES_CBC MBEDTLS_CIPHER_DES_CBC
+#define POLARSSL_CIPHER_DES_ECB MBEDTLS_CIPHER_DES_ECB
+#define POLARSSL_CIPHER_DES_EDE3_CBC MBEDTLS_CIPHER_DES_EDE3_CBC
+#define POLARSSL_CIPHER_DES_EDE3_ECB MBEDTLS_CIPHER_DES_EDE3_ECB
+#define POLARSSL_CIPHER_DES_EDE_CBC MBEDTLS_CIPHER_DES_EDE_CBC
+#define POLARSSL_CIPHER_DES_EDE_ECB MBEDTLS_CIPHER_DES_EDE_ECB
+#define POLARSSL_CIPHER_H MBEDTLS_CIPHER_H
+#define POLARSSL_CIPHER_ID_3DES MBEDTLS_CIPHER_ID_3DES
+#define POLARSSL_CIPHER_ID_AES MBEDTLS_CIPHER_ID_AES
+#define POLARSSL_CIPHER_ID_ARC4 MBEDTLS_CIPHER_ID_ARC4
+#define POLARSSL_CIPHER_ID_BLOWFISH MBEDTLS_CIPHER_ID_BLOWFISH
+#define POLARSSL_CIPHER_ID_CAMELLIA MBEDTLS_CIPHER_ID_CAMELLIA
+#define POLARSSL_CIPHER_ID_DES MBEDTLS_CIPHER_ID_DES
+#define POLARSSL_CIPHER_ID_NONE MBEDTLS_CIPHER_ID_NONE
+#define POLARSSL_CIPHER_ID_NULL MBEDTLS_CIPHER_ID_NULL
+#define POLARSSL_CIPHER_MODE_AEAD MBEDTLS_CIPHER_MODE_AEAD
+#define POLARSSL_CIPHER_MODE_STREAM MBEDTLS_CIPHER_MODE_STREAM
+#define POLARSSL_CIPHER_MODE_WITH_PADDING MBEDTLS_CIPHER_MODE_WITH_PADDING
+#define POLARSSL_CIPHER_NONE MBEDTLS_CIPHER_NONE
+#define POLARSSL_CIPHER_NULL MBEDTLS_CIPHER_NULL
+#define POLARSSL_CIPHER_VARIABLE_IV_LEN MBEDTLS_CIPHER_VARIABLE_IV_LEN
+#define POLARSSL_CIPHER_VARIABLE_KEY_LEN MBEDTLS_CIPHER_VARIABLE_KEY_LEN
+#define POLARSSL_CIPHER_WRAP_H MBEDTLS_CIPHER_WRAP_H
+#define POLARSSL_CONFIG_H MBEDTLS_CONFIG_H
+#define POLARSSL_CTR_DRBG_H MBEDTLS_CTR_DRBG_H
+#define POLARSSL_DEBUG_H MBEDTLS_DEBUG_H
+#define POLARSSL_DEBUG_LOG_FULL MBEDTLS_DEBUG_LOG_FULL
+#define POLARSSL_DEBUG_LOG_RAW MBEDTLS_DEBUG_LOG_RAW
+#define POLARSSL_DECRYPT MBEDTLS_DECRYPT
+#define POLARSSL_DES_H MBEDTLS_DES_H
+#define POLARSSL_DHM_H MBEDTLS_DHM_H
+#define POLARSSL_DHM_RFC2409_MODP_1024_G MBEDTLS_DHM_RFC2409_MODP_1024_G
+#define POLARSSL_DHM_RFC2409_MODP_1024_P MBEDTLS_DHM_RFC2409_MODP_1024_P
+#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G
+#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P
+#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G
+#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P
+#define POLARSSL_DHM_RFC5114_MODP_1024_G MBEDTLS_DHM_RFC5114_MODP_1024_G
+#define POLARSSL_DHM_RFC5114_MODP_1024_P MBEDTLS_DHM_RFC5114_MODP_1024_P
+#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G
+#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P
+#define POLARSSL_ECDH_H MBEDTLS_ECDH_H
+#define POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS
+#define POLARSSL_ECDH_THEIRS MBEDTLS_ECDH_THEIRS
+#define POLARSSL_ECDSA_H MBEDTLS_ECDSA_H
+#define POLARSSL_ECP_DP_BP256R1 MBEDTLS_ECP_DP_BP256R1
+#define POLARSSL_ECP_DP_BP384R1 MBEDTLS_ECP_DP_BP384R1
+#define POLARSSL_ECP_DP_BP512R1 MBEDTLS_ECP_DP_BP512R1
+#define POLARSSL_ECP_DP_M255 MBEDTLS_ECP_DP_CURVE25519
+#define POLARSSL_ECP_DP_MAX MBEDTLS_ECP_DP_MAX
+#define POLARSSL_ECP_DP_NONE MBEDTLS_ECP_DP_NONE
+#define POLARSSL_ECP_DP_SECP192K1 MBEDTLS_ECP_DP_SECP192K1
+#define POLARSSL_ECP_DP_SECP192R1 MBEDTLS_ECP_DP_SECP192R1
+#define POLARSSL_ECP_DP_SECP224K1 MBEDTLS_ECP_DP_SECP224K1
+#define POLARSSL_ECP_DP_SECP224R1 MBEDTLS_ECP_DP_SECP224R1
+#define POLARSSL_ECP_DP_SECP256K1 MBEDTLS_ECP_DP_SECP256K1
+#define POLARSSL_ECP_DP_SECP256R1 MBEDTLS_ECP_DP_SECP256R1
+#define POLARSSL_ECP_DP_SECP384R1 MBEDTLS_ECP_DP_SECP384R1
+#define POLARSSL_ECP_DP_SECP521R1 MBEDTLS_ECP_DP_SECP521R1
+#define POLARSSL_ECP_H MBEDTLS_ECP_H
+#define POLARSSL_ECP_MAX_BYTES MBEDTLS_ECP_MAX_BYTES
+#define POLARSSL_ECP_MAX_PT_LEN MBEDTLS_ECP_MAX_PT_LEN
+#define POLARSSL_ECP_PF_COMPRESSED MBEDTLS_ECP_PF_COMPRESSED
+#define POLARSSL_ECP_PF_UNCOMPRESSED MBEDTLS_ECP_PF_UNCOMPRESSED
+#define POLARSSL_ECP_TLS_NAMED_CURVE MBEDTLS_ECP_TLS_NAMED_CURVE
+#define POLARSSL_ENCRYPT MBEDTLS_ENCRYPT
+#define POLARSSL_ENTROPY_H MBEDTLS_ENTROPY_H
+#define POLARSSL_ENTROPY_POLL_H MBEDTLS_ENTROPY_POLL_H
+#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#define POLARSSL_ERROR_H MBEDTLS_ERROR_H
+#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+#define POLARSSL_ERR_ASN1_INVALID_DATA MBEDTLS_ERR_ASN1_INVALID_DATA
+#define POLARSSL_ERR_ASN1_INVALID_LENGTH MBEDTLS_ERR_ASN1_INVALID_LENGTH
+#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+#define POLARSSL_ERR_ASN1_MALLOC_FAILED MBEDTLS_ERR_ASN1_ALLOC_FAILED
+#define POLARSSL_ERR_ASN1_OUT_OF_DATA MBEDTLS_ERR_ASN1_OUT_OF_DATA
+#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_BASE64_INVALID_CHARACTER MBEDTLS_ERR_BASE64_INVALID_CHARACTER
+#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
+#define POLARSSL_ERR_CCM_AUTH_FAILED MBEDTLS_ERR_CCM_AUTH_FAILED
+#define POLARSSL_ERR_CCM_BAD_INPUT MBEDTLS_ERR_CCM_BAD_INPUT
+#define POLARSSL_ERR_CIPHER_ALLOC_FAILED MBEDTLS_ERR_CIPHER_ALLOC_FAILED
+#define POLARSSL_ERR_CIPHER_AUTH_FAILED MBEDTLS_ERR_CIPHER_AUTH_FAILED
+#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
+#define POLARSSL_ERR_CIPHER_INVALID_PADDING MBEDTLS_ERR_CIPHER_INVALID_PADDING
+#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR
+#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
+#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+#define POLARSSL_ERR_DHM_BAD_INPUT_DATA MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED MBEDTLS_ERR_DHM_CALC_SECRET_FAILED
+#define POLARSSL_ERR_DHM_FILE_IO_ERROR MBEDTLS_ERR_DHM_FILE_IO_ERROR
+#define POLARSSL_ERR_DHM_INVALID_FORMAT MBEDTLS_ERR_DHM_INVALID_FORMAT
+#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
+#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED
+#define POLARSSL_ERR_DHM_MALLOC_FAILED MBEDTLS_ERR_DHM_ALLOC_FAILED
+#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED MBEDTLS_ERR_DHM_READ_PARAMS_FAILED
+#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED
+#define POLARSSL_ERR_ECP_BAD_INPUT_DATA MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_ECP_INVALID_KEY MBEDTLS_ERR_ECP_INVALID_KEY
+#define POLARSSL_ERR_ECP_MALLOC_FAILED MBEDTLS_ERR_ECP_ALLOC_FAILED
+#define POLARSSL_ERR_ECP_RANDOM_FAILED MBEDTLS_ERR_ECP_RANDOM_FAILED
+#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH
+#define POLARSSL_ERR_ECP_VERIFY_FAILED MBEDTLS_ERR_ECP_VERIFY_FAILED
+#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
+#define POLARSSL_ERR_ENTROPY_MAX_SOURCES MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED
+#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_GCM_AUTH_FAILED MBEDTLS_ERR_GCM_AUTH_FAILED
+#define POLARSSL_ERR_GCM_BAD_INPUT MBEDTLS_ERR_GCM_BAD_INPUT
+#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+#define POLARSSL_ERR_MD2_FILE_IO_ERROR MBEDTLS_ERR_MD2_FILE_IO_ERROR
+#define POLARSSL_ERR_MD4_FILE_IO_ERROR MBEDTLS_ERR_MD4_FILE_IO_ERROR
+#define POLARSSL_ERR_MD5_FILE_IO_ERROR MBEDTLS_ERR_MD5_FILE_IO_ERROR
+#define POLARSSL_ERR_MD_ALLOC_FAILED MBEDTLS_ERR_MD_ALLOC_FAILED
+#define POLARSSL_ERR_MD_BAD_INPUT_DATA MBEDTLS_ERR_MD_BAD_INPUT_DATA
+#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_MD_FILE_IO_ERROR MBEDTLS_ERR_MD_FILE_IO_ERROR
+#define POLARSSL_ERR_MPI_BAD_INPUT_DATA MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+#define POLARSSL_ERR_MPI_FILE_IO_ERROR MBEDTLS_ERR_MPI_FILE_IO_ERROR
+#define POLARSSL_ERR_MPI_INVALID_CHARACTER MBEDTLS_ERR_MPI_INVALID_CHARACTER
+#define POLARSSL_ERR_MPI_MALLOC_FAILED MBEDTLS_ERR_MPI_ALLOC_FAILED
+#define POLARSSL_ERR_MPI_NEGATIVE_VALUE MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+#define POLARSSL_ERR_NET_ACCEPT_FAILED MBEDTLS_ERR_NET_ACCEPT_FAILED
+#define POLARSSL_ERR_NET_BIND_FAILED MBEDTLS_ERR_NET_BIND_FAILED
+#define POLARSSL_ERR_NET_CONNECT_FAILED MBEDTLS_ERR_NET_CONNECT_FAILED
+#define POLARSSL_ERR_NET_CONN_RESET MBEDTLS_ERR_NET_CONN_RESET
+#define POLARSSL_ERR_NET_LISTEN_FAILED MBEDTLS_ERR_NET_LISTEN_FAILED
+#define POLARSSL_ERR_NET_RECV_FAILED MBEDTLS_ERR_NET_RECV_FAILED
+#define POLARSSL_ERR_NET_SEND_FAILED MBEDTLS_ERR_NET_SEND_FAILED
+#define POLARSSL_ERR_NET_SOCKET_FAILED MBEDTLS_ERR_NET_SOCKET_FAILED
+#define POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
+#define POLARSSL_ERR_NET_UNKNOWN_HOST MBEDTLS_ERR_NET_UNKNOWN_HOST
+#define POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
+#define POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
+#define POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
+#define POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
+#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
+#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA MBEDTLS_ERR_PBKDF2_BAD_INPUT_DATA
+#define POLARSSL_ERR_PEM_BAD_INPUT_DATA MBEDTLS_ERR_PEM_BAD_INPUT_DATA
+#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PEM_INVALID_DATA MBEDTLS_ERR_PEM_INVALID_DATA
+#define POLARSSL_ERR_PEM_INVALID_ENC_IV MBEDTLS_ERR_PEM_INVALID_ENC_IV
+#define POLARSSL_ERR_PEM_MALLOC_FAILED MBEDTLS_ERR_PEM_ALLOC_FAILED
+#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
+#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH MBEDTLS_ERR_PEM_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED MBEDTLS_ERR_PEM_PASSWORD_REQUIRED
+#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
+#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
+#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT
+#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA
+#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PKCS5_INVALID_FORMAT MBEDTLS_ERR_PKCS5_INVALID_FORMAT
+#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PK_BAD_INPUT_DATA MBEDTLS_ERR_PK_BAD_INPUT_DATA
+#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_PK_FILE_IO_ERROR MBEDTLS_ERR_PK_FILE_IO_ERROR
+#define POLARSSL_ERR_PK_INVALID_ALG MBEDTLS_ERR_PK_INVALID_ALG
+#define POLARSSL_ERR_PK_INVALID_PUBKEY MBEDTLS_ERR_PK_INVALID_PUBKEY
+#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+#define POLARSSL_ERR_PK_KEY_INVALID_VERSION MBEDTLS_ERR_PK_KEY_INVALID_VERSION
+#define POLARSSL_ERR_PK_MALLOC_FAILED MBEDTLS_ERR_PK_ALLOC_FAILED
+#define POLARSSL_ERR_PK_PASSWORD_MISMATCH MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+#define POLARSSL_ERR_PK_PASSWORD_REQUIRED MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+#define POLARSSL_ERR_PK_SIG_LEN_MISMATCH MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
+#define POLARSSL_ERR_PK_TYPE_MISMATCH MBEDTLS_ERR_PK_TYPE_MISMATCH
+#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE
+#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
+#define POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR MBEDTLS_ERR_RIPEMD160_FILE_IO_ERROR
+#define POLARSSL_ERR_RSA_BAD_INPUT_DATA MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+#define POLARSSL_ERR_RSA_INVALID_PADDING MBEDTLS_ERR_RSA_INVALID_PADDING
+#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
+#define POLARSSL_ERR_RSA_KEY_GEN_FAILED MBEDTLS_ERR_RSA_KEY_GEN_FAILED
+#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
+#define POLARSSL_ERR_RSA_PRIVATE_FAILED MBEDTLS_ERR_RSA_PRIVATE_FAILED
+#define POLARSSL_ERR_RSA_PUBLIC_FAILED MBEDTLS_ERR_RSA_PUBLIC_FAILED
+#define POLARSSL_ERR_RSA_RNG_FAILED MBEDTLS_ERR_RSA_RNG_FAILED
+#define POLARSSL_ERR_RSA_VERIFY_FAILED MBEDTLS_ERR_RSA_VERIFY_FAILED
+#define POLARSSL_ERR_SHA1_FILE_IO_ERROR MBEDTLS_ERR_SHA1_FILE_IO_ERROR
+#define POLARSSL_ERR_SHA256_FILE_IO_ERROR MBEDTLS_ERR_SHA256_FILE_IO_ERROR
+#define POLARSSL_ERR_SHA512_FILE_IO_ERROR MBEDTLS_ERR_SHA512_FILE_IO_ERROR
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
+#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
+#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS
+#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP
+#define POLARSSL_ERR_SSL_BAD_HS_FINISHED MBEDTLS_ERR_SSL_BAD_HS_FINISHED
+#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
+#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
+#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
+#define POLARSSL_ERR_SSL_BAD_INPUT_DATA MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+#define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
+#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED
+#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
+#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE
+#define POLARSSL_ERR_SSL_COMPRESSION_FAILED MBEDTLS_ERR_SSL_COMPRESSION_FAILED
+#define POLARSSL_ERR_SSL_CONN_EOF MBEDTLS_ERR_SSL_CONN_EOF
+#define POLARSSL_ERR_SSL_COUNTER_WRAPPING MBEDTLS_ERR_SSL_COUNTER_WRAPPING
+#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
+#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
+#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
+#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH
+#define POLARSSL_ERR_SSL_INTERNAL_ERROR MBEDTLS_ERR_SSL_INTERNAL_ERROR
+#define POLARSSL_ERR_SSL_INVALID_MAC MBEDTLS_ERR_SSL_INVALID_MAC
+#define POLARSSL_ERR_SSL_INVALID_RECORD MBEDTLS_ERR_SSL_INVALID_RECORD
+#define POLARSSL_ERR_SSL_MALLOC_FAILED MBEDTLS_ERR_SSL_ALLOC_FAILED
+#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
+#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE
+#define POLARSSL_ERR_SSL_NO_RNG MBEDTLS_ERR_SSL_NO_RNG
+#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE
+#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
+#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED
+#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH
+#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED
+#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED
+#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER MBEDTLS_ERR_SSL_UNKNOWN_CIPHER
+#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY
+#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO
+#define POLARSSL_ERR_THREADING_BAD_INPUT_DATA MBEDTLS_ERR_THREADING_BAD_INPUT_DATA
+#define POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_THREADING_MUTEX_ERROR MBEDTLS_ERR_THREADING_MUTEX_ERROR
+#define POLARSSL_ERR_X509_BAD_INPUT_DATA MBEDTLS_ERR_X509_BAD_INPUT_DATA
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
+#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
+#define POLARSSL_ERR_X509_FILE_IO_ERROR MBEDTLS_ERR_X509_FILE_IO_ERROR
+#define POLARSSL_ERR_X509_INVALID_ALG MBEDTLS_ERR_X509_INVALID_ALG
+#define POLARSSL_ERR_X509_INVALID_DATE MBEDTLS_ERR_X509_INVALID_DATE
+#define POLARSSL_ERR_X509_INVALID_EXTENSIONS MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+#define POLARSSL_ERR_X509_INVALID_FORMAT MBEDTLS_ERR_X509_INVALID_FORMAT
+#define POLARSSL_ERR_X509_INVALID_NAME MBEDTLS_ERR_X509_INVALID_NAME
+#define POLARSSL_ERR_X509_INVALID_SERIAL MBEDTLS_ERR_X509_INVALID_SERIAL
+#define POLARSSL_ERR_X509_INVALID_SIGNATURE MBEDTLS_ERR_X509_INVALID_SIGNATURE
+#define POLARSSL_ERR_X509_INVALID_VERSION MBEDTLS_ERR_X509_INVALID_VERSION
+#define POLARSSL_ERR_X509_MALLOC_FAILED MBEDTLS_ERR_X509_ALLOC_FAILED
+#define POLARSSL_ERR_X509_SIG_MISMATCH MBEDTLS_ERR_X509_SIG_MISMATCH
+#define POLARSSL_ERR_X509_UNKNOWN_OID MBEDTLS_ERR_X509_UNKNOWN_OID
+#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
+#define POLARSSL_ERR_X509_UNKNOWN_VERSION MBEDTLS_ERR_X509_UNKNOWN_VERSION
+#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH
+#define POLARSSL_GCM_H MBEDTLS_GCM_H
+#define POLARSSL_HAVEGE_H MBEDTLS_HAVEGE_H
+#define POLARSSL_HAVE_INT32 MBEDTLS_HAVE_INT32
+#define POLARSSL_HAVE_INT64 MBEDTLS_HAVE_INT64
+#define POLARSSL_HAVE_UDBL MBEDTLS_HAVE_UDBL
+#define POLARSSL_HAVE_X86 MBEDTLS_HAVE_X86
+#define POLARSSL_HAVE_X86_64 MBEDTLS_HAVE_X86_64
+#define POLARSSL_HMAC_DRBG_H MBEDTLS_HMAC_DRBG_H
+#define POLARSSL_HMAC_DRBG_PR_OFF MBEDTLS_HMAC_DRBG_PR_OFF
+#define POLARSSL_HMAC_DRBG_PR_ON MBEDTLS_HMAC_DRBG_PR_ON
+#define POLARSSL_KEY_EXCHANGE_DHE_PSK MBEDTLS_KEY_EXCHANGE_DHE_PSK
+#define POLARSSL_KEY_EXCHANGE_DHE_RSA MBEDTLS_KEY_EXCHANGE_DHE_RSA
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
+#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
+#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
+#define POLARSSL_KEY_EXCHANGE_ECDH_RSA MBEDTLS_KEY_EXCHANGE_ECDH_RSA
+#define POLARSSL_KEY_EXCHANGE_NONE MBEDTLS_KEY_EXCHANGE_NONE
+#define POLARSSL_KEY_EXCHANGE_PSK MBEDTLS_KEY_EXCHANGE_PSK
+#define POLARSSL_KEY_EXCHANGE_RSA MBEDTLS_KEY_EXCHANGE_RSA
+#define POLARSSL_KEY_EXCHANGE_RSA_PSK MBEDTLS_KEY_EXCHANGE_RSA_PSK
+#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
+#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
+#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
+#define POLARSSL_KEY_LENGTH_DES MBEDTLS_KEY_LENGTH_DES
+#define POLARSSL_KEY_LENGTH_DES_EDE MBEDTLS_KEY_LENGTH_DES_EDE
+#define POLARSSL_KEY_LENGTH_DES_EDE3 MBEDTLS_KEY_LENGTH_DES_EDE3
+#define POLARSSL_KEY_LENGTH_NONE MBEDTLS_KEY_LENGTH_NONE
+#define POLARSSL_MAX_BLOCK_LENGTH MBEDTLS_MAX_BLOCK_LENGTH
+#define POLARSSL_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
+#define POLARSSL_MD2_H MBEDTLS_MD2_H
+#define POLARSSL_MD4_H MBEDTLS_MD4_H
+#define POLARSSL_MD5_H MBEDTLS_MD5_H
+#define POLARSSL_MD_H MBEDTLS_MD_H
+#define POLARSSL_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
+#define POLARSSL_MD_MD2 MBEDTLS_MD_MD2
+#define POLARSSL_MD_MD4 MBEDTLS_MD_MD4
+#define POLARSSL_MD_MD5 MBEDTLS_MD_MD5
+#define POLARSSL_MD_NONE MBEDTLS_MD_NONE
+#define POLARSSL_MD_RIPEMD160 MBEDTLS_MD_RIPEMD160
+#define POLARSSL_MD_SHA1 MBEDTLS_MD_SHA1
+#define POLARSSL_MD_SHA224 MBEDTLS_MD_SHA224
+#define POLARSSL_MD_SHA256 MBEDTLS_MD_SHA256
+#define POLARSSL_MD_SHA384 MBEDTLS_MD_SHA384
+#define POLARSSL_MD_SHA512 MBEDTLS_MD_SHA512
+#define POLARSSL_MD_WRAP_H MBEDTLS_MD_WRAP_H
+#define POLARSSL_MEMORY_BUFFER_ALLOC_H MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define POLARSSL_MEMORY_H MBEDTLS_MEMORY_H
+#define POLARSSL_MODE_CBC MBEDTLS_MODE_CBC
+#define POLARSSL_MODE_CCM MBEDTLS_MODE_CCM
+#define POLARSSL_MODE_CFB MBEDTLS_MODE_CFB
+#define POLARSSL_MODE_CTR MBEDTLS_MODE_CTR
+#define POLARSSL_MODE_ECB MBEDTLS_MODE_ECB
+#define POLARSSL_MODE_GCM MBEDTLS_MODE_GCM
+#define POLARSSL_MODE_NONE MBEDTLS_MODE_NONE
+#define POLARSSL_MODE_OFB MBEDTLS_MODE_OFB
+#define POLARSSL_MODE_STREAM MBEDTLS_MODE_STREAM
+#define POLARSSL_MPI_MAX_BITS MBEDTLS_MPI_MAX_BITS
+#define POLARSSL_MPI_MAX_BITS_SCALE100 MBEDTLS_MPI_MAX_BITS_SCALE100
+#define POLARSSL_MPI_MAX_LIMBS MBEDTLS_MPI_MAX_LIMBS
+#define POLARSSL_MPI_RW_BUFFER_SIZE MBEDTLS_MPI_RW_BUFFER_SIZE
+#define POLARSSL_NET_H MBEDTLS_NET_H
+#define POLARSSL_NET_LISTEN_BACKLOG MBEDTLS_NET_LISTEN_BACKLOG
+#define POLARSSL_OID_H MBEDTLS_OID_H
+#define POLARSSL_OPERATION_NONE MBEDTLS_OPERATION_NONE
+#define POLARSSL_PADDING_NONE MBEDTLS_PADDING_NONE
+#define POLARSSL_PADDING_ONE_AND_ZEROS MBEDTLS_PADDING_ONE_AND_ZEROS
+#define POLARSSL_PADDING_PKCS7 MBEDTLS_PADDING_PKCS7
+#define POLARSSL_PADDING_ZEROS MBEDTLS_PADDING_ZEROS
+#define POLARSSL_PADDING_ZEROS_AND_LEN MBEDTLS_PADDING_ZEROS_AND_LEN
+#define POLARSSL_PADLOCK_H MBEDTLS_PADLOCK_H
+#define POLARSSL_PBKDF2_H MBEDTLS_PBKDF2_H
+#define POLARSSL_PEM_H MBEDTLS_PEM_H
+#define POLARSSL_PKCS11_H MBEDTLS_PKCS11_H
+#define POLARSSL_PKCS12_H MBEDTLS_PKCS12_H
+#define POLARSSL_PKCS5_H MBEDTLS_PKCS5_H
+#define POLARSSL_PK_DEBUG_ECP MBEDTLS_PK_DEBUG_ECP
+#define POLARSSL_PK_DEBUG_MAX_ITEMS MBEDTLS_PK_DEBUG_MAX_ITEMS
+#define POLARSSL_PK_DEBUG_MPI MBEDTLS_PK_DEBUG_MPI
+#define POLARSSL_PK_DEBUG_NONE MBEDTLS_PK_DEBUG_NONE
+#define POLARSSL_PK_ECDSA MBEDTLS_PK_ECDSA
+#define POLARSSL_PK_ECKEY MBEDTLS_PK_ECKEY
+#define POLARSSL_PK_ECKEY_DH MBEDTLS_PK_ECKEY_DH
+#define POLARSSL_PK_H MBEDTLS_PK_H
+#define POLARSSL_PK_NONE MBEDTLS_PK_NONE
+#define POLARSSL_PK_RSA MBEDTLS_PK_RSA
+#define POLARSSL_PK_RSASSA_PSS MBEDTLS_PK_RSASSA_PSS
+#define POLARSSL_PK_RSA_ALT MBEDTLS_PK_RSA_ALT
+#define POLARSSL_PK_WRAP_H MBEDTLS_PK_WRAP_H
+#define POLARSSL_PLATFORM_H MBEDTLS_PLATFORM_H
+#define POLARSSL_PREMASTER_SIZE MBEDTLS_PREMASTER_SIZE
+#define POLARSSL_RIPEMD160_H MBEDTLS_RIPEMD160_H
+#define POLARSSL_RSA_H MBEDTLS_RSA_H
+#define POLARSSL_SHA1_H MBEDTLS_SHA1_H
+#define POLARSSL_SHA256_H MBEDTLS_SHA256_H
+#define POLARSSL_SHA512_H MBEDTLS_SHA512_H
+#define POLARSSL_SSL_CACHE_H MBEDTLS_SSL_CACHE_H
+#define POLARSSL_SSL_CIPHERSUITES_H MBEDTLS_SSL_CIPHERSUITES_H
+#define POLARSSL_SSL_COOKIE_H MBEDTLS_SSL_COOKIE_H
+#define POLARSSL_SSL_H MBEDTLS_SSL_H
+#define POLARSSL_THREADING_H MBEDTLS_THREADING_H
+#define POLARSSL_THREADING_IMPL MBEDTLS_THREADING_IMPL
+#define POLARSSL_TIMING_H MBEDTLS_TIMING_H
+#define POLARSSL_VERSION_H MBEDTLS_VERSION_H
+#define POLARSSL_VERSION_MAJOR MBEDTLS_VERSION_MAJOR
+#define POLARSSL_VERSION_MINOR MBEDTLS_VERSION_MINOR
+#define POLARSSL_VERSION_NUMBER MBEDTLS_VERSION_NUMBER
+#define POLARSSL_VERSION_PATCH MBEDTLS_VERSION_PATCH
+#define POLARSSL_VERSION_STRING MBEDTLS_VERSION_STRING
+#define POLARSSL_VERSION_STRING_FULL MBEDTLS_VERSION_STRING_FULL
+#define POLARSSL_X509_CRL_H MBEDTLS_X509_CRL_H
+#define POLARSSL_X509_CRT_H MBEDTLS_X509_CRT_H
+#define POLARSSL_X509_CSR_H MBEDTLS_X509_CSR_H
+#define POLARSSL_X509_H MBEDTLS_X509_H
+#define POLARSSL_XTEA_H MBEDTLS_XTEA_H
+#define RSA_CRYPT MBEDTLS_RSA_CRYPT
+#define RSA_PKCS_V15 MBEDTLS_RSA_PKCS_V15
+#define RSA_PKCS_V21 MBEDTLS_RSA_PKCS_V21
+#define RSA_PRIVATE MBEDTLS_RSA_PRIVATE
+#define RSA_PUBLIC MBEDTLS_RSA_PUBLIC
+#define RSA_SALT_LEN_ANY MBEDTLS_RSA_SALT_LEN_ANY
+#define RSA_SIGN MBEDTLS_RSA_SIGN
+#define SSL_ALERT_LEVEL_FATAL MBEDTLS_SSL_ALERT_LEVEL_FATAL
+#define SSL_ALERT_LEVEL_WARNING MBEDTLS_SSL_ALERT_LEVEL_WARNING
+#define SSL_ALERT_MSG_ACCESS_DENIED MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED
+#define SSL_ALERT_MSG_BAD_CERT MBEDTLS_SSL_ALERT_MSG_BAD_CERT
+#define SSL_ALERT_MSG_BAD_RECORD_MAC MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC
+#define SSL_ALERT_MSG_CERT_EXPIRED MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED
+#define SSL_ALERT_MSG_CERT_REVOKED MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
+#define SSL_ALERT_MSG_CERT_UNKNOWN MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN
+#define SSL_ALERT_MSG_CLOSE_NOTIFY MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY
+#define SSL_ALERT_MSG_DECODE_ERROR MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR
+#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE
+#define SSL_ALERT_MSG_DECRYPTION_FAILED MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED
+#define SSL_ALERT_MSG_DECRYPT_ERROR MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR
+#define SSL_ALERT_MSG_EXPORT_RESTRICTION MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION
+#define SSL_ALERT_MSG_HANDSHAKE_FAILURE MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
+#define SSL_ALERT_MSG_ILLEGAL_PARAMETER MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER
+#define SSL_ALERT_MSG_INAPROPRIATE_FALLBACK MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK
+#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY
+#define SSL_ALERT_MSG_INTERNAL_ERROR MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR
+#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL
+#define SSL_ALERT_MSG_NO_CERT MBEDTLS_SSL_ALERT_MSG_NO_CERT
+#define SSL_ALERT_MSG_NO_RENEGOTIATION MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION
+#define SSL_ALERT_MSG_PROTOCOL_VERSION MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION
+#define SSL_ALERT_MSG_RECORD_OVERFLOW MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW
+#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE
+#define SSL_ALERT_MSG_UNKNOWN_CA MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
+#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY
+#define SSL_ALERT_MSG_UNRECOGNIZED_NAME MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME
+#define SSL_ALERT_MSG_UNSUPPORTED_CERT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
+#define SSL_ALERT_MSG_UNSUPPORTED_EXT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT
+#define SSL_ALERT_MSG_USER_CANCELED MBEDTLS_SSL_ALERT_MSG_USER_CANCELED
+#define SSL_ANTI_REPLAY_DISABLED MBEDTLS_SSL_ANTI_REPLAY_DISABLED
+#define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED
+#define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED
+#define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED
+#define SSL_BUFFER_LEN MBEDTLS_SSL_BUFFER_LEN
+#define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
+#define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
+#define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
+#define SSL_CBC_RECORD_SPLITTING_ENABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
+#define SSL_CERTIFICATE_REQUEST MBEDTLS_SSL_CERTIFICATE_REQUEST
+#define SSL_CERTIFICATE_VERIFY MBEDTLS_SSL_CERTIFICATE_VERIFY
+#define SSL_CERT_TYPE_ECDSA_SIGN MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN
+#define SSL_CERT_TYPE_RSA_SIGN MBEDTLS_SSL_CERT_TYPE_RSA_SIGN
+#define SSL_CHANNEL_INBOUND MBEDTLS_SSL_CHANNEL_INBOUND
+#define SSL_CHANNEL_OUTBOUND MBEDTLS_SSL_CHANNEL_OUTBOUND
+#define SSL_CIPHERSUITES MBEDTLS_SSL_CIPHERSUITES
+#define SSL_CLIENT_CERTIFICATE MBEDTLS_SSL_CLIENT_CERTIFICATE
+#define SSL_CLIENT_CHANGE_CIPHER_SPEC MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
+#define SSL_CLIENT_FINISHED MBEDTLS_SSL_CLIENT_FINISHED
+#define SSL_CLIENT_HELLO MBEDTLS_SSL_CLIENT_HELLO
+#define SSL_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
+#define SSL_COMPRESSION_ADD MBEDTLS_SSL_COMPRESSION_ADD
+#define SSL_COMPRESS_DEFLATE MBEDTLS_SSL_COMPRESS_DEFLATE
+#define SSL_COMPRESS_NULL MBEDTLS_SSL_COMPRESS_NULL
+#define SSL_DEBUG_BUF MBEDTLS_SSL_DEBUG_BUF
+#define SSL_DEBUG_CRT MBEDTLS_SSL_DEBUG_CRT
+#define SSL_DEBUG_ECP MBEDTLS_SSL_DEBUG_ECP
+#define SSL_DEBUG_MPI MBEDTLS_SSL_DEBUG_MPI
+#define SSL_DEBUG_MSG MBEDTLS_SSL_DEBUG_MSG
+#define SSL_DEBUG_RET MBEDTLS_SSL_DEBUG_RET
+#define SSL_DEFAULT_TICKET_LIFETIME MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
+#define SSL_DTLS_TIMEOUT_DFL_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
+#define SSL_DTLS_TIMEOUT_DFL_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
+#define SSL_EMPTY_RENEGOTIATION_INFO MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO
+#define SSL_ETM_DISABLED MBEDTLS_SSL_ETM_DISABLED
+#define SSL_ETM_ENABLED MBEDTLS_SSL_ETM_ENABLED
+#define SSL_EXTENDED_MS_DISABLED MBEDTLS_SSL_EXTENDED_MS_DISABLED
+#define SSL_EXTENDED_MS_ENABLED MBEDTLS_SSL_EXTENDED_MS_ENABLED
+#define SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
+#define SSL_FLUSH_BUFFERS MBEDTLS_SSL_FLUSH_BUFFERS
+#define SSL_HANDSHAKE_OVER MBEDTLS_SSL_HANDSHAKE_OVER
+#define SSL_HANDSHAKE_WRAPUP MBEDTLS_SSL_HANDSHAKE_WRAPUP
+#define SSL_HASH_MD5 MBEDTLS_SSL_HASH_MD5
+#define SSL_HASH_NONE MBEDTLS_SSL_HASH_NONE
+#define SSL_HASH_SHA1 MBEDTLS_SSL_HASH_SHA1
+#define SSL_HASH_SHA224 MBEDTLS_SSL_HASH_SHA224
+#define SSL_HASH_SHA256 MBEDTLS_SSL_HASH_SHA256
+#define SSL_HASH_SHA384 MBEDTLS_SSL_HASH_SHA384
+#define SSL_HASH_SHA512 MBEDTLS_SSL_HASH_SHA512
+#define SSL_HELLO_REQUEST MBEDTLS_SSL_HELLO_REQUEST
+#define SSL_HS_CERTIFICATE MBEDTLS_SSL_HS_CERTIFICATE
+#define SSL_HS_CERTIFICATE_REQUEST MBEDTLS_SSL_HS_CERTIFICATE_REQUEST
+#define SSL_HS_CERTIFICATE_VERIFY MBEDTLS_SSL_HS_CERTIFICATE_VERIFY
+#define SSL_HS_CLIENT_HELLO MBEDTLS_SSL_HS_CLIENT_HELLO
+#define SSL_HS_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE
+#define SSL_HS_FINISHED MBEDTLS_SSL_HS_FINISHED
+#define SSL_HS_HELLO_REQUEST MBEDTLS_SSL_HS_HELLO_REQUEST
+#define SSL_HS_HELLO_VERIFY_REQUEST MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST
+#define SSL_HS_NEW_SESSION_TICKET MBEDTLS_SSL_HS_NEW_SESSION_TICKET
+#define SSL_HS_SERVER_HELLO MBEDTLS_SSL_HS_SERVER_HELLO
+#define SSL_HS_SERVER_HELLO_DONE MBEDTLS_SSL_HS_SERVER_HELLO_DONE
+#define SSL_HS_SERVER_KEY_EXCHANGE MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE
+#define SSL_INITIAL_HANDSHAKE MBEDTLS_SSL_INITIAL_HANDSHAKE
+#define SSL_IS_CLIENT MBEDTLS_SSL_IS_CLIENT
+#define SSL_IS_FALLBACK MBEDTLS_SSL_IS_FALLBACK
+#define SSL_IS_NOT_FALLBACK MBEDTLS_SSL_IS_NOT_FALLBACK
+#define SSL_IS_SERVER MBEDTLS_SSL_IS_SERVER
+#define SSL_LEGACY_ALLOW_RENEGOTIATION MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
+#define SSL_LEGACY_BREAK_HANDSHAKE MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+#define SSL_LEGACY_NO_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
+#define SSL_LEGACY_RENEGOTIATION MBEDTLS_SSL_LEGACY_RENEGOTIATION
+#define SSL_MAC_ADD MBEDTLS_SSL_MAC_ADD
+#define SSL_MAJOR_VERSION_3 MBEDTLS_SSL_MAJOR_VERSION_3
+#define SSL_MAX_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
+#define SSL_MAX_FRAG_LEN_1024 MBEDTLS_SSL_MAX_FRAG_LEN_1024
+#define SSL_MAX_FRAG_LEN_2048 MBEDTLS_SSL_MAX_FRAG_LEN_2048
+#define SSL_MAX_FRAG_LEN_4096 MBEDTLS_SSL_MAX_FRAG_LEN_4096
+#define SSL_MAX_FRAG_LEN_512 MBEDTLS_SSL_MAX_FRAG_LEN_512
+#define SSL_MAX_FRAG_LEN_INVALID MBEDTLS_SSL_MAX_FRAG_LEN_INVALID
+#define SSL_MAX_FRAG_LEN_NONE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
+#define SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAX_MAJOR_VERSION
+#define SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MAX_MINOR_VERSION
+#define SSL_MINOR_VERSION_0 MBEDTLS_SSL_MINOR_VERSION_0
+#define SSL_MINOR_VERSION_1 MBEDTLS_SSL_MINOR_VERSION_1
+#define SSL_MINOR_VERSION_2 MBEDTLS_SSL_MINOR_VERSION_2
+#define SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_3
+#define SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MIN_MAJOR_VERSION
+#define SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MIN_MINOR_VERSION
+#define SSL_MSG_ALERT MBEDTLS_SSL_MSG_ALERT
+#define SSL_MSG_APPLICATION_DATA MBEDTLS_SSL_MSG_APPLICATION_DATA
+#define SSL_MSG_CHANGE_CIPHER_SPEC MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC
+#define SSL_MSG_HANDSHAKE MBEDTLS_SSL_MSG_HANDSHAKE
+#define SSL_PADDING_ADD MBEDTLS_SSL_PADDING_ADD
+#define SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
+#define SSL_RENEGOTIATION_DISABLED MBEDTLS_SSL_RENEGOTIATION_DISABLED
+#define SSL_RENEGOTIATION_DONE MBEDTLS_SSL_RENEGOTIATION_DONE
+#define SSL_RENEGOTIATION_ENABLED MBEDTLS_SSL_RENEGOTIATION_ENABLED
+#define SSL_RENEGOTIATION_NOT_ENFORCED MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED
+#define SSL_RENEGOTIATION_PENDING MBEDTLS_SSL_RENEGOTIATION_PENDING
+#define SSL_RENEGO_MAX_RECORDS_DEFAULT MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT
+#define SSL_RETRANS_FINISHED MBEDTLS_SSL_RETRANS_FINISHED
+#define SSL_RETRANS_PREPARING MBEDTLS_SSL_RETRANS_PREPARING
+#define SSL_RETRANS_SENDING MBEDTLS_SSL_RETRANS_SENDING
+#define SSL_RETRANS_WAITING MBEDTLS_SSL_RETRANS_WAITING
+#define SSL_SECURE_RENEGOTIATION MBEDTLS_SSL_SECURE_RENEGOTIATION
+#define SSL_SERVER_CERTIFICATE MBEDTLS_SSL_SERVER_CERTIFICATE
+#define SSL_SERVER_CHANGE_CIPHER_SPEC MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
+#define SSL_SERVER_FINISHED MBEDTLS_SSL_SERVER_FINISHED
+#define SSL_SERVER_HELLO MBEDTLS_SSL_SERVER_HELLO
+#define SSL_SERVER_HELLO_DONE MBEDTLS_SSL_SERVER_HELLO_DONE
+#define SSL_SERVER_HELLO_VERIFY_REQUEST_SENT MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT
+#define SSL_SERVER_KEY_EXCHANGE MBEDTLS_SSL_SERVER_KEY_EXCHANGE
+#define SSL_SERVER_NEW_SESSION_TICKET MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
+#define SSL_SESSION_TICKETS_DISABLED MBEDTLS_SSL_SESSION_TICKETS_DISABLED
+#define SSL_SESSION_TICKETS_ENABLED MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define SSL_SIG_ANON MBEDTLS_SSL_SIG_ANON
+#define SSL_SIG_ECDSA MBEDTLS_SSL_SIG_ECDSA
+#define SSL_SIG_RSA MBEDTLS_SSL_SIG_RSA
+#define SSL_TRANSPORT_DATAGRAM MBEDTLS_SSL_TRANSPORT_DATAGRAM
+#define SSL_TRANSPORT_STREAM MBEDTLS_SSL_TRANSPORT_STREAM
+#define SSL_TRUNCATED_HMAC_LEN MBEDTLS_SSL_TRUNCATED_HMAC_LEN
+#define SSL_TRUNC_HMAC_DISABLED MBEDTLS_SSL_TRUNC_HMAC_DISABLED
+#define SSL_TRUNC_HMAC_ENABLED MBEDTLS_SSL_TRUNC_HMAC_ENABLED
+#define SSL_VERIFY_DATA_MAX_LEN MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
+#define SSL_VERIFY_NONE MBEDTLS_SSL_VERIFY_NONE
+#define SSL_VERIFY_OPTIONAL MBEDTLS_SSL_VERIFY_OPTIONAL
+#define SSL_VERIFY_REQUIRED MBEDTLS_SSL_VERIFY_REQUIRED
+#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_DHE_PSK_WITH_AES_128_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM
+#define TLS_DHE_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8
+#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_DHE_PSK_WITH_AES_256_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM
+#define TLS_DHE_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8
+#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+#define TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+#define TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+#define TLS_DHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_DHE_RSA_WITH_AES_128_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM
+#define TLS_DHE_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8
+#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+#define TLS_DHE_RSA_WITH_AES_256_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM
+#define TLS_DHE_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
+#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+#define TLS_ECDHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+#define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+#define TLS_ECDH_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+#define TLS_EXT_ALPN MBEDTLS_TLS_EXT_ALPN
+#define TLS_EXT_ENCRYPT_THEN_MAC MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC
+#define TLS_EXT_EXTENDED_MASTER_SECRET MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET
+#define TLS_EXT_MAX_FRAGMENT_LENGTH MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH
+#define TLS_EXT_RENEGOTIATION_INFO MBEDTLS_TLS_EXT_RENEGOTIATION_INFO
+#define TLS_EXT_SERVERNAME MBEDTLS_TLS_EXT_SERVERNAME
+#define TLS_EXT_SERVERNAME_HOSTNAME MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME
+#define TLS_EXT_SESSION_TICKET MBEDTLS_TLS_EXT_SESSION_TICKET
+#define TLS_EXT_SIG_ALG MBEDTLS_TLS_EXT_SIG_ALG
+#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES
+#define TLS_EXT_SUPPORTED_POINT_FORMATS MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS
+#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT
+#define TLS_EXT_TRUNCATED_HMAC MBEDTLS_TLS_EXT_TRUNCATED_HMAC
+#define TLS_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+#define TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_PSK_WITH_AES_128_CCM MBEDTLS_TLS_PSK_WITH_AES_128_CCM
+#define TLS_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
+#define TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+#define TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_PSK_WITH_AES_256_CCM MBEDTLS_TLS_PSK_WITH_AES_256_CCM
+#define TLS_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8
+#define TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA
+#define TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+#define TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+#define TLS_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+#define TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+#define TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+#define TLS_RSA_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+#define TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+#define TLS_RSA_WITH_AES_128_CCM MBEDTLS_TLS_RSA_WITH_AES_128_CCM
+#define TLS_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8
+#define TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+#define TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+#define TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+#define TLS_RSA_WITH_AES_256_CCM MBEDTLS_TLS_RSA_WITH_AES_256_CCM
+#define TLS_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8
+#define TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+#define TLS_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+#define TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_WITH_NULL_MD5
+#define TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA
+#define TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+#define TLS_RSA_WITH_RC4_128_MD5 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+#define TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+#define UL64 MBEDTLS_UL64
+#define X509_CRT_VERSION_1 MBEDTLS_X509_CRT_VERSION_1
+#define X509_CRT_VERSION_2 MBEDTLS_X509_CRT_VERSION_2
+#define X509_CRT_VERSION_3 MBEDTLS_X509_CRT_VERSION_3
+#define X509_FORMAT_DER MBEDTLS_X509_FORMAT_DER
+#define X509_FORMAT_PEM MBEDTLS_X509_FORMAT_PEM
+#define X509_MAX_DN_NAME_SIZE MBEDTLS_X509_MAX_DN_NAME_SIZE
+#define X509_RFC5280_MAX_SERIAL_LEN MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
+#define X509_RFC5280_UTC_TIME_LEN MBEDTLS_X509_RFC5280_UTC_TIME_LEN
+#define XTEA_DECRYPT MBEDTLS_XTEA_DECRYPT
+#define XTEA_ENCRYPT MBEDTLS_XTEA_ENCRYPT
+#define _asn1_bitstring mbedtls_asn1_bitstring
+#define _asn1_buf mbedtls_asn1_buf
+#define _asn1_named_data mbedtls_asn1_named_data
+#define _asn1_sequence mbedtls_asn1_sequence
+#define _ssl_cache_context mbedtls_ssl_cache_context
+#define _ssl_cache_entry mbedtls_ssl_cache_entry
+#define _ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
+#define _ssl_context mbedtls_ssl_context
+#define _ssl_flight_item mbedtls_ssl_flight_item
+#define _ssl_handshake_params mbedtls_ssl_handshake_params
+#define _ssl_key_cert mbedtls_ssl_key_cert
+#define _ssl_premaster_secret mbedtls_ssl_premaster_secret
+#define _ssl_session mbedtls_ssl_session
+#define _ssl_ticket_keys mbedtls_ssl_ticket_keys
+#define _ssl_transform mbedtls_ssl_transform
+#define _x509_crl mbedtls_x509_crl
+#define _x509_crl_entry mbedtls_x509_crl_entry
+#define _x509_crt mbedtls_x509_crt
+#define _x509_csr mbedtls_x509_csr
+#define _x509_time mbedtls_x509_time
+#define _x509write_cert mbedtls_x509write_cert
+#define _x509write_csr mbedtls_x509write_csr
+#define aes_context mbedtls_aes_context
+#define aes_crypt_cbc mbedtls_aes_crypt_cbc
+#define aes_crypt_cfb128 mbedtls_aes_crypt_cfb128
+#define aes_crypt_cfb8 mbedtls_aes_crypt_cfb8
+#define aes_crypt_ctr mbedtls_aes_crypt_ctr
+#define aes_crypt_ecb mbedtls_aes_crypt_ecb
+#define aes_free mbedtls_aes_free
+#define aes_init mbedtls_aes_init
+#define aes_self_test mbedtls_aes_self_test
+#define aes_setkey_dec mbedtls_aes_setkey_dec
+#define aes_setkey_enc mbedtls_aes_setkey_enc
+#define aesni_crypt_ecb mbedtls_aesni_crypt_ecb
+#define aesni_gcm_mult mbedtls_aesni_gcm_mult
+#define aesni_inverse_key mbedtls_aesni_inverse_key
+#define aesni_setkey_enc mbedtls_aesni_setkey_enc
+#define aesni_supports mbedtls_aesni_has_support
+#define alarmed mbedtls_timing_alarmed
+#define arc4_context mbedtls_arc4_context
+#define arc4_crypt mbedtls_arc4_crypt
+#define arc4_free mbedtls_arc4_free
+#define arc4_init mbedtls_arc4_init
+#define arc4_self_test mbedtls_arc4_self_test
+#define arc4_setup mbedtls_arc4_setup
+#define asn1_bitstring mbedtls_asn1_bitstring
+#define asn1_buf mbedtls_asn1_buf
+#define asn1_find_named_data mbedtls_asn1_find_named_data
+#define asn1_free_named_data mbedtls_asn1_free_named_data
+#define asn1_free_named_data_list mbedtls_asn1_free_named_data_list
+#define asn1_get_alg mbedtls_asn1_get_alg
+#define asn1_get_alg_null mbedtls_asn1_get_alg_null
+#define asn1_get_bitstring mbedtls_asn1_get_bitstring
+#define asn1_get_bitstring_null mbedtls_asn1_get_bitstring_null
+#define asn1_get_bool mbedtls_asn1_get_bool
+#define asn1_get_int mbedtls_asn1_get_int
+#define asn1_get_len mbedtls_asn1_get_len
+#define asn1_get_mpi mbedtls_asn1_get_mpi
+#define asn1_get_sequence_of mbedtls_asn1_get_sequence_of
+#define asn1_get_tag mbedtls_asn1_get_tag
+#define asn1_named_data mbedtls_asn1_named_data
+#define asn1_sequence mbedtls_asn1_sequence
+#define asn1_store_named_data mbedtls_asn1_store_named_data
+#define asn1_write_algorithm_identifier mbedtls_asn1_write_algorithm_identifier
+#define asn1_write_bitstring mbedtls_asn1_write_bitstring
+#define asn1_write_bool mbedtls_asn1_write_bool
+#define asn1_write_ia5_string mbedtls_asn1_write_ia5_string
+#define asn1_write_int mbedtls_asn1_write_int
+#define asn1_write_len mbedtls_asn1_write_len
+#define asn1_write_mpi mbedtls_asn1_write_mpi
+#define asn1_write_null mbedtls_asn1_write_null
+#define asn1_write_octet_string mbedtls_asn1_write_octet_string
+#define asn1_write_oid mbedtls_asn1_write_oid
+#define asn1_write_printable_string mbedtls_asn1_write_printable_string
+#define asn1_write_raw_buffer mbedtls_asn1_write_raw_buffer
+#define asn1_write_tag mbedtls_asn1_write_tag
+#define base64_decode mbedtls_base64_decode
+#define base64_encode mbedtls_base64_encode
+#define base64_self_test mbedtls_base64_self_test
+#define blowfish_context mbedtls_blowfish_context
+#define blowfish_crypt_cbc mbedtls_blowfish_crypt_cbc
+#define blowfish_crypt_cfb64 mbedtls_blowfish_crypt_cfb64
+#define blowfish_crypt_ctr mbedtls_blowfish_crypt_ctr
+#define blowfish_crypt_ecb mbedtls_blowfish_crypt_ecb
+#define blowfish_free mbedtls_blowfish_free
+#define blowfish_init mbedtls_blowfish_init
+#define blowfish_setkey mbedtls_blowfish_setkey
+#define camellia_context mbedtls_camellia_context
+#define camellia_crypt_cbc mbedtls_camellia_crypt_cbc
+#define camellia_crypt_cfb128 mbedtls_camellia_crypt_cfb128
+#define camellia_crypt_ctr mbedtls_camellia_crypt_ctr
+#define camellia_crypt_ecb mbedtls_camellia_crypt_ecb
+#define camellia_free mbedtls_camellia_free
+#define camellia_init mbedtls_camellia_init
+#define camellia_self_test mbedtls_camellia_self_test
+#define camellia_setkey_dec mbedtls_camellia_setkey_dec
+#define camellia_setkey_enc mbedtls_camellia_setkey_enc
+#define ccm_auth_decrypt mbedtls_ccm_auth_decrypt
+#define ccm_context mbedtls_ccm_context
+#define ccm_encrypt_and_tag mbedtls_ccm_encrypt_and_tag
+#define ccm_free mbedtls_ccm_free
+#define ccm_init mbedtls_ccm_init
+#define ccm_self_test mbedtls_ccm_self_test
+#define cipher_auth_decrypt mbedtls_cipher_auth_decrypt
+#define cipher_auth_encrypt mbedtls_cipher_auth_encrypt
+#define cipher_base_t mbedtls_cipher_base_t
+#define cipher_check_tag mbedtls_cipher_check_tag
+#define cipher_context_t mbedtls_cipher_context_t
+#define cipher_crypt mbedtls_cipher_crypt
+#define cipher_definition_t mbedtls_cipher_definition_t
+#define cipher_definitions mbedtls_cipher_definitions
+#define cipher_finish mbedtls_cipher_finish
+#define cipher_free mbedtls_cipher_free
+#define cipher_free_ctx mbedtls_cipher_free_ctx
+#define cipher_get_block_size mbedtls_cipher_get_block_size
+#define cipher_get_cipher_mode mbedtls_cipher_get_cipher_mode
+#define cipher_get_iv_size mbedtls_cipher_get_iv_size
+#define cipher_get_key_size mbedtls_cipher_get_key_bitlen
+#define cipher_get_name mbedtls_cipher_get_name
+#define cipher_get_operation mbedtls_cipher_get_operation
+#define cipher_get_type mbedtls_cipher_get_type
+#define cipher_id_t mbedtls_cipher_id_t
+#define cipher_info_from_string mbedtls_cipher_info_from_string
+#define cipher_info_from_type mbedtls_cipher_info_from_type
+#define cipher_info_from_values mbedtls_cipher_info_from_values
+#define cipher_info_t mbedtls_cipher_info_t
+#define cipher_init mbedtls_cipher_init
+#define cipher_init_ctx mbedtls_cipher_setup
+#define cipher_list mbedtls_cipher_list
+#define cipher_mode_t mbedtls_cipher_mode_t
+#define cipher_padding_t mbedtls_cipher_padding_t
+#define cipher_reset mbedtls_cipher_reset
+#define cipher_self_test mbedtls_cipher_self_test
+#define cipher_set_iv mbedtls_cipher_set_iv
+#define cipher_set_padding_mode mbedtls_cipher_set_padding_mode
+#define cipher_setkey mbedtls_cipher_setkey
+#define cipher_type_t mbedtls_cipher_type_t
+#define cipher_update mbedtls_cipher_update
+#define cipher_update_ad mbedtls_cipher_update_ad
+#define cipher_write_tag mbedtls_cipher_write_tag
+#define ctr_drbg_context mbedtls_ctr_drbg_context
+#define ctr_drbg_free mbedtls_ctr_drbg_free
+#define ctr_drbg_init mbedtls_ctr_drbg_init
+#define ctr_drbg_init_entropy_len mbedtls_ctr_drbg_init_entropy_len
+#define ctr_drbg_random mbedtls_ctr_drbg_random
+#define ctr_drbg_random_with_add mbedtls_ctr_drbg_random_with_add
+#define ctr_drbg_reseed mbedtls_ctr_drbg_reseed
+#define ctr_drbg_self_test mbedtls_ctr_drbg_self_test
+#define ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len
+#define ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance
+#define ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval
+#define ctr_drbg_update mbedtls_ctr_drbg_update
+#define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file
+#define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file
+#define debug_fmt mbedtls_debug_fmt
+#define debug_print_buf mbedtls_debug_print_buf
+#define debug_print_crt mbedtls_debug_print_crt
+#define debug_print_ecp mbedtls_debug_print_ecp
+#define debug_print_mpi mbedtls_debug_print_mpi
+#define debug_print_msg mbedtls_debug_print_msg
+#define debug_print_ret mbedtls_debug_print_ret
+#define debug_set_log_mode mbedtls_debug_set_log_mode
+#define debug_set_threshold mbedtls_debug_set_threshold
+#define des3_context mbedtls_des3_context
+#define des3_crypt_cbc mbedtls_des3_crypt_cbc
+#define des3_crypt_ecb mbedtls_des3_crypt_ecb
+#define des3_free mbedtls_des3_free
+#define des3_init mbedtls_des3_init
+#define des3_set2key_dec mbedtls_des3_set2key_dec
+#define des3_set2key_enc mbedtls_des3_set2key_enc
+#define des3_set3key_dec mbedtls_des3_set3key_dec
+#define des3_set3key_enc mbedtls_des3_set3key_enc
+#define des_context mbedtls_des_context
+#define des_crypt_cbc mbedtls_des_crypt_cbc
+#define des_crypt_ecb mbedtls_des_crypt_ecb
+#define des_free mbedtls_des_free
+#define des_init mbedtls_des_init
+#define des_key_check_key_parity mbedtls_des_key_check_key_parity
+#define des_key_check_weak mbedtls_des_key_check_weak
+#define des_key_set_parity mbedtls_des_key_set_parity
+#define des_self_test mbedtls_des_self_test
+#define des_setkey_dec mbedtls_des_setkey_dec
+#define des_setkey_enc mbedtls_des_setkey_enc
+#define dhm_calc_secret mbedtls_dhm_calc_secret
+#define dhm_context mbedtls_dhm_context
+#define dhm_free mbedtls_dhm_free
+#define dhm_init mbedtls_dhm_init
+#define dhm_make_params mbedtls_dhm_make_params
+#define dhm_make_public mbedtls_dhm_make_public
+#define dhm_parse_dhm mbedtls_dhm_parse_dhm
+#define dhm_parse_dhmfile mbedtls_dhm_parse_dhmfile
+#define dhm_read_params mbedtls_dhm_read_params
+#define dhm_read_public mbedtls_dhm_read_public
+#define dhm_self_test mbedtls_dhm_self_test
+#define ecdh_calc_secret mbedtls_ecdh_calc_secret
+#define ecdh_compute_shared mbedtls_ecdh_compute_shared
+#define ecdh_context mbedtls_ecdh_context
+#define ecdh_free mbedtls_ecdh_free
+#define ecdh_gen_public mbedtls_ecdh_gen_public
+#define ecdh_get_params mbedtls_ecdh_get_params
+#define ecdh_init mbedtls_ecdh_init
+#define ecdh_make_params mbedtls_ecdh_make_params
+#define ecdh_make_public mbedtls_ecdh_make_public
+#define ecdh_read_params mbedtls_ecdh_read_params
+#define ecdh_read_public mbedtls_ecdh_read_public
+#define ecdh_self_test mbedtls_ecdh_self_test
+#define ecdh_side mbedtls_ecdh_side
+#define ecdsa_context mbedtls_ecdsa_context
+#define ecdsa_free mbedtls_ecdsa_free
+#define ecdsa_from_keypair mbedtls_ecdsa_from_keypair
+#define ecdsa_genkey mbedtls_ecdsa_genkey
+#define ecdsa_info mbedtls_ecdsa_info
+#define ecdsa_init mbedtls_ecdsa_init
+#define ecdsa_read_signature mbedtls_ecdsa_read_signature
+#define ecdsa_self_test mbedtls_ecdsa_self_test
+#define ecdsa_sign mbedtls_ecdsa_sign
+#define ecdsa_sign_det mbedtls_ecdsa_sign_det
+#define ecdsa_verify mbedtls_ecdsa_verify
+#define ecdsa_write_signature mbedtls_ecdsa_write_signature
+#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det
+#define eckey_info mbedtls_eckey_info
+#define eckeydh_info mbedtls_eckeydh_info
+#define ecp_add mbedtls_ecp_add
+#define ecp_check_privkey mbedtls_ecp_check_privkey
+#define ecp_check_pub_priv mbedtls_ecp_check_pub_priv
+#define ecp_check_pubkey mbedtls_ecp_check_pubkey
+#define ecp_copy mbedtls_ecp_copy
+#define ecp_curve_info mbedtls_ecp_curve_info
+#define ecp_curve_info_from_grp_id mbedtls_ecp_curve_info_from_grp_id
+#define ecp_curve_info_from_name mbedtls_ecp_curve_info_from_name
+#define ecp_curve_info_from_tls_id mbedtls_ecp_curve_info_from_tls_id
+#define ecp_curve_list mbedtls_ecp_curve_list
+#define ecp_gen_key mbedtls_ecp_gen_key
+#define ecp_gen_keypair mbedtls_ecp_gen_keypair
+#define ecp_group mbedtls_ecp_group
+#define ecp_group_copy mbedtls_ecp_group_copy
+#define ecp_group_free mbedtls_ecp_group_free
+#define ecp_group_id mbedtls_ecp_group_id
+#define ecp_group_init mbedtls_ecp_group_init
+#define ecp_group_read_string mbedtls_ecp_group_read_string
+#define ecp_grp_id_list mbedtls_ecp_grp_id_list
+#define ecp_is_zero mbedtls_ecp_is_zero
+#define ecp_keypair mbedtls_ecp_keypair
+#define ecp_keypair_free mbedtls_ecp_keypair_free
+#define ecp_keypair_init mbedtls_ecp_keypair_init
+#define ecp_mul mbedtls_ecp_mul
+#define ecp_point mbedtls_ecp_point
+#define ecp_point_free mbedtls_ecp_point_free
+#define ecp_point_init mbedtls_ecp_point_init
+#define ecp_point_read_binary mbedtls_ecp_point_read_binary
+#define ecp_point_read_string mbedtls_ecp_point_read_string
+#define ecp_point_write_binary mbedtls_ecp_point_write_binary
+#define ecp_self_test mbedtls_ecp_self_test
+#define ecp_set_zero mbedtls_ecp_set_zero
+#define ecp_sub mbedtls_ecp_sub
+#define ecp_tls_read_group mbedtls_ecp_tls_read_group
+#define ecp_tls_read_point mbedtls_ecp_tls_read_point
+#define ecp_tls_write_group mbedtls_ecp_tls_write_group
+#define ecp_tls_write_point mbedtls_ecp_tls_write_point
+#define ecp_use_known_dp mbedtls_ecp_group_load
+#define entropy_add_source mbedtls_entropy_add_source
+#define entropy_context mbedtls_entropy_context
+#define entropy_free mbedtls_entropy_free
+#define entropy_func mbedtls_entropy_func
+#define entropy_gather mbedtls_entropy_gather
+#define entropy_init mbedtls_entropy_init
+#define entropy_self_test mbedtls_entropy_self_test
+#define entropy_update_manual mbedtls_entropy_update_manual
+#define entropy_update_seed_file mbedtls_entropy_update_seed_file
+#define entropy_write_seed_file mbedtls_entropy_write_seed_file
+#define error_strerror mbedtls_strerror
+#define f_source_ptr mbedtls_entropy_f_source_ptr
+#define gcm_auth_decrypt mbedtls_gcm_auth_decrypt
+#define gcm_context mbedtls_gcm_context
+#define gcm_crypt_and_tag mbedtls_gcm_crypt_and_tag
+#define gcm_finish mbedtls_gcm_finish
+#define gcm_free mbedtls_gcm_free
+#define gcm_init mbedtls_gcm_init
+#define gcm_self_test mbedtls_gcm_self_test
+#define gcm_starts mbedtls_gcm_starts
+#define gcm_update mbedtls_gcm_update
+#define get_timer mbedtls_timing_get_timer
+#define hardclock mbedtls_timing_hardclock
+#define hardclock_poll mbedtls_hardclock_poll
+#define havege_free mbedtls_havege_free
+#define havege_init mbedtls_havege_init
+#define havege_poll mbedtls_havege_poll
+#define havege_random mbedtls_havege_random
+#define havege_state mbedtls_havege_state
+#define hmac_drbg_context mbedtls_hmac_drbg_context
+#define hmac_drbg_free mbedtls_hmac_drbg_free
+#define hmac_drbg_init mbedtls_hmac_drbg_init
+#define hmac_drbg_init_buf mbedtls_hmac_drbg_init_buf
+#define hmac_drbg_random mbedtls_hmac_drbg_random
+#define hmac_drbg_random_with_add mbedtls_hmac_drbg_random_with_add
+#define hmac_drbg_reseed mbedtls_hmac_drbg_reseed
+#define hmac_drbg_self_test mbedtls_hmac_drbg_self_test
+#define hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len
+#define hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance
+#define hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval
+#define hmac_drbg_update mbedtls_hmac_drbg_update
+#define hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file
+#define hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file
+#define hr_time mbedtls_timing_hr_time
+#define key_exchange_type_t mbedtls_key_exchange_type_t
+#define md mbedtls_md
+#define md2 mbedtls_md2
+#define md2_context mbedtls_md2_context
+#define md2_file mbedtls_md2_file
+#define md2_finish mbedtls_md2_finish
+#define md2_free mbedtls_md2_free
+#define md2_hmac mbedtls_md2_hmac
+#define md2_hmac_finish mbedtls_md2_hmac_finish
+#define md2_hmac_reset mbedtls_md2_hmac_reset
+#define md2_hmac_starts mbedtls_md2_hmac_starts
+#define md2_hmac_update mbedtls_md2_hmac_update
+#define md2_info mbedtls_md2_info
+#define md2_init mbedtls_md2_init
+#define md2_process mbedtls_md2_process
+#define md2_self_test mbedtls_md2_self_test
+#define md2_starts mbedtls_md2_starts
+#define md2_update mbedtls_md2_update
+#define md4 mbedtls_md4
+#define md4_context mbedtls_md4_context
+#define md4_file mbedtls_md4_file
+#define md4_finish mbedtls_md4_finish
+#define md4_free mbedtls_md4_free
+#define md4_hmac mbedtls_md4_hmac
+#define md4_hmac_finish mbedtls_md4_hmac_finish
+#define md4_hmac_reset mbedtls_md4_hmac_reset
+#define md4_hmac_starts mbedtls_md4_hmac_starts
+#define md4_hmac_update mbedtls_md4_hmac_update
+#define md4_info mbedtls_md4_info
+#define md4_init mbedtls_md4_init
+#define md4_process mbedtls_md4_process
+#define md4_self_test mbedtls_md4_self_test
+#define md4_starts mbedtls_md4_starts
+#define md4_update mbedtls_md4_update
+#define md5 mbedtls_md5
+#define md5_context mbedtls_md5_context
+#define md5_file mbedtls_md5_file
+#define md5_finish mbedtls_md5_finish
+#define md5_free mbedtls_md5_free
+#define md5_hmac mbedtls_md5_hmac
+#define md5_hmac_finish mbedtls_md5_hmac_finish
+#define md5_hmac_reset mbedtls_md5_hmac_reset
+#define md5_hmac_starts mbedtls_md5_hmac_starts
+#define md5_hmac_update mbedtls_md5_hmac_update
+#define md5_info mbedtls_md5_info
+#define md5_init mbedtls_md5_init
+#define md5_process mbedtls_md5_process
+#define md5_self_test mbedtls_md5_self_test
+#define md5_starts mbedtls_md5_starts
+#define md5_update mbedtls_md5_update
+#define md_context_t mbedtls_md_context_t
+#define md_file mbedtls_md_file
+#define md_finish mbedtls_md_finish
+#define md_free mbedtls_md_free
+#define md_free_ctx mbedtls_md_free_ctx
+#define md_get_name mbedtls_md_get_name
+#define md_get_size mbedtls_md_get_size
+#define md_get_type mbedtls_md_get_type
+#define md_hmac mbedtls_md_hmac
+#define md_hmac_finish mbedtls_md_hmac_finish
+#define md_hmac_reset mbedtls_md_hmac_reset
+#define md_hmac_starts mbedtls_md_hmac_starts
+#define md_hmac_update mbedtls_md_hmac_update
+#define md_info_from_string mbedtls_md_info_from_string
+#define md_info_from_type mbedtls_md_info_from_type
+#define md_info_t mbedtls_md_info_t
+#define md_init mbedtls_md_init
+#define md_init_ctx mbedtls_md_init_ctx
+#define md_list mbedtls_md_list
+#define md_process mbedtls_md_process
+#define md_starts mbedtls_md_starts
+#define md_type_t mbedtls_md_type_t
+#define md_update mbedtls_md_update
+#define memory_buffer_alloc_cur_get mbedtls_memory_buffer_alloc_cur_get
+#define memory_buffer_alloc_free mbedtls_memory_buffer_alloc_free
+#define memory_buffer_alloc_init mbedtls_memory_buffer_alloc_init
+#define memory_buffer_alloc_max_get mbedtls_memory_buffer_alloc_max_get
+#define memory_buffer_alloc_max_reset mbedtls_memory_buffer_alloc_max_reset
+#define memory_buffer_alloc_self_test mbedtls_memory_buffer_alloc_self_test
+#define memory_buffer_alloc_status mbedtls_memory_buffer_alloc_status
+#define memory_buffer_alloc_verify mbedtls_memory_buffer_alloc_verify
+#define memory_buffer_set_verify mbedtls_memory_buffer_set_verify
+#define memory_set_own mbedtls_memory_set_own
+#define mpi mbedtls_mpi
+#define mpi_add_abs mbedtls_mpi_add_abs
+#define mpi_add_int mbedtls_mpi_add_int
+#define mpi_add_mpi mbedtls_mpi_add_mpi
+#define mpi_cmp_abs mbedtls_mpi_cmp_abs
+#define mpi_cmp_int mbedtls_mpi_cmp_int
+#define mpi_cmp_mpi mbedtls_mpi_cmp_mpi
+#define mpi_copy mbedtls_mpi_copy
+#define mpi_div_int mbedtls_mpi_div_int
+#define mpi_div_mpi mbedtls_mpi_div_mpi
+#define mpi_exp_mod mbedtls_mpi_exp_mod
+#define mpi_fill_random mbedtls_mpi_fill_random
+#define mpi_free mbedtls_mpi_free
+#define mpi_gcd mbedtls_mpi_gcd
+#define mpi_gen_prime mbedtls_mpi_gen_prime
+#define mpi_get_bit mbedtls_mpi_get_bit
+#define mpi_grow mbedtls_mpi_grow
+#define mpi_init mbedtls_mpi_init
+#define mpi_inv_mod mbedtls_mpi_inv_mod
+#define mpi_is_prime mbedtls_mpi_is_prime
+#define mpi_lsb mbedtls_mpi_lsb
+#define mpi_lset mbedtls_mpi_lset
+#define mpi_mod_int mbedtls_mpi_mod_int
+#define mpi_mod_mpi mbedtls_mpi_mod_mpi
+#define mpi_msb mbedtls_mpi_bitlen
+#define mpi_mul_int mbedtls_mpi_mul_int
+#define mpi_mul_mpi mbedtls_mpi_mul_mpi
+#define mpi_read_binary mbedtls_mpi_read_binary
+#define mpi_read_file mbedtls_mpi_read_file
+#define mpi_read_string mbedtls_mpi_read_string
+#define mpi_safe_cond_assign mbedtls_mpi_safe_cond_assign
+#define mpi_safe_cond_swap mbedtls_mpi_safe_cond_swap
+#define mpi_self_test mbedtls_mpi_self_test
+#define mpi_set_bit mbedtls_mpi_set_bit
+#define mpi_shift_l mbedtls_mpi_shift_l
+#define mpi_shift_r mbedtls_mpi_shift_r
+#define mpi_shrink mbedtls_mpi_shrink
+#define mpi_size mbedtls_mpi_size
+#define mpi_sub_abs mbedtls_mpi_sub_abs
+#define mpi_sub_int mbedtls_mpi_sub_int
+#define mpi_sub_mpi mbedtls_mpi_sub_mpi
+#define mpi_swap mbedtls_mpi_swap
+#define mpi_write_binary mbedtls_mpi_write_binary
+#define mpi_write_file mbedtls_mpi_write_file
+#define mpi_write_string mbedtls_mpi_write_string
+#define net_accept mbedtls_net_accept
+#define net_bind mbedtls_net_bind
+#define net_close mbedtls_net_free
+#define net_connect mbedtls_net_connect
+#define net_recv mbedtls_net_recv
+#define net_recv_timeout mbedtls_net_recv_timeout
+#define net_send mbedtls_net_send
+#define net_set_block mbedtls_net_set_block
+#define net_set_nonblock mbedtls_net_set_nonblock
+#define net_usleep mbedtls_net_usleep
+#define oid_descriptor_t mbedtls_oid_descriptor_t
+#define oid_get_attr_short_name mbedtls_oid_get_attr_short_name
+#define oid_get_cipher_alg mbedtls_oid_get_cipher_alg
+#define oid_get_ec_grp mbedtls_oid_get_ec_grp
+#define oid_get_extended_key_usage mbedtls_oid_get_extended_key_usage
+#define oid_get_md_alg mbedtls_oid_get_md_alg
+#define oid_get_numeric_string mbedtls_oid_get_numeric_string
+#define oid_get_oid_by_ec_grp mbedtls_oid_get_oid_by_ec_grp
+#define oid_get_oid_by_md mbedtls_oid_get_oid_by_md
+#define oid_get_oid_by_pk_alg mbedtls_oid_get_oid_by_pk_alg
+#define oid_get_oid_by_sig_alg mbedtls_oid_get_oid_by_sig_alg
+#define oid_get_pk_alg mbedtls_oid_get_pk_alg
+#define oid_get_pkcs12_pbe_alg mbedtls_oid_get_pkcs12_pbe_alg
+#define oid_get_sig_alg mbedtls_oid_get_sig_alg
+#define oid_get_sig_alg_desc mbedtls_oid_get_sig_alg_desc
+#define oid_get_x509_ext_type mbedtls_oid_get_x509_ext_type
+#define operation_t mbedtls_operation_t
+#define padlock_supports mbedtls_padlock_has_support
+#define padlock_xcryptcbc mbedtls_padlock_xcryptcbc
+#define padlock_xcryptecb mbedtls_padlock_xcryptecb
+#define pbkdf2_hmac mbedtls_pbkdf2_hmac
+#define pbkdf2_self_test mbedtls_pbkdf2_self_test
+#define pem_context mbedtls_pem_context
+#define pem_free mbedtls_pem_free
+#define pem_init mbedtls_pem_init
+#define pem_read_buffer mbedtls_pem_read_buffer
+#define pem_write_buffer mbedtls_pem_write_buffer
+#define pk_can_do mbedtls_pk_can_do
+#define pk_check_pair mbedtls_pk_check_pair
+#define pk_context mbedtls_pk_context
+#define pk_debug mbedtls_pk_debug
+#define pk_debug_item mbedtls_pk_debug_item
+#define pk_debug_type mbedtls_pk_debug_type
+#define pk_decrypt mbedtls_pk_decrypt
+#define pk_ec mbedtls_pk_ec
+#define pk_encrypt mbedtls_pk_encrypt
+#define pk_free mbedtls_pk_free
+#define pk_get_len mbedtls_pk_get_len
+#define pk_get_name mbedtls_pk_get_name
+#define pk_get_size mbedtls_pk_get_bitlen
+#define pk_get_type mbedtls_pk_get_type
+#define pk_info_from_type mbedtls_pk_info_from_type
+#define pk_info_t mbedtls_pk_info_t
+#define pk_init mbedtls_pk_init
+#define pk_init_ctx mbedtls_pk_setup
+#define pk_init_ctx_rsa_alt mbedtls_pk_setup_rsa_alt
+#define pk_load_file mbedtls_pk_load_file
+#define pk_parse_key mbedtls_pk_parse_key
+#define pk_parse_keyfile mbedtls_pk_parse_keyfile
+#define pk_parse_public_key mbedtls_pk_parse_public_key
+#define pk_parse_public_keyfile mbedtls_pk_parse_public_keyfile
+#define pk_parse_subpubkey mbedtls_pk_parse_subpubkey
+#define pk_rsa mbedtls_pk_rsa
+#define pk_rsa_alt_decrypt_func mbedtls_pk_rsa_alt_decrypt_func
+#define pk_rsa_alt_key_len_func mbedtls_pk_rsa_alt_key_len_func
+#define pk_rsa_alt_sign_func mbedtls_pk_rsa_alt_sign_func
+#define pk_rsassa_pss_options mbedtls_pk_rsassa_pss_options
+#define pk_sign mbedtls_pk_sign
+#define pk_type_t mbedtls_pk_type_t
+#define pk_verify mbedtls_pk_verify
+#define pk_verify_ext mbedtls_pk_verify_ext
+#define pk_write_key_der mbedtls_pk_write_key_der
+#define pk_write_key_pem mbedtls_pk_write_key_pem
+#define pk_write_pubkey mbedtls_pk_write_pubkey
+#define pk_write_pubkey_der mbedtls_pk_write_pubkey_der
+#define pk_write_pubkey_pem mbedtls_pk_write_pubkey_pem
+#define pkcs11_context mbedtls_pkcs11_context
+#define pkcs11_decrypt mbedtls_pkcs11_decrypt
+#define pkcs11_priv_key_free mbedtls_pkcs11_priv_key_free
+#define pkcs11_priv_key_init mbedtls_pkcs11_priv_key_bind
+#define pkcs11_sign mbedtls_pkcs11_sign
+#define pkcs11_x509_cert_init mbedtls_pkcs11_x509_cert_bind
+#define pkcs12_derivation mbedtls_pkcs12_derivation
+#define pkcs12_pbe mbedtls_pkcs12_pbe
+#define pkcs12_pbe_sha1_rc4_128 mbedtls_pkcs12_pbe_sha1_rc4_128
+#define pkcs5_pbes2 mbedtls_pkcs5_pbes2
+#define pkcs5_pbkdf2_hmac mbedtls_pkcs5_pbkdf2_hmac
+#define pkcs5_self_test mbedtls_pkcs5_self_test
+#define platform_entropy_poll mbedtls_platform_entropy_poll
+#define platform_set_exit mbedtls_platform_set_exit
+#define platform_set_fprintf mbedtls_platform_set_fprintf
+#define platform_set_malloc_free mbedtls_platform_set_malloc_free
+#define platform_set_printf mbedtls_platform_set_printf
+#define platform_set_snprintf mbedtls_platform_set_snprintf
+#define polarssl_exit mbedtls_exit
+#define polarssl_fprintf mbedtls_fprintf
+#define polarssl_free mbedtls_free
+#define polarssl_malloc mbedtls_malloc
+#define polarssl_mutex_free mbedtls_mutex_free
+#define polarssl_mutex_init mbedtls_mutex_init
+#define polarssl_mutex_lock mbedtls_mutex_lock
+#define polarssl_mutex_unlock mbedtls_mutex_unlock
+#define polarssl_printf mbedtls_printf
+#define polarssl_snprintf mbedtls_snprintf
+#define polarssl_strerror mbedtls_strerror
+#define ripemd160 mbedtls_ripemd160
+#define ripemd160_context mbedtls_ripemd160_context
+#define ripemd160_file mbedtls_ripemd160_file
+#define ripemd160_finish mbedtls_ripemd160_finish
+#define ripemd160_free mbedtls_ripemd160_free
+#define ripemd160_hmac mbedtls_ripemd160_hmac
+#define ripemd160_hmac_finish mbedtls_ripemd160_hmac_finish
+#define ripemd160_hmac_reset mbedtls_ripemd160_hmac_reset
+#define ripemd160_hmac_starts mbedtls_ripemd160_hmac_starts
+#define ripemd160_hmac_update mbedtls_ripemd160_hmac_update
+#define ripemd160_info mbedtls_ripemd160_info
+#define ripemd160_init mbedtls_ripemd160_init
+#define ripemd160_process mbedtls_ripemd160_process
+#define ripemd160_self_test mbedtls_ripemd160_self_test
+#define ripemd160_starts mbedtls_ripemd160_starts
+#define ripemd160_update mbedtls_ripemd160_update
+#define rsa_alt_context mbedtls_rsa_alt_context
+#define rsa_alt_info mbedtls_rsa_alt_info
+#define rsa_check_privkey mbedtls_rsa_check_privkey
+#define rsa_check_pub_priv mbedtls_rsa_check_pub_priv
+#define rsa_check_pubkey mbedtls_rsa_check_pubkey
+#define rsa_context mbedtls_rsa_context
+#define rsa_copy mbedtls_rsa_copy
+#define rsa_decrypt_func mbedtls_rsa_decrypt_func
+#define rsa_free mbedtls_rsa_free
+#define rsa_gen_key mbedtls_rsa_gen_key
+#define rsa_info mbedtls_rsa_info
+#define rsa_init mbedtls_rsa_init
+#define rsa_key_len_func mbedtls_rsa_key_len_func
+#define rsa_pkcs1_decrypt mbedtls_rsa_pkcs1_decrypt
+#define rsa_pkcs1_encrypt mbedtls_rsa_pkcs1_encrypt
+#define rsa_pkcs1_sign mbedtls_rsa_pkcs1_sign
+#define rsa_pkcs1_verify mbedtls_rsa_pkcs1_verify
+#define rsa_private mbedtls_rsa_private
+#define rsa_public mbedtls_rsa_public
+#define rsa_rsaes_oaep_decrypt mbedtls_rsa_rsaes_oaep_decrypt
+#define rsa_rsaes_oaep_encrypt mbedtls_rsa_rsaes_oaep_encrypt
+#define rsa_rsaes_pkcs1_v15_decrypt mbedtls_rsa_rsaes_pkcs1_v15_decrypt
+#define rsa_rsaes_pkcs1_v15_encrypt mbedtls_rsa_rsaes_pkcs1_v15_encrypt
+#define rsa_rsassa_pkcs1_v15_sign mbedtls_rsa_rsassa_pkcs1_v15_sign
+#define rsa_rsassa_pkcs1_v15_verify mbedtls_rsa_rsassa_pkcs1_v15_verify
+#define rsa_rsassa_pss_sign mbedtls_rsa_rsassa_pss_sign
+#define rsa_rsassa_pss_verify mbedtls_rsa_rsassa_pss_verify
+#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
+#define rsa_self_test mbedtls_rsa_self_test
+#define rsa_set_padding mbedtls_rsa_set_padding
+#define rsa_sign_func mbedtls_rsa_sign_func
+#define safer_memcmp mbedtls_ssl_safer_memcmp
+#define set_alarm mbedtls_set_alarm
+#define sha1 mbedtls_sha1
+#define sha1_context mbedtls_sha1_context
+#define sha1_file mbedtls_sha1_file
+#define sha1_finish mbedtls_sha1_finish
+#define sha1_free mbedtls_sha1_free
+#define sha1_hmac mbedtls_sha1_hmac
+#define sha1_hmac_finish mbedtls_sha1_hmac_finish
+#define sha1_hmac_reset mbedtls_sha1_hmac_reset
+#define sha1_hmac_starts mbedtls_sha1_hmac_starts
+#define sha1_hmac_update mbedtls_sha1_hmac_update
+#define sha1_info mbedtls_sha1_info
+#define sha1_init mbedtls_sha1_init
+#define sha1_process mbedtls_sha1_process
+#define sha1_self_test mbedtls_sha1_self_test
+#define sha1_starts mbedtls_sha1_starts
+#define sha1_update mbedtls_sha1_update
+#define sha224_info mbedtls_sha224_info
+#define sha256 mbedtls_sha256
+#define sha256_context mbedtls_sha256_context
+#define sha256_file mbedtls_sha256_file
+#define sha256_finish mbedtls_sha256_finish
+#define sha256_free mbedtls_sha256_free
+#define sha256_hmac mbedtls_sha256_hmac
+#define sha256_hmac_finish mbedtls_sha256_hmac_finish
+#define sha256_hmac_reset mbedtls_sha256_hmac_reset
+#define sha256_hmac_starts mbedtls_sha256_hmac_starts
+#define sha256_hmac_update mbedtls_sha256_hmac_update
+#define sha256_info mbedtls_sha256_info
+#define sha256_init mbedtls_sha256_init
+#define sha256_process mbedtls_sha256_process
+#define sha256_self_test mbedtls_sha256_self_test
+#define sha256_starts mbedtls_sha256_starts
+#define sha256_update mbedtls_sha256_update
+#define sha384_info mbedtls_sha384_info
+#define sha512 mbedtls_sha512
+#define sha512_context mbedtls_sha512_context
+#define sha512_file mbedtls_sha512_file
+#define sha512_finish mbedtls_sha512_finish
+#define sha512_free mbedtls_sha512_free
+#define sha512_hmac mbedtls_sha512_hmac
+#define sha512_hmac_finish mbedtls_sha512_hmac_finish
+#define sha512_hmac_reset mbedtls_sha512_hmac_reset
+#define sha512_hmac_starts mbedtls_sha512_hmac_starts
+#define sha512_hmac_update mbedtls_sha512_hmac_update
+#define sha512_info mbedtls_sha512_info
+#define sha512_init mbedtls_sha512_init
+#define sha512_process mbedtls_sha512_process
+#define sha512_self_test mbedtls_sha512_self_test
+#define sha512_starts mbedtls_sha512_starts
+#define sha512_update mbedtls_sha512_update
+#define source_state mbedtls_entropy_source_state
+#define ssl_cache_context mbedtls_ssl_cache_context
+#define ssl_cache_entry mbedtls_ssl_cache_entry
+#define ssl_cache_free mbedtls_ssl_cache_free
+#define ssl_cache_get mbedtls_ssl_cache_get
+#define ssl_cache_init mbedtls_ssl_cache_init
+#define ssl_cache_set mbedtls_ssl_cache_set
+#define ssl_cache_set_max_entries mbedtls_ssl_cache_set_max_entries
+#define ssl_cache_set_timeout mbedtls_ssl_cache_set_timeout
+#define ssl_check_cert_usage mbedtls_ssl_check_cert_usage
+#define ssl_ciphersuite_from_id mbedtls_ssl_ciphersuite_from_id
+#define ssl_ciphersuite_from_string mbedtls_ssl_ciphersuite_from_string
+#define ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
+#define ssl_ciphersuite_uses_ec mbedtls_ssl_ciphersuite_uses_ec
+#define ssl_ciphersuite_uses_psk mbedtls_ssl_ciphersuite_uses_psk
+#define ssl_close_notify mbedtls_ssl_close_notify
+#define ssl_context mbedtls_ssl_context
+#define ssl_cookie_check mbedtls_ssl_cookie_check
+#define ssl_cookie_check_t mbedtls_ssl_cookie_check_t
+#define ssl_cookie_ctx mbedtls_ssl_cookie_ctx
+#define ssl_cookie_free mbedtls_ssl_cookie_free
+#define ssl_cookie_init mbedtls_ssl_cookie_init
+#define ssl_cookie_set_timeout mbedtls_ssl_cookie_set_timeout
+#define ssl_cookie_setup mbedtls_ssl_cookie_setup
+#define ssl_cookie_write mbedtls_ssl_cookie_write
+#define ssl_cookie_write_t mbedtls_ssl_cookie_write_t
+#define ssl_curve_is_acceptable mbedtls_ssl_curve_is_acceptable
+#define ssl_derive_keys mbedtls_ssl_derive_keys
+#define ssl_dtls_replay_check mbedtls_ssl_dtls_replay_check
+#define ssl_dtls_replay_update mbedtls_ssl_dtls_replay_update
+#define ssl_fetch_input mbedtls_ssl_fetch_input
+#define ssl_flight_item mbedtls_ssl_flight_item
+#define ssl_flush_output mbedtls_ssl_flush_output
+#define ssl_free mbedtls_ssl_free
+#define ssl_get_alpn_protocol mbedtls_ssl_get_alpn_protocol
+#define ssl_get_bytes_avail mbedtls_ssl_get_bytes_avail
+#define ssl_get_ciphersuite mbedtls_ssl_get_ciphersuite
+#define ssl_get_ciphersuite_id mbedtls_ssl_get_ciphersuite_id
+#define ssl_get_ciphersuite_name mbedtls_ssl_get_ciphersuite_name
+#define ssl_get_ciphersuite_sig_pk_alg mbedtls_ssl_get_ciphersuite_sig_pk_alg
+#define ssl_get_peer_cert mbedtls_ssl_get_peer_cert
+#define ssl_get_record_expansion mbedtls_ssl_get_record_expansion
+#define ssl_get_session mbedtls_ssl_get_session
+#define ssl_get_verify_result mbedtls_ssl_get_verify_result
+#define ssl_get_version mbedtls_ssl_get_version
+#define ssl_handshake mbedtls_ssl_handshake
+#define ssl_handshake_client_step mbedtls_ssl_handshake_client_step
+#define ssl_handshake_free mbedtls_ssl_handshake_free
+#define ssl_handshake_params mbedtls_ssl_handshake_params
+#define ssl_handshake_server_step mbedtls_ssl_handshake_server_step
+#define ssl_handshake_step mbedtls_ssl_handshake_step
+#define ssl_handshake_wrapup mbedtls_ssl_handshake_wrapup
+#define ssl_hdr_len mbedtls_ssl_hdr_len
+#define ssl_hs_hdr_len mbedtls_ssl_hs_hdr_len
+#define ssl_hw_record_activate mbedtls_ssl_hw_record_activate
+#define ssl_hw_record_finish mbedtls_ssl_hw_record_finish
+#define ssl_hw_record_init mbedtls_ssl_hw_record_init
+#define ssl_hw_record_read mbedtls_ssl_hw_record_read
+#define ssl_hw_record_reset mbedtls_ssl_hw_record_reset
+#define ssl_hw_record_write mbedtls_ssl_hw_record_write
+#define ssl_init mbedtls_ssl_init
+#define ssl_key_cert mbedtls_ssl_key_cert
+#define ssl_legacy_renegotiation mbedtls_ssl_conf_legacy_renegotiation
+#define ssl_list_ciphersuites mbedtls_ssl_list_ciphersuites
+#define ssl_md_alg_from_hash mbedtls_ssl_md_alg_from_hash
+#define ssl_optimize_checksum mbedtls_ssl_optimize_checksum
+#define ssl_own_cert mbedtls_ssl_own_cert
+#define ssl_own_key mbedtls_ssl_own_key
+#define ssl_parse_certificate mbedtls_ssl_parse_certificate
+#define ssl_parse_change_cipher_spec mbedtls_ssl_parse_change_cipher_spec
+#define ssl_parse_finished mbedtls_ssl_parse_finished
+#define ssl_pk_alg_from_sig mbedtls_ssl_pk_alg_from_sig
+#define ssl_pkcs11_decrypt mbedtls_ssl_pkcs11_decrypt
+#define ssl_pkcs11_key_len mbedtls_ssl_pkcs11_key_len
+#define ssl_pkcs11_sign mbedtls_ssl_pkcs11_sign
+#define ssl_psk_derive_premaster mbedtls_ssl_psk_derive_premaster
+#define ssl_read mbedtls_ssl_read
+#define ssl_read_record mbedtls_ssl_read_record
+#define ssl_read_version mbedtls_ssl_read_version
+#define ssl_recv_flight_completed mbedtls_ssl_recv_flight_completed
+#define ssl_renegotiate mbedtls_ssl_renegotiate
+#define ssl_resend mbedtls_ssl_resend
+#define ssl_reset_checksum mbedtls_ssl_reset_checksum
+#define ssl_send_alert_message mbedtls_ssl_send_alert_message
+#define ssl_send_fatal_handshake_failure mbedtls_ssl_send_fatal_handshake_failure
+#define ssl_send_flight_completed mbedtls_ssl_send_flight_completed
+#define ssl_session mbedtls_ssl_session
+#define ssl_session_free mbedtls_ssl_session_free
+#define ssl_session_init mbedtls_ssl_session_init
+#define ssl_session_reset mbedtls_ssl_session_reset
+#define ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols
+#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
+#define ssl_set_authmode mbedtls_ssl_conf_authmode
+#define ssl_set_bio mbedtls_ssl_set_bio
+#define ssl_set_bio mbedtls_ssl_set_bio_timeout
+#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
+#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
+#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
+#define ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version
+#define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
+#define ssl_set_curves mbedtls_ssl_conf_curves
+#define ssl_set_dbg mbedtls_ssl_conf_dbg
+#define ssl_set_dh_param mbedtls_ssl_conf_dh_param
+#define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
+#define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
+#define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
+#define ssl_set_dtls_cookies mbedtls_ssl_conf_dtls_cookies
+#define ssl_set_encrypt_then_mac mbedtls_ssl_conf_encrypt_then_mac
+#define ssl_set_endpoint mbedtls_ssl_conf_endpoint
+#define ssl_set_extended_master_secret mbedtls_ssl_conf_extended_master_secret
+#define ssl_set_fallback mbedtls_ssl_conf_fallback
+#define ssl_set_handshake_timeout mbedtls_ssl_conf_handshake_timeout
+#define ssl_set_hostname mbedtls_ssl_set_hostname
+#define ssl_set_max_frag_len mbedtls_ssl_conf_max_frag_len
+#define ssl_set_max_version mbedtls_ssl_conf_max_version
+#define ssl_set_min_version mbedtls_ssl_conf_min_version
+#define ssl_set_own_cert mbedtls_ssl_conf_own_cert
+#define ssl_set_own_cert_alt mbedtls_ssl_set_own_cert_alt
+#define ssl_set_own_cert_rsa mbedtls_ssl_set_own_cert_rsa
+#define ssl_set_psk mbedtls_ssl_conf_psk
+#define ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
+#define ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
+#define ssl_set_renegotiation_enforced mbedtls_ssl_conf_renegotiation_enforced
+#define ssl_set_renegotiation_period mbedtls_ssl_conf_renegotiation_period
+#define ssl_set_rng mbedtls_ssl_conf_rng
+#define ssl_set_session mbedtls_ssl_set_session
+#define ssl_set_session_cache mbedtls_ssl_conf_session_cache
+#define ssl_set_session_ticket_lifetime mbedtls_ssl_conf_session_ticket_lifetime
+#define ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
+#define ssl_set_sni mbedtls_ssl_conf_sni
+#define ssl_set_transport mbedtls_ssl_conf_transport
+#define ssl_set_truncated_hmac mbedtls_ssl_conf_truncated_hmac
+#define ssl_set_verify mbedtls_ssl_conf_verify
+#define ssl_sig_from_pk mbedtls_ssl_sig_from_pk
+#define ssl_states mbedtls_ssl_states
+#define ssl_ticket_keys mbedtls_ssl_ticket_keys
+#define ssl_transform mbedtls_ssl_transform
+#define ssl_transform_free mbedtls_ssl_transform_free
+#define ssl_write mbedtls_ssl_write
+#define ssl_write_certificate mbedtls_ssl_write_certificate
+#define ssl_write_change_cipher_spec mbedtls_ssl_write_change_cipher_spec
+#define ssl_write_finished mbedtls_ssl_write_finished
+#define ssl_write_record mbedtls_ssl_write_record
+#define ssl_write_version mbedtls_ssl_write_version
+#define supported_ciphers mbedtls_cipher_supported
+#define t_sint mbedtls_mpi_sint
+#define t_udbl mbedtls_t_udbl
+#define t_uint mbedtls_mpi_uint
+#define test_ca_crt mbedtls_test_ca_crt
+#define test_ca_crt_ec mbedtls_test_ca_crt_ec
+#define test_ca_crt_rsa mbedtls_test_ca_crt_rsa
+#define test_ca_key mbedtls_test_ca_key
+#define test_ca_key_ec mbedtls_test_ca_key_ec
+#define test_ca_key_rsa mbedtls_test_ca_key_rsa
+#define test_ca_list mbedtls_test_cas_pem
+#define test_ca_pwd mbedtls_test_ca_pwd
+#define test_ca_pwd_ec mbedtls_test_ca_pwd_ec
+#define test_ca_pwd_rsa mbedtls_test_ca_pwd_rsa
+#define test_cli_crt mbedtls_test_cli_crt
+#define test_cli_crt_ec mbedtls_test_cli_crt_ec
+#define test_cli_crt_rsa mbedtls_test_cli_crt_rsa
+#define test_cli_key mbedtls_test_cli_key
+#define test_cli_key_ec mbedtls_test_cli_key_ec
+#define test_cli_key_rsa mbedtls_test_cli_key_rsa
+#define test_dhm_params mbedtls_test_dhm_params
+#define test_srv_crt mbedtls_test_srv_crt
+#define test_srv_crt_ec mbedtls_test_srv_crt_ec
+#define test_srv_crt_rsa mbedtls_test_srv_crt_rsa
+#define test_srv_key mbedtls_test_srv_key
+#define test_srv_key_ec mbedtls_test_srv_key_ec
+#define test_srv_key_rsa mbedtls_test_srv_key_rsa
+#define threading_mutex_t mbedtls_threading_mutex_t
+#define threading_set_alt mbedtls_threading_set_alt
+#define timing_self_test mbedtls_timing_self_test
+#define version_check_feature mbedtls_version_check_feature
+#define version_get_number mbedtls_version_get_number
+#define version_get_string mbedtls_version_get_string
+#define version_get_string_full mbedtls_version_get_string_full
+#define x509_bitstring mbedtls_x509_bitstring
+#define x509_buf mbedtls_x509_buf
+#define x509_crl mbedtls_x509_crl
+#define x509_crl_entry mbedtls_x509_crl_entry
+#define x509_crl_free mbedtls_x509_crl_free
+#define x509_crl_info mbedtls_x509_crl_info
+#define x509_crl_init mbedtls_x509_crl_init
+#define x509_crl_parse mbedtls_x509_crl_parse
+#define x509_crl_parse_der mbedtls_x509_crl_parse_der
+#define x509_crl_parse_file mbedtls_x509_crl_parse_file
+#define x509_crt mbedtls_x509_crt
+#define x509_crt_check_extended_key_usage mbedtls_x509_crt_check_extended_key_usage
+#define x509_crt_check_key_usage mbedtls_x509_crt_check_key_usage
+#define x509_crt_free mbedtls_x509_crt_free
+#define x509_crt_info mbedtls_x509_crt_info
+#define x509_crt_init mbedtls_x509_crt_init
+#define x509_crt_parse mbedtls_x509_crt_parse
+#define x509_crt_parse_der mbedtls_x509_crt_parse_der
+#define x509_crt_parse_file mbedtls_x509_crt_parse_file
+#define x509_crt_parse_path mbedtls_x509_crt_parse_path
+#define x509_crt_revoked mbedtls_x509_crt_is_revoked
+#define x509_crt_verify mbedtls_x509_crt_verify
+#define x509_csr mbedtls_x509_csr
+#define x509_csr_free mbedtls_x509_csr_free
+#define x509_csr_info mbedtls_x509_csr_info
+#define x509_csr_init mbedtls_x509_csr_init
+#define x509_csr_parse mbedtls_x509_csr_parse
+#define x509_csr_parse_der mbedtls_x509_csr_parse_der
+#define x509_csr_parse_file mbedtls_x509_csr_parse_file
+#define x509_dn_gets mbedtls_x509_dn_gets
+#define x509_get_alg mbedtls_x509_get_alg
+#define x509_get_alg_null mbedtls_x509_get_alg_null
+#define x509_get_ext mbedtls_x509_get_ext
+#define x509_get_name mbedtls_x509_get_name
+#define x509_get_rsassa_pss_params mbedtls_x509_get_rsassa_pss_params
+#define x509_get_serial mbedtls_x509_get_serial
+#define x509_get_sig mbedtls_x509_get_sig
+#define x509_get_sig_alg mbedtls_x509_get_sig_alg
+#define x509_get_time mbedtls_x509_get_time
+#define x509_key_size_helper mbedtls_x509_key_size_helper
+#define x509_name mbedtls_x509_name
+#define x509_oid_get_description mbedtls_x509_oid_get_description
+#define x509_oid_get_numeric_string mbedtls_x509_oid_get_numeric_string
+#define x509_self_test mbedtls_x509_self_test
+#define x509_sequence mbedtls_x509_sequence
+#define x509_serial_gets mbedtls_x509_serial_gets
+#define x509_set_extension mbedtls_x509_set_extension
+#define x509_sig_alg_gets mbedtls_x509_sig_alg_gets
+#define x509_string_to_names mbedtls_x509_string_to_names
+#define x509_time mbedtls_x509_time
+#define x509_time_expired mbedtls_x509_time_is_past
+#define x509_time_future mbedtls_x509_time_is_future
+#define x509_write_extensions mbedtls_x509_write_extensions
+#define x509_write_names mbedtls_x509_write_names
+#define x509_write_sig mbedtls_x509_write_sig
+#define x509write_cert mbedtls_x509write_cert
+#define x509write_crt_der mbedtls_x509write_crt_der
+#define x509write_crt_free mbedtls_x509write_crt_free
+#define x509write_crt_init mbedtls_x509write_crt_init
+#define x509write_crt_pem mbedtls_x509write_crt_pem
+#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
+#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
+#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
+#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key
+#define x509write_crt_set_issuer_name mbedtls_x509write_crt_set_issuer_name
+#define x509write_crt_set_key_usage mbedtls_x509write_crt_set_key_usage
+#define x509write_crt_set_md_alg mbedtls_x509write_crt_set_md_alg
+#define x509write_crt_set_ns_cert_type mbedtls_x509write_crt_set_ns_cert_type
+#define x509write_crt_set_serial mbedtls_x509write_crt_set_serial
+#define x509write_crt_set_subject_key mbedtls_x509write_crt_set_subject_key
+#define x509write_crt_set_subject_key_identifier mbedtls_x509write_crt_set_subject_key_identifier
+#define x509write_crt_set_subject_name mbedtls_x509write_crt_set_subject_name
+#define x509write_crt_set_validity mbedtls_x509write_crt_set_validity
+#define x509write_crt_set_version mbedtls_x509write_crt_set_version
+#define x509write_csr mbedtls_x509write_csr
+#define x509write_csr_der mbedtls_x509write_csr_der
+#define x509write_csr_free mbedtls_x509write_csr_free
+#define x509write_csr_init mbedtls_x509write_csr_init
+#define x509write_csr_pem mbedtls_x509write_csr_pem
+#define x509write_csr_set_extension mbedtls_x509write_csr_set_extension
+#define x509write_csr_set_key mbedtls_x509write_csr_set_key
+#define x509write_csr_set_key_usage mbedtls_x509write_csr_set_key_usage
+#define x509write_csr_set_md_alg mbedtls_x509write_csr_set_md_alg
+#define x509write_csr_set_ns_cert_type mbedtls_x509write_csr_set_ns_cert_type
+#define x509write_csr_set_subject_name mbedtls_x509write_csr_set_subject_name
+#define xtea_context mbedtls_xtea_context
+#define xtea_crypt_cbc mbedtls_xtea_crypt_cbc
+#define xtea_crypt_ecb mbedtls_xtea_crypt_ecb
+#define xtea_free mbedtls_xtea_free
+#define xtea_init mbedtls_xtea_init
+#define xtea_self_test mbedtls_xtea_self_test
+#define xtea_setup mbedtls_xtea_setup
+
+#endif /* compat-1.3.h */
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/config.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2511 @@
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ *      library/timing.c
+ *      library/padlock.c
+ *      include/mbedtls/bn_mul.h
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Comment if your system does not support time functions
+ */
+#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h and time(), gmtime() and the clock is correct.
+ * The time needs to be correct (not necesarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_XXX_ALT
+ *
+ * Uncomment a macro to let mbed TLS support the function in the platform
+ * abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions so that they generate a warning if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions so that they generate an error if used.
+ * Functions deprecated in one version will usually be removed in the next
+ * version. You can enable this to help you prepare the transition to a new
+ * major version by making sure your code is not using these functions.
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS__MODULE_NAME__ALT
+ *
+ * Uncomment a macro to let mbed TLS use your alternate core implementation of
+ * a symmetric crypto or hash module (e.g. platform specific assembly
+ * optimized implementations). Keep in mind that the function prototypes
+ * should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base function
+ * declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_BLOWFISH_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_XTEA_ALT
+//#define MBEDTLS_MD2_ALT
+//#define MBEDTLS_MD4_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+
+/**
+ * \def MBEDTLS__FUNCTION_NAME__ALT
+ *
+ * Uncomment a macro to let mbed TLS use you alternate core implementation of
+ * symmetric crypto or hash function. Keep in mind that function prototypes
+ * should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set
+ * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ * tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+//#define MBEDTLS_MD2_PROCESS_ALT
+//#define MBEDTLS_MD4_PROCESS_ALT
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Store the AES tables in ROM.
+ *
+ * Uncomment this macro to store the AES tables in ROM.
+ */
+//#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+//#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+//#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * the following ciphersuites:
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_XXX
+ *
+ * Uncomment or comment macros to add support for specific padding modes
+ * in the cipher layer with cipher modes that support padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+//#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/**
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ *
+ * Enable weak ciphersuites in SSL / TLS.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * channels with virtually no security at all!
+ *
+ * This enables the following ciphersuites:
+ *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *
+ * Uncomment this macro to enable weak ciphersuites
+ */
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+ *
+ * Remove RC4 ciphersuites by default in SSL / TLS.
+ * This flag removes the ciphersuites based on RC4 from the default list as
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
+ * explicitly.
+ *
+ * Uncomment this macro to remove RC4 ciphersuites by default.
+ */
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+
+/**
+ * \def MBEDTLS_ECP_XXXX_ENABLED
+ *
+ * Enables specific curves within the Elliptic Curve module.
+ * By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ */
+//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ */
+//#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ */
+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ *
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Requires: MBEDTLS_ECJPAKE_C
+ *           MBEDTLS_SHA256_C
+ *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+//#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+//#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+//#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+//#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *           GLIBC-compatible backtrace() an backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonnable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_AEAD_RANDOM_IV
+ *
+ * Generate a random IV rather than using the record sequence number as a
+ * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
+ *
+ * Using the sequence number is generally recommended.
+ *
+ * Uncomment this macro to always use random IVs with AEAD ciphersuites.
+ */
+//#define MBEDTLS_SSL_AEAD_RANDOM_IV
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for Extended Master Secret, aka Session Hash
+ * (draft-ietf-tls-session-hash-02).
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
+ *
+ * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
+ *
+ * For servers, it is recommended to always enable this, unless you support
+ * only one version of TLS, or know for sure that none of your clients
+ * implements a fallback strategy.
+ *
+ * For clients, you only need this if you're using a fallback strategy, which
+ * is not recommended in the first place, unless you absolutely need it to
+ * interoperate with buggy (version-intolerant) servers.
+ *
+ * Comment this macro to disable support for FALLBACK_SCSV
+ */
+//#define MBEDTLS_SSL_FALLBACK_SCSV
+
+/**
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ *
+ * Enable hooking functions in SSL module for hardware acceleration of
+ * individual records.
+ *
+ * Uncomment this macro to enable hooking functions.
+ */
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+
+/**
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
+ *
+ * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ *
+ * This is a countermeasure to the BEAST attack, which also minimizes the risk
+ * of interoperability issues compared to sending 0-length records.
+ *
+ * Comment this macro to disable 1/n-1 record splitting.
+ */
+//#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Disable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ *
+ * Enable support for receiving and parsing SSLv2 Client Hello messages for the
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to enable support for SSLv2 Client Hello messages.
+ */
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+
+/**
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ *
+ * Pick the ciphersuite according to the client's preferences rather than ours
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ *
+ * Uncomment this macro to respect client's ciphersuite order
+ */
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+//#define MBEDTLS_SSL_PROTO_SSL3
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1
+ *
+ * Enable support for TLS 1.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
+ */
+//#define MBEDTLS_SSL_PROTO_TLS1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
+ *
+ * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
+ */
+//#define MBEDTLS_SSL_PROTO_TLS1_1
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
+ *           (Depends on ciphersuites)
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ *        or MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+ *
+ * Enable support for a limit of records with bad MAC.
+ *
+ * See mbedtls_ssl_conf_dtls_badmac_limit().
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ */
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintainance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_EXPORT_KEYS
+ *
+ * Enable support for exporting key block and master secret.
+ * This is required for certain users of TLS, e.g. EAP-TLS.
+ *
+ * Comment this macro to disable support for key export
+ */
+#define MBEDTLS_SSL_EXPORT_KEYS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
+ *
+ * Enable support for RFC 6066 truncated HMAC in SSL.
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+//#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
+
+/**
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * \warning Depending on your PKI use, enabling this can be a security risk!
+ *
+ * Uncomment to prevent an error.
+ */
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+
+/**
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
+ *
+ * Enable verification of the keyUsage extension (CA and leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused
+ * (intermediate) CA and leaf certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip keyUsage checking for both CA and leaf certificates.
+ */
+#define MBEDTLS_X509_CHECK_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+ *
+ * Enable verification of the extendedKeyUsage extension (leaf certificates).
+ *
+ * Disabling this avoids problems with mis-issued and/or misused certificates.
+ *
+ * \warning Depending on your PKI use, disabling this can be a security risk!
+ *
+ * Comment to skip extendedKeyUsage checking for certificates.
+ */
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+
+/**
+ * \def MBEDTLS_ZLIB_SUPPORT
+ *
+ * If set, the SSL/TLS module uses ZLIB to support compression and
+ * decompression of packet data.
+ *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be a applicable to your use case.
+ *
+ * \note Currently compression can't be used with DTLS.
+ *
+ * Used in: library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This feature requires zlib library and headers to be present.
+ *
+ * Uncomment to enable use of ZLIB
+ */
+//#define MBEDTLS_ZLIB_SUPPORT
+/* \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64.
+ *
+ * Module:  library/aesni.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the AES-NI instructions on x86-64
+ */
+//#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module:  library/aes.c
+ * Caller:  library/ssl_tls.c
+ *          library/pem.c
+ *          library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ARC4_C
+ *
+ * Enable the ARCFOUR stream cipher.
+ *
+ * Module:  library/arc4.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+//#define MBEDTLS_ARC4_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module:  library/asn1.c
+ * Caller:  library/x509.c
+ *          library/dhm.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module:  library/asn1write.c
+ * Caller:  library/ecdsa.c
+ *          library/pkwrite.c
+ *          library/x509_create.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ */
+#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module:  library/base64.c
+ * Caller:  library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module:  library/bignum.c
+ * Caller:  library/dhm.c
+ *          library/ecp.c
+ *          library/ecdsa.c
+ *          library/rsa.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_BLOWFISH_C
+ *
+ * Enable the Blowfish block cipher.
+ *
+ * Module:  library/blowfish.c
+ */
+//#define MBEDTLS_BLOWFISH_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module:  library/camellia.c
+ * Caller:  library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+//#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module:  library/ccm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CERTS_C
+ *
+ * Enable the test certificates.
+ *
+ * Module:  library/certs.c
+ * Caller:
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+#define MBEDTLS_CERTS_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module:  library/cipher.c
+ * Caller:  library/ssl_tls.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-256-based random generator.
+ *
+ * Module:  library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES-256 random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module:  library/debug.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module provides debugging functions.
+ */
+#define MBEDTLS_DEBUG_C
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module:  library/des.c
+ * Caller:  library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ */
+//#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module:  library/dhm.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      DHE-RSA, DHE-PSK
+ */
+//#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module:  library/ecdh.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module:  library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
+ */
+#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECJPAKE_C
+ *
+ * Enable the elliptic curve J-PAKE library.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Module:  library/ecjpake.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECJPAKE
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ */
+//#define MBEDTLS_ECJPAKE_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module:  library/ecp.c
+ * Caller:  library/ecdh.c
+ *          library/ecdsa.c
+ *          library/ecjpake.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module:  library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module:  library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM) for AES.
+ *
+ * Module:  library/gcm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HAVEGE_C
+ *
+ * Enable the HAVEGE random generator.
+ *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
+ * Module:  library/havege.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_TIMING_C
+ *
+ * Uncomment to enable the HAVEGE random generator.
+ */
+//#define MBEDTLS_HAVEGE_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module:  library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number geerator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic message digest layer.
+ *
+ * Module:  library/mbedtls_md.c
+ * Caller:
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD2_C
+ *
+ * Enable the MD2 hash algorithm.
+ *
+ * Module:  library/mbedtls_md2.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD2-signed X.509 certs.
+ */
+//#define MBEDTLS_MD2_C
+
+/**
+ * \def MBEDTLS_MD4_C
+ *
+ * Enable the MD4 hash algorithm.
+ *
+ * Module:  library/mbedtls_md4.c
+ * Caller:
+ *
+ * Uncomment to enable support for (rare) MD4-signed X.509 certs.
+ */
+//#define MBEDTLS_MD4_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module:  library/mbedtls_md5.c
+ * Caller:  library/mbedtls_md.c
+ *          library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for SSL/TLS and X.509.
+ * PEM_PARSE uses MD5 for decrypting encrypted keys.
+ */
+//#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP/IP networking routines.
+ *
+ * Module:  library/net.c
+ *
+ * This module provides TCP/IP networking routines.
+ */
+//#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module:  library/oid.c
+ * Caller:  library/asn1write.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ *          library/pkwrite.c
+ *          library/rsa.c
+ *          library/x509.c
+ *          library/x509_create.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module:  library/padlock.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+//#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/dhm.c
+ *          library/pkparse.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/pkwrite.c
+ *          library/x509write_crt.c
+ *          library/mbedtls_x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+//#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module:  library/pk.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module:  library/pkparse.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module:  library/pkwrite.c
+ * Caller:  library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module:  library/pkcs5.c
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+//#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS11_C
+ *
+ * Enable wrapper for PKCS#11 smartcard support.
+ *
+ * Module:  library/pkcs11.c
+ * Caller:  library/pk.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * This module enables SSL/TLS PKCS #11 smartcard support.
+ * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
+ */
+//#define MBEDTLS_PKCS11_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module:  library/pkcs12.c
+ * Caller:  library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Can use:  MBEDTLS_ARC4_C
+ *
+ * This module enables PKCS#12 functions.
+ */
+//#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module:  library/platform.c
+ * Caller:  Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module:  library/mbedtls_ripemd160.c
+ * Caller:  library/mbedtls_md.c
+ *
+ */
+//#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module:  library/rsa.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509.c
+ *
+ * This module is used by the following key exchanges:
+ *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module:  library/mbedtls_sha1.c
+ * Caller:  library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *          library/x509write_crt.c
+ *
+ * This module is required for SSL/TLS and SHA1-signed certificates.
+ */
+//#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
+ *
+ * Module:  library/mbedtls_sha256.c
+ * Caller:  library/entropy.c
+ *          library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * This module adds support for SHA-224 and SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
+ *
+ * Module:  library/mbedtls_sha512.c
+ * Caller:  library/entropy.c
+ *          library/mbedtls_md.c
+ *          library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * This module adds support for SHA-384 and SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module:  library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module:  library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module:  library/ssl_cli.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module:  library/ssl_srv.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module:  library/ssl_tls.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions.
+ *
+ * Module:  library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the portable timing interface.
+ *
+ * Module:  library/timing.c
+ * Caller:  library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+ */
+//#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module:  library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module:  library/x509.c
+ * Caller:  library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ *           MBEDTLS_PK_PARSE_C
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module:  library/mbedtls_x509_crt.c
+ * Caller:  library/ssl_cli.c
+ *          library/ssl_srv.c
+ *          library/ssl_tls.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module:  library/mbedtls_x509_crl.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module:  library/mbedtls_x509_csr.c
+ * Caller:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+//#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module:  library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+//#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+//#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module:  library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+//#define MBEDTLS_X509_CSR_WRITE_C
+
+/**
+ * \def MBEDTLS_XTEA_C
+ *
+ * Enable the XTEA block cipher.
+ *
+ * Module:  library/xtea.c
+ * Caller:
+ */
+//#define MBEDTLS_XTEA_C
+
+/* \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correclty zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+
+/* SSL options */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+
+/* \} name SECTION: Module configuration options */
+
+#if defined(TARGET_LIKE_MBED)
+#include "mbedtls/target_config.h"
+#endif
+
+/*
+ * Allow user to override any previous default.
+ *
+ * Use two macro names for that, as:
+ * - with yotta the prefix YOTTA_CFG_ is forced
+ * - without yotta is looks weird to have a YOTTA prefix.
+ */
+#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
+#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
+#elif defined(MBEDTLS_USER_CONFIG_FILE)
+#include MBEDTLS_USER_CONFIG_FILE
+#endif
+
+#include "check_config.h"
+
+#endif /* MBEDTLS_CONFIG_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ctr_drbg.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,290 @@
+/**
+ * \file ctr_drbg.h
+ *
+ * \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CTR_DRBG_H
+#define MBEDTLS_CTR_DRBG_H
+
+#include "aes.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034  /**< The entropy source failed. */
+#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A  /**< Read/write error in file. */
+
+#define MBEDTLS_CTR_DRBG_BLOCKSIZE          16      /**< Block size used by the cipher                  */
+#define MBEDTLS_CTR_DRBG_KEYSIZE            32      /**< Key size used by the cipher                    */
+#define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 )
+#define MBEDTLS_CTR_DRBG_SEEDLEN            ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE )
+                                            /**< The seed length (counter + AES key)            */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#else
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#endif
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000   /**< Interval before reseed is performed by default */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_INPUT          256     /**< Maximum number of additional input bytes */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+#define MBEDTLS_CTR_DRBG_MAX_REQUEST        1024    /**< Maximum number of requested bytes per call */
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384     /**< Maximum size of (re)seed buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_CTR_DRBG_PR_OFF             0       /**< No prediction resistance       */
+#define MBEDTLS_CTR_DRBG_PR_ON              1       /**< Prediction resistance enabled  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          CTR_DRBG context structure
+ */
+typedef struct
+{
+    unsigned char counter[16];  /*!<  counter (V)       */
+    int reseed_counter;         /*!<  reseed counter    */
+    int prediction_resistance;  /*!<  enable prediction resistance (Automatic
+                                      reseed before every random generation)  */
+    size_t entropy_len;         /*!<  amount of entropy grabbed on each
+                                      (re)seed          */
+    int reseed_interval;        /*!<  reseed interval   */
+
+    mbedtls_aes_context aes_ctx;        /*!<  AES context       */
+
+    /*
+     * Callbacks (Entropy)
+     */
+    int (*f_entropy)(void *, unsigned char *, size_t);
+
+    void *p_entropy;            /*!<  context for the entropy function */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+}
+mbedtls_ctr_drbg_context;
+
+/**
+ * \brief               CTR_DRBG context initialization
+ *                      Makes the context ready for mbedtls_ctr_drbg_seed() or
+ *                      mbedtls_ctr_drbg_free().
+ *
+ * \param ctx           CTR_DRBG context to be initialized
+ */
+void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
+
+/**
+ * \brief               CTR_DRBG initial seeding
+ *                      Seed and setup entropy source for future reseeds.
+ *
+ * Note: Personalization data can be provided in addition to the more generic
+ *       entropy source to make this instantiation as unique as possible.
+ *
+ * \param ctx           CTR_DRBG context to be seeded
+ * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
+ *                      length)
+ * \param p_entropy     Entropy context
+ * \param custom        Personalization data (Device specific identifiers)
+ *                      (Can be NULL)
+ * \param len           Length of personalization data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
+                   int (*f_entropy)(void *, unsigned char *, size_t),
+                   void *p_entropy,
+                   const unsigned char *custom,
+                   size_t len );
+
+/**
+ * \brief               Clear CTR_CRBG context data
+ *
+ * \param ctx           CTR_DRBG context to clear
+ */
+void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
+
+/**
+ * \brief               Enable / disable prediction resistance (Default: Off)
+ *
+ * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ *       Only use this if you have ample supply of good entropy!
+ *
+ * \param ctx           CTR_DRBG context
+ * \param resistance    MBEDTLS_CTR_DRBG_PR_ON or MBEDTLS_CTR_DRBG_PR_OFF
+ */
+void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
+                                         int resistance );
+
+/**
+ * \brief               Set the amount of entropy grabbed on each (re)seed
+ *                      (Default: MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param len           Amount of entropy to grab
+ */
+void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
+                               size_t len );
+
+/**
+ * \brief               Set the reseed interval
+ *                      (Default: MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param interval      Reseed interval
+ */
+void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
+                                   int interval );
+
+/**
+ * \brief               CTR_DRBG reseeding (extracts data from entropy source)
+ *
+ * \param ctx           CTR_DRBG context
+ * \param additional    Additional data to add to state (Can be NULL)
+ * \param len           Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
+                     const unsigned char *additional, size_t len );
+
+/**
+ * \brief               CTR_DRBG update state
+ *
+ * \param ctx           CTR_DRBG context
+ * \param additional    Additional data to update state with
+ * \param add_len       Length of additional data
+ *
+ * \note                If add_len is greater than MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
+ *                      only the first MBEDTLS_CTR_DRBG_MAX_SEED_INPUT bytes are used,
+ *                      the remaining ones are silently discarded.
+ */
+void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+                      const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               CTR_DRBG generate random with additional update input
+ *
+ * Note: Automatically reseeds if reseed_counter is reached.
+ *
+ * \param p_rng         CTR_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ * \param additional    Additional data to update with (Can be NULL)
+ * \param add_len       Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_ctr_drbg_random_with_add( void *p_rng,
+                              unsigned char *output, size_t output_len,
+                              const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               CTR_DRBG generate random
+ *
+ * Note: Automatically reseeds if reseed_counter is reached.
+ *
+ * \param p_rng         CTR_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_ctr_drbg_random( void *p_rng,
+                     unsigned char *output, size_t output_len );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           CTR_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance
+ *
+ * \param ctx           CTR_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
+ */
+int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_ctr_drbg_self_test( int verbose );
+
+/* Internal functions (do not call directly) */
+int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
+                               int (*)(void *, unsigned char *, size_t), void *,
+                               const unsigned char *, size_t, size_t );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ctr_drbg.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/debug.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,125 @@
+/**
+ * \file debug.h
+ *
+ * \brief Debug functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DEBUG_H
+#define MBEDTLS_DEBUG_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_DEBUG_C)
+
+#define MBEDTLS_DEBUG_STRIP_PARENS( ... )   __VA_ARGS__
+
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )                    \
+    mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__,    \
+                             MBEDTLS_DEBUG_STRIP_PARENS args )
+
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )                \
+    mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
+
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )           \
+    mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
+
+#if defined(MBEDTLS_BIGNUM_C)
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )                  \
+    mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )                  \
+    mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )                \
+    mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
+#endif
+
+#else /* MBEDTLS_DEBUG_C */
+
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
+
+#endif /* MBEDTLS_DEBUG_C */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Set the level threshold to handle globally. Messages that have a
+ *          level over the threshold value are ignored.
+ *          (Default value: 0 (No debug))
+ *
+ * \param threshold     maximum level of messages to pass on
+ */
+void mbedtls_debug_set_threshold( int threshold );
+
+void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
+                              const char *file, int line,
+                              const char *format, ... );
+
+void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, int ret );
+
+void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line, const char *text,
+                      const unsigned char *buf, size_t len );
+
+#if defined(MBEDTLS_BIGNUM_C)
+void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_mpi *X );
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_ecp_point *X );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_x509_crt *crt );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* debug.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/des.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,306 @@
+/**
+ * \file des.h
+ *
+ * \brief DES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DES_H
+#define MBEDTLS_DES_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_DES_ENCRYPT     1
+#define MBEDTLS_DES_DECRYPT     0
+
+#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
+
+#define MBEDTLS_DES_KEY_SIZE    8
+
+#if !defined(MBEDTLS_DES_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          DES context structure
+ */
+typedef struct
+{
+    uint32_t sk[32];            /*!<  DES subkeys       */
+}
+mbedtls_des_context;
+
+/**
+ * \brief          Triple-DES context structure
+ */
+typedef struct
+{
+    uint32_t sk[96];            /*!<  3DES subkeys      */
+}
+mbedtls_des3_context;
+
+/**
+ * \brief          Initialize DES context
+ *
+ * \param ctx      DES context to be initialized
+ */
+void mbedtls_des_init( mbedtls_des_context *ctx );
+
+/**
+ * \brief          Clear DES context
+ *
+ * \param ctx      DES context to be cleared
+ */
+void mbedtls_des_free( mbedtls_des_context *ctx );
+
+/**
+ * \brief          Initialize Triple-DES context
+ *
+ * \param ctx      DES3 context to be initialized
+ */
+void mbedtls_des3_init( mbedtls_des3_context *ctx );
+
+/**
+ * \brief          Clear Triple-DES context
+ *
+ * \param ctx      DES3 context to be cleared
+ */
+void mbedtls_des3_free( mbedtls_des3_context *ctx );
+
+/**
+ * \brief          Set key parity on the given key to odd.
+ *
+ *                 DES keys are 56 bits long, but each byte is padded with
+ *                 a parity bit to allow verification.
+ *
+ * \param key      8-byte secret key
+ */
+void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Check that key parity on the given key is odd.
+ *
+ *                 DES keys are 56 bits long, but each byte is padded with
+ *                 a parity bit to allow verification.
+ *
+ * \param key      8-byte secret key
+ *
+ * \return         0 is parity was ok, 1 if parity was not correct.
+ */
+int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Check that key is not a weak or semi-weak DES key
+ *
+ * \param key      8-byte secret key
+ *
+ * \return         0 if no weak key was found, 1 if a weak key was identified.
+ */
+int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          DES key schedule (56-bit, encryption)
+ *
+ * \param ctx      DES context to be initialized
+ * \param key      8-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          DES key schedule (56-bit, decryption)
+ *
+ * \param ctx      DES context to be initialized
+ * \param key      8-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+
+/**
+ * \brief          Triple-DES key schedule (112-bit, encryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      16-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+
+/**
+ * \brief          Triple-DES key schedule (112-bit, decryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      16-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+
+/**
+ * \brief          Triple-DES key schedule (168-bit, encryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      24-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+
+/**
+ * \brief          Triple-DES key schedule (168-bit, decryption)
+ *
+ * \param ctx      3DES context to be initialized
+ * \param key      24-byte secret key
+ *
+ * \return         0
+ */
+int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+
+/**
+ * \brief          DES-ECB block encryption/decryption
+ *
+ * \param ctx      DES context
+ * \param input    64-bit input block
+ * \param output   64-bit output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
+                    const unsigned char input[8],
+                    unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          DES-CBC buffer encryption/decryption
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      DES context
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ */
+int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[8],
+                    const unsigned char *input,
+                    unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/**
+ * \brief          3DES-ECB block encryption/decryption
+ *
+ * \param ctx      3DES context
+ * \param input    64-bit input block
+ * \param output   64-bit output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
+                     const unsigned char input[8],
+                     unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          3DES-CBC buffer encryption/decryption
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      3DES context
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+ */
+int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
+                     int mode,
+                     size_t length,
+                     unsigned char iv[8],
+                     const unsigned char *input,
+                     unsigned char *output );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/**
+ * \brief          Internal function for key expansion.
+ *                 (Only exposed to allow overriding it,
+ *                 see MBEDTLS_DES_SETKEY_ALT)
+ *
+ * \param SK       Round keys
+ * \param key      Base key
+ */
+void mbedtls_des_setkey( uint32_t SK[32],
+                         const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_DES_ALT */
+#include "des_alt.h"
+#endif /* MBEDTLS_DES_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_des_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* des.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/dhm.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,305 @@
+/**
+ * \file dhm.h
+ *
+ * \brief Diffie-Hellman-Merkle key exchange
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_DHM_H
+#define MBEDTLS_DHM_H
+
+#include "bignum.h"
+
+/*
+ * DHM Error codes
+ */
+#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA                    -0x3080  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED                -0x3100  /**< Reading of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */
+#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */
+#define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380  /**< The ASN.1 data is not formatted correctly. */
+#define MBEDTLS_ERR_DHM_ALLOC_FAILED                      -0x3400  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480  /**< Read/write of file failed. */
+
+/**
+ * RFC 3526 defines a number of standardized Diffie-Hellman groups
+ * for IKE.
+ * RFC 5114 defines a number of standardized Diffie-Hellman groups
+ * that can be used.
+ *
+ * Some are included here for convenience.
+ *
+ * Included are:
+ *  RFC 3526 3.    2048-bit MODP Group
+ *  RFC 3526 4.    3072-bit MODP Group
+ *  RFC 3526 5.    4096-bit MODP Group
+ *  RFC 5114 2.2.  2048-bit MODP Group with 224-bit Prime Order Subgroup
+ */
+#define MBEDTLS_DHM_RFC3526_MODP_2048_P               \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_2048_G          "02"
+
+#define MBEDTLS_DHM_RFC3526_MODP_3072_P               \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+    "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+    "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+    "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+    "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+    "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_3072_G          "02"
+
+#define MBEDTLS_DHM_RFC3526_MODP_4096_P                \
+    "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
+    "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
+    "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
+    "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
+    "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
+    "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
+    "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
+    "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
+    "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
+    "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
+    "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
+    "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
+    "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
+    "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
+    "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
+    "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
+    "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
+    "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
+    "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
+    "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
+    "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
+    "FFFFFFFFFFFFFFFF"
+
+#define MBEDTLS_DHM_RFC3526_MODP_4096_G          "02"
+
+#define MBEDTLS_DHM_RFC5114_MODP_2048_P               \
+    "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
+    "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
+    "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
+    "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \
+    "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \
+    "B3BF8A317091883681286130BC8985DB1602E714415D9330" \
+    "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \
+    "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \
+    "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \
+    "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
+    "CF9DE5384E71B81C0AC4DFFE0C10E64F"
+
+#define MBEDTLS_DHM_RFC5114_MODP_2048_G              \
+    "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
+    "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
+    "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
+    "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"\
+    "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"\
+    "F180EB34118E98D119529A45D6F834566E3025E316A330EF"\
+    "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"\
+    "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"\
+    "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"\
+    "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"\
+    "81BC087F2A7065B384B890D3191F2BFA"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          DHM context structure
+ */
+typedef struct
+{
+    size_t len; /*!<  size(P) in chars  */
+    mbedtls_mpi P;      /*!<  prime modulus     */
+    mbedtls_mpi G;      /*!<  generator         */
+    mbedtls_mpi X;      /*!<  secret value      */
+    mbedtls_mpi GX;     /*!<  self = G^X mod P  */
+    mbedtls_mpi GY;     /*!<  peer = G^Y mod P  */
+    mbedtls_mpi K;      /*!<  key = GY^X mod P  */
+    mbedtls_mpi RP;     /*!<  cached R^2 mod P  */
+    mbedtls_mpi Vi;     /*!<  blinding value    */
+    mbedtls_mpi Vf;     /*!<  un-blinding value */
+    mbedtls_mpi pX;     /*!<  previous X        */
+}
+mbedtls_dhm_context;
+
+/**
+ * \brief          Initialize DHM context
+ *
+ * \param ctx      DHM context to be initialized
+ */
+void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
+
+/**
+ * \brief          Parse the ServerKeyExchange parameters
+ *
+ * \param ctx      DHM context
+ * \param p        &(start of input buffer)
+ * \param end      end of buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
+                     unsigned char **p,
+                     const unsigned char *end );
+
+/**
+ * \brief          Setup and write the ServerKeyExchange parameters
+ *
+ * \param ctx      DHM context
+ * \param x_size   private value size in bytes
+ * \param output   destination buffer
+ * \param olen     number of chars written
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \note           This function assumes that ctx->P and ctx->G
+ *                 have already been properly set (for example
+ *                 using mbedtls_mpi_read_string or mbedtls_mpi_read_binary).
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Import the peer's public value G^Y
+ *
+ * \param ctx      DHM context
+ * \param input    input buffer
+ * \param ilen     size of buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
+                     const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          Create own private value X and export G^X
+ *
+ * \param ctx      DHM context
+ * \param x_size   private value size in bytes
+ * \param output   destination buffer
+ * \param olen     must be equal to ctx->P.len
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ */
+int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Derive and export the shared secret (G^Y)^X mod P
+ *
+ * \param ctx      DHM context
+ * \param output   destination buffer
+ * \param output_size   size of the destination buffer
+ * \param olen     on exit, holds the actual number of bytes written
+ * \param f_rng    RNG function, for blinding purposes
+ * \param p_rng    RNG parameter
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
+ *
+ * \note           If non-NULL, f_rng is used to blind the input as
+ *                 countermeasure against timing attacks. Blinding is
+ *                 automatically used if and only if our secret value X is
+ *                 re-used and costs nothing otherwise, so it is recommended
+ *                 to always pass a non-NULL f_rng argument.
+ */
+int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
+                     unsigned char *output, size_t output_size, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief          Free and clear the components of a DHM key
+ *
+ * \param ctx      DHM context to free and clear
+ */
+void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+/** \ingroup x509_module */
+/**
+ * \brief          Parse DHM parameters in PEM or DER format
+ *
+ * \param dhm      DHM context to be initialized
+ * \param dhmin    input buffer
+ * \param dhminlen size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific DHM or PEM error code
+ */
+int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
+                   size_t dhminlen );
+
+#if defined(MBEDTLS_FS_IO)
+/** \ingroup x509_module */
+/**
+ * \brief          Load and parse DHM parameters
+ *
+ * \param dhm      DHM context to be initialized
+ * \param path     filename to read the DHM Parameters from
+ *
+ * \return         0 if successful, or a specific DHM or PEM error code
+ */
+int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_dhm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* dhm.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ecdh.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,214 @@
+/**
+ * \file ecdh.h
+ *
+ * \brief Elliptic curve Diffie-Hellman
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECDH_H
+#define MBEDTLS_ECDH_H
+
+#include "ecp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * When importing from an EC key, select if it is our key or the peer's key
+ */
+typedef enum
+{
+    MBEDTLS_ECDH_OURS,
+    MBEDTLS_ECDH_THEIRS,
+} mbedtls_ecdh_side;
+
+/**
+ * \brief           ECDH context structure
+ */
+typedef struct
+{
+    mbedtls_ecp_group grp;      /*!<  elliptic curve used                           */
+    mbedtls_mpi d;              /*!<  our secret value (private key)                */
+    mbedtls_ecp_point Q;        /*!<  our public value (public key)                 */
+    mbedtls_ecp_point Qp;       /*!<  peer's public value (public key)              */
+    mbedtls_mpi z;              /*!<  shared secret                                 */
+    int point_format;   /*!<  format for point export in TLS messages       */
+    mbedtls_ecp_point Vi;       /*!<  blinding value (for later)                    */
+    mbedtls_ecp_point Vf;       /*!<  un-blinding value (for later)                 */
+    mbedtls_mpi _d;             /*!<  previous d (for later)                        */
+}
+mbedtls_ecdh_context;
+
+/**
+ * \brief           Generate a public key.
+ *                  Raw function that only does the core computation.
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret exponent, aka private key)
+ * \param Q         Destination point (public key)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Compute shared secret
+ *                  Raw function that only does the core computation.
+ *
+ * \param grp       ECP group
+ * \param z         Destination MPI (shared secret)
+ * \param Q         Public key from other party
+ * \param d         Our secret exponent (private key)
+ * \param f_rng     RNG function (see notes)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            If f_rng is not NULL, it is used to implement
+ *                  countermeasures against potential elaborate timing
+ *                  attacks, see \c mbedtls_ecp_mul() for details.
+ */
+int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
+                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+/**
+ * \brief           Initialize context
+ *
+ * \param ctx       Context to initialize
+ */
+void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           Free context
+ *
+ * \param ctx       Context to free
+ */
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+
+/**
+ * \brief           Generate a public key and a TLS ServerKeyExchange payload.
+ *                  (First function used by a TLS server for ECDHE.)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of chars written
+ * \param buf       destination buffer
+ * \param blen      length of buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            This function assumes that ctx->grp has already been
+ *                  properly set (for example using mbedtls_ecp_group_load).
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief           Parse and procress a TLS ServerKeyExhange payload.
+ *                  (First function used by a TLS client for ECDHE.)
+ *
+ * \param ctx       ECDH context
+ * \param buf       pointer to start of input buffer
+ * \param end       one past end of buffer
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
+                      const unsigned char **buf, const unsigned char *end );
+
+/**
+ * \brief           Setup an ECDH context from an EC key.
+ *                  (Used by clients and servers in place of the
+ *                  ServerKeyEchange for static ECDH: import ECDH parameters
+ *                  from a certificate's EC key information.)
+ *
+ * \param ctx       ECDH constext to set
+ * \param key       EC key to use
+ * \param side      Is it our key (1) or the peer's key (0) ?
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
+                     mbedtls_ecdh_side side );
+
+/**
+ * \brief           Generate a public key and a TLS ClientKeyExchange payload.
+ *                  (Second function used by a TLS client for ECDH(E).)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of bytes actually written
+ * \param buf       destination buffer
+ * \param blen      size of destination buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief           Parse and process a TLS ClientKeyExchange payload.
+ *                  (Second function used by a TLS server for ECDH(E).)
+ *
+ * \param ctx       ECDH context
+ * \param buf       start of input buffer
+ * \param blen      length of input buffer
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
+                      const unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Derive and export the shared secret.
+ *                  (Last function used by both TLS client en servers.)
+ *
+ * \param ctx       ECDH context
+ * \param olen      number of bytes written
+ * \param buf       destination buffer
+ * \param blen      buffer length
+ * \param f_rng     RNG function, see notes for \c mbedtls_ecdh_compute_shared()
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
+ */
+int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecdh.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ecdsa.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,248 @@
+/**
+ * \file ecdsa.h
+ *
+ * \brief Elliptic curve DSA
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECDSA_H
+#define MBEDTLS_ECDSA_H
+
+#include "ecp.h"
+#include "md.h"
+
+/*
+ * RFC 4492 page 20:
+ *
+ *     Ecdsa-Sig-Value ::= SEQUENCE {
+ *         r       INTEGER,
+ *         s       INTEGER
+ *     }
+ *
+ * Size is at most
+ *    1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
+ *    twice that + 1 (tag) + 2 (len) for the sequence
+ * (assuming ECP_MAX_BYTES is less than 126 for r and s,
+ * and less than 124 (total len <= 255) for the sequence)
+ */
+#if MBEDTLS_ECP_MAX_BYTES > 124
+#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
+#endif
+/** Maximum size of an ECDSA signature in bytes */
+#define MBEDTLS_ECDSA_MAX_LEN  ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
+
+/**
+ * \brief           ECDSA context structure
+ */
+typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Compute ECDSA signature of a previously hashed message
+ *
+ * \note            The deterministic version is usually prefered.
+ *
+ * \param grp       ECP group
+ * \param r         First output integer
+ * \param s         Second output integer
+ * \param d         Private signing key
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/**
+ * \brief           Compute ECDSA signature of a previously hashed message,
+ *                  deterministic version (RFC 6979).
+ *
+ * \param grp       ECP group
+ * \param r         First output integer
+ * \param s         Second output integer
+ * \param d         Private signing key
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param md_alg    MD algorithm used to hash the message
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                    mbedtls_md_type_t md_alg );
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/**
+ * \brief           Verify ECDSA signature of a previously hashed message
+ *
+ * \param grp       ECP group
+ * \param buf       Message hash
+ * \param blen      Length of buf
+ * \param Q         Public key to use for verification
+ * \param r         First integer of the signature
+ * \param s         Second integer of the signature
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
+                  const unsigned char *buf, size_t blen,
+                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
+
+/**
+ * \brief           Compute ECDSA signature and write it to buffer,
+ *                  serialized as defined in RFC 4492 page 20.
+ *                  (Not thread-safe to use same context in multiple threads)
+ *
+ * \note            The deterministice version (RFC 6979) is used if
+ *                  MBEDTLS_ECDSA_DETERMINISTIC is defined.
+ *
+ * \param ctx       ECDSA context
+ * \param md_alg    Algorithm that was used to hash the message
+ * \param hash      Message hash
+ * \param hlen      Length of hash
+ * \param sig       Buffer that will hold the signature
+ * \param slen      Length of the signature written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            The "sig" buffer must be at least as large as twice the
+ *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
+ */
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hlen,
+                           unsigned char *sig, size_t *slen,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief           Compute ECDSA signature and write it to buffer,
+ *                  serialized as defined in RFC 4492 page 20.
+ *                  Deterministic version, RFC 6979.
+ *                  (Not thread-safe to use same context in multiple threads)
+ *
+ * \deprecated      Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
+ *
+ * \param ctx       ECDSA context
+ * \param hash      Message hash
+ * \param hlen      Length of hash
+ * \param sig       Buffer that will hold the signature
+ * \param slen      Length of the signature written
+ * \param md_alg    MD algorithm used to hash the message
+ *
+ * \note            The "sig" buffer must be at least as large as twice the
+ *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
+ */
+int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
+                               const unsigned char *hash, size_t hlen,
+                               unsigned char *sig, size_t *slen,
+                               mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/**
+ * \brief           Read and verify an ECDSA signature
+ *
+ * \param ctx       ECDSA context
+ * \param hash      Message hash
+ * \param hlen      Size of hash
+ * \param sig       Signature to read and verify
+ * \param slen      Size of sig
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
+ *                  MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than siglen,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
+                          const unsigned char *hash, size_t hlen,
+                          const unsigned char *sig, size_t slen );
+
+/**
+ * \brief           Generate an ECDSA keypair on the given curve
+ *
+ * \param ctx       ECDSA context in which the keypair should be stored
+ * \param gid       Group (elliptic curve) to use. One of the various
+ *                  MBEDTLS_ECP_DP_XXX macros depending on configuration.
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
+ */
+int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Set an ECDSA context from an EC key pair
+ *
+ * \param ctx       ECDSA context to set
+ * \param key       EC key to use
+ *
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
+ */
+int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Initialize context
+ *
+ * \param ctx       Context to initialize
+ */
+void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
+
+/**
+ * \brief           Free context
+ *
+ * \param ctx       Context to free
+ */
+void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecdsa.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ecjpake.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,238 @@
+/**
+ * \file ecjpake.h
+ *
+ * \brief Elliptic curve J-PAKE
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECJPAKE_H
+#define MBEDTLS_ECJPAKE_H
+
+/*
+ * J-PAKE is a password-authenticated key exchange that allows deriving a
+ * strong shared secret from a (potentially low entropy) pre-shared
+ * passphrase, with forward secrecy and mutual authentication.
+ * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
+ *
+ * This file implements the Elliptic Curve variant of J-PAKE,
+ * as defined in Chapter 7.4 of the Thread v1.0 Specification,
+ * available to members of the Thread Group http://threadgroup.org/
+ *
+ * As the J-PAKE algorithm is inherently symmetric, so is our API.
+ * Each party needs to send its first round message, in any order, to the
+ * other party, then each sends its second round message, in any order.
+ * The payloads are serialized in a way suitable for use in TLS, but could
+ * also be use outside TLS.
+ */
+
+#include "ecp.h"
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Roles in the EC J-PAKE exchange
+ */
+typedef enum {
+    MBEDTLS_ECJPAKE_CLIENT = 0,         /**< Client                         */
+    MBEDTLS_ECJPAKE_SERVER,             /**< Server                         */
+} mbedtls_ecjpake_role;
+
+/**
+ * EC J-PAKE context structure.
+ *
+ * J-PAKE is a symmetric protocol, except for the identifiers used in
+ * Zero-Knowledge Proofs, and the serialization of the second message
+ * (KeyExchange) as defined by the Thread spec.
+ *
+ * In order to benefit from this symmetry, we choose a different naming
+ * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * description as a pair C: <client name>, S: <server name>
+ */
+typedef struct
+{
+    const mbedtls_md_info_t *md_info;   /**< Hash to use                    */
+    mbedtls_ecp_group grp;              /**< Elliptic curve                 */
+    mbedtls_ecjpake_role role;          /**< Are we client or server?       */
+    int point_format;                   /**< Format for point export        */
+
+    mbedtls_ecp_point Xm1;              /**< My public key 1   C: X1, S: X3 */
+    mbedtls_ecp_point Xm2;              /**< My public key 2   C: X2, S: X4 */
+    mbedtls_ecp_point Xp1;              /**< Peer public key 1 C: X3, S: X1 */
+    mbedtls_ecp_point Xp2;              /**< Peer public key 2 C: X4, S: X2 */
+    mbedtls_ecp_point Xp;               /**< Peer public key   C: Xs, S: Xc */
+
+    mbedtls_mpi xm1;                    /**< My private key 1  C: x1, S: x3 */
+    mbedtls_mpi xm2;                    /**< My private key 2  C: x2, S: x4 */
+
+    mbedtls_mpi s;                      /**< Pre-shared secret (passphrase) */
+} mbedtls_ecjpake_context;
+
+/**
+ * \brief           Initialize a context
+ *                  (just makes it ready for setup() or free()).
+ *
+ * \param ctx       context to initialize
+ */
+void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
+
+/**
+ * \brief           Set up a context for use
+ *
+ * \note            Currently the only values for hash/curve allowed by the
+ *                  standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1.
+ *
+ * \param ctx       context to set up
+ * \param role      Our role: client or server
+ * \param hash      hash function to use (MBEDTLS_MD_XXX)
+ * \param curve     elliptic curve identifier (MBEDTLS_ECP_DP_XXX)
+ * \param secret    pre-shared secret (passphrase)
+ * \param len       length of the shared secret
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
+                           mbedtls_ecjpake_role role,
+                           mbedtls_md_type_t hash,
+                           mbedtls_ecp_group_id curve,
+                           const unsigned char *secret,
+                           size_t len );
+
+/*
+ * \brief           Check if a context is ready for use
+ *
+ * \param ctx       Context to check
+ *
+ * \return          0 if the context is ready for use,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
+ */
+int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
+
+/**
+ * \brief           Generate and write the first round message
+ *                  (TLS: contents of the Client/ServerHello extension,
+ *                  excluding extension type and length bytes)
+ *
+ * \param ctx       Context to use
+ * \param buf       Buffer to write the contents to
+ * \param len       Buffer size
+ * \param olen      Will be updated with the number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng );
+
+/**
+ * \brief           Read and process the first round message
+ *                  (TLS: contents of the Client/ServerHello extension,
+ *                  excluding extension type and length bytes)
+ *
+ * \param ctx       Context to use
+ * \param buf       Pointer to extension contents
+ * \param len       Extension length
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
+                                    const unsigned char *buf,
+                                    size_t len );
+
+/**
+ * \brief           Generate and write the second round message
+ *                  (TLS: contents of the Client/ServerKeyExchange)
+ *
+ * \param ctx       Context to use
+ * \param buf       Buffer to write the contents to
+ * \param len       Buffer size
+ * \param olen      Will be updated with the number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng );
+
+/**
+ * \brief           Read and process the second round message
+ *                  (TLS: contents of the Client/ServerKeyExchange)
+ *
+ * \param ctx       Context to use
+ * \param buf       Pointer to the message
+ * \param len       Message length
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
+                                    const unsigned char *buf,
+                                    size_t len );
+
+/**
+ * \brief           Derive the shared secret
+ *                  (TLS: Pre-Master Secret)
+ *
+ * \param ctx       Context to use
+ * \param buf       Buffer to write the contents to
+ * \param len       Buffer size
+ * \param olen      Will be updated with the number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successfull,
+ *                  a negative error code otherwise
+ */
+int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng );
+
+/**
+ * \brief           Free a context's content
+ *
+ * \param ctx       context to free
+ */
+void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_ecjpake_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecjpake.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ecp.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,669 @@
+/**
+ * \file ecp.h
+ *
+ * \brief Elliptic curves over GF(p)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ECP_H
+#define MBEDTLS_ECP_H
+
+#include "bignum.h"
+
+/*
+ * ECP error codes
+ */
+#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA                    -0x4F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80  /**< Requested curve not available. */
+#define MBEDTLS_ERR_ECP_VERIFY_FAILED                     -0x4E00  /**< The signature is not valid. */
+#define MBEDTLS_ERR_ECP_ALLOC_FAILED                      -0x4D80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as (ephemeral) key, failed. */
+#define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
+#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< Signature is valid but shorter than the user-supplied length. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Domain parameters (curve, subgroup and generator) identifiers.
+ *
+ * Only curves over prime fields are supported.
+ *
+ * \warning This library does not support validation of arbitrary domain
+ * parameters. Therefore, only well-known domain parameters from trusted
+ * sources should be used. See mbedtls_ecp_group_load().
+ */
+typedef enum
+{
+    MBEDTLS_ECP_DP_NONE = 0,
+    MBEDTLS_ECP_DP_SECP192R1,      /*!< 192-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP224R1,      /*!< 224-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP256R1,      /*!< 256-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP384R1,      /*!< 384-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP521R1,      /*!< 521-bits NIST curve  */
+    MBEDTLS_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
+    MBEDTLS_ECP_DP_CURVE25519,           /*!< Curve25519               */
+    MBEDTLS_ECP_DP_SECP192K1,      /*!< 192-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP224K1,      /*!< 224-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP256K1,      /*!< 256-bits "Koblitz" curve */
+} mbedtls_ecp_group_id;
+
+/**
+ * Number of supported curves (plus one for NONE).
+ *
+ * (Montgomery curves excluded for now.)
+ */
+#define MBEDTLS_ECP_DP_MAX     12
+
+/**
+ * Curve information for use by other modules
+ */
+typedef struct
+{
+    mbedtls_ecp_group_id grp_id;    /*!< Internal identifier        */
+    uint16_t tls_id;                /*!< TLS NamedCurve identifier  */
+    uint16_t bit_size;              /*!< Curve size in bits         */
+    const char *name;               /*!< Human-friendly name        */
+} mbedtls_ecp_curve_info;
+
+/**
+ * \brief           ECP point structure (jacobian coordinates)
+ *
+ * \note            All functions expect and return points satisfying
+ *                  the following condition: Z == 0 or Z == 1. (Other
+ *                  values of Z are used by internal functions only.)
+ *                  The point is zero, or "at infinity", if Z == 0.
+ *                  Otherwise, X and Y are its standard (affine) coordinates.
+ */
+typedef struct
+{
+    mbedtls_mpi X;          /*!<  the point's X coordinate  */
+    mbedtls_mpi Y;          /*!<  the point's Y coordinate  */
+    mbedtls_mpi Z;          /*!<  the point's Z coordinate  */
+}
+mbedtls_ecp_point;
+
+/**
+ * \brief           ECP group structure
+ *
+ * We consider two types of curves equations:
+ * 1. Short Weierstrass y^2 = x^3 + A x + B     mod P   (SEC1 + RFC 4492)
+ * 2. Montgomery,       y^2 = x^3 + A x^2 + x   mod P   (Curve25519 + draft)
+ * In both cases, a generator G for a prime-order subgroup is fixed. In the
+ * short weierstrass, this subgroup is actually the whole curve, and its
+ * cardinal is denoted by N.
+ *
+ * In the case of Short Weierstrass curves, our code requires that N is an odd
+ * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
+ *
+ * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
+ * the quantity actually used in the formulas. Also, nbits is not the size of N
+ * but the required size for private keys.
+ *
+ * If modp is NULL, reduction modulo P is done using a generic algorithm.
+ * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
+ * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
+ * than pbits, so that the integer may be efficiently brought in the 0..P-1
+ * range by a few additions or substractions. It must return 0 on success and
+ * non-zero on failure.
+ */
+typedef struct
+{
+    mbedtls_ecp_group_id id;    /*!<  internal group identifier                     */
+    mbedtls_mpi P;              /*!<  prime modulus of the base field               */
+    mbedtls_mpi A;              /*!<  1. A in the equation, or 2. (A + 2) / 4       */
+    mbedtls_mpi B;              /*!<  1. B in the equation, or 2. unused            */
+    mbedtls_ecp_point G;        /*!<  generator of the (sub)group used              */
+    mbedtls_mpi N;              /*!<  1. the order of G, or 2. unused               */
+    size_t pbits;       /*!<  number of bits in P                           */
+    size_t nbits;       /*!<  number of bits in 1. P, or 2. private keys    */
+    unsigned int h;     /*!<  internal: 1 if the constants are static       */
+    int (*modp)(mbedtls_mpi *); /*!<  function for fast reduction mod P             */
+    int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< unused                         */
+    int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused                         */
+    void *t_data;                       /*!< unused                         */
+    mbedtls_ecp_point *T;       /*!<  pre-computed points for ecp_mul_comb()        */
+    size_t T_size;      /*!<  number for pre-computed points                */
+}
+mbedtls_ecp_group;
+
+/**
+ * \brief           ECP key pair structure
+ *
+ * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
+ *
+ * \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
+ */
+typedef struct
+{
+    mbedtls_ecp_group grp;      /*!<  Elliptic curve and base point     */
+    mbedtls_mpi d;              /*!<  our secret value                  */
+    mbedtls_ecp_point Q;        /*!<  our public value                  */
+}
+mbedtls_ecp_keypair;
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ECP_MAX_BITS)
+/**
+ * Maximum size of the groups (that is, of N and P)
+ */
+#define MBEDTLS_ECP_MAX_BITS     521   /**< Maximum bit size of groups */
+#endif
+
+#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
+#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+
+#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
+/*
+ * Maximum "window" size used for point multiplication.
+ * Default: 6.
+ * Minimum value: 2. Maximum value: 7.
+ *
+ * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
+ * points used for point multiplication. This value is directly tied to EC
+ * peak memory usage, so decreasing it by one should roughly cut memory usage
+ * by two (if large curves are in use).
+ *
+ * Reduction in size may reduce speed, but larger curves are impacted first.
+ * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
+ *      w-size:     6       5       4       3       2
+ *      521       145     141     135     120      97
+ *      384       214     209     198     177     146
+ *      256       320     320     303     262     226
+
+ *      224       475     475     453     398     342
+ *      192       640     640     633     587     476
+ */
+#define MBEDTLS_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+/*
+ * Trade memory for speed on fixed-point multiplication.
+ *
+ * This speeds up repeated multiplication of the generator (that is, the
+ * multiplication in ECDSA signatures, and half of the multiplications in
+ * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
+ *
+ * The cost is increasing EC peak memory usage by a factor roughly 2.
+ *
+ * Change this value to 0 to reduce peak memory usage.
+ */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+/* \} name SECTION: Module settings */
+
+/*
+ * Point formats, from RFC 4492's enum ECPointFormat
+ */
+#define MBEDTLS_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format */
+#define MBEDTLS_ECP_PF_COMPRESSED      1   /**< Compressed point format */
+
+/*
+ * Some other constants from RFC 4492
+ */
+#define MBEDTLS_ECP_TLS_NAMED_CURVE    3   /**< ECCurveType's named_curve */
+
+/**
+ * \brief           Get the list of supported curves in order of preferrence
+ *                  (full information)
+ *
+ * \return          A statically allocated array, the last entry is 0.
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
+
+/**
+ * \brief           Get the list of supported curves in order of preferrence
+ *                  (grp_id only)
+ *
+ * \return          A statically allocated array,
+ *                  terminated with MBEDTLS_ECP_DP_NONE.
+ */
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
+
+/**
+ * \brief           Get curve information from an internal group identifier
+ *
+ * \param grp_id    A MBEDTLS_ECP_DP_XXX value
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
+
+/**
+ * \brief           Get curve information from a TLS NamedCurve value
+ *
+ * \param tls_id    A MBEDTLS_ECP_DP_XXX value
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
+
+/**
+ * \brief           Get curve information from a human-readable name
+ *
+ * \param name      The name
+ *
+ * \return          The associated curve information or NULL
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
+
+/**
+ * \brief           Initialize a point (as zero)
+ */
+void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Initialize a group (to something meaningless)
+ */
+void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
+
+/**
+ * \brief           Initialize a key pair (as an invalid one)
+ */
+void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Free the components of a point
+ */
+void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Free the components of an ECP group
+ */
+void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
+
+/**
+ * \brief           Free the components of a key pair
+ */
+void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
+
+/**
+ * \brief           Copy the contents of point Q into P
+ *
+ * \param P         Destination point
+ * \param Q         Source point
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Copy the contents of a group object
+ *
+ * \param dst       Destination group
+ * \param src       Source group
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
+
+/**
+ * \brief           Set a point to zero
+ *
+ * \param pt        Destination point
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Tell if a point is zero
+ *
+ * \param pt        Point to test
+ *
+ * \return          1 if point is zero, 0 otherwise
+ */
+int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Compare two points
+ *
+ * \note            This assumes the points are normalized. Otherwise,
+ *                  they may compare as "not equal" even if they are.
+ *
+ * \param P         First point to compare
+ * \param Q         Second point to compare
+ *
+ * \return          0 if the points are equal,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
+ */
+int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
+                           const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Import a non-zero point from two ASCII strings
+ *
+ * \param P         Destination point
+ * \param radix     Input numeric base
+ * \param x         First affine coordinate as a null-terminated string
+ * \param y         Second affine coordinate as a null-terminated string
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
+ */
+int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
+                           const char *x, const char *y );
+
+/**
+ * \brief           Export a point into unsigned binary data
+ *
+ * \param grp       Group to which the point should belong
+ * \param P         Point to export
+ * \param format    Point format, should be a MBEDTLS_ECP_PF_XXX macro
+ * \param olen      Length of the actual output
+ * \param buf       Output buffer
+ * \param buflen    Length of the output buffer
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
+                            int format, size_t *olen,
+                            unsigned char *buf, size_t buflen );
+
+/**
+ * \brief           Import a point from unsigned binary data
+ *
+ * \param grp       Group to which the point should belong
+ * \param P         Point to import
+ * \param buf       Input buffer
+ * \param ilen      Actual length of input
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ *                  is not implemented.
+ *
+ * \note            This function does NOT check that the point actually
+ *                  belongs to the given group, see mbedtls_ecp_check_pubkey() for
+ *                  that.
+ */
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
+                           const unsigned char *buf, size_t ilen );
+
+/**
+ * \brief           Import a point from a TLS ECPoint record
+ *
+ * \param grp       ECP group used
+ * \param pt        Destination point
+ * \param buf       $(Start of input buffer)
+ * \param len       Buffer length
+ *
+ * \note            buf is updated to point right after the ECPoint on exit
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+                        const unsigned char **buf, size_t len );
+
+/**
+ * \brief           Export a point as a TLS ECPoint record
+ *
+ * \param grp       ECP group used
+ * \param pt        Point to export
+ * \param format    Export format
+ * \param olen      length of data written
+ * \param buf       Buffer to write to
+ * \param blen      Buffer length
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
+                         int format, size_t *olen,
+                         unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Set a group using well-known domain parameters
+ *
+ * \param grp       Destination group
+ * \param index     Index in the list of well-known domain parameters
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
+ *
+ * \note            Index should be a value of RFC 4492's enum NamedCurve,
+ *                  usually in the form of a MBEDTLS_ECP_DP_XXX macro.
+ */
+int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );
+
+/**
+ * \brief           Set a group from a TLS ECParameters record
+ *
+ * \param grp       Destination group
+ * \param buf       &(Start of input buffer)
+ * \param len       Buffer length
+ *
+ * \note            buf is updated to point right after ECParameters on exit
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ */
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
+
+/**
+ * \brief           Write the TLS ECParameters record for a group
+ *
+ * \param grp       ECP group used
+ * \param olen      Number of bytes actually written
+ * \param buf       Buffer to write to
+ * \param blen      Buffer length
+ *
+ * \return          0 if successful,
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+ */
+int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
+                         unsigned char *buf, size_t blen );
+
+/**
+ * \brief           Multiplication by an integer: R = m * P
+ *                  (Not thread-safe to use same group in multiple threads)
+ *
+ * \note            In order to prevent timing attacks, this function
+ *                  executes the exact same sequence of (base field)
+ *                  operations for any valid m. It avoids any if-branch or
+ *                  array index depending on the value of m.
+ *
+ * \note            If f_rng is not NULL, it is used to randomize intermediate
+ *                  results in order to prevent potential timing attacks
+ *                  targeting these results. It is recommended to always
+ *                  provide a non-NULL f_rng (the overhead is negligible).
+ *
+ * \param grp       ECP group
+ * \param R         Destination point
+ * \param m         Integer by which to multiply
+ * \param P         Point to multiply
+ * \param f_rng     RNG function (see notes)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
+ *                  or P is not a valid pubkey,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Multiplication and addition of two points by integers:
+ *                  R = m * P + n * Q
+ *                  (Not thread-safe to use same group in multiple threads)
+ *
+ * \note            In contrast to mbedtls_ecp_mul(), this function does not guarantee
+ *                  a constant execution flow and timing.
+ *
+ * \param grp       ECP group
+ * \param R         Destination point
+ * \param m         Integer by which to multiply P
+ * \param P         Point to multiply by m
+ * \param n         Integer by which to multiply Q
+ * \param Q         Point to be multiplied by n
+ *
+ * \return          0 if successful,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey
+ *                  or P or Q is not a valid pubkey,
+ *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+ */
+int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
+
+/**
+ * \brief           Check that a point is a valid public key on this curve
+ *
+ * \param grp       Curve/group the point should belong to
+ * \param pt        Point to check
+ *
+ * \return          0 if point is a valid public key,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note            This function only checks the point is non-zero, has valid
+ *                  coordinates and lies on the curve, but not that it is
+ *                  indeed a multiple of G. This is additional check is more
+ *                  expensive, isn't required by standards, and shouldn't be
+ *                  necessary if the group used has a small cofactor. In
+ *                  particular, it is useless for the NIST groups which all
+ *                  have a cofactor of 1.
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
+
+/**
+ * \brief           Check that an mbedtls_mpi is a valid private key for this curve
+ *
+ * \param grp       Group used
+ * \param d         Integer to check
+ *
+ * \return          0 if point is a valid private key,
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
+
+/**
+ * \brief           Generate a keypair with configurable base point
+ *
+ * \param grp       ECP group
+ * \param G         Chosen base point
+ * \param d         Destination MPI (secret part)
+ * \param Q         Destination point (public part)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
+                     const mbedtls_ecp_point *G,
+                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Generate a keypair
+ *
+ * \param grp       ECP group
+ * \param d         Destination MPI (secret part)
+ * \param Q         Destination point (public part)
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ *
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
+ *                  in order to ease use with other structures such as
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
+ */
+int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );
+
+/**
+ * \brief           Generate a keypair
+ *
+ * \param grp_id    ECP group identifier
+ * \param key       Destination keypair
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful,
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
+ */
+int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Check a public-private key pair
+ *
+ * \param pub       Keypair structure holding a public key
+ * \param prv       Keypair structure holding a private (plus public) key
+ *
+ * \return          0 if successful (keys are valid and match), or
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
+ *                  a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
+ */
+int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_ecp_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ecp.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/entropy.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,252 @@
+/**
+ * \file entropy.h
+ *
+ * \brief Entropy accumulator implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ENTROPY_H
+#define MBEDTLS_ENTROPY_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#include "sha512.h"
+#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#else
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#include "sha256.h"
+#endif
+#endif
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+#include "havege.h"
+#endif
+
+#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
+#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
+#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D  /**< No strong sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F  /**< Read/write error in file. */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+#define MBEDTLS_ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
+#endif
+
+#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
+#define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
+#else
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
+#endif
+
+#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
+#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
+
+#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
+#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief           Entropy poll callback pointer
+ *
+ * \param data      Callback-specific data pointer
+ * \param output    Data to fill
+ * \param len       Maximum size to provide
+ * \param olen      The actual amount of bytes put into the buffer (Can be 0)
+ *
+ * \return          0 if no critical failures occurred,
+ *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
+ */
+typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
+                            size_t *olen);
+
+/**
+ * \brief           Entropy source state
+ */
+typedef struct
+{
+    mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
+    void *          p_source;   /**< The callback data pointer */
+    size_t          size;       /**< Amount received in bytes */
+    size_t          threshold;  /**< Minimum bytes required before release */
+    int             strong;     /**< Is the source strong? */
+}
+mbedtls_entropy_source_state;
+
+/**
+ * \brief           Entropy context structure
+ */
+typedef struct
+{
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_context  accumulator;
+#else
+    mbedtls_sha256_context  accumulator;
+#endif
+    int             source_count;
+    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
+#if defined(MBEDTLS_HAVEGE_C)
+    mbedtls_havege_state    havege_data;
+#endif
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
+#endif
+}
+mbedtls_entropy_context;
+
+/**
+ * \brief           Initialize the context
+ *
+ * \param ctx       Entropy context to initialize
+ */
+void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Free the data in the context
+ *
+ * \param ctx       Entropy context to free
+ */
+void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Adds an entropy source to poll
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ * \param f_source  Entropy function
+ * \param p_source  Function data
+ * \param threshold Minimum required from source before entropy is released
+ *                  ( with mbedtls_entropy_func() ) (in bytes)
+ * \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+ *                  MBEDTSL_ENTROPY_SOURCE_WEAK.
+ *                  At least one strong source needs to be added.
+ *                  Weaker sources (such as the cycle counter) can be used as
+ *                  a complement.
+ *
+ * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+ */
+int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
+                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
+                        size_t threshold, int strong );
+
+/**
+ * \brief           Trigger an extra gather poll for the accumulator
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
+
+/**
+ * \brief           Retrieve entropy from the accumulator
+ *                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data      Entropy context
+ * \param output    Buffer to fill
+ * \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
+
+/**
+ * \brief           Add data to the accumulator manually
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param ctx       Entropy context
+ * \param data      Data to add
+ * \param len       Length of data
+ *
+ * \return          0 if successful
+ */
+int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
+                           const unsigned char *data, size_t len );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           Entropy context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
+ *                      read from the seed file. The rest is ignored.
+ *
+ * \param ctx           Entropy context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful,
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_entropy_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* entropy.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/entropy_poll.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,89 @@
+/**
+ * \file entropy_poll.h
+ *
+ * \brief Platform-specific and custom entropy polling functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ENTROPY_POLL_H
+#define MBEDTLS_ENTROPY_POLL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Default thresholds for built-in sources, in bytes
+ */
+#define MBEDTLS_ENTROPY_MIN_PLATFORM     32     /**< Minimum for platform source    */
+#define MBEDTLS_ENTROPY_MIN_HAVEGE       32     /**< Minimum for HAVEGE             */
+#define MBEDTLS_ENTROPY_MIN_HARDCLOCK     4     /**< Minimum for mbedtls_timing_hardclock()        */
+#define MBEDTLS_ENTROPY_MIN_HARDWARE     32     /**< Minimum for the hardware source */
+
+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+/**
+ * \brief           Platform-specific entropy poll callback
+ */
+int mbedtls_platform_entropy_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+/**
+ * \brief           HAVEGE based entropy poll callback
+ *
+ * Requires an HAVEGE state as its data pointer.
+ */
+int mbedtls_havege_poll( void *data,
+                 unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_TIMING_C)
+/**
+ * \brief           mbedtls_timing_hardclock-based entropy poll callback
+ */
+int mbedtls_hardclock_poll( void *data,
+                    unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+/**
+ * \brief           Entropy poll callback for a hardware source
+ *
+ * \warning         This is not provided by mbed TLS!
+ *                  See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
+ *
+ * \note            This must accept NULL as its first argument.
+ */
+int mbedtls_hardware_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* entropy_poll.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/error.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,107 @@
+/**
+ * \file error.h
+ *
+ * \brief Error to string translation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_ERROR_H
+#define MBEDTLS_ERROR_H
+
+#include <stddef.h>
+
+/**
+ * Error code layout.
+ *
+ * Currently we try to keep all error codes within the negative space of 16
+ * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
+ * addition we'd like to give two layers of information on the error if
+ * possible.
+ *
+ * For that purpose the error codes are segmented in the following manner:
+ *
+ * 16 bit error code bit-segmentation
+ *
+ * 1 bit  - Unused (sign bit)
+ * 3 bits - High level module ID
+ * 5 bits - Module-dependent error code
+ * 7 bits - Low level module errors
+ *
+ * For historical reasons, low-level error codes are divided in even and odd,
+ * even codes were assigned first, and -1 is reserved for other errors.
+ *
+ * Low-level module errors (0x0002-0x007E, 0x0003-0x007F)
+ *
+ * Module   Nr  Codes assigned
+ * MPI       7  0x0002-0x0010
+ * GCM       2  0x0012-0x0014
+ * BLOWFISH  2  0x0016-0x0018
+ * THREADING 3  0x001A-0x001E
+ * AES       2  0x0020-0x0022
+ * CAMELLIA  2  0x0024-0x0026
+ * XTEA      1  0x0028-0x0028
+ * BASE64    2  0x002A-0x002C
+ * OID       1  0x002E-0x002E   0x000B-0x000B
+ * PADLOCK   1  0x0030-0x0030
+ * DES       1  0x0032-0x0032
+ * CTR_DBRG  4  0x0034-0x003A
+ * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
+ * NET      11  0x0042-0x0052   0x0043-0x0045
+ * ASN1      7  0x0060-0x006C
+ * PBKDF2    1  0x007C-0x007C
+ * HMAC_DRBG 4  0x0003-0x0009
+ * CCM       2                  0x000D-0x000F
+ *
+ * High-level module nr (3 bits - 0x0...-0x7...)
+ * Name      ID  Nr of Errors
+ * PEM       1   9
+ * PKCS#12   1   4 (Started from top)
+ * X509      2   19
+ * PKCS5     2   4 (Started from top)
+ * DHM       3   9
+ * PK        3   14 (Started from top)
+ * RSA       4   9
+ * ECP       4   8 (Started from top)
+ * MD        5   4
+ * CIPHER    6   6
+ * SSL       6   16 (Started from top)
+ * SSL       7   31
+ *
+ * Module dependent error code (5 bits 0x.00.-0x.F8.)
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Translate a mbed TLS error code into a string representation,
+ *        Result is truncated if necessary and always includes a terminating
+ *        null byte.
+ *
+ * \param errnum    error code
+ * \param buffer    buffer to place representation in
+ * \param buflen    length of the buffer
+ */
+void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* error.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/gcm.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,220 @@
+/**
+ * \file gcm.h
+ *
+ * \brief Galois/Counter mode for 128-bit block ciphers
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_GCM_H
+#define MBEDTLS_GCM_H
+
+#include "cipher.h"
+
+#include <stdint.h>
+
+#define MBEDTLS_GCM_ENCRYPT     1
+#define MBEDTLS_GCM_DECRYPT     0
+
+#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
+#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          GCM context structure
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */
+    uint64_t HL[16];            /*!< Precalculated HTable */
+    uint64_t HH[16];            /*!< Precalculated HTable */
+    uint64_t len;               /*!< Total data length */
+    uint64_t add_len;           /*!< Total add length */
+    unsigned char base_ectr[16];/*!< First ECTR for tag */
+    unsigned char y[16];        /*!< Y working value */
+    unsigned char buf[16];      /*!< buf working value */
+    int mode;                   /*!< Encrypt or Decrypt */
+}
+mbedtls_gcm_context;
+
+/**
+ * \brief           Initialize GCM context (just makes references valid)
+ *                  Makes the context ready for mbedtls_gcm_setkey() or
+ *                  mbedtls_gcm_free().
+ *
+ * \param ctx       GCM context to initialize
+ */
+void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
+
+/**
+ * \brief           GCM initialization (encryption)
+ *
+ * \param ctx       GCM context to be initialized
+ * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param key       encryption key
+ * \param keybits   must be 128, 192 or 256
+ *
+ * \return          0 if successful, or a cipher specific error code
+ */
+int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits );
+
+/**
+ * \brief           GCM buffer encryption/decryption using a block cipher
+ *
+ * \note On encryption, the output buffer can be the same as the input buffer.
+ *       On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ * \param tag_len   length of the tag to generate
+ * \param tag       buffer for holding the tag
+ *
+ * \return         0 if successful
+ */
+int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
+                       int mode,
+                       size_t length,
+                       const unsigned char *iv,
+                       size_t iv_len,
+                       const unsigned char *add,
+                       size_t add_len,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t tag_len,
+                       unsigned char *tag );
+
+/**
+ * \brief           GCM buffer authenticated decryption using a block cipher
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param length    length of the input data
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data
+ * \param add_len   length of additional data
+ * \param tag       buffer holding the tag
+ * \param tag_len   length of the tag
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *
+ * \return         0 if successful and authenticated,
+ *                 MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match
+ */
+int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
+                      size_t length,
+                      const unsigned char *iv,
+                      size_t iv_len,
+                      const unsigned char *add,
+                      size_t add_len,
+                      const unsigned char *tag,
+                      size_t tag_len,
+                      const unsigned char *input,
+                      unsigned char *output );
+
+/**
+ * \brief           Generic GCM stream start function
+ *
+ * \param ctx       GCM context
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
+ * \param iv        initialization vector
+ * \param iv_len    length of IV
+ * \param add       additional data (or NULL if length is 0)
+ * \param add_len   length of additional data
+ *
+ * \return         0 if successful
+ */
+int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
+                int mode,
+                const unsigned char *iv,
+                size_t iv_len,
+                const unsigned char *add,
+                size_t add_len );
+
+/**
+ * \brief           Generic GCM update function. Encrypts/decrypts using the
+ *                  given GCM context. Expects input to be a multiple of 16
+ *                  bytes! Only the last call before mbedtls_gcm_finish() can be less
+ *                  than 16 bytes!
+ *
+ * \note On decryption, the output buffer cannot be the same as input buffer.
+ *       If buffers overlap, the output buffer must trail at least 8 bytes
+ *       behind the input buffer.
+ *
+ * \param ctx       GCM context
+ * \param length    length of the input data
+ * \param input     buffer holding the input data
+ * \param output    buffer for holding the output data
+ *
+ * \return         0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
+ */
+int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
+                size_t length,
+                const unsigned char *input,
+                unsigned char *output );
+
+/**
+ * \brief           Generic GCM finalisation function. Wraps up the GCM stream
+ *                  and generates the tag. The tag can have a maximum length of
+ *                  16 bytes.
+ *
+ * \param ctx       GCM context
+ * \param tag       buffer for holding the tag (may be NULL if tag_len is 0)
+ * \param tag_len   length of the tag to generate
+ *
+ * \return          0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
+ */
+int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
+                unsigned char *tag,
+                size_t tag_len );
+
+/**
+ * \brief           Free a GCM context and underlying cipher sub-context
+ *
+ * \param ctx       GCM context to free
+ */
+void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_gcm_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* gcm.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/havege.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,74 @@
+/**
+ * \file havege.h
+ *
+ * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_HAVEGE_H
+#define MBEDTLS_HAVEGE_H
+
+#include <stddef.h>
+
+#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          HAVEGE state structure
+ */
+typedef struct
+{
+    int PT1, PT2, offset[2];
+    int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
+    int WALK[8192];
+}
+mbedtls_havege_state;
+
+/**
+ * \brief          HAVEGE initialization
+ *
+ * \param hs       HAVEGE state to be initialized
+ */
+void mbedtls_havege_init( mbedtls_havege_state *hs );
+
+/**
+ * \brief          Clear HAVEGE state
+ *
+ * \param hs       HAVEGE state to be cleared
+ */
+void mbedtls_havege_free( mbedtls_havege_state *hs );
+
+/**
+ * \brief          HAVEGE rand function
+ *
+ * \param p_rng    A HAVEGE state
+ * \param output   Buffer to fill
+ * \param len      Length of buffer
+ *
+ * \return         0
+ */
+int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* havege.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/hmac_drbg.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,299 @@
+/**
+ * \file hmac_drbg.h
+ *
+ * \brief HMAC_DRBG (NIST SP 800-90A)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_HMAC_DRBG_H
+#define MBEDTLS_HMAC_DRBG_H
+
+#include "md.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+/*
+ * Error codes
+ */
+#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007  /**< Read/write error in file. */
+#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009  /**< The entropy source failed. */
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000   /**< Interval before reseed is performed by default */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_INPUT         256     /**< Maximum number of additional input bytes */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+#define MBEDTLS_HMAC_DRBG_MAX_REQUEST       1024    /**< Maximum number of requested bytes per call */
+#endif
+
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
+#define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * HMAC_DRBG context.
+ */
+typedef struct
+{
+    /* Working state: the key K is not stored explicitely,
+     * but is implied by the HMAC context */
+    mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
+    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
+    int reseed_counter;                     /*!< reseed counter         */
+
+    /* Administrative state */
+    size_t entropy_len;         /*!< entropy bytes grabbed on each (re)seed */
+    int prediction_resistance;  /*!< enable prediction resistance (Automatic
+                                     reseed before every random generation) */
+    int reseed_interval;        /*!< reseed interval   */
+
+    /* Callbacks */
+    int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
+    void *p_entropy;            /*!< context for the entropy function        */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+} mbedtls_hmac_drbg_context;
+
+/**
+ * \brief               HMAC_DRBG context initialization
+ *                      Makes the context ready for mbedtls_hmac_drbg_seed(),
+ *                      mbedtls_hmac_drbg_seed_buf() or
+ *                      mbedtls_hmac_drbg_free().
+ *
+ * \param ctx           HMAC_DRBG context to be initialized
+ */
+void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
+
+/**
+ * \brief               HMAC_DRBG initial seeding
+ *                      Seed and setup entropy source for future reseeds.
+ *
+ * \param ctx           HMAC_DRBG context to be seeded
+ * \param md_info       MD algorithm to use for HMAC_DRBG
+ * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
+ *                      length)
+ * \param p_entropy     Entropy context
+ * \param custom        Personalization data (Device specific identifiers)
+ *                      (Can be NULL)
+ * \param len           Length of personalization data
+ *
+ * \note                The "security strength" as defined by NIST is set to:
+ *                      128 bits if md_alg is SHA-1,
+ *                      192 bits if md_alg is SHA-224,
+ *                      256 bits if md_alg is SHA-256 or higher.
+ *                      Note that SHA-256 is just as efficient as SHA-224.
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
+ */
+int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
+                    const mbedtls_md_info_t * md_info,
+                    int (*f_entropy)(void *, unsigned char *, size_t),
+                    void *p_entropy,
+                    const unsigned char *custom,
+                    size_t len );
+
+/**
+ * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ *                      (For use with deterministic ECDSA.)
+ *
+ * \param ctx           HMAC_DRBG context to be initialised
+ * \param md_info       MD algorithm to use for HMAC_DRBG
+ * \param data          Concatenation of entropy string and additional data
+ * \param data_len      Length of data in bytes
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED.
+ */
+int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
+                        const mbedtls_md_info_t * md_info,
+                        const unsigned char *data, size_t data_len );
+
+/**
+ * \brief               Enable / disable prediction resistance (Default: Off)
+ *
+ * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ *       Only use this if you have ample supply of good entropy!
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param resistance    MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
+ */
+void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
+                                          int resistance );
+
+/**
+ * \brief               Set the amount of entropy grabbed on each reseed
+ *                      (Default: given by the security strength, which
+ *                      depends on the hash used, see \c mbedtls_hmac_drbg_init() )
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param len           Amount of entropy to grab, in bytes
+ */
+void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
+                                size_t len );
+
+/**
+ * \brief               Set the reseed interval
+ *                      (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param interval      Reseed interval
+ */
+void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
+                                    int interval );
+
+/**
+ * \brief               HMAC_DRBG update state
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to update state with, or NULL
+ * \param add_len       Length of additional data, or 0
+ *
+ * \note                Additional data is optional, pass NULL and 0 as second
+ *                      third argument if no additional data is being used.
+ */
+void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+                       const unsigned char *additional, size_t add_len );
+
+/**
+ * \brief               HMAC_DRBG reseeding (extracts data from entropy source)
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param additional    Additional data to add to state (Can be NULL)
+ * \param len           Length of additional data
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
+                      const unsigned char *additional, size_t len );
+
+/**
+ * \brief               HMAC_DRBG generate random with additional update input
+ *
+ * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ *
+ * \param p_rng         HMAC_DRBG context
+ * \param output        Buffer to fill
+ * \param output_len    Length of the buffer
+ * \param additional    Additional data to update with (can be NULL)
+ * \param add_len       Length of additional data (can be 0)
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
+ */
+int mbedtls_hmac_drbg_random_with_add( void *p_rng,
+                               unsigned char *output, size_t output_len,
+                               const unsigned char *additional,
+                               size_t add_len );
+
+/**
+ * \brief               HMAC_DRBG generate random
+ *
+ * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ *
+ * \param p_rng         HMAC_DRBG context
+ * \param output        Buffer to fill
+ * \param out_len       Length of the buffer
+ *
+ * \return              0 if successful, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+ */
+int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
+
+/**
+ * \brief               Free an HMAC_DRBG context
+ *
+ * \param ctx           HMAC_DRBG context to free.
+ */
+void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief               Write a seed file
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful, 1 on file error, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ */
+int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+
+/**
+ * \brief               Read and update a seed file. Seed is added to this
+ *                      instance
+ *
+ * \param ctx           HMAC_DRBG context
+ * \param path          Name of the file
+ *
+ * \return              0 if successful, 1 on file error,
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+ */
+int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_hmac_drbg_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* hmac_drbg.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/md.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,353 @@
+/**
+ * \file mbedtls_md.h
+ *
+ * \brief Generic message digest wrapper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD_H
+#define MBEDTLS_MD_H
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200  /**< Opening or reading of file failed. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+    MBEDTLS_MD_NONE=0,
+    MBEDTLS_MD_MD2,
+    MBEDTLS_MD_MD4,
+    MBEDTLS_MD_MD5,
+    MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_SHA224,
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_RIPEMD160,
+} mbedtls_md_type_t;
+
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
+#else
+#define MBEDTLS_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
+#endif
+
+/**
+ * Opaque struct defined in md_internal.h
+ */
+typedef struct mbedtls_md_info_t mbedtls_md_info_t;
+
+/**
+ * Generic message digest context.
+ */
+typedef struct {
+    /** Information about the associated message digest */
+    const mbedtls_md_info_t *md_info;
+
+    /** Digest-specific context */
+    void *md_ctx;
+
+    /** HMAC part of the context */
+    void *hmac_ctx;
+} mbedtls_md_context_t;
+
+/**
+ * \brief Returns the list of digests supported by the generic digest module.
+ *
+ * \return          a statically allocated array of digests, the last entry
+ *                  is 0.
+ */
+const int *mbedtls_md_list( void );
+
+/**
+ * \brief           Returns the message digest information associated with the
+ *                  given digest name.
+ *
+ * \param md_name   Name of the digest to search for.
+ *
+ * \return          The message digest information associated with md_name or
+ *                  NULL if not found.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
+
+/**
+ * \brief           Returns the message digest information associated with the
+ *                  given digest type.
+ *
+ * \param md_type   type of digest to search for.
+ *
+ * \return          The message digest information associated with md_type or
+ *                  NULL if not found.
+ */
+const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
+
+/**
+ * \brief           Initialize a md_context (as NONE)
+ *                  This should always be called first.
+ *                  Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
+ */
+void mbedtls_md_init( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief           Free and clear the internal structures of ctx.
+ *                  Can be called at any time after mbedtls_md_init().
+ *                  Mandatory once mbedtls_md_setup() has been called.
+ */
+void mbedtls_md_free( mbedtls_md_context_t *ctx );
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief           Select MD to use and allocate internal structures.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
+ *
+ * \deprecated      Superseded by mbedtls_md_setup() in 2.0.0
+ *
+ * \param ctx       Context to set up.
+ * \param md_info   Message digest to use.
+ *
+ * \returns         \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ */
+int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+/**
+ * \brief           Select MD to use and allocate internal structures.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
+ *
+ * \param ctx       Context to set up.
+ * \param md_info   Message digest to use.
+ * \param hmac      0 to save some memory if HMAC will not be used,
+ *                  non-zero is HMAC is going to be used with this context.
+ *
+ * \returns         \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
+ */
+int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
+
+/**
+ * \brief           Clone the state of an MD context
+ *
+ * \note            The two contexts must have been setup to the same type
+ *                  (cloning from SHA-256 to SHA-512 make no sense).
+ *
+ * \warning         Only clones the MD state, not the HMAC state! (for now)
+ *
+ * \param dst       The destination context
+ * \param src       The context to be cloned
+ *
+ * \return          \c 0 on success,
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
+ */
+int mbedtls_md_clone( mbedtls_md_context_t *dst,
+                      const mbedtls_md_context_t *src );
+
+/**
+ * \brief           Returns the size of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          size of the message digest output in bytes.
+ */
+unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Returns the type of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          type of the message digest output.
+ */
+mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Returns the name of the message digest output.
+ *
+ * \param md_info   message digest info
+ *
+ * \return          name of the message digest output.
+ */
+const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
+
+/**
+ * \brief           Prepare the context to digest a new message.
+ *                  Generally called after mbedtls_md_setup() or mbedtls_md_finish().
+ *                  Followed by mbedtls_md_update().
+ *
+ * \param ctx       generic message digest context.
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_starts( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief           Generic message digest process buffer
+ *                  Called between mbedtls_md_starts() and mbedtls_md_finish().
+ *                  May be called repeatedly.
+ *
+ * \param ctx       Generic message digest context
+ * \param input     buffer holding the  datal
+ * \param ilen      length of the input data
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief           Generic message digest final digest
+ *                  Called after mbedtls_md_update().
+ *                  Usually followed by mbedtls_md_free() or mbedtls_md_starts().
+ *
+ * \param ctx       Generic message digest context
+ * \param output    Generic message digest checksum result
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
+
+/**
+ * \brief          Output = message_digest( input buffer )
+ *
+ * \param md_info  message digest info
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   Generic message digest checksum result
+ *
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                 verification fails.
+ */
+int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+        unsigned char *output );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Output = message_digest( file contents )
+ *
+ * \param md_info  message digest info
+ * \param path     input file name
+ * \param output   generic message digest checksum result
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
+ *                 MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
+ */
+int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
+                     unsigned char *output );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief           Set HMAC key and prepare to authenticate a new message.
+ *                  Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
+ *
+ * \param ctx       HMAC context
+ * \param key       HMAC secret key
+ * \param keylen    length of the HMAC key in bytes
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
+                    size_t keylen );
+
+/**
+ * \brief           Generic HMAC process buffer.
+ *                  Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+ *                  and mbedtls_md_hmac_finish().
+ *                  May be called repeatedly.
+ *
+ * \param ctx       HMAC context
+ * \param input     buffer holding the  data
+ * \param ilen      length of the input data
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief           Output HMAC.
+ *                  Called after mbedtls_md_hmac_update().
+ *                  Usually followed my mbedtls_md_hmac_reset(), mbedtls_md_hmac_starts(),
+ *                  or mbedtls_md_free().
+ *
+ * \param ctx       HMAC context
+ * \param output    Generic HMAC checksum result
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
+
+/**
+ * \brief           Prepare to authenticate a new message with the same key.
+ *                  Called after mbedtls_md_hmac_finish() and before mbedtls_md_hmac_update().
+ *
+ * \param ctx       HMAC context to be reset
+ *
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                  verification fails.
+ */
+int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
+
+/**
+ * \brief          Output = Generic_HMAC( hmac key, input buffer )
+ *
+ * \param md_info  message digest info
+ * \param key      HMAC secret key
+ * \param keylen   length of the HMAC key in bytes
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   Generic HMAC-result
+ *
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
+ *                 verification fails.
+ */
+int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output );
+
+/* Internal use */
+int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_MD_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/md2.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md2.h
+ *
+ * \brief MD2 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD2_H
+#define MBEDTLS_MD2_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+#if !defined(MBEDTLS_MD2_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD2 context structure
+ */
+typedef struct
+{
+    unsigned char cksum[16];    /*!< checksum of the data block */
+    unsigned char state[48];    /*!< intermediate digest state  */
+    unsigned char buffer[16];   /*!< data block being processed */
+    size_t left;                /*!< amount of data in buffer   */
+}
+mbedtls_md2_context;
+
+/**
+ * \brief          Initialize MD2 context
+ *
+ * \param ctx      MD2 context to be initialized
+ */
+void mbedtls_md2_init( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          Clear MD2 context
+ *
+ * \param ctx      MD2 context to be cleared
+ */
+void mbedtls_md2_free( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD2 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md2_clone( mbedtls_md2_context *dst,
+                        const mbedtls_md2_context *src );
+
+/**
+ * \brief          MD2 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md2_starts( mbedtls_md2_context *ctx );
+
+/**
+ * \brief          MD2 process buffer
+ *
+ * \param ctx      MD2 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD2 final digest
+ *
+ * \param ctx      MD2 context
+ * \param output   MD2 checksum result
+ */
+void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD2_ALT */
+#include "md2_alt.h"
+#endif /* MBEDTLS_MD2_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD2( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD2 checksum result
+ */
+void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md2_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_md2_process( mbedtls_md2_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md2.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/md4.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md4.h
+ *
+ * \brief MD4 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD4_H
+#define MBEDTLS_MD4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_MD4_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD4 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[4];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_md4_context;
+
+/**
+ * \brief          Initialize MD4 context
+ *
+ * \param ctx      MD4 context to be initialized
+ */
+void mbedtls_md4_init( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          Clear MD4 context
+ *
+ * \param ctx      MD4 context to be cleared
+ */
+void mbedtls_md4_free( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD4 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md4_clone( mbedtls_md4_context *dst,
+                        const mbedtls_md4_context *src );
+
+/**
+ * \brief          MD4 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md4_starts( mbedtls_md4_context *ctx );
+
+/**
+ * \brief          MD4 process buffer
+ *
+ * \param ctx      MD4 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD4 final digest
+ *
+ * \param ctx      MD4 context
+ * \param output   MD4 checksum result
+ */
+void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD4_ALT */
+#include "md4_alt.h"
+#endif /* MBEDTLS_MD4_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD4( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD4 checksum result
+ */
+void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md4_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md4.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/md5.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_md5.h
+ *
+ * \brief MD5 message digest algorithm (hash function)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD5_H
+#define MBEDTLS_MD5_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_MD5_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          MD5 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[4];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_md5_context;
+
+/**
+ * \brief          Initialize MD5 context
+ *
+ * \param ctx      MD5 context to be initialized
+ */
+void mbedtls_md5_init( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          Clear MD5 context
+ *
+ * \param ctx      MD5 context to be cleared
+ */
+void mbedtls_md5_free( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an MD5 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_md5_clone( mbedtls_md5_context *dst,
+                        const mbedtls_md5_context *src );
+
+/**
+ * \brief          MD5 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_md5_starts( mbedtls_md5_context *ctx );
+
+/**
+ * \brief          MD5 process buffer
+ *
+ * \param ctx      MD5 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          MD5 final digest
+ *
+ * \param ctx      MD5 context
+ * \param output   MD5 checksum result
+ */
+void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
+
+/* Internal use */
+void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_MD5_ALT */
+#include "md5_alt.h"
+#endif /* MBEDTLS_MD5_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = MD5( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   MD5 checksum result
+ */
+void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_md5_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_md5.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/md_internal.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,114 @@
+/**
+ * \file md_internal.h
+ *
+ * \brief Message digest wrappers.
+ *
+ * \warning This in an internal header. Do not include directly.
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MD_WRAP_H
+#define MBEDTLS_MD_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Message digest information.
+ * Allows message digest functions to be called in a generic way.
+ */
+struct mbedtls_md_info_t
+{
+    /** Digest identifier */
+    mbedtls_md_type_t type;
+
+    /** Name of the message digest */
+    const char * name;
+
+    /** Output length of the digest function in bytes */
+    int size;
+
+    /** Block length of the digest function in bytes */
+    int block_size;
+
+    /** Digest initialisation function */
+    void (*starts_func)( void *ctx );
+
+    /** Digest update function */
+    void (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
+
+    /** Digest finalisation function */
+    void (*finish_func)( void *ctx, unsigned char *output );
+
+    /** Generic digest function */
+    void (*digest_func)( const unsigned char *input, size_t ilen,
+                         unsigned char *output );
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+    /** Clone state from a context */
+    void (*clone_func)( void *dst, const void *src );
+
+    /** Internal use only */
+    void (*process_func)( void *ctx, const unsigned char *input );
+};
+
+#if defined(MBEDTLS_MD2_C)
+extern const mbedtls_md_info_t mbedtls_md2_info;
+#endif
+#if defined(MBEDTLS_MD4_C)
+extern const mbedtls_md_info_t mbedtls_md4_info;
+#endif
+#if defined(MBEDTLS_MD5_C)
+extern const mbedtls_md_info_t mbedtls_md5_info;
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+extern const mbedtls_md_info_t mbedtls_ripemd160_info;
+#endif
+#if defined(MBEDTLS_SHA1_C)
+extern const mbedtls_md_info_t mbedtls_sha1_info;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+extern const mbedtls_md_info_t mbedtls_sha224_info;
+extern const mbedtls_md_info_t mbedtls_sha256_info;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+extern const mbedtls_md_info_t mbedtls_sha384_info;
+extern const mbedtls_md_info_t mbedtls_sha512_info;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_MD_WRAP_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/memory_buffer_alloc.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,146 @@
+/**
+ * \file memory_buffer_alloc.h
+ *
+ * \brief Buffer-based memory allocator
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#define MBEDTLS_MEMORY_VERIFY_NONE         0
+#define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
+#define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Initialize use of stack-based memory allocator.
+ *          The stack-based allocator does memory management inside the
+ *          presented buffer and does not call calloc() and free().
+ *          It sets the global mbedtls_calloc() and mbedtls_free() pointers
+ *          to its own functions.
+ *          (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
+ *           MBEDTLS_THREADING_C is defined)
+ *
+ * \note    This code is not optimized and provides a straight-forward
+ *          implementation of a stack-based memory allocator.
+ *
+ * \param buf   buffer to use as heap
+ * \param len   size of the buffer
+ */
+void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
+
+/**
+ * \brief   Free the mutex for thread-safety and clear remaining memory
+ */
+void mbedtls_memory_buffer_alloc_free( void );
+
+/**
+ * \brief   Determine when the allocator should automatically verify the state
+ *          of the entire chain of headers / meta-data.
+ *          (Default: MBEDTLS_MEMORY_VERIFY_NONE)
+ *
+ * \param verify    One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
+ *                  MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
+ */
+void mbedtls_memory_buffer_set_verify( int verify );
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+/**
+ * \brief   Print out the status of the allocated memory (primarily for use
+ *          after a program should have de-allocated all memory)
+ *          Prints out a list of 'still allocated' blocks and their stack
+ *          trace if MBEDTLS_MEMORY_BACKTRACE is defined.
+ */
+void mbedtls_memory_buffer_alloc_status( void );
+
+/**
+ * \brief   Get the peak heap usage so far
+ *
+ * \param max_used      Peak number of bytes reauested by the application
+ * \param max_blocks    Peak number of blocks reauested by the application
+ */
+void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+
+/**
+ * \brief   Reset peak statistics
+ */
+void mbedtls_memory_buffer_alloc_max_reset( void );
+
+/**
+ * \brief   Get the current heap usage
+ *
+ * \param cur_used      Number of bytes reauested by the application
+ * \param cur_blocks    Number of blocks reauested by the application
+ */
+void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+/**
+ * \brief   Verifies that all headers in the memory buffer are correct
+ *          and contain sane values. Helps debug buffer-overflow errors.
+ *
+ *          Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
+ *          Prints out full header information if MBEDTLS_MEMORY_DEBUG
+ *          is defined. (Includes stack trace information for each block if
+ *          MBEDTLS_MEMORY_BACKTRACE is defined as well).
+ *
+ * \return             0 if verified, 1 otherwise
+ */
+int mbedtls_memory_buffer_alloc_verify( void );
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_memory_buffer_alloc_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* memory_buffer_alloc.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/net.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,225 @@
+/**
+ * \file net.h
+ *
+ * \brief Network communication functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_NET_H
+#define MBEDTLS_NET_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "ssl.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_ERR_NET_SOCKET_FAILED                     -0x0042  /**< Failed to open a socket. */
+#define MBEDTLS_ERR_NET_CONNECT_FAILED                    -0x0044  /**< The connection to the given server / port failed. */
+#define MBEDTLS_ERR_NET_BIND_FAILED                       -0x0046  /**< Binding of the socket failed. */
+#define MBEDTLS_ERR_NET_LISTEN_FAILED                     -0x0048  /**< Could not listen on the socket. */
+#define MBEDTLS_ERR_NET_ACCEPT_FAILED                     -0x004A  /**< Could not accept the incoming connection. */
+#define MBEDTLS_ERR_NET_RECV_FAILED                       -0x004C  /**< Reading information from the socket failed. */
+#define MBEDTLS_ERR_NET_SEND_FAILED                       -0x004E  /**< Sending information through the socket failed. */
+#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050  /**< Connection was reset by peer. */
+#define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0052  /**< Failed to get an IP address for the given hostname. */
+#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  -0x0043  /**< Buffer is too small to hold the data. */
+#define MBEDTLS_ERR_NET_INVALID_CONTEXT                   -0x0045  /**< The context is invalid, eg because it was free()ed. */
+
+#define MBEDTLS_NET_LISTEN_BACKLOG         10 /**< The backlog that listen() should use. */
+
+#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
+#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Wrapper type for sockets.
+ *
+ * Currently backed by just a file descriptor, but might be more in the future
+ * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
+ * structures for hand-made UDP demultiplexing).
+ */
+typedef struct
+{
+    int fd;             /**< The underlying file descriptor                 */
+}
+mbedtls_net_context;
+
+/**
+ * \brief          Initialize a context
+ *                 Just makes the context ready to be used or freed safely.
+ *
+ * \param ctx      Context to initialize
+ */
+void mbedtls_net_init( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Initiate a connection with host:port in the given protocol
+ *
+ * \param ctx      Socket to use
+ * \param host     Host to connect to
+ * \param port     Port to connect to
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
+ *
+ * \return         0 if successful, or one of:
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
+ *                      MBEDTLS_ERR_NET_CONNECT_FAILED
+ *
+ * \note           Sets the socket in connected mode even with UDP.
+ */
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
+
+/**
+ * \brief          Create a receiving socket on bind_ip:port in the chosen
+ *                 protocol. If bind_ip == NULL, all interfaces are bound.
+ *
+ * \param ctx      Socket to use
+ * \param bind_ip  IP to bind to, can be NULL
+ * \param port     Port number to use
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
+ *
+ * \return         0 if successful, or one of:
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_BIND_FAILED,
+ *                      MBEDTLS_ERR_NET_LISTEN_FAILED
+ *
+ * \note           Regardless of the protocol, opens the sockets and binds it.
+ *                 In addition, make the socket listening if protocol is TCP.
+ */
+int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
+
+/**
+ * \brief           Accept a connection from a remote client
+ *
+ * \param bind_ctx  Relevant socket
+ * \param client_ctx Will contain the connected client socket
+ * \param client_ip Will contain the client IP address
+ * \param buf_size  Size of the client_ip buffer
+ * \param ip_len    Will receive the size of the client IP written
+ *
+ * \return          0 if successful, or
+ *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
+ *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
+ *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
+ *                  non-blocking and accept() would block.
+ */
+int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
+                        mbedtls_net_context *client_ctx,
+                        void *client_ip, size_t buf_size, size_t *ip_len );
+
+/**
+ * \brief          Set the socket blocking
+ *
+ * \param ctx      Socket to set
+ *
+ * \return         0 if successful, or a non-zero error code
+ */
+int mbedtls_net_set_block( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Set the socket non-blocking
+ *
+ * \param ctx      Socket to set
+ *
+ * \return         0 if successful, or a non-zero error code
+ */
+int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
+
+/**
+ * \brief          Portable usleep helper
+ *
+ * \param usec     Amount of microseconds to sleep
+ *
+ * \note           Real amount of time slept will not be less than
+ *                 select()'s timeout granularity (typically, 10ms).
+ */
+void mbedtls_net_usleep( unsigned long usec );
+
+/**
+ * \brief          Read at most 'len' characters. If no error occurs,
+ *                 the actual amount read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to write to
+ * \param len      Maximum length of the buffer
+ *
+ * \return         the number of bytes received,
+ *                 or a non-zero error code; with a non-blocking socket,
+ *                 MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
+ */
+int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
+
+/**
+ * \brief          Write at most 'len' characters. If no error occurs,
+ *                 the actual amount read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to read from
+ * \param len      The length of the buffer
+ *
+ * \return         the number of bytes sent,
+ *                 or a non-zero error code; with a non-blocking socket,
+ *                 MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
+ */
+int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
+
+/**
+ * \brief          Read at most 'len' characters, blocking for at most
+ *                 'timeout' seconds. If no error occurs, the actual amount
+ *                 read is returned.
+ *
+ * \param ctx      Socket
+ * \param buf      The buffer to write to
+ * \param len      Maximum length of the buffer
+ * \param timeout  Maximum number of milliseconds to wait for data
+ *                 0 means no timeout (wait forever)
+ *
+ * \return         the number of bytes received,
+ *                 or a non-zero error code:
+ *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+ *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+ *
+ * \note           This function will block (until data becomes available or
+ *                 timeout is reached) even if the socket is set to
+ *                 non-blocking. Handling timeouts with non-blocking reads
+ *                 requires a different strategy.
+ */
+int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+                      uint32_t timeout );
+
+/**
+ * \brief          Gracefully shutdown the connection and free associated data
+ *
+ * \param ctx      The context to free
+ */
+void mbedtls_net_free( mbedtls_net_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* net.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/oid.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,570 @@
+/**
+ * \file oid.h
+ *
+ * \brief Object Identifier (OID) database
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_OID_H
+#define MBEDTLS_OID_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "asn1.h"
+#include "pk.h"
+
+#include <stddef.h>
+
+#if defined(MBEDTLS_CIPHER_C)
+#include "cipher.h"
+#endif
+
+#if defined(MBEDTLS_MD_C)
+#include "md.h"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+#include "x509.h"
+#endif
+
+#define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
+#define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B  /**< output buffer is too small */
+
+/*
+ * Top level OID tuples
+ */
+#define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
+#define MBEDTLS_OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
+#define MBEDTLS_OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
+#define MBEDTLS_OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
+
+/*
+ * ISO Member bodies OID parts
+ */
+#define MBEDTLS_OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
+#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
+#define MBEDTLS_OID_RSA_COMPANY                 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define MBEDTLS_OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
+#define MBEDTLS_OID_ANSI_X9_62                  MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_ANSI_X9_62
+
+/*
+ * ISO Identified organization OID parts
+ */
+#define MBEDTLS_OID_ORG_DOD                     "\x06"          /* {dod(6)} */
+#define MBEDTLS_OID_ORG_OIW                     "\x0e"
+#define MBEDTLS_OID_OIW_SECSIG                  MBEDTLS_OID_ORG_OIW "\x03"
+#define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
+#define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
+#define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
+#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
+#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
+
+/*
+ * ISO ITU OID parts
+ */
+#define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+
+#define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
+#define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
+
+#define MBEDTLS_OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
+#define MBEDTLS_OID_NETSCAPE                    MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
+
+/* ISO arc for standard certificate and CRL extensions */
+#define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
+
+/**
+ * Private Internet Extensions
+ * { iso(1) identified-organization(3) dod(6) internet(1)
+ *                      security(5) mechanisms(5) pkix(7) }
+ */
+#define MBEDTLS_OID_PKIX                        MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
+
+/*
+ * Arc for standard naming attributes
+ */
+#define MBEDTLS_OID_AT                          MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
+#define MBEDTLS_OID_AT_CN                       MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define MBEDTLS_OID_AT_SUR_NAME                 MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
+#define MBEDTLS_OID_AT_SERIAL_NUMBER            MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
+#define MBEDTLS_OID_AT_COUNTRY                  MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
+#define MBEDTLS_OID_AT_LOCALITY                 MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
+#define MBEDTLS_OID_AT_STATE                    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
+#define MBEDTLS_OID_AT_ORGANIZATION             MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
+#define MBEDTLS_OID_AT_ORG_UNIT                 MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define MBEDTLS_OID_AT_TITLE                    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
+#define MBEDTLS_OID_AT_POSTAL_ADDRESS           MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
+#define MBEDTLS_OID_AT_POSTAL_CODE              MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+
+#define MBEDTLS_OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
+
+/*
+ * OIDs for standard certificate extensions
+ */
+#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER    MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
+#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER      MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
+#define MBEDTLS_OID_KEY_USAGE                   MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
+#define MBEDTLS_OID_CERTIFICATE_POLICIES        MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
+#define MBEDTLS_OID_POLICY_MAPPINGS             MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
+#define MBEDTLS_OID_SUBJECT_ALT_NAME            MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
+#define MBEDTLS_OID_ISSUER_ALT_NAME             MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
+#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS     MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
+#define MBEDTLS_OID_BASIC_CONSTRAINTS           MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
+#define MBEDTLS_OID_NAME_CONSTRAINTS            MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
+#define MBEDTLS_OID_POLICY_CONSTRAINTS          MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
+#define MBEDTLS_OID_EXTENDED_KEY_USAGE          MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
+#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS     MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
+#define MBEDTLS_OID_INIHIBIT_ANYPOLICY          MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
+#define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
+
+/*
+ * Netscape certificate extensions
+ */
+#define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
+#define MBEDTLS_OID_NS_CERT_TYPE            MBEDTLS_OID_NS_CERT  "\x01"
+#define MBEDTLS_OID_NS_BASE_URL             MBEDTLS_OID_NS_CERT  "\x02"
+#define MBEDTLS_OID_NS_REVOCATION_URL       MBEDTLS_OID_NS_CERT  "\x03"
+#define MBEDTLS_OID_NS_CA_REVOCATION_URL    MBEDTLS_OID_NS_CERT  "\x04"
+#define MBEDTLS_OID_NS_RENEWAL_URL          MBEDTLS_OID_NS_CERT  "\x07"
+#define MBEDTLS_OID_NS_CA_POLICY_URL        MBEDTLS_OID_NS_CERT  "\x08"
+#define MBEDTLS_OID_NS_SSL_SERVER_NAME      MBEDTLS_OID_NS_CERT  "\x0C"
+#define MBEDTLS_OID_NS_COMMENT              MBEDTLS_OID_NS_CERT  "\x0D"
+#define MBEDTLS_OID_NS_DATA_TYPE            MBEDTLS_OID_NETSCAPE "\x02"
+#define MBEDTLS_OID_NS_CERT_SEQUENCE        MBEDTLS_OID_NS_DATA_TYPE "\x05"
+
+/*
+ * OIDs for CRL extensions
+ */
+#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD    MBEDTLS_OID_ID_CE "\x10"
+#define MBEDTLS_OID_CRL_NUMBER                  MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
+
+/*
+ * X.509 v3 Extended key usage OIDs
+ */
+#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE      MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
+
+#define MBEDTLS_OID_KP                          MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
+#define MBEDTLS_OID_SERVER_AUTH                 MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
+#define MBEDTLS_OID_CLIENT_AUTH                 MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
+#define MBEDTLS_OID_CODE_SIGNING                MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
+#define MBEDTLS_OID_EMAIL_PROTECTION            MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
+#define MBEDTLS_OID_TIME_STAMPING               MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
+#define MBEDTLS_OID_OCSP_SIGNING                MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+
+/*
+ * PKCS definition OIDs
+ */
+
+#define MBEDTLS_OID_PKCS                MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
+#define MBEDTLS_OID_PKCS1               MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
+#define MBEDTLS_OID_PKCS5               MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
+#define MBEDTLS_OID_PKCS9               MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
+#define MBEDTLS_OID_PKCS12              MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
+
+/*
+ * PKCS#1 OIDs
+ */
+#define MBEDTLS_OID_PKCS1_RSA           MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
+#define MBEDTLS_OID_PKCS1_MD2           MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
+#define MBEDTLS_OID_PKCS1_MD4           MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
+#define MBEDTLS_OID_PKCS1_MD5           MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
+#define MBEDTLS_OID_PKCS1_SHA1          MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
+#define MBEDTLS_OID_PKCS1_SHA224        MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
+#define MBEDTLS_OID_PKCS1_SHA256        MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
+#define MBEDTLS_OID_PKCS1_SHA384        MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
+#define MBEDTLS_OID_PKCS1_SHA512        MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
+
+#define MBEDTLS_OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
+
+#define MBEDTLS_OID_PKCS9_EMAIL         MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+
+/* RFC 4055 */
+#define MBEDTLS_OID_RSASSA_PSS          MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
+#define MBEDTLS_OID_MGF1                MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
+
+/*
+ * Digest algorithms
+ */
+#define MBEDTLS_OID_DIGEST_ALG_MD2              MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD4              MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_GOV "\x03\x04\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+
+#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_GOV "\x03\x04\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+
+#define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+
+/*
+ * Encryption algorithms
+ */
+#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+
+/*
+ * PKCS#5 OIDs
+ */
+#define MBEDTLS_OID_PKCS5_PBKDF2                MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
+#define MBEDTLS_OID_PKCS5_PBES2                 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
+#define MBEDTLS_OID_PKCS5_PBMAC1                MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
+
+/*
+ * PKCS#5 PBES1 algorithms
+ */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC       MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC       MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC       MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC       MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC      MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC      MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
+
+/*
+ * PKCS#8 OIDs
+ */
+#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ           MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
+
+/*
+ * PKCS#12 PBE OIDs
+ */
+#define MBEDTLS_OID_PKCS12_PBE                      MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
+
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128         MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40          MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC     MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC      MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+
+/*
+ * EC key algorithms from RFC 5480
+ */
+
+/* id-ecPublicKey OBJECT IDENTIFIER ::= {
+ *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
+#define MBEDTLS_OID_EC_ALG_UNRESTRICTED         MBEDTLS_OID_ANSI_X9_62 "\x02\01"
+
+/*   id-ecDH OBJECT IDENTIFIER ::= {
+ *     iso(1) identified-organization(3) certicom(132)
+ *     schemes(1) ecdh(12) } */
+#define MBEDTLS_OID_EC_ALG_ECDH                 MBEDTLS_OID_CERTICOM "\x01\x0c"
+
+/*
+ * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
+ */
+
+/* secp192r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
+#define MBEDTLS_OID_EC_GRP_SECP192R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
+
+/* secp224r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
+#define MBEDTLS_OID_EC_GRP_SECP224R1        MBEDTLS_OID_CERTICOM "\x00\x21"
+
+/* secp256r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
+#define MBEDTLS_OID_EC_GRP_SECP256R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
+
+/* secp384r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
+#define MBEDTLS_OID_EC_GRP_SECP384R1        MBEDTLS_OID_CERTICOM "\x00\x22"
+
+/* secp521r1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
+#define MBEDTLS_OID_EC_GRP_SECP521R1        MBEDTLS_OID_CERTICOM "\x00\x23"
+
+/* secp192k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
+#define MBEDTLS_OID_EC_GRP_SECP192K1        MBEDTLS_OID_CERTICOM "\x00\x1f"
+
+/* secp224k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
+#define MBEDTLS_OID_EC_GRP_SECP224K1        MBEDTLS_OID_CERTICOM "\x00\x20"
+
+/* secp256k1 OBJECT IDENTIFIER ::= {
+ *   iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
+#define MBEDTLS_OID_EC_GRP_SECP256K1        MBEDTLS_OID_CERTICOM "\x00\x0a"
+
+/* RFC 5639 4.1
+ * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
+ * identified-organization(3) teletrust(36) algorithm(3) signature-
+ * algorithm(3) ecSign(2) 8}
+ * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
+ * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
+#define MBEDTLS_OID_EC_BRAINPOOL_V1         MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
+
+/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
+#define MBEDTLS_OID_EC_GRP_BP256R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
+
+/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
+#define MBEDTLS_OID_EC_GRP_BP384R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
+
+/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
+#define MBEDTLS_OID_EC_GRP_BP512R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
+
+/*
+ * SEC1 C.1
+ *
+ * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
+ * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
+ */
+#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE   MBEDTLS_OID_ANSI_X9_62 "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD  MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
+
+/*
+ * ECDSA signature identifiers, from RFC 5480
+ */
+#define MBEDTLS_OID_ANSI_X9_62_SIG          MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2     MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
+
+/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
+#define MBEDTLS_OID_ECDSA_SHA1              MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
+
+/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 1 } */
+#define MBEDTLS_OID_ECDSA_SHA224            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
+
+/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 2 } */
+#define MBEDTLS_OID_ECDSA_SHA256            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
+
+/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 3 } */
+#define MBEDTLS_OID_ECDSA_SHA384            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
+
+/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
+ *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ *   ecdsa-with-SHA2(3) 4 } */
+#define MBEDTLS_OID_ECDSA_SHA512            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Base OID descriptor structure
+ */
+typedef struct {
+    const char *asn1;               /*!< OID ASN.1 representation       */
+    size_t asn1_len;                /*!< length of asn1                 */
+    const char *name;               /*!< official name (e.g. from RFC)  */
+    const char *description;        /*!< human friendly description     */
+} mbedtls_oid_descriptor_t;
+
+/**
+ * \brief           Translate an ASN.1 OID into its numeric representation
+ *                  (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
+ *
+ * \param buf       buffer to put representation in
+ * \param size      size of the buffer
+ * \param oid       OID to translate
+ *
+ * \return          Length of the string written (excluding final NULL) or
+ *                  MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
+ */
+int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+/**
+ * \brief          Translate an X.509 extension OID into local values
+ *
+ * \param oid      OID to use
+ * \param ext_type place to store the extension type
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
+#endif
+
+/**
+ * \brief          Translate an X.509 attribute type OID into the short name
+ *                 (e.g. the OID for an X520 Common Name into "CN")
+ *
+ * \param oid      OID to use
+ * \param short_name    place to store the string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
+
+/**
+ * \brief          Translate PublicKeyAlgorithm OID into pk_type
+ *
+ * \param oid      OID to use
+ * \param pk_alg   place to store public key algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
+
+/**
+ * \brief          Translate pk_type into PublicKeyAlgorithm OID
+ *
+ * \param pk_alg   Public key type to look for
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
+                           const char **oid, size_t *olen );
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief          Translate NamedCurve OID into an EC group identifier
+ *
+ * \param oid      OID to use
+ * \param grp_id   place to store group id
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
+
+/**
+ * \brief          Translate EC group identifier into NamedCurve OID
+ *
+ * \param grp_id   EC group identifier
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
+                           const char **oid, size_t *olen );
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_MD_C)
+/**
+ * \brief          Translate SignatureAlgorithm OID into md_type and pk_type
+ *
+ * \param oid      OID to use
+ * \param md_alg   place to store message digest algorithm
+ * \param pk_alg   place to store public key algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
+                     mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
+
+/**
+ * \brief          Translate SignatureAlgorithm OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
+ * \brief          Translate md_type and pk_type into SignatureAlgorithm OID
+ *
+ * \param md_alg   message digest algorithm
+ * \param pk_alg   public key algorithm
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                            const char **oid, size_t *olen );
+
+/**
+ * \brief          Translate hash algorithm OID into md_type
+ *
+ * \param oid      OID to use
+ * \param md_alg   place to store message digest algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+#endif /* MBEDTLS_MD_C */
+
+/**
+ * \brief          Translate Extended Key Usage OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
+ * \brief          Translate md_type into hash algorithm OID
+ *
+ * \param md_alg   message digest algorithm
+ * \param oid      place to store ASN.1 OID string pointer
+ * \param olen     length of the OID
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
+
+#if defined(MBEDTLS_CIPHER_C)
+/**
+ * \brief          Translate encryption algorithm OID into cipher_type
+ *
+ * \param oid           OID to use
+ * \param cipher_alg    place to store cipher algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+/**
+ * \brief          Translate PKCS#12 PBE algorithm OID into md_type and
+ *                 cipher_type
+ *
+ * \param oid           OID to use
+ * \param md_alg        place to store message digest algorithm
+ * \param cipher_alg    place to store cipher algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
+                            mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_PKCS12_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* oid.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/padlock.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,107 @@
+/**
+ * \file padlock.h
+ *
+ * \brief VIA PadLock ACE for HW encryption/decryption supported by some
+ *        processors
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PADLOCK_H
+#define MBEDTLS_PADLOCK_H
+
+#include "aes.h"
+
+#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED               -0x0030  /**< Input data should be aligned. */
+
+#if defined(__has_feature)
+#if __has_feature(address_sanitizer)
+#define MBEDTLS_HAVE_ASAN
+#endif
+#endif
+
+/* Some versions of ASan result in errors about not enough registers */
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
+    !defined(MBEDTLS_HAVE_ASAN)
+
+#ifndef MBEDTLS_HAVE_X86
+#define MBEDTLS_HAVE_X86
+#endif
+
+#include <stdint.h>
+
+#define MBEDTLS_PADLOCK_RNG 0x000C
+#define MBEDTLS_PADLOCK_ACE 0x00C0
+#define MBEDTLS_PADLOCK_PHE 0x0C00
+#define MBEDTLS_PADLOCK_PMM 0x3000
+
+#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          PadLock detection routine
+ *
+ * \param feature  The feature to detect
+ *
+ * \return         1 if CPU has support for the feature, 0 otherwise
+ */
+int mbedtls_padlock_has_support( int feature );
+
+/**
+ * \brief          PadLock AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if success, 1 if operation failed
+ */
+int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
+                       int mode,
+                       const unsigned char input[16],
+                       unsigned char output[16] );
+
+/**
+ * \brief          PadLock AES-CBC buffer en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if success, 1 if operation failed
+ */
+int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HAVE_X86  */
+
+#endif /* padlock.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/pem.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,129 @@
+/**
+ * \file pem.h
+ *
+ * \brief Privacy Enhanced Mail (PEM) decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PEM_H
+#define MBEDTLS_PEM_H
+
+#include <stddef.h>
+
+/**
+ * \name PEM Error codes
+ * These error codes are returned in case of errors reading the
+ * PEM data.
+ * \{
+ */
+#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080  /**< No PEM header or footer found. */
+#define MBEDTLS_ERR_PEM_INVALID_DATA                      -0x1100  /**< PEM string is not as expected. */
+#define MBEDTLS_ERR_PEM_ALLOC_FAILED                      -0x1180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_PEM_INVALID_ENC_IV                    -0x1200  /**< RSA IV is not in hex-format. */
+#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280  /**< Unsupported key encryption algorithm. */
+#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED                 -0x1300  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH                 -0x1380  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400  /**< Unavailable feature, e.g. hashing/encryption combination. */
+#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480  /**< Bad input parameters to function. */
+/* \} name */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/**
+ * \brief       PEM context structure
+ */
+typedef struct
+{
+    unsigned char *buf;     /*!< buffer for decoded data             */
+    size_t buflen;          /*!< length of the buffer                */
+    unsigned char *info;    /*!< buffer for extra header information */
+}
+mbedtls_pem_context;
+
+/**
+ * \brief       PEM context setup
+ *
+ * \param ctx   context to be initialized
+ */
+void mbedtls_pem_init( mbedtls_pem_context *ctx );
+
+/**
+ * \brief       Read a buffer for PEM information and store the resulting
+ *              data into the specified context buffers.
+ *
+ * \param ctx       context to use
+ * \param header    header string to seek and expect
+ * \param footer    footer string to seek and expect
+ * \param data      source data to look in (must be nul-terminated)
+ * \param pwd       password for decryption (can be NULL)
+ * \param pwdlen    length of password
+ * \param use_len   destination for total length used (set after header is
+ *                  correctly read, so unless you get
+ *                  MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
+ *                  MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
+ *                  the length to skip)
+ *
+ * \note            Attempts to check password correctness by verifying if
+ *                  the decrypted text starts with an ASN.1 sequence of
+ *                  appropriate length
+ *
+ * \return          0 on success, or a specific PEM error code
+ */
+int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
+                     const unsigned char *data,
+                     const unsigned char *pwd,
+                     size_t pwdlen, size_t *use_len );
+
+/**
+ * \brief       PEM context memory freeing
+ *
+ * \param ctx   context to be freed
+ */
+void mbedtls_pem_free( mbedtls_pem_context *ctx );
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a buffer of PEM information from a DER encoded
+ *                  buffer.
+ *
+ * \param header    header string to write
+ * \param footer    footer string to write
+ * \param der_data  DER data to write
+ * \param der_len   length of the DER data
+ * \param buf       buffer to write to
+ * \param buf_len   length of output buffer
+ * \param olen      total length written / required (if buf_len is not enough)
+ *
+ * \return          0 on success, or a specific PEM or BASE64 error code. On
+ *                  MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
+ *                  size.
+ */
+int mbedtls_pem_write_buffer( const char *header, const char *footer,
+                      const unsigned char *der_data, size_t der_len,
+                      unsigned char *buf, size_t buf_len, size_t *olen );
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pem.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/pk.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,615 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PK_H
+#define MBEDTLS_PK_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "md.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "rsa.h"
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#include "ecp.h"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+#include "ecdsa.h"
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define MBEDTLS_ERR_PK_ALLOC_FAILED        -0x3F80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x3F00  /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
+#define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x3E80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PK_FILE_IO_ERROR       -0x3E00  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80  /**< Unsupported key version */
+#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT  -0x3D00  /**< Invalid key tag or value. */
+#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG      -0x3C80  /**< Key algorithm is unsupported (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED   -0x3C00  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH   -0x3B80  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PK_INVALID_PUBKEY      -0x3B00  /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_INVALID_ALG         -0x3A80  /**< The algorithm tag or value is invalid. */
+#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00  /**< Elliptic curve is unsupported (only NIST curves are supported). */
+#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
+#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900  /**< The signature is valid but its length is less than expected. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Public key types
+ */
+typedef enum {
+    MBEDTLS_PK_NONE=0,
+    MBEDTLS_PK_RSA,
+    MBEDTLS_PK_ECKEY,
+    MBEDTLS_PK_ECKEY_DH,
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_RSA_ALT,
+    MBEDTLS_PK_RSASSA_PSS,
+} mbedtls_pk_type_t;
+
+/**
+ * \brief           Options for RSASSA-PSS signature verification.
+ *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
+ */
+typedef struct
+{
+    mbedtls_md_type_t mgf1_hash_id;
+    int expected_salt_len;
+
+} mbedtls_pk_rsassa_pss_options;
+
+/**
+ * \brief           Types for interfacing with the debug module
+ */
+typedef enum
+{
+    MBEDTLS_PK_DEBUG_NONE = 0,
+    MBEDTLS_PK_DEBUG_MPI,
+    MBEDTLS_PK_DEBUG_ECP,
+} mbedtls_pk_debug_type;
+
+/**
+ * \brief           Item to send to the debug module
+ */
+typedef struct
+{
+    mbedtls_pk_debug_type type;
+    const char *name;
+    void *value;
+} mbedtls_pk_debug_item;
+
+/** Maximum number of item send for debugging, plus 1 */
+#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
+
+/**
+ * \brief           Public key information and operations
+ */
+typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
+
+/**
+ * \brief           Public key container
+ */
+typedef struct
+{
+    const mbedtls_pk_info_t *   pk_info; /**< Public key informations        */
+    void *                      pk_ctx;  /**< Underlying public key context  */
+} mbedtls_pk_context;
+
+#if defined(MBEDTLS_RSA_C)
+/**
+ * Quick access to an RSA context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an RSA context
+ * before using this function!
+ */
+static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_rsa_context *) (pk).pk_ctx );
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * Quick access to an EC context inside a PK context.
+ *
+ * \warning You must make sure the PK context actually holds an EC context
+ * before using this function!
+ */
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+{
+    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+}
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/**
+ * \brief           Types for RSA-alt abstraction
+ */
+typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
+                    const unsigned char *input, unsigned char *output,
+                    size_t output_max_len );
+typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+                    const unsigned char *hash, unsigned char *sig );
+typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/**
+ * \brief           Return information associated with the given PK type
+ *
+ * \param pk_type   PK type to search for.
+ *
+ * \return          The PK info associated with the type or NULL if not found.
+ */
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
+
+/**
+ * \brief           Initialize a mbedtls_pk_context (as NONE)
+ */
+void mbedtls_pk_init( mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Free a mbedtls_pk_context
+ */
+void mbedtls_pk_free( mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Initialize a PK context with the information given
+ *                  and allocates the type-specific PK subcontext.
+ *
+ * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param info      Information to use
+ *
+ * \return          0 on success,
+ *                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+ *                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+ *
+ * \note            For contexts holding an RSA-alt key, use
+ *                  \c mbedtls_pk_setup_rsa_alt() instead.
+ */
+int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/**
+ * \brief           Initialize an RSA-alt context
+ *
+ * \param ctx       Context to initialize. Must be empty (type NONE).
+ * \param key       RSA key pointer
+ * \param decrypt_func  Decryption function
+ * \param sign_func     Signing function
+ * \param key_len_func  Function returning key length in bytes
+ *
+ * \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
+ *                  context wasn't already initialized as RSA_ALT.
+ *
+ * \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
+ */
+int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
+                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+                         mbedtls_pk_rsa_alt_sign_func sign_func,
+                         mbedtls_pk_rsa_alt_key_len_func key_len_func );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/**
+ * \brief           Get the size in bits of the underlying key
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Key size in bits, or 0 on error
+ */
+size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Get the length in bytes of the underlying key
+ * \param ctx       Context to use
+ *
+ * \return          Key length in bytes, or 0 on error
+ */
+static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
+{
+    return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
+}
+
+/**
+ * \brief           Tell if a context can do the operation given by type
+ *
+ * \param ctx       Context to test
+ * \param type      Target type
+ *
+ * \return          0 if context can't do the operations,
+ *                  1 otherwise.
+ */
+int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
+
+/**
+ * \brief           Verify signature (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than sig_len,
+ *                  or a specific error code.
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
+ *                  to verify RSASSA_PSS signatures.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+ */
+int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+               const unsigned char *hash, size_t hash_len,
+               const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief           Verify signature, with options.
+ *                  (Includes verification of the padding depending on type.)
+ *
+ * \param type      Signature type (inc. possible padding type) to verify
+ * \param options   Pointer to type-specific options, or NULL
+ * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+ *                  used for this type of signatures,
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  valid but its actual length is less than sig_len,
+ *                  or a specific error code.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+ *
+ * \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+ *                  to a mbedtls_pk_rsassa_pss_options structure,
+ *                  otherwise it must be NULL.
+ */
+int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
+                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   const unsigned char *sig, size_t sig_len );
+
+/**
+ * \brief           Make signature, including padding if relevant.
+ *
+ * \param ctx       PK context to use - must hold a private key
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length or 0 (see notes)
+ * \param sig       Place to write the signature
+ * \param sig_len   Number of bytes written
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a specific error code.
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *                  There is no interface in the PK module to make RSASSA-PSS
+ *                  signatures yet.
+ *
+ * \note            If hash_len is 0, then the length associated with md_alg
+ *                  is used instead, or an error returned if it is invalid.
+ *
+ * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+ *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+ */
+int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+             const unsigned char *hash, size_t hash_len,
+             unsigned char *sig, size_t *sig_len,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Decrypt message (including padding if relevant).
+ *
+ * \param ctx       PK context to use - must hold a private key
+ * \param input     Input to decrypt
+ * \param ilen      Input size
+ * \param output    Decrypted output
+ * \param olen      Decrypted message length
+ * \param osize     Size of the output buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *
+ * \return          0 on success, or a specific error code.
+ */
+int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Encrypt message (including padding if relevant).
+ *
+ * \param ctx       PK context to use
+ * \param input     Message to encrypt
+ * \param ilen      Message size
+ * \param output    Encrypted output
+ * \param olen      Encrypted output length
+ * \param osize     Size of the output buffer
+ * \param f_rng     RNG function
+ * \param p_rng     RNG parameter
+ *
+ * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+ *
+ * \return          0 on success, or a specific error code.
+ */
+int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
+ * \brief           Check if a public-private pair of keys matches.
+ *
+ * \param pub       Context holding a public key.
+ * \param prv       Context holding a private (and public) key.
+ *
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ */
+int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
+
+/**
+ * \brief           Export debug information
+ *
+ * \param ctx       Context to use
+ * \param items     Place to write debug items
+ *
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+ */
+int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
+
+/**
+ * \brief           Access the type name
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Type name on success, or "invalid PK"
+ */
+const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
+
+/**
+ * \brief           Get the key type
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Type on success, or MBEDTLS_PK_NONE
+ */
+mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
+
+#if defined(MBEDTLS_PK_PARSE_C)
+/** \ingroup pk_module */
+/**
+ * \brief           Parse a private key in PEM or DER format
+ *
+ * \param ctx       key to be initialized
+ * \param key       input buffer
+ * \param keylen    size of the buffer
+ *                  (including the terminating null byte for PEM data)
+ * \param pwd       password for decryption (optional)
+ * \param pwdlen    size of the password
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
+                  const unsigned char *key, size_t keylen,
+                  const unsigned char *pwd, size_t pwdlen );
+
+/** \ingroup pk_module */
+/**
+ * \brief           Parse a public key in PEM or DER format
+ *
+ * \param ctx       key to be initialized
+ * \param key       input buffer
+ * \param keylen    size of the buffer
+ *                  (including the terminating null byte for PEM data)
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
+                         const unsigned char *key, size_t keylen );
+
+#if defined(MBEDTLS_FS_IO)
+/** \ingroup pk_module */
+/**
+ * \brief           Load and parse a private key
+ *
+ * \param ctx       key to be initialized
+ * \param path      filename to read the private key from
+ * \param password  password to decrypt the file (can be NULL)
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
+                      const char *path, const char *password );
+
+/** \ingroup pk_module */
+/**
+ * \brief           Load and parse a public key
+ *
+ * \param ctx       key to be initialized
+ * \param path      filename to read the private key from
+ *
+ * \note            On entry, ctx must be empty, either freshly initialised
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
+ *
+ * \note            The key is also checked for correctness.
+ *
+ * \return          0 if successful, or a specific PK or PEM error code
+ */
+int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+/**
+ * \brief           Write a private key to a PKCS#1 or SEC1 DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       private to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ */
+int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+/**
+ * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       public key to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ */
+int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a public key to a PEM string
+ *
+ * \param ctx       public key to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          0 if successful, or a specific error code
+ */
+int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+
+/**
+ * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
+ *
+ * \param ctx       private to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ *
+ * \return          0 if successful, or a specific error code
+ */
+int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_PK_WRITE_C */
+
+/*
+ * WARNING: Low-level functions. You probably do not want to use these unless
+ *          you are certain you do ;)
+ */
+
+#if defined(MBEDTLS_PK_PARSE_C)
+/**
+ * \brief           Parse a SubjectPublicKeyInfo DER structure
+ *
+ * \param p         the position in the ASN.1 data
+ * \param end       end of the buffer
+ * \param pk        the key to fill
+ *
+ * \return          0 if successful, or a specific PK error code
+ */
+int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
+                        mbedtls_pk_context *pk );
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+/**
+ * \brief           Write a subjectPublicKey to ASN.1 data
+ *                  Note: function works backwards in data buffer
+ *
+ * \param p         reference to current position pointer
+ * \param start     start of the buffer (for bounds-checking)
+ * \param key       public key to write away
+ *
+ * \return          the length written or a negative error code
+ */
+int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
+                     const mbedtls_pk_context *key );
+#endif /* MBEDTLS_PK_WRITE_C */
+
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PK_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/pk_internal.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,114 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer: wrapper functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PK_WRAP_H
+#define MBEDTLS_PK_WRAP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "pk.h"
+
+struct mbedtls_pk_info_t
+{
+    /** Public key type */
+    mbedtls_pk_type_t type;
+
+    /** Type name */
+    const char *name;
+
+    /** Get key size in bits */
+    size_t (*get_bitlen)( const void * );
+
+    /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
+    int (*can_do)( mbedtls_pk_type_t type );
+
+    /** Verify signature */
+    int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
+                        const unsigned char *hash, size_t hash_len,
+                        const unsigned char *sig, size_t sig_len );
+
+    /** Make signature */
+    int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
+                      const unsigned char *hash, size_t hash_len,
+                      unsigned char *sig, size_t *sig_len,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+    /** Decrypt message */
+    int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen, size_t osize,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+    /** Encrypt message */
+    int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen, size_t osize,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+
+    /** Check public-private key pair */
+    int (*check_pair_func)( const void *pub, const void *prv );
+
+    /** Allocate a new context */
+    void * (*ctx_alloc_func)( void );
+
+    /** Free the given context */
+    void (*ctx_free_func)( void *ctx );
+
+    /** Interface with the debug module */
+    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
+
+};
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/* Container for RSA-alt */
+typedef struct
+{
+    void *key;
+    mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
+    mbedtls_pk_rsa_alt_sign_func sign_func;
+    mbedtls_pk_rsa_alt_key_len_func key_len_func;
+} mbedtls_rsa_alt_context;
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+extern const mbedtls_pk_info_t mbedtls_rsa_info;
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+extern const mbedtls_pk_info_t mbedtls_eckey_info;
+extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
+#endif
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
+#endif
+
+#endif /* MBEDTLS_PK_WRAP_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/pkcs11.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,173 @@
+/**
+ * \file pkcs11.h
+ *
+ * \brief Wrapper for PKCS#11 library libpkcs11-helper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS11_H
+#define MBEDTLS_PKCS11_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PKCS11_C)
+
+#include "x509_crt.h"
+
+#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Context for PKCS #11 private keys.
+ */
+typedef struct {
+        pkcs11h_certificate_t pkcs11h_cert;
+        int len;
+} mbedtls_pkcs11_context;
+
+/**
+ * Initialize a mbedtls_pkcs11_context.
+ * (Just making memory references valid.)
+ */
+void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
+
+/**
+ * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
+ *
+ * \param cert          X.509 certificate to fill
+ * \param pkcs11h_cert  PKCS #11 helper certificate
+ *
+ * \return              0 on success.
+ */
+int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
+
+/**
+ * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
+ * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
+ * done.
+ *
+ * \param priv_key      Private key structure to fill.
+ * \param pkcs11_cert   PKCS #11 helper certificate
+ *
+ * \return              0 on success
+ */
+int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
+        pkcs11h_certificate_t pkcs11_cert );
+
+/**
+ * Free the contents of the given private key context. Note that the structure
+ * itself is not freed.
+ *
+ * \param priv_key      Private key structure to cleanup
+ */
+void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
+
+/**
+ * \brief          Do an RSA private key decrypt, then remove the message
+ *                 padding
+ *
+ * \param ctx      PKCS #11 context
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param olen     will contain the plaintext length
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len );
+
+/**
+ * \brief          Do a private RSA to sign a message digest
+ *
+ * \param ctx      PKCS #11 context
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig );
+
+/**
+ * SSL/TLS wrappers for PKCS#11 functions
+ */
+static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
+                        const unsigned char *input, unsigned char *output,
+                        size_t output_max_len )
+{
+    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
+                           output_max_len );
+}
+
+static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
+                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                     int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+                     const unsigned char *hash, unsigned char *sig )
+{
+    ((void) f_rng);
+    ((void) p_rng);
+    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
+                        hashlen, hash, sig );
+}
+
+static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
+{
+    return ( (mbedtls_pkcs11_context *) ctx )->len;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_PKCS11_C */
+
+#endif /* MBEDTLS_PKCS11_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/pkcs12.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,119 @@
+/**
+ * \file pkcs12.h
+ *
+ * \brief PKCS#12 Personal Information Exchange Syntax
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS12_H
+#define MBEDTLS_PKCS12_H
+
+#include "md.h"
+#include "cipher.h"
+#include "asn1.h"
+
+#include <stddef.h>
+
+#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA                 -0x1F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE            -0x1F00  /**< Feature not available, e.g. unsupported encryption scheme. */
+#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT             -0x1E80  /**< PBE ASN.1 data not as expected. */
+#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH              -0x1E00  /**< Given private key password does not allow for correct decryption. */
+
+#define MBEDTLS_PKCS12_DERIVE_KEY       1   /**< encryption/decryption key */
+#define MBEDTLS_PKCS12_DERIVE_IV        2   /**< initialization vector     */
+#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3   /**< integrity / MAC key       */
+
+#define MBEDTLS_PKCS12_PBE_DECRYPT      0
+#define MBEDTLS_PKCS12_PBE_ENCRYPT      1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief            PKCS12 Password Based function (encryption / decryption)
+ *                   for pbeWithSHAAnd128BitRC4
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param pwd        the password used (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param input      the input data
+ * \param len        data length
+ * \param output     the output buffer
+ *
+ * \return           0 if successful, or a MBEDTLS_ERR_XXX code
+ */
+int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
+                             const unsigned char *pwd,  size_t pwdlen,
+                             const unsigned char *input, size_t len,
+                             unsigned char *output );
+
+/**
+ * \brief            PKCS12 Password Based function (encryption / decryption)
+ *                   for cipher-based and mbedtls_md-based PBE's
+ *
+ * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
+ * \param cipher_type the cipher used
+ * \param md_type     the mbedtls_md used
+ * \param pwd        the password used (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param input      the input data
+ * \param len        data length
+ * \param output     the output buffer
+ *
+ * \return           0 if successful, or a MBEDTLS_ERR_XXX code
+ */
+int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
+                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+                const unsigned char *pwd,  size_t pwdlen,
+                const unsigned char *input, size_t len,
+                unsigned char *output );
+
+/**
+ * \brief            The PKCS#12 derivation function uses a password and a salt
+ *                   to produce pseudo-random bits for a particular "purpose".
+ *
+ *                   Depending on the given id, this function can produce an
+ *                   encryption/decryption key, an nitialization vector or an
+ *                   integrity key.
+ *
+ * \param data       buffer to store the derived data in
+ * \param datalen    length to fill
+ * \param pwd        password to use (may be NULL if no password is used)
+ * \param pwdlen     length of the password (may be 0)
+ * \param salt       salt buffer to use
+ * \param saltlen    length of the salt
+ * \param mbedtls_md         mbedtls_md type to use during the derivation
+ * \param id         id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
+ *                   MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
+ * \param iterations number of iterations
+ *
+ * \return          0 if successful, or a MD, BIGNUM type error.
+ */
+int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+                       const unsigned char *pwd, size_t pwdlen,
+                       const unsigned char *salt, size_t saltlen,
+                       mbedtls_md_type_t mbedtls_md, int id, int iterations );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pkcs12.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/pkcs5.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,94 @@
+/**
+ * \file pkcs5.h
+ *
+ * \brief PKCS#5 functions
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PKCS5_H
+#define MBEDTLS_PKCS5_H
+
+#include "asn1.h"
+#include "md.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA                  -0x2f80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT                  -0x2f00  /**< Unexpected ASN.1 data. */
+#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE             -0x2e80  /**< Requested encryption or digest alg not available. */
+#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH               -0x2e00  /**< Given private key password does not allow for correct decryption. */
+
+#define MBEDTLS_PKCS5_DECRYPT      0
+#define MBEDTLS_PKCS5_ENCRYPT      1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          PKCS#5 PBES2 function
+ *
+ * \param pbe_params the ASN.1 algorithm parameters
+ * \param mode       either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
+ * \param pwd        password to use when generating key
+ * \param pwdlen     length of password
+ * \param data       data to process
+ * \param datalen    length of data
+ * \param output     output buffer
+ *
+ * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
+ */
+int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
+                 const unsigned char *pwd,  size_t pwdlen,
+                 const unsigned char *data, size_t datalen,
+                 unsigned char *output );
+
+/**
+ * \brief          PKCS#5 PBKDF2 using HMAC
+ *
+ * \param ctx      Generic HMAC context
+ * \param password Password to use when generating key
+ * \param plen     Length of password
+ * \param salt     Salt to use when generating key
+ * \param slen     Length of salt
+ * \param iteration_count       Iteration count
+ * \param key_length            Length of generated key in bytes
+ * \param output   Generated key. Must be at least as big as key_length
+ *
+ * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
+ */
+int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
+                       size_t plen, const unsigned char *salt, size_t slen,
+                       unsigned int iteration_count,
+                       uint32_t key_length, unsigned char *output );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_pkcs5_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pkcs5.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/platform.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,214 @@
+/**
+ * \file platform.h
+ *
+ * \brief mbed TLS Platform abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_PLATFORM_H
+#define MBEDTLS_PLATFORM_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#include <stdio.h>
+#include <stdlib.h>
+#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+#if defined(_WIN32)
+#define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< Default snprintf to use  */
+#else
+#define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf /**< Default snprintf to use  */
+#endif
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
+#define MBEDTLS_PLATFORM_STD_PRINTF   printf /**< Default printf to use  */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#define MBEDTLS_PLATFORM_STD_CALLOC   calloc /**< Default allocator to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_FREE)
+#define MBEDTLS_PLATFORM_STD_FREE       free /**< Default free to use */
+#endif
+#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
+#define MBEDTLS_PLATFORM_STD_EXIT      exit /**< Default free to use */
+#endif
+#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+#include MBEDTLS_PLATFORM_STD_MEM_HDR
+#endif
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
+/* \} name SECTION: Module settings */
+
+/*
+ * The function pointers for calloc and free
+ */
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+    defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#define mbedtls_free       MBEDTLS_PLATFORM_FREE_MACRO
+#define mbedtls_calloc     MBEDTLS_PLATFORM_CALLOC_MACRO
+#else
+/* For size_t */
+#include <stddef.h>
+extern void * (*mbedtls_calloc)( size_t n, size_t size );
+extern void (*mbedtls_free)( void *ptr );
+
+/**
+ * \brief   Set your own memory implementation function pointers
+ *
+ * \param calloc_func   the calloc function implementation
+ * \param free_func     the free function implementation
+ *
+ * \return              0 if successful
+ */
+int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
+                              void (*free_func)( void * ) );
+#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
+#else /* !MBEDTLS_PLATFORM_MEMORY */
+#define mbedtls_free       free
+#define mbedtls_calloc     calloc
+#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
+
+/*
+ * The function pointers for fprintf
+ */
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+/* We need FILE * */
+#include <stdio.h>
+extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
+
+/**
+ * \brief   Set your own fprintf function pointer
+ *
+ * \param fprintf_func   the fprintf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
+                                               ... ) );
+#else
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+#define mbedtls_fprintf    MBEDTLS_PLATFORM_FPRINTF_MACRO
+#else
+#define mbedtls_fprintf    fprintf
+#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+
+/*
+ * The function pointers for printf
+ */
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+extern int (*mbedtls_printf)( const char *format, ... );
+
+/**
+ * \brief   Set your own printf function pointer
+ *
+ * \param printf_func   the printf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
+#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+#define mbedtls_printf     MBEDTLS_PLATFORM_PRINTF_MACRO
+#else
+#define mbedtls_printf     printf
+#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+
+/*
+ * The function pointers for snprintf
+ *
+ * The snprintf implementation should conform to C99:
+ * - it *must* always correctly zero-terminate the buffer
+ *   (except when n == 0, then it must leave the buffer untouched)
+ * - however it is acceptable to return -1 instead of the required length when
+ *   the destination buffer is too short.
+ */
+#if defined(_WIN32)
+/* For Windows (inc. MSYS2), we provide our own fixed implementation */
+int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
+
+/**
+ * \brief   Set your own snprintf function pointer
+ *
+ * \param snprintf_func   the snprintf function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
+                                                 const char * format, ... ) );
+#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define mbedtls_snprintf   MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#else
+#define mbedtls_snprintf   snprintf
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+
+/*
+ * The function pointers for exit
+ */
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+extern void (*mbedtls_exit)( int status );
+
+/**
+ * \brief   Set your own exit function pointer
+ *
+ * \param exit_func   the exit function implementation
+ *
+ * \return              0
+ */
+int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
+#else
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+#define mbedtls_exit   MBEDTLS_PLATFORM_EXIT_MACRO
+#else
+#define mbedtls_exit   exit
+#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* platform.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ripemd160.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,138 @@
+/**
+ * \file mbedtls_ripemd160.h
+ *
+ * \brief RIPE MD-160 message digest
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_RIPEMD160_H
+#define MBEDTLS_RIPEMD160_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_RIPEMD160_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          RIPEMD-160 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[5];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_ripemd160_context;
+
+/**
+ * \brief          Initialize RIPEMD-160 context
+ *
+ * \param ctx      RIPEMD-160 context to be initialized
+ */
+void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          Clear RIPEMD-160 context
+ *
+ * \param ctx      RIPEMD-160 context to be cleared
+ */
+void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          Clone (the state of) an RIPEMD-160 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
+                        const mbedtls_ripemd160_context *src );
+
+/**
+ * \brief          RIPEMD-160 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
+
+/**
+ * \brief          RIPEMD-160 process buffer
+ *
+ * \param ctx      RIPEMD-160 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
+                       const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          RIPEMD-160 final digest
+ *
+ * \param ctx      RIPEMD-160 context
+ * \param output   RIPEMD-160 checksum result
+ */
+void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] );
+
+/* Internal use */
+void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_RIPEMD160_ALT */
+#include "ripemd160.h"
+#endif /* MBEDTLS_RIPEMD160_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = RIPEMD-160( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   RIPEMD-160 checksum result
+ */
+void mbedtls_ripemd160( const unsigned char *input, size_t ilen,
+                unsigned char output[20] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_ripemd160_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_ripemd160.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/rsa.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,652 @@
+/**
+ * \file rsa.h
+ *
+ * \brief The RSA public-key cryptosystem
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_RSA_H
+#define MBEDTLS_RSA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "bignum.h"
+#include "md.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/*
+ * RSA Error codes
+ */
+#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA                    -0x4080  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_RSA_INVALID_PADDING                   -0x4100  /**< Input data contains invalid padding and is rejected. */
+#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED                    -0x4180  /**< Something failed during generation of a key. */
+#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED                  -0x4200  /**< Key failed to pass the library's validity check. */
+#define MBEDTLS_ERR_RSA_PUBLIC_FAILED                     -0x4280  /**< The public key operation failed. */
+#define MBEDTLS_ERR_RSA_PRIVATE_FAILED                    -0x4300  /**< The private key operation failed. */
+#define MBEDTLS_ERR_RSA_VERIFY_FAILED                     -0x4380  /**< The PKCS#1 verification failed. */
+#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE                  -0x4400  /**< The output buffer for decryption is not large enough. */
+#define MBEDTLS_ERR_RSA_RNG_FAILED                        -0x4480  /**< The random generator failed to generate non-zeros. */
+
+/*
+ * RSA constants
+ */
+#define MBEDTLS_RSA_PUBLIC      0
+#define MBEDTLS_RSA_PRIVATE     1
+
+#define MBEDTLS_RSA_PKCS_V15    0
+#define MBEDTLS_RSA_PKCS_V21    1
+
+#define MBEDTLS_RSA_SIGN        1
+#define MBEDTLS_RSA_CRYPT       2
+
+#define MBEDTLS_RSA_SALT_LEN_ANY    -1
+
+/*
+ * The above constants may be used even if the RSA module is compile out,
+ * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ */
+#if defined(MBEDTLS_RSA_C)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          RSA context structure
+ */
+typedef struct
+{
+    int ver;                    /*!<  always 0          */
+    size_t len;                 /*!<  size(N) in chars  */
+
+    mbedtls_mpi N;                      /*!<  public modulus    */
+    mbedtls_mpi E;                      /*!<  public exponent   */
+
+    mbedtls_mpi D;                      /*!<  private exponent  */
+    mbedtls_mpi P;                      /*!<  1st prime factor  */
+    mbedtls_mpi Q;                      /*!<  2nd prime factor  */
+    mbedtls_mpi DP;                     /*!<  D % (P - 1)       */
+    mbedtls_mpi DQ;                     /*!<  D % (Q - 1)       */
+    mbedtls_mpi QP;                     /*!<  1 / (Q % P)       */
+
+    mbedtls_mpi RN;                     /*!<  cached R^2 mod N  */
+    mbedtls_mpi RP;                     /*!<  cached R^2 mod P  */
+    mbedtls_mpi RQ;                     /*!<  cached R^2 mod Q  */
+
+    mbedtls_mpi Vi;                     /*!<  cached blinding value     */
+    mbedtls_mpi Vf;                     /*!<  cached un-blinding value  */
+
+    int padding;                /*!<  MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
+                                      RSA_PKCS_v21 for OAEP/PSS         */
+    int hash_id;                /*!<  Hash identifier of mbedtls_md_type_t as
+                                      specified in the mbedtls_md.h header file
+                                      for the EME-OAEP and EMSA-PSS
+                                      encoding                          */
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!<  Thread-safety mutex       */
+#endif
+}
+mbedtls_rsa_context;
+
+/**
+ * \brief          Initialize an RSA context
+ *
+ *                 Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
+ *                 encryption scheme and the RSASSA-PSS signature scheme.
+ *
+ * \param ctx      RSA context to be initialized
+ * \param padding  MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
+ * \param hash_id  MBEDTLS_RSA_PKCS_V21 hash identifier
+ *
+ * \note           The hash_id parameter is actually ignored
+ *                 when using MBEDTLS_RSA_PKCS_V15 padding.
+ *
+ * \note           Choice of padding mode is strictly enforced for private key
+ *                 operations, since there might be security concerns in
+ *                 mixing padding modes. For public key operations it's merely
+ *                 a default value, which can be overriden by calling specific
+ *                 rsa_rsaes_xxx or rsa_rsassa_xxx functions.
+ *
+ * \note           The chosen hash is always used for OEAP encryption.
+ *                 For PSS signatures, it's always used for making signatures,
+ *                 but can be overriden (and always is, if set to
+ *                 MBEDTLS_MD_NONE) for verifying them.
+ */
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
+               int padding,
+               int hash_id);
+
+/**
+ * \brief          Set padding for an already initialized RSA context
+ *                 See \c mbedtls_rsa_init() for details.
+ *
+ * \param ctx      RSA context to be set
+ * \param padding  MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21
+ * \param hash_id  MBEDTLS_RSA_PKCS_V21 hash identifier
+ */
+void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id);
+
+/**
+ * \brief          Generate an RSA keypair
+ *
+ * \param ctx      RSA context that will hold the key
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ * \param nbits    size of the public key in bits
+ * \param exponent public exponent (e.g., 65537)
+ *
+ * \note           mbedtls_rsa_init() must be called beforehand to setup
+ *                 the RSA context.
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
+                 unsigned int nbits, int exponent );
+
+/**
+ * \brief          Check a public RSA key
+ *
+ * \param ctx      RSA context to be checked
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Check a private RSA key
+ *
+ * \param ctx      RSA context to be checked
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Check a public-private RSA key pair.
+ *                 Check each of the contexts, and make sure they match.
+ *
+ * \param pub      RSA context holding the public key
+ * \param prv      RSA context holding the private key
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ */
+int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv );
+
+/**
+ * \brief          Do an RSA public key operation
+ *
+ * \param ctx      RSA context
+ * \param input    input buffer
+ * \param output   output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           This function does NOT take care of message
+ *                 padding. Also, be sure to set input[0] = 0 or assure that
+ *                 input is smaller than N.
+ *
+ * \note           The input and output buffers must be large
+ *                 enough (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
+                const unsigned char *input,
+                unsigned char *output );
+
+/**
+ * \brief          Do an RSA private key operation
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for blinding)
+ * \param p_rng    RNG parameter
+ * \param input    input buffer
+ * \param output   output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The input and output buffers must be large
+ *                 enough (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
+                 const unsigned char *input,
+                 unsigned char *output );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 encryption using the
+ *                 mode from the context. Add the message padding, then do an
+ *                 RSA operation.
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ *                               and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
+                       int mode, size_t ilen,
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode, size_t ilen,
+                                 const unsigned char *input,
+                                 unsigned char *output );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ *                               and MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param label    buffer holding the custom label to use
+ * \param label_len contains the label length
+ * \param ilen     contains the plaintext length
+ * \param input    buffer holding the data to be encrypted
+ * \param output   buffer that will hold the ciphertext
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
+                            int mode,
+                            const unsigned char *label, size_t label_len,
+                            size_t ilen,
+                            const unsigned char *input,
+                            unsigned char *output );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 decryption using the
+ *                 mode from the context. Do an RSA operation, then remove
+ *                 the message padding
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode, size_t *olen,
+                                 const unsigned char *input,
+                                 unsigned char *output,
+                                 size_t output_max_len );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param label    buffer holding the custom label to use
+ * \param label_len contains the label length
+ * \param olen     will contain the plaintext length
+ * \param input    buffer holding the encrypted data
+ * \param output   buffer that will hold the plaintext
+ * \param output_max_len    maximum length of the output buffer
+ *
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The output buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
+ *                 an error is thrown.
+ */
+int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
+                            int mode,
+                            const unsigned char *label, size_t label_len,
+                            size_t *olen,
+                            const unsigned char *input,
+                            unsigned char *output,
+                            size_t output_max_len );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 signature using the
+ *                 mode from the context. Do a private RSA operation to sign
+ *                 a message digest
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for
+ *                               MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           In case of PKCS#1 v2.1 encoding, see comments on
+ * \note           \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id.
+ */
+int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t),
+                    void *p_rng,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               int mode,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
+ *
+ * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for
+ *                               MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer that will hold the ciphertext
+ *
+ * \return         0 if the signing operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is the one used for the
+ *                 encoding. md_alg in the function call is the type of hash
+ *                 that is encoded. According to RFC 3447 it is advised to
+ *                 keep both hashes the same.
+ */
+int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng,
+                         int mode,
+                         mbedtls_md_type_t md_alg,
+                         unsigned int hashlen,
+                         const unsigned char *hash,
+                         unsigned char *sig );
+
+/**
+ * \brief          Generic wrapper to perform a PKCS#1 verification using the
+ *                 mode from the context. Do a public RSA operation and check
+ *                 the message digest
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           In case of PKCS#1 v2.1 encoding, see comments on
+ *                 \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id.
+ */
+int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng,
+                      int mode,
+                      mbedtls_md_type_t md_alg,
+                      unsigned int hashlen,
+                      const unsigned char *hash,
+                      const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ */
+int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode,
+                                 mbedtls_md_type_t md_alg,
+                                 unsigned int hashlen,
+                                 const unsigned char *hash,
+                                 const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
+ *                 (This is the "simple" version.)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is the one used for the
+ *                 verification. md_alg in the function call is the type of
+ *                 hash that is verified. According to RFC 3447 it is advised to
+ *                 keep both hashes the same. If hash_id in the RSA context is
+ *                 unset, the md_alg from the function call is used.
+ */
+int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng,
+                           int mode,
+                           mbedtls_md_type_t md_alg,
+                           unsigned int hashlen,
+                           const unsigned char *hash,
+                           const unsigned char *sig );
+
+/**
+ * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
+ *                 (This is the version with "full" options.)
+ *
+ * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only needed for MBEDTLS_RSA_PRIVATE)
+ * \param p_rng    RNG parameter
+ * \param mode     MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
+ * \param hash     buffer holding the message digest
+ * \param mgf1_hash_id message digest used for mask generation
+ * \param expected_salt_len Length of the salt used in padding, use
+ *                 MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length
+ * \param sig      buffer holding the ciphertext
+ *
+ * \return         0 if the verify operation was successful,
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
+ *
+ * \note           The "sig" buffer must be as large as the size
+ *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           The hash_id in the RSA context is ignored.
+ */
+int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               int mode,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               mbedtls_md_type_t mgf1_hash_id,
+                               int expected_salt_len,
+                               const unsigned char *sig );
+
+/**
+ * \brief          Copy the components of an RSA context
+ *
+ * \param dst      Destination context
+ * \param src      Source context
+ *
+ * \return         0 on success,
+ *                 MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure
+ */
+int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
+
+/**
+ * \brief          Free the components of an RSA key
+ *
+ * \param ctx      RSA Context to free
+ */
+void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_rsa_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_RSA_C */
+
+#endif /* rsa.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/sha1.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,136 @@
+/**
+ * \file mbedtls_sha1.h
+ *
+ * \brief SHA-1 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA1_H
+#define MBEDTLS_SHA1_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA1_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-1 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[5];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+}
+mbedtls_sha1_context;
+
+/**
+ * \brief          Initialize SHA-1 context
+ *
+ * \param ctx      SHA-1 context to be initialized
+ */
+void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          Clear SHA-1 context
+ *
+ * \param ctx      SHA-1 context to be cleared
+ */
+void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-1 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
+                         const mbedtls_sha1_context *src );
+
+/**
+ * \brief          SHA-1 context setup
+ *
+ * \param ctx      context to be initialized
+ */
+void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
+
+/**
+ * \brief          SHA-1 process buffer
+ *
+ * \param ctx      SHA-1 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen );
+
+/**
+ * \brief          SHA-1 final digest
+ *
+ * \param ctx      SHA-1 context
+ * \param output   SHA-1 checksum result
+ */
+void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] );
+
+/* Internal use */
+void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA1_ALT */
+#include "sha1_alt.h"
+#endif /* MBEDTLS_SHA1_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-1( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-1 checksum result
+ */
+void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha1_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha1.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/sha256.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,141 @@
+/**
+ * \file mbedtls_sha256.h
+ *
+ * \brief SHA-224 and SHA-256 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA256_H
+#define MBEDTLS_SHA256_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA256_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-256 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+    int is224;                  /*!< 0 => SHA-256, else SHA-224 */
+}
+mbedtls_sha256_context;
+
+/**
+ * \brief          Initialize SHA-256 context
+ *
+ * \param ctx      SHA-256 context to be initialized
+ */
+void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
+
+/**
+ * \brief          Clear SHA-256 context
+ *
+ * \param ctx      SHA-256 context to be cleared
+ */
+void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-256 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
+                           const mbedtls_sha256_context *src );
+
+/**
+ * \brief          SHA-256 context setup
+ *
+ * \param ctx      context to be initialized
+ * \param is224    0 = use SHA256, 1 = use SHA224
+ */
+void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
+
+/**
+ * \brief          SHA-256 process buffer
+ *
+ * \param ctx      SHA-256 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief          SHA-256 final digest
+ *
+ * \param ctx      SHA-256 context
+ * \param output   SHA-224/256 checksum result
+ */
+void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
+
+/* Internal use */
+void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA256_ALT */
+#include "sha256_alt.h"
+#endif /* MBEDTLS_SHA256_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-256( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-224/256 checksum result
+ * \param is224    0 = use SHA256, 1 = use SHA224
+ */
+void mbedtls_sha256( const unsigned char *input, size_t ilen,
+           unsigned char output[32], int is224 );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha256_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha256.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/sha512.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,141 @@
+/**
+ * \file mbedtls_sha512.h
+ *
+ * \brief SHA-384 and SHA-512 cryptographic hash function
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SHA512_H
+#define MBEDTLS_SHA512_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if !defined(MBEDTLS_SHA512_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          SHA-512 context structure
+ */
+typedef struct
+{
+    uint64_t total[2];          /*!< number of bytes processed  */
+    uint64_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[128];  /*!< data block being processed */
+    int is384;                  /*!< 0 => SHA-512, else SHA-384 */
+}
+mbedtls_sha512_context;
+
+/**
+ * \brief          Initialize SHA-512 context
+ *
+ * \param ctx      SHA-512 context to be initialized
+ */
+void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
+
+/**
+ * \brief          Clear SHA-512 context
+ *
+ * \param ctx      SHA-512 context to be cleared
+ */
+void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
+
+/**
+ * \brief          Clone (the state of) a SHA-512 context
+ *
+ * \param dst      The destination context
+ * \param src      The context to be cloned
+ */
+void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
+                           const mbedtls_sha512_context *src );
+
+/**
+ * \brief          SHA-512 context setup
+ *
+ * \param ctx      context to be initialized
+ * \param is384    0 = use SHA512, 1 = use SHA384
+ */
+void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
+
+/**
+ * \brief          SHA-512 process buffer
+ *
+ * \param ctx      SHA-512 context
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ */
+void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
+                    size_t ilen );
+
+/**
+ * \brief          SHA-512 final digest
+ *
+ * \param ctx      SHA-512 context
+ * \param output   SHA-384/512 checksum result
+ */
+void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_SHA512_ALT */
+#include "sha512_alt.h"
+#endif /* MBEDTLS_SHA512_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Output = SHA-512( input buffer )
+ *
+ * \param input    buffer holding the  data
+ * \param ilen     length of the input data
+ * \param output   SHA-384/512 checksum result
+ * \param is384    0 = use SHA512, 1 = use SHA384
+ */
+void mbedtls_sha512( const unsigned char *input, size_t ilen,
+             unsigned char output[64], int is384 );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_sha512_self_test( int verbose );
+
+/* Internal use */
+void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha512.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ssl.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2352 @@
+/**
+ * \file ssl.h
+ *
+ * \brief SSL/TLS functions.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_H
+#define MBEDTLS_SSL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "bignum.h"
+#include "ecp.h"
+
+#include "ssl_ciphersuites.h"
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#include "x509_crt.h"
+#include "x509_crl.h"
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+#include "dhm.h"
+#endif
+
+#if defined(MBEDTLS_ECDH_C)
+#include "ecdh.h"
+#endif
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+#include "zlib.h"
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME)
+#include <time.h>
+#endif
+
+/*
+ * SSL Error codes
+ */
+#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080  /**< The requested feature is not available. */
+#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    -0x7100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_SSL_INVALID_MAC                       -0x7180  /**< Verification of the message MAC failed. */
+#define MBEDTLS_ERR_SSL_INVALID_RECORD                    -0x7200  /**< An invalid SSL record was received. */
+#define MBEDTLS_ERR_SSL_CONN_EOF                          -0x7280  /**< The connection indicated an EOF. */
+#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  /**< An unknown cipher was received. */
+#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */
+#define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */
+#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message. */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */
+#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600  /**< The own private key or pre-shared key is not set, but needed. */
+#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680  /**< No CA Chain is set, but required to operate. */
+#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE                -0x7700  /**< An unexpected message was received from our peer. */
+#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE               -0x7780  /**< A fatal alert message was received from our peer. */
+#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED                -0x7800  /**< Verification of our peer failed. */
+#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x7880  /**< The peer notified us that the connection is going to be closed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO               -0x7900  /**< Processing of the ClientHello handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO               -0x7980  /**< Processing of the ServerHello handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE                -0x7A00  /**< Processing of the Certificate handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST        -0x7A80  /**< Processing of the CertificateRequest handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE        -0x7B00  /**< Processing of the ServerKeyExchange handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE          -0x7B80  /**< Processing of the ServerHelloDone handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE        -0x7C00  /**< Processing of the ClientKeyExchange handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP     -0x7C80  /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS     -0x7D00  /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY         -0x7D80  /**< Processing of the CertificateVerify handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC         -0x7E00  /**< Processing of the ChangeCipherSpec handshake message failed. */
+#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED                   -0x7E80  /**< Processing of the Finished handshake message failed. */
+#define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  /**< Memory allocation failed */
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  /**< Hardware acceleration function returned with error */
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */
+#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED                -0x6F00  /**< Processing of the compression / decompression failed */
+#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
+#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  /**< Processing of the NewSessionTicket handshake message failed. */
+#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
+#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
+#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  /**< Unknown identity received (eg, PSK identity) */
+#define MBEDTLS_ERR_SSL_INTERNAL_ERROR                    -0x6C00  /**< Internal error (eg, unexpected failure in lower-level module) */
+#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  /**< A counter would wrap (eg, too many messages exchanged). */
+#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO       -0x6B00  /**< Unexpected message at ServerHello in renegotiation. */
+#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80  /**< DTLS client must retry for hello verification */
+#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00  /**< A buffer is too small to receive or write a message */
+#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE             -0x6980  /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
+#define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900  /**< Connection requires a read call. */
+#define MBEDTLS_ERR_SSL_WANT_WRITE                        -0x6880  /**< Connection requires a write call. */
+#define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800  /**< The operation timed out. */
+#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT                  -0x6780  /**< The client initiated a reconnect from the same port. */
+
+/*
+ * Various constants
+ */
+#define MBEDTLS_SSL_MAJOR_VERSION_3             3
+#define MBEDTLS_SSL_MINOR_VERSION_0             0   /*!< SSL v3.0 */
+#define MBEDTLS_SSL_MINOR_VERSION_1             1   /*!< TLS v1.0 */
+#define MBEDTLS_SSL_MINOR_VERSION_2             2   /*!< TLS v1.1 */
+#define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
+
+#define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
+#define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
+
+#define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
+
+/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
+ * NONE must be zero so that memset()ing structure to zero works */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_512            1   /*!< MaxFragmentLength 2^9      */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_1024           2   /*!< MaxFragmentLength 2^10     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_2048           3   /*!< MaxFragmentLength 2^11     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_4096           4   /*!< MaxFragmentLength 2^12     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID        5   /*!< first invalid value        */
+
+#define MBEDTLS_SSL_IS_CLIENT                   0
+#define MBEDTLS_SSL_IS_SERVER                   1
+
+#define MBEDTLS_SSL_IS_NOT_FALLBACK             0
+#define MBEDTLS_SSL_IS_FALLBACK                 1
+
+#define MBEDTLS_SSL_EXTENDED_MS_DISABLED        0
+#define MBEDTLS_SSL_EXTENDED_MS_ENABLED         1
+
+#define MBEDTLS_SSL_ETM_DISABLED                0
+#define MBEDTLS_SSL_ETM_ENABLED                 1
+
+#define MBEDTLS_SSL_COMPRESS_NULL               0
+#define MBEDTLS_SSL_COMPRESS_DEFLATE            1
+
+#define MBEDTLS_SSL_VERIFY_NONE                 0
+#define MBEDTLS_SSL_VERIFY_OPTIONAL             1
+#define MBEDTLS_SSL_VERIFY_REQUIRED             2
+#define MBEDTLS_SSL_VERIFY_UNSET                3 /* Used only for sni_authmode */
+
+#define MBEDTLS_SSL_LEGACY_RENEGOTIATION        0
+#define MBEDTLS_SSL_SECURE_RENEGOTIATION        1
+
+#define MBEDTLS_SSL_RENEGOTIATION_DISABLED      0
+#define MBEDTLS_SSL_RENEGOTIATION_ENABLED       1
+
+#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED        0
+#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED         1
+
+#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED  -1
+#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT  16
+
+#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION     0
+#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION  1
+#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE      2
+
+#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED         0
+#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED          1
+#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
+
+#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
+#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
+
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED    0
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED     1
+
+#define MBEDTLS_SSL_ARC4_ENABLED                0
+#define MBEDTLS_SSL_ARC4_DISABLED               1
+
+#define MBEDTLS_SSL_PRESET_DEFAULT              0
+#define MBEDTLS_SSL_PRESET_SUITEB               2
+
+/*
+ * Default range for DTLS retransmission timer value, in milliseconds.
+ * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
+ */
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN    1000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
+#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+#endif
+
+/*
+ * Maxium fragment length in bytes,
+ * determines the size of each of the two internal I/O buffers.
+ *
+ * Note: the RFC defines the default size of SSL / TLS messages. If you
+ * change the value here, other clients / servers may not be able to
+ * communicate with you anymore. Only change this value if you control
+ * both sides of the connection and have it reduced at both sides, or
+ * if you're using the Max Fragment Length extension and you know all your
+ * peers are using it too!
+ */
+#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
+#define MBEDTLS_SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
+#endif
+
+/* \} name SECTION: Module settings */
+
+/*
+ * Length of the verify data for secure renegotiation
+ */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
+#else
+#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
+#endif
+
+/*
+ * Signaling ciphersuite values (SCSV)
+ */
+#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO    0xFF   /**< renegotiation info ext */
+#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE         0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
+
+/*
+ * Supported Signature and Hash algorithms (For TLS 1.2)
+ * RFC 5246 section 7.4.1.4.1
+ */
+#define MBEDTLS_SSL_HASH_NONE                0
+#define MBEDTLS_SSL_HASH_MD5                 1
+#define MBEDTLS_SSL_HASH_SHA1                2
+#define MBEDTLS_SSL_HASH_SHA224              3
+#define MBEDTLS_SSL_HASH_SHA256              4
+#define MBEDTLS_SSL_HASH_SHA384              5
+#define MBEDTLS_SSL_HASH_SHA512              6
+
+#define MBEDTLS_SSL_SIG_ANON                 0
+#define MBEDTLS_SSL_SIG_RSA                  1
+#define MBEDTLS_SSL_SIG_ECDSA                3
+
+/*
+ * Client Certificate Types
+ * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
+ */
+#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN       1
+#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN    64
+
+/*
+ * Message, alert and handshake types
+ */
+#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC     20
+#define MBEDTLS_SSL_MSG_ALERT                  21
+#define MBEDTLS_SSL_MSG_HANDSHAKE              22
+#define MBEDTLS_SSL_MSG_APPLICATION_DATA       23
+
+#define MBEDTLS_SSL_ALERT_LEVEL_WARNING         1
+#define MBEDTLS_SSL_ALERT_LEVEL_FATAL           2
+
+#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY           0  /* 0x00 */
+#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE    10  /* 0x0A */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC        20  /* 0x14 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED     21  /* 0x15 */
+#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW       22  /* 0x16 */
+#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30  /* 0x1E */
+#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE     40  /* 0x28 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_CERT               41  /* 0x29 */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT              42  /* 0x2A */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT      43  /* 0x2B */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED          44  /* 0x2C */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED          45  /* 0x2D */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN          46  /* 0x2E */
+#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER     47  /* 0x2F */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA            48  /* 0x30 */
+#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED         49  /* 0x31 */
+#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR          50  /* 0x32 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR         51  /* 0x33 */
+#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION    60  /* 0x3C */
+#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION      70  /* 0x46 */
+#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71  /* 0x47 */
+#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR        80  /* 0x50 */
+#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86  /* 0x56 */
+#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
+#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
+#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
+
+#define MBEDTLS_SSL_HS_HELLO_REQUEST            0
+#define MBEDTLS_SSL_HS_CLIENT_HELLO             1
+#define MBEDTLS_SSL_HS_SERVER_HELLO             2
+#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
+#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
+#define MBEDTLS_SSL_HS_CERTIFICATE             11
+#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
+#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
+#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE       14
+#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY      15
+#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE     16
+#define MBEDTLS_SSL_HS_FINISHED                20
+
+/*
+ * TLS extensions
+ */
+#define MBEDTLS_TLS_EXT_SERVERNAME                   0
+#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME          0
+
+#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
+
+#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
+
+#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
+
+#define MBEDTLS_TLS_EXT_SIG_ALG                     13
+
+#define MBEDTLS_TLS_EXT_ALPN                        16
+
+#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
+#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
+
+#define MBEDTLS_TLS_EXT_SESSION_TICKET              35
+
+#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */
+
+#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      0xFF01
+
+/*
+ * Size defines
+ */
+#if !defined(MBEDTLS_PSK_MAX_LEN)
+#define MBEDTLS_PSK_MAX_LEN            32 /* 256 bits */
+#endif
+
+/* Dummy type used only for its size */
+union mbedtls_ssl_premaster_secret
+{
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+    unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+    unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
+                                 + MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 3 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
+                                   + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    unsigned char _pms_ecjpake[32];     /* Thread spec: SHA-256 output */
+#endif
+};
+
+#define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * SSL state machine
+ */
+typedef enum
+{
+    MBEDTLS_SSL_HELLO_REQUEST,
+    MBEDTLS_SSL_CLIENT_HELLO,
+    MBEDTLS_SSL_SERVER_HELLO,
+    MBEDTLS_SSL_SERVER_CERTIFICATE,
+    MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
+    MBEDTLS_SSL_CERTIFICATE_REQUEST,
+    MBEDTLS_SSL_SERVER_HELLO_DONE,
+    MBEDTLS_SSL_CLIENT_CERTIFICATE,
+    MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
+    MBEDTLS_SSL_CERTIFICATE_VERIFY,
+    MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
+    MBEDTLS_SSL_CLIENT_FINISHED,
+    MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
+    MBEDTLS_SSL_SERVER_FINISHED,
+    MBEDTLS_SSL_FLUSH_BUFFERS,
+    MBEDTLS_SSL_HANDSHAKE_WRAPUP,
+    MBEDTLS_SSL_HANDSHAKE_OVER,
+    MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
+    MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
+}
+mbedtls_ssl_states;
+
+/* Defined below */
+typedef struct mbedtls_ssl_session mbedtls_ssl_session;
+typedef struct mbedtls_ssl_context mbedtls_ssl_context;
+typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
+
+/* Defined in ssl_internal.h */
+typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
+typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
+#endif
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
+#endif
+
+/*
+ * This structure is used for storing current session data.
+ */
+struct mbedtls_ssl_session
+{
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t start;               /*!< starting time      */
+#endif
+    int ciphersuite;            /*!< chosen ciphersuite */
+    int compression;            /*!< chosen compression */
+    size_t id_len;              /*!< session id length  */
+    unsigned char id[32];       /*!< session identifier */
+    unsigned char master[48];   /*!< the master secret  */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_crt *peer_cert;        /*!< peer X.509 cert chain */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+    uint32_t verify_result;          /*!<  verification result     */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned char *ticket;      /*!< RFC 5077 session ticket */
+    size_t ticket_len;          /*!< session ticket length   */
+    uint32_t ticket_lifetime;   /*!< ticket lifetime hint    */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    unsigned char mfl_code;     /*!< MaxFragmentLength negotiated by peer */
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    int trunc_hmac;             /*!< flag for truncated hmac activation   */
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    int encrypt_then_mac;       /*!< flag for EtM activation                */
+#endif
+};
+
+/**
+ * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
+ */
+struct mbedtls_ssl_config
+{
+    /* Group items by size (largest first) to minimize padding overhead */
+
+    /*
+     * Pointers
+     */
+
+    const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version   */
+
+    /** Callback for printing debug output                                  */
+    void (*f_dbg)(void *, int, const char *, int, const char *);
+    void *p_dbg;                    /*!< context for the debug function     */
+
+    /** Callback for getting (pseudo-)random numbers                        */
+    int  (*f_rng)(void *, unsigned char *, size_t);
+    void *p_rng;                    /*!< context for the RNG function       */
+
+    /** Callback to retrieve a session from the cache                       */
+    int (*f_get_cache)(void *, mbedtls_ssl_session *);
+    /** Callback to store a session into the cache                          */
+    int (*f_set_cache)(void *, const mbedtls_ssl_session *);
+    void *p_cache;                  /*!< context for cache callbacks        */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    /** Callback for setting cert according to SNI extension                */
+    int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+    void *p_sni;                    /*!< context for SNI callback           */
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    /** Callback to customize X.509 certificate chain verification          */
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+    void *p_vrfy;                   /*!< context for X.509 verify calllback */
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    /** Callback to retrieve PSK key from identity                          */
+    int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+    void *p_psk;                    /*!< context for PSK callback           */
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    /** Callback to create & write a cookie for ClientHello veirifcation    */
+    int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
+                           const unsigned char *, size_t );
+    /** Callback to verify validity of a ClientHello cookie                 */
+    int (*f_cookie_check)( void *, const unsigned char *, size_t,
+                           const unsigned char *, size_t );
+    void *p_cookie;                 /*!< context for the cookie callbacks   */
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
+    /** Callback to create & write a session ticket                         */
+    int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
+            unsigned char *, const unsigned char *, size_t *, uint32_t * );
+    /** Callback to parse a session ticket into a session structure         */
+    int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+    void *p_ticket;                 /*!< context for the ticket callbacks   */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    /** Callback to export key block and master secret                      */
+    int (*f_export_keys)( void *, const unsigned char *,
+            const unsigned char *, size_t, size_t, size_t );
+    void *p_export_keys;            /*!< context for key export callback    */
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
+    mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s)        */
+    mbedtls_x509_crt *ca_chain;     /*!< trusted CAs                        */
+    mbedtls_x509_crl *ca_crl;       /*!< trusted CAs CRLs                   */
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+    const int *sig_hashes;          /*!< allowed signature hashes           */
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+    const mbedtls_ecp_group_id *curve_list; /*!< allowed curves             */
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_mpi dhm_P;              /*!< prime modulus for DHM              */
+    mbedtls_mpi dhm_G;              /*!< generator for DHM                  */
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    unsigned char *psk;             /*!< pre-shared key                     */
+    size_t         psk_len;         /*!< length of the pre-shared key       */
+    unsigned char *psk_identity;    /*!< identity for PSK negotiation       */
+    size_t         psk_identity_len;/*!< length of identity                 */
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+    const char **alpn_list;         /*!< ordered list of protocols          */
+#endif
+
+    /*
+     * Numerical settings (int then char)
+     */
+
+    uint32_t read_timeout;          /*!< timeout for mbedtls_ssl_read (ms)  */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint32_t hs_timeout_min;        /*!< initial value of the handshake
+                                         retransmission timeout (ms)        */
+    uint32_t hs_timeout_max;        /*!< maximum value of the handshake
+                                         retransmission timeout (ms)        */
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    int renego_max_records;         /*!< grace period for renegotiation     */
+    unsigned char renego_period[8]; /*!< value of the record counters
+                                         that triggers renegotiation        */
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+    unsigned int badmac_limit;      /*!< limit of records with a bad MAC    */
+#endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned int dhm_min_bitlen;    /*!< min. bit length of the DHM prime   */
+#endif
+
+    unsigned char max_major_ver;    /*!< max. major version used            */
+    unsigned char max_minor_ver;    /*!< max. minor version used            */
+    unsigned char min_major_ver;    /*!< min. major version used            */
+    unsigned char min_minor_ver;    /*!< min. minor version used            */
+
+    /*
+     * Flags (bitfields)
+     */
+
+    unsigned int endpoint : 1;      /*!< 0: client, 1: server               */
+    unsigned int transport : 1;     /*!< stream (TLS) or datagram (DTLS)    */
+    unsigned int authmode : 2;      /*!< MBEDTLS_SSL_VERIFY_XXX             */
+    /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
+    unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX   */
+#if defined(MBEDTLS_ARC4_C)
+    unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites?        */
+#endif
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    unsigned int mfl_code : 3;      /*!< desired fragment length            */
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac?    */
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    unsigned int extended_ms : 1;   /*!< negotiate extended master secret?  */
+#endif
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    unsigned int anti_replay : 1;   /*!< detect and prevent replay?         */
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    unsigned int cbc_record_splitting : 1;  /*!< do cbc record splitting    */
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    unsigned int disable_renegotiation : 1; /*!< disable renegotiation?     */
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    unsigned int trunc_hmac : 1;    /*!< negotiate truncated hmac?          */
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    unsigned int session_tickets : 1;   /*!< use session tickets?           */
+#endif
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
+    unsigned int fallback : 1;      /*!< is this a fallback?                */
+#endif
+};
+
+
+struct mbedtls_ssl_context
+{
+    const mbedtls_ssl_config *conf; /*!< configuration information          */
+
+    /*
+     * Miscellaneous
+     */
+    int state;                  /*!< SSL handshake: current state     */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    int renego_status;          /*!< Initial, in progress, pending?   */
+    int renego_records_seen;    /*!< Records since renego request, or with DTLS,
+                                  number of retransmissions of request if
+                                  renego_max_records is < 0           */
+#endif
+
+    int major_ver;              /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3    */
+    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+    unsigned badmac_seen;       /*!< records with a bad MAC received    */
+#endif
+
+    /*
+     * Callbacks
+     */
+    int (*f_send)(void *, const unsigned char *, size_t);
+    int (*f_recv)(void *, unsigned char *, size_t);
+    int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
+    void *p_bio;                /*!< context for I/O operations   */
+
+    /*
+     * Session layer
+     */
+    mbedtls_ssl_session *session_in;            /*!<  current session data (in)   */
+    mbedtls_ssl_session *session_out;           /*!<  current session data (out)  */
+    mbedtls_ssl_session *session;               /*!<  negotiated session data     */
+    mbedtls_ssl_session *session_negotiate;     /*!<  session data in negotiation */
+
+    mbedtls_ssl_handshake_params *handshake;    /*!<  params required only during
+                                              the handshake process        */
+
+    /*
+     * Record layer transformations
+     */
+    mbedtls_ssl_transform *transform_in;        /*!<  current transform params (in)   */
+    mbedtls_ssl_transform *transform_out;       /*!<  current transform params (in)   */
+    mbedtls_ssl_transform *transform;           /*!<  negotiated transform params     */
+    mbedtls_ssl_transform *transform_negotiate; /*!<  transform params in negotiation */
+
+    /*
+     * Timers
+     */
+    void *p_timer;              /*!< context for the timer callbacks */
+    void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */
+    int (*f_get_timer)(void *); /*!< get timer callback             */
+
+    /*
+     * Record layer (incoming data)
+     */
+    unsigned char *in_buf;      /*!< input buffer                     */
+    unsigned char *in_ctr;      /*!< 64-bit incoming message counter
+                                     TLS: maintained by us
+                                     DTLS: read from peer             */
+    unsigned char *in_hdr;      /*!< start of record header           */
+    unsigned char *in_len;      /*!< two-bytes message length field   */
+    unsigned char *in_iv;       /*!< ivlen-byte IV                    */
+    unsigned char *in_msg;      /*!< message contents (in_iv+ivlen)   */
+    unsigned char *in_offt;     /*!< read offset in application data  */
+
+    int in_msgtype;             /*!< record header: message type      */
+    size_t in_msglen;           /*!< record header: message length    */
+    size_t in_left;             /*!< amount of data read so far       */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint16_t in_epoch;          /*!< DTLS epoch for incoming records  */
+    size_t next_record_offset;  /*!< offset of the next record in datagram
+                                     (equal to in_left if none)       */
+#endif
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    uint64_t in_window_top;     /*!< last validated record seq_num    */
+    uint64_t in_window;         /*!< bitmask for replay detection     */
+#endif
+
+    size_t in_hslen;            /*!< current handshake message length,
+                                     including the handshake header   */
+    int nb_zero;                /*!< # of 0-length encrypted messages */
+    int record_read;            /*!< record is already present        */
+
+    /*
+     * Record layer (outgoing data)
+     */
+    unsigned char *out_buf;     /*!< output buffer                    */
+    unsigned char *out_ctr;     /*!< 64-bit outgoing message counter  */
+    unsigned char *out_hdr;     /*!< start of record header           */
+    unsigned char *out_len;     /*!< two-bytes message length field   */
+    unsigned char *out_iv;      /*!< ivlen-byte IV                    */
+    unsigned char *out_msg;     /*!< message contents (out_iv+ivlen)  */
+
+    int out_msgtype;            /*!< record header: message type      */
+    size_t out_msglen;          /*!< record header: message length    */
+    size_t out_left;            /*!< amount of data not yet written   */
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    unsigned char *compress_buf;        /*!<  zlib data buffer        */
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    signed char split_done;     /*!< current record already splitted? */
+#endif
+
+    /*
+     * PKI layer
+     */
+    int client_auth;                    /*!<  flag for client auth.   */
+
+    /*
+     * User settings
+     */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    char *hostname;             /*!< expected peer CN for verification
+                                     (and SNI if available)                 */
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+    const char *alpn_chosen;    /*!<  negotiated protocol                   */
+#endif
+
+    /*
+     * Information for DTLS hello verify
+     */
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
+    size_t          cli_id_len;     /*!<  length of cli_id                  */
+#endif
+
+    /*
+     * Secure renegotiation
+     */
+    /* needed to know when to send extension on server */
+    int secure_renegotiation;           /*!<  does peer support legacy or
+                                              secure renegotiation           */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    size_t verify_data_len;             /*!<  length of verify data stored   */
+    char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
+    char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
+#endif
+};
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+
+#define MBEDTLS_SSL_CHANNEL_OUTBOUND    0
+#define MBEDTLS_SSL_CHANNEL_INBOUND     1
+
+extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
+                const unsigned char *key_enc, const unsigned char *key_dec,
+                size_t keylen,
+                const unsigned char *iv_enc,  const unsigned char *iv_dec,
+                size_t ivlen,
+                const unsigned char *mac_enc, const unsigned char *mac_dec,
+                size_t maclen);
+extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
+extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
+extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+
+/**
+ * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
+ *
+ * \return              a statically allocated array of ciphersuites, the last
+ *                      entry is 0.
+ */
+const int *mbedtls_ssl_list_ciphersuites( void );
+
+/**
+ * \brief               Return the name of the ciphersuite associated with the
+ *                      given ID
+ *
+ * \param ciphersuite_id SSL ciphersuite ID
+ *
+ * \return              a string containing the ciphersuite name
+ */
+const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
+
+/**
+ * \brief               Return the ID of the ciphersuite associated with the
+ *                      given name
+ *
+ * \param ciphersuite_name SSL ciphersuite name
+ *
+ * \return              the ID with the ciphersuite or 0 if not found
+ */
+int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
+
+/**
+ * \brief          Initialize an SSL context
+ *                 Just makes the context ready for mbedtls_ssl_setup() or
+ *                 mbedtls_ssl_free()
+ *
+ * \param ssl      SSL context
+ */
+void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Set up an SSL context for use
+ *
+ * \note           No copy of the configuration context is made, it can be
+ *                 shared by many mbedtls_ssl_context structures.
+ *
+ * \warning        Modifying the conf structure after is has been used in this
+ *                 function is unsupported!
+ *
+ * \param ssl      SSL context
+ * \param conf     SSL configuration to use
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
+ *                 memory allocation failed
+ */
+int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
+                       const mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Reset an already initialized SSL context for re-use
+ *                 while retaining application-set variables, function
+ *                 pointers and data.
+ *
+ * \param ssl      SSL context
+ * \return         0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
+                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
+ *                 MBEDTLS_ERR_SSL_COMPRESSION_FAILED
+ */
+int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Set the current endpoint type
+ *
+ * \param conf     SSL configuration
+ * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+ */
+void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
+
+/**
+ * \brief           Set the transport type (TLS or DTLS).
+ *                  Default: TLS
+ *
+ * \note            For DTLS, you must either provide a recv callback that
+ *                  doesn't block, or one that handles timeouts, see
+ *                  \c mbedtls_ssl_set_bio(). You also need to provide timer
+ *                  callbacks with \c mbedtls_ssl_set_timer_cb().
+ *
+ * \param conf      SSL configuration
+ * \param transport transport type:
+ *                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
+ *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
+ */
+void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
+
+/**
+ * \brief          Set the certificate verification mode
+ *                 Default: NONE on server, REQUIRED on client
+ *
+ * \param conf     SSL configuration
+ * \param authmode can be:
+ *
+ *  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
+ *                        (default on server)
+ *                        (insecure on client)
+ *
+ *  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
+ *                        handshake continues even if verification failed;
+ *                        mbedtls_ssl_get_verify_result() can be called after the
+ *                        handshake is complete.
+ *
+ *  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
+ *                        handshake is aborted if verification failed.
+ *
+ * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
+ * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
+ * the right time(s), which may not be obvious, while REQUIRED always perform
+ * the verification as soon as possible. For example, REQUIRED was protecting
+ * against the "triple handshake" attack even before it was found.
+ */
+void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set the verification callback (Optional).
+ *
+ *                 If set, the verify callback is called for each
+ *                 certificate in the chain. For implementation
+ *                 information, please see \c x509parse_verify()
+ *
+ * \param conf     SSL configuration
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ */
+void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+/**
+ * \brief          Set the random number generator callback
+ *
+ * \param conf     SSL configuration
+ * \param f_rng    RNG function
+ * \param p_rng    RNG parameter
+ */
+void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng );
+
+/**
+ * \brief          Set the debug callback
+ *
+ *                 The callback has the following argument:
+ *                 void *           opaque context for the callback
+ *                 int              debug level
+ *                 const char *     file name
+ *                 int              line number
+ *                 const char *     message
+ *
+ * \param conf     SSL configuration
+ * \param f_dbg    debug function
+ * \param p_dbg    debug parameter
+ */
+void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
+                  void (*f_dbg)(void *, int, const char *, int, const char *),
+                  void  *p_dbg );
+
+/**
+ * \brief          Set the underlying BIO callbacks for write, read and
+ *                 read-with-timeout.
+ *
+ * \param ssl      SSL context
+ * \param p_bio    parameter (context) shared by BIO callbacks
+ * \param f_send   write callback
+ * \param f_recv   read callback
+ * \param f_recv_timeout blocking read callback with timeout.
+ *                 The last argument is the timeout in milliseconds,
+ *                 0 means no timeout (block forever until a message comes)
+ *
+ * \note           One of f_recv or f_recv_timeout can be NULL, in which case
+ *                 the other is used. If both are non-NULL, f_recv_timeout is
+ *                 used and f_recv is ignored (as if it were NULL).
+ *
+ * \note           The two most common use cases are:
+ *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
+ *                 - blocking I/O, f_recv == NULL, f_recv_timout != NULL
+ *
+ * \note           For DTLS, you need to provide either a non-NULL
+ *                 f_recv_timeout callback, or a f_recv that doesn't block.
+ */
+void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
+        void *p_bio,
+        int (*f_send)(void *, const unsigned char *, size_t),
+        int (*f_recv)(void *, unsigned char *, size_t),
+        int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) );
+
+/**
+ * \brief          Set the timeout period for mbedtls_ssl_read()
+ *                 (Default: no timeout.)
+ *
+ * \param conf     SSL configuration context
+ * \param timeout  Timeout value in milliseconds.
+ *                 Use 0 for no timeout (default).
+ *
+ * \note           With blocking I/O, this will only work if a non-NULL
+ *                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
+ *                 With non-blocking I/O, this will only work if timer
+ *                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
+ *
+ * \note           With non-blocking I/O, you may also skip this function
+ *                 altogether and handle timeouts at the application layer.
+ */
+void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
+
+/**
+ * \brief          Set the timer callbacks
+ *                 (Mandatory for DTLS.)
+ *
+ * \param ssl      SSL context
+ * \param p_timer  parameter (context) shared by timer callback
+ * \param f_set_timer   set timer callback
+ *                 Accepts an intermediate and a final delay in milliseconcs
+ *                 If the final delay is 0, cancels the running timer.
+ * \param f_get_timer   get timer callback. Must return:
+ *                 -1 if cancelled
+ *                 0 if none of the delays is expired
+ *                 1 if the intermediate delay only is expired
+ *                 2 if the final delay is expired
+ */
+void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
+                               void *p_timer,
+                               void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
+                               int (*f_get_timer)(void *) );
+
+/**
+ * \brief           Callback type: generate and write session ticket
+ *
+ * \note            This describes what a callback implementation should do.
+ *                  This callback should generate and encrypted and
+ *                  authenticated ticket for the session and write it to the
+ *                  output buffer. Here, ticket means the opaque ticket part
+ *                  of the NewSessionTicket structure of RFC 5077.
+ *
+ * \param p_ticket  Context for the callback
+ * \param session   SSL session to bo written in the ticket
+ * \param start     Start of the outpur buffer
+ * \param end       End of the output buffer
+ * \param tlen      On exit, holds the length written
+ * \param lifetime  On exit, holds the lifetime of the ticket in seconds
+ *
+ * \return          0 if successful, or
+ *                  a specific MBEDTLS_ERR_XXX code.
+ */
+typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
+                                        const mbedtls_ssl_session *session,
+                                        unsigned char *start,
+                                        const unsigned char *end,
+                                        size_t *tlen,
+                                        uint32_t *lifetime );
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+/**
+ * \brief           Callback type: Export key block and master secret
+ *
+ * \note            This is required for certain uses of TLS, e.g. EAP-TLS
+ *                  (RFC 5216) and Thread. The key pointers are ephemeral and
+ *                  therefore must not be stored. The master secret and keys
+ *                  should not be used directly except as an input to a key
+ *                  derivation function.
+ *
+ * \param p_expkey  Context for the callback
+ * \param ms        Pointer to master secret (fixed length: 48 bytes)
+ * \param kb        Pointer to key block, see RFC 5246 section 6.3
+ *                  (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
+ * \param maclen    MAC length
+ * \param keylen    Key length
+ * \param ivlen     IV length
+ *
+ * \return          0 if successful, or
+ *                  a specific MBEDTLS_ERR_XXX code.
+ */
+typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
+                                const unsigned char *ms,
+                                const unsigned char *kb,
+                                size_t maclen,
+                                size_t keylen,
+                                size_t ivlen );
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
+/**
+ * \brief           Callback type: parse and load session ticket
+ *
+ * \note            This describes what a callback implementation should do.
+ *                  This callback should parse a session ticket as generated
+ *                  by the corresponding mbedtls_ssl_ticket_write_t function,
+ *                  and, if the ticket is authentic and valid, load the
+ *                  session.
+ *
+ * \note            The implementation is allowed to modify the first len
+ *                  bytes of the input buffer, eg to use it as a temporary
+ *                  area for the decrypted ticket contents.
+ *
+ * \param p_ticket  Context for the callback
+ * \param session   SSL session to be loaded
+ * \param buf       Start of the buffer containing the ticket
+ * \param len       Length of the ticket.
+ *
+ * \return          0 if successful, or
+ *                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
+ *                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
+ *                  any other non-zero code for other failures.
+ */
+typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
+                                        mbedtls_ssl_session *session,
+                                        unsigned char *buf,
+                                        size_t len );
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief           Configure SSL session ticket callbacks (server only).
+ *                  (Default: none.)
+ *
+ * \note            On server, session tickets are enabled by providing
+ *                  non-NULL callbacks.
+ *
+ * \note            On client, use \c mbedtls_ssl_conf_session_tickets().
+ *
+ * \param conf      SSL configuration context
+ * \param f_ticket_write    Callback for writing a ticket
+ * \param f_ticket_parse    Callback for parsing a ticket
+ * \param p_ticket          Context shared by the two callbacks
+ */
+void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
+        mbedtls_ssl_ticket_write_t *f_ticket_write,
+        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+        void *p_ticket );
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+/**
+ * \brief           Configure key export callback.
+ *                  (Default: none.)
+ *
+ * \note            See \c mbedtls_ssl_export_keys_t.
+ *
+ * \param conf      SSL configuration context
+ * \param f_export_keys     Callback for exporting keys
+ * \param p_export_keys     Context for the callback
+ */
+void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
+        mbedtls_ssl_export_keys_t *f_export_keys,
+        void *p_export_keys );
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+
+/**
+ * \brief          Callback type: generate a cookie
+ *
+ * \param ctx      Context for the callback
+ * \param p        Buffer to write to,
+ *                 must be updated to point right after the cookie
+ * \param end      Pointer to one past the end of the output buffer
+ * \param info     Client ID info that was passed to
+ *                 \c mbedtls_ssl_set_client_transport_id()
+ * \param ilen     Length of info in bytes
+ *
+ * \return         The callback must return 0 on success,
+ *                 or a negative error code.
+ */
+typedef int mbedtls_ssl_cookie_write_t( void *ctx,
+                                unsigned char **p, unsigned char *end,
+                                const unsigned char *info, size_t ilen );
+
+/**
+ * \brief          Callback type: verify a cookie
+ *
+ * \param ctx      Context for the callback
+ * \param cookie   Cookie to verify
+ * \param clen     Length of cookie
+ * \param info     Client ID info that was passed to
+ *                 \c mbedtls_ssl_set_client_transport_id()
+ * \param ilen     Length of info in bytes
+ *
+ * \return         The callback must return 0 if cookie is valid,
+ *                 or a negative error code.
+ */
+typedef int mbedtls_ssl_cookie_check_t( void *ctx,
+                                const unsigned char *cookie, size_t clen,
+                                const unsigned char *info, size_t ilen );
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief           Register callbacks for DTLS cookies
+ *                  (Server only. DTLS only.)
+ *
+ *                  Default: dummy callbacks that fail, in order to force you to
+ *                  register working callbacks (and initialize their context).
+ *
+ *                  To disable HelloVerifyRequest, register NULL callbacks.
+ *
+ * \warning         Disabling hello verification allows your server to be used
+ *                  for amplification in DoS attacks against other hosts.
+ *                  Only disable if you known this can't happen in your
+ *                  particular environment.
+ *
+ * \note            See comments on \c mbedtls_ssl_handshake() about handling
+ *                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
+ *                  on the first handshake attempt when this is enabled.
+ *
+ * \note            This is also necessary to handle client reconnection from
+ *                  the same port as described in RFC 6347 section 4.2.8 (only
+ *                  the variant with cookies is supported currently). See
+ *                  comments on \c mbedtls_ssl_read() for details.
+ *
+ * \param conf              SSL configuration
+ * \param f_cookie_write    Cookie write callback
+ * \param f_cookie_check    Cookie check callback
+ * \param p_cookie          Context for both callbacks
+ */
+void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
+                           mbedtls_ssl_cookie_write_t *f_cookie_write,
+                           mbedtls_ssl_cookie_check_t *f_cookie_check,
+                           void *p_cookie );
+
+/**
+ * \brief          Set client's transport-level identification info.
+ *                 (Server only. DTLS only.)
+ *
+ *                 This is usually the IP address (and port), but could be
+ *                 anything identify the client depending on the underlying
+ *                 network stack. Used for HelloVerifyRequest with DTLS.
+ *                 This is *not* used to route the actual packets.
+ *
+ * \param ssl      SSL context
+ * \param info     Transport-level info identifying the client (eg IP + port)
+ * \param ilen     Length of info in bytes
+ *
+ * \note           An internal copy is made, so the info buffer can be reused.
+ *
+ * \return         0 on success,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
+ */
+int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
+                                 const unsigned char *info,
+                                 size_t ilen );
+
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+/**
+ * \brief          Enable or disable anti-replay protection for DTLS.
+ *                 (DTLS only, no effect on TLS.)
+ *                 Default: enabled.
+ *
+ * \param conf     SSL configuration
+ * \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
+ *
+ * \warning        Disabling this is a security risk unless the application
+ *                 protocol handles duplicated packets in a safe way. You
+ *                 should not disable this without careful consideration.
+ *                 However, if your application already detects duplicated
+ *                 packets and needs information about them to adjust its
+ *                 transmission strategy, then you'll want to disable this.
+ */
+void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+/**
+ * \brief          Set a limit on the number of records with a bad MAC
+ *                 before terminating the connection.
+ *                 (DTLS only, no effect on TLS.)
+ *                 Default: 0 (disabled).
+ *
+ * \param conf     SSL configuration
+ * \param limit    Limit, or 0 to disable.
+ *
+ * \note           If the limit is N, then the connection is terminated when
+ *                 the Nth non-authentic record is seen.
+ *
+ * \note           Records with an invalid header are not counted, only the
+ *                 ones going through the authentication-decryption phase.
+ *
+ * \note           This is a security trade-off related to the fact that it's
+ *                 often relatively easy for an active attacker ot inject UDP
+ *                 datagrams. On one hand, setting a low limit here makes it
+ *                 easier for such an attacker to forcibly terminated a
+ *                 connection. On the other hand, a high limit or no limit
+ *                 might make us waste resources checking authentication on
+ *                 many bogus packets.
+ */
+void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
+#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/**
+ * \brief          Set retransmit timeout values for the DTLS handshale.
+ *                 (DTLS only, no effect on TLS.)
+ *
+ * \param conf     SSL configuration
+ * \param min      Initial timeout value in milliseconds.
+ *                 Default: 1000 (1 second).
+ * \param max      Maximum timeout value in milliseconds.
+ *                 Default: 60000 (60 seconds).
+ *
+ * \note           Default values are from RFC 6347 section 4.2.4.1.
+ *
+ * \note           Higher values for initial timeout may increase average
+ *                 handshake latency. Lower values may increase the risk of
+ *                 network congestion by causing more retransmissions.
+ */
+void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief          Set the session cache callbacks (server-side only)
+ *                 If not set, no session resuming is done (except if session
+ *                 tickets are enabled too).
+ *
+ *                 The session cache has the responsibility to check for stale
+ *                 entries based on timeout. See RFC 5246 for recommendations.
+ *
+ *                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
+ *                 connection shutdown, so do not cache the pointer! Either set
+ *                 it to NULL or make a full copy of the certificate.
+ *
+ *                 The get callback is called once during the initial handshake
+ *                 to enable session resuming. The get function has the
+ *                 following parameters: (void *parameter, mbedtls_ssl_session *session)
+ *                 If a valid entry is found, it should fill the master of
+ *                 the session object with the cached values and return 0,
+ *                 return 1 otherwise. Optionally peer_cert can be set as well
+ *                 if it is properly present in cache entry.
+ *
+ *                 The set callback is called once during the initial handshake
+ *                 to enable session resuming after the entire handshake has
+ *                 been finished. The set function has the following parameters:
+ *                 (void *parameter, const mbedtls_ssl_session *session). The function
+ *                 should create a cache entry for future retrieval based on
+ *                 the data in the session structure and should keep in mind
+ *                 that the mbedtls_ssl_session object presented (and all its referenced
+ *                 data) is cleared by the SSL/TLS layer when the connection is
+ *                 terminated. It is recommended to add metadata to determine if
+ *                 an entry is still valid in the future. Return 0 if
+ *                 successfully cached, return 1 otherwise.
+ *
+ * \param conf           SSL configuration
+ * \param p_cache        parmater (context) for both callbacks
+ * \param f_get_cache    session get callback
+ * \param f_set_cache    session set callback
+ */
+void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
+        void *p_cache,
+        int (*f_get_cache)(void *, mbedtls_ssl_session *),
+        int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Request resumption of session (client-side only)
+ *                 Session data is copied from presented session structure.
+ *
+ * \param ssl      SSL context
+ * \param session  session context
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ *                 arguments are otherwise invalid
+ *
+ * \sa             mbedtls_ssl_get_session()
+ */
+int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
+#endif /* MBEDTLS_SSL_CLI_C */
+
+/**
+ * \brief               Set the list of allowed ciphersuites and the preference
+ *                      order. First in the list has the highest preference.
+ *                      (Overrides all version specific lists)
+ *
+ *                      The ciphersuites array is not copied, and must remain
+ *                      valid for the lifetime of the ssl_config.
+ *
+ *                      Note: The server uses its own preferences
+ *                      over the preference of the client unless
+ *                      MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
+ *
+ * \param conf          SSL configuration
+ * \param ciphersuites  0-terminated list of allowed ciphersuites
+ */
+void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
+                                   const int *ciphersuites );
+
+/**
+ * \brief               Set the list of allowed ciphersuites and the
+ *                      preference order for a specific version of the protocol.
+ *                      (Only useful on the server side)
+ *
+ *                      The ciphersuites array is not copied, and must remain
+ *                      valid for the lifetime of the ssl_config.
+ *
+ * \param conf          SSL configuration
+ * \param ciphersuites  0-terminated list of allowed ciphersuites
+ * \param major         Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
+ *                      supported)
+ * \param minor         Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                      MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                      MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ *
+ * \note                With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
+ *                      and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ */
+void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
+                                       const int *ciphersuites,
+                                       int major, int minor );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set the X.509 security profile used for verification
+ *
+ * \note           The restrictions are enforced for all certificates in the
+ *                 chain. However, signatures in the handshake are not covered
+ *                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
+ *
+ * \param conf     SSL configuration
+ * \param profile  Profile to use
+ */
+void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
+                                    const mbedtls_x509_crt_profile *profile );
+
+/**
+ * \brief          Set the data required to verify peer certificate
+ *
+ * \param conf     SSL configuration
+ * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+ * \param ca_crl   trusted CA CRLs
+ */
+void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+                               mbedtls_x509_crt *ca_chain,
+                               mbedtls_x509_crl *ca_crl );
+
+/**
+ * \brief          Set own certificate chain and private key
+ *
+ * \note           own_cert should contain in order from the bottom up your
+ *                 certificate chain. The top certificate (self-signed)
+ *                 can be omitted.
+ *
+ * \note           On server, this function can be called multiple times to
+ *                 provision more than one cert/key pair (eg one ECDSA, one
+ *                 RSA with SHA-256, one RSA with SHA-1). An adequate
+ *                 certificate will be selected according to the client's
+ *                 advertised capabilities. In case mutliple certificates are
+ *                 adequate, preference is given to the one set by the first
+ *                 call to this function, then second, etc.
+ *
+ * \note           On client, only the first call has any effect.
+ *
+ * \param conf     SSL configuration
+ * \param own_cert own public certificate chain
+ * \param pk_key   own private key
+ *
+ * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+                              mbedtls_x509_crt *own_cert,
+                              mbedtls_pk_context *pk_key );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+/**
+ * \brief          Set the Pre Shared Key (PSK) and the expected identity name
+ *
+ * \note           This is mainly useful for clients. Servers will usually
+ *                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
+ *
+ * \param conf     SSL configuration
+ * \param psk      pointer to the pre-shared key
+ * \param psk_len  pre-shared key length
+ * \param psk_identity      pointer to the pre-shared key identity
+ * \param psk_identity_len  identity key length
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
+                const unsigned char *psk, size_t psk_len,
+                const unsigned char *psk_identity, size_t psk_identity_len );
+
+
+/**
+ * \brief          Set the Pre Shared Key (PSK) for the current handshake
+ *
+ * \note           This should only be called inside the PSK callback,
+ *                 ie the function passed to \c mbedtls_ssl_conf_psk_cb().
+ *
+ * \param ssl      SSL context
+ * \param psk      pointer to the pre-shared key
+ * \param psk_len  pre-shared key length
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
+                            const unsigned char *psk, size_t psk_len );
+
+/**
+ * \brief          Set the PSK callback (server-side only).
+ *
+ *                 If set, the PSK callback is called for each
+ *                 handshake where a PSK ciphersuite was negotiated.
+ *                 The caller provides the identity received and wants to
+ *                 receive the actual PSK data and length.
+ *
+ *                 The callback has the following parameters: (void *parameter,
+ *                 mbedtls_ssl_context *ssl, const unsigned char *psk_identity,
+ *                 size_t identity_len)
+ *                 If a valid PSK identity is found, the callback should use
+ *                 \c mbedtls_ssl_set_hs_psk() on the ssl context to set the
+ *                 correct PSK and return 0.
+ *                 Any other return value will result in a denied PSK identity.
+ *
+ * \note           If you set a PSK callback using this function, then you
+ *                 don't need to set a PSK key and identity using
+ *                 \c mbedtls_ssl_conf_psk().
+ *
+ * \param conf     SSL configuration
+ * \param f_psk    PSK identity function
+ * \param p_psk    PSK identity parameter
+ */
+void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
+                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
+                                  size_t),
+                     void *p_psk );
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief          Set the Diffie-Hellman public P and G values,
+ *                 read as hexadecimal strings (server-side only)
+ *                 (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG])
+ *
+ * \param conf     SSL configuration
+ * \param dhm_P    Diffie-Hellman-Merkle modulus
+ * \param dhm_G    Diffie-Hellman-Merkle generator
+ *
+ * \return         0 if successful
+ */
+int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
+
+/**
+ * \brief          Set the Diffie-Hellman public P and G values,
+ *                 read from existing context (server-side only)
+ *
+ * \param conf     SSL configuration
+ * \param dhm_ctx  Diffie-Hellman-Merkle context
+ *
+ * \return         0 if successful
+ */
+int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
+#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Set the minimum length for Diffie-Hellman parameters.
+ *                 (Client-side only.)
+ *                 (Default: 1024 bits.)
+ *
+ * \param conf     SSL configuration
+ * \param bitlen   Minimum bit length of the DHM prime
+ */
+void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
+                                      unsigned int bitlen );
+#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_ECP_C)
+/**
+ * \brief          Set the allowed curves in order of preference.
+ *                 (Default: all defined curves.)
+ *
+ *                 On server: this only affects selection of the ECDHE curve;
+ *                 the curves used for ECDH and ECDSA are determined by the
+ *                 list of available certificates instead.
+ *
+ *                 On client: this affects the list of curves offered for any
+ *                 use. The server can override our preference order.
+ *
+ *                 Both sides: limits the set of curves accepted for use in
+ *                 ECDHE and in the peer's end-entity certificate.
+ *
+ * \note           This has no influence on which curves are allowed inside the
+ *                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
+ *                 for that. For the end-entity certificate however, the key
+ *                 will be accepted only if it is allowed both by this list
+ *                 and by the cert profile.
+ *
+ * \note           This list should be ordered by decreasing preference
+ *                 (preferred curve first).
+ *
+ * \param conf     SSL configuration
+ * \param curves   Ordered list of allowed curves,
+ *                 terminated by MBEDTLS_ECP_DP_NONE.
+ */
+void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
+                              const mbedtls_ecp_group_id *curves );
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+/**
+ * \brief          Set the allowed hashes for signatures during the handshake.
+ *                 (Default: all available hashes.)
+ *
+ * \note           This only affects which hashes are offered and can be used
+ *                 for signatures during the handshake. Hashes for message
+ *                 authentication and the TLS PRF are controlled by the
+ *                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
+ *                 used for certificate signature are controlled by the
+ *                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
+ *
+ * \note           This list should be ordered by decreasing preference
+ *                 (preferred hash first).
+ *
+ * \param conf     SSL configuration
+ * \param hashes   Ordered list of allowed signature hashes,
+ *                 terminated by \c MBEDTLS_MD_NONE.
+ */
+void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
+                                  const int *hashes );
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Set hostname for ServerName TLS extension
+ *                 (client-side only)
+ *
+ *
+ * \param ssl      SSL context
+ * \param hostname the server hostname
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+/**
+ * \brief          Set own certificate and key for the current handshake
+ *
+ * \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param own_cert own public certificate chain
+ * \param pk_key   own private key
+ *
+ * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ */
+int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
+                                 mbedtls_x509_crt *own_cert,
+                                 mbedtls_pk_context *pk_key );
+
+/**
+ * \brief          Set the data required to verify peer certificate for the
+ *                 current handshake
+ *
+ * \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+ * \param ca_crl   trusted CA CRLs
+ */
+void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
+                                  mbedtls_x509_crt *ca_chain,
+                                  mbedtls_x509_crl *ca_crl );
+
+/**
+ * \brief          Set authmode for the current handshake.
+ *
+ * \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
+ *                 the SNI callback.
+ *
+ * \param ssl      SSL context
+ * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
+ *                 MBEDTLS_SSL_VERIFY_REQUIRED
+ */
+void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
+                                  int authmode );
+
+/**
+ * \brief          Set server side ServerName TLS extension callback
+ *                 (optional, server-side only).
+ *
+ *                 If set, the ServerName callback is called whenever the
+ *                 server receives a ServerName TLS extension from the client
+ *                 during a handshake. The ServerName callback has the
+ *                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
+ *                 const unsigned char *hostname, size_t len). If a suitable
+ *                 certificate is found, the callback must set the
+ *                 certificate(s) and key(s) to use with \c
+ *                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
+ *                 and may optionally adjust the CA and associated CRL with \c
+ *                 mbedtls_ssl_set_hs_ca_chain() as well as the client
+ *                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
+ *                 then must return 0. If no matching name is found, the
+ *                 callback must either set a default cert, or
+ *                 return non-zero to abort the handshake at this point.
+ *
+ * \param conf     SSL configuration
+ * \param f_sni    verification function
+ * \param p_sni    verification parameter
+ */
+void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
+                  int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
+                               size_t),
+                  void *p_sni );
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+/**
+ * \brief          Set the EC J-PAKE password for current handshake.
+ *
+ * \note           An internal copy is made, and destroyed as soon as the
+ *                 handshake is completed, or when the SSL context is reset or
+ *                 freed.
+ *
+ * \note           The SSL context needs to be already set up. The right place
+ *                 to call this function is between \c mbedtls_ssl_setup() or
+ *                 \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake().
+ *
+ * \param ssl      SSL context
+ * \param pw       EC J-PAKE password (pre-shared secret)
+ * \param pw_len   length of pw in bytes
+ *
+ * \return         0 on success, or a negative error code.
+ */
+int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
+                                         const unsigned char *pw,
+                                         size_t pw_len );
+#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_ALPN)
+/**
+ * \brief          Set the supported Application Layer Protocols.
+ *
+ * \param conf     SSL configuration
+ * \param protos   NULL-terminated list of supported protocols,
+ *                 in decreasing preference order.
+ *
+ * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+ */
+int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
+
+/**
+ * \brief          Get the name of the negotiated Application Layer Protocol.
+ *                 This function should be called after the handshake is
+ *                 completed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Protcol name, or NULL if no protocol was negotiated.
+ */
+const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_ALPN */
+
+/**
+ * \brief          Set the maximum supported version sent from the client side
+ *                 and/or accepted at the server side
+ *                 (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
+ *
+ * \note           This ignores ciphersuites from higher versions.
+ *
+ * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ *
+ * \param conf     SSL configuration
+ * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ */
+void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+
+/**
+ * \brief          Set the minimum accepted SSL/TLS protocol version
+ *                 (Default: TLS 1.0)
+ *
+ * \note           Input outside of the SSL_MAX_XXXXX_VERSION and
+ *                 SSL_MIN_XXXXX_VERSION range is ignored.
+ *
+ * \note           MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
+ *
+ * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
+ *
+ * \param conf     SSL configuration
+ * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
+ * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ */
+void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Set the fallback flag (client-side only).
+ *                 (Default: MBEDTLS_SSL_IS_NOT_FALLBACK).
+ *
+ * \note           Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
+ *                 connection, that is a connection with max_version set to a
+ *                 lower value than the value you're willing to use. Such
+ *                 fallback connections are not recommended but are sometimes
+ *                 necessary to interoperate with buggy (version-intolerant)
+ *                 servers.
+ *
+ * \warning        You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
+ *                 non-fallback connections! This would appear to work for a
+ *                 while, then cause failures when the server is upgraded to
+ *                 support a newer TLS version.
+ *
+ * \param conf     SSL configuration
+ * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
+ */
+void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
+#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+/**
+ * \brief           Enable or disable Encrypt-then-MAC
+ *                  (Default: MBEDTLS_SSL_ETM_ENABLED)
+ *
+ * \note            This should always be enabled, it is a security
+ *                  improvement, and should not cause any interoperability
+ *                  issue (used only if the peer supports it too).
+ *
+ * \param conf      SSL configuration
+ * \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
+ */
+void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+/**
+ * \brief           Enable or disable Extended Master Secret negotiation.
+ *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
+ *
+ * \note            This should always be enabled, it is a security fix to the
+ *                  protocol, and should not cause any interoperability issue
+ *                  (used only if the peer supports it too).
+ *
+ * \param conf      SSL configuration
+ * \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
+ */
+void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_ARC4_C)
+/**
+ * \brief          Disable or enable support for RC4
+ *                 (Default: MBEDTLS_SSL_ARC4_DISABLED)
+ *
+ * \warning        Use of RC4 in (D)TLS has been prohibited by RFC ????
+ *                 for security reasons. Use at your own risks.
+ *
+ * \note           This function will likely be removed in future versions as
+ *                 RC4 will then be disabled by default at compile time.
+ *
+ * \param conf     SSL configuration
+ * \param arc4     MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
+ */
+void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief          Set the maximum fragment length to emit and/or negotiate
+ *                 (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
+ *                 (Server: set maximum fragment length to emit,
+ *                 usually negotiated by the client during handshake
+ *                 (Client: set maximum fragment length to emit *and*
+ *                 negotiate with the server during handshake)
+ *
+ * \param conf     SSL configuration
+ * \param mfl_code Code for maximum fragment length (allowed values:
+ *                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
+ *                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
+ *
+ * \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+ */
+int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+/**
+ * \brief          Activate negotiation of truncated HMAC
+ *                 (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
+ *
+ * \param conf     SSL configuration
+ * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
+ *                                    MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
+ */
+void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+/**
+ * \brief          Enable / Disable 1/n-1 record splitting
+ *                 (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
+ *
+ * \note           Only affects SSLv3 and TLS 1.0, not higher versions.
+ *                 Does not affect non-CBC ciphersuites in any version.
+ *
+ * \param conf     SSL configuration
+ * \param split    MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
+ *                 MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
+ */
+void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Enable / Disable session tickets (client only).
+ *                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+ *
+ * \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
+ *
+ * \param conf     SSL configuration
+ * \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+ *                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
+ */
+void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Enable / Disable renegotiation support for connection when
+ *                 initiated by peer
+ *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+ *
+ * \warning        It is recommended to always disable renegotation unless you
+ *                 know you need it and you know what you're doing. In the
+ *                 past, there has been several issues associated with
+ *                 renegotiation or a poor understanding of its properties.
+ *
+ * \note           Server-side, enabling renegotiation also makes the server
+ *                 susceptible to a resource DoS by a malicious client.
+ *
+ * \param conf    SSL configuration
+ * \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
+ *                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+ */
+void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Prevent or allow legacy renegotiation.
+ *                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
+ *
+ *                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
+ *                 be established even if the peer does not support
+ *                 secure renegotiation, but does not allow renegotiation
+ *                 to take place if not secure.
+ *                 (Interoperable and secure option)
+ *
+ *                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
+ *                 with non-upgraded peers. Allowing legacy renegotiation
+ *                 makes the connection vulnerable to specific man in the
+ *                 middle attacks. (See RFC 5746)
+ *                 (Most interoperable and least secure option)
+ *
+ *                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
+ *                 if peer does not support secure renegotiation. Results
+ *                 in interoperability issues with non-upgraded peers
+ *                 that do not support renegotiation altogether.
+ *                 (Most secure option, interoperability issues)
+ *
+ * \param conf     SSL configuration
+ * \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+ *                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
+ *                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
+ */
+void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Enforce renegotiation requests.
+ *                 (Default: enforced, max_records = 16)
+ *
+ *                 When we request a renegotiation, the peer can comply or
+ *                 ignore the request. This function allows us to decide
+ *                 whether to enforce our renegotiation requests by closing
+ *                 the connection if the peer doesn't comply.
+ *
+ *                 However, records could already be in transit from the peer
+ *                 when the request is emitted. In order to increase
+ *                 reliability, we can accept a number of records before the
+ *                 expected handshake records.
+ *
+ *                 The optimal value is highly dependent on the specific usage
+ *                 scenario.
+ *
+ * \note           With DTLS and server-initiated renegotiation, the
+ *                 HelloRequest is retransmited every time mbedtls_ssl_read() times
+ *                 out or receives Application Data, until:
+ *                 - max_records records have beens seen, if it is >= 0, or
+ *                 - the number of retransmits that would happen during an
+ *                 actual handshake has been reached.
+ *                 Please remember the request might be lost a few times
+ *                 if you consider setting max_records to a really low value.
+ *
+ * \warning        On client, the grace period can only happen during
+ *                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
+ *                 which always behave as if max_record was 0. The reason is,
+ *                 if we receive application data from the server, we need a
+ *                 place to write it, which only happens during mbedtls_ssl_read().
+ *
+ * \param conf     SSL configuration
+ * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
+ *                 enforce renegotiation, or a non-negative value to enforce
+ *                 it but allow for a grace period of max_records records.
+ */
+void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
+
+/**
+ * \brief          Set record counter threshold for periodic renegotiation.
+ *                 (Default: 2^64 - 256.)
+ *
+ *                 Renegotiation is automatically triggered when a record
+ *                 counter (outgoing or ingoing) crosses the defined
+ *                 threshold. The default value is meant to prevent the
+ *                 connection from being closed when the counter is about to
+ *                 reached its maximal value (it is not allowed to wrap).
+ *
+ *                 Lower values can be used to enforce policies such as "keys
+ *                 must be refreshed every N packets with cipher X".
+ *
+ * \param conf     SSL configuration
+ * \param period   The threshold value: a big-endian 64-bit number.
+ *                 Set to 2^64 - 1 to disable periodic renegotiation
+ */
+void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
+                                   const unsigned char period[8] );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Return the number of data bytes available to read
+ *
+ * \param ssl      SSL context
+ *
+ * \return         how many bytes are available in the read buffer
+ */
+size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the result of the certificate verification
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful,
+ *                 -1 if result is not available (eg because the handshake was
+ *                 aborted too early), or
+ *                 a combination of BADCERT_xxx and BADCRL_xxx flags, see
+ *                 x509.h
+ */
+uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the name of the current ciphersuite
+ *
+ * \param ssl      SSL context
+ *
+ * \return         a string containing the ciphersuite name
+ */
+const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the current SSL version (SSLv3/TLSv1/etc)
+ *
+ * \param ssl      SSL context
+ *
+ * \return         a string containing the SSL version
+ */
+const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Return the (maximum) number of bytes added by the record
+ *                 layer: header + encryption/MAC overhead (inc. padding)
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Current maximum record expansion in bytes, or
+ *                 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
+ *                 enabled, which makes expansion much less predictable
+ */
+int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief          Return the maximum fragment length (payload, in bytes).
+ *                 This is the value negotiated with peer if any,
+ *                 or the locally configured value.
+ *
+ * \note           With DTLS, \c mbedtls_ssl_write() will return an error if
+ *                 called with a larger length value.
+ *                 With TLS, \c mbedtls_ssl_write() will fragment the input if
+ *                 necessary and return the number of bytes written; it is up
+ *                 to the caller to call \c mbedtls_ssl_write() again in
+ *                 order to send the remaining bytes if any.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Current maximum fragment length.
+ */
+size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief          Return the peer certificate from the current connection
+ *
+ *                 Note: Can be NULL in case no certificate was sent during
+ *                 the handshake. Different calls for the same connection can
+ *                 return the same or different pointers for the same
+ *                 certificate and even a different certificate altogether.
+ *                 The peer cert CAN change in a single connection if
+ *                 renegotiation is performed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         the current peer certificate
+ */
+const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+/**
+ * \brief          Save session in order to resume it later (client-side only)
+ *                 Session data is copied to presented session structure.
+ *
+ * \warning        Currently, peer certificate is lost in the operation.
+ *
+ * \param ssl      SSL context
+ * \param session  session context
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
+ *                 arguments are otherwise invalid
+ *
+ * \sa             mbedtls_ssl_set_session()
+ */
+int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
+#endif /* MBEDTLS_SSL_CLI_C */
+
+/**
+ * \brief          Perform the SSL handshake
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
+ *                 a specific SSL error code.
+ *
+ * \note           If this function returns something other than 0 or
+ *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
+ *                 becomes unusable, and you should either free it or call
+ *                 \c mbedtls_ssl_session_reset() on it before re-using it.
+ *
+ * \note           If DTLS is in use, then you may choose to handle
+ *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
+ *                 purposes, as it is an expected return value rather than an
+ *                 actual error, but you still need to reset/free the context.
+ */
+int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Perform a single step of the SSL handshake
+ *
+ * \note           The state of the context (ssl->state) will be at
+ *                 the following state after execution of this function.
+ *                 Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 a specific SSL error code.
+ */
+int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+/**
+ * \brief          Initiate an SSL renegotiation on the running connection.
+ *                 Client: perform the renegotiation right now.
+ *                 Server: request renegotiation, which will be performed
+ *                 during the next call to mbedtls_ssl_read() if honored by client.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         0 if successful, or any mbedtls_ssl_handshake() return value.
+ */
+int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/**
+ * \brief          Read at most 'len' application data bytes
+ *
+ * \param ssl      SSL context
+ * \param buf      buffer that will hold the data
+ * \param len      maximum number of bytes to read
+ *
+ * \return         the number of bytes read, or
+ *                 0 for EOF, or
+ *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
+ *                 MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
+ *                 another negative error code.
+ *
+ * \note           When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+ *                 (which can only happen server-side), it means that a client
+ *                 is initiating a new connection using the same source port.
+ *                 You can either treat that as a connection close and wait
+ *                 for the client to resend a ClientHello, or directly
+ *                 continue with \c mbedtls_ssl_handshake() with the same
+ *                 context (as it has beeen reset internally). Either way, you
+ *                 should make sure this is seen by the application as a new
+ *                 connection: application state, if any, should be reset, and
+ *                 most importantly the identity of the client must be checked
+ *                 again. WARNING: not validating the identity of the client
+ *                 again, or not transmitting the new identity to the
+ *                 application layer, would allow authentication bypass!
+ */
+int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
+
+/**
+ * \brief          Try to write exactly 'len' application data bytes
+ *
+ * \warning        This function will do partial writes in some cases. If the
+ *                 return value is non-negative but less than length, the
+ *                 function must be called again with updated arguments:
+ *                 buf + ret, len - ret (if ret is the return value) until
+ *                 it returns a value equal to the last 'len' argument.
+ *
+ * \param ssl      SSL context
+ * \param buf      buffer holding the data
+ * \param len      how many bytes must be written
+ *
+ * \return         the number of bytes actually written (may be less than len),
+ *                 or MBEDTLS_ERR_SSL_WANT_WRITE of MBEDTLS_ERR_SSL_WANT_READ,
+ *                 or another negative error code.
+ *
+ * \note           When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
+ *                 it must be called later with the *same* arguments,
+ *                 until it returns a positive value.
+ *
+ * \note           If the requested length is greater than the maximum
+ *                 fragment length (either the built-in limit or the one set
+ *                 or negotiated with the peer), then:
+ *                 - with TLS, less bytes than requested are written.
+ *                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+ *                 \c mbedtls_ssl_get_max_frag_len() may be used to query the
+ *                 active maximum fragment length.
+ */
+int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
+
+/**
+ * \brief           Send an alert message
+ *
+ * \param ssl       SSL context
+ * \param level     The alert level of the message
+ *                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
+ * \param message   The alert message (SSL_ALERT_MSG_*)
+ *
+ * \return          0 if successful, or a specific SSL error code.
+ */
+int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
+                            unsigned char level,
+                            unsigned char message );
+/**
+ * \brief          Notify the peer that the connection is being closed
+ *
+ * \param ssl      SSL context
+ */
+int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Free referenced items in an SSL context and clear memory
+ *
+ * \param ssl      SSL context
+ */
+void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
+
+/**
+ * \brief          Initialize an SSL configuration context
+ *                 Just makes the context ready for
+ *                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
+ *
+ * \note           You need to call mbedtls_ssl_config_defaults() unless you
+ *                 manually set all of the relevent fields yourself.
+ *
+ * \param conf     SSL configuration context
+ */
+void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Load reasonnable default SSL configuration values.
+ *                 (You need to call mbedtls_ssl_config_init() first.)
+ *
+ * \param conf     SSL configuration context
+ * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+ * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
+ *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
+ * \param preset   a MBEDTLS_SSL_PRESET_XXX value
+ *                 (currently unused).
+ *
+ * \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
+ *
+ * \return         0 if successful, or
+ *                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
+ */
+int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
+                                 int endpoint, int transport, int preset );
+
+/**
+ * \brief          Free an SSL configuration context
+ *
+ * \param conf     SSL configuration context
+ */
+void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
+
+/**
+ * \brief          Initialize SSL session structure
+ *
+ * \param session  SSL session
+ */
+void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
+
+/**
+ * \brief          Free referenced items in an SSL session including the
+ *                 peer certificate and clear memory
+ *
+ * \param session  SSL session
+ */
+void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ssl_cache.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,143 @@
+/**
+ * \file ssl_cache.h
+ *
+ * \brief SSL session cache implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_CACHE_H
+#define MBEDTLS_SSL_CACHE_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+
+#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
+#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
+#endif
+
+#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
+#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
+typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
+
+/**
+ * \brief   This structure is used for storing cache entries
+ */
+struct mbedtls_ssl_cache_entry
+{
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t timestamp;           /*!< entry timestamp    */
+#endif
+    mbedtls_ssl_session session;        /*!< entry session      */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_buf peer_cert;         /*!< entry peer_cert    */
+#endif
+    mbedtls_ssl_cache_entry *next;      /*!< chain pointer      */
+};
+
+/**
+ * \brief Cache context
+ */
+struct mbedtls_ssl_cache_context
+{
+    mbedtls_ssl_cache_entry *chain;     /*!< start of the chain     */
+    int timeout;                /*!< cache entry timeout    */
+    int max_entries;            /*!< maximum entries        */
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
+#endif
+};
+
+/**
+ * \brief          Initialize an SSL cache context
+ *
+ * \param cache    SSL cache context
+ */
+void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
+
+/**
+ * \brief          Cache get callback implementation
+ *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data     SSL cache context
+ * \param session  session to retrieve entry for
+ */
+int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session );
+
+/**
+ * \brief          Cache set callback implementation
+ *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
+ *
+ * \param data     SSL cache context
+ * \param session  session to store entry for
+ */
+int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session );
+
+#if defined(MBEDTLS_HAVE_TIME)
+/**
+ * \brief          Set the cache timeout
+ *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
+ *
+ *                 A timeout of 0 indicates no timeout.
+ *
+ * \param cache    SSL cache context
+ * \param timeout  cache entry timeout in seconds
+ */
+void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
+#endif /* MBEDTLS_HAVE_TIME */
+
+/**
+ * \brief          Set the maximum number of cache entries
+ *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
+ *
+ * \param cache    SSL cache context
+ * \param max      cache entry maximum
+ */
+void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
+
+/**
+ * \brief          Free referenced items in a cache context and clear memory
+ *
+ * \param cache    SSL cache context
+ */
+void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_cache.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ssl_ciphersuites.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,321 @@
+/**
+ * \file ssl_ciphersuites.h
+ *
+ * \brief SSL Ciphersuites for mbed TLS
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_CIPHERSUITES_H
+#define MBEDTLS_SSL_CIPHERSUITES_H
+
+#include "pk.h"
+#include "cipher.h"
+#include "md.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Supported ciphersuites (Official IANA names)
+ */
+#define MBEDTLS_TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5                 0x04
+#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA                 0x05
+#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA                 0x09   /**< Weak! Not in TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA             0x15   /**< Weak! Not in TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
+
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA                    0x2C   /**< Weak! */
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA                0x2D   /**< Weak! */
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA                0x2E   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA             0x35
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
+
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256                 0x3B   /**< Weak! */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
+
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
+
+#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA                 0x8A
+#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA            0x8B
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
+
+#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA             0x8E
+#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        0x8F
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
+
+#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA             0x92
+#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        0x93
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
+
+#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256          0xA8   /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384          0xA9   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      0xAA   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      0xAB   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0xAC   /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0xAD   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! */
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */
+
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256             0xB4   /**< Weak! */
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384             0xB5   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256             0xB8   /**< Weak! */
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384             0xB9   /**< Weak! */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA          0xC002 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     0xC003 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         0xC007 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC008 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA            0xC00C /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       0xC00D /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA           0xC011 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      0xC012 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA           0xC033 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039 /**< Weak! No SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079 /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090 /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091 /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
+
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM                0xC09C  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM                0xC09D  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM            0xC09E  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM            0xC09F  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8              0xC0A0  /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8              0xC0A1  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8          0xC0A2  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8          0xC0A3  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM                0xC0A4  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM                0xC0A5  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM            0xC0A6  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM            0xC0A7  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8              0xC0A8  /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8              0xC0A9  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8          0xC0AA  /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8          0xC0AB  /**< TLS 1.2 */
+/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
+
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM        0xC0AC  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM        0xC0AD  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8      0xC0AE  /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8      0xC0AF  /**< TLS 1.2 */
+
+#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8          0xC0FF  /**< experimental */
+
+/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
+ * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
+ */
+typedef enum {
+    MBEDTLS_KEY_EXCHANGE_NONE = 0,
+    MBEDTLS_KEY_EXCHANGE_RSA,
+    MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+    MBEDTLS_KEY_EXCHANGE_PSK,
+    MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+    MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+    MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+    MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+    MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+    MBEDTLS_KEY_EXCHANGE_ECJPAKE,
+} mbedtls_key_exchange_type_t;
+
+/* Key exchanges using a certificate */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
+#endif
+
+/* Key exchanges using a PSK */
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
+#endif
+
+/* Key exchanges using a ECDHE */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
+#endif
+
+typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
+
+#define MBEDTLS_CIPHERSUITE_WEAK       0x01    /**< Weak ciphersuite flag  */
+#define MBEDTLS_CIPHERSUITE_SHORT_TAG  0x02    /**< Short authentication tag,
+                                                     eg for CCM_8 */
+#define MBEDTLS_CIPHERSUITE_NODTLS     0x04    /**< Can't be used with DTLS */
+
+/**
+ * \brief   This structure is used for storing ciphersuite information
+ */
+struct mbedtls_ssl_ciphersuite_t
+{
+    int id;
+    const char * name;
+
+    mbedtls_cipher_type_t cipher;
+    mbedtls_md_type_t mac;
+    mbedtls_key_exchange_type_t key_exchange;
+
+    int min_major_ver;
+    int min_minor_ver;
+    int max_major_ver;
+    int max_minor_ver;
+
+    unsigned char flags;
+};
+
+const int *mbedtls_ssl_list_ciphersuites( void );
+
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
+
+#if defined(MBEDTLS_PK_C)
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
+#endif
+
+int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
+int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_ciphersuites.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ssl_cookie.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,108 @@
+/**
+ * \file ssl_cookie.h
+ *
+ * \brief DTLS cookie callbacks implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_COOKIE_H
+#define MBEDTLS_SSL_COOKIE_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+/**
+ * \name SECTION: Module settings
+ *
+ * The configuration options you can set for this module are in this section.
+ * Either change them in config.h or define them on the compiler command line.
+ * \{
+ */
+#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
+#define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+#endif
+
+/* \} name SECTION: Module settings */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Context for the default cookie functions.
+ */
+typedef struct
+{
+    mbedtls_md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
+#if !defined(MBEDTLS_HAVE_TIME)
+    unsigned long   serial;     /*!< serial number for expiration   */
+#endif
+    unsigned long   timeout;    /*!< timeout delay, in seconds if HAVE_TIME,
+                                     or in number of tickets issued */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+} mbedtls_ssl_cookie_ctx;
+
+/**
+ * \brief          Initialize cookie context
+ */
+void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
+
+/**
+ * \brief          Setup cookie context (generate keys)
+ */
+int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng );
+
+/**
+ * \brief          Set expiration delay for cookies
+ *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
+ *
+ * \param ctx      Cookie contex
+ * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
+ *                 issued in the meantime.
+ *                 0 to disable expiration (NOT recommended)
+ */
+void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
+
+/**
+ * \brief          Free cookie context
+ */
+void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
+
+/**
+ * \brief          Generate cookie, see \c mbedtls_ssl_cookie_write_t
+ */
+mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;
+
+/**
+ * \brief          Verify cookie, see \c mbedtls_ssl_cookie_write_t
+ */
+mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_cookie.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ssl_internal.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,495 @@
+/**
+ * \file ssl_ticket.h
+ *
+ * \brief Internal functions shared by the SSL modules
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_INTERNAL_H
+#define MBEDTLS_SSL_INTERNAL_H
+
+#include "ssl.h"
+
+#if defined(MBEDTLS_MD5_C)
+#include "md5.h"
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+#include "sha1.h"
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#include "sha256.h"
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+#include "sha512.h"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#include "ecjpake.h"
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+/* Determine minimum supported version */
+#define MBEDTLS_SSL_MIN_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1   */
+#endif /* MBEDTLS_SSL_PROTO_SSL3   */
+
+/* Determine maximum supported version */
+#define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
+#else
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
+#else
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
+#endif /* MBEDTLS_SSL_PROTO_SSL3   */
+#endif /* MBEDTLS_SSL_PROTO_TLS1   */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#define MBEDTLS_SSL_INITIAL_HANDSHAKE           0
+#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1   /* In progress */
+#define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
+#define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
+
+/*
+ * DTLS retransmission states, see RFC 6347 4.2.4
+ *
+ * The SENDING state is merged in PREPARING for initial sends,
+ * but is distinct for resends.
+ *
+ * Note: initial state is wrong for server, but is not used anyway.
+ */
+#define MBEDTLS_SSL_RETRANS_PREPARING       0
+#define MBEDTLS_SSL_RETRANS_SENDING         1
+#define MBEDTLS_SSL_RETRANS_WAITING         2
+#define MBEDTLS_SSL_RETRANS_FINISHED        3
+
+/*
+ * Allow extra bytes for record, authentication and encryption overhead:
+ * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
+ * and allow for a maximum of 1024 of compression expansion if
+ * enabled.
+ */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+#define MBEDTLS_SSL_COMPRESSION_ADD          1024
+#else
+#define MBEDTLS_SSL_COMPRESSION_ADD             0
+#endif
+
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
+/* Ciphersuites using HMAC */
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_SSL_MAC_ADD                 48  /* SHA-384 used for HMAC */
+#elif defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_SSL_MAC_ADD                 32  /* SHA-256 used for HMAC */
+#else
+#define MBEDTLS_SSL_MAC_ADD                 20  /* SHA-1   used for HMAC */
+#endif
+#else
+/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
+#define MBEDTLS_SSL_MAC_ADD                 16
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_SSL_PADDING_ADD            256
+#else
+#define MBEDTLS_SSL_PADDING_ADD              0
+#endif
+
+#define MBEDTLS_SSL_BUFFER_LEN  ( MBEDTLS_SSL_MAX_CONTENT_LEN               \
+                        + MBEDTLS_SSL_COMPRESSION_ADD               \
+                        + 29 /* counter + header + IV */    \
+                        + MBEDTLS_SSL_MAC_ADD                       \
+                        + MBEDTLS_SSL_PADDING_ADD                   \
+                        )
+
+/*
+ * TLS extension flags (for extensions with outgoing ServerHello content
+ * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
+ * of state of the renegotiation flag, so no indicator is required)
+ */
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
+#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK                 (1 << 1)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This structure contains the parameters only needed during handshake.
+ */
+struct mbedtls_ssl_handshake_params
+{
+    /*
+     * Handshake specific crypto variables
+     */
+    int sig_alg;                        /*!<  Hash algorithm for signature   */
+    int cert_type;                      /*!<  Requested cert type            */
+    int verify_sig_alg;                 /*!<  Signature algorithm for verify */
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_dhm_context dhm_ctx;                /*!<  DHM key exchange        */
+#endif
+#if defined(MBEDTLS_ECDH_C)
+    mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    mbedtls_ecjpake_context ecjpake_ctx;        /*!< EC J-PAKE key exchange */
+#if defined(MBEDTLS_SSL_CLI_C)
+    unsigned char *ecjpake_cache;               /*!< Cache for ClientHello ext */
+    size_t ecjpake_cache_len;                   /*!< Length of cached data */
+#endif
+#endif
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    const mbedtls_ecp_curve_info **curves;      /*!<  Supported elliptic curves */
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    unsigned char *psk;                 /*!<  PSK from the callback         */
+    size_t psk_len;                     /*!<  Length of PSK from callback   */
+#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_ssl_key_cert *key_cert;     /*!< chosen key/cert pair (server)  */
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    int sni_authmode;                   /*!< authmode from SNI callback     */
+    mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI         */
+    mbedtls_x509_crt *sni_ca_chain;     /*!< trusted CAs from SNI callback  */
+    mbedtls_x509_crl *sni_ca_crl;       /*!< trusted CAs CRLs from SNI      */
+#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
+    unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
+
+    unsigned char *verify_cookie;       /*!<  Cli: HelloVerifyRequest cookie
+                                              Srv: unused                    */
+    unsigned char verify_cookie_len;    /*!<  Cli: cookie length
+                                              Srv: flag for sending a cookie */
+
+    unsigned char *hs_msg;              /*!<  Reassembled handshake message  */
+
+    uint32_t retransmit_timeout;        /*!<  Current value of timeout       */
+    unsigned char retransmit_state;     /*!<  Retransmission state           */
+    mbedtls_ssl_flight_item *flight;            /*!<  Current outgoing flight        */
+    mbedtls_ssl_flight_item *cur_msg;           /*!<  Current message in flight      */
+    unsigned int in_flight_start_seq;   /*!<  Minimum message sequence in the
+                                              flight being received          */
+    mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
+                                              resending messages             */
+    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
+                                              for resending messages         */
+#endif
+
+    /*
+     * Checksum contexts
+     */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+       mbedtls_md5_context fin_md5;
+      mbedtls_sha1_context fin_sha1;
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+    mbedtls_sha256_context fin_sha256;
+#endif
+#if defined(MBEDTLS_SHA512_C)
+    mbedtls_sha512_context fin_sha512;
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+    void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
+    void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
+    void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
+    int  (*tls_prf)(const unsigned char *, size_t, const char *,
+                    const unsigned char *, size_t,
+                    unsigned char *, size_t);
+
+    size_t pmslen;                      /*!<  premaster length        */
+
+    unsigned char randbytes[64];        /*!<  random bytes            */
+    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
+                                        /*!<  premaster secret        */
+
+    int resume;                         /*!<  session resume indicator*/
+    int max_major_ver;                  /*!< max. major version client*/
+    int max_minor_ver;                  /*!< max. minor version client*/
+    int cli_exts;                       /*!< client extension presence*/
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    int new_session_ticket;             /*!< use NewSessionTicket?    */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    int extended_ms;                    /*!< use Extended Master Secret? */
+#endif
+};
+
+/*
+ * This structure contains a full set of runtime transform parameters
+ * either in negotiation or active.
+ */
+struct mbedtls_ssl_transform
+{
+    /*
+     * Session specific crypto layer
+     */
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+                                        /*!<  Chosen cipersuite_info  */
+    unsigned int keylen;                /*!<  symmetric key length (bytes)  */
+    size_t minlen;                      /*!<  min. ciphertext length  */
+    size_t ivlen;                       /*!<  IV length               */
+    size_t fixed_ivlen;                 /*!<  Fixed part of IV (AEAD) */
+    size_t maclen;                      /*!<  MAC length              */
+
+    unsigned char iv_enc[16];           /*!<  IV (encryption)         */
+    unsigned char iv_dec[16];           /*!<  IV (decryption)         */
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    /* Needed only for SSL v3.0 secret */
+    unsigned char mac_enc[20];          /*!<  SSL v3.0 secret (enc)   */
+    unsigned char mac_dec[20];          /*!<  SSL v3.0 secret (dec)   */
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+    mbedtls_md_context_t md_ctx_enc;            /*!<  MAC (encryption)        */
+    mbedtls_md_context_t md_ctx_dec;            /*!<  MAC (decryption)        */
+
+    mbedtls_cipher_context_t cipher_ctx_enc;    /*!<  encryption context      */
+    mbedtls_cipher_context_t cipher_ctx_dec;    /*!<  decryption context      */
+
+    /*
+     * Session specific compression layer
+     */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    z_stream ctx_deflate;               /*!<  compression context     */
+    z_stream ctx_inflate;               /*!<  decompression context   */
+#endif
+};
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/*
+ * List of certificate + private key pairs
+ */
+struct mbedtls_ssl_key_cert
+{
+    mbedtls_x509_crt *cert;                 /*!< cert                       */
+    mbedtls_pk_context *key;                /*!< private key                */
+    mbedtls_ssl_key_cert *next;             /*!< next key/cert pair         */
+};
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/*
+ * List of handshake messages kept around for resending
+ */
+struct mbedtls_ssl_flight_item
+{
+    unsigned char *p;       /*!< message, including handshake headers   */
+    size_t len;             /*!< length of p                            */
+    unsigned char type;     /*!< type of the message: handshake or CCS  */
+    mbedtls_ssl_flight_item *next;  /*!< next handshake message(s)              */
+};
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+
+/**
+ * \brief           Free referenced items in an SSL transform context and clear
+ *                  memory
+ *
+ * \param transform SSL transform context
+ */
+void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
+
+/**
+ * \brief           Free referenced items in an SSL handshake context and clear
+ *                  memory
+ *
+ * \param handshake SSL handshake context
+ */
+void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
+
+int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
+
+void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
+
+int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
+
+void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
+                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
+#endif
+
+#if defined(MBEDTLS_PK_C)
+unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
+#endif
+
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
+unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+
+#if defined(MBEDTLS_ECP_C)
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
+                                mbedtls_md_type_t md );
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_key_cert *key_cert;
+
+    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+        key_cert = ssl->handshake->key_cert;
+    else
+        key_cert = ssl->conf->key_cert;
+
+    return( key_cert == NULL ? NULL : key_cert->key );
+}
+
+static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_key_cert *key_cert;
+
+    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
+        key_cert = ssl->handshake->key_cert;
+    else
+        key_cert = ssl->conf->key_cert;
+
+    return( key_cert == NULL ? NULL : key_cert->cert );
+}
+
+/*
+ * Check usage of a certificate wrt extensions:
+ * keyUsage, extendedKeyUsage (later), and nSCertType (later).
+ *
+ * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
+ * check a cert we received from them)!
+ *
+ * Return 0 if everything is OK, -1 if not.
+ */
+int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
+                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
+                          int cert_endpoint,
+                          uint32_t *flags );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+void mbedtls_ssl_write_version( int major, int minor, int transport,
+                        unsigned char ver[2] );
+void mbedtls_ssl_read_version( int *major, int *minor, int transport,
+                       const unsigned char ver[2] );
+
+static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( 13 );
+#else
+    ((void) ssl);
+#endif
+    return( 5 );
+}
+
+static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( 12 );
+#else
+    ((void) ssl);
+#endif
+    return( 4 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+#endif
+
+/* Visible for testing purposes only */
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
+#endif
+
+/* constant-time buffer comparison */
+static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
+{
+    size_t i;
+    const unsigned char *A = (const unsigned char *) a;
+    const unsigned char *B = (const unsigned char *) b;
+    unsigned char diff = 0;
+
+    for( i = 0; i < n; i++ )
+        diff |= A[i] ^ B[i];
+
+    return( diff );
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_internal.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/ssl_ticket.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,135 @@
+/**
+ * \file ssl_ticket.h
+ *
+ * \brief TLS server ticket callbacks implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_SSL_TICKET_H
+#define MBEDTLS_SSL_TICKET_H
+
+/*
+ * This implementation of the session ticket callbacks includes key
+ * management, rotating the keys periodically in order to preserve forward
+ * secrecy, when MBEDTLS_HAVE_TIME is defined.
+ */
+
+#include "ssl.h"
+#include "cipher.h"
+
+#if defined(MBEDTLS_THREADING_C)
+#include "threading.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief   Information for session ticket protection
+ */
+typedef struct
+{
+    unsigned char name[4];          /*!< random key identifier              */
+    uint32_t generation_time;       /*!< key generation timestamp (seconds) */
+    mbedtls_cipher_context_t ctx;   /*!< context for auth enc/decryption    */
+}
+mbedtls_ssl_ticket_key;
+
+/**
+ * \brief   Context for session ticket handling functions
+ */
+typedef struct
+{
+    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
+    unsigned char active;           /*!< index of the currently active key  */
+
+    uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */
+
+    /** Callback for getting (pseudo-)random numbers                        */
+    int  (*f_rng)(void *, unsigned char *, size_t);
+    void *p_rng;                    /*!< context for the RNG function       */
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;
+#endif
+}
+mbedtls_ssl_ticket_context;
+
+/**
+ * \brief           Initialize a ticket context.
+ *                  (Just make it ready for mbedtls_ssl_ticket_setup()
+ *                  or mbedtls_ssl_ticket_free().)
+ *
+ * \param ctx       Context to be initialized
+ */
+void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
+
+/**
+ * \brief           Prepare context to be actually used
+ *
+ * \param ctx       Context to be set up
+ * \param f_rng     RNG callback function
+ * \param p_rng     RNG callback context
+ * \param cipher    AEAD cipher to use for ticket protection.
+ *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
+ * \param lifetime  Tickets lifetime in seconds
+ *                  Recommended value: 86400 (one day).
+ *
+ * \note            It is highly recommended to select a cipher that is at
+ *                  least as strong as the the strongest ciphersuite
+ *                  supported. Usually that means a 256-bit key.
+ *
+ * \note            The lifetime of the keys is twice the lifetime of tickets.
+ *                  It is recommended to pick a reasonnable lifetime so as not
+ *                  to negate the benefits of forward secrecy.
+ *
+ * \return          0 if successful,
+ *                  or a specific MBEDTLS_ERR_XXX error code
+ */
+int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
+    uint32_t lifetime );
+
+/**
+ * \brief           Implementation of the ticket write callback
+ *
+ * \note            See \c mbedlts_ssl_ticket_write_t for description
+ */
+mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
+
+/**
+ * \brief           Implementation of the ticket parse callback
+ *
+ * \note            See \c mbedlts_ssl_ticket_parse_t for description
+ */
+mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
+
+/**
+ * \brief           Free a context's content and zeroize it.
+ *
+ * \param ctx       Context to be cleaned up
+ */
+void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl_ticket.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/target_config.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,35 @@
+/*
+ *  Temporary target-specific config.h for entropy collection
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if defined(TARGET_LIKE_MBED)
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+#undef MBEDTLS_HAVE_TIME_DATE
+#undef MBEDTLS_FS_IO
+#endif
+
+/*
+ * WARNING: this is a temporary hack!
+ * 2. This should be in a separete yotta module which would be a target
+ * dependency of mbedtls (see IOTSSL-313)
+ */
+#if defined(TARGET_LIKE_CORTEX_M4)
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/threading.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,104 @@
+/**
+ * \file threading.h
+ *
+ * \brief Threading abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_THREADING_H
+#define MBEDTLS_THREADING_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE         -0x001A  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA              -0x001C  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_THREADING_MUTEX_ERROR                 -0x001E  /**< Locking / unlocking / free failed with error code. */
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#include <pthread.h>
+typedef struct
+{
+    pthread_mutex_t mutex;
+    char is_valid;
+} mbedtls_threading_mutex_t;
+#endif
+
+#if defined(MBEDTLS_THREADING_ALT)
+/* You should define the mbedtls_threading_mutex_t type in your header */
+#include "threading_alt.h"
+
+/**
+ * \brief           Set your alternate threading implementation function
+ *                  pointers and initialize global mutexes. If used, this
+ *                  function must be called once in the main thread before any
+ *                  other mbed TLS function is called, and
+ *                  mbedtls_threading_free_alt() must be called once in the main
+ *                  thread after all other mbed TLS functions.
+ *
+ * \note            mutex_init() and mutex_free() don't return a status code.
+ *                  If mutex_init() fails, it should leave its argument (the
+ *                  mutex) in a state such that mutex_lock() will fail when
+ *                  called with this argument.
+ *
+ * \param mutex_init    the init function implementation
+ * \param mutex_free    the free function implementation
+ * \param mutex_lock    the lock function implementation
+ * \param mutex_unlock  the unlock function implementation
+ */
+void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
+                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
+                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
+                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
+
+/**
+ * \brief               Free global mutexes.
+ */
+void mbedtls_threading_free_alt( void );
+#endif /* MBEDTLS_THREADING_ALT */
+
+/*
+ * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
+ *
+ * All these functions are expected to work or the result will be undefined.
+ */
+extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
+extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
+extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
+extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
+
+/*
+ * Global mutexes
+ */
+extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
+extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* threading.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/timing.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,141 @@
+/**
+ * \file timing.h
+ *
+ * \brief Portable interface to the CPU cycle counter
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_TIMING_H
+#define MBEDTLS_TIMING_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if !defined(MBEDTLS_TIMING_ALT)
+// Regular implementation
+//
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          timer structure
+ */
+struct mbedtls_timing_hr_time
+{
+    unsigned char opaque[32];
+};
+
+/**
+ * \brief          Context for mbedtls_timing_set/get_delay()
+ */
+typedef struct
+{
+    struct mbedtls_timing_hr_time   timer;
+    uint32_t                        int_ms;
+    uint32_t                        fin_ms;
+} mbedtls_timing_delay_context;
+
+extern volatile int mbedtls_timing_alarmed;
+
+/**
+ * \brief          Return the CPU cycle counter value
+ *
+ * \warning        This is only a best effort! Do not rely on this!
+ *                 In particular, it is known to be unreliable on virtual
+ *                 machines.
+ */
+unsigned long mbedtls_timing_hardclock( void );
+
+/**
+ * \brief          Return the elapsed time in milliseconds
+ *
+ * \param val      points to a timer structure
+ * \param reset    if set to 1, the timer is restarted
+ */
+unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
+
+/**
+ * \brief          Setup an alarm clock
+ *
+ * \param seconds  delay before the "mbedtls_timing_alarmed" flag is set
+ *
+ * \warning        Only one alarm at a time  is supported. In a threaded
+ *                 context, this means one for the whole process, not one per
+ *                 thread.
+ */
+void mbedtls_set_alarm( int seconds );
+
+/**
+ * \brief          Set a pair of delays to watch
+ *                 (See \c mbedtls_timing_get_delay().)
+ *
+ * \param data     Pointer to timing data
+ *                 Must point to a valid \c mbedtls_timing_delay_context struct.
+ * \param int_ms   First (intermediate) delay in milliseconds.
+ * \param fin_ms   Second (final) delay in milliseconds.
+ *                 Pass 0 to cancel the current delay.
+ */
+void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
+
+/**
+ * \brief          Get the status of delays
+ *                 (Memory helper: number of delays passed.)
+ *
+ * \param data     Pointer to timing data
+ *                 Must point to a valid \c mbedtls_timing_delay_context struct.
+ *
+ * \return         -1 if cancelled (fin_ms = 0)
+ *                  0 if none of the delays are passed,
+ *                  1 if only the intermediate delay is passed,
+ *                  2 if the final delay is passed.
+ */
+int mbedtls_timing_get_delay( void *data );
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_TIMING_ALT */
+#include "timing_alt.h"
+#endif /* MBEDTLS_TIMING_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if a test failed
+ */
+int mbedtls_timing_self_test( int verbose );
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* timing.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/version.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,111 @@
+/**
+ * \file version.h
+ *
+ * \brief Run-time version information
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * This set of compile-time defines and run-time variables can be used to
+ * determine the version number of the mbed TLS library used.
+ */
+#ifndef MBEDTLS_VERSION_H
+#define MBEDTLS_VERSION_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/**
+ * The version number x.y.z is split into three parts.
+ * Major, Minor, Patchlevel
+ */
+#define MBEDTLS_VERSION_MAJOR  2
+#define MBEDTLS_VERSION_MINOR  2
+#define MBEDTLS_VERSION_PATCH  0
+
+/**
+ * The single version number has the following structure:
+ *    MMNNPP00
+ *    Major version | Minor version | Patch version
+ */
+#define MBEDTLS_VERSION_NUMBER         0x02020000
+#define MBEDTLS_VERSION_STRING         "2.2.0"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.2.0"
+
+#if defined(MBEDTLS_VERSION_C)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Get the version number.
+ *
+ * \return          The constructed version number in the format
+ *                  MMNNPP00 (Major, Minor, Patch).
+ */
+unsigned int mbedtls_version_get_number( void );
+
+/**
+ * Get the version string ("x.y.z").
+ *
+ * \param string    The string that will receive the value.
+ *                  (Should be at least 9 bytes in size)
+ */
+void mbedtls_version_get_string( char *string );
+
+/**
+ * Get the full version string ("mbed TLS x.y.z").
+ *
+ * \param string    The string that will receive the value. The mbed TLS version
+ *                  string will use 18 bytes AT MOST including a terminating
+ *                  null byte.
+ *                  (So the buffer should be at least 18 bytes to receive this
+ *                  version string).
+ */
+void mbedtls_version_get_string_full( char *string );
+
+/**
+ * \brief           Check if support for a feature was compiled into this
+ *                  mbed TLS binary. This allows you to see at runtime if the
+ *                  library was for instance compiled with or without
+ *                  Multi-threading support.
+ *
+ * \note            only checks against defines in the sections "System
+ *                  support", "mbed TLS modules" and "mbed TLS feature
+ *                  support" in config.h
+ *
+ * \param feature   The string for the define to check (e.g. "MBEDTLS_AES_C")
+ *
+ * \return          0 if the feature is present,
+ *                  -1 if the feature is not present and
+ *                  -2 if support for feature checking as a whole was not
+ *                  compiled in.
+ */
+int mbedtls_version_check_feature( const char *feature );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_VERSION_C */
+
+#endif /* version.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/x509.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,331 @@
+/**
+ * \file x509.h
+ *
+ * \brief X.509 generic defines and structures
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_H
+#define MBEDTLS_X509_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "asn1.h"
+#include "pk.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "rsa.h"
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{
+ */
+
+#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
+/**
+ * Maximum number of intermediate CAs in a verification chain.
+ * That is, maximum length of the chain, excluding the end-entity certificate
+ * and the trusted root certificate.
+ *
+ * Set this to a low value to prevent an adversary from making you waste
+ * resources verifying an overlong certificate chain.
+ */
+#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
+#endif
+
+/**
+ * \name X509 Error codes
+ * \{
+ */
+#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE              -0x2080  /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
+#define MBEDTLS_ERR_X509_UNKNOWN_OID                      -0x2100  /**< Requested OID is unknown. */
+#define MBEDTLS_ERR_X509_INVALID_FORMAT                   -0x2180  /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */
+#define MBEDTLS_ERR_X509_INVALID_VERSION                  -0x2200  /**< The CRT/CRL/CSR version element is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_SERIAL                   -0x2280  /**< The serial tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_ALG                      -0x2300  /**< The algorithm tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_NAME                     -0x2380  /**< The name tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400  /**< The date tag or value is invalid. */
+#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480  /**< The signature tag or value invalid. */
+#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500  /**< The extension tag or value is invalid. */
+#define MBEDTLS_ERR_X509_UNKNOWN_VERSION                  -0x2580  /**< CRT/CRL/CSR has an unsupported version number. */
+#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG                  -0x2600  /**< Signature algorithm (oid) is unsupported. */
+#define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680  /**< Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
+#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700  /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
+#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780  /**< Format not recognized as DER or PEM. */
+#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800  /**< Input invalid. */
+#define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  /**< Destination buffer is too small. */
+/* \} name */
+
+/**
+ * \name X509 Verify codes
+ * \{
+ */
+/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
+#define MBEDTLS_X509_BADCERT_EXPIRED             0x01  /**< The certificate validity has expired. */
+#define MBEDTLS_X509_BADCERT_REVOKED             0x02  /**< The certificate has been revoked (is on a CRL). */
+#define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04  /**< The certificate Common Name (CN) does not match with the expected CN. */
+#define MBEDTLS_X509_BADCERT_NOT_TRUSTED         0x08  /**< The certificate is not correctly signed by the trusted CA. */
+#define MBEDTLS_X509_BADCRL_NOT_TRUSTED          0x10  /**< The CRL is not correctly signed by the trusted CA. */
+#define MBEDTLS_X509_BADCRL_EXPIRED              0x20  /**< The CRL is expired. */
+#define MBEDTLS_X509_BADCERT_MISSING             0x40  /**< Certificate was missing. */
+#define MBEDTLS_X509_BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
+#define MBEDTLS_X509_BADCERT_OTHER             0x0100  /**< Other reason (can be used by verify callback) */
+#define MBEDTLS_X509_BADCERT_FUTURE            0x0200  /**< The certificate validity starts in the future. */
+#define MBEDTLS_X509_BADCRL_FUTURE             0x0400  /**< The CRL is from the future */
+#define MBEDTLS_X509_BADCERT_KEY_USAGE         0x0800  /**< Usage does not match the keyUsage extension. */
+#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE     0x1000  /**< Usage does not match the extendedKeyUsage extension. */
+#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE      0x2000  /**< Usage does not match the nsCertType extension. */
+#define MBEDTLS_X509_BADCERT_BAD_MD            0x4000  /**< The certificate is signed with an unacceptable hash. */
+#define MBEDTLS_X509_BADCERT_BAD_PK            0x8000  /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
+#define MBEDTLS_X509_BADCERT_BAD_KEY         0x010000  /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
+#define MBEDTLS_X509_BADCRL_BAD_MD           0x020000  /**< The CRL is signed with an unacceptable hash. */
+#define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
+#define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+/*
+ * X.509 v3 Key Usage Extension flags
+ * Reminder: update x509_info_key_usage() when adding new flags.
+ */
+#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE            (0x80)  /* bit 0 */
+#define MBEDTLS_X509_KU_NON_REPUDIATION              (0x40)  /* bit 1 */
+#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT             (0x20)  /* bit 2 */
+#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT            (0x10)  /* bit 3 */
+#define MBEDTLS_X509_KU_KEY_AGREEMENT                (0x08)  /* bit 4 */
+#define MBEDTLS_X509_KU_KEY_CERT_SIGN                (0x04)  /* bit 5 */
+#define MBEDTLS_X509_KU_CRL_SIGN                     (0x02)  /* bit 6 */
+#define MBEDTLS_X509_KU_ENCIPHER_ONLY                (0x01)  /* bit 7 */
+#define MBEDTLS_X509_KU_DECIPHER_ONLY              (0x8000)  /* bit 8 */
+
+/*
+ * Netscape certificate types
+ * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
+ */
+
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT         (0x80)  /* bit 0 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER         (0x40)  /* bit 1 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL              (0x20)  /* bit 2 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING     (0x10)  /* bit 3 */
+#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED           (0x08)  /* bit 4 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA             (0x04)  /* bit 5 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA           (0x02)  /* bit 6 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA  (0x01)  /* bit 7 */
+
+/*
+ * X.509 extension types
+ *
+ * Comments refer to the status for using certificates. Status can be
+ * different for writing certificates or reading CRLs or CSRs.
+ */
+#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
+#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
+#define MBEDTLS_X509_EXT_KEY_USAGE                   (1 << 2)
+#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
+#define MBEDTLS_X509_EXT_POLICY_MAPPINGS             (1 << 4)
+#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)    /* Supported (DNS) */
+#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
+#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
+#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)    /* Supported */
+#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
+#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
+#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
+#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
+#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
+#define MBEDTLS_X509_EXT_FRESHEST_CRL                (1 << 14)
+
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE                (1 << 16)   /* Parsed (and then ?) */
+
+/*
+ * Storage format identifiers
+ * Recognized formats: PEM and DER
+ */
+#define MBEDTLS_X509_FORMAT_DER                 1
+#define MBEDTLS_X509_FORMAT_PEM                 2
+
+#define MBEDTLS_X509_MAX_DN_NAME_SIZE         256 /**< Maximum value size of a DN entry */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures for parsing X.509 certificates, CRLs and CSRs
+ * \{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
+ */
+typedef mbedtls_asn1_buf mbedtls_x509_buf;
+
+/**
+ * Container for ASN1 bit strings.
+ */
+typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
+
+/**
+ * Container for ASN1 named information objects.
+ * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
+ */
+typedef mbedtls_asn1_named_data mbedtls_x509_name;
+
+/**
+ * Container for a sequence of ASN.1 items
+ */
+typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
+
+/** Container for date and time (precision in seconds). */
+typedef struct mbedtls_x509_time
+{
+    int year, mon, day;         /**< Date. */
+    int hour, min, sec;         /**< Time. */
+}
+mbedtls_x509_time;
+
+/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
+/** \} addtogroup x509_module */
+
+/**
+ * \brief          Store the certificate DN in printable form into buf;
+ *                 no more than size characters will be written.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param dn       The X509 name to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
+
+/**
+ * \brief          Store the certificate serial in printable form into buf;
+ *                 no more than size characters will be written.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param serial   The X509 serial to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
+
+/**
+ * \brief          Check a given mbedtls_x509_time against the system time
+ *                 and tell if it's in the past.
+ *
+ * \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
+ *                 Hence the return value of 1 if on internal errors.
+ *
+ * \param time     mbedtls_x509_time to check
+ *
+ * \return         1 if the given time is in the past or an error occured,
+ *                 0 otherwise.
+ */
+int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
+
+/**
+ * \brief          Check a given mbedtls_x509_time against the system time
+ *                 and tell if it's in the future.
+ *
+ * \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
+ *                 Hence the return value of 1 if on internal errors.
+ *
+ * \param time     mbedtls_x509_time to check
+ *
+ * \return         1 if the given time is in the future or an error occured,
+ *                 0 otherwise.
+ */
+int mbedtls_x509_time_is_future( const mbedtls_x509_time *time );
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_x509_self_test( int verbose );
+
+/*
+ * Internal module functions. You probably do not want to use these unless you
+ * know you do.
+ */
+int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_name *cur );
+int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
+                       mbedtls_x509_buf *alg );
+int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
+                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+                                int *salt_len );
+#endif
+int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
+int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+                      void **sig_opts );
+int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_time *time );
+int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
+                     mbedtls_x509_buf *serial );
+int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *ext, int tag );
+int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                       const void *sig_opts );
+int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
+int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
+int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+                        int critical, const unsigned char *val,
+                        size_t val_len );
+int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
+                           mbedtls_asn1_named_data *first );
+int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
+                      mbedtls_asn1_named_data *first );
+int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len,
+                    unsigned char *sig, size_t size );
+
+#define MBEDTLS_X509_SAFE_SNPRINTF                          \
+    do {                                                    \
+        if( ret < 0 || (size_t) ret >= n )                  \
+            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );    \
+                                                            \
+        n -= (size_t) ret;                                  \
+        p += (size_t) ret;                                  \
+    } while( 0 )
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* x509.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/x509_crl.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,172 @@
+/**
+ * \file mbedtls_x509_crl.h
+ *
+ * \brief X.509 certificate revocation list parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CRL_H
+#define MBEDTLS_X509_CRL_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures and functions for parsing CRLs
+ * \{
+ */
+
+/**
+ * Certificate revocation list entry.
+ * Contains the CA-specific serial numbers and revocation dates.
+ */
+typedef struct mbedtls_x509_crl_entry
+{
+    mbedtls_x509_buf raw;
+
+    mbedtls_x509_buf serial;
+
+    mbedtls_x509_time revocation_date;
+
+    mbedtls_x509_buf entry_ext;
+
+    struct mbedtls_x509_crl_entry *next;
+}
+mbedtls_x509_crl_entry;
+
+/**
+ * Certificate revocation list structure.
+ * Every CRL may have multiple entries.
+ */
+typedef struct mbedtls_x509_crl
+{
+    mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
+    mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
+
+    int version;            /**< CRL version (1=v1, 2=v2) */
+    mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
+
+    mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
+
+    mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
+
+    mbedtls_x509_time this_update;
+    mbedtls_x509_time next_update;
+
+    mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
+
+    mbedtls_x509_buf crl_ext;
+
+    mbedtls_x509_buf sig_oid2;
+    mbedtls_x509_buf sig;
+    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+
+    struct mbedtls_x509_crl *next;
+}
+mbedtls_x509_crl;
+
+/**
+ * \brief          Parse a DER-encoded CRL and append it to the chained list
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the CRL data in DER format
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
+                        const unsigned char *buf, size_t buflen );
+/**
+ * \brief          Parse one or more CRLs and append them to the chained list
+ *
+ * \note           Mutliple CRLs are accepted only if using PEM format
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the CRL data in PEM or DER format
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load one or more CRLs and append them to the chained list
+ *
+ * \note           Mutliple CRLs are accepted only if using PEM format
+ *
+ * \param chain    points to the start of the chain
+ * \param path     filename to read the CRLs from (in PEM or DER encoding)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the CRL.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param crl      The X509 CRL to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_crl *crl );
+
+/**
+ * \brief          Initialize a CRL (chain)
+ *
+ * \param crl      CRL chain to initialize
+ */
+void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
+
+/**
+ * \brief          Unallocate all CRL data
+ *
+ * \param crl      CRL chain to free
+ */
+void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_crl.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/x509_crt.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,645 @@
+/**
+ * \file mbedtls_x509_crt.h
+ *
+ * \brief X.509 certificate parsing and writing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CRT_H
+#define MBEDTLS_X509_CRT_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+#include "x509_crl.h"
+
+/**
+ * \addtogroup x509_module
+ * \{
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \name Structures and functions for parsing and writing X.509 certificates
+ * \{
+ */
+
+/**
+ * Container for an X.509 certificate. The certificate may be chained.
+ */
+typedef struct mbedtls_x509_crt
+{
+    mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
+    mbedtls_x509_buf tbs;               /**< The raw certificate body (DER). The part that is To Be Signed. */
+
+    int version;                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+    mbedtls_x509_buf serial;            /**< Unique id for certificate issued by a specific CA. */
+    mbedtls_x509_buf sig_oid;           /**< Signature algorithm, e.g. sha1RSA */
+
+    mbedtls_x509_buf issuer_raw;        /**< The raw issuer data (DER). Used for quick comparison. */
+    mbedtls_x509_buf subject_raw;       /**< The raw subject data (DER). Used for quick comparison. */
+
+    mbedtls_x509_name issuer;           /**< The parsed issuer data (named information object). */
+    mbedtls_x509_name subject;          /**< The parsed subject data (named information object). */
+
+    mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
+    mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
+
+    mbedtls_pk_context pk;              /**< Container for the public key context. */
+
+    mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
+    mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
+    mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
+    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName supported). */
+
+    int ext_types;              /**< Bit string containing detected and parsed extensions */
+    int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
+    int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+
+    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
+
+    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+
+    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
+
+    mbedtls_x509_buf sig;               /**< Signature: hash of the tbs part signed with the private key. */
+    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+
+    struct mbedtls_x509_crt *next;     /**< Next certificate in the CA-chain. */
+}
+mbedtls_x509_crt;
+
+/**
+ * Build flag from an algorithm/curve identifier (pk, md, ecp)
+ * Since 0 is always XXX_NONE, ignore it.
+ */
+#define MBEDTLS_X509_ID_FLAG( id )   ( 1 << ( id - 1 ) )
+
+/**
+ * Security profile for certificate verification.
+ *
+ * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
+ */
+typedef struct
+{
+    uint32_t allowed_mds;       /**< MDs for signatures         */
+    uint32_t allowed_pks;       /**< PK algs for signatures     */
+    uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
+    uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
+}
+mbedtls_x509_crt_profile;
+
+#define MBEDTLS_X509_CRT_VERSION_1              0
+#define MBEDTLS_X509_CRT_VERSION_2              1
+#define MBEDTLS_X509_CRT_VERSION_3              2
+
+#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
+#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
+
+/**
+ * Container for writing a certificate (CRT)
+ */
+typedef struct mbedtls_x509write_cert
+{
+    int version;
+    mbedtls_mpi serial;
+    mbedtls_pk_context *subject_key;
+    mbedtls_pk_context *issuer_key;
+    mbedtls_asn1_named_data *subject;
+    mbedtls_asn1_named_data *issuer;
+    mbedtls_md_type_t md_alg;
+    char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+    char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+    mbedtls_asn1_named_data *extensions;
+}
+mbedtls_x509write_cert;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * Default security profile. Should provide a good balance between security
+ * and compatibility with current deployments.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
+
+/**
+ * Expected next default profile. Recommended for new deployments.
+ * Currently targets a 128-bit security level, except for RSA-2048.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
+
+/**
+ * NSA Suite B profile.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
+
+/**
+ * \brief          Parse a single DER formatted certificate and add it
+ *                 to the chained list.
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the certificate DER data
+ * \param buflen   size of the buffer
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
+                        size_t buflen );
+
+/**
+ * \brief          Parse one or more certificates and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the certificate data in PEM or DER format
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load one or more certificates and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param path     filename to read the certificates from
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
+
+/**
+ * \brief          Load one or more certificate files from a path and add them
+ *                 to the chained list. Parses permissively. If some
+ *                 certificates can be parsed, the result is the number
+ *                 of failed certificates it encountered. If none complete
+ *                 correctly, the first error is returned.
+ *
+ * \param chain    points to the start of the chain
+ * \param path     directory / folder to read the certificate files from
+ *
+ * \return         0 if all certificates parsed successfully, a positive number
+ *                 if partly successful or a specific X509 or PEM error code
+ */
+int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the
+ *                 certificate.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param crt      The X509 certificate to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_crt *crt );
+
+/**
+ * \brief          Returns an informational string about the
+ *                 verification status of a certificate.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param flags    Verification flags created by mbedtls_x509_crt_verify()
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+                          uint32_t flags );
+
+/**
+ * \brief          Verify the certificate signature
+ *
+ *                 The verify callback is a user-supplied callback that
+ *                 can clear / modify / add flags for a certificate. If set,
+ *                 the verification callback is called for each
+ *                 certificate in the chain (from the trust-ca down to the
+ *                 presented crt). The parameters for the callback are:
+ *                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
+ *                 int *flags). With the flags representing current flags for
+ *                 that specific certificate and the certificate depth from
+ *                 the bottom (Peer cert depth = 0).
+ *
+ *                 All flags left after returning from the callback
+ *                 are also returned to the application. The function should
+ *                 return 0 for anything but a fatal error.
+ *
+ * \note           In case verification failed, the results can be displayed
+ *                 using \c mbedtls_x509_crt_verify_info()
+ *
+ * \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
+ *                 default security profile.
+ *
+ * \param crt      a certificate to be verified
+ * \param trust_ca the trusted CA chain
+ * \param ca_crl   the CRL chain for trusted CA's
+ * \param cn       expected Common Name (can be set to
+ *                 NULL if the CN must not be verified)
+ * \param flags    result of the verification
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ *
+ * \return         0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+ *                 in which case *flags will have one or more
+ *                 MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
+ *                 set,
+ *                 or another error in case of a fatal error encountered
+ *                 during the verification process.
+ */
+int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
+                     mbedtls_x509_crt *trust_ca,
+                     mbedtls_x509_crl *ca_crl,
+                     const char *cn, uint32_t *flags,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+
+/**
+ * \brief          Verify the certificate signature according to profile
+ *
+ * \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
+ *                 security profile.
+ *
+ * \note           The restrictions on keys (RSA minimum size, allowed curves
+ *                 for ECDSA) apply to all certificates: trusted root,
+ *                 intermediate CAs if any, and end entity certificate.
+ *
+ * \param crt      a certificate to be verified
+ * \param trust_ca the trusted CA chain
+ * \param ca_crl   the CRL chain for trusted CA's
+ * \param profile  security profile for verification
+ * \param cn       expected Common Name (can be set to
+ *                 NULL if the CN must not be verified)
+ * \param flags    result of the verification
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
+ *
+ * \return         0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
+ *                 in which case *flags will have one or more
+ *                 MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
+ *                 set,
+ *                 or another error in case of a fatal error encountered
+ *                 during the verification process.
+ */
+int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+                     mbedtls_x509_crt *trust_ca,
+                     mbedtls_x509_crl *ca_crl,
+                     const mbedtls_x509_crt_profile *profile,
+                     const char *cn, uint32_t *flags,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy );
+
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+/**
+ * \brief          Check usage of certificate against keyUsage extension.
+ *
+ * \param crt      Leaf certificate used.
+ * \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+ *                 before using the certificate to perform an RSA key
+ *                 exchange).
+ *
+ * \note           Except for decipherOnly and encipherOnly, a bit set in the
+ *                 usage argument means this bit MUST be set in the
+ *                 certificate. For decipherOnly and encipherOnly, it means
+ *                 that bit MAY be set.
+ *
+ * \return         0 is these uses of the certificate are allowed,
+ *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+ *                 is present but does not match the usage argument.
+ *
+ * \note           You should only call this function on leaf certificates, on
+ *                 (intermediate) CAs the keyUsage extension is automatically
+ *                 checked by \c mbedtls_x509_crt_verify().
+ */
+int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
+                                      unsigned int usage );
+#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
+
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+/**
+ * \brief          Check usage of certificate against extentedJeyUsage.
+ *
+ * \param crt      Leaf certificate used.
+ * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH).
+ * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
+ *
+ * \return         0 if this use of the certificate is allowed,
+ *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+ *
+ * \note           Usually only makes sense on leaf certificates.
+ */
+int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
+                                       const char *usage_oid,
+                                       size_t usage_len );
+#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) */
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+/**
+ * \brief          Verify the certificate revocation status
+ *
+ * \param crt      a certificate to be verified
+ * \param crl      the CRL to verify against
+ *
+ * \return         1 if the certificate is revoked, 0 otherwise
+ *
+ */
+int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+/**
+ * \brief          Initialize a certificate (chain)
+ *
+ * \param crt      Certificate chain to initialize
+ */
+void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
+
+/**
+ * \brief          Unallocate all certificate data
+ *
+ * \param crt      Certificate chain to free
+ */
+void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+/**
+ * \brief           Initialize a CRT writing context
+ *
+ * \param ctx       CRT context to initialize
+ */
+void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Set the verion for a Certificate
+ *                  Default: MBEDTLS_X509_CRT_VERSION_3
+ *
+ * \param ctx       CRT context to use
+ * \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
+ *                                  MBEDTLS_X509_CRT_VERSION_3)
+ */
+void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
+
+/**
+ * \brief           Set the serial number for a Certificate.
+ *
+ * \param ctx       CRT context to use
+ * \param serial    serial number to set
+ *
+ * \return          0 if successful
+ */
+int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
+
+/**
+ * \brief           Set the validity period for a Certificate
+ *                  Timestamps should be in string format for UTC timezone
+ *                  i.e. "YYYYMMDDhhmmss"
+ *                  e.g. "20131231235959" for December 31st 2013
+ *                       at 23:59:59
+ *
+ * \param ctx       CRT context to use
+ * \param not_before    not_before timestamp
+ * \param not_after     not_after timestamp
+ *
+ * \return          0 if timestamp was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
+                                const char *not_after );
+
+/**
+ * \brief           Set the issuer name for a Certificate
+ *                  Issuer names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+ *
+ * \param ctx           CRT context to use
+ * \param issuer_name   issuer name to set
+ *
+ * \return          0 if issuer name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
+                                   const char *issuer_name );
+
+/**
+ * \brief           Set the subject name for a Certificate
+ *                  Subject names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ *
+ * \param ctx           CRT context to use
+ * \param subject_name  subject name to set
+ *
+ * \return          0 if subject name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
+                                    const char *subject_name );
+
+/**
+ * \brief           Set the subject public key for the certificate
+ *
+ * \param ctx       CRT context to use
+ * \param key       public key to include
+ */
+void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the issuer key used for signing the certificate
+ *
+ * \param ctx       CRT context to use
+ * \param key       private key to sign with
+ */
+void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the MD algorithm to use for the signature
+ *                  (e.g. MBEDTLS_MD_SHA1)
+ *
+ * \param ctx       CRT context to use
+ * \param md_alg    MD algorithm to use
+ */
+void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
+
+/**
+ * \brief           Generic function to add to or replace an extension in the
+ *                  CRT
+ *
+ * \param ctx       CRT context to use
+ * \param oid       OID of the extension
+ * \param oid_len   length of the OID
+ * \param critical  if the extension is critical (per the RFC's definition)
+ * \param val       value of the extension OCTET STRING
+ * \param val_len   length of the value data
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
+                                 const char *oid, size_t oid_len,
+                                 int critical,
+                                 const unsigned char *val, size_t val_len );
+
+/**
+ * \brief           Set the basicConstraints extension for a CRT
+ *
+ * \param ctx       CRT context to use
+ * \param is_ca     is this a CA certificate
+ * \param max_pathlen   maximum length of certificate chains below this
+ *                      certificate (only for CA certificates, -1 is
+ *                      inlimited)
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
+                                         int is_ca, int max_pathlen );
+
+#if defined(MBEDTLS_SHA1_C)
+/**
+ * \brief           Set the subjectKeyIdentifier extension for a CRT
+ *                  Requires that mbedtls_x509write_crt_set_subject_key() has been
+ *                  called before
+ *
+ * \param ctx       CRT context to use
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Set the authorityKeyIdentifier extension for a CRT
+ *                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
+ *                  called before
+ *
+ * \param ctx       CRT context to use
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
+#endif /* MBEDTLS_SHA1_C */
+
+/**
+ * \brief           Set the Key Usage Extension flags
+ *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+ *
+ * \param ctx       CRT context to use
+ * \param key_usage key usage flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
+                                         unsigned int key_usage );
+
+/**
+ * \brief           Set the Netscape Cert Type flags
+ *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+ *
+ * \param ctx           CRT context to use
+ * \param ns_cert_type  Netscape Cert Type flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
+                                    unsigned char ns_cert_type );
+
+/**
+ * \brief           Free the contents of a CRT write context
+ *
+ * \param ctx       CRT context to free
+ */
+void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
+
+/**
+ * \brief           Write a built up certificate to a X509 DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       certificate to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a built up certificate to a X509 PEM string
+ *
+ * \param ctx       certificate to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or a specific error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_crt.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/x509_csr.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,292 @@
+/**
+ * \file mbedtls_x509_csr.h
+ *
+ * \brief X.509 certificate signing request parsing and writing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_CSR_H
+#define MBEDTLS_X509_CSR_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \addtogroup x509_module
+ * \{ */
+
+/**
+ * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
+ * \{
+ */
+
+/**
+ * Certificate Signing Request (CSR) structure.
+ */
+typedef struct mbedtls_x509_csr
+{
+    mbedtls_x509_buf raw;           /**< The raw CSR data (DER). */
+    mbedtls_x509_buf cri;           /**< The raw CertificateRequestInfo body (DER). */
+
+    int version;            /**< CSR version (1=v1). */
+
+    mbedtls_x509_buf  subject_raw;  /**< The raw subject data (DER). */
+    mbedtls_x509_name subject;      /**< The parsed subject data (named information object). */
+
+    mbedtls_pk_context pk;          /**< Container for the public key context. */
+
+    mbedtls_x509_buf sig_oid;
+    mbedtls_x509_buf sig;
+    mbedtls_md_type_t sig_md;       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t sig_pk;       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    void *sig_opts;         /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+}
+mbedtls_x509_csr;
+
+/**
+ * Container for writing a CSR
+ */
+typedef struct mbedtls_x509write_csr
+{
+    mbedtls_pk_context *key;
+    mbedtls_asn1_named_data *subject;
+    mbedtls_md_type_t md_alg;
+    mbedtls_asn1_named_data *extensions;
+}
+mbedtls_x509write_csr;
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+/**
+ * \brief          Load a Certificate Signing Request (CSR) in DER format
+ *
+ * \param csr      CSR context to fill
+ * \param buf      buffer holding the CRL data
+ * \param buflen   size of the buffer
+ *
+ * \return         0 if successful, or a specific X509 error code
+ */
+int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
+                        const unsigned char *buf, size_t buflen );
+
+/**
+ * \brief          Load a Certificate Signing Request (CSR), DER or PEM format
+ *
+ * \param csr      CSR context to fill
+ * \param buf      buffer holding the CRL data
+ * \param buflen   size of the buffer
+ *                 (including the terminating null byte for PEM data)
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
+
+#if defined(MBEDTLS_FS_IO)
+/**
+ * \brief          Load a Certificate Signing Request (CSR)
+ *
+ * \param csr      CSR context to fill
+ * \param path     filename to read the CSR from
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
+#endif /* MBEDTLS_FS_IO */
+
+/**
+ * \brief          Returns an informational string about the
+ *                 CSR.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param prefix   A line prefix
+ * \param csr      The X509 CSR to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_csr *csr );
+
+/**
+ * \brief          Initialize a CSR
+ *
+ * \param csr      CSR to initialize
+ */
+void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
+
+/**
+ * \brief          Unallocate all CSR data
+ *
+ * \param csr      CSR to free
+ */
+void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+/* \} name */
+/* \} addtogroup x509_module */
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+/**
+ * \brief           Initialize a CSR context
+ *
+ * \param ctx       CSR context to initialize
+ */
+void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
+
+/**
+ * \brief           Set the subject name for a CSR
+ *                  Subject names should contain a comma-separated list
+ *                  of OID types and values:
+ *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ *
+ * \param ctx           CSR context to use
+ * \param subject_name  subject name to set
+ *
+ * \return          0 if subject name was parsed successfully, or
+ *                  a specific error code
+ */
+int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
+                                    const char *subject_name );
+
+/**
+ * \brief           Set the key for a CSR (public key will be included,
+ *                  private key used to sign the CSR when writing it)
+ *
+ * \param ctx       CSR context to use
+ * \param key       Asymetric key to include
+ */
+void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
+
+/**
+ * \brief           Set the MD algorithm to use for the signature
+ *                  (e.g. MBEDTLS_MD_SHA1)
+ *
+ * \param ctx       CSR context to use
+ * \param md_alg    MD algorithm to use
+ */
+void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
+
+/**
+ * \brief           Set the Key Usage Extension flags
+ *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+ *
+ * \param ctx       CSR context to use
+ * \param key_usage key usage flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
+
+/**
+ * \brief           Set the Netscape Cert Type flags
+ *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+ *
+ * \param ctx           CSR context to use
+ * \param ns_cert_type  Netscape Cert Type flags to set
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
+                                    unsigned char ns_cert_type );
+
+/**
+ * \brief           Generic function to add to or replace an extension in the
+ *                  CSR
+ *
+ * \param ctx       CSR context to use
+ * \param oid       OID of the extension
+ * \param oid_len   length of the OID
+ * \param val       value of the extension OCTET STRING
+ * \param val_len   length of the value data
+ *
+ * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ */
+int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
+                                 const char *oid, size_t oid_len,
+                                 const unsigned char *val, size_t val_len );
+
+/**
+ * \brief           Free the contents of a CSR context
+ *
+ * \param ctx       CSR context to free
+ */
+void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
+
+/**
+ * \brief           Write a CSR (Certificate Signing Request) to a
+ *                  DER structure
+ *                  Note: data is written at the end of the buffer! Use the
+ *                        return value to determine where you should start
+ *                        using the buffer
+ *
+ * \param ctx       CSR to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          length of data written if successful, or a specific
+ *                  error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for countermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+/**
+ * \brief           Write a CSR (Certificate Signing Request) to a
+ *                  PEM string
+ *
+ * \param ctx       CSR to write away
+ * \param buf       buffer to write to
+ * \param size      size of the buffer
+ * \param f_rng     RNG function (for signature, see note)
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 if successful, or a specific error code
+ *
+ * \note            f_rng may be NULL if RSA is used for signature and the
+ *                  signature is made offline (otherwise f_rng is desirable
+ *                  for couermeasures against timing attacks).
+ *                  ECDSA signatures always require a non-NULL f_rng.
+ */
+int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_x509_csr.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/mbedtls/xtea.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,139 @@
+/**
+ * \file xtea.h
+ *
+ * \brief XTEA block cipher (32-bit)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_XTEA_H
+#define MBEDTLS_XTEA_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_XTEA_ENCRYPT     1
+#define MBEDTLS_XTEA_DECRYPT     0
+
+#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH             -0x0028  /**< The data input has an invalid length. */
+
+#if !defined(MBEDTLS_XTEA_ALT)
+// Regular implementation
+//
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          XTEA context structure
+ */
+typedef struct
+{
+    uint32_t k[4];       /*!< key */
+}
+mbedtls_xtea_context;
+
+/**
+ * \brief          Initialize XTEA context
+ *
+ * \param ctx      XTEA context to be initialized
+ */
+void mbedtls_xtea_init( mbedtls_xtea_context *ctx );
+
+/**
+ * \brief          Clear XTEA context
+ *
+ * \param ctx      XTEA context to be cleared
+ */
+void mbedtls_xtea_free( mbedtls_xtea_context *ctx );
+
+/**
+ * \brief          XTEA key schedule
+ *
+ * \param ctx      XTEA context to be initialized
+ * \param key      the secret key
+ */
+void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
+
+/**
+ * \brief          XTEA cipher function
+ *
+ * \param ctx      XTEA context
+ * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
+ * \param input    8-byte input block
+ * \param output   8-byte output block
+ *
+ * \return         0 if successful
+ */
+int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx,
+                    int mode,
+                    const unsigned char input[8],
+                    unsigned char output[8] );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/**
+ * \brief          XTEA CBC cipher function
+ *
+ * \param ctx      XTEA context
+ * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
+ * \param length   the length of input, multiple of 8
+ * \param iv       initialization vector for CBC mode
+ * \param input    input block
+ * \param output   output block
+ *
+ * \return         0 if successful,
+ *                 MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
+ */
+int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[8],
+                    const unsigned char *input,
+                    unsigned char *output);
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#ifdef __cplusplus
+}
+#endif
+
+#else  /* MBEDTLS_XTEA_ALT */
+#include "xtea_alt.h"
+#endif /* MBEDTLS_XTEA_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Checkup routine
+ *
+ * \return         0 if successful, or 1 if the test failed
+ */
+int mbedtls_xtea_self_test( int verbose );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* xtea.h */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/aes.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1490 @@
+/*
+ *  FIPS-197 compliant AES implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
+ *
+ *  http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
+ *  http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_AES_C)
+
+#include <string.h>
+
+#include "mbedtls/aes.h"
+#if defined(MBEDTLS_PADLOCK_C)
+#include "mbedtls/padlock.h"
+#endif
+#if defined(MBEDTLS_AESNI_C)
+#include "mbedtls/aesni.h"
+#endif
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_AES_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (little endian)
+ */
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ]       )             \
+        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
+}
+#endif
+
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
+}
+#endif
+
+#if defined(MBEDTLS_PADLOCK_C) &&                      \
+    ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
+static int aes_padlock_ace = -1;
+#endif
+
+#if defined(MBEDTLS_AES_ROM_TABLES)
+/*
+ * Forward S-box
+ */
+static const unsigned char FSb[256] =
+{
+    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
+    0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
+    0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
+    0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
+    0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
+    0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
+    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
+    0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
+    0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
+    0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
+    0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
+    0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
+    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
+    0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
+    0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
+    0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
+    0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
+    0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
+    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
+    0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
+    0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
+    0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
+    0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
+    0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
+    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
+    0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
+    0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
+    0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
+    0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
+    0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
+    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
+    0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
+};
+
+/*
+ * Forward tables
+ */
+#define FT \
+\
+    V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
+    V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
+    V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
+    V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
+    V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
+    V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
+    V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
+    V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
+    V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
+    V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
+    V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
+    V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
+    V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
+    V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
+    V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
+    V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
+    V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
+    V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
+    V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
+    V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
+    V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
+    V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
+    V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
+    V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
+    V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
+    V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
+    V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
+    V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
+    V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
+    V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
+    V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
+    V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
+    V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
+    V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
+    V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
+    V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
+    V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
+    V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
+    V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
+    V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
+    V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
+    V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
+    V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
+    V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
+    V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
+    V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
+    V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
+    V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
+    V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
+    V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
+    V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
+    V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
+    V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
+    V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
+    V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
+    V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
+    V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
+    V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
+    V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
+    V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
+    V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
+    V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
+    V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
+    V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
+
+#define V(a,b,c,d) 0x##a##b##c##d
+static const uint32_t FT0[256] = { FT };
+#undef V
+
+#define V(a,b,c,d) 0x##b##c##d##a
+static const uint32_t FT1[256] = { FT };
+#undef V
+
+#define V(a,b,c,d) 0x##c##d##a##b
+static const uint32_t FT2[256] = { FT };
+#undef V
+
+#define V(a,b,c,d) 0x##d##a##b##c
+static const uint32_t FT3[256] = { FT };
+#undef V
+
+#undef FT
+
+/*
+ * Reverse S-box
+ */
+static const unsigned char RSb[256] =
+{
+    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
+    0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
+    0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
+    0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
+    0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
+    0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
+    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
+    0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
+    0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
+    0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
+    0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
+    0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
+    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
+    0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
+    0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
+    0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
+    0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
+    0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
+    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
+    0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
+    0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
+    0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
+    0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
+    0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
+    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
+    0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
+    0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
+    0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
+    0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
+    0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
+    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
+    0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
+};
+
+/*
+ * Reverse tables
+ */
+#define RT \
+\
+    V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
+    V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
+    V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
+    V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
+    V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
+    V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
+    V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
+    V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
+    V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
+    V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
+    V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
+    V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
+    V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
+    V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
+    V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
+    V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
+    V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
+    V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
+    V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
+    V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
+    V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
+    V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
+    V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
+    V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
+    V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
+    V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
+    V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
+    V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
+    V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
+    V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
+    V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
+    V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
+    V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
+    V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
+    V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
+    V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
+    V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
+    V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
+    V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
+    V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
+    V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
+    V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
+    V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
+    V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
+    V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
+    V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
+    V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
+    V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
+    V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
+    V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
+    V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
+    V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
+    V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
+    V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
+    V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
+    V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
+    V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
+    V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
+    V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
+    V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
+    V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
+    V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
+    V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
+    V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
+
+#define V(a,b,c,d) 0x##a##b##c##d
+static const uint32_t RT0[256] = { RT };
+#undef V
+
+#define V(a,b,c,d) 0x##b##c##d##a
+static const uint32_t RT1[256] = { RT };
+#undef V
+
+#define V(a,b,c,d) 0x##c##d##a##b
+static const uint32_t RT2[256] = { RT };
+#undef V
+
+#define V(a,b,c,d) 0x##d##a##b##c
+static const uint32_t RT3[256] = { RT };
+#undef V
+
+#undef RT
+
+/*
+ * Round constants
+ */
+static const uint32_t RCON[10] =
+{
+    0x00000001, 0x00000002, 0x00000004, 0x00000008,
+    0x00000010, 0x00000020, 0x00000040, 0x00000080,
+    0x0000001B, 0x00000036
+};
+
+#else /* MBEDTLS_AES_ROM_TABLES */
+
+/*
+ * Forward S-box & tables
+ */
+static unsigned char FSb[256];
+static uint32_t FT0[256];
+static uint32_t FT1[256];
+static uint32_t FT2[256];
+static uint32_t FT3[256];
+
+/*
+ * Reverse S-box & tables
+ */
+static unsigned char RSb[256];
+static uint32_t RT0[256];
+static uint32_t RT1[256];
+static uint32_t RT2[256];
+static uint32_t RT3[256];
+
+/*
+ * Round constants
+ */
+static uint32_t RCON[10];
+
+/*
+ * Tables generation code
+ */
+#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
+#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
+#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
+
+static int aes_init_done = 0;
+
+static void aes_gen_tables( void )
+{
+    int i, x, y, z;
+    int pow[256];
+    int log[256];
+
+    /*
+     * compute pow and log tables over GF(2^8)
+     */
+    for( i = 0, x = 1; i < 256; i++ )
+    {
+        pow[i] = x;
+        log[x] = i;
+        x = ( x ^ XTIME( x ) ) & 0xFF;
+    }
+
+    /*
+     * calculate the round constants
+     */
+    for( i = 0, x = 1; i < 10; i++ )
+    {
+        RCON[i] = (uint32_t) x;
+        x = XTIME( x ) & 0xFF;
+    }
+
+    /*
+     * generate the forward and reverse S-boxes
+     */
+    FSb[0x00] = 0x63;
+    RSb[0x63] = 0x00;
+
+    for( i = 1; i < 256; i++ )
+    {
+        x = pow[255 - log[i]];
+
+        y  = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
+        x ^= y ^ 0x63;
+
+        FSb[i] = (unsigned char) x;
+        RSb[x] = (unsigned char) i;
+    }
+
+    /*
+     * generate the forward and reverse tables
+     */
+    for( i = 0; i < 256; i++ )
+    {
+        x = FSb[i];
+        y = XTIME( x ) & 0xFF;
+        z =  ( y ^ x ) & 0xFF;
+
+        FT0[i] = ( (uint32_t) y       ) ^
+                 ( (uint32_t) x <<  8 ) ^
+                 ( (uint32_t) x << 16 ) ^
+                 ( (uint32_t) z << 24 );
+
+        FT1[i] = ROTL8( FT0[i] );
+        FT2[i] = ROTL8( FT1[i] );
+        FT3[i] = ROTL8( FT2[i] );
+
+        x = RSb[i];
+
+        RT0[i] = ( (uint32_t) MUL( 0x0E, x )       ) ^
+                 ( (uint32_t) MUL( 0x09, x ) <<  8 ) ^
+                 ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
+                 ( (uint32_t) MUL( 0x0B, x ) << 24 );
+
+        RT1[i] = ROTL8( RT0[i] );
+        RT2[i] = ROTL8( RT1[i] );
+        RT3[i] = ROTL8( RT2[i] );
+    }
+}
+
+#endif /* MBEDTLS_AES_ROM_TABLES */
+
+void mbedtls_aes_init( mbedtls_aes_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_aes_context ) );
+}
+
+void mbedtls_aes_free( mbedtls_aes_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
+}
+
+/*
+ * AES key schedule (encryption)
+ */
+#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
+int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits )
+{
+    unsigned int i;
+    uint32_t *RK;
+
+#if !defined(MBEDTLS_AES_ROM_TABLES)
+    if( aes_init_done == 0 )
+    {
+        aes_gen_tables();
+        aes_init_done = 1;
+
+    }
+#endif
+
+    switch( keybits )
+    {
+        case 128: ctx->nr = 10; break;
+        case 192: ctx->nr = 12; break;
+        case 256: ctx->nr = 14; break;
+        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+    }
+
+#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
+    if( aes_padlock_ace == -1 )
+        aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
+
+    if( aes_padlock_ace )
+        ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
+    else
+#endif
+    ctx->rk = RK = ctx->buf;
+
+#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
+        return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
+#endif
+
+    for( i = 0; i < ( keybits >> 5 ); i++ )
+    {
+        GET_UINT32_LE( RK[i], key, i << 2 );
+    }
+
+    switch( ctx->nr )
+    {
+        case 10:
+
+            for( i = 0; i < 10; i++, RK += 4 )
+            {
+                RK[4]  = RK[0] ^ RCON[i] ^
+                ( (uint32_t) FSb[ ( RK[3] >>  8 ) & 0xFF ]       ) ^
+                ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] <<  8 ) ^
+                ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
+                ( (uint32_t) FSb[ ( RK[3]       ) & 0xFF ] << 24 );
+
+                RK[5]  = RK[1] ^ RK[4];
+                RK[6]  = RK[2] ^ RK[5];
+                RK[7]  = RK[3] ^ RK[6];
+            }
+            break;
+
+        case 12:
+
+            for( i = 0; i < 8; i++, RK += 6 )
+            {
+                RK[6]  = RK[0] ^ RCON[i] ^
+                ( (uint32_t) FSb[ ( RK[5] >>  8 ) & 0xFF ]       ) ^
+                ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] <<  8 ) ^
+                ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
+                ( (uint32_t) FSb[ ( RK[5]       ) & 0xFF ] << 24 );
+
+                RK[7]  = RK[1] ^ RK[6];
+                RK[8]  = RK[2] ^ RK[7];
+                RK[9]  = RK[3] ^ RK[8];
+                RK[10] = RK[4] ^ RK[9];
+                RK[11] = RK[5] ^ RK[10];
+            }
+            break;
+
+        case 14:
+
+            for( i = 0; i < 7; i++, RK += 8 )
+            {
+                RK[8]  = RK[0] ^ RCON[i] ^
+                ( (uint32_t) FSb[ ( RK[7] >>  8 ) & 0xFF ]       ) ^
+                ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] <<  8 ) ^
+                ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
+                ( (uint32_t) FSb[ ( RK[7]       ) & 0xFF ] << 24 );
+
+                RK[9]  = RK[1] ^ RK[8];
+                RK[10] = RK[2] ^ RK[9];
+                RK[11] = RK[3] ^ RK[10];
+
+                RK[12] = RK[4] ^
+                ( (uint32_t) FSb[ ( RK[11]       ) & 0xFF ]       ) ^
+                ( (uint32_t) FSb[ ( RK[11] >>  8 ) & 0xFF ] <<  8 ) ^
+                ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
+                ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
+
+                RK[13] = RK[5] ^ RK[12];
+                RK[14] = RK[6] ^ RK[13];
+                RK[15] = RK[7] ^ RK[14];
+            }
+            break;
+    }
+
+    return( 0 );
+}
+#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
+
+/*
+ * AES key schedule (decryption)
+ */
+#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits )
+{
+    int i, j, ret;
+    mbedtls_aes_context cty;
+    uint32_t *RK;
+    uint32_t *SK;
+
+    mbedtls_aes_init( &cty );
+
+#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
+    if( aes_padlock_ace == -1 )
+        aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
+
+    if( aes_padlock_ace )
+        ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
+    else
+#endif
+    ctx->rk = RK = ctx->buf;
+
+    /* Also checks keybits */
+    if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
+        goto exit;
+
+    ctx->nr = cty.nr;
+
+#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
+    {
+        mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk,
+                           (const unsigned char *) cty.rk, ctx->nr );
+        goto exit;
+    }
+#endif
+
+    SK = cty.rk + cty.nr * 4;
+
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+
+    for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
+    {
+        for( j = 0; j < 4; j++, SK++ )
+        {
+            *RK++ = RT0[ FSb[ ( *SK       ) & 0xFF ] ] ^
+                    RT1[ FSb[ ( *SK >>  8 ) & 0xFF ] ] ^
+                    RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
+                    RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
+        }
+    }
+
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+
+exit:
+    mbedtls_aes_free( &cty );
+
+    return( ret );
+}
+#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
+
+#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)     \
+{                                               \
+    X0 = *RK++ ^ FT0[ ( Y0       ) & 0xFF ] ^   \
+                 FT1[ ( Y1 >>  8 ) & 0xFF ] ^   \
+                 FT2[ ( Y2 >> 16 ) & 0xFF ] ^   \
+                 FT3[ ( Y3 >> 24 ) & 0xFF ];    \
+                                                \
+    X1 = *RK++ ^ FT0[ ( Y1       ) & 0xFF ] ^   \
+                 FT1[ ( Y2 >>  8 ) & 0xFF ] ^   \
+                 FT2[ ( Y3 >> 16 ) & 0xFF ] ^   \
+                 FT3[ ( Y0 >> 24 ) & 0xFF ];    \
+                                                \
+    X2 = *RK++ ^ FT0[ ( Y2       ) & 0xFF ] ^   \
+                 FT1[ ( Y3 >>  8 ) & 0xFF ] ^   \
+                 FT2[ ( Y0 >> 16 ) & 0xFF ] ^   \
+                 FT3[ ( Y1 >> 24 ) & 0xFF ];    \
+                                                \
+    X3 = *RK++ ^ FT0[ ( Y3       ) & 0xFF ] ^   \
+                 FT1[ ( Y0 >>  8 ) & 0xFF ] ^   \
+                 FT2[ ( Y1 >> 16 ) & 0xFF ] ^   \
+                 FT3[ ( Y2 >> 24 ) & 0xFF ];    \
+}
+
+#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)     \
+{                                               \
+    X0 = *RK++ ^ RT0[ ( Y0       ) & 0xFF ] ^   \
+                 RT1[ ( Y3 >>  8 ) & 0xFF ] ^   \
+                 RT2[ ( Y2 >> 16 ) & 0xFF ] ^   \
+                 RT3[ ( Y1 >> 24 ) & 0xFF ];    \
+                                                \
+    X1 = *RK++ ^ RT0[ ( Y1       ) & 0xFF ] ^   \
+                 RT1[ ( Y0 >>  8 ) & 0xFF ] ^   \
+                 RT2[ ( Y3 >> 16 ) & 0xFF ] ^   \
+                 RT3[ ( Y2 >> 24 ) & 0xFF ];    \
+                                                \
+    X2 = *RK++ ^ RT0[ ( Y2       ) & 0xFF ] ^   \
+                 RT1[ ( Y1 >>  8 ) & 0xFF ] ^   \
+                 RT2[ ( Y0 >> 16 ) & 0xFF ] ^   \
+                 RT3[ ( Y3 >> 24 ) & 0xFF ];    \
+                                                \
+    X3 = *RK++ ^ RT0[ ( Y3       ) & 0xFF ] ^   \
+                 RT1[ ( Y2 >>  8 ) & 0xFF ] ^   \
+                 RT2[ ( Y1 >> 16 ) & 0xFF ] ^   \
+                 RT3[ ( Y0 >> 24 ) & 0xFF ];    \
+}
+
+/*
+ * AES-ECB block encryption
+ */
+#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
+void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] )
+{
+    int i;
+    uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
+
+    RK = ctx->rk;
+
+    GET_UINT32_LE( X0, input,  0 ); X0 ^= *RK++;
+    GET_UINT32_LE( X1, input,  4 ); X1 ^= *RK++;
+    GET_UINT32_LE( X2, input,  8 ); X2 ^= *RK++;
+    GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
+
+    for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
+    {
+        AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+        AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
+    }
+
+    AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+
+    X0 = *RK++ ^ \
+            ( (uint32_t) FSb[ ( Y0       ) & 0xFF ]       ) ^
+            ( (uint32_t) FSb[ ( Y1 >>  8 ) & 0xFF ] <<  8 ) ^
+            ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
+            ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
+
+    X1 = *RK++ ^ \
+            ( (uint32_t) FSb[ ( Y1       ) & 0xFF ]       ) ^
+            ( (uint32_t) FSb[ ( Y2 >>  8 ) & 0xFF ] <<  8 ) ^
+            ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
+            ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
+
+    X2 = *RK++ ^ \
+            ( (uint32_t) FSb[ ( Y2       ) & 0xFF ]       ) ^
+            ( (uint32_t) FSb[ ( Y3 >>  8 ) & 0xFF ] <<  8 ) ^
+            ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
+            ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
+
+    X3 = *RK++ ^ \
+            ( (uint32_t) FSb[ ( Y3       ) & 0xFF ]       ) ^
+            ( (uint32_t) FSb[ ( Y0 >>  8 ) & 0xFF ] <<  8 ) ^
+            ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
+            ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
+
+    PUT_UINT32_LE( X0, output,  0 );
+    PUT_UINT32_LE( X1, output,  4 );
+    PUT_UINT32_LE( X2, output,  8 );
+    PUT_UINT32_LE( X3, output, 12 );
+}
+#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
+
+/*
+ * AES-ECB block decryption
+ */
+#if !defined(MBEDTLS_AES_DECRYPT_ALT)
+void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
+                          const unsigned char input[16],
+                          unsigned char output[16] )
+{
+    int i;
+    uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
+
+    RK = ctx->rk;
+
+    GET_UINT32_LE( X0, input,  0 ); X0 ^= *RK++;
+    GET_UINT32_LE( X1, input,  4 ); X1 ^= *RK++;
+    GET_UINT32_LE( X2, input,  8 ); X2 ^= *RK++;
+    GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
+
+    for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
+    {
+        AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+        AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
+    }
+
+    AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
+
+    X0 = *RK++ ^ \
+            ( (uint32_t) RSb[ ( Y0       ) & 0xFF ]       ) ^
+            ( (uint32_t) RSb[ ( Y3 >>  8 ) & 0xFF ] <<  8 ) ^
+            ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
+            ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
+
+    X1 = *RK++ ^ \
+            ( (uint32_t) RSb[ ( Y1       ) & 0xFF ]       ) ^
+            ( (uint32_t) RSb[ ( Y0 >>  8 ) & 0xFF ] <<  8 ) ^
+            ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
+            ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
+
+    X2 = *RK++ ^ \
+            ( (uint32_t) RSb[ ( Y2       ) & 0xFF ]       ) ^
+            ( (uint32_t) RSb[ ( Y1 >>  8 ) & 0xFF ] <<  8 ) ^
+            ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
+            ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
+
+    X3 = *RK++ ^ \
+            ( (uint32_t) RSb[ ( Y3       ) & 0xFF ]       ) ^
+            ( (uint32_t) RSb[ ( Y2 >>  8 ) & 0xFF ] <<  8 ) ^
+            ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
+            ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
+
+    PUT_UINT32_LE( X0, output,  0 );
+    PUT_UINT32_LE( X1, output,  4 );
+    PUT_UINT32_LE( X2, output,  8 );
+    PUT_UINT32_LE( X3, output, 12 );
+}
+#endif /* !MBEDTLS_AES_DECRYPT_ALT */
+
+/*
+ * AES-ECB block encryption/decryption
+ */
+int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] )
+{
+#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
+        return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
+#endif
+
+#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+    if( aes_padlock_ace )
+    {
+        if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 )
+            return( 0 );
+
+        // If padlock data misaligned, we just fall back to
+        // unaccelerated mode
+        //
+    }
+#endif
+
+    if( mode == MBEDTLS_AES_ENCRYPT )
+        mbedtls_aes_encrypt( ctx, input, output );
+    else
+        mbedtls_aes_decrypt( ctx, input, output );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/*
+ * AES-CBC buffer encryption/decryption
+ */
+int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output )
+{
+    int i;
+    unsigned char temp[16];
+
+    if( length % 16 )
+        return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
+
+#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+    if( aes_padlock_ace )
+    {
+        if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
+            return( 0 );
+
+        // If padlock data misaligned, we just fall back to
+        // unaccelerated mode
+        //
+    }
+#endif
+
+    if( mode == MBEDTLS_AES_DECRYPT )
+    {
+        while( length > 0 )
+        {
+            memcpy( temp, input, 16 );
+            mbedtls_aes_crypt_ecb( ctx, mode, input, output );
+
+            for( i = 0; i < 16; i++ )
+                output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+            memcpy( iv, temp, 16 );
+
+            input  += 16;
+            output += 16;
+            length -= 16;
+        }
+    }
+    else
+    {
+        while( length > 0 )
+        {
+            for( i = 0; i < 16; i++ )
+                output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+            mbedtls_aes_crypt_ecb( ctx, mode, output, output );
+            memcpy( iv, output, 16 );
+
+            input  += 16;
+            output += 16;
+            length -= 16;
+        }
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/*
+ * AES-CFB128 buffer encryption/decryption
+ */
+int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int c;
+    size_t n = *iv_off;
+
+    if( mode == MBEDTLS_AES_DECRYPT )
+    {
+        while( length-- )
+        {
+            if( n == 0 )
+                mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+
+            c = *input++;
+            *output++ = (unsigned char)( c ^ iv[n] );
+            iv[n] = (unsigned char) c;
+
+            n = ( n + 1 ) & 0x0F;
+        }
+    }
+    else
+    {
+        while( length-- )
+        {
+            if( n == 0 )
+                mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+
+            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+
+            n = ( n + 1 ) & 0x0F;
+        }
+    }
+
+    *iv_off = n;
+
+    return( 0 );
+}
+
+/*
+ * AES-CFB8 buffer encryption/decryption
+ */
+int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    unsigned char c;
+    unsigned char ov[17];
+
+    while( length-- )
+    {
+        memcpy( ov, iv, 16 );
+        mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+
+        if( mode == MBEDTLS_AES_DECRYPT )
+            ov[16] = *input;
+
+        c = *output++ = (unsigned char)( iv[0] ^ *input++ );
+
+        if( mode == MBEDTLS_AES_ENCRYPT )
+            ov[16] = c;
+
+        memcpy( iv, ov + 1, 16 );
+    }
+
+    return( 0 );
+}
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/*
+ * AES-CTR buffer encryption/decryption
+ */
+int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int c, i;
+    size_t n = *nc_off;
+
+    while( length-- )
+    {
+        if( n == 0 ) {
+            mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
+
+            for( i = 16; i > 0; i-- )
+                if( ++nonce_counter[i - 1] != 0 )
+                    break;
+        }
+        c = *input++;
+        *output++ = (unsigned char)( c ^ stream_block[n] );
+
+        n = ( n + 1 ) & 0x0F;
+    }
+
+    *nc_off = n;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#endif /* !MBEDTLS_AES_ALT */
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * AES test vectors from:
+ *
+ * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
+ */
+static const unsigned char aes_test_ecb_dec[3][16] =
+{
+    { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
+      0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
+    { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
+      0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
+    { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
+      0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
+};
+
+static const unsigned char aes_test_ecb_enc[3][16] =
+{
+    { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
+      0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
+    { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
+      0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
+    { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
+      0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const unsigned char aes_test_cbc_dec[3][16] =
+{
+    { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
+      0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
+    { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
+      0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
+    { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
+      0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
+};
+
+static const unsigned char aes_test_cbc_enc[3][16] =
+{
+    { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
+      0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
+    { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
+      0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
+    { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
+      0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/*
+ * AES-CFB128 test vectors from:
+ *
+ * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+ */
+static const unsigned char aes_test_cfb128_key[3][32] =
+{
+    { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+      0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
+    { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
+      0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
+      0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
+    { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
+      0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
+      0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
+      0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
+};
+
+static const unsigned char aes_test_cfb128_iv[16] =
+{
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+};
+
+static const unsigned char aes_test_cfb128_pt[64] =
+{
+    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+    0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+    0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+    0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
+    0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
+    0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
+    0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
+    0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
+};
+
+static const unsigned char aes_test_cfb128_ct[3][64] =
+{
+    { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
+      0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
+      0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F,
+      0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B,
+      0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40,
+      0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF,
+      0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E,
+      0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 },
+    { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
+      0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
+      0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21,
+      0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A,
+      0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1,
+      0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9,
+      0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0,
+      0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF },
+    { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
+      0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
+      0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8,
+      0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B,
+      0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92,
+      0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9,
+      0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8,
+      0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 }
+};
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/*
+ * AES-CTR test vectors from:
+ *
+ * http://www.faqs.org/rfcs/rfc3686.html
+ */
+
+static const unsigned char aes_test_ctr_key[3][16] =
+{
+    { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
+      0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
+    { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
+      0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
+    { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
+      0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
+};
+
+static const unsigned char aes_test_ctr_nonce_counter[3][16] =
+{
+    { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
+    { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
+      0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
+    { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
+      0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
+};
+
+static const unsigned char aes_test_ctr_pt[3][48] =
+{
+    { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
+      0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
+
+    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
+
+    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
+      0x20, 0x21, 0x22, 0x23 }
+};
+
+static const unsigned char aes_test_ctr_ct[3][48] =
+{
+    { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79,
+      0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 },
+    { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9,
+      0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88,
+      0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8,
+      0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 },
+    { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9,
+      0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7,
+      0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36,
+      0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53,
+      0x25, 0xB2, 0x07, 0x2F }
+};
+
+static const int aes_test_ctr_len[3] =
+    { 16, 32, 36 };
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+/*
+ * Checkup routine
+ */
+int mbedtls_aes_self_test( int verbose )
+{
+    int ret = 0, i, j, u, v;
+    unsigned char key[32];
+    unsigned char buf[64];
+    unsigned char iv[16];
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    unsigned char prv[16];
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_CFB)
+    size_t offset;
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    int len;
+    unsigned char nonce_counter[16];
+    unsigned char stream_block[16];
+#endif
+    mbedtls_aes_context ctx;
+
+    memset( key, 0, 32 );
+    mbedtls_aes_init( &ctx );
+
+    /*
+     * ECB mode
+     */
+    for( i = 0; i < 6; i++ )
+    {
+        u = i >> 1;
+        v = i  & 1;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  AES-ECB-%3d (%s): ", 128 + u * 64,
+                             ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+
+        memset( buf, 0, 16 );
+
+        if( v == MBEDTLS_AES_DECRYPT )
+        {
+            mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
+
+            for( j = 0; j < 10000; j++ )
+                mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
+
+            if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                ret = 1;
+                goto exit;
+            }
+        }
+        else
+        {
+            mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+
+            for( j = 0; j < 10000; j++ )
+                mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
+
+            if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                ret = 1;
+                goto exit;
+            }
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    /*
+     * CBC mode
+     */
+    for( i = 0; i < 6; i++ )
+    {
+        u = i >> 1;
+        v = i  & 1;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  AES-CBC-%3d (%s): ", 128 + u * 64,
+                             ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+
+        memset( iv , 0, 16 );
+        memset( prv, 0, 16 );
+        memset( buf, 0, 16 );
+
+        if( v == MBEDTLS_AES_DECRYPT )
+        {
+            mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
+
+            for( j = 0; j < 10000; j++ )
+                mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
+
+            if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                ret = 1;
+                goto exit;
+            }
+        }
+        else
+        {
+            mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+
+            for( j = 0; j < 10000; j++ )
+            {
+                unsigned char tmp[16];
+
+                mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
+
+                memcpy( tmp, prv, 16 );
+                memcpy( prv, buf, 16 );
+                memcpy( buf, tmp, 16 );
+            }
+
+            if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                ret = 1;
+                goto exit;
+            }
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    /*
+     * CFB128 mode
+     */
+    for( i = 0; i < 6; i++ )
+    {
+        u = i >> 1;
+        v = i  & 1;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  AES-CFB128-%3d (%s): ", 128 + u * 64,
+                             ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+
+        memcpy( iv,  aes_test_cfb128_iv, 16 );
+        memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
+
+        offset = 0;
+        mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+
+        if( v == MBEDTLS_AES_DECRYPT )
+        {
+            memcpy( buf, aes_test_cfb128_ct[u], 64 );
+            mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
+
+            if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                ret = 1;
+                goto exit;
+            }
+        }
+        else
+        {
+            memcpy( buf, aes_test_cfb128_pt, 64 );
+            mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
+
+            if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                ret = 1;
+                goto exit;
+            }
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    /*
+     * CTR mode
+     */
+    for( i = 0; i < 6; i++ )
+    {
+        u = i >> 1;
+        v = i  & 1;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  AES-CTR-128 (%s): ",
+                             ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+
+        memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
+        memcpy( key, aes_test_ctr_key[u], 16 );
+
+        offset = 0;
+        mbedtls_aes_setkey_enc( &ctx, key, 128 );
+
+        if( v == MBEDTLS_AES_DECRYPT )
+        {
+            len = aes_test_ctr_len[u];
+            memcpy( buf, aes_test_ctr_ct[u], len );
+
+            mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
+                           buf, buf );
+
+            if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                ret = 1;
+                goto exit;
+            }
+        }
+        else
+        {
+            len = aes_test_ctr_len[u];
+            memcpy( buf, aes_test_ctr_pt[u], len );
+
+            mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
+                           buf, buf );
+
+            if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                ret = 1;
+                goto exit;
+            }
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+    ret = 0;
+
+exit:
+    mbedtls_aes_free( &ctx );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_AES_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/aesni.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,464 @@
+/*
+ *  AES-NI support functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set
+ * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_AESNI_C)
+
+#include "mbedtls/aesni.h"
+
+#include <string.h>
+
+#ifndef asm
+#define asm __asm
+#endif
+
+#if defined(MBEDTLS_HAVE_X86_64)
+
+/*
+ * AES-NI support detection routine
+ */
+int mbedtls_aesni_has_support( unsigned int what )
+{
+    static int done = 0;
+    static unsigned int c = 0;
+
+    if( ! done )
+    {
+        asm( "movl  $1, %%eax   \n\t"
+             "cpuid             \n\t"
+             : "=c" (c)
+             :
+             : "eax", "ebx", "edx" );
+        done = 1;
+    }
+
+    return( ( c & what ) != 0 );
+}
+
+/*
+ * Binutils needs to be at least 2.19 to support AES-NI instructions.
+ * Unfortunately, a lot of users have a lower version now (2014-04).
+ * Emit bytecode directly in order to support "old" version of gas.
+ *
+ * Opcodes from the Intel architecture reference manual, vol. 3.
+ * We always use registers, so we don't need prefixes for memory operands.
+ * Operand macros are in gas order (src, dst) as opposed to Intel order
+ * (dst, src) in order to blend better into the surrounding assembly code.
+ */
+#define AESDEC      ".byte 0x66,0x0F,0x38,0xDE,"
+#define AESDECLAST  ".byte 0x66,0x0F,0x38,0xDF,"
+#define AESENC      ".byte 0x66,0x0F,0x38,0xDC,"
+#define AESENCLAST  ".byte 0x66,0x0F,0x38,0xDD,"
+#define AESIMC      ".byte 0x66,0x0F,0x38,0xDB,"
+#define AESKEYGENA  ".byte 0x66,0x0F,0x3A,0xDF,"
+#define PCLMULQDQ   ".byte 0x66,0x0F,0x3A,0x44,"
+
+#define xmm0_xmm0   "0xC0"
+#define xmm0_xmm1   "0xC8"
+#define xmm0_xmm2   "0xD0"
+#define xmm0_xmm3   "0xD8"
+#define xmm0_xmm4   "0xE0"
+#define xmm1_xmm0   "0xC1"
+#define xmm1_xmm2   "0xD1"
+
+/*
+ * AES-NI AES-ECB block en(de)cryption
+ */
+int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
+                     int mode,
+                     const unsigned char input[16],
+                     unsigned char output[16] )
+{
+    asm( "movdqu    (%3), %%xmm0    \n\t" // load input
+         "movdqu    (%1), %%xmm1    \n\t" // load round key 0
+         "pxor      %%xmm1, %%xmm0  \n\t" // round 0
+         "addq      $16, %1         \n\t" // point to next round key
+         "subl      $1, %0          \n\t" // normal rounds = nr - 1
+         "test      %2, %2          \n\t" // mode?
+         "jz        2f              \n\t" // 0 = decrypt
+
+         "1:                        \n\t" // encryption loop
+         "movdqu    (%1), %%xmm1    \n\t" // load round key
+         AESENC     xmm1_xmm0      "\n\t" // do round
+         "addq      $16, %1         \n\t" // point to next round key
+         "subl      $1, %0          \n\t" // loop
+         "jnz       1b              \n\t"
+         "movdqu    (%1), %%xmm1    \n\t" // load round key
+         AESENCLAST xmm1_xmm0      "\n\t" // last round
+         "jmp       3f              \n\t"
+
+         "2:                        \n\t" // decryption loop
+         "movdqu    (%1), %%xmm1    \n\t"
+         AESDEC     xmm1_xmm0      "\n\t" // do round
+         "addq      $16, %1         \n\t"
+         "subl      $1, %0          \n\t"
+         "jnz       2b              \n\t"
+         "movdqu    (%1), %%xmm1    \n\t" // load round key
+         AESDECLAST xmm1_xmm0      "\n\t" // last round
+
+         "3:                        \n\t"
+         "movdqu    %%xmm0, (%4)    \n\t" // export output
+         :
+         : "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
+         : "memory", "cc", "xmm0", "xmm1" );
+
+
+    return( 0 );
+}
+
+/*
+ * GCM multiplication: c = a times b in GF(2^128)
+ * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
+ */
+void mbedtls_aesni_gcm_mult( unsigned char c[16],
+                     const unsigned char a[16],
+                     const unsigned char b[16] )
+{
+    unsigned char aa[16], bb[16], cc[16];
+    size_t i;
+
+    /* The inputs are in big-endian order, so byte-reverse them */
+    for( i = 0; i < 16; i++ )
+    {
+        aa[i] = a[15 - i];
+        bb[i] = b[15 - i];
+    }
+
+    asm( "movdqu (%0), %%xmm0               \n\t" // a1:a0
+         "movdqu (%1), %%xmm1               \n\t" // b1:b0
+
+         /*
+          * Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
+          * using [CLMUL-WP] algorithm 1 (p. 13).
+          */
+         "movdqa %%xmm1, %%xmm2             \n\t" // copy of b1:b0
+         "movdqa %%xmm1, %%xmm3             \n\t" // same
+         "movdqa %%xmm1, %%xmm4             \n\t" // same
+         PCLMULQDQ xmm0_xmm1 ",0x00         \n\t" // a0*b0 = c1:c0
+         PCLMULQDQ xmm0_xmm2 ",0x11         \n\t" // a1*b1 = d1:d0
+         PCLMULQDQ xmm0_xmm3 ",0x10         \n\t" // a0*b1 = e1:e0
+         PCLMULQDQ xmm0_xmm4 ",0x01         \n\t" // a1*b0 = f1:f0
+         "pxor %%xmm3, %%xmm4               \n\t" // e1+f1:e0+f0
+         "movdqa %%xmm4, %%xmm3             \n\t" // same
+         "psrldq $8, %%xmm4                 \n\t" // 0:e1+f1
+         "pslldq $8, %%xmm3                 \n\t" // e0+f0:0
+         "pxor %%xmm4, %%xmm2               \n\t" // d1:d0+e1+f1
+         "pxor %%xmm3, %%xmm1               \n\t" // c1+e0+f1:c0
+
+         /*
+          * Now shift the result one bit to the left,
+          * taking advantage of [CLMUL-WP] eq 27 (p. 20)
+          */
+         "movdqa %%xmm1, %%xmm3             \n\t" // r1:r0
+         "movdqa %%xmm2, %%xmm4             \n\t" // r3:r2
+         "psllq $1, %%xmm1                  \n\t" // r1<<1:r0<<1
+         "psllq $1, %%xmm2                  \n\t" // r3<<1:r2<<1
+         "psrlq $63, %%xmm3                 \n\t" // r1>>63:r0>>63
+         "psrlq $63, %%xmm4                 \n\t" // r3>>63:r2>>63
+         "movdqa %%xmm3, %%xmm5             \n\t" // r1>>63:r0>>63
+         "pslldq $8, %%xmm3                 \n\t" // r0>>63:0
+         "pslldq $8, %%xmm4                 \n\t" // r2>>63:0
+         "psrldq $8, %%xmm5                 \n\t" // 0:r1>>63
+         "por %%xmm3, %%xmm1                \n\t" // r1<<1|r0>>63:r0<<1
+         "por %%xmm4, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1
+         "por %%xmm5, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
+
+         /*
+          * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
+          * using [CLMUL-WP] algorithm 5 (p. 20).
+          * Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
+          */
+         /* Step 2 (1) */
+         "movdqa %%xmm1, %%xmm3             \n\t" // x1:x0
+         "movdqa %%xmm1, %%xmm4             \n\t" // same
+         "movdqa %%xmm1, %%xmm5             \n\t" // same
+         "psllq $63, %%xmm3                 \n\t" // x1<<63:x0<<63 = stuff:a
+         "psllq $62, %%xmm4                 \n\t" // x1<<62:x0<<62 = stuff:b
+         "psllq $57, %%xmm5                 \n\t" // x1<<57:x0<<57 = stuff:c
+
+         /* Step 2 (2) */
+         "pxor %%xmm4, %%xmm3               \n\t" // stuff:a+b
+         "pxor %%xmm5, %%xmm3               \n\t" // stuff:a+b+c
+         "pslldq $8, %%xmm3                 \n\t" // a+b+c:0
+         "pxor %%xmm3, %%xmm1               \n\t" // x1+a+b+c:x0 = d:x0
+
+         /* Steps 3 and 4 */
+         "movdqa %%xmm1,%%xmm0              \n\t" // d:x0
+         "movdqa %%xmm1,%%xmm4              \n\t" // same
+         "movdqa %%xmm1,%%xmm5              \n\t" // same
+         "psrlq $1, %%xmm0                  \n\t" // e1:x0>>1 = e1:e0'
+         "psrlq $2, %%xmm4                  \n\t" // f1:x0>>2 = f1:f0'
+         "psrlq $7, %%xmm5                  \n\t" // g1:x0>>7 = g1:g0'
+         "pxor %%xmm4, %%xmm0               \n\t" // e1+f1:e0'+f0'
+         "pxor %%xmm5, %%xmm0               \n\t" // e1+f1+g1:e0'+f0'+g0'
+         // e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
+         // bits carried from d. Now get those\t bits back in.
+         "movdqa %%xmm1,%%xmm3              \n\t" // d:x0
+         "movdqa %%xmm1,%%xmm4              \n\t" // same
+         "movdqa %%xmm1,%%xmm5              \n\t" // same
+         "psllq $63, %%xmm3                 \n\t" // d<<63:stuff
+         "psllq $62, %%xmm4                 \n\t" // d<<62:stuff
+         "psllq $57, %%xmm5                 \n\t" // d<<57:stuff
+         "pxor %%xmm4, %%xmm3               \n\t" // d<<63+d<<62:stuff
+         "pxor %%xmm5, %%xmm3               \n\t" // missing bits of d:stuff
+         "psrldq $8, %%xmm3                 \n\t" // 0:missing bits of d
+         "pxor %%xmm3, %%xmm0               \n\t" // e1+f1+g1:e0+f0+g0
+         "pxor %%xmm1, %%xmm0               \n\t" // h1:h0
+         "pxor %%xmm2, %%xmm0               \n\t" // x3+h1:x2+h0
+
+         "movdqu %%xmm0, (%2)               \n\t" // done
+         :
+         : "r" (aa), "r" (bb), "r" (cc)
+         : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" );
+
+    /* Now byte-reverse the outputs */
+    for( i = 0; i < 16; i++ )
+        c[i] = cc[15 - i];
+
+    return;
+}
+
+/*
+ * Compute decryption round keys from encryption round keys
+ */
+void mbedtls_aesni_inverse_key( unsigned char *invkey,
+                        const unsigned char *fwdkey, int nr )
+{
+    unsigned char *ik = invkey;
+    const unsigned char *fk = fwdkey + 16 * nr;
+
+    memcpy( ik, fk, 16 );
+
+    for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
+        asm( "movdqu (%0), %%xmm0       \n\t"
+             AESIMC  xmm0_xmm0         "\n\t"
+             "movdqu %%xmm0, (%1)       \n\t"
+             :
+             : "r" (fk), "r" (ik)
+             : "memory", "xmm0" );
+
+    memcpy( ik, fk, 16 );
+}
+
+/*
+ * Key expansion, 128-bit case
+ */
+static void aesni_setkey_enc_128( unsigned char *rk,
+                                  const unsigned char *key )
+{
+    asm( "movdqu (%1), %%xmm0               \n\t" // copy the original key
+         "movdqu %%xmm0, (%0)               \n\t" // as round key 0
+         "jmp 2f                            \n\t" // skip auxiliary routine
+
+         /*
+          * Finish generating the next round key.
+          *
+          * On entry xmm0 is r3:r2:r1:r0 and xmm1 is X:stuff:stuff:stuff
+          * with X = rot( sub( r3 ) ) ^ RCON.
+          *
+          * On exit, xmm0 is r7:r6:r5:r4
+          * with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
+          * and those are written to the round key buffer.
+          */
+         "1:                                \n\t"
+         "pshufd $0xff, %%xmm1, %%xmm1      \n\t" // X:X:X:X
+         "pxor %%xmm0, %%xmm1               \n\t" // X+r3:X+r2:X+r1:r4
+         "pslldq $4, %%xmm0                 \n\t" // r2:r1:r0:0
+         "pxor %%xmm0, %%xmm1               \n\t" // X+r3+r2:X+r2+r1:r5:r4
+         "pslldq $4, %%xmm0                 \n\t" // etc
+         "pxor %%xmm0, %%xmm1               \n\t"
+         "pslldq $4, %%xmm0                 \n\t"
+         "pxor %%xmm1, %%xmm0               \n\t" // update xmm0 for next time!
+         "add $16, %0                       \n\t" // point to next round key
+         "movdqu %%xmm0, (%0)               \n\t" // write it
+         "ret                               \n\t"
+
+         /* Main "loop" */
+         "2:                                \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x01        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x02        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x04        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x08        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x10        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x20        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x40        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x80        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x1B        \n\tcall 1b \n\t"
+         AESKEYGENA xmm0_xmm1 ",0x36        \n\tcall 1b \n\t"
+         :
+         : "r" (rk), "r" (key)
+         : "memory", "cc", "0" );
+}
+
+/*
+ * Key expansion, 192-bit case
+ */
+static void aesni_setkey_enc_192( unsigned char *rk,
+                                  const unsigned char *key )
+{
+    asm( "movdqu (%1), %%xmm0   \n\t" // copy original round key
+         "movdqu %%xmm0, (%0)   \n\t"
+         "add $16, %0           \n\t"
+         "movq 16(%1), %%xmm1   \n\t"
+         "movq %%xmm1, (%0)     \n\t"
+         "add $8, %0            \n\t"
+         "jmp 2f                \n\t" // skip auxiliary routine
+
+         /*
+          * Finish generating the next 6 quarter-keys.
+          *
+          * On entry xmm0 is r3:r2:r1:r0, xmm1 is stuff:stuff:r5:r4
+          * and xmm2 is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON.
+          *
+          * On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10
+          * and those are written to the round key buffer.
+          */
+         "1:                            \n\t"
+         "pshufd $0x55, %%xmm2, %%xmm2  \n\t" // X:X:X:X
+         "pxor %%xmm0, %%xmm2           \n\t" // X+r3:X+r2:X+r1:r4
+         "pslldq $4, %%xmm0             \n\t" // etc
+         "pxor %%xmm0, %%xmm2           \n\t"
+         "pslldq $4, %%xmm0             \n\t"
+         "pxor %%xmm0, %%xmm2           \n\t"
+         "pslldq $4, %%xmm0             \n\t"
+         "pxor %%xmm2, %%xmm0           \n\t" // update xmm0 = r9:r8:r7:r6
+         "movdqu %%xmm0, (%0)           \n\t"
+         "add $16, %0                   \n\t"
+         "pshufd $0xff, %%xmm0, %%xmm2  \n\t" // r9:r9:r9:r9
+         "pxor %%xmm1, %%xmm2           \n\t" // stuff:stuff:r9+r5:r10
+         "pslldq $4, %%xmm1             \n\t" // r2:r1:r0:0
+         "pxor %%xmm2, %%xmm1           \n\t" // xmm1 = stuff:stuff:r11:r10
+         "movq %%xmm1, (%0)             \n\t"
+         "add $8, %0                    \n\t"
+         "ret                           \n\t"
+
+         "2:                            \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x01    \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x02    \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x04    \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x08    \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x10    \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x20    \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x40    \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x80    \n\tcall 1b \n\t"
+
+         :
+         : "r" (rk), "r" (key)
+         : "memory", "cc", "0" );
+}
+
+/*
+ * Key expansion, 256-bit case
+ */
+static void aesni_setkey_enc_256( unsigned char *rk,
+                                  const unsigned char *key )
+{
+    asm( "movdqu (%1), %%xmm0           \n\t"
+         "movdqu %%xmm0, (%0)           \n\t"
+         "add $16, %0                   \n\t"
+         "movdqu 16(%1), %%xmm1         \n\t"
+         "movdqu %%xmm1, (%0)           \n\t"
+         "jmp 2f                        \n\t" // skip auxiliary routine
+
+         /*
+          * Finish generating the next two round keys.
+          *
+          * On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and
+          * xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON
+          *
+          * On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12
+          * and those have been written to the output buffer.
+          */
+         "1:                                \n\t"
+         "pshufd $0xff, %%xmm2, %%xmm2      \n\t"
+         "pxor %%xmm0, %%xmm2               \n\t"
+         "pslldq $4, %%xmm0                 \n\t"
+         "pxor %%xmm0, %%xmm2               \n\t"
+         "pslldq $4, %%xmm0                 \n\t"
+         "pxor %%xmm0, %%xmm2               \n\t"
+         "pslldq $4, %%xmm0                 \n\t"
+         "pxor %%xmm2, %%xmm0               \n\t"
+         "add $16, %0                       \n\t"
+         "movdqu %%xmm0, (%0)               \n\t"
+
+         /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
+          * and proceed to generate next round key from there */
+         AESKEYGENA xmm0_xmm2 ",0x00        \n\t"
+         "pshufd $0xaa, %%xmm2, %%xmm2      \n\t"
+         "pxor %%xmm1, %%xmm2               \n\t"
+         "pslldq $4, %%xmm1                 \n\t"
+         "pxor %%xmm1, %%xmm2               \n\t"
+         "pslldq $4, %%xmm1                 \n\t"
+         "pxor %%xmm1, %%xmm2               \n\t"
+         "pslldq $4, %%xmm1                 \n\t"
+         "pxor %%xmm2, %%xmm1               \n\t"
+         "add $16, %0                       \n\t"
+         "movdqu %%xmm1, (%0)               \n\t"
+         "ret                               \n\t"
+
+         /*
+          * Main "loop" - Generating one more key than necessary,
+          * see definition of mbedtls_aes_context.buf
+          */
+         "2:                                \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x01        \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x02        \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x04        \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x08        \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x10        \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x20        \n\tcall 1b \n\t"
+         AESKEYGENA xmm1_xmm2 ",0x40        \n\tcall 1b \n\t"
+         :
+         : "r" (rk), "r" (key)
+         : "memory", "cc", "0" );
+}
+
+/*
+ * Key expansion, wrapper
+ */
+int mbedtls_aesni_setkey_enc( unsigned char *rk,
+                      const unsigned char *key,
+                      size_t bits )
+{
+    switch( bits )
+    {
+        case 128: aesni_setkey_enc_128( rk, key ); break;
+        case 192: aesni_setkey_enc_192( rk, key ); break;
+        case 256: aesni_setkey_enc_256( rk, key ); break;
+        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+    }
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_HAVE_X86_64 */
+
+#endif /* MBEDTLS_AESNI_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/arc4.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,205 @@
+/*
+ *  An implementation of the ARCFOUR algorithm
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The ARCFOUR algorithm was publicly disclosed on 94/09.
+ *
+ *  http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+
+#include "mbedtls/arc4.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_ARC4_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
+}
+
+void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
+}
+
+/*
+ * ARC4 key schedule
+ */
+void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
+                 unsigned int keylen )
+{
+    int i, j, a;
+    unsigned int k;
+    unsigned char *m;
+
+    ctx->x = 0;
+    ctx->y = 0;
+    m = ctx->m;
+
+    for( i = 0; i < 256; i++ )
+        m[i] = (unsigned char) i;
+
+    j = k = 0;
+
+    for( i = 0; i < 256; i++, k++ )
+    {
+        if( k >= keylen ) k = 0;
+
+        a = m[i];
+        j = ( j + a + key[k] ) & 0xFF;
+        m[i] = m[j];
+        m[j] = (unsigned char) a;
+    }
+}
+
+/*
+ * ARC4 cipher function
+ */
+int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
+                unsigned char *output )
+{
+    int x, y, a, b;
+    size_t i;
+    unsigned char *m;
+
+    x = ctx->x;
+    y = ctx->y;
+    m = ctx->m;
+
+    for( i = 0; i < length; i++ )
+    {
+        x = ( x + 1 ) & 0xFF; a = m[x];
+        y = ( y + a ) & 0xFF; b = m[y];
+
+        m[x] = (unsigned char) b;
+        m[y] = (unsigned char) a;
+
+        output[i] = (unsigned char)
+            ( input[i] ^ m[(unsigned char)( a + b )] );
+    }
+
+    ctx->x = x;
+    ctx->y = y;
+
+    return( 0 );
+}
+
+#endif /* !MBEDTLS_ARC4_ALT */
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * ARC4 tests vectors as posted by Eric Rescorla in sep. 1994:
+ *
+ * http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0
+ */
+static const unsigned char arc4_test_key[3][8] =
+{
+    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
+    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+};
+
+static const unsigned char arc4_test_pt[3][8] =
+{
+    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+};
+
+static const unsigned char arc4_test_ct[3][8] =
+{
+    { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 },
+    { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 },
+    { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_arc4_self_test( int verbose )
+{
+    int i, ret = 0;
+    unsigned char ibuf[8];
+    unsigned char obuf[8];
+    mbedtls_arc4_context ctx;
+
+    mbedtls_arc4_init( &ctx );
+
+    for( i = 0; i < 3; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  ARC4 test #%d: ", i + 1 );
+
+        memcpy( ibuf, arc4_test_pt[i], 8 );
+
+        mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 );
+        mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf );
+
+        if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto exit;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+exit:
+    mbedtls_arc4_free( &ctx );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_ARC4_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/asn1parse.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,392 @@
+/*
+ *  Generic ASN.1 parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
+#include "mbedtls/asn1.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * ASN.1 DER decoding routines
+ */
+int mbedtls_asn1_get_len( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len )
+{
+    if( ( end - *p ) < 1 )
+        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    if( ( **p & 0x80 ) == 0 )
+        *len = *(*p)++;
+    else
+    {
+        switch( **p & 0x7F )
+        {
+        case 1:
+            if( ( end - *p ) < 2 )
+                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+            *len = (*p)[1];
+            (*p) += 2;
+            break;
+
+        case 2:
+            if( ( end - *p ) < 3 )
+                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+            *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
+            (*p) += 3;
+            break;
+
+        case 3:
+            if( ( end - *p ) < 4 )
+                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+            *len = ( (size_t)(*p)[1] << 16 ) |
+                   ( (size_t)(*p)[2] << 8  ) | (*p)[3];
+            (*p) += 4;
+            break;
+
+        case 4:
+            if( ( end - *p ) < 5 )
+                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+            *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
+                   ( (size_t)(*p)[3] << 8  ) |           (*p)[4];
+            (*p) += 5;
+            break;
+
+        default:
+            return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+        }
+    }
+
+    if( *len > (size_t) ( end - *p ) )
+        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    return( 0 );
+}
+
+int mbedtls_asn1_get_tag( unsigned char **p,
+                  const unsigned char *end,
+                  size_t *len, int tag )
+{
+    if( ( end - *p ) < 1 )
+        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    if( **p != tag )
+        return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+    (*p)++;
+
+    return( mbedtls_asn1_get_len( p, end, len ) );
+}
+
+int mbedtls_asn1_get_bool( unsigned char **p,
+                   const unsigned char *end,
+                   int *val )
+{
+    int ret;
+    size_t len;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
+        return( ret );
+
+    if( len != 1 )
+        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
+    *val = ( **p != 0 ) ? 1 : 0;
+    (*p)++;
+
+    return( 0 );
+}
+
+int mbedtls_asn1_get_int( unsigned char **p,
+                  const unsigned char *end,
+                  int *val )
+{
+    int ret;
+    size_t len;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
+        return( ret );
+
+    if( len > sizeof( int ) || ( **p & 0x80 ) != 0 )
+        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
+    *val = 0;
+
+    while( len-- > 0 )
+    {
+        *val = ( *val << 8 ) | **p;
+        (*p)++;
+    }
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_BIGNUM_C)
+int mbedtls_asn1_get_mpi( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_mpi *X )
+{
+    int ret;
+    size_t len;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
+        return( ret );
+
+    ret = mbedtls_mpi_read_binary( X, *p, len );
+
+    *p += len;
+
+    return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C */
+
+int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
+                        mbedtls_asn1_bitstring *bs)
+{
+    int ret;
+
+    /* Certificate type is a single byte bitstring */
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
+        return( ret );
+
+    /* Check length, subtract one for actual bit string length */
+    if( bs->len < 1 )
+        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+    bs->len -= 1;
+
+    /* Get number of unused bits, ensure unused bits <= 7 */
+    bs->unused_bits = **p;
+    if( bs->unused_bits > 7 )
+        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    (*p)++;
+
+    /* Get actual bitstring */
+    bs->p = *p;
+    *p += bs->len;
+
+    if( *p != end )
+        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ * Get a bit string without unused bits
+ */
+int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
+                             size_t *len )
+{
+    int ret;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
+        return( ret );
+
+    if( (*len)-- < 2 || *(*p)++ != 0 )
+        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+
+    return( 0 );
+}
+
+
+
+/*
+ *  Parses and splits an ASN.1 "SEQUENCE OF <tag>"
+ */
+int mbedtls_asn1_get_sequence_of( unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_asn1_sequence *cur,
+                          int tag)
+{
+    int ret;
+    size_t len;
+    mbedtls_asn1_buf *buf;
+
+    /* Get main sequence tag */
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( ret );
+
+    if( *p + len != end )
+        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    while( *p < end )
+    {
+        buf = &(cur->buf);
+        buf->tag = **p;
+
+        if( ( ret = mbedtls_asn1_get_tag( p, end, &buf->len, tag ) ) != 0 )
+            return( ret );
+
+        buf->p = *p;
+        *p += buf->len;
+
+        /* Allocate and assign next pointer */
+        if( *p < end )
+        {
+            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+
+            if( cur->next == NULL )
+                return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
+
+            cur = cur->next;
+        }
+    }
+
+    /* Set final sequence entry's next pointer to NULL */
+    cur->next = NULL;
+
+    if( *p != end )
+        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+int mbedtls_asn1_get_alg( unsigned char **p,
+                  const unsigned char *end,
+                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
+{
+    int ret;
+    size_t len;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( ret );
+
+    if( ( end - *p ) < 1 )
+        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    alg->tag = **p;
+    end = *p + len;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
+        return( ret );
+
+    alg->p = *p;
+    *p += alg->len;
+
+    if( *p == end )
+    {
+        mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) );
+        return( 0 );
+    }
+
+    params->tag = **p;
+    (*p)++;
+
+    if( ( ret = mbedtls_asn1_get_len( p, end, &params->len ) ) != 0 )
+        return( ret );
+
+    params->p = *p;
+    *p += params->len;
+
+    if( *p != end )
+        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+int mbedtls_asn1_get_alg_null( unsigned char **p,
+                       const unsigned char *end,
+                       mbedtls_asn1_buf *alg )
+{
+    int ret;
+    mbedtls_asn1_buf params;
+
+    memset( &params, 0, sizeof(mbedtls_asn1_buf) );
+
+    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
+        return( ret );
+
+    if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
+        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+
+    return( 0 );
+}
+
+void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
+{
+    if( cur == NULL )
+        return;
+
+    mbedtls_free( cur->oid.p );
+    mbedtls_free( cur->val.p );
+
+    mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
+}
+
+void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
+{
+    mbedtls_asn1_named_data *cur;
+
+    while( ( cur = *head ) != NULL )
+    {
+        *head = cur->next;
+        mbedtls_asn1_free_named_data( cur );
+        mbedtls_free( cur );
+    }
+}
+
+mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
+                                       const char *oid, size_t len )
+{
+    while( list != NULL )
+    {
+        if( list->oid.len == len &&
+            memcmp( list->oid.p, oid, len ) == 0 )
+        {
+            break;
+        }
+
+        list = list->next;
+    }
+
+    return( list );
+}
+
+#endif /* MBEDTLS_ASN1_PARSE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/asn1write.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,362 @@
+/*
+ * ASN.1 buffer writing functionality
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ASN1_WRITE_C)
+
+#include "mbedtls/asn1write.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
+{
+    if( len < 0x80 )
+    {
+        if( *p - start < 1 )
+            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+        *--(*p) = (unsigned char) len;
+        return( 1 );
+    }
+
+    if( len <= 0xFF )
+    {
+        if( *p - start < 2 )
+            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+        *--(*p) = (unsigned char) len;
+        *--(*p) = 0x81;
+        return( 2 );
+    }
+
+    if( *p - start < 3 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    // We assume we never have lengths larger than 65535 bytes
+    //
+    *--(*p) = len % 256;
+    *--(*p) = ( len / 256 ) % 256;
+    *--(*p) = 0x82;
+
+    return( 3 );
+}
+
+int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
+{
+    if( *p - start < 1 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    *--(*p) = tag;
+
+    return( 1 );
+}
+
+int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+                           const unsigned char *buf, size_t size )
+{
+    size_t len = 0;
+
+    if( *p < start || (size_t)( *p - start ) < size )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    len = size;
+    (*p) -= len;
+    memcpy( *p, buf, len );
+
+    return( (int) len );
+}
+
+#if defined(MBEDTLS_BIGNUM_C)
+int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X )
+{
+    int ret;
+    size_t len = 0;
+
+    // Write the MPI
+    //
+    len = mbedtls_mpi_size( X );
+
+    if( *p < start || (size_t)( *p - start ) < len )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    (*p) -= len;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) );
+
+    // DER format assumes 2s complement for numbers, so the leftmost bit
+    // should be 0 for positive numbers and 1 for negative numbers.
+    //
+    if( X->s ==1 && **p & 0x80 )
+    {
+        if( *p - start < 1 )
+            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+        *--(*p) = 0x00;
+        len += 1;
+    }
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
+
+    ret = (int) len;
+
+cleanup:
+    return( ret );
+}
+#endif /* MBEDTLS_BIGNUM_C */
+
+int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
+{
+    int ret;
+    size_t len = 0;
+
+    // Write NULL
+    //
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) );
+
+    return( (int) len );
+}
+
+int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len )
+{
+    int ret;
+    size_t len = 0;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
+                                  (const unsigned char *) oid, oid_len ) );
+    MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
+
+    return( (int) len );
+}
+
+int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+                                     const char *oid, size_t oid_len,
+                                     size_t par_len )
+{
+    int ret;
+    size_t len = 0;
+
+    if( par_len == 0 )
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) );
+    else
+        len += par_len;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+    return( (int) len );
+}
+
+int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
+{
+    int ret;
+    size_t len = 0;
+
+    if( *p - start < 1 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    *--(*p) = (boolean) ? 255 : 0;
+    len++;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) );
+
+    return( (int) len );
+}
+
+int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
+{
+    int ret;
+    size_t len = 0;
+
+    // TODO negative values and values larger than 128
+    // DER format assumes 2s complement for numbers, so the leftmost bit
+    // should be 0 for positive numbers and 1 for negative numbers.
+    //
+    if( *p - start < 1 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    len += 1;
+    *--(*p) = val;
+
+    if( val > 0 && **p & 0x80 )
+    {
+        if( *p - start < 1 )
+            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+        *--(*p) = 0x00;
+        len += 1;
+    }
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
+
+    return( (int) len );
+}
+
+int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
+                                 const char *text, size_t text_len )
+{
+    int ret;
+    size_t len = 0;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
+                  (const unsigned char *) text, text_len ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_PRINTABLE_STRING ) );
+
+    return( (int) len );
+}
+
+int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+                           const char *text, size_t text_len )
+{
+    int ret;
+    size_t len = 0;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
+                  (const unsigned char *) text, text_len ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_IA5_STRING ) );
+
+    return( (int) len );
+}
+
+int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
+                          const unsigned char *buf, size_t bits )
+{
+    int ret;
+    size_t len = 0, size;
+
+    size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
+
+    // Calculate byte length
+    //
+    if( *p < start || (size_t)( *p - start ) < size + 1 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    len = size + 1;
+    (*p) -= size;
+    memcpy( *p, buf, size );
+
+    // Write unused bits
+    //
+    *--(*p) = (unsigned char) (size * 8 - bits);
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
+
+    return( (int) len );
+}
+
+int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
+                             const unsigned char *buf, size_t size )
+{
+    int ret;
+    size_t len = 0;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
+
+    return( (int) len );
+}
+
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head,
+                                        const char *oid, size_t oid_len,
+                                        const unsigned char *val,
+                                        size_t val_len )
+{
+    mbedtls_asn1_named_data *cur;
+
+    if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
+    {
+        // Add new entry if not present yet based on OID
+        //
+        if( ( cur = mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ) ) == NULL )
+            return( NULL );
+
+        cur->oid.len = oid_len;
+        cur->oid.p = mbedtls_calloc( 1, oid_len );
+        if( cur->oid.p == NULL )
+        {
+            mbedtls_free( cur );
+            return( NULL );
+        }
+
+        memcpy( cur->oid.p, oid, oid_len );
+
+        cur->val.len = val_len;
+        cur->val.p = mbedtls_calloc( 1, val_len );
+        if( cur->val.p == NULL )
+        {
+            mbedtls_free( cur->oid.p );
+            mbedtls_free( cur );
+            return( NULL );
+        }
+
+        cur->next = *head;
+        *head = cur;
+    }
+    else if( cur->val.len < val_len )
+    {
+        // Enlarge existing value buffer if needed
+        //
+        mbedtls_free( cur->val.p );
+        cur->val.p = NULL;
+
+        cur->val.len = val_len;
+        cur->val.p = mbedtls_calloc( 1, val_len );
+        if( cur->val.p == NULL )
+        {
+            mbedtls_free( cur->oid.p );
+            mbedtls_free( cur );
+            return( NULL );
+        }
+    }
+
+    if( val != NULL )
+        memcpy( cur->val.p, val, val_len );
+
+    return( cur );
+}
+#endif /* MBEDTLS_ASN1_WRITE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/base64.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,289 @@
+/*
+ *  RFC 1521 base64 encoding/decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_BASE64_C)
+
+#include "mbedtls/base64.h"
+
+#include <stdint.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#include <string.h>
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+static const unsigned char base64_enc_map[64] =
+{
+    'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
+    'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
+    'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
+    'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+    'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
+    'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
+    '8', '9', '+', '/'
+};
+
+static const unsigned char base64_dec_map[128] =
+{
+    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+    127, 127, 127,  62, 127, 127, 127,  63,  52,  53,
+     54,  55,  56,  57,  58,  59,  60,  61, 127, 127,
+    127,  64, 127, 127, 127,   0,   1,   2,   3,   4,
+      5,   6,   7,   8,   9,  10,  11,  12,  13,  14,
+     15,  16,  17,  18,  19,  20,  21,  22,  23,  24,
+     25, 127, 127, 127, 127, 127, 127,  26,  27,  28,
+     29,  30,  31,  32,  33,  34,  35,  36,  37,  38,
+     39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
+     49,  50,  51, 127, 127, 127, 127, 127
+};
+
+#define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+
+/*
+ * Encode a buffer into base64 format
+ */
+int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen )
+{
+    size_t i, n;
+    int C1, C2, C3;
+    unsigned char *p;
+
+    if( slen == 0 )
+    {
+        *olen = 0;
+        return( 0 );
+    }
+
+    n = slen / 3 + ( slen % 3 != 0 );
+
+    if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
+    {
+        *olen = BASE64_SIZE_T_MAX;
+        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+    }
+
+    n *= 4;
+
+    if( dlen < n + 1 )
+    {
+        *olen = n + 1;
+        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+    }
+
+    n = ( slen / 3 ) * 3;
+
+    for( i = 0, p = dst; i < n; i += 3 )
+    {
+        C1 = *src++;
+        C2 = *src++;
+        C3 = *src++;
+
+        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
+        *p++ = base64_enc_map[(((C1 &  3) << 4) + (C2 >> 4)) & 0x3F];
+        *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
+        *p++ = base64_enc_map[C3 & 0x3F];
+    }
+
+    if( i < slen )
+    {
+        C1 = *src++;
+        C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
+
+        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
+        *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
+
+        if( ( i + 1 ) < slen )
+             *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
+        else *p++ = '=';
+
+        *p++ = '=';
+    }
+
+    *olen = p - dst;
+    *p = 0;
+
+    return( 0 );
+}
+
+/*
+ * Decode a base64-formatted buffer
+ */
+int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
+                   const unsigned char *src, size_t slen )
+{
+    size_t i, n;
+    uint32_t j, x;
+    unsigned char *p;
+
+    /* First pass: check for validity and get output length */
+    for( i = n = j = 0; i < slen; i++ )
+    {
+        /* Skip spaces before checking for EOL */
+        x = 0;
+        while( i < slen && src[i] == ' ' )
+        {
+            ++i;
+            ++x;
+        }
+
+        /* Spaces at end of buffer are OK */
+        if( i == slen )
+            break;
+
+        if( ( slen - i ) >= 2 &&
+            src[i] == '\r' && src[i + 1] == '\n' )
+            continue;
+
+        if( src[i] == '\n' )
+            continue;
+
+        /* Space inside a line is an error */
+        if( x != 0 )
+            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+
+        if( src[i] == '=' && ++j > 2 )
+            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+
+        if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
+            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+
+        if( base64_dec_map[src[i]] < 64 && j != 0 )
+            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+
+        n++;
+    }
+
+    if( n == 0 )
+    {
+        *olen = 0;
+        return( 0 );
+    }
+
+    n = ( ( n * 6 ) + 7 ) >> 3;
+    n -= j;
+
+    if( dst == NULL || dlen < n )
+    {
+        *olen = n;
+        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+    }
+
+   for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
+   {
+        if( *src == '\r' || *src == '\n' || *src == ' ' )
+            continue;
+
+        j -= ( base64_dec_map[*src] == 64 );
+        x  = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
+
+        if( ++n == 4 )
+        {
+            n = 0;
+            if( j > 0 ) *p++ = (unsigned char)( x >> 16 );
+            if( j > 1 ) *p++ = (unsigned char)( x >>  8 );
+            if( j > 2 ) *p++ = (unsigned char)( x       );
+        }
+    }
+
+    *olen = p - dst;
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+static const unsigned char base64_test_dec[64] =
+{
+    0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD,
+    0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01,
+    0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09,
+    0x0C, 0xB6, 0xE9, 0x10, 0x6F, 0x22, 0xEE, 0x13,
+    0xCA, 0xB3, 0x07, 0x05, 0x76, 0xC9, 0xFA, 0x31,
+    0x6C, 0x08, 0x34, 0xFF, 0x8D, 0xC2, 0x6C, 0x38,
+    0x00, 0x43, 0xE9, 0x54, 0x97, 0xAF, 0x50, 0x4B,
+    0xD1, 0x41, 0xBA, 0x95, 0x31, 0x5A, 0x0B, 0x97
+};
+
+static const unsigned char base64_test_enc[] =
+    "JEhuVodiWr2/F9mixBcaAZTtjx4Rs9cJDLbpEG8i7hPK"
+    "swcFdsn6MWwINP+Nwmw4AEPpVJevUEvRQbqVMVoLlw==";
+
+/*
+ * Checkup routine
+ */
+int mbedtls_base64_self_test( int verbose )
+{
+    size_t len;
+    const unsigned char *src;
+    unsigned char buffer[128];
+
+    if( verbose != 0 )
+        mbedtls_printf( "  Base64 encoding test: " );
+
+    src = base64_test_dec;
+
+    if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 ||
+         memcmp( base64_test_enc, buffer, 88 ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( 1 );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n  Base64 decoding test: " );
+
+    src = base64_test_enc;
+
+    if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 ||
+         memcmp( base64_test_dec, buffer, 64 ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( 1 );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n\n" );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_BASE64_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/bignum.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2361 @@
+/*
+ *  Multi-precision integer library
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  This MPI implementation is based on:
+ *
+ *  http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf
+ *  http://www.stillhq.com/extracted/gnupg-api/mpi/
+ *  http://math.libtomcrypt.com/files/tommath.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+#include "mbedtls/bignum.h"
+#include "mbedtls/bn_mul.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_printf     printf
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+#define ciL    (sizeof(mbedtls_mpi_uint))         /* chars in limb  */
+#define biL    (ciL << 3)               /* bits  in limb  */
+#define biH    (ciL << 2)               /* half limb size */
+
+#define MPI_SIZE_T_MAX  ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
+
+/*
+ * Convert between bits/chars and number of limbs
+ * Divide first in order to avoid potential overflows
+ */
+#define BITS_TO_LIMBS(i)  ( (i) / biL + ( (i) % biL != 0 ) )
+#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
+
+/*
+ * Initialize one MPI
+ */
+void mbedtls_mpi_init( mbedtls_mpi *X )
+{
+    if( X == NULL )
+        return;
+
+    X->s = 1;
+    X->n = 0;
+    X->p = NULL;
+}
+
+/*
+ * Unallocate one MPI
+ */
+void mbedtls_mpi_free( mbedtls_mpi *X )
+{
+    if( X == NULL )
+        return;
+
+    if( X->p != NULL )
+    {
+        mbedtls_zeroize( X->p, X->n * ciL );
+        mbedtls_free( X->p );
+    }
+
+    X->s = 1;
+    X->n = 0;
+    X->p = NULL;
+}
+
+/*
+ * Enlarge to the specified number of limbs
+ */
+int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
+{
+    mbedtls_mpi_uint *p;
+
+    if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
+        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+
+    if( X->n < nblimbs )
+    {
+        if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL )
+            return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+
+        if( X->p != NULL )
+        {
+            memcpy( p, X->p, X->n * ciL );
+            mbedtls_zeroize( X->p, X->n * ciL );
+            mbedtls_free( X->p );
+        }
+
+        X->n = nblimbs;
+        X->p = p;
+    }
+
+    return( 0 );
+}
+
+/*
+ * Resize down as much as possible,
+ * while keeping at least the specified number of limbs
+ */
+int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
+{
+    mbedtls_mpi_uint *p;
+    size_t i;
+
+    /* Actually resize up in this case */
+    if( X->n <= nblimbs )
+        return( mbedtls_mpi_grow( X, nblimbs ) );
+
+    for( i = X->n - 1; i > 0; i-- )
+        if( X->p[i] != 0 )
+            break;
+    i++;
+
+    if( i < nblimbs )
+        i = nblimbs;
+
+    if( ( p = mbedtls_calloc( i, ciL ) ) == NULL )
+        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+
+    if( X->p != NULL )
+    {
+        memcpy( p, X->p, i * ciL );
+        mbedtls_zeroize( X->p, X->n * ciL );
+        mbedtls_free( X->p );
+    }
+
+    X->n = i;
+    X->p = p;
+
+    return( 0 );
+}
+
+/*
+ * Copy the contents of Y into X
+ */
+int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
+{
+    int ret;
+    size_t i;
+
+    if( X == Y )
+        return( 0 );
+
+    if( Y->p == NULL )
+    {
+        mbedtls_mpi_free( X );
+        return( 0 );
+    }
+
+    for( i = Y->n - 1; i > 0; i-- )
+        if( Y->p[i] != 0 )
+            break;
+    i++;
+
+    X->s = Y->s;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
+
+    memset( X->p, 0, X->n * ciL );
+    memcpy( X->p, Y->p, i * ciL );
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Swap the contents of X and Y
+ */
+void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
+{
+    mbedtls_mpi T;
+
+    memcpy( &T,  X, sizeof( mbedtls_mpi ) );
+    memcpy(  X,  Y, sizeof( mbedtls_mpi ) );
+    memcpy(  Y, &T, sizeof( mbedtls_mpi ) );
+}
+
+/*
+ * Conditionally assign X = Y, without leaking information
+ * about whether the assignment was made or not.
+ * (Leaking information about the respective sizes of X and Y is ok however.)
+ */
+int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign )
+{
+    int ret = 0;
+    size_t i;
+
+    /* make sure assign is 0 or 1 in a time-constant manner */
+    assign = (assign | (unsigned char)-assign) >> 7;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
+
+    X->s = X->s * ( 1 - assign ) + Y->s * assign;
+
+    for( i = 0; i < Y->n; i++ )
+        X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign;
+
+    for( ; i < X->n; i++ )
+        X->p[i] *= ( 1 - assign );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Conditionally swap X and Y, without leaking information
+ * about whether the swap was made or not.
+ * Here it is not ok to simply swap the pointers, which whould lead to
+ * different memory access patterns when X and Y are used afterwards.
+ */
+int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap )
+{
+    int ret, s;
+    size_t i;
+    mbedtls_mpi_uint tmp;
+
+    if( X == Y )
+        return( 0 );
+
+    /* make sure swap is 0 or 1 in a time-constant manner */
+    swap = (swap | (unsigned char)-swap) >> 7;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
+
+    s = X->s;
+    X->s = X->s * ( 1 - swap ) + Y->s * swap;
+    Y->s = Y->s * ( 1 - swap ) +    s * swap;
+
+
+    for( i = 0; i < X->n; i++ )
+    {
+        tmp = X->p[i];
+        X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap;
+        Y->p[i] = Y->p[i] * ( 1 - swap ) +     tmp * swap;
+    }
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Set value from integer
+ */
+int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
+{
+    int ret;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
+    memset( X->p, 0, X->n * ciL );
+
+    X->p[0] = ( z < 0 ) ? -z : z;
+    X->s    = ( z < 0 ) ? -1 : 1;
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Get a specific bit
+ */
+int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
+{
+    if( X->n * biL <= pos )
+        return( 0 );
+
+    return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
+}
+
+/*
+ * Set a bit to a specific value of 0 or 1
+ */
+int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
+{
+    int ret = 0;
+    size_t off = pos / biL;
+    size_t idx = pos % biL;
+
+    if( val != 0 && val != 1 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    if( X->n * biL <= pos )
+    {
+        if( val == 0 )
+            return( 0 );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) );
+    }
+
+    X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx );
+    X->p[off] |= (mbedtls_mpi_uint) val << idx;
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Return the number of less significant zero-bits
+ */
+size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
+{
+    size_t i, j, count = 0;
+
+    for( i = 0; i < X->n; i++ )
+        for( j = 0; j < biL; j++, count++ )
+            if( ( ( X->p[i] >> j ) & 1 ) != 0 )
+                return( count );
+
+    return( 0 );
+}
+
+/*
+ * Return the number of bits
+ */
+size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
+{
+    size_t i, j;
+
+    if( X->n == 0 )
+        return( 0 );
+
+    for( i = X->n - 1; i > 0; i-- )
+        if( X->p[i] != 0 )
+            break;
+
+    for( j = biL; j > 0; j-- )
+        if( ( ( X->p[i] >> ( j - 1 ) ) & 1 ) != 0 )
+            break;
+
+    return( ( i * biL ) + j );
+}
+
+/*
+ * Return the total size in bytes
+ */
+size_t mbedtls_mpi_size( const mbedtls_mpi *X )
+{
+    return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 );
+}
+
+/*
+ * Convert an ASCII character to digit value
+ */
+static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
+{
+    *d = 255;
+
+    if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
+    if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
+    if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
+
+    if( *d >= (mbedtls_mpi_uint) radix )
+        return( MBEDTLS_ERR_MPI_INVALID_CHARACTER );
+
+    return( 0 );
+}
+
+/*
+ * Import from an ASCII string
+ */
+int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
+{
+    int ret;
+    size_t i, j, slen, n;
+    mbedtls_mpi_uint d;
+    mbedtls_mpi T;
+
+    if( radix < 2 || radix > 16 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    mbedtls_mpi_init( &T );
+
+    slen = strlen( s );
+
+    if( radix == 16 )
+    {
+        if( slen > MPI_SIZE_T_MAX >> 2 )
+            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+        n = BITS_TO_LIMBS( slen << 2 );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+
+        for( i = slen, j = 0; i > 0; i--, j++ )
+        {
+            if( i == 1 && s[i - 1] == '-' )
+            {
+                X->s = -1;
+                break;
+            }
+
+            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
+            X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
+        }
+    }
+    else
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+
+        for( i = 0; i < slen; i++ )
+        {
+            if( i == 0 && s[i] == '-' )
+            {
+                X->s = -1;
+                continue;
+            }
+
+            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
+
+            if( X->s == 1 )
+            {
+                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
+            }
+            else
+            {
+                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
+            }
+        }
+    }
+
+cleanup:
+
+    mbedtls_mpi_free( &T );
+
+    return( ret );
+}
+
+/*
+ * Helper to write the digits high-order first
+ */
+static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
+{
+    int ret;
+    mbedtls_mpi_uint r;
+
+    if( radix < 2 || radix > 16 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
+
+    if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
+        MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
+
+    if( r < 10 )
+        *(*p)++ = (char)( r + 0x30 );
+    else
+        *(*p)++ = (char)( r + 0x37 );
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Export into an ASCII string
+ */
+int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
+                              char *buf, size_t buflen, size_t *olen )
+{
+    int ret = 0;
+    size_t n;
+    char *p;
+    mbedtls_mpi T;
+
+    if( radix < 2 || radix > 16 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    n = mbedtls_mpi_bitlen( X );
+    if( radix >=  4 ) n >>= 1;
+    if( radix >= 16 ) n >>= 1;
+    n += 3;
+
+    if( buflen < n )
+    {
+        *olen = n;
+        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+    }
+
+    p = buf;
+    mbedtls_mpi_init( &T );
+
+    if( X->s == -1 )
+        *p++ = '-';
+
+    if( radix == 16 )
+    {
+        int c;
+        size_t i, j, k;
+
+        for( i = X->n, k = 0; i > 0; i-- )
+        {
+            for( j = ciL; j > 0; j-- )
+            {
+                c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
+
+                if( c == 0 && k == 0 && ( i + j ) != 2 )
+                    continue;
+
+                *(p++) = "0123456789ABCDEF" [c / 16];
+                *(p++) = "0123456789ABCDEF" [c % 16];
+                k = 1;
+            }
+        }
+    }
+    else
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) );
+
+        if( T.s == -1 )
+            T.s = 1;
+
+        MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
+    }
+
+    *p++ = '\0';
+    *olen = p - buf;
+
+cleanup:
+
+    mbedtls_mpi_free( &T );
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_FS_IO)
+/*
+ * Read X from an opened file
+ */
+int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
+{
+    mbedtls_mpi_uint d;
+    size_t slen;
+    char *p;
+    /*
+     * Buffer should have space for (short) label and decimal formatted MPI,
+     * newline characters and '\0'
+     */
+    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
+
+    memset( s, 0, sizeof( s ) );
+    if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
+        return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
+
+    slen = strlen( s );
+    if( slen == sizeof( s ) - 2 )
+        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+
+    if( s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
+    if( s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
+
+    p = s + slen;
+    while( --p >= s )
+        if( mpi_get_digit( &d, radix, *p ) != 0 )
+            break;
+
+    return( mbedtls_mpi_read_string( X, radix, p + 1 ) );
+}
+
+/*
+ * Write X into an opened file (or stdout if fout == NULL)
+ */
+int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
+{
+    int ret;
+    size_t n, slen, plen;
+    /*
+     * Buffer should have space for (short) label and decimal formatted MPI,
+     * newline characters and '\0'
+     */
+    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
+
+    memset( s, 0, sizeof( s ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) );
+
+    if( p == NULL ) p = "";
+
+    plen = strlen( p );
+    slen = strlen( s );
+    s[slen++] = '\r';
+    s[slen++] = '\n';
+
+    if( fout != NULL )
+    {
+        if( fwrite( p, 1, plen, fout ) != plen ||
+            fwrite( s, 1, slen, fout ) != slen )
+            return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
+    }
+    else
+        mbedtls_printf( "%s%s", p, s );
+
+cleanup:
+
+    return( ret );
+}
+#endif /* MBEDTLS_FS_IO */
+
+/*
+ * Import X from unsigned binary data, big endian
+ */
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
+{
+    int ret;
+    size_t i, j, n;
+
+    for( n = 0; n < buflen; n++ )
+        if( buf[n] != 0 )
+            break;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+
+    for( i = buflen, j = 0; i > n; i--, j++ )
+        X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Export X into unsigned binary data, big endian
+ */
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen )
+{
+    size_t i, j, n;
+
+    n = mbedtls_mpi_size( X );
+
+    if( buflen < n )
+        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+
+    memset( buf, 0, buflen );
+
+    for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
+        buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
+
+    return( 0 );
+}
+
+/*
+ * Left-shift: X <<= count
+ */
+int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
+{
+    int ret;
+    size_t i, v0, t1;
+    mbedtls_mpi_uint r0 = 0, r1;
+
+    v0 = count / (biL    );
+    t1 = count & (biL - 1);
+
+    i = mbedtls_mpi_bitlen( X ) + count;
+
+    if( X->n * biL < i )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) );
+
+    ret = 0;
+
+    /*
+     * shift by count / limb_size
+     */
+    if( v0 > 0 )
+    {
+        for( i = X->n; i > v0; i-- )
+            X->p[i - 1] = X->p[i - v0 - 1];
+
+        for( ; i > 0; i-- )
+            X->p[i - 1] = 0;
+    }
+
+    /*
+     * shift by count % limb_size
+     */
+    if( t1 > 0 )
+    {
+        for( i = v0; i < X->n; i++ )
+        {
+            r1 = X->p[i] >> (biL - t1);
+            X->p[i] <<= t1;
+            X->p[i] |= r0;
+            r0 = r1;
+        }
+    }
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Right-shift: X >>= count
+ */
+int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
+{
+    size_t i, v0, v1;
+    mbedtls_mpi_uint r0 = 0, r1;
+
+    v0 = count /  biL;
+    v1 = count & (biL - 1);
+
+    if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
+        return mbedtls_mpi_lset( X, 0 );
+
+    /*
+     * shift by count / limb_size
+     */
+    if( v0 > 0 )
+    {
+        for( i = 0; i < X->n - v0; i++ )
+            X->p[i] = X->p[i + v0];
+
+        for( ; i < X->n; i++ )
+            X->p[i] = 0;
+    }
+
+    /*
+     * shift by count % limb_size
+     */
+    if( v1 > 0 )
+    {
+        for( i = X->n; i > 0; i-- )
+        {
+            r1 = X->p[i - 1] << (biL - v1);
+            X->p[i - 1] >>= v1;
+            X->p[i - 1] |= r0;
+            r0 = r1;
+        }
+    }
+
+    return( 0 );
+}
+
+/*
+ * Compare unsigned values
+ */
+int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
+{
+    size_t i, j;
+
+    for( i = X->n; i > 0; i-- )
+        if( X->p[i - 1] != 0 )
+            break;
+
+    for( j = Y->n; j > 0; j-- )
+        if( Y->p[j - 1] != 0 )
+            break;
+
+    if( i == 0 && j == 0 )
+        return( 0 );
+
+    if( i > j ) return(  1 );
+    if( j > i ) return( -1 );
+
+    for( ; i > 0; i-- )
+    {
+        if( X->p[i - 1] > Y->p[i - 1] ) return(  1 );
+        if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Compare signed values
+ */
+int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
+{
+    size_t i, j;
+
+    for( i = X->n; i > 0; i-- )
+        if( X->p[i - 1] != 0 )
+            break;
+
+    for( j = Y->n; j > 0; j-- )
+        if( Y->p[j - 1] != 0 )
+            break;
+
+    if( i == 0 && j == 0 )
+        return( 0 );
+
+    if( i > j ) return(  X->s );
+    if( j > i ) return( -Y->s );
+
+    if( X->s > 0 && Y->s < 0 ) return(  1 );
+    if( Y->s > 0 && X->s < 0 ) return( -1 );
+
+    for( ; i > 0; i-- )
+    {
+        if( X->p[i - 1] > Y->p[i - 1] ) return(  X->s );
+        if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Compare signed values
+ */
+int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
+{
+    mbedtls_mpi Y;
+    mbedtls_mpi_uint p[1];
+
+    *p  = ( z < 0 ) ? -z : z;
+    Y.s = ( z < 0 ) ? -1 : 1;
+    Y.n = 1;
+    Y.p = p;
+
+    return( mbedtls_mpi_cmp_mpi( X, &Y ) );
+}
+
+/*
+ * Unsigned addition: X = |A| + |B|  (HAC 14.7)
+ */
+int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    int ret;
+    size_t i, j;
+    mbedtls_mpi_uint *o, *p, c;
+
+    if( X == B )
+    {
+        const mbedtls_mpi *T = A; A = X; B = T;
+    }
+
+    if( X != A )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
+
+    /*
+     * X should always be positive as a result of unsigned additions.
+     */
+    X->s = 1;
+
+    for( j = B->n; j > 0; j-- )
+        if( B->p[j - 1] != 0 )
+            break;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
+
+    o = B->p; p = X->p; c = 0;
+
+    for( i = 0; i < j; i++, o++, p++ )
+    {
+        *p +=  c; c  = ( *p <  c );
+        *p += *o; c += ( *p < *o );
+    }
+
+    while( c != 0 )
+    {
+        if( i >= X->n )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) );
+            p = X->p + i;
+        }
+
+        *p += c; c = ( *p < c ); i++; p++;
+    }
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Helper for mbedtls_mpi subtraction
+ */
+static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
+{
+    size_t i;
+    mbedtls_mpi_uint c, z;
+
+    for( i = c = 0; i < n; i++, s++, d++ )
+    {
+        z = ( *d <  c );     *d -=  c;
+        c = ( *d < *s ) + z; *d -= *s;
+    }
+
+    while( c != 0 )
+    {
+        z = ( *d < c ); *d -= c;
+        c = z; i++; d++;
+    }
+}
+
+/*
+ * Unsigned subtraction: X = |A| - |B|  (HAC 14.9)
+ */
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    mbedtls_mpi TB;
+    int ret;
+    size_t n;
+
+    if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
+        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+
+    mbedtls_mpi_init( &TB );
+
+    if( X == B )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
+        B = &TB;
+    }
+
+    if( X != A )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
+
+    /*
+     * X should always be positive as a result of unsigned subtractions.
+     */
+    X->s = 1;
+
+    ret = 0;
+
+    for( n = B->n; n > 0; n-- )
+        if( B->p[n - 1] != 0 )
+            break;
+
+    mpi_sub_hlp( n, B->p, X->p );
+
+cleanup:
+
+    mbedtls_mpi_free( &TB );
+
+    return( ret );
+}
+
+/*
+ * Signed addition: X = A + B
+ */
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    int ret, s = A->s;
+
+    if( A->s * B->s < 0 )
+    {
+        if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
+            X->s =  s;
+        }
+        else
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
+            X->s = -s;
+        }
+    }
+    else
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
+        X->s = s;
+    }
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Signed subtraction: X = A - B
+ */
+int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    int ret, s = A->s;
+
+    if( A->s * B->s > 0 )
+    {
+        if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
+            X->s =  s;
+        }
+        else
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
+            X->s = -s;
+        }
+    }
+    else
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
+        X->s = s;
+    }
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Signed addition: X = A + b
+ */
+int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+{
+    mbedtls_mpi _B;
+    mbedtls_mpi_uint p[1];
+
+    p[0] = ( b < 0 ) ? -b : b;
+    _B.s = ( b < 0 ) ? -1 : 1;
+    _B.n = 1;
+    _B.p = p;
+
+    return( mbedtls_mpi_add_mpi( X, A, &_B ) );
+}
+
+/*
+ * Signed subtraction: X = A - b
+ */
+int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+{
+    mbedtls_mpi _B;
+    mbedtls_mpi_uint p[1];
+
+    p[0] = ( b < 0 ) ? -b : b;
+    _B.s = ( b < 0 ) ? -1 : 1;
+    _B.n = 1;
+    _B.p = p;
+
+    return( mbedtls_mpi_sub_mpi( X, A, &_B ) );
+}
+
+/*
+ * Helper for mbedtls_mpi multiplication
+ */
+static
+#if defined(__APPLE__) && defined(__arm__)
+/*
+ * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
+ * appears to need this to prevent bad ARM code generation at -O3.
+ */
+__attribute__ ((noinline))
+#endif
+void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b )
+{
+    mbedtls_mpi_uint c = 0, t = 0;
+
+#if defined(MULADDC_HUIT)
+    for( ; i >= 8; i -= 8 )
+    {
+        MULADDC_INIT
+        MULADDC_HUIT
+        MULADDC_STOP
+    }
+
+    for( ; i > 0; i-- )
+    {
+        MULADDC_INIT
+        MULADDC_CORE
+        MULADDC_STOP
+    }
+#else /* MULADDC_HUIT */
+    for( ; i >= 16; i -= 16 )
+    {
+        MULADDC_INIT
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_CORE   MULADDC_CORE
+
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_STOP
+    }
+
+    for( ; i >= 8; i -= 8 )
+    {
+        MULADDC_INIT
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_CORE   MULADDC_CORE
+
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_CORE   MULADDC_CORE
+        MULADDC_STOP
+    }
+
+    for( ; i > 0; i-- )
+    {
+        MULADDC_INIT
+        MULADDC_CORE
+        MULADDC_STOP
+    }
+#endif /* MULADDC_HUIT */
+
+    t++;
+
+    do {
+        *d += c; c = ( *d < c ); d++;
+    }
+    while( c != 0 );
+}
+
+/*
+ * Baseline multiplication: X = A * B  (HAC 14.12)
+ */
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    int ret;
+    size_t i, j;
+    mbedtls_mpi TA, TB;
+
+    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
+
+    if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
+    if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
+
+    for( i = A->n; i > 0; i-- )
+        if( A->p[i - 1] != 0 )
+            break;
+
+    for( j = B->n; j > 0; j-- )
+        if( B->p[j - 1] != 0 )
+            break;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+
+    for( i++; j > 0; j-- )
+        mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
+
+    X->s = A->s * B->s;
+
+cleanup:
+
+    mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA );
+
+    return( ret );
+}
+
+/*
+ * Baseline multiplication: X = A * b
+ */
+int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
+{
+    mbedtls_mpi _B;
+    mbedtls_mpi_uint p[1];
+
+    _B.s = 1;
+    _B.n = 1;
+    _B.p = p;
+    p[0] = b;
+
+    return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
+}
+
+/*
+ * Division by mbedtls_mpi: A = Q * B + R  (HAC 14.20)
+ */
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    int ret;
+    size_t i, n, t, k;
+    mbedtls_mpi X, Y, Z, T1, T2;
+
+    if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
+        return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
+
+    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
+    mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
+
+    if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
+    {
+        if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) );
+        if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) );
+        return( 0 );
+    }
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) );
+    X.s = Y.s = 1;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z,  0 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T2, 3 ) );
+
+    k = mbedtls_mpi_bitlen( &Y ) % biL;
+    if( k < biL - 1 )
+    {
+        k = biL - 1 - k;
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) );
+    }
+    else k = 0;
+
+    n = X.n - 1;
+    t = Y.n - 1;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) );
+
+    while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 )
+    {
+        Z.p[n - t]++;
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) );
+    }
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) );
+
+    for( i = n; i > t ; i-- )
+    {
+        if( X.p[i] >= Y.p[t] )
+            Z.p[i - t - 1] = ~0;
+        else
+        {
+#if defined(MBEDTLS_HAVE_UDBL)
+            mbedtls_t_udbl r;
+
+            r  = (mbedtls_t_udbl) X.p[i] << biL;
+            r |= (mbedtls_t_udbl) X.p[i - 1];
+            r /= Y.p[t];
+            if( r > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
+                r = ( (mbedtls_t_udbl) 1 << biL ) - 1;
+
+            Z.p[i - t - 1] = (mbedtls_mpi_uint) r;
+#else
+            /*
+             * __udiv_qrnnd_c, from gmp/longlong.h
+             */
+            mbedtls_mpi_uint q0, q1, r0, r1;
+            mbedtls_mpi_uint d0, d1, d, m;
+
+            d  = Y.p[t];
+            d0 = ( d << biH ) >> biH;
+            d1 = ( d >> biH );
+
+            q1 = X.p[i] / d1;
+            r1 = X.p[i] - d1 * q1;
+            r1 <<= biH;
+            r1 |= ( X.p[i - 1] >> biH );
+
+            m = q1 * d0;
+            if( r1 < m )
+            {
+                q1--, r1 += d;
+                while( r1 >= d && r1 < m )
+                    q1--, r1 += d;
+            }
+            r1 -= m;
+
+            q0 = r1 / d1;
+            r0 = r1 - d1 * q0;
+            r0 <<= biH;
+            r0 |= ( X.p[i - 1] << biH ) >> biH;
+
+            m = q0 * d0;
+            if( r0 < m )
+            {
+                q0--, r0 += d;
+                while( r0 >= d && r0 < m )
+                    q0--, r0 += d;
+            }
+            r0 -= m;
+
+            Z.p[i - t - 1] = ( q1 << biH ) | q0;
+#endif /* MBEDTLS_HAVE_UDBL && !64-bit Apple with Clang 5.0 */
+        }
+
+        Z.p[i - t - 1]++;
+        do
+        {
+            Z.p[i - t - 1]--;
+
+            MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) );
+            T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
+            T1.p[1] = Y.p[t];
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
+
+            MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T2, 0 ) );
+            T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
+            T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
+            T2.p[2] = X.p[i];
+        }
+        while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1,  biL * ( i - t - 1 ) ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );
+
+        if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) );
+            Z.p[i - t - 1]--;
+        }
+    }
+
+    if( Q != NULL )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) );
+        Q->s = A->s * B->s;
+    }
+
+    if( R != NULL )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) );
+        X.s = A->s;
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) );
+
+        if( mbedtls_mpi_cmp_int( R, 0 ) == 0 )
+            R->s = 1;
+    }
+
+cleanup:
+
+    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
+    mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
+
+    return( ret );
+}
+
+/*
+ * Division by int: A = Q * b + R
+ */
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+{
+    mbedtls_mpi _B;
+    mbedtls_mpi_uint p[1];
+
+    p[0] = ( b < 0 ) ? -b : b;
+    _B.s = ( b < 0 ) ? -1 : 1;
+    _B.n = 1;
+    _B.p = p;
+
+    return( mbedtls_mpi_div_mpi( Q, R, A, &_B ) );
+}
+
+/*
+ * Modulo: R = A mod B
+ */
+int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    int ret;
+
+    if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
+        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) );
+
+    while( mbedtls_mpi_cmp_int( R, 0 ) < 0 )
+      MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) );
+
+    while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 )
+      MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) );
+
+cleanup:
+
+    return( ret );
+}
+
+/*
+ * Modulo: r = A mod b
+ */
+int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b )
+{
+    size_t i;
+    mbedtls_mpi_uint x, y, z;
+
+    if( b == 0 )
+        return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
+
+    if( b < 0 )
+        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
+
+    /*
+     * handle trivial cases
+     */
+    if( b == 1 )
+    {
+        *r = 0;
+        return( 0 );
+    }
+
+    if( b == 2 )
+    {
+        *r = A->p[0] & 1;
+        return( 0 );
+    }
+
+    /*
+     * general case
+     */
+    for( i = A->n, y = 0; i > 0; i-- )
+    {
+        x  = A->p[i - 1];
+        y  = ( y << biH ) | ( x >> biH );
+        z  = y / b;
+        y -= z * b;
+
+        x <<= biH;
+        y  = ( y << biH ) | ( x >> biH );
+        z  = y / b;
+        y -= z * b;
+    }
+
+    /*
+     * If A is negative, then the current y represents a negative value.
+     * Flipping it to the positive side.
+     */
+    if( A->s < 0 && y != 0 )
+        y = b - y;
+
+    *r = y;
+
+    return( 0 );
+}
+
+/*
+ * Fast Montgomery initialization (thanks to Tom St Denis)
+ */
+static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
+{
+    mbedtls_mpi_uint x, m0 = N->p[0];
+    unsigned int i;
+
+    x  = m0;
+    x += ( ( m0 + 2 ) & 4 ) << 1;
+
+    for( i = biL; i >= 8; i /= 2 )
+        x *= ( 2 - ( m0 * x ) );
+
+    *mm = ~x + 1;
+}
+
+/*
+ * Montgomery multiplication: A = A * B * R^-1 mod N  (HAC 14.36)
+ */
+static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
+                         const mbedtls_mpi *T )
+{
+    size_t i, n, m;
+    mbedtls_mpi_uint u0, u1, *d;
+
+    memset( T->p, 0, T->n * ciL );
+
+    d = T->p;
+    n = N->n;
+    m = ( B->n < n ) ? B->n : n;
+
+    for( i = 0; i < n; i++ )
+    {
+        /*
+         * T = (T + u0*B + u1*N) / 2^biL
+         */
+        u0 = A->p[i];
+        u1 = ( d[0] + u0 * B->p[0] ) * mm;
+
+        mpi_mul_hlp( m, B->p, d, u0 );
+        mpi_mul_hlp( n, N->p, d, u1 );
+
+        *d++ = u0; d[n + 1] = 0;
+    }
+
+    memcpy( A->p, d, ( n + 1 ) * ciL );
+
+    if( mbedtls_mpi_cmp_abs( A, N ) >= 0 )
+        mpi_sub_hlp( n, N->p, A->p );
+    else
+        /* prevent timing attacks */
+        mpi_sub_hlp( n, A->p, T->p );
+}
+
+/*
+ * Montgomery reduction: A = A * R^-1 mod N
+ */
+static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
+{
+    mbedtls_mpi_uint z = 1;
+    mbedtls_mpi U;
+
+    U.n = U.s = (int) z;
+    U.p = &z;
+
+    mpi_montmul( A, &U, N, mm, T );
+}
+
+/*
+ * Sliding-window exponentiation: X = A^E mod N  (HAC 14.85)
+ */
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR )
+{
+    int ret;
+    size_t wbits, wsize, one = 1;
+    size_t i, j, nblimbs;
+    size_t bufsize, nbits;
+    mbedtls_mpi_uint ei, mm, state;
+    mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
+    int neg;
+
+    if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    /*
+     * Init temps and window size
+     */
+    mpi_montg_init( &mm, N );
+    mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
+    mbedtls_mpi_init( &Apos );
+    memset( W, 0, sizeof( W ) );
+
+    i = mbedtls_mpi_bitlen( E );
+
+    wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
+            ( i >  79 ) ? 4 : ( i >  23 ) ? 3 : 1;
+
+    if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
+        wsize = MBEDTLS_MPI_WINDOW_SIZE;
+
+    j = N->n + 1;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1],  j ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
+
+    /*
+     * Compensate for negative A (and correct at the end)
+     */
+    neg = ( A->s == -1 );
+    if( neg )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) );
+        Apos.s = 1;
+        A = &Apos;
+    }
+
+    /*
+     * If 1st call, pre-compute R^2 mod N
+     */
+    if( _RR == NULL || _RR->p == NULL )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) );
+
+        if( _RR != NULL )
+            memcpy( _RR, &RR, sizeof( mbedtls_mpi ) );
+    }
+    else
+        memcpy( &RR, _RR, sizeof( mbedtls_mpi ) );
+
+    /*
+     * W[1] = A * R^2 * R^-1 mod N = A * R mod N
+     */
+    if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
+    else
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
+
+    mpi_montmul( &W[1], &RR, N, mm, &T );
+
+    /*
+     * X = R^2 * R^-1 mod N = R mod N
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
+    mpi_montred( X, N, mm, &T );
+
+    if( wsize > 1 )
+    {
+        /*
+         * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1)
+         */
+        j =  one << ( wsize - 1 );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1]    ) );
+
+        for( i = 0; i < wsize - 1; i++ )
+            mpi_montmul( &W[j], &W[j], N, mm, &T );
+
+        /*
+         * W[i] = W[i - 1] * W[1]
+         */
+        for( i = j + 1; i < ( one << wsize ); i++ )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
+
+            mpi_montmul( &W[i], &W[1], N, mm, &T );
+        }
+    }
+
+    nblimbs = E->n;
+    bufsize = 0;
+    nbits   = 0;
+    wbits   = 0;
+    state   = 0;
+
+    while( 1 )
+    {
+        if( bufsize == 0 )
+        {
+            if( nblimbs == 0 )
+                break;
+
+            nblimbs--;
+
+            bufsize = sizeof( mbedtls_mpi_uint ) << 3;
+        }
+
+        bufsize--;
+
+        ei = (E->p[nblimbs] >> bufsize) & 1;
+
+        /*
+         * skip leading 0s
+         */
+        if( ei == 0 && state == 0 )
+            continue;
+
+        if( ei == 0 && state == 1 )
+        {
+            /*
+             * out of window, square X
+             */
+            mpi_montmul( X, X, N, mm, &T );
+            continue;
+        }
+
+        /*
+         * add ei to current window
+         */
+        state = 2;
+
+        nbits++;
+        wbits |= ( ei << ( wsize - nbits ) );
+
+        if( nbits == wsize )
+        {
+            /*
+             * X = X^wsize R^-1 mod N
+             */
+            for( i = 0; i < wsize; i++ )
+                mpi_montmul( X, X, N, mm, &T );
+
+            /*
+             * X = X * W[wbits] R^-1 mod N
+             */
+            mpi_montmul( X, &W[wbits], N, mm, &T );
+
+            state--;
+            nbits = 0;
+            wbits = 0;
+        }
+    }
+
+    /*
+     * process the remaining bits
+     */
+    for( i = 0; i < nbits; i++ )
+    {
+        mpi_montmul( X, X, N, mm, &T );
+
+        wbits <<= 1;
+
+        if( ( wbits & ( one << wsize ) ) != 0 )
+            mpi_montmul( X, &W[1], N, mm, &T );
+    }
+
+    /*
+     * X = A^E * R * R^-1 mod N = A^E mod N
+     */
+    mpi_montred( X, N, mm, &T );
+
+    if( neg )
+    {
+        X->s = -1;
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) );
+    }
+
+cleanup:
+
+    for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ )
+        mbedtls_mpi_free( &W[i] );
+
+    mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos );
+
+    if( _RR == NULL || _RR->p == NULL )
+        mbedtls_mpi_free( &RR );
+
+    return( ret );
+}
+
+/*
+ * Greatest common divisor: G = gcd(A, B)  (HAC 14.54)
+ */
+int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
+{
+    int ret;
+    size_t lz, lzt;
+    mbedtls_mpi TG, TA, TB;
+
+    mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
+
+    lz = mbedtls_mpi_lsb( &TA );
+    lzt = mbedtls_mpi_lsb( &TB );
+
+    if( lzt < lz )
+        lz = lzt;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) );
+
+    TA.s = TB.s = 1;
+
+    while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
+
+        if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) );
+        }
+        else
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
+        }
+    }
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
+
+cleanup:
+
+    mbedtls_mpi_free( &TG ); mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
+
+    return( ret );
+}
+
+/*
+ * Fill X with size bytes of random.
+ *
+ * Use a temporary bytes representation to make sure the result is the same
+ * regardless of the platform endianness (useful when f_rng is actually
+ * deterministic, eg for tests).
+ */
+int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng )
+{
+    int ret;
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+
+    if( size > MBEDTLS_MPI_MAX_SIZE )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    MBEDTLS_MPI_CHK( f_rng( p_rng, buf, size ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Modular inverse: X = A^-1 mod N  (HAC 14.61 / 14.64)
+ */
+int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
+{
+    int ret;
+    mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
+
+    if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 );
+    mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV );
+    mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
+
+    if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
+    {
+        ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+        goto cleanup;
+    }
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
+
+    do
+    {
+        while( ( TU.p[0] & 1 ) == 0 )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) );
+
+            if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
+            {
+                MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
+                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
+            }
+
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) );
+        }
+
+        while( ( TV.p[0] & 1 ) == 0 )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) );
+
+            if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
+            {
+                MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
+                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
+            }
+
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) );
+        }
+
+        if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 )
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
+        }
+        else
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
+        }
+    }
+    while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 );
+
+    while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
+
+    while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
+
+cleanup:
+
+    mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 );
+    mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV );
+    mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 );
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_GENPRIME)
+
+static const int small_prime[] =
+{
+        3,    5,    7,   11,   13,   17,   19,   23,
+       29,   31,   37,   41,   43,   47,   53,   59,
+       61,   67,   71,   73,   79,   83,   89,   97,
+      101,  103,  107,  109,  113,  127,  131,  137,
+      139,  149,  151,  157,  163,  167,  173,  179,
+      181,  191,  193,  197,  199,  211,  223,  227,
+      229,  233,  239,  241,  251,  257,  263,  269,
+      271,  277,  281,  283,  293,  307,  311,  313,
+      317,  331,  337,  347,  349,  353,  359,  367,
+      373,  379,  383,  389,  397,  401,  409,  419,
+      421,  431,  433,  439,  443,  449,  457,  461,
+      463,  467,  479,  487,  491,  499,  503,  509,
+      521,  523,  541,  547,  557,  563,  569,  571,
+      577,  587,  593,  599,  601,  607,  613,  617,
+      619,  631,  641,  643,  647,  653,  659,  661,
+      673,  677,  683,  691,  701,  709,  719,  727,
+      733,  739,  743,  751,  757,  761,  769,  773,
+      787,  797,  809,  811,  821,  823,  827,  829,
+      839,  853,  857,  859,  863,  877,  881,  883,
+      887,  907,  911,  919,  929,  937,  941,  947,
+      953,  967,  971,  977,  983,  991,  997, -103
+};
+
+/*
+ * Small divisors test (X must be positive)
+ *
+ * Return values:
+ * 0: no small factor (possible prime, more tests needed)
+ * 1: certain prime
+ * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime
+ * other negative: error
+ */
+static int mpi_check_small_factors( const mbedtls_mpi *X )
+{
+    int ret = 0;
+    size_t i;
+    mbedtls_mpi_uint r;
+
+    if( ( X->p[0] & 1 ) == 0 )
+        return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+
+    for( i = 0; small_prime[i] > 0; i++ )
+    {
+        if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 )
+            return( 1 );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) );
+
+        if( r == 0 )
+            return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+    }
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Miller-Rabin pseudo-primality test  (HAC 4.24)
+ */
+static int mpi_miller_rabin( const mbedtls_mpi *X,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng )
+{
+    int ret, count;
+    size_t i, j, k, n, s;
+    mbedtls_mpi W, R, T, A, RR;
+
+    mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
+    mbedtls_mpi_init( &RR );
+
+    /*
+     * W = |X| - 1
+     * R = W >> lsb( W )
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) );
+    s = mbedtls_mpi_lsb( &W );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
+
+    i = mbedtls_mpi_bitlen( X );
+    /*
+     * HAC, table 4.4
+     */
+    n = ( ( i >= 1300 ) ?  2 : ( i >=  850 ) ?  3 :
+          ( i >=  650 ) ?  4 : ( i >=  350 ) ?  8 :
+          ( i >=  250 ) ? 12 : ( i >=  150 ) ? 18 : 27 );
+
+    for( i = 0; i < n; i++ )
+    {
+        /*
+         * pick a random A, 1 < A < |X| - 1
+         */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
+
+        if( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 )
+        {
+            j = mbedtls_mpi_bitlen( &A ) - mbedtls_mpi_bitlen( &W );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j + 1 ) );
+        }
+        A.p[0] |= 3;
+
+        count = 0;
+        do {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
+
+            j = mbedtls_mpi_bitlen( &A );
+            k = mbedtls_mpi_bitlen( &W );
+            if (j > k) {
+                MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j - k ) );
+            }
+
+            if (count++ > 30) {
+                return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+            }
+
+        } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
+                  mbedtls_mpi_cmp_int( &A, 1 )  <= 0    );
+
+        /*
+         * A = A^R mod |X|
+         */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) );
+
+        if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 ||
+            mbedtls_mpi_cmp_int( &A,  1 ) == 0 )
+            continue;
+
+        j = 1;
+        while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 )
+        {
+            /*
+             * A = A * A mod |X|
+             */
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X  ) );
+
+            if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
+                break;
+
+            j++;
+        }
+
+        /*
+         * not prime if A != |X| - 1 or A == 1
+         */
+        if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ||
+            mbedtls_mpi_cmp_int( &A,  1 ) == 0 )
+        {
+            ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+            break;
+        }
+    }
+
+cleanup:
+    mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
+    mbedtls_mpi_free( &RR );
+
+    return( ret );
+}
+
+/*
+ * Pseudo-primality test: small factors, then Miller-Rabin
+ */
+int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng )
+{
+    int ret;
+    mbedtls_mpi XX;
+
+    XX.s = 1;
+    XX.n = X->n;
+    XX.p = X->p;
+
+    if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 ||
+        mbedtls_mpi_cmp_int( &XX, 1 ) == 0 )
+        return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+
+    if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 )
+        return( 0 );
+
+    if( ( ret = mpi_check_small_factors( &XX ) ) != 0 )
+    {
+        if( ret == 1 )
+            return( 0 );
+
+        return( ret );
+    }
+
+    return( mpi_miller_rabin( &XX, f_rng, p_rng ) );
+}
+
+/*
+ * Prime number generation
+ */
+int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
+                   int (*f_rng)(void *, unsigned char *, size_t),
+                   void *p_rng )
+{
+    int ret;
+    size_t k, n;
+    mbedtls_mpi_uint r;
+    mbedtls_mpi Y;
+
+    if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
+        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+    mbedtls_mpi_init( &Y );
+
+    n = BITS_TO_LIMBS( nbits );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
+
+    k = mbedtls_mpi_bitlen( X );
+    if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) );
+
+    mbedtls_mpi_set_bit( X, nbits-1, 1 );
+
+    X->p[0] |= 1;
+
+    if( dh_flag == 0 )
+    {
+        while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 )
+        {
+            if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+                goto cleanup;
+
+            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) );
+        }
+    }
+    else
+    {
+        /*
+         * An necessary condition for Y and X = 2Y + 1 to be prime
+         * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
+         * Make sure it is satisfied, while keeping X = 3 mod 4
+         */
+
+        X->p[0] |= 2;
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
+        if( r == 0 )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
+        else if( r == 1 )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
+
+        /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
+
+        while( 1 )
+        {
+            /*
+             * First, check small factors for X and Y
+             * before doing Miller-Rabin on any of them
+             */
+            if( ( ret = mpi_check_small_factors(  X         ) ) == 0 &&
+                ( ret = mpi_check_small_factors( &Y         ) ) == 0 &&
+                ( ret = mpi_miller_rabin(  X, f_rng, p_rng  ) ) == 0 &&
+                ( ret = mpi_miller_rabin( &Y, f_rng, p_rng  ) ) == 0 )
+            {
+                break;
+            }
+
+            if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+                goto cleanup;
+
+            /*
+             * Next candidates. We want to preserve Y = (X-1) / 2 and
+             * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
+             * so up Y by 6 and X by 12.
+             */
+            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int(  X,  X, 12 ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6  ) );
+        }
+    }
+
+cleanup:
+
+    mbedtls_mpi_free( &Y );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_GENPRIME */
+
+#if defined(MBEDTLS_SELF_TEST)
+
+#define GCD_PAIR_COUNT  3
+
+static const int gcd_pairs[GCD_PAIR_COUNT][3] =
+{
+    { 693, 609, 21 },
+    { 1764, 868, 28 },
+    { 768454923, 542167814, 1 }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_mpi_self_test( int verbose )
+{
+    int ret, i;
+    mbedtls_mpi A, E, N, X, Y, U, V;
+
+    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X );
+    mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16,
+        "EFE021C2645FD1DC586E69184AF4A31E" \
+        "D5F53E93B5F123FA41680867BA110131" \
+        "944FE7952E2517337780CB0DB80E61AA" \
+        "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16,
+        "B2E7EFD37075B9F03FF989C7C5051C20" \
+        "34D2A323810251127E7BF8625A4F49A5" \
+        "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
+        "5B5C25763222FEFCCFC38B832366C29E" ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16,
+        "0066A198186C18C10B2F5ED9B522752A" \
+        "9830B69916E535C8F047518A889A43A5" \
+        "94B6BED27A168D31D4A52F88925AA8F5" ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
+        "602AB7ECA597A3D6B56FF9829A5E8B85" \
+        "9E857EA95A03512E2BAE7391688D264A" \
+        "A5663B0341DB9CCFD2C4C5F421FEC814" \
+        "8001B72E848A38CAE1C65F78E56ABDEF" \
+        "E12D3C039B8A02D6BE593F0BBBDA56F1" \
+        "ECF677152EF804370C1A305CAF3B5BF1" \
+        "30879B56C61DE584A0F53A2447A51E" ) );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  MPI test #1 (mul_mpi): " );
+
+    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        ret = 1;
+        goto cleanup;
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
+        "256567336059E52CAE22925474705F39A94" ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16,
+        "6613F26162223DF488E9CD48CC132C7A" \
+        "0AC93C701B001B092E4E5B9F73BCD27B" \
+        "9EE50D0657C77F374E903CDFA4C642" ) );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  MPI test #2 (div_mpi): " );
+
+    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ||
+        mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        ret = 1;
+        goto cleanup;
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
+        "36E139AEA55215609D2816998ED020BB" \
+        "BD96C37890F65171D948E9BC7CBAA4D9" \
+        "325D24D6A3C12710F10A09FA08AB87" ) );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  MPI test #3 (exp_mod): " );
+
+    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        ret = 1;
+        goto cleanup;
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
+        "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
+        "C3DBA76456363A10869622EAC2DD84EC" \
+        "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  MPI test #4 (inv_mod): " );
+
+    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        ret = 1;
+        goto cleanup;
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  MPI test #5 (simple gcd): " );
+
+    for( i = 0; i < GCD_PAIR_COUNT; i++ )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) );
+
+        if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed at %d\n", i );
+
+            ret = 1;
+            goto cleanup;
+        }
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+cleanup:
+
+    if( ret != 0 && verbose != 0 )
+        mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
+
+    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
+    mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_BIGNUM_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/blowfish.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,656 @@
+/*
+ *  Blowfish implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The Blowfish block cipher was designed by Bruce Schneier in 1993.
+ *  http://www.schneier.com/blowfish.html
+ *  http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
+ *
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_BLOWFISH_C)
+
+#include "mbedtls/blowfish.h"
+
+#include <string.h>
+
+#if !defined(MBEDTLS_BLOWFISH_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+}
+#endif
+
+static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = {
+        0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L,
+        0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L,
+        0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL,
+        0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L,
+        0x9216D5D9L, 0x8979FB1BL
+};
+
+/* declarations of data at the end of this file */
+static const uint32_t S[4][256];
+
+static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
+{
+   unsigned short a, b, c, d;
+   uint32_t  y;
+
+   d = (unsigned short)(x & 0xFF);
+   x >>= 8;
+   c = (unsigned short)(x & 0xFF);
+   x >>= 8;
+   b = (unsigned short)(x & 0xFF);
+   x >>= 8;
+   a = (unsigned short)(x & 0xFF);
+   y = ctx->S[0][a] + ctx->S[1][b];
+   y = y ^ ctx->S[2][c];
+   y = y + ctx->S[3][d];
+
+   return( y );
+}
+
+static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
+{
+    uint32_t  Xl, Xr, temp;
+    short i;
+
+    Xl = *xl;
+    Xr = *xr;
+
+    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
+    {
+        Xl = Xl ^ ctx->P[i];
+        Xr = F( ctx, Xl ) ^ Xr;
+
+        temp = Xl;
+        Xl = Xr;
+        Xr = temp;
+    }
+
+    temp = Xl;
+    Xl = Xr;
+    Xr = temp;
+
+    Xr = Xr ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS];
+    Xl = Xl ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS + 1];
+
+    *xl = Xl;
+    *xr = Xr;
+}
+
+static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
+{
+    uint32_t  Xl, Xr, temp;
+    short i;
+
+    Xl = *xl;
+    Xr = *xr;
+
+    for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
+    {
+        Xl = Xl ^ ctx->P[i];
+        Xr = F( ctx, Xl ) ^ Xr;
+
+        temp = Xl;
+        Xl = Xr;
+        Xr = temp;
+    }
+
+    temp = Xl;
+    Xl = Xr;
+    Xr = temp;
+
+    Xr = Xr ^ ctx->P[1];
+    Xl = Xl ^ ctx->P[0];
+
+    *xl = Xl;
+    *xr = Xr;
+}
+
+void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
+}
+
+void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
+}
+
+/*
+ * Blowfish key schedule
+ */
+int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
+                     unsigned int keybits )
+{
+    unsigned int i, j, k;
+    uint32_t data, datal, datar;
+
+    if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
+        ( keybits % 8 ) )
+    {
+        return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH );
+    }
+
+    keybits >>= 3;
+
+    for( i = 0; i < 4; i++ )
+    {
+        for( j = 0; j < 256; j++ )
+            ctx->S[i][j] = S[i][j];
+    }
+
+    j = 0;
+    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
+    {
+        data = 0x00000000;
+        for( k = 0; k < 4; ++k )
+        {
+            data = ( data << 8 ) | key[j++];
+            if( j >= keybits )
+                j = 0;
+        }
+        ctx->P[i] = P[i] ^ data;
+    }
+
+    datal = 0x00000000;
+    datar = 0x00000000;
+
+    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
+    {
+        blowfish_enc( ctx, &datal, &datar );
+        ctx->P[i] = datal;
+        ctx->P[i + 1] = datar;
+    }
+
+    for( i = 0; i < 4; i++ )
+    {
+       for( j = 0; j < 256; j += 2 )
+       {
+            blowfish_enc( ctx, &datal, &datar );
+            ctx->S[i][j] = datal;
+            ctx->S[i][j + 1] = datar;
+        }
+    }
+    return( 0 );
+}
+
+/*
+ * Blowfish-ECB block encryption/decryption
+ */
+int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
+                    int mode,
+                    const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                    unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
+{
+    uint32_t X0, X1;
+
+    GET_UINT32_BE( X0, input,  0 );
+    GET_UINT32_BE( X1, input,  4 );
+
+    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
+    {
+        blowfish_dec( ctx, &X0, &X1 );
+    }
+    else /* MBEDTLS_BLOWFISH_ENCRYPT */
+    {
+        blowfish_enc( ctx, &X0, &X1 );
+    }
+
+    PUT_UINT32_BE( X0, output,  0 );
+    PUT_UINT32_BE( X1, output,  4 );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/*
+ * Blowfish-CBC buffer encryption/decryption
+ */
+int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                    const unsigned char *input,
+                    unsigned char *output )
+{
+    int i;
+    unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
+
+    if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
+        return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
+
+    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
+    {
+        while( length > 0 )
+        {
+            memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE );
+            mbedtls_blowfish_crypt_ecb( ctx, mode, input, output );
+
+            for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ )
+                output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+            memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE );
+
+            input  += MBEDTLS_BLOWFISH_BLOCKSIZE;
+            output += MBEDTLS_BLOWFISH_BLOCKSIZE;
+            length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
+        }
+    }
+    else
+    {
+        while( length > 0 )
+        {
+            for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ )
+                output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+            mbedtls_blowfish_crypt_ecb( ctx, mode, output, output );
+            memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE );
+
+            input  += MBEDTLS_BLOWFISH_BLOCKSIZE;
+            output += MBEDTLS_BLOWFISH_BLOCKSIZE;
+            length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
+        }
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/*
+ * Blowfish CFB buffer encryption/decryption
+ */
+int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int c;
+    size_t n = *iv_off;
+
+    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
+    {
+        while( length-- )
+        {
+            if( n == 0 )
+                mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
+
+            c = *input++;
+            *output++ = (unsigned char)( c ^ iv[n] );
+            iv[n] = (unsigned char) c;
+
+            n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
+        }
+    }
+    else
+    {
+        while( length-- )
+        {
+            if( n == 0 )
+                mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
+
+            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+
+            n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
+        }
+    }
+
+    *iv_off = n;
+
+    return( 0 );
+}
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/*
+ * Blowfish CTR buffer encryption/decryption
+ */
+int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                       unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int c, i;
+    size_t n = *nc_off;
+
+    while( length-- )
+    {
+        if( n == 0 ) {
+            mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
+                                stream_block );
+
+            for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- )
+                if( ++nonce_counter[i - 1] != 0 )
+                    break;
+        }
+        c = *input++;
+        *output++ = (unsigned char)( c ^ stream_block[n] );
+
+        n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
+    }
+
+    *nc_off = n;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+static const uint32_t S[4][256] = {
+    {   0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L,
+        0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L,
+        0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L,
+        0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL,
+        0x0D95748FL, 0x728EB658L, 0x718BCD58L, 0x82154AEEL,
+        0x7B54A41DL, 0xC25A59B5L, 0x9C30D539L, 0x2AF26013L,
+        0xC5D1B023L, 0x286085F0L, 0xCA417918L, 0xB8DB38EFL,
+        0x8E79DCB0L, 0x603A180EL, 0x6C9E0E8BL, 0xB01E8A3EL,
+        0xD71577C1L, 0xBD314B27L, 0x78AF2FDAL, 0x55605C60L,
+        0xE65525F3L, 0xAA55AB94L, 0x57489862L, 0x63E81440L,
+        0x55CA396AL, 0x2AAB10B6L, 0xB4CC5C34L, 0x1141E8CEL,
+        0xA15486AFL, 0x7C72E993L, 0xB3EE1411L, 0x636FBC2AL,
+        0x2BA9C55DL, 0x741831F6L, 0xCE5C3E16L, 0x9B87931EL,
+        0xAFD6BA33L, 0x6C24CF5CL, 0x7A325381L, 0x28958677L,
+        0x3B8F4898L, 0x6B4BB9AFL, 0xC4BFE81BL, 0x66282193L,
+        0x61D809CCL, 0xFB21A991L, 0x487CAC60L, 0x5DEC8032L,
+        0xEF845D5DL, 0xE98575B1L, 0xDC262302L, 0xEB651B88L,
+        0x23893E81L, 0xD396ACC5L, 0x0F6D6FF3L, 0x83F44239L,
+        0x2E0B4482L, 0xA4842004L, 0x69C8F04AL, 0x9E1F9B5EL,
+        0x21C66842L, 0xF6E96C9AL, 0x670C9C61L, 0xABD388F0L,
+        0x6A51A0D2L, 0xD8542F68L, 0x960FA728L, 0xAB5133A3L,
+        0x6EEF0B6CL, 0x137A3BE4L, 0xBA3BF050L, 0x7EFB2A98L,
+        0xA1F1651DL, 0x39AF0176L, 0x66CA593EL, 0x82430E88L,
+        0x8CEE8619L, 0x456F9FB4L, 0x7D84A5C3L, 0x3B8B5EBEL,
+        0xE06F75D8L, 0x85C12073L, 0x401A449FL, 0x56C16AA6L,
+        0x4ED3AA62L, 0x363F7706L, 0x1BFEDF72L, 0x429B023DL,
+        0x37D0D724L, 0xD00A1248L, 0xDB0FEAD3L, 0x49F1C09BL,
+        0x075372C9L, 0x80991B7BL, 0x25D479D8L, 0xF6E8DEF7L,
+        0xE3FE501AL, 0xB6794C3BL, 0x976CE0BDL, 0x04C006BAL,
+        0xC1A94FB6L, 0x409F60C4L, 0x5E5C9EC2L, 0x196A2463L,
+        0x68FB6FAFL, 0x3E6C53B5L, 0x1339B2EBL, 0x3B52EC6FL,
+        0x6DFC511FL, 0x9B30952CL, 0xCC814544L, 0xAF5EBD09L,
+        0xBEE3D004L, 0xDE334AFDL, 0x660F2807L, 0x192E4BB3L,
+        0xC0CBA857L, 0x45C8740FL, 0xD20B5F39L, 0xB9D3FBDBL,
+        0x5579C0BDL, 0x1A60320AL, 0xD6A100C6L, 0x402C7279L,
+        0x679F25FEL, 0xFB1FA3CCL, 0x8EA5E9F8L, 0xDB3222F8L,
+        0x3C7516DFL, 0xFD616B15L, 0x2F501EC8L, 0xAD0552ABL,
+        0x323DB5FAL, 0xFD238760L, 0x53317B48L, 0x3E00DF82L,
+        0x9E5C57BBL, 0xCA6F8CA0L, 0x1A87562EL, 0xDF1769DBL,
+        0xD542A8F6L, 0x287EFFC3L, 0xAC6732C6L, 0x8C4F5573L,
+        0x695B27B0L, 0xBBCA58C8L, 0xE1FFA35DL, 0xB8F011A0L,
+        0x10FA3D98L, 0xFD2183B8L, 0x4AFCB56CL, 0x2DD1D35BL,
+        0x9A53E479L, 0xB6F84565L, 0xD28E49BCL, 0x4BFB9790L,
+        0xE1DDF2DAL, 0xA4CB7E33L, 0x62FB1341L, 0xCEE4C6E8L,
+        0xEF20CADAL, 0x36774C01L, 0xD07E9EFEL, 0x2BF11FB4L,
+        0x95DBDA4DL, 0xAE909198L, 0xEAAD8E71L, 0x6B93D5A0L,
+        0xD08ED1D0L, 0xAFC725E0L, 0x8E3C5B2FL, 0x8E7594B7L,
+        0x8FF6E2FBL, 0xF2122B64L, 0x8888B812L, 0x900DF01CL,
+        0x4FAD5EA0L, 0x688FC31CL, 0xD1CFF191L, 0xB3A8C1ADL,
+        0x2F2F2218L, 0xBE0E1777L, 0xEA752DFEL, 0x8B021FA1L,
+        0xE5A0CC0FL, 0xB56F74E8L, 0x18ACF3D6L, 0xCE89E299L,
+        0xB4A84FE0L, 0xFD13E0B7L, 0x7CC43B81L, 0xD2ADA8D9L,
+        0x165FA266L, 0x80957705L, 0x93CC7314L, 0x211A1477L,
+        0xE6AD2065L, 0x77B5FA86L, 0xC75442F5L, 0xFB9D35CFL,
+        0xEBCDAF0CL, 0x7B3E89A0L, 0xD6411BD3L, 0xAE1E7E49L,
+        0x00250E2DL, 0x2071B35EL, 0x226800BBL, 0x57B8E0AFL,
+        0x2464369BL, 0xF009B91EL, 0x5563911DL, 0x59DFA6AAL,
+        0x78C14389L, 0xD95A537FL, 0x207D5BA2L, 0x02E5B9C5L,
+        0x83260376L, 0x6295CFA9L, 0x11C81968L, 0x4E734A41L,
+        0xB3472DCAL, 0x7B14A94AL, 0x1B510052L, 0x9A532915L,
+        0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L,
+        0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L,
+        0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L,
+        0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL   },
+    {   0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L,
+        0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L,
+        0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L,
+        0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL,
+        0x3F54989AL, 0x5B429D65L, 0x6B8FE4D6L, 0x99F73FD6L,
+        0xA1D29C07L, 0xEFE830F5L, 0x4D2D38E6L, 0xF0255DC1L,
+        0x4CDD2086L, 0x8470EB26L, 0x6382E9C6L, 0x021ECC5EL,
+        0x09686B3FL, 0x3EBAEFC9L, 0x3C971814L, 0x6B6A70A1L,
+        0x687F3584L, 0x52A0E286L, 0xB79C5305L, 0xAA500737L,
+        0x3E07841CL, 0x7FDEAE5CL, 0x8E7D44ECL, 0x5716F2B8L,
+        0xB03ADA37L, 0xF0500C0DL, 0xF01C1F04L, 0x0200B3FFL,
+        0xAE0CF51AL, 0x3CB574B2L, 0x25837A58L, 0xDC0921BDL,
+        0xD19113F9L, 0x7CA92FF6L, 0x94324773L, 0x22F54701L,
+        0x3AE5E581L, 0x37C2DADCL, 0xC8B57634L, 0x9AF3DDA7L,
+        0xA9446146L, 0x0FD0030EL, 0xECC8C73EL, 0xA4751E41L,
+        0xE238CD99L, 0x3BEA0E2FL, 0x3280BBA1L, 0x183EB331L,
+        0x4E548B38L, 0x4F6DB908L, 0x6F420D03L, 0xF60A04BFL,
+        0x2CB81290L, 0x24977C79L, 0x5679B072L, 0xBCAF89AFL,
+        0xDE9A771FL, 0xD9930810L, 0xB38BAE12L, 0xDCCF3F2EL,
+        0x5512721FL, 0x2E6B7124L, 0x501ADDE6L, 0x9F84CD87L,
+        0x7A584718L, 0x7408DA17L, 0xBC9F9ABCL, 0xE94B7D8CL,
+        0xEC7AEC3AL, 0xDB851DFAL, 0x63094366L, 0xC464C3D2L,
+        0xEF1C1847L, 0x3215D908L, 0xDD433B37L, 0x24C2BA16L,
+        0x12A14D43L, 0x2A65C451L, 0x50940002L, 0x133AE4DDL,
+        0x71DFF89EL, 0x10314E55L, 0x81AC77D6L, 0x5F11199BL,
+        0x043556F1L, 0xD7A3C76BL, 0x3C11183BL, 0x5924A509L,
+        0xF28FE6EDL, 0x97F1FBFAL, 0x9EBABF2CL, 0x1E153C6EL,
+        0x86E34570L, 0xEAE96FB1L, 0x860E5E0AL, 0x5A3E2AB3L,
+        0x771FE71CL, 0x4E3D06FAL, 0x2965DCB9L, 0x99E71D0FL,
+        0x803E89D6L, 0x5266C825L, 0x2E4CC978L, 0x9C10B36AL,
+        0xC6150EBAL, 0x94E2EA78L, 0xA5FC3C53L, 0x1E0A2DF4L,
+        0xF2F74EA7L, 0x361D2B3DL, 0x1939260FL, 0x19C27960L,
+        0x5223A708L, 0xF71312B6L, 0xEBADFE6EL, 0xEAC31F66L,
+        0xE3BC4595L, 0xA67BC883L, 0xB17F37D1L, 0x018CFF28L,
+        0xC332DDEFL, 0xBE6C5AA5L, 0x65582185L, 0x68AB9802L,
+        0xEECEA50FL, 0xDB2F953BL, 0x2AEF7DADL, 0x5B6E2F84L,
+        0x1521B628L, 0x29076170L, 0xECDD4775L, 0x619F1510L,
+        0x13CCA830L, 0xEB61BD96L, 0x0334FE1EL, 0xAA0363CFL,
+        0xB5735C90L, 0x4C70A239L, 0xD59E9E0BL, 0xCBAADE14L,
+        0xEECC86BCL, 0x60622CA7L, 0x9CAB5CABL, 0xB2F3846EL,
+        0x648B1EAFL, 0x19BDF0CAL, 0xA02369B9L, 0x655ABB50L,
+        0x40685A32L, 0x3C2AB4B3L, 0x319EE9D5L, 0xC021B8F7L,
+        0x9B540B19L, 0x875FA099L, 0x95F7997EL, 0x623D7DA8L,
+        0xF837889AL, 0x97E32D77L, 0x11ED935FL, 0x16681281L,
+        0x0E358829L, 0xC7E61FD6L, 0x96DEDFA1L, 0x7858BA99L,
+        0x57F584A5L, 0x1B227263L, 0x9B83C3FFL, 0x1AC24696L,
+        0xCDB30AEBL, 0x532E3054L, 0x8FD948E4L, 0x6DBC3128L,
+        0x58EBF2EFL, 0x34C6FFEAL, 0xFE28ED61L, 0xEE7C3C73L,
+        0x5D4A14D9L, 0xE864B7E3L, 0x42105D14L, 0x203E13E0L,
+        0x45EEE2B6L, 0xA3AAABEAL, 0xDB6C4F15L, 0xFACB4FD0L,
+        0xC742F442L, 0xEF6ABBB5L, 0x654F3B1DL, 0x41CD2105L,
+        0xD81E799EL, 0x86854DC7L, 0xE44B476AL, 0x3D816250L,
+        0xCF62A1F2L, 0x5B8D2646L, 0xFC8883A0L, 0xC1C7B6A3L,
+        0x7F1524C3L, 0x69CB7492L, 0x47848A0BL, 0x5692B285L,
+        0x095BBF00L, 0xAD19489DL, 0x1462B174L, 0x23820E00L,
+        0x58428D2AL, 0x0C55F5EAL, 0x1DADF43EL, 0x233F7061L,
+        0x3372F092L, 0x8D937E41L, 0xD65FECF1L, 0x6C223BDBL,
+        0x7CDE3759L, 0xCBEE7460L, 0x4085F2A7L, 0xCE77326EL,
+        0xA6078084L, 0x19F8509EL, 0xE8EFD855L, 0x61D99735L,
+        0xA969A7AAL, 0xC50C06C2L, 0x5A04ABFCL, 0x800BCADCL,
+        0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L,
+        0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L,
+        0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L,
+        0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L   },
+    {   0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L,
+        0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L,
+        0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL,
+        0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L,
+        0x4D95FC1DL, 0x96B591AFL, 0x70F4DDD3L, 0x66A02F45L,
+        0xBFBC09ECL, 0x03BD9785L, 0x7FAC6DD0L, 0x31CB8504L,
+        0x96EB27B3L, 0x55FD3941L, 0xDA2547E6L, 0xABCA0A9AL,
+        0x28507825L, 0x530429F4L, 0x0A2C86DAL, 0xE9B66DFBL,
+        0x68DC1462L, 0xD7486900L, 0x680EC0A4L, 0x27A18DEEL,
+        0x4F3FFEA2L, 0xE887AD8CL, 0xB58CE006L, 0x7AF4D6B6L,
+        0xAACE1E7CL, 0xD3375FECL, 0xCE78A399L, 0x406B2A42L,
+        0x20FE9E35L, 0xD9F385B9L, 0xEE39D7ABL, 0x3B124E8BL,
+        0x1DC9FAF7L, 0x4B6D1856L, 0x26A36631L, 0xEAE397B2L,
+        0x3A6EFA74L, 0xDD5B4332L, 0x6841E7F7L, 0xCA7820FBL,
+        0xFB0AF54EL, 0xD8FEB397L, 0x454056ACL, 0xBA489527L,
+        0x55533A3AL, 0x20838D87L, 0xFE6BA9B7L, 0xD096954BL,
+        0x55A867BCL, 0xA1159A58L, 0xCCA92963L, 0x99E1DB33L,
+        0xA62A4A56L, 0x3F3125F9L, 0x5EF47E1CL, 0x9029317CL,
+        0xFDF8E802L, 0x04272F70L, 0x80BB155CL, 0x05282CE3L,
+        0x95C11548L, 0xE4C66D22L, 0x48C1133FL, 0xC70F86DCL,
+        0x07F9C9EEL, 0x41041F0FL, 0x404779A4L, 0x5D886E17L,
+        0x325F51EBL, 0xD59BC0D1L, 0xF2BCC18FL, 0x41113564L,
+        0x257B7834L, 0x602A9C60L, 0xDFF8E8A3L, 0x1F636C1BL,
+        0x0E12B4C2L, 0x02E1329EL, 0xAF664FD1L, 0xCAD18115L,
+        0x6B2395E0L, 0x333E92E1L, 0x3B240B62L, 0xEEBEB922L,
+        0x85B2A20EL, 0xE6BA0D99L, 0xDE720C8CL, 0x2DA2F728L,
+        0xD0127845L, 0x95B794FDL, 0x647D0862L, 0xE7CCF5F0L,
+        0x5449A36FL, 0x877D48FAL, 0xC39DFD27L, 0xF33E8D1EL,
+        0x0A476341L, 0x992EFF74L, 0x3A6F6EABL, 0xF4F8FD37L,
+        0xA812DC60L, 0xA1EBDDF8L, 0x991BE14CL, 0xDB6E6B0DL,
+        0xC67B5510L, 0x6D672C37L, 0x2765D43BL, 0xDCD0E804L,
+        0xF1290DC7L, 0xCC00FFA3L, 0xB5390F92L, 0x690FED0BL,
+        0x667B9FFBL, 0xCEDB7D9CL, 0xA091CF0BL, 0xD9155EA3L,
+        0xBB132F88L, 0x515BAD24L, 0x7B9479BFL, 0x763BD6EBL,
+        0x37392EB3L, 0xCC115979L, 0x8026E297L, 0xF42E312DL,
+        0x6842ADA7L, 0xC66A2B3BL, 0x12754CCCL, 0x782EF11CL,
+        0x6A124237L, 0xB79251E7L, 0x06A1BBE6L, 0x4BFB6350L,
+        0x1A6B1018L, 0x11CAEDFAL, 0x3D25BDD8L, 0xE2E1C3C9L,
+        0x44421659L, 0x0A121386L, 0xD90CEC6EL, 0xD5ABEA2AL,
+        0x64AF674EL, 0xDA86A85FL, 0xBEBFE988L, 0x64E4C3FEL,
+        0x9DBC8057L, 0xF0F7C086L, 0x60787BF8L, 0x6003604DL,
+        0xD1FD8346L, 0xF6381FB0L, 0x7745AE04L, 0xD736FCCCL,
+        0x83426B33L, 0xF01EAB71L, 0xB0804187L, 0x3C005E5FL,
+        0x77A057BEL, 0xBDE8AE24L, 0x55464299L, 0xBF582E61L,
+        0x4E58F48FL, 0xF2DDFDA2L, 0xF474EF38L, 0x8789BDC2L,
+        0x5366F9C3L, 0xC8B38E74L, 0xB475F255L, 0x46FCD9B9L,
+        0x7AEB2661L, 0x8B1DDF84L, 0x846A0E79L, 0x915F95E2L,
+        0x466E598EL, 0x20B45770L, 0x8CD55591L, 0xC902DE4CL,
+        0xB90BACE1L, 0xBB8205D0L, 0x11A86248L, 0x7574A99EL,
+        0xB77F19B6L, 0xE0A9DC09L, 0x662D09A1L, 0xC4324633L,
+        0xE85A1F02L, 0x09F0BE8CL, 0x4A99A025L, 0x1D6EFE10L,
+        0x1AB93D1DL, 0x0BA5A4DFL, 0xA186F20FL, 0x2868F169L,
+        0xDCB7DA83L, 0x573906FEL, 0xA1E2CE9BL, 0x4FCD7F52L,
+        0x50115E01L, 0xA70683FAL, 0xA002B5C4L, 0x0DE6D027L,
+        0x9AF88C27L, 0x773F8641L, 0xC3604C06L, 0x61A806B5L,
+        0xF0177A28L, 0xC0F586E0L, 0x006058AAL, 0x30DC7D62L,
+        0x11E69ED7L, 0x2338EA63L, 0x53C2DD94L, 0xC2C21634L,
+        0xBBCBEE56L, 0x90BCB6DEL, 0xEBFC7DA1L, 0xCE591D76L,
+        0x6F05E409L, 0x4B7C0188L, 0x39720A3DL, 0x7C927C24L,
+        0x86E3725FL, 0x724D9DB9L, 0x1AC15BB4L, 0xD39EB8FCL,
+        0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L,
+        0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL,
+        0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L,
+        0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L  },
+    {   0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL,
+        0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL,
+        0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL,
+        0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L,
+        0x5748AB2FL, 0xBC946E79L, 0xC6A376D2L, 0x6549C2C8L,
+        0x530FF8EEL, 0x468DDE7DL, 0xD5730A1DL, 0x4CD04DC6L,
+        0x2939BBDBL, 0xA9BA4650L, 0xAC9526E8L, 0xBE5EE304L,
+        0xA1FAD5F0L, 0x6A2D519AL, 0x63EF8CE2L, 0x9A86EE22L,
+        0xC089C2B8L, 0x43242EF6L, 0xA51E03AAL, 0x9CF2D0A4L,
+        0x83C061BAL, 0x9BE96A4DL, 0x8FE51550L, 0xBA645BD6L,
+        0x2826A2F9L, 0xA73A3AE1L, 0x4BA99586L, 0xEF5562E9L,
+        0xC72FEFD3L, 0xF752F7DAL, 0x3F046F69L, 0x77FA0A59L,
+        0x80E4A915L, 0x87B08601L, 0x9B09E6ADL, 0x3B3EE593L,
+        0xE990FD5AL, 0x9E34D797L, 0x2CF0B7D9L, 0x022B8B51L,
+        0x96D5AC3AL, 0x017DA67DL, 0xD1CF3ED6L, 0x7C7D2D28L,
+        0x1F9F25CFL, 0xADF2B89BL, 0x5AD6B472L, 0x5A88F54CL,
+        0xE029AC71L, 0xE019A5E6L, 0x47B0ACFDL, 0xED93FA9BL,
+        0xE8D3C48DL, 0x283B57CCL, 0xF8D56629L, 0x79132E28L,
+        0x785F0191L, 0xED756055L, 0xF7960E44L, 0xE3D35E8CL,
+        0x15056DD4L, 0x88F46DBAL, 0x03A16125L, 0x0564F0BDL,
+        0xC3EB9E15L, 0x3C9057A2L, 0x97271AECL, 0xA93A072AL,
+        0x1B3F6D9BL, 0x1E6321F5L, 0xF59C66FBL, 0x26DCF319L,
+        0x7533D928L, 0xB155FDF5L, 0x03563482L, 0x8ABA3CBBL,
+        0x28517711L, 0xC20AD9F8L, 0xABCC5167L, 0xCCAD925FL,
+        0x4DE81751L, 0x3830DC8EL, 0x379D5862L, 0x9320F991L,
+        0xEA7A90C2L, 0xFB3E7BCEL, 0x5121CE64L, 0x774FBE32L,
+        0xA8B6E37EL, 0xC3293D46L, 0x48DE5369L, 0x6413E680L,
+        0xA2AE0810L, 0xDD6DB224L, 0x69852DFDL, 0x09072166L,
+        0xB39A460AL, 0x6445C0DDL, 0x586CDECFL, 0x1C20C8AEL,
+        0x5BBEF7DDL, 0x1B588D40L, 0xCCD2017FL, 0x6BB4E3BBL,
+        0xDDA26A7EL, 0x3A59FF45L, 0x3E350A44L, 0xBCB4CDD5L,
+        0x72EACEA8L, 0xFA6484BBL, 0x8D6612AEL, 0xBF3C6F47L,
+        0xD29BE463L, 0x542F5D9EL, 0xAEC2771BL, 0xF64E6370L,
+        0x740E0D8DL, 0xE75B1357L, 0xF8721671L, 0xAF537D5DL,
+        0x4040CB08L, 0x4EB4E2CCL, 0x34D2466AL, 0x0115AF84L,
+        0xE1B00428L, 0x95983A1DL, 0x06B89FB4L, 0xCE6EA048L,
+        0x6F3F3B82L, 0x3520AB82L, 0x011A1D4BL, 0x277227F8L,
+        0x611560B1L, 0xE7933FDCL, 0xBB3A792BL, 0x344525BDL,
+        0xA08839E1L, 0x51CE794BL, 0x2F32C9B7L, 0xA01FBAC9L,
+        0xE01CC87EL, 0xBCC7D1F6L, 0xCF0111C3L, 0xA1E8AAC7L,
+        0x1A908749L, 0xD44FBD9AL, 0xD0DADECBL, 0xD50ADA38L,
+        0x0339C32AL, 0xC6913667L, 0x8DF9317CL, 0xE0B12B4FL,
+        0xF79E59B7L, 0x43F5BB3AL, 0xF2D519FFL, 0x27D9459CL,
+        0xBF97222CL, 0x15E6FC2AL, 0x0F91FC71L, 0x9B941525L,
+        0xFAE59361L, 0xCEB69CEBL, 0xC2A86459L, 0x12BAA8D1L,
+        0xB6C1075EL, 0xE3056A0CL, 0x10D25065L, 0xCB03A442L,
+        0xE0EC6E0EL, 0x1698DB3BL, 0x4C98A0BEL, 0x3278E964L,
+        0x9F1F9532L, 0xE0D392DFL, 0xD3A0342BL, 0x8971F21EL,
+        0x1B0A7441L, 0x4BA3348CL, 0xC5BE7120L, 0xC37632D8L,
+        0xDF359F8DL, 0x9B992F2EL, 0xE60B6F47L, 0x0FE3F11DL,
+        0xE54CDA54L, 0x1EDAD891L, 0xCE6279CFL, 0xCD3E7E6FL,
+        0x1618B166L, 0xFD2C1D05L, 0x848FD2C5L, 0xF6FB2299L,
+        0xF523F357L, 0xA6327623L, 0x93A83531L, 0x56CCCD02L,
+        0xACF08162L, 0x5A75EBB5L, 0x6E163697L, 0x88D273CCL,
+        0xDE966292L, 0x81B949D0L, 0x4C50901BL, 0x71C65614L,
+        0xE6C6C7BDL, 0x327A140AL, 0x45E1D006L, 0xC3F27B9AL,
+        0xC9AA53FDL, 0x62A80F00L, 0xBB25BFE2L, 0x35BDD2F6L,
+        0x71126905L, 0xB2040222L, 0xB6CBCF7CL, 0xCD769C2BL,
+        0x53113EC0L, 0x1640E3D3L, 0x38ABBD60L, 0x2547ADF0L,
+        0xBA38209CL, 0xF746CE76L, 0x77AFA1C5L, 0x20756060L,
+        0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL,
+        0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L,
+        0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL,
+        0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L  }
+};
+
+#endif /* !MBEDTLS_BLOWFISH_ALT */
+#endif /* MBEDTLS_BLOWFISH_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/camellia.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1072 @@
+/*
+ *  Camellia implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The Camellia block cipher was designed by NTT and Mitsubishi Electric
+ *  Corporation.
+ *
+ *  http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_CAMELLIA_C)
+
+#include "mbedtls/camellia.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_CAMELLIA_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+}
+#endif
+
+static const unsigned char SIGMA_CHARS[6][8] =
+{
+    { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
+    { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
+    { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
+    { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
+    { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
+    { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
+};
+
+#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
+
+static const unsigned char FSb[256] =
+{
+    112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
+     35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
+    134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
+    166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
+    139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
+    223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
+     20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
+    254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
+    170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
+     16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
+    135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
+     82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
+    233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
+    120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
+    114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
+     64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
+};
+
+#define SBOX1(n) FSb[(n)]
+#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
+#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
+#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
+
+#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+
+static const unsigned char FSb[256] =
+{
+ 112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,
+  35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,
+ 134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,
+ 166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,
+ 139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,
+ 223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,
+  20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,
+ 254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,
+ 170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,
+  16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,
+ 135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,
+  82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,
+ 233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,
+ 120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,
+ 114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,
+ 64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158
+};
+
+static const unsigned char FSb2[256] =
+{
+ 224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,
+  70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,
+  13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,
+  77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,
+  23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,
+ 191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,
+  40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,
+ 253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,
+  85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,
+  32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,
+  15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,
+ 164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,
+ 211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,
+ 240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,
+ 228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,
+ 128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61
+};
+
+static const unsigned char FSb3[256] =
+{
+  56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,
+ 145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,
+  67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,
+  83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,
+ 197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,
+ 239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,
+  10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,
+ 127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,
+  85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,
+   8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,
+ 195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
+  41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,
+ 244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,
+  60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,
+  57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,
+  32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79
+};
+
+static const unsigned char FSb4[256] =
+{
+ 112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,
+ 134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,
+ 139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,
+  20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,
+ 170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,
+ 135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,
+ 233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,
+ 114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,
+ 130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,
+ 184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,
+  13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,
+  88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,
+ 208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,
+  92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,
+ 121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,
+  7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158
+};
+
+#define SBOX1(n) FSb[(n)]
+#define SBOX2(n) FSb2[(n)]
+#define SBOX3(n) FSb3[(n)]
+#define SBOX4(n) FSb4[(n)]
+
+#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+
+static const unsigned char shifts[2][4][4] =
+{
+    {
+        { 1, 1, 1, 1 }, /* KL */
+        { 0, 0, 0, 0 }, /* KR */
+        { 1, 1, 1, 1 }, /* KA */
+        { 0, 0, 0, 0 }  /* KB */
+    },
+    {
+        { 1, 0, 1, 1 }, /* KL */
+        { 1, 1, 0, 1 }, /* KR */
+        { 1, 1, 1, 0 }, /* KA */
+        { 1, 1, 0, 1 }  /* KB */
+    }
+};
+
+static const signed char indexes[2][4][20] =
+{
+    {
+        {  0,  1,  2,  3,  8,  9, 10, 11, 38, 39,
+          36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
+        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+          -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
+        {  4,  5,  6,  7, 12, 13, 14, 15, 16, 17,
+          18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
+        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+          -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }  /* KB -> RK */
+    },
+    {
+        {  0,  1,  2,  3, 61, 62, 63, 60, -1, -1,
+          -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
+        { -1, -1, -1, -1,  8,  9, 10, 11, 16, 17,
+          18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
+        { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
+          56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
+        {  4,  5,  6,  7, 65, 66, 67, 64, 20, 21,
+          22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }  /* KB -> RK */
+    }
+};
+
+static const signed char transposes[2][20] =
+{
+    {
+        21, 22, 23, 20,
+        -1, -1, -1, -1,
+        18, 19, 16, 17,
+        11,  8,  9, 10,
+        15, 12, 13, 14
+    },
+    {
+        25, 26, 27, 24,
+        29, 30, 31, 28,
+        18, 19, 16, 17,
+        -1, -1, -1, -1,
+        -1, -1, -1, -1
+    }
+};
+
+/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
+#define ROTL(DEST, SRC, SHIFT)                                      \
+{                                                                   \
+    (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT));   \
+    (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT));   \
+    (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT));   \
+    (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT));   \
+}
+
+#define FL(XL, XR, KL, KR)                                          \
+{                                                                   \
+    (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR);   \
+    (XL) = ((XR) | (KR)) ^ (XL);                                    \
+}
+
+#define FLInv(YL, YR, KL, KR)                                       \
+{                                                                   \
+    (YL) = ((YR) | (KR)) ^ (YL);                                    \
+    (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR);   \
+}
+
+#define SHIFT_AND_PLACE(INDEX, OFFSET)                      \
+{                                                           \
+    TK[0] = KC[(OFFSET) * 4 + 0];                           \
+    TK[1] = KC[(OFFSET) * 4 + 1];                           \
+    TK[2] = KC[(OFFSET) * 4 + 2];                           \
+    TK[3] = KC[(OFFSET) * 4 + 3];                           \
+                                                            \
+    for( i = 1; i <= 4; i++ )                               \
+        if( shifts[(INDEX)][(OFFSET)][i -1] )               \
+            ROTL(TK + i * 4, TK, ( 15 * i ) % 32);          \
+                                                            \
+    for( i = 0; i < 20; i++ )                               \
+        if( indexes[(INDEX)][(OFFSET)][i] != -1 ) {         \
+            RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ];    \
+        }                                                   \
+}
+
+static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
+                              uint32_t z[2])
+{
+    uint32_t I0, I1;
+    I0 = x[0] ^ k[0];
+    I1 = x[1] ^ k[1];
+
+    I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
+         ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
+         ((uint32_t) SBOX3((I0 >>  8) & 0xFF) <<  8) |
+         ((uint32_t) SBOX4((I0      ) & 0xFF)      );
+    I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
+         ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
+         ((uint32_t) SBOX4((I1 >>  8) & 0xFF) <<  8) |
+         ((uint32_t) SBOX1((I1      ) & 0xFF)      );
+
+    I0 ^= (I1 << 8) | (I1 >> 24);
+    I1 ^= (I0 << 16) | (I0 >> 16);
+    I0 ^= (I1 >> 8) | (I1 << 24);
+    I1 ^= (I0 >> 8) | (I0 << 24);
+
+    z[0] ^= I1;
+    z[1] ^= I0;
+}
+
+void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
+}
+
+void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
+}
+
+/*
+ * Camellia key schedule (encryption)
+ */
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits )
+{
+    int idx;
+    size_t i;
+    uint32_t *RK;
+    unsigned char t[64];
+    uint32_t SIGMA[6][2];
+    uint32_t KC[16];
+    uint32_t TK[20];
+
+    RK = ctx->rk;
+
+    memset( t, 0, 64 );
+    memset( RK, 0, sizeof(ctx->rk) );
+
+    switch( keybits )
+    {
+        case 128: ctx->nr = 3; idx = 0; break;
+        case 192:
+        case 256: ctx->nr = 4; idx = 1; break;
+        default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
+    }
+
+    for( i = 0; i < keybits / 8; ++i )
+        t[i] = key[i];
+
+    if( keybits == 192 ) {
+        for( i = 0; i < 8; i++ )
+            t[24 + i] = ~t[16 + i];
+    }
+
+    /*
+     * Prepare SIGMA values
+     */
+    for( i = 0; i < 6; i++ ) {
+        GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
+        GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
+    }
+
+    /*
+     * Key storage in KC
+     * Order: KL, KR, KA, KB
+     */
+    memset( KC, 0, sizeof(KC) );
+
+    /* Store KL, KR */
+    for( i = 0; i < 8; i++ )
+        GET_UINT32_BE( KC[i], t, i * 4 );
+
+    /* Generate KA */
+    for( i = 0; i < 4; ++i )
+        KC[8 + i] = KC[i] ^ KC[4 + i];
+
+    camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
+    camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
+
+    for( i = 0; i < 4; ++i )
+        KC[8 + i] ^= KC[i];
+
+    camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
+    camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
+
+    if( keybits > 128 ) {
+        /* Generate KB */
+        for( i = 0; i < 4; ++i )
+            KC[12 + i] = KC[4 + i] ^ KC[8 + i];
+
+        camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
+        camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
+    }
+
+    /*
+     * Generating subkeys
+     */
+
+    /* Manipulating KL */
+    SHIFT_AND_PLACE( idx, 0 );
+
+    /* Manipulating KR */
+    if( keybits > 128 ) {
+        SHIFT_AND_PLACE( idx, 1 );
+    }
+
+    /* Manipulating KA */
+    SHIFT_AND_PLACE( idx, 2 );
+
+    /* Manipulating KB */
+    if( keybits > 128 ) {
+        SHIFT_AND_PLACE( idx, 3 );
+    }
+
+    /* Do transpositions */
+    for( i = 0; i < 20; i++ ) {
+        if( transposes[idx][i] != -1 ) {
+            RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
+        }
+    }
+
+    return( 0 );
+}
+
+/*
+ * Camellia key schedule (decryption)
+ */
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
+                         unsigned int keybits )
+{
+    int idx, ret;
+    size_t i;
+    mbedtls_camellia_context cty;
+    uint32_t *RK;
+    uint32_t *SK;
+
+    mbedtls_camellia_init( &cty );
+
+    /* Also checks keybits */
+    if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
+        goto exit;
+
+    ctx->nr = cty.nr;
+    idx = ( ctx->nr == 4 );
+
+    RK = ctx->rk;
+    SK = cty.rk + 24 * 2 + 8 * idx * 2;
+
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+
+    for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
+    {
+        *RK++ = *SK++;
+        *RK++ = *SK++;
+    }
+
+    SK -= 2;
+
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+    *RK++ = *SK++;
+
+exit:
+    mbedtls_camellia_free( &cty );
+
+    return( ret );
+}
+
+/*
+ * Camellia-ECB block encryption/decryption
+ */
+int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16] )
+{
+    int NR;
+    uint32_t *RK, X[4];
+
+    ( (void) mode );
+
+    NR = ctx->nr;
+    RK = ctx->rk;
+
+    GET_UINT32_BE( X[0], input,  0 );
+    GET_UINT32_BE( X[1], input,  4 );
+    GET_UINT32_BE( X[2], input,  8 );
+    GET_UINT32_BE( X[3], input, 12 );
+
+    X[0] ^= *RK++;
+    X[1] ^= *RK++;
+    X[2] ^= *RK++;
+    X[3] ^= *RK++;
+
+    while( NR ) {
+        --NR;
+        camellia_feistel( X, RK, X + 2 );
+        RK += 2;
+        camellia_feistel( X + 2, RK, X );
+        RK += 2;
+        camellia_feistel( X, RK, X + 2 );
+        RK += 2;
+        camellia_feistel( X + 2, RK, X );
+        RK += 2;
+        camellia_feistel( X, RK, X + 2 );
+        RK += 2;
+        camellia_feistel( X + 2, RK, X );
+        RK += 2;
+
+        if( NR ) {
+            FL(X[0], X[1], RK[0], RK[1]);
+            RK += 2;
+            FLInv(X[2], X[3], RK[0], RK[1]);
+            RK += 2;
+        }
+    }
+
+    X[2] ^= *RK++;
+    X[3] ^= *RK++;
+    X[0] ^= *RK++;
+    X[1] ^= *RK++;
+
+    PUT_UINT32_BE( X[2], output,  0 );
+    PUT_UINT32_BE( X[3], output,  4 );
+    PUT_UINT32_BE( X[0], output,  8 );
+    PUT_UINT32_BE( X[1], output, 12 );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/*
+ * Camellia-CBC buffer encryption/decryption
+ */
+int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output )
+{
+    int i;
+    unsigned char temp[16];
+
+    if( length % 16 )
+        return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
+
+    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
+    {
+        while( length > 0 )
+        {
+            memcpy( temp, input, 16 );
+            mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
+
+            for( i = 0; i < 16; i++ )
+                output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+            memcpy( iv, temp, 16 );
+
+            input  += 16;
+            output += 16;
+            length -= 16;
+        }
+    }
+    else
+    {
+        while( length > 0 )
+        {
+            for( i = 0; i < 16; i++ )
+                output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+            mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
+            memcpy( iv, output, 16 );
+
+            input  += 16;
+            output += 16;
+            length -= 16;
+        }
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+/*
+ * Camellia-CFB128 buffer encryption/decryption
+ */
+int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int c;
+    size_t n = *iv_off;
+
+    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
+    {
+        while( length-- )
+        {
+            if( n == 0 )
+                mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
+
+            c = *input++;
+            *output++ = (unsigned char)( c ^ iv[n] );
+            iv[n] = (unsigned char) c;
+
+            n = ( n + 1 ) & 0x0F;
+        }
+    }
+    else
+    {
+        while( length-- )
+        {
+            if( n == 0 )
+                mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
+
+            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+
+            n = ( n + 1 ) & 0x0F;
+        }
+    }
+
+    *iv_off = n;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/*
+ * Camellia-CTR buffer encryption/decryption
+ */
+int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int c, i;
+    size_t n = *nc_off;
+
+    while( length-- )
+    {
+        if( n == 0 ) {
+            mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
+                                stream_block );
+
+            for( i = 16; i > 0; i-- )
+                if( ++nonce_counter[i - 1] != 0 )
+                    break;
+        }
+        c = *input++;
+        *output++ = (unsigned char)( c ^ stream_block[n] );
+
+        n = ( n + 1 ) & 0x0F;
+    }
+
+    *nc_off = n;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+#endif /* !MBEDTLS_CAMELLIA_ALT */
+
+#if defined(MBEDTLS_SELF_TEST)
+
+/*
+ * Camellia test vectors from:
+ *
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
+ *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
+ *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
+ *                      (For each bitlength: Key 0, Nr 39)
+ */
+#define CAMELLIA_TESTS_ECB  2
+
+static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
+{
+    {
+        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
+        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+    },
+    {
+        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+          0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
+        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+    },
+    {
+        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+          0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+          0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+    },
+};
+
+static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
+{
+    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+      0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
+    { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+};
+
+static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
+{
+    {
+        { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
+          0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
+        { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
+          0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
+    },
+    {
+        { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
+          0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
+        { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
+          0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
+    },
+    {
+        { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
+          0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
+        { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
+          0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
+    }
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define CAMELLIA_TESTS_CBC  3
+
+static const unsigned char camellia_test_cbc_key[3][32] =
+{
+        { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
+          0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
+    ,
+        { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
+          0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
+          0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
+    ,
+        { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
+          0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
+          0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
+          0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
+};
+
+static const unsigned char camellia_test_cbc_iv[16] =
+
+    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
+;
+
+static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
+{
+    { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+      0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
+    { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+      0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
+    { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
+      0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
+
+};
+
+static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
+{
+    {
+        { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
+          0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
+        { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
+          0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
+        { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
+          0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
+    },
+    {
+        { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
+          0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
+        { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
+          0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
+        { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
+          0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
+    },
+    {
+        { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
+          0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
+        { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
+          0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
+        { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
+          0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
+    }
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+/*
+ * Camellia-CTR test vectors from:
+ *
+ * http://www.faqs.org/rfcs/rfc5528.html
+ */
+
+static const unsigned char camellia_test_ctr_key[3][16] =
+{
+    { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
+      0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
+    { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
+      0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
+    { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
+      0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
+};
+
+static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
+{
+    { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
+    { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
+      0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
+    { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
+      0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
+};
+
+static const unsigned char camellia_test_ctr_pt[3][48] =
+{
+    { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
+      0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
+
+    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
+
+    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
+      0x20, 0x21, 0x22, 0x23 }
+};
+
+static const unsigned char camellia_test_ctr_ct[3][48] =
+{
+    { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
+      0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
+    { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
+      0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
+      0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
+      0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
+    { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
+      0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
+      0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
+      0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
+      0xDF, 0x50, 0x86, 0x96 }
+};
+
+static const int camellia_test_ctr_len[3] =
+    { 16, 32, 36 };
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+/*
+ * Checkup routine
+ */
+int mbedtls_camellia_self_test( int verbose )
+{
+    int i, j, u, v;
+    unsigned char key[32];
+    unsigned char buf[64];
+    unsigned char src[16];
+    unsigned char dst[16];
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    unsigned char iv[16];
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    size_t offset, len;
+    unsigned char nonce_counter[16];
+    unsigned char stream_block[16];
+#endif
+
+    mbedtls_camellia_context ctx;
+
+    memset( key, 0, 32 );
+
+    for( j = 0; j < 6; j++ ) {
+        u = j >> 1;
+    v = j & 1;
+
+    if( verbose != 0 )
+        mbedtls_printf( "  CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
+                         (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
+
+    for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
+        memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
+
+        if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
+            mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
+            memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
+            memcpy( dst, camellia_test_ecb_plain[i], 16 );
+        } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
+            mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
+            memcpy( src, camellia_test_ecb_plain[i], 16 );
+            memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
+        }
+
+        mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
+
+        if( memcmp( buf, dst, 16 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    /*
+     * CBC mode
+     */
+    for( j = 0; j < 6; j++ )
+    {
+        u = j >> 1;
+        v = j  & 1;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
+                             ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
+
+    memcpy( src, camellia_test_cbc_iv, 16 );
+    memcpy( dst, camellia_test_cbc_iv, 16 );
+    memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
+
+    if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
+        mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
+    } else {
+        mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
+    }
+
+    for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
+
+        if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
+            memcpy( iv , src, 16 );
+            memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
+            memcpy( dst, camellia_test_cbc_plain[i], 16 );
+        } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
+            memcpy( iv , dst, 16 );
+            memcpy( src, camellia_test_cbc_plain[i], 16 );
+            memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
+        }
+
+        mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
+
+        if( memcmp( buf, dst, 16 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+    }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    /*
+     * CTR mode
+     */
+    for( i = 0; i < 6; i++ )
+    {
+        u = i >> 1;
+        v = i  & 1;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  CAMELLIA-CTR-128 (%s): ",
+                             ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
+
+        memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
+        memcpy( key, camellia_test_ctr_key[u], 16 );
+
+        offset = 0;
+        mbedtls_camellia_setkey_enc( &ctx, key, 128 );
+
+        if( v == MBEDTLS_CAMELLIA_DECRYPT )
+        {
+            len = camellia_test_ctr_len[u];
+            memcpy( buf, camellia_test_ctr_ct[u], len );
+
+            mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
+                                buf, buf );
+
+            if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                return( 1 );
+            }
+        }
+        else
+        {
+            len = camellia_test_ctr_len[u];
+            memcpy( buf, camellia_test_ctr_pt[u], len );
+
+            mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
+                                buf, buf );
+
+            if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                return( 1 );
+            }
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_CAMELLIA_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ccm.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,464 @@
+/*
+ *  NIST SP800-38C compliant CCM implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * Definition of CCM:
+ * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
+ * RFC 3610 "Counter with CBC-MAC (CCM)"
+ *
+ * Related:
+ * RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_CCM_C)
+
+#include "mbedtls/ccm.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+#define CCM_ENCRYPT 0
+#define CCM_DECRYPT 1
+
+/*
+ * Initialize context
+ */
+void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
+}
+
+int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits )
+{
+    int ret;
+    const mbedtls_cipher_info_t *cipher_info;
+
+    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
+    if( cipher_info == NULL )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+
+    if( cipher_info->block_size != 16 )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+
+    mbedtls_cipher_free( &ctx->cipher_ctx );
+
+    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
+                               MBEDTLS_ENCRYPT ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Free context
+ */
+void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
+{
+    mbedtls_cipher_free( &ctx->cipher_ctx );
+    mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
+}
+
+/*
+ * Macros for common operations.
+ * Results in smaller compiled code than static inline functions.
+ */
+
+/*
+ * Update the CBC-MAC state in y using a block in b
+ * (Always using b as the source helps the compiler optimise a bit better.)
+ */
+#define UPDATE_CBC_MAC                                                      \
+    for( i = 0; i < 16; i++ )                                               \
+        y[i] ^= b[i];                                                       \
+                                                                            \
+    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
+        return( ret );
+
+/*
+ * Encrypt or decrypt a partial block with CTR
+ * Warning: using b for temporary storage! src and dst must not be b!
+ * This avoids allocating one more 16 bytes buffer while allowing src == dst.
+ */
+#define CTR_CRYPT( dst, src, len  )                                            \
+    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, 16, b, &olen ) ) != 0 )  \
+        return( ret );                                                         \
+                                                                               \
+    for( i = 0; i < len; i++ )                                                 \
+        dst[i] = src[i] ^ b[i];
+
+/*
+ * Authenticated encryption or decryption
+ */
+static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
+                           const unsigned char *iv, size_t iv_len,
+                           const unsigned char *add, size_t add_len,
+                           const unsigned char *input, unsigned char *output,
+                           unsigned char *tag, size_t tag_len )
+{
+    int ret;
+    unsigned char i;
+    unsigned char q;
+    size_t len_left, olen;
+    unsigned char b[16];
+    unsigned char y[16];
+    unsigned char ctr[16];
+    const unsigned char *src;
+    unsigned char *dst;
+
+    /*
+     * Check length requirements: SP800-38C A.1
+     * Additional requirement: a < 2^16 - 2^8 to simplify the code.
+     * 'length' checked later (when writing it to the first block)
+     */
+    if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+
+    /* Also implies q is within bounds */
+    if( iv_len < 7 || iv_len > 13 )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+
+    if( add_len > 0xFF00 )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+
+    q = 16 - 1 - (unsigned char) iv_len;
+
+    /*
+     * First block B_0:
+     * 0        .. 0        flags
+     * 1        .. iv_len   nonce (aka iv)
+     * iv_len+1 .. 15       length
+     *
+     * With flags as (bits):
+     * 7        0
+     * 6        add present?
+     * 5 .. 3   (t - 2) / 2
+     * 2 .. 0   q - 1
+     */
+    b[0] = 0;
+    b[0] |= ( add_len > 0 ) << 6;
+    b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
+    b[0] |= q - 1;
+
+    memcpy( b + 1, iv, iv_len );
+
+    for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
+        b[15-i] = (unsigned char)( len_left & 0xFF );
+
+    if( len_left > 0 )
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+
+
+    /* Start CBC-MAC with first block */
+    memset( y, 0, 16 );
+    UPDATE_CBC_MAC;
+
+    /*
+     * If there is additional data, update CBC-MAC with
+     * add_len, add, 0 (padding to a block boundary)
+     */
+    if( add_len > 0 )
+    {
+        size_t use_len;
+        len_left = add_len;
+        src = add;
+
+        memset( b, 0, 16 );
+        b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
+        b[1] = (unsigned char)( ( add_len      ) & 0xFF );
+
+        use_len = len_left < 16 - 2 ? len_left : 16 - 2;
+        memcpy( b + 2, src, use_len );
+        len_left -= use_len;
+        src += use_len;
+
+        UPDATE_CBC_MAC;
+
+        while( len_left > 0 )
+        {
+            use_len = len_left > 16 ? 16 : len_left;
+
+            memset( b, 0, 16 );
+            memcpy( b, src, use_len );
+            UPDATE_CBC_MAC;
+
+            len_left -= use_len;
+            src += use_len;
+        }
+    }
+
+    /*
+     * Prepare counter block for encryption:
+     * 0        .. 0        flags
+     * 1        .. iv_len   nonce (aka iv)
+     * iv_len+1 .. 15       counter (initially 1)
+     *
+     * With flags as (bits):
+     * 7 .. 3   0
+     * 2 .. 0   q - 1
+     */
+    ctr[0] = q - 1;
+    memcpy( ctr + 1, iv, iv_len );
+    memset( ctr + 1 + iv_len, 0, q );
+    ctr[15] = 1;
+
+    /*
+     * Authenticate and {en,de}crypt the message.
+     *
+     * The only difference between encryption and decryption is
+     * the respective order of authentication and {en,de}cryption.
+     */
+    len_left = length;
+    src = input;
+    dst = output;
+
+    while( len_left > 0 )
+    {
+        size_t use_len = len_left > 16 ? 16 : len_left;
+
+        if( mode == CCM_ENCRYPT )
+        {
+            memset( b, 0, 16 );
+            memcpy( b, src, use_len );
+            UPDATE_CBC_MAC;
+        }
+
+        CTR_CRYPT( dst, src, use_len );
+
+        if( mode == CCM_DECRYPT )
+        {
+            memset( b, 0, 16 );
+            memcpy( b, dst, use_len );
+            UPDATE_CBC_MAC;
+        }
+
+        dst += use_len;
+        src += use_len;
+        len_left -= use_len;
+
+        /*
+         * Increment counter.
+         * No need to check for overflow thanks to the length check above.
+         */
+        for( i = 0; i < q; i++ )
+            if( ++ctr[15-i] != 0 )
+                break;
+    }
+
+    /*
+     * Authentication: reset counter and crypt/mask internal tag
+     */
+    for( i = 0; i < q; i++ )
+        ctr[15-i] = 0;
+
+    CTR_CRYPT( y, y, 16 );
+    memcpy( tag, y, tag_len );
+
+    return( 0 );
+}
+
+/*
+ * Authenticated encryption
+ */
+int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *add, size_t add_len,
+                         const unsigned char *input, unsigned char *output,
+                         unsigned char *tag, size_t tag_len )
+{
+    return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
+                            add, add_len, input, output, tag, tag_len ) );
+}
+
+/*
+ * Authenticated decryption
+ */
+int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
+                      const unsigned char *iv, size_t iv_len,
+                      const unsigned char *add, size_t add_len,
+                      const unsigned char *input, unsigned char *output,
+                      const unsigned char *tag, size_t tag_len )
+{
+    int ret;
+    unsigned char check_tag[16];
+    unsigned char i;
+    int diff;
+
+    if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
+                                iv, iv_len, add, add_len,
+                                input, output, check_tag, tag_len ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    /* Check tag in "constant-time" */
+    for( diff = 0, i = 0; i < tag_len; i++ )
+        diff |= tag[i] ^ check_tag[i];
+
+    if( diff != 0 )
+    {
+        mbedtls_zeroize( output, length );
+        return( MBEDTLS_ERR_CCM_AUTH_FAILED );
+    }
+
+    return( 0 );
+}
+
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+/*
+ * Examples 1 to 3 from SP800-38C Appendix C
+ */
+
+#define NB_TESTS 3
+
+/*
+ * The data is the same for all tests, only the used length changes
+ */
+static const unsigned char key[] = {
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
+};
+
+static const unsigned char iv[] = {
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b
+};
+
+static const unsigned char ad[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13
+};
+
+static const unsigned char msg[] = {
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+};
+
+static const size_t iv_len [NB_TESTS] = { 7, 8,  12 };
+static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
+static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
+static const size_t tag_len[NB_TESTS] = { 4, 6,  8  };
+
+static const unsigned char res[NB_TESTS][32] = {
+    {   0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
+    {   0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
+        0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
+        0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
+    {   0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
+        0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
+        0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
+        0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
+};
+
+int mbedtls_ccm_self_test( int verbose )
+{
+    mbedtls_ccm_context ctx;
+    unsigned char out[32];
+    size_t i;
+    int ret;
+
+    mbedtls_ccm_init( &ctx );
+
+    if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  CCM: setup failed" );
+
+        return( 1 );
+    }
+
+    for( i = 0; i < NB_TESTS; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  CCM-AES #%u: ", (unsigned int) i + 1 );
+
+        ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len[i],
+                                   iv, iv_len[i], ad, add_len[i],
+                                   msg, out,
+                                   out + msg_len[i], tag_len[i] );
+
+        if( ret != 0 ||
+            memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+
+        ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len[i],
+                                iv, iv_len[i], ad, add_len[i],
+                                res[i], out,
+                                res[i] + msg_len[i], tag_len[i] );
+
+        if( ret != 0 ||
+            memcmp( out, msg, msg_len[i] ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    mbedtls_ccm_free( &ctx );
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+#endif /* MBEDTLS_CCM_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/certs.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,351 @@
+/*
+ *  X.509 test certificates
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/certs.h"
+
+#if defined(MBEDTLS_CERTS_C)
+
+#if defined(MBEDTLS_ECDSA_C)
+#define TEST_CA_CRT_EC                                                  \
+"-----BEGIN CERTIFICATE-----\r\n"                                       \
+"MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT\r\n"  \
+"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n"  \
+"QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT\r\n"  \
+"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n"  \
+"QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu\r\n"  \
+"ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy\r\n"  \
+"aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g\r\n"  \
+"JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7\r\n"  \
+"NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE\r\n"  \
+"AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w\r\n"  \
+"CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56\r\n"  \
+"t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv\r\n"  \
+"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n"                                  \
+"-----END CERTIFICATE-----\r\n"
+const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC;
+
+const char mbedtls_test_ca_key_ec[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"Proc-Type: 4,ENCRYPTED\r\n"
+"DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n"
+"\r\n"
+"IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n"
+"ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n"
+"UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n"
+"a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+
+const char mbedtls_test_ca_pwd_ec[] = "PolarSSLTest";
+
+const char mbedtls_test_srv_crt_ec[] =
+"-----BEGIN CERTIFICATE-----\r\n"
+"MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
+"MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n"
+"CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n"
+"2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n"
+"BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n"
+"PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n"
+"clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n"
+"CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n"
+"C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n"
+"fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"
+"-----END CERTIFICATE-----\r\n";
+
+const char mbedtls_test_srv_key_ec[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n"
+"AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n"
+"6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+
+const char mbedtls_test_cli_crt_ec[] =
+"-----BEGIN CERTIFICATE-----\r\n"
+"MIICLDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
+"MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjBBMQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxHzAdBgNVBAMTFlBvbGFyU1NMIFRlc3QgQ2xpZW50IDIw\r\n"
+"WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX5a6xc9/TrLuTuIH/Eq7u5lOszlVT\r\n"
+"9jQOzC7jYyUL35ji81xgNpbA1RgUcOV/n9VLRRjlsGzVXPiWj4dwo+THo4GdMIGa\r\n"
+"MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMG4GA1Ud\r\n"
+"IwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDER\r\n"
+"MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC\r\n"
+"CQDBQ+J+YkPM6DAKBggqhkjOPQQDAgNoADBlAjBKZQ17IIOimbmoD/yN7o89u3BM\r\n"
+"lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU\r\n"
+"LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=\r\n"
+"-----END CERTIFICATE-----\r\n";
+
+const char mbedtls_test_cli_key_ec[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n"
+"AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
+"wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+
+const size_t mbedtls_test_ca_crt_ec_len  = sizeof( mbedtls_test_ca_crt_ec );
+const size_t mbedtls_test_ca_key_ec_len  = sizeof( mbedtls_test_ca_key_ec );
+const size_t mbedtls_test_ca_pwd_ec_len  = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
+const size_t mbedtls_test_srv_crt_ec_len = sizeof( mbedtls_test_srv_crt_ec );
+const size_t mbedtls_test_srv_key_ec_len = sizeof( mbedtls_test_srv_key_ec );
+const size_t mbedtls_test_cli_crt_ec_len = sizeof( mbedtls_test_cli_crt_ec );
+const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
+#else
+#define TEST_CA_CRT_EC
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_RSA_C)
+#define TEST_CA_CRT_RSA                                                 \
+"-----BEGIN CERTIFICATE-----\r\n"                                       \
+"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"  \
+"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"  \
+"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n"  \
+"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n"  \
+"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n"  \
+"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n"  \
+"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n"  \
+"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n"  \
+"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n"  \
+"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n"  \
+"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n"  \
+"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n"  \
+"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n"  \
+"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n"  \
+"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n"  \
+"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n"  \
+"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n"  \
+"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n"  \
+"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n"      \
+"-----END CERTIFICATE-----\r\n"
+const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
+
+const char mbedtls_test_ca_key_rsa[] =
+"-----BEGIN RSA PRIVATE KEY-----\r\n"
+"Proc-Type: 4,ENCRYPTED\r\n"
+"DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n"
+"\r\n"
+"9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n"
+"7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n"
+"Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n"
+"PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n"
+"GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n"
+"gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n"
+"QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n"
+"PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n"
+"vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n"
+"WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n"
+"JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n"
+"KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n"
+"Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n"
+"9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n"
+"iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n"
+"tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n"
+"P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n"
+"1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n"
+"nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n"
+"X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n"
+"rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n"
+"L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n"
+"I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n"
+"wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n"
+"P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n"
+"-----END RSA PRIVATE KEY-----\r\n";
+
+const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest";
+
+const char mbedtls_test_srv_crt_rsa[] =
+"-----BEGIN CERTIFICATE-----\r\n"
+"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
+"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
+"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"
+"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"
+"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"
+"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"
+"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"
+"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"
+"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"
+"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"
+"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY\r\n"
+"oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw\r\n"
+"UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y\r\n"
+"iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M\r\n"
+"wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS\r\n"
+"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
+"zhuYwjVuX6JHG0c=\r\n"
+"-----END CERTIFICATE-----\r\n";
+
+const char mbedtls_test_srv_key_rsa[] =
+"-----BEGIN RSA PRIVATE KEY-----\r\n"
+"MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n"
+"lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n"
+"2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n"
+"Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n"
+"GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n"
+"y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n"
+"++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n"
+"Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n"
+"/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n"
+"WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n"
+"GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n"
+"TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n"
+"CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n"
+"nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n"
+"AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n"
+"sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n"
+"mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n"
+"BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n"
+"whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n"
+"vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n"
+"3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n"
+"3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n"
+"ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n"
+"4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
+"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
+"-----END RSA PRIVATE KEY-----\r\n";
+
+const char mbedtls_test_cli_crt_rsa[] =
+"-----BEGIN CERTIFICATE-----\r\n"
+"MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
+"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
+"MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n"
+"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n"
+"M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n"
+"1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n"
+"MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n"
+"4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n"
+"/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n"
+"o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n"
+"BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC\r\n"
+"AQEAAn86isAM8X+mVwJqeItt6E9slhEQbAofyk+diH1Lh8Y9iLlWQSKbw/UXYjx5\r\n"
+"LLPZcniovxIcARC/BjyZR9g3UwTHNGNm+rwrqa15viuNOFBchykX/Orsk02EH7NR\r\n"
+"Alw5WLPorYjED6cdVQgBl9ot93HdJogRiXCxErM7NC8/eP511mjq+uLDjLKH8ZPQ\r\n"
+"8I4ekHJnroLsDkIwXKGIsvIBHQy2ac/NwHLCQOK6mfum1pRx52V4Utu5dLLjD5bM\r\n"
+"xOBC7KU4xZKuMXXZM6/93Yb51K/J4ahf1TxJlTWXtnzDr9saEYdNy2SKY/6ZiDNH\r\n"
+"D+stpAKiQLAWaAusIWKYEyw9MQ==\r\n"
+"-----END CERTIFICATE-----\r\n";
+
+const char mbedtls_test_cli_key_rsa[] =
+"-----BEGIN RSA PRIVATE KEY-----\r\n"
+"MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n"
+"B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n"
+"bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n"
+"Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n"
+"7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n"
+"dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n"
+"yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n"
+"4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n"
+"ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n"
+"zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n"
+"l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n"
+"DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n"
+"VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n"
+"Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n"
+"wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n"
+"c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n"
+"33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n"
+"ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n"
+"BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n"
+"KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n"
+"UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n"
+"7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n"
+"gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n"
+"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
+"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
+"-----END RSA PRIVATE KEY-----\r\n";
+
+const size_t mbedtls_test_ca_crt_rsa_len  = sizeof( mbedtls_test_ca_crt_rsa );
+const size_t mbedtls_test_ca_key_rsa_len  = sizeof( mbedtls_test_ca_key_rsa );
+const size_t mbedtls_test_ca_pwd_rsa_len  = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
+const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
+const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa );
+const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa );
+const size_t mbedtls_test_cli_key_rsa_len = sizeof( mbedtls_test_cli_key_rsa );
+#else
+#define TEST_CA_CRT_RSA
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+/* Concatenation of all available CA certificates */
+const char mbedtls_test_cas_pem[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC;
+const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
+#endif
+
+/* List of all available CA certificates */
+const char * mbedtls_test_cas[] = {
+#if defined(MBEDTLS_RSA_C)
+    mbedtls_test_ca_crt_rsa,
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+    mbedtls_test_ca_crt_ec,
+#endif
+    NULL
+};
+const size_t mbedtls_test_cas_len[] = {
+#if defined(MBEDTLS_RSA_C)
+    sizeof( mbedtls_test_ca_crt_rsa ),
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+    sizeof( mbedtls_test_ca_crt_ec ),
+#endif
+    0
+};
+
+#if defined(MBEDTLS_RSA_C)
+const char *mbedtls_test_ca_crt  = mbedtls_test_ca_crt_rsa;
+const char *mbedtls_test_ca_key  = mbedtls_test_ca_key_rsa;
+const char *mbedtls_test_ca_pwd  = mbedtls_test_ca_pwd_rsa;
+const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa;
+const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa;
+const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa;
+const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa;
+const size_t mbedtls_test_ca_crt_len  = sizeof( mbedtls_test_ca_crt_rsa );
+const size_t mbedtls_test_ca_key_len  = sizeof( mbedtls_test_ca_key_rsa );
+const size_t mbedtls_test_ca_pwd_len  = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
+const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa );
+const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa );
+const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa );
+const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa );
+#else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */
+const char *mbedtls_test_ca_crt  = mbedtls_test_ca_crt_ec;
+const char *mbedtls_test_ca_key  = mbedtls_test_ca_key_ec;
+const char *mbedtls_test_ca_pwd  = mbedtls_test_ca_pwd_ec;
+const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_ec;
+const char *mbedtls_test_srv_key = mbedtls_test_srv_key_ec;
+const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_ec;
+const char *mbedtls_test_cli_key = mbedtls_test_cli_key_ec;
+const size_t mbedtls_test_ca_crt_len  = sizeof( mbedtls_test_ca_crt_ec );
+const size_t mbedtls_test_ca_key_len  = sizeof( mbedtls_test_ca_key_ec );
+const size_t mbedtls_test_ca_pwd_len  = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
+const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_ec );
+const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_ec );
+const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_ec );
+const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_ec );
+#endif /* MBEDTLS_RSA_C */
+
+#endif /* MBEDTLS_CERTS_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/cipher.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,886 @@
+/**
+ * \file cipher.c
+ *
+ * \brief Generic cipher wrapper for mbed TLS
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_CIPHER_C)
+
+#include "mbedtls/cipher.h"
+#include "mbedtls/cipher_internal.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(MBEDTLS_GCM_C)
+#include "mbedtls/gcm.h"
+#endif
+
+#if defined(MBEDTLS_CCM_C)
+#include "mbedtls/ccm.h"
+#endif
+
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#define MBEDTLS_CIPHER_MODE_STREAM
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+static int supported_init = 0;
+
+const int *mbedtls_cipher_list( void )
+{
+    const mbedtls_cipher_definition_t *def;
+    int *type;
+
+    if( ! supported_init )
+    {
+        def = mbedtls_cipher_definitions;
+        type = mbedtls_cipher_supported;
+
+        while( def->type != 0 )
+            *type++ = (*def++).type;
+
+        *type = 0;
+
+        supported_init = 1;
+    }
+
+    return( mbedtls_cipher_supported );
+}
+
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type )
+{
+    const mbedtls_cipher_definition_t *def;
+
+    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
+        if( def->type == cipher_type )
+            return( def->info );
+
+    return( NULL );
+}
+
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name )
+{
+    const mbedtls_cipher_definition_t *def;
+
+    if( NULL == cipher_name )
+        return( NULL );
+
+    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
+        if( !  strcmp( def->info->name, cipher_name ) )
+            return( def->info );
+
+    return( NULL );
+}
+
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
+                                              int key_bitlen,
+                                              const mbedtls_cipher_mode_t mode )
+{
+    const mbedtls_cipher_definition_t *def;
+
+    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
+        if( def->info->base->cipher == cipher_id &&
+            def->info->key_bitlen == (unsigned) key_bitlen &&
+            def->info->mode == mode )
+            return( def->info );
+
+    return( NULL );
+}
+
+void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+}
+
+void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    if( ctx->cipher_ctx )
+        ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
+
+    mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
+}
+
+int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
+{
+    if( NULL == cipher_info || NULL == ctx )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
+
+    if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
+        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+
+    ctx->cipher_info = cipher_info;
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+    /*
+     * Ignore possible errors caused by a cipher mode that doesn't use padding
+     */
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+    (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 );
+#else
+    (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE );
+#endif
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
+    return( 0 );
+}
+
+int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
+        int key_bitlen, const mbedtls_operation_t operation )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
+        (int) ctx->cipher_info->key_bitlen != key_bitlen )
+    {
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+    ctx->key_bitlen = key_bitlen;
+    ctx->operation = operation;
+
+    /*
+     * For CFB and CTR mode always use the encryption key schedule
+     */
+    if( MBEDTLS_ENCRYPT == operation ||
+        MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
+    {
+        return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
+                ctx->key_bitlen );
+    }
+
+    if( MBEDTLS_DECRYPT == operation )
+        return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
+                ctx->key_bitlen );
+
+    return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+}
+
+int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
+                   const unsigned char *iv, size_t iv_len )
+{
+    size_t actual_iv_size;
+
+    if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    /* avoid buffer overflow in ctx->iv */
+    if( iv_len > MBEDTLS_MAX_IV_LENGTH )
+        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+    if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 )
+        actual_iv_size = iv_len;
+    else
+    {
+        actual_iv_size = ctx->cipher_info->iv_size;
+
+        /* avoid reading past the end of input buffer */
+        if( actual_iv_size > iv_len )
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+    memcpy( ctx->iv, iv, actual_iv_size );
+    ctx->iv_size = actual_iv_size;
+
+    return( 0 );
+}
+
+int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    ctx->unprocessed_len = 0;
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_GCM_C)
+int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *ad, size_t ad_len )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
+    {
+        return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
+                           ctx->iv, ctx->iv_size, ad, ad_len );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_GCM_C */
+
+int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
+                   size_t ilen, unsigned char *output, size_t *olen )
+{
+    int ret;
+
+    if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
+    {
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+    *olen = 0;
+
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
+    {
+        if( ilen != mbedtls_cipher_get_block_size( ctx ) )
+            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+
+        *olen = ilen;
+
+        if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
+                    ctx->operation, input, output ) ) )
+        {
+            return( ret );
+        }
+
+        return( 0 );
+    }
+
+#if defined(MBEDTLS_GCM_C)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
+    {
+        *olen = ilen;
+        return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
+                           output );
+    }
+#endif
+
+    if( input == output &&
+       ( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) )
+    {
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
+    {
+        size_t copy_len = 0;
+
+        /*
+         * If there is not enough data for a full block, cache it.
+         */
+        if( ( ctx->operation == MBEDTLS_DECRYPT &&
+                ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) ||
+             ( ctx->operation == MBEDTLS_ENCRYPT &&
+                ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) )
+        {
+            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
+                    ilen );
+
+            ctx->unprocessed_len += ilen;
+            return( 0 );
+        }
+
+        /*
+         * Process cached data first
+         */
+        if( ctx->unprocessed_len != 0 )
+        {
+            copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len;
+
+            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
+                    copy_len );
+
+            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
+                    ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
+                    ctx->unprocessed_data, output ) ) )
+            {
+                return( ret );
+            }
+
+            *olen += mbedtls_cipher_get_block_size( ctx );
+            output += mbedtls_cipher_get_block_size( ctx );
+            ctx->unprocessed_len = 0;
+
+            input += copy_len;
+            ilen -= copy_len;
+        }
+
+        /*
+         * Cache final, incomplete block
+         */
+        if( 0 != ilen )
+        {
+            copy_len = ilen % mbedtls_cipher_get_block_size( ctx );
+            if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
+                copy_len = mbedtls_cipher_get_block_size( ctx );
+
+            memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
+                    copy_len );
+
+            ctx->unprocessed_len += copy_len;
+            ilen -= copy_len;
+        }
+
+        /*
+         * Process remaining full blocks
+         */
+        if( ilen )
+        {
+            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
+                    ctx->operation, ilen, ctx->iv, input, output ) ) )
+            {
+                return( ret );
+            }
+
+            *olen += ilen;
+        }
+
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
+    {
+        if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
+                ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
+                input, output ) ) )
+        {
+            return( ret );
+        }
+
+        *olen = ilen;
+
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
+    {
+        if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
+                ilen, &ctx->unprocessed_len, ctx->iv,
+                ctx->unprocessed_data, input, output ) ) )
+        {
+            return( ret );
+        }
+
+        *olen = ilen;
+
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
+    {
+        if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
+                                                    ilen, input, output ) ) )
+        {
+            return( ret );
+        }
+
+        *olen = ilen;
+
+        return( 0 );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_STREAM */
+
+    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+/*
+ * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
+ */
+static void add_pkcs_padding( unsigned char *output, size_t output_len,
+        size_t data_len )
+{
+    size_t padding_len = output_len - data_len;
+    unsigned char i;
+
+    for( i = 0; i < padding_len; i++ )
+        output[data_len + i] = (unsigned char) padding_len;
+}
+
+static int get_pkcs_padding( unsigned char *input, size_t input_len,
+        size_t *data_len )
+{
+    size_t i, pad_idx;
+    unsigned char padding_len, bad = 0;
+
+    if( NULL == input || NULL == data_len )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    padding_len = input[input_len - 1];
+    *data_len = input_len - padding_len;
+
+    /* Avoid logical || since it results in a branch */
+    bad |= padding_len > input_len;
+    bad |= padding_len == 0;
+
+    /* The number of bytes checked must be independent of padding_len,
+     * so pick input_len, which is usually 8 or 16 (one block) */
+    pad_idx = input_len - padding_len;
+    for( i = 0; i < input_len; i++ )
+        bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
+
+    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+}
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
+/*
+ * One and zeros padding: fill with 80 00 ... 00
+ */
+static void add_one_and_zeros_padding( unsigned char *output,
+                                       size_t output_len, size_t data_len )
+{
+    size_t padding_len = output_len - data_len;
+    unsigned char i = 0;
+
+    output[data_len] = 0x80;
+    for( i = 1; i < padding_len; i++ )
+        output[data_len + i] = 0x00;
+}
+
+static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
+                                      size_t *data_len )
+{
+    size_t i;
+    unsigned char done = 0, prev_done, bad;
+
+    if( NULL == input || NULL == data_len )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    bad = 0xFF;
+    *data_len = 0;
+    for( i = input_len; i > 0; i-- )
+    {
+        prev_done = done;
+        done |= ( input[i-1] != 0 );
+        *data_len |= ( i - 1 ) * ( done != prev_done );
+        bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
+    }
+
+    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+
+}
+#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
+/*
+ * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
+ */
+static void add_zeros_and_len_padding( unsigned char *output,
+                                       size_t output_len, size_t data_len )
+{
+    size_t padding_len = output_len - data_len;
+    unsigned char i = 0;
+
+    for( i = 1; i < padding_len; i++ )
+        output[data_len + i - 1] = 0x00;
+    output[output_len - 1] = (unsigned char) padding_len;
+}
+
+static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
+                                      size_t *data_len )
+{
+    size_t i, pad_idx;
+    unsigned char padding_len, bad = 0;
+
+    if( NULL == input || NULL == data_len )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    padding_len = input[input_len - 1];
+    *data_len = input_len - padding_len;
+
+    /* Avoid logical || since it results in a branch */
+    bad |= padding_len > input_len;
+    bad |= padding_len == 0;
+
+    /* The number of bytes checked must be independent of padding_len */
+    pad_idx = input_len - padding_len;
+    for( i = 0; i < input_len - 1; i++ )
+        bad |= input[i] * ( i >= pad_idx );
+
+    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
+}
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
+/*
+ * Zero padding: fill with 00 ... 00
+ */
+static void add_zeros_padding( unsigned char *output,
+                               size_t output_len, size_t data_len )
+{
+    size_t i;
+
+    for( i = data_len; i < output_len; i++ )
+        output[i] = 0x00;
+}
+
+static int get_zeros_padding( unsigned char *input, size_t input_len,
+                              size_t *data_len )
+{
+    size_t i;
+    unsigned char done = 0, prev_done;
+
+    if( NULL == input || NULL == data_len )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    *data_len = 0;
+    for( i = input_len; i > 0; i-- )
+    {
+        prev_done = done;
+        done |= ( input[i-1] != 0 );
+        *data_len |= i * ( done != prev_done );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
+
+/*
+ * No padding: don't pad :)
+ *
+ * There is no add_padding function (check for NULL in mbedtls_cipher_finish)
+ * but a trivial get_padding function
+ */
+static int get_no_padding( unsigned char *input, size_t input_len,
+                              size_t *data_len )
+{
+    if( NULL == input || NULL == data_len )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    *data_len = input_len;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
+int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
+                   unsigned char *output, size_t *olen )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    *olen = 0;
+
+    if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
+    {
+        return( 0 );
+    }
+
+    if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
+    {
+        if( ctx->unprocessed_len != 0 )
+            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+
+        return( 0 );
+    }
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
+    {
+        int ret = 0;
+
+        if( MBEDTLS_ENCRYPT == ctx->operation )
+        {
+            /* check for 'no padding' mode */
+            if( NULL == ctx->add_padding )
+            {
+                if( 0 != ctx->unprocessed_len )
+                    return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+
+                return( 0 );
+            }
+
+            ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ),
+                    ctx->unprocessed_len );
+        }
+        else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
+        {
+            /*
+             * For decrypt operations, expect a full block,
+             * or an empty block if no padding
+             */
+            if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
+                return( 0 );
+
+            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
+        }
+
+        /* cipher block */
+        if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
+                ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
+                ctx->unprocessed_data, output ) ) )
+        {
+            return( ret );
+        }
+
+        /* Set output size for decryption */
+        if( MBEDTLS_DECRYPT == ctx->operation )
+            return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
+                                     olen );
+
+        /* Set output size for encryption */
+        *olen = mbedtls_cipher_get_block_size( ctx );
+        return( 0 );
+    }
+#else
+    ((void) output);
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode )
+{
+    if( NULL == ctx ||
+        MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
+    {
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+    switch( mode )
+    {
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+    case MBEDTLS_PADDING_PKCS7:
+        ctx->add_padding = add_pkcs_padding;
+        ctx->get_padding = get_pkcs_padding;
+        break;
+#endif
+#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
+    case MBEDTLS_PADDING_ONE_AND_ZEROS:
+        ctx->add_padding = add_one_and_zeros_padding;
+        ctx->get_padding = get_one_and_zeros_padding;
+        break;
+#endif
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
+    case MBEDTLS_PADDING_ZEROS_AND_LEN:
+        ctx->add_padding = add_zeros_and_len_padding;
+        ctx->get_padding = get_zeros_and_len_padding;
+        break;
+#endif
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
+    case MBEDTLS_PADDING_ZEROS:
+        ctx->add_padding = add_zeros_padding;
+        ctx->get_padding = get_zeros_padding;
+        break;
+#endif
+    case MBEDTLS_PADDING_NONE:
+        ctx->add_padding = NULL;
+        ctx->get_padding = get_no_padding;
+        break;
+
+    default:
+        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
+
+#if defined(MBEDTLS_GCM_C)
+int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
+                      unsigned char *tag, size_t tag_len )
+{
+    if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    if( MBEDTLS_ENCRYPT != ctx->operation )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
+        return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len );
+
+    return( 0 );
+}
+
+int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
+                      const unsigned char *tag, size_t tag_len )
+{
+    int ret;
+
+    if( NULL == ctx || NULL == ctx->cipher_info ||
+        MBEDTLS_DECRYPT != ctx->operation )
+    {
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
+    {
+        unsigned char check_tag[16];
+        size_t i;
+        int diff;
+
+        if( tag_len > sizeof( check_tag ) )
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+        if( 0 != ( ret = mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
+                                     check_tag, tag_len ) ) )
+        {
+            return( ret );
+        }
+
+        /* Check the tag in "constant-time" */
+        for( diff = 0, i = 0; i < tag_len; i++ )
+            diff |= tag[i] ^ check_tag[i];
+
+        if( diff != 0 )
+            return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
+
+        return( 0 );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_GCM_C */
+
+/*
+ * Packet-oriented wrapper for non-AEAD modes
+ */
+int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
+                  const unsigned char *iv, size_t iv_len,
+                  const unsigned char *input, size_t ilen,
+                  unsigned char *output, size_t *olen )
+{
+    int ret;
+    size_t finish_olen;
+
+    if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
+        return( ret );
+
+    *olen += finish_olen;
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
+/*
+ * Packet-oriented encryption for AEAD modes
+ */
+int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         unsigned char *tag, size_t tag_len )
+{
+#if defined(MBEDTLS_GCM_C)
+    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
+    {
+        *olen = ilen;
+        return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, ilen,
+                                   iv, iv_len, ad, ad_len, input, output,
+                                   tag_len, tag ) );
+    }
+#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CCM_C)
+    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
+    {
+        *olen = ilen;
+        return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
+                                     iv, iv_len, ad, ad_len, input, output,
+                                     tag, tag_len ) );
+    }
+#endif /* MBEDTLS_CCM_C */
+
+    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+}
+
+/*
+ * Packet-oriented decryption for AEAD modes
+ */
+int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv, size_t iv_len,
+                         const unsigned char *ad, size_t ad_len,
+                         const unsigned char *input, size_t ilen,
+                         unsigned char *output, size_t *olen,
+                         const unsigned char *tag, size_t tag_len )
+{
+#if defined(MBEDTLS_GCM_C)
+    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
+    {
+        int ret;
+
+        *olen = ilen;
+        ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
+                                iv, iv_len, ad, ad_len,
+                                tag, tag_len, input, output );
+
+        if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED )
+            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+
+        return( ret );
+    }
+#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CCM_C)
+    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
+    {
+        int ret;
+
+        *olen = ilen;
+        ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
+                                iv, iv_len, ad, ad_len,
+                                input, output, tag, tag_len );
+
+        if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
+            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+
+        return( ret );
+    }
+#endif /* MBEDTLS_CCM_C */
+
+    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+}
+#endif /* MBEDTLS_CIPHER_MODE_AEAD */
+
+#endif /* MBEDTLS_CIPHER_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/cipher_wrap.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1451 @@
+/**
+ * \file cipher_wrap.c
+ *
+ * \brief Generic cipher wrapper for mbed TLS
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_CIPHER_C)
+
+#include "mbedtls/cipher_internal.h"
+
+#if defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+#include "mbedtls/arc4.h"
+#endif
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#include "mbedtls/camellia.h"
+#endif
+
+#if defined(MBEDTLS_DES_C)
+#include "mbedtls/des.h"
+#endif
+
+#if defined(MBEDTLS_BLOWFISH_C)
+#include "mbedtls/blowfish.h"
+#endif
+
+#if defined(MBEDTLS_GCM_C)
+#include "mbedtls/gcm.h"
+#endif
+
+#if defined(MBEDTLS_CCM_C)
+#include "mbedtls/ccm.h"
+#endif
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#include <string.h>
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#if defined(MBEDTLS_GCM_C)
+/* shared by all GCM ciphers */
+static void *gcm_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) );
+
+    if( ctx != NULL )
+        mbedtls_gcm_init( (mbedtls_gcm_context *) ctx );
+
+    return( ctx );
+}
+
+static void gcm_ctx_free( void *ctx )
+{
+    mbedtls_gcm_free( ctx );
+    mbedtls_free( ctx );
+}
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CCM_C)
+/* shared by all CCM ciphers */
+static void *ccm_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) );
+
+    if( ctx != NULL )
+        mbedtls_ccm_init( (mbedtls_ccm_context *) ctx );
+
+    return( ctx );
+}
+
+static void ccm_ctx_free( void *ctx )
+{
+    mbedtls_ccm_free( ctx );
+    mbedtls_free( ctx );
+}
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_AES_C)
+
+static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
+        unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input,
+                          output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
+        size_t length, size_t *iv_off, unsigned char *iv,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_aes_crypt_cfb128( (mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
+                             input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
+        unsigned char *nonce_counter, unsigned char *stream_block,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_aes_crypt_ctr( (mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
+                          stream_block, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen )
+{
+    return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen );
+}
+
+static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen )
+{
+    return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen );
+}
+
+static void * aes_ctx_alloc( void )
+{
+    mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) );
+
+    if( aes == NULL )
+        return( NULL );
+
+    mbedtls_aes_init( aes );
+
+    return( aes );
+}
+
+static void aes_ctx_free( void *ctx )
+{
+    mbedtls_aes_free( (mbedtls_aes_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t aes_info = {
+    MBEDTLS_CIPHER_ID_AES,
+    aes_crypt_ecb_wrap,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    aes_crypt_cbc_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    aes_crypt_cfb128_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    aes_crypt_ctr_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    aes_setkey_enc_wrap,
+    aes_setkey_dec_wrap,
+    aes_ctx_alloc,
+    aes_ctx_free
+};
+
+static const mbedtls_cipher_info_t aes_128_ecb_info = {
+    MBEDTLS_CIPHER_AES_128_ECB,
+    MBEDTLS_MODE_ECB,
+    128,
+    "AES-128-ECB",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_ecb_info = {
+    MBEDTLS_CIPHER_AES_192_ECB,
+    MBEDTLS_MODE_ECB,
+    192,
+    "AES-192-ECB",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_ecb_info = {
+    MBEDTLS_CIPHER_AES_256_ECB,
+    MBEDTLS_MODE_ECB,
+    256,
+    "AES-256-ECB",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const mbedtls_cipher_info_t aes_128_cbc_info = {
+    MBEDTLS_CIPHER_AES_128_CBC,
+    MBEDTLS_MODE_CBC,
+    128,
+    "AES-128-CBC",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_cbc_info = {
+    MBEDTLS_CIPHER_AES_192_CBC,
+    MBEDTLS_MODE_CBC,
+    192,
+    "AES-192-CBC",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_cbc_info = {
+    MBEDTLS_CIPHER_AES_256_CBC,
+    MBEDTLS_MODE_CBC,
+    256,
+    "AES-256-CBC",
+    16,
+    0,
+    16,
+    &aes_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static const mbedtls_cipher_info_t aes_128_cfb128_info = {
+    MBEDTLS_CIPHER_AES_128_CFB128,
+    MBEDTLS_MODE_CFB,
+    128,
+    "AES-128-CFB128",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_cfb128_info = {
+    MBEDTLS_CIPHER_AES_192_CFB128,
+    MBEDTLS_MODE_CFB,
+    192,
+    "AES-192-CFB128",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_cfb128_info = {
+    MBEDTLS_CIPHER_AES_256_CFB128,
+    MBEDTLS_MODE_CFB,
+    256,
+    "AES-256-CFB128",
+    16,
+    0,
+    16,
+    &aes_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static const mbedtls_cipher_info_t aes_128_ctr_info = {
+    MBEDTLS_CIPHER_AES_128_CTR,
+    MBEDTLS_MODE_CTR,
+    128,
+    "AES-128-CTR",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_ctr_info = {
+    MBEDTLS_CIPHER_AES_192_CTR,
+    MBEDTLS_MODE_CTR,
+    192,
+    "AES-192-CTR",
+    16,
+    0,
+    16,
+    &aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_ctr_info = {
+    MBEDTLS_CIPHER_AES_256_CTR,
+    MBEDTLS_MODE_CTR,
+    256,
+    "AES-256-CTR",
+    16,
+    0,
+    16,
+    &aes_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_GCM_C)
+static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen )
+{
+    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
+                     key, key_bitlen );
+}
+
+static const mbedtls_cipher_base_t gcm_aes_info = {
+    MBEDTLS_CIPHER_ID_AES,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    gcm_aes_setkey_wrap,
+    gcm_aes_setkey_wrap,
+    gcm_ctx_alloc,
+    gcm_ctx_free,
+};
+
+static const mbedtls_cipher_info_t aes_128_gcm_info = {
+    MBEDTLS_CIPHER_AES_128_GCM,
+    MBEDTLS_MODE_GCM,
+    128,
+    "AES-128-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_gcm_info = {
+    MBEDTLS_CIPHER_AES_192_GCM,
+    MBEDTLS_MODE_GCM,
+    192,
+    "AES-192-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_gcm_info = {
+    MBEDTLS_CIPHER_AES_256_GCM,
+    MBEDTLS_MODE_GCM,
+    256,
+    "AES-256-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_aes_info
+};
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CCM_C)
+static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen )
+{
+    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
+                     key, key_bitlen );
+}
+
+static const mbedtls_cipher_base_t ccm_aes_info = {
+    MBEDTLS_CIPHER_ID_AES,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    ccm_aes_setkey_wrap,
+    ccm_aes_setkey_wrap,
+    ccm_ctx_alloc,
+    ccm_ctx_free,
+};
+
+static const mbedtls_cipher_info_t aes_128_ccm_info = {
+    MBEDTLS_CIPHER_AES_128_CCM,
+    MBEDTLS_MODE_CCM,
+    128,
+    "AES-128-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_ccm_info = {
+    MBEDTLS_CIPHER_AES_192_CCM,
+    MBEDTLS_MODE_CCM,
+    192,
+    "AES-192-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_ccm_info = {
+    MBEDTLS_CIPHER_AES_256_CCM,
+    MBEDTLS_MODE_CCM,
+    256,
+    "AES-256-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
+#endif /* MBEDTLS_CCM_C */
+
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+
+static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_camellia_crypt_ecb( (mbedtls_camellia_context *) ctx, operation, input,
+                               output );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
+        size_t length, unsigned char *iv,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_camellia_crypt_cbc( (mbedtls_camellia_context *) ctx, operation, length, iv,
+                               input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
+        size_t length, size_t *iv_off, unsigned char *iv,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_camellia_crypt_cfb128( (mbedtls_camellia_context *) ctx, operation, length,
+                                  iv_off, iv, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
+        unsigned char *nonce_counter, unsigned char *stream_block,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_camellia_crypt_ctr( (mbedtls_camellia_context *) ctx, length, nc_off,
+                               nonce_counter, stream_block, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key,
+                                     unsigned int key_bitlen )
+{
+    return mbedtls_camellia_setkey_dec( (mbedtls_camellia_context *) ctx, key, key_bitlen );
+}
+
+static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key,
+                                     unsigned int key_bitlen )
+{
+    return mbedtls_camellia_setkey_enc( (mbedtls_camellia_context *) ctx, key, key_bitlen );
+}
+
+static void * camellia_ctx_alloc( void )
+{
+    mbedtls_camellia_context *ctx;
+    ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    mbedtls_camellia_init( ctx );
+
+    return( ctx );
+}
+
+static void camellia_ctx_free( void *ctx )
+{
+    mbedtls_camellia_free( (mbedtls_camellia_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t camellia_info = {
+    MBEDTLS_CIPHER_ID_CAMELLIA,
+    camellia_crypt_ecb_wrap,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    camellia_crypt_cbc_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    camellia_crypt_cfb128_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    camellia_crypt_ctr_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    camellia_setkey_enc_wrap,
+    camellia_setkey_dec_wrap,
+    camellia_ctx_alloc,
+    camellia_ctx_free
+};
+
+static const mbedtls_cipher_info_t camellia_128_ecb_info = {
+    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
+    MBEDTLS_MODE_ECB,
+    128,
+    "CAMELLIA-128-ECB",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_ecb_info = {
+    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
+    MBEDTLS_MODE_ECB,
+    192,
+    "CAMELLIA-192-ECB",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_ecb_info = {
+    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
+    MBEDTLS_MODE_ECB,
+    256,
+    "CAMELLIA-256-ECB",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const mbedtls_cipher_info_t camellia_128_cbc_info = {
+    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
+    MBEDTLS_MODE_CBC,
+    128,
+    "CAMELLIA-128-CBC",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_cbc_info = {
+    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
+    MBEDTLS_MODE_CBC,
+    192,
+    "CAMELLIA-192-CBC",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_cbc_info = {
+    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
+    MBEDTLS_MODE_CBC,
+    256,
+    "CAMELLIA-256-CBC",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static const mbedtls_cipher_info_t camellia_128_cfb128_info = {
+    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
+    MBEDTLS_MODE_CFB,
+    128,
+    "CAMELLIA-128-CFB128",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_cfb128_info = {
+    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
+    MBEDTLS_MODE_CFB,
+    192,
+    "CAMELLIA-192-CFB128",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_cfb128_info = {
+    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
+    MBEDTLS_MODE_CFB,
+    256,
+    "CAMELLIA-256-CFB128",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static const mbedtls_cipher_info_t camellia_128_ctr_info = {
+    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
+    MBEDTLS_MODE_CTR,
+    128,
+    "CAMELLIA-128-CTR",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_ctr_info = {
+    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
+    MBEDTLS_MODE_CTR,
+    192,
+    "CAMELLIA-192-CTR",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_ctr_info = {
+    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
+    MBEDTLS_MODE_CTR,
+    256,
+    "CAMELLIA-256-CTR",
+    16,
+    0,
+    16,
+    &camellia_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_GCM_C)
+static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
+                                     unsigned int key_bitlen )
+{
+    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
+                     key, key_bitlen );
+}
+
+static const mbedtls_cipher_base_t gcm_camellia_info = {
+    MBEDTLS_CIPHER_ID_CAMELLIA,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    gcm_camellia_setkey_wrap,
+    gcm_camellia_setkey_wrap,
+    gcm_ctx_alloc,
+    gcm_ctx_free,
+};
+
+static const mbedtls_cipher_info_t camellia_128_gcm_info = {
+    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
+    MBEDTLS_MODE_GCM,
+    128,
+    "CAMELLIA-128-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_gcm_info = {
+    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
+    MBEDTLS_MODE_GCM,
+    192,
+    "CAMELLIA-192-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_gcm_info = {
+    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
+    MBEDTLS_MODE_GCM,
+    256,
+    "CAMELLIA-256-GCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &gcm_camellia_info
+};
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CCM_C)
+static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
+                                     unsigned int key_bitlen )
+{
+    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
+                     key, key_bitlen );
+}
+
+static const mbedtls_cipher_base_t ccm_camellia_info = {
+    MBEDTLS_CIPHER_ID_CAMELLIA,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    ccm_camellia_setkey_wrap,
+    ccm_camellia_setkey_wrap,
+    ccm_ctx_alloc,
+    ccm_ctx_free,
+};
+
+static const mbedtls_cipher_info_t camellia_128_ccm_info = {
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
+    MBEDTLS_MODE_CCM,
+    128,
+    "CAMELLIA-128-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_ccm_info = {
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
+    MBEDTLS_MODE_CCM,
+    192,
+    "CAMELLIA-192-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_ccm_info = {
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
+    MBEDTLS_MODE_CCM,
+    256,
+    "CAMELLIA-256-CCM",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
+#endif /* MBEDTLS_CCM_C */
+
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+
+static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
+        const unsigned char *input, unsigned char *output )
+{
+    ((void) operation);
+    return mbedtls_des_crypt_ecb( (mbedtls_des_context *) ctx, input, output );
+}
+
+static int des3_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
+        const unsigned char *input, unsigned char *output )
+{
+    ((void) operation);
+    return mbedtls_des3_crypt_ecb( (mbedtls_des3_context *) ctx, input, output );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
+        unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_des_crypt_cbc( (mbedtls_des_context *) ctx, operation, length, iv, input,
+                          output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static int des3_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
+        unsigned char *iv, const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_des3_crypt_cbc( (mbedtls_des3_context *) ctx, operation, length, iv, input,
+                           output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen )
+{
+    ((void) key_bitlen);
+
+    return mbedtls_des_setkey_dec( (mbedtls_des_context *) ctx, key );
+}
+
+static int des_setkey_enc_wrap( void *ctx, const unsigned char *key,
+                                unsigned int key_bitlen )
+{
+    ((void) key_bitlen);
+
+    return mbedtls_des_setkey_enc( (mbedtls_des_context *) ctx, key );
+}
+
+static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key,
+                                  unsigned int key_bitlen )
+{
+    ((void) key_bitlen);
+
+    return mbedtls_des3_set2key_dec( (mbedtls_des3_context *) ctx, key );
+}
+
+static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key,
+                                  unsigned int key_bitlen )
+{
+    ((void) key_bitlen);
+
+    return mbedtls_des3_set2key_enc( (mbedtls_des3_context *) ctx, key );
+}
+
+static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key,
+                                  unsigned int key_bitlen )
+{
+    ((void) key_bitlen);
+
+    return mbedtls_des3_set3key_dec( (mbedtls_des3_context *) ctx, key );
+}
+
+static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key,
+                                  unsigned int key_bitlen )
+{
+    ((void) key_bitlen);
+
+    return mbedtls_des3_set3key_enc( (mbedtls_des3_context *) ctx, key );
+}
+
+static void * des_ctx_alloc( void )
+{
+    mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) );
+
+    if( des == NULL )
+        return( NULL );
+
+    mbedtls_des_init( des );
+
+    return( des );
+}
+
+static void des_ctx_free( void *ctx )
+{
+    mbedtls_des_free( (mbedtls_des_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void * des3_ctx_alloc( void )
+{
+    mbedtls_des3_context *des3;
+    des3 = mbedtls_calloc( 1, sizeof( mbedtls_des3_context ) );
+
+    if( des3 == NULL )
+        return( NULL );
+
+    mbedtls_des3_init( des3 );
+
+    return( des3 );
+}
+
+static void des3_ctx_free( void *ctx )
+{
+    mbedtls_des3_free( (mbedtls_des3_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t des_info = {
+    MBEDTLS_CIPHER_ID_DES,
+    des_crypt_ecb_wrap,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    des_crypt_cbc_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    des_setkey_enc_wrap,
+    des_setkey_dec_wrap,
+    des_ctx_alloc,
+    des_ctx_free
+};
+
+static const mbedtls_cipher_info_t des_ecb_info = {
+    MBEDTLS_CIPHER_DES_ECB,
+    MBEDTLS_MODE_ECB,
+    MBEDTLS_KEY_LENGTH_DES,
+    "DES-ECB",
+    8,
+    0,
+    8,
+    &des_info
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const mbedtls_cipher_info_t des_cbc_info = {
+    MBEDTLS_CIPHER_DES_CBC,
+    MBEDTLS_MODE_CBC,
+    MBEDTLS_KEY_LENGTH_DES,
+    "DES-CBC",
+    8,
+    0,
+    8,
+    &des_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+static const mbedtls_cipher_base_t des_ede_info = {
+    MBEDTLS_CIPHER_ID_DES,
+    des3_crypt_ecb_wrap,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    des3_crypt_cbc_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    des3_set2key_enc_wrap,
+    des3_set2key_dec_wrap,
+    des3_ctx_alloc,
+    des3_ctx_free
+};
+
+static const mbedtls_cipher_info_t des_ede_ecb_info = {
+    MBEDTLS_CIPHER_DES_EDE_ECB,
+    MBEDTLS_MODE_ECB,
+    MBEDTLS_KEY_LENGTH_DES_EDE,
+    "DES-EDE-ECB",
+    8,
+    0,
+    8,
+    &des_ede_info
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const mbedtls_cipher_info_t des_ede_cbc_info = {
+    MBEDTLS_CIPHER_DES_EDE_CBC,
+    MBEDTLS_MODE_CBC,
+    MBEDTLS_KEY_LENGTH_DES_EDE,
+    "DES-EDE-CBC",
+    8,
+    0,
+    8,
+    &des_ede_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+static const mbedtls_cipher_base_t des_ede3_info = {
+    MBEDTLS_CIPHER_ID_3DES,
+    des3_crypt_ecb_wrap,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    des3_crypt_cbc_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    des3_set3key_enc_wrap,
+    des3_set3key_dec_wrap,
+    des3_ctx_alloc,
+    des3_ctx_free
+};
+
+static const mbedtls_cipher_info_t des_ede3_ecb_info = {
+    MBEDTLS_CIPHER_DES_EDE3_ECB,
+    MBEDTLS_MODE_ECB,
+    MBEDTLS_KEY_LENGTH_DES_EDE3,
+    "DES-EDE3-ECB",
+    8,
+    0,
+    8,
+    &des_ede3_info
+};
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const mbedtls_cipher_info_t des_ede3_cbc_info = {
+    MBEDTLS_CIPHER_DES_EDE3_CBC,
+    MBEDTLS_MODE_CBC,
+    MBEDTLS_KEY_LENGTH_DES_EDE3,
+    "DES-EDE3-CBC",
+    8,
+    0,
+    8,
+    &des_ede3_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_BLOWFISH_C)
+
+static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input,
+                               output );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
+        size_t length, unsigned char *iv, const unsigned char *input,
+        unsigned char *output )
+{
+    return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv,
+                               input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation,
+        size_t length, size_t *iv_off, unsigned char *iv,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length,
+                                 iv_off, iv, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
+        unsigned char *nonce_counter, unsigned char *stream_block,
+        const unsigned char *input, unsigned char *output )
+{
+    return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off,
+                               nonce_counter, stream_block, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+static int blowfish_setkey_wrap( void *ctx, const unsigned char *key,
+                                 unsigned int key_bitlen )
+{
+    return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen );
+}
+
+static void * blowfish_ctx_alloc( void )
+{
+    mbedtls_blowfish_context *ctx;
+    ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    mbedtls_blowfish_init( ctx );
+
+    return( ctx );
+}
+
+static void blowfish_ctx_free( void *ctx )
+{
+    mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t blowfish_info = {
+    MBEDTLS_CIPHER_ID_BLOWFISH,
+    blowfish_crypt_ecb_wrap,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    blowfish_crypt_cbc_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    blowfish_crypt_cfb64_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    blowfish_crypt_ctr_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    blowfish_setkey_wrap,
+    blowfish_setkey_wrap,
+    blowfish_ctx_alloc,
+    blowfish_ctx_free
+};
+
+static const mbedtls_cipher_info_t blowfish_ecb_info = {
+    MBEDTLS_CIPHER_BLOWFISH_ECB,
+    MBEDTLS_MODE_ECB,
+    128,
+    "BLOWFISH-ECB",
+    8,
+    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
+    8,
+    &blowfish_info
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const mbedtls_cipher_info_t blowfish_cbc_info = {
+    MBEDTLS_CIPHER_BLOWFISH_CBC,
+    MBEDTLS_MODE_CBC,
+    128,
+    "BLOWFISH-CBC",
+    8,
+    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
+    8,
+    &blowfish_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static const mbedtls_cipher_info_t blowfish_cfb64_info = {
+    MBEDTLS_CIPHER_BLOWFISH_CFB64,
+    MBEDTLS_MODE_CFB,
+    128,
+    "BLOWFISH-CFB64",
+    8,
+    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
+    8,
+    &blowfish_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static const mbedtls_cipher_info_t blowfish_ctr_info = {
+    MBEDTLS_CIPHER_BLOWFISH_CTR,
+    MBEDTLS_MODE_CTR,
+    128,
+    "BLOWFISH-CTR",
+    8,
+    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
+    8,
+    &blowfish_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+#endif /* MBEDTLS_BLOWFISH_C */
+
+#if defined(MBEDTLS_ARC4_C)
+static int arc4_crypt_stream_wrap( void *ctx, size_t length,
+                                   const unsigned char *input,
+                                   unsigned char *output )
+{
+    return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) );
+}
+
+static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
+                             unsigned int key_bitlen )
+{
+    /* we get key_bitlen in bits, arc4 expects it in bytes */
+    if( key_bitlen % 8 != 0 )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 );
+    return( 0 );
+}
+
+static void * arc4_ctx_alloc( void )
+{
+    mbedtls_arc4_context *ctx;
+    ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    mbedtls_arc4_init( ctx );
+
+    return( ctx );
+}
+
+static void arc4_ctx_free( void *ctx )
+{
+    mbedtls_arc4_free( (mbedtls_arc4_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t arc4_base_info = {
+    MBEDTLS_CIPHER_ID_ARC4,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    arc4_crypt_stream_wrap,
+#endif
+    arc4_setkey_wrap,
+    arc4_setkey_wrap,
+    arc4_ctx_alloc,
+    arc4_ctx_free
+};
+
+static const mbedtls_cipher_info_t arc4_128_info = {
+    MBEDTLS_CIPHER_ARC4_128,
+    MBEDTLS_MODE_STREAM,
+    128,
+    "ARC4-128",
+    0,
+    0,
+    1,
+    &arc4_base_info
+};
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+static int null_crypt_stream( void *ctx, size_t length,
+                              const unsigned char *input,
+                              unsigned char *output )
+{
+    ((void) ctx);
+    memmove( output, input, length );
+    return( 0 );
+}
+
+static int null_setkey( void *ctx, const unsigned char *key,
+                        unsigned int key_bitlen )
+{
+    ((void) ctx);
+    ((void) key);
+    ((void) key_bitlen);
+
+    return( 0 );
+}
+
+static void * null_ctx_alloc( void )
+{
+    return( (void *) 1 );
+}
+
+static void null_ctx_free( void *ctx )
+{
+    ((void) ctx);
+}
+
+static const mbedtls_cipher_base_t null_base_info = {
+    MBEDTLS_CIPHER_ID_NULL,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    null_crypt_stream,
+#endif
+    null_setkey,
+    null_setkey,
+    null_ctx_alloc,
+    null_ctx_free
+};
+
+static const mbedtls_cipher_info_t null_cipher_info = {
+    MBEDTLS_CIPHER_NULL,
+    MBEDTLS_MODE_STREAM,
+    0,
+    "NULL",
+    0,
+    0,
+    1,
+    &null_base_info
+};
+#endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
+
+const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
+{
+#if defined(MBEDTLS_AES_C)
+    { MBEDTLS_CIPHER_AES_128_ECB,          &aes_128_ecb_info },
+    { MBEDTLS_CIPHER_AES_192_ECB,          &aes_192_ecb_info },
+    { MBEDTLS_CIPHER_AES_256_ECB,          &aes_256_ecb_info },
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_CIPHER_AES_128_CBC,          &aes_128_cbc_info },
+    { MBEDTLS_CIPHER_AES_192_CBC,          &aes_192_cbc_info },
+    { MBEDTLS_CIPHER_AES_256_CBC,          &aes_256_cbc_info },
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    { MBEDTLS_CIPHER_AES_128_CFB128,       &aes_128_cfb128_info },
+    { MBEDTLS_CIPHER_AES_192_CFB128,       &aes_192_cfb128_info },
+    { MBEDTLS_CIPHER_AES_256_CFB128,       &aes_256_cfb128_info },
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    { MBEDTLS_CIPHER_AES_128_CTR,          &aes_128_ctr_info },
+    { MBEDTLS_CIPHER_AES_192_CTR,          &aes_192_ctr_info },
+    { MBEDTLS_CIPHER_AES_256_CTR,          &aes_256_ctr_info },
+#endif
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_CIPHER_AES_128_GCM,          &aes_128_gcm_info },
+    { MBEDTLS_CIPHER_AES_192_GCM,          &aes_192_gcm_info },
+    { MBEDTLS_CIPHER_AES_256_GCM,          &aes_256_gcm_info },
+#endif
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_CIPHER_AES_128_CCM,          &aes_128_ccm_info },
+    { MBEDTLS_CIPHER_AES_192_CCM,          &aes_192_ccm_info },
+    { MBEDTLS_CIPHER_AES_256_CCM,          &aes_256_ccm_info },
+#endif
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+    { MBEDTLS_CIPHER_ARC4_128,             &arc4_128_info },
+#endif
+
+#if defined(MBEDTLS_BLOWFISH_C)
+    { MBEDTLS_CIPHER_BLOWFISH_ECB,         &blowfish_ecb_info },
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_CIPHER_BLOWFISH_CBC,         &blowfish_cbc_info },
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    { MBEDTLS_CIPHER_BLOWFISH_CFB64,       &blowfish_cfb64_info },
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    { MBEDTLS_CIPHER_BLOWFISH_CTR,         &blowfish_ctr_info },
+#endif
+#endif /* MBEDTLS_BLOWFISH_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+    { MBEDTLS_CIPHER_CAMELLIA_128_ECB,     &camellia_128_ecb_info },
+    { MBEDTLS_CIPHER_CAMELLIA_192_ECB,     &camellia_192_ecb_info },
+    { MBEDTLS_CIPHER_CAMELLIA_256_ECB,     &camellia_256_ecb_info },
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_CIPHER_CAMELLIA_128_CBC,     &camellia_128_cbc_info },
+    { MBEDTLS_CIPHER_CAMELLIA_192_CBC,     &camellia_192_cbc_info },
+    { MBEDTLS_CIPHER_CAMELLIA_256_CBC,     &camellia_256_cbc_info },
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    { MBEDTLS_CIPHER_CAMELLIA_128_CFB128,  &camellia_128_cfb128_info },
+    { MBEDTLS_CIPHER_CAMELLIA_192_CFB128,  &camellia_192_cfb128_info },
+    { MBEDTLS_CIPHER_CAMELLIA_256_CFB128,  &camellia_256_cfb128_info },
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    { MBEDTLS_CIPHER_CAMELLIA_128_CTR,     &camellia_128_ctr_info },
+    { MBEDTLS_CIPHER_CAMELLIA_192_CTR,     &camellia_192_ctr_info },
+    { MBEDTLS_CIPHER_CAMELLIA_256_CTR,     &camellia_256_ctr_info },
+#endif
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_CIPHER_CAMELLIA_128_GCM,     &camellia_128_gcm_info },
+    { MBEDTLS_CIPHER_CAMELLIA_192_GCM,     &camellia_192_gcm_info },
+    { MBEDTLS_CIPHER_CAMELLIA_256_GCM,     &camellia_256_gcm_info },
+#endif
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_CIPHER_CAMELLIA_128_CCM,     &camellia_128_ccm_info },
+    { MBEDTLS_CIPHER_CAMELLIA_192_CCM,     &camellia_192_ccm_info },
+    { MBEDTLS_CIPHER_CAMELLIA_256_CCM,     &camellia_256_ccm_info },
+#endif
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+    { MBEDTLS_CIPHER_DES_ECB,              &des_ecb_info },
+    { MBEDTLS_CIPHER_DES_EDE_ECB,          &des_ede_ecb_info },
+    { MBEDTLS_CIPHER_DES_EDE3_ECB,         &des_ede3_ecb_info },
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_CIPHER_DES_CBC,              &des_cbc_info },
+    { MBEDTLS_CIPHER_DES_EDE_CBC,          &des_ede_cbc_info },
+    { MBEDTLS_CIPHER_DES_EDE3_CBC,         &des_ede3_cbc_info },
+#endif
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+    { MBEDTLS_CIPHER_NULL,                 &null_cipher_info },
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+
+    { MBEDTLS_CIPHER_NONE, NULL }
+};
+
+#define NUM_CIPHERS sizeof mbedtls_cipher_definitions / sizeof mbedtls_cipher_definitions[0]
+int mbedtls_cipher_supported[NUM_CIPHERS];
+
+#endif /* MBEDTLS_CIPHER_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ctr_drbg.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,593 @@
+/*
+ *  CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The NIST SP 800-90 DRBGs are described in the following publucation.
+ *
+ *  http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#endif
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * CTR_DRBG context initialization
+ */
+void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &ctx->mutex );
+#endif
+}
+
+/*
+ * Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
+ * tests to succeed (which require known length fixed entropy)
+ */
+int mbedtls_ctr_drbg_seed_entropy_len(
+                   mbedtls_ctr_drbg_context *ctx,
+                   int (*f_entropy)(void *, unsigned char *, size_t),
+                   void *p_entropy,
+                   const unsigned char *custom,
+                   size_t len,
+                   size_t entropy_len )
+{
+    int ret;
+    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
+
+    memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
+
+    mbedtls_aes_init( &ctx->aes_ctx );
+
+    ctx->f_entropy = f_entropy;
+    ctx->p_entropy = p_entropy;
+
+    ctx->entropy_len = entropy_len;
+    ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
+
+    /*
+     * Initialize with an empty key
+     */
+    mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS );
+
+    if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
+                   int (*f_entropy)(void *, unsigned char *, size_t),
+                   void *p_entropy,
+                   const unsigned char *custom,
+                   size_t len )
+{
+    return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, custom, len,
+                                       MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
+}
+
+void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_free( &ctx->mutex );
+#endif
+    mbedtls_aes_free( &ctx->aes_ctx );
+    mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
+}
+
+void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
+{
+    ctx->prediction_resistance = resistance;
+}
+
+void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, size_t len )
+{
+    ctx->entropy_len = len;
+}
+
+void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, int interval )
+{
+    ctx->reseed_interval = interval;
+}
+
+static int block_cipher_df( unsigned char *output,
+                            const unsigned char *data, size_t data_len )
+{
+    unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
+    unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
+    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
+    unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
+    unsigned char *p, *iv;
+    mbedtls_aes_context aes_ctx;
+
+    int i, j;
+    size_t buf_len, use_len;
+
+    if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+
+    memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
+    mbedtls_aes_init( &aes_ctx );
+
+    /*
+     * Construct IV (16 bytes) and S in buffer
+     * IV = Counter (in 32-bits) padded to 16 with zeroes
+     * S = Length input string (in 32-bits) || Length of output (in 32-bits) ||
+     *     data || 0x80
+     *     (Total is padded to a multiple of 16-bytes with zeroes)
+     */
+    p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
+    *p++ = ( data_len >> 24 ) & 0xff;
+    *p++ = ( data_len >> 16 ) & 0xff;
+    *p++ = ( data_len >> 8  ) & 0xff;
+    *p++ = ( data_len       ) & 0xff;
+    p += 3;
+    *p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
+    memcpy( p, data, data_len );
+    p[data_len] = 0x80;
+
+    buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
+
+    for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
+        key[i] = i;
+
+    mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS );
+
+    /*
+     * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
+     */
+    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
+    {
+        p = buf;
+        memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+        use_len = buf_len;
+
+        while( use_len > 0 )
+        {
+            for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ )
+                chain[i] ^= p[i];
+            p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
+            use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
+                       MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
+
+            mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain );
+        }
+
+        memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+
+        /*
+         * Update IV
+         */
+        buf[3]++;
+    }
+
+    /*
+     * Do final encryption with reduced data
+     */
+    mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS );
+    iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
+    p = output;
+
+    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
+    {
+        mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+        memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+        p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
+    }
+
+    mbedtls_aes_free( &aes_ctx );
+
+    return( 0 );
+}
+
+static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
+                              const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
+{
+    unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
+    unsigned char *p = tmp;
+    int i, j;
+
+    memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
+
+    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
+    {
+        /*
+         * Increase counter
+         */
+        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
+            if( ++ctx->counter[i - 1] != 0 )
+                break;
+
+        /*
+         * Crypt counter block
+         */
+        mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p );
+
+        p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
+    }
+
+    for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
+        tmp[i] ^= data[i];
+
+    /*
+     * Update key and counter
+     */
+    mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS );
+    memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
+
+    return( 0 );
+}
+
+void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+                      const unsigned char *additional, size_t add_len )
+{
+    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
+
+    if( add_len > 0 )
+    {
+        /* MAX_INPUT would be more logical here, but we have to match
+         * block_cipher_df()'s limits since we can't propagate errors */
+        if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+            add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
+
+        block_cipher_df( add_input, additional, add_len );
+        ctr_drbg_update_internal( ctx, add_input );
+    }
+}
+
+int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
+                     const unsigned char *additional, size_t len )
+{
+    unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
+    size_t seedlen = 0;
+
+    if( ctx->entropy_len + len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+
+    memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
+
+    /*
+     * Gather entropy_len bytes of entropy to seed state
+     */
+    if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
+                             ctx->entropy_len ) )
+    {
+        return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+    }
+
+    seedlen += ctx->entropy_len;
+
+    /*
+     * Add additional data
+     */
+    if( additional && len )
+    {
+        memcpy( seed + seedlen, additional, len );
+        seedlen += len;
+    }
+
+    /*
+     * Reduce to 384 bits
+     */
+    block_cipher_df( seed, seed, seedlen );
+
+    /*
+     * Update state
+     */
+    ctr_drbg_update_internal( ctx, seed );
+    ctx->reseed_counter = 1;
+
+    return( 0 );
+}
+
+int mbedtls_ctr_drbg_random_with_add( void *p_rng,
+                              unsigned char *output, size_t output_len,
+                              const unsigned char *additional, size_t add_len )
+{
+    int ret = 0;
+    mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
+    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
+    unsigned char *p = output;
+    unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE];
+    int i;
+    size_t use_len;
+
+    if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
+        return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
+
+    if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
+        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+
+    memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
+
+    if( ctx->reseed_counter > ctx->reseed_interval ||
+        ctx->prediction_resistance )
+    {
+        if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
+            return( ret );
+
+        add_len = 0;
+    }
+
+    if( add_len > 0 )
+    {
+        block_cipher_df( add_input, additional, add_len );
+        ctr_drbg_update_internal( ctx, add_input );
+    }
+
+    while( output_len > 0 )
+    {
+        /*
+         * Increase counter
+         */
+        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
+            if( ++ctx->counter[i - 1] != 0 )
+                break;
+
+        /*
+         * Crypt counter block
+         */
+        mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp );
+
+        use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE :
+                                                       output_len;
+        /*
+         * Copy random block to destination
+         */
+        memcpy( p, tmp, use_len );
+        p += use_len;
+        output_len -= use_len;
+    }
+
+    ctr_drbg_update_internal( ctx, add_input );
+
+    ctx->reseed_counter++;
+
+    return( 0 );
+}
+
+int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+    int ret;
+    mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
+{
+    int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+    FILE *f;
+    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
+
+    if( ( f = fopen( path, "wb" ) ) == NULL )
+        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
+
+    if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
+        goto exit;
+
+    if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT )
+    {
+        ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+        goto exit;
+    }
+
+    ret = 0;
+
+exit:
+    fclose( f );
+    return( ret );
+}
+
+int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
+{
+    FILE *f;
+    size_t n;
+    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
+
+    if( ( f = fopen( path, "rb" ) ) == NULL )
+        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
+
+    fseek( f, 0, SEEK_END );
+    n = (size_t) ftell( f );
+    fseek( f, 0, SEEK_SET );
+
+    if( n > MBEDTLS_CTR_DRBG_MAX_INPUT )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    }
+
+    if( fread( buf, 1, n, f ) != n )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
+    }
+
+    fclose( f );
+
+    mbedtls_ctr_drbg_update( ctx, buf, n );
+
+    return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
+}
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_SELF_TEST)
+
+static const unsigned char entropy_source_pr[96] =
+    { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
+      0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
+      0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
+      0x6e, 0xa6, 0x62, 0x52, 0x6d, 0x51, 0xb1, 0xcb,
+      0x58, 0x3b, 0xfa, 0xd5, 0x37, 0x5f, 0xfb, 0xc9,
+      0xff, 0x46, 0xd2, 0x19, 0xc7, 0x22, 0x3e, 0x95,
+      0x45, 0x9d, 0x82, 0xe1, 0xe7, 0x22, 0x9f, 0x63,
+      0x31, 0x69, 0xd2, 0x6b, 0x57, 0x47, 0x4f, 0xa3,
+      0x37, 0xc9, 0x98, 0x1c, 0x0b, 0xfb, 0x91, 0x31,
+      0x4d, 0x55, 0xb9, 0xe9, 0x1c, 0x5a, 0x5e, 0xe4,
+      0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
+      0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
+
+static const unsigned char entropy_source_nopr[64] =
+    { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
+      0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
+      0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
+      0x03, 0x21, 0x7c, 0x68, 0xd8, 0x03, 0x38, 0x20,
+      0xf9, 0xe6, 0x5e, 0x04, 0xd8, 0x56, 0xf3, 0xa9,
+      0xc4, 0x4a, 0x4c, 0xbd, 0xc1, 0xd0, 0x08, 0x46,
+      0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e,
+      0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
+
+static const unsigned char nonce_pers_pr[16] =
+    { 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2,
+      0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
+
+static const unsigned char nonce_pers_nopr[16] =
+    { 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
+      0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
+
+static const unsigned char result_pr[16] =
+    { 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
+      0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
+
+static const unsigned char result_nopr[16] =
+    { 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
+      0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
+
+static size_t test_offset;
+static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
+                                       size_t len )
+{
+    const unsigned char *p = data;
+    memcpy( buf, p + test_offset, len );
+    test_offset += len;
+    return( 0 );
+}
+
+#define CHK( c )    if( (c) != 0 )                          \
+                    {                                       \
+                        if( verbose != 0 )                  \
+                            mbedtls_printf( "failed\n" );  \
+                        return( 1 );                        \
+                    }
+
+/*
+ * Checkup routine
+ */
+int mbedtls_ctr_drbg_self_test( int verbose )
+{
+    mbedtls_ctr_drbg_context ctx;
+    unsigned char buf[16];
+
+    mbedtls_ctr_drbg_init( &ctx );
+
+    /*
+     * Based on a NIST CTR_DRBG test vector (PR = True)
+     */
+    if( verbose != 0 )
+        mbedtls_printf( "  CTR_DRBG (PR = TRUE) : " );
+
+    test_offset = 0;
+    CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
+                                (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
+    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
+    CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
+    CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
+    CHK( memcmp( buf, result_pr, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
+
+    mbedtls_ctr_drbg_free( &ctx );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    /*
+     * Based on a NIST CTR_DRBG test vector (PR = FALSE)
+     */
+    if( verbose != 0 )
+        mbedtls_printf( "  CTR_DRBG (PR = FALSE): " );
+
+    mbedtls_ctr_drbg_init( &ctx );
+
+    test_offset = 0;
+    CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
+                            (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
+    CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
+    CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
+    CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
+    CHK( memcmp( buf, result_nopr, 16 ) );
+
+    mbedtls_ctr_drbg_free( &ctx );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+            mbedtls_printf( "\n" );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_CTR_DRBG_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/debug.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,367 @@
+/*
+ *  Debugging routines
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_DEBUG_C)
+
+#include "mbedtls/debug.h"
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc      calloc
+#define mbedtls_free        free
+#define mbedtls_snprintf    snprintf
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+#define DEBUG_BUF_SIZE      512
+
+static int debug_threshold = 0;
+
+void mbedtls_debug_set_threshold( int threshold )
+{
+    debug_threshold = threshold;
+}
+
+/*
+ * All calls to f_dbg must be made via this function
+ */
+static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
+                                    const char *file, int line,
+                                    const char *str )
+{
+    /*
+     * If in a threaded environment, we need a thread identifier.
+     * Since there is no portable way to get one, use the address of the ssl
+     * context instead, as it shouldn't be shared between threads.
+     */
+#if defined(MBEDTLS_THREADING_C)
+    char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
+    mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", ssl, str );
+    ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
+#else
+    ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
+#endif
+}
+
+void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
+                              const char *file, int line,
+                              const char *format, ... )
+{
+    va_list argp;
+    char str[DEBUG_BUF_SIZE];
+    int ret;
+
+    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+        return;
+
+    va_start( argp, format );
+#if defined(_WIN32)
+#if defined(_TRUNCATE)
+    ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp );
+#else
+    ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
+    if( ret < 0 || (size_t) ret == DEBUG_BUF_SIZE )
+    {
+        str[DEBUG_BUF_SIZE-1] = '\0';
+        ret = -1;
+    }
+#endif
+#else
+    ret = vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
+#endif
+    va_end( argp );
+
+    if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
+    {
+        str[ret]     = '\n';
+        str[ret + 1] = '\0';
+    }
+
+    debug_send_line( ssl, level, file, line, str );
+}
+
+void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, int ret )
+{
+    char str[DEBUG_BUF_SIZE];
+
+    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+        return;
+
+    /*
+     * With non-blocking I/O and examples that just retry immediately,
+     * the logs would be quickly flooded with WANT_READ, so ignore that.
+     * Don't ignore WANT_WRITE however, since is is usually rare.
+     */
+    if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+        return;
+
+    mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
+              text, ret, -ret );
+
+    debug_send_line( ssl, level, file, line, str );
+}
+
+void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line, const char *text,
+                      const unsigned char *buf, size_t len )
+{
+    char str[DEBUG_BUF_SIZE];
+    char txt[17];
+    size_t i, idx = 0;
+
+    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+        return;
+
+    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
+              text, (unsigned int) len );
+
+    debug_send_line( ssl, level, file, line, str );
+
+    idx = 0;
+    memset( txt, 0, sizeof( txt ) );
+    for( i = 0; i < len; i++ )
+    {
+        if( i >= 4096 )
+            break;
+
+        if( i % 16 == 0 )
+        {
+            if( i > 0 )
+            {
+                mbedtls_snprintf( str + idx, sizeof( str ) - idx, "  %s\n", txt );
+                debug_send_line( ssl, level, file, line, str );
+
+                idx = 0;
+                memset( txt, 0, sizeof( txt ) );
+            }
+
+            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ",
+                             (unsigned int) i );
+
+        }
+
+        idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x",
+                         (unsigned int) buf[i] );
+        txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ;
+    }
+
+    if( len > 0 )
+    {
+        for( /* i = i */; i % 16 != 0; i++ )
+            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "   " );
+
+        mbedtls_snprintf( str + idx, sizeof( str ) - idx, "  %s\n", txt );
+        debug_send_line( ssl, level, file, line, str );
+    }
+}
+
+#if defined(MBEDTLS_ECP_C)
+void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_ecp_point *X )
+{
+    char str[DEBUG_BUF_SIZE];
+
+    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
+        return;
+
+    mbedtls_snprintf( str, sizeof( str ), "%s(X)", text );
+    mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X );
+
+    mbedtls_snprintf( str, sizeof( str ), "%s(Y)", text );
+    mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->Y );
+}
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_BIGNUM_C)
+void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_mpi *X )
+{
+    char str[DEBUG_BUF_SIZE];
+    int j, k, zeros = 1;
+    size_t i, n, idx = 0;
+
+    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold )
+        return;
+
+    for( n = X->n - 1; n > 0; n-- )
+        if( X->p[n] != 0 )
+            break;
+
+    for( j = ( sizeof(mbedtls_mpi_uint) << 3 ) - 1; j >= 0; j-- )
+        if( ( ( X->p[n] >> j ) & 1 ) != 0 )
+            break;
+
+    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
+              text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
+
+    debug_send_line( ssl, level, file, line, str );
+
+    idx = 0;
+    for( i = n + 1, j = 0; i > 0; i-- )
+    {
+        if( zeros && X->p[i - 1] == 0 )
+            continue;
+
+        for( k = sizeof( mbedtls_mpi_uint ) - 1; k >= 0; k-- )
+        {
+            if( zeros && ( ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ) == 0 )
+                continue;
+            else
+                zeros = 0;
+
+            if( j % 16 == 0 )
+            {
+                if( j > 0 )
+                {
+                    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
+                    debug_send_line( ssl, level, file, line, str );
+                    idx = 0;
+                }
+            }
+
+            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", (unsigned int)
+                             ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF );
+
+            j++;
+        }
+
+    }
+
+    if( zeros == 1 )
+        idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" );
+
+    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
+    debug_send_line( ssl, level, file, line, str );
+}
+#endif /* MBEDTLS_BIGNUM_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
+                            const char *file, int line,
+                            const char *text, const mbedtls_pk_context *pk )
+{
+    size_t i;
+    mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS];
+    char name[16];
+
+    memset( items, 0, sizeof( items ) );
+
+    if( mbedtls_pk_debug( pk, items ) != 0 )
+    {
+        debug_send_line( ssl, level, file, line,
+                          "invalid PK context\n" );
+        return;
+    }
+
+    for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
+    {
+        if( items[i].type == MBEDTLS_PK_DEBUG_NONE )
+            return;
+
+        mbedtls_snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
+        name[sizeof( name ) - 1] = '\0';
+
+        if( items[i].type == MBEDTLS_PK_DEBUG_MPI )
+            mbedtls_debug_print_mpi( ssl, level, file, line, name, items[i].value );
+        else
+#if defined(MBEDTLS_ECP_C)
+        if( items[i].type == MBEDTLS_PK_DEBUG_ECP )
+            mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value );
+        else
+#endif
+            debug_send_line( ssl, level, file, line,
+                              "should not happen\n" );
+    }
+}
+
+static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
+                                      const char *file, int line, const char *text )
+{
+    char str[DEBUG_BUF_SIZE];
+    const char *start, *cur;
+
+    start = text;
+    for( cur = text; *cur != '\0'; cur++ )
+    {
+        if( *cur == '\n' )
+        {
+            size_t len = cur - start + 1;
+            if( len > DEBUG_BUF_SIZE - 1 )
+                len = DEBUG_BUF_SIZE - 1;
+
+            memcpy( str, start, len );
+            str[len] = '\0';
+
+            debug_send_line( ssl, level, file, line, str );
+
+            start = cur + 1;
+        }
+    }
+}
+
+void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
+                      const char *file, int line,
+                      const char *text, const mbedtls_x509_crt *crt )
+{
+    char str[DEBUG_BUF_SIZE];
+    int i = 0;
+
+    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
+        return;
+
+    while( crt != NULL )
+    {
+        char buf[1024];
+
+        mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
+        debug_send_line( ssl, level, file, line, str );
+
+        mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
+        debug_print_line_by_line( ssl, level, file, line, buf );
+
+        debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
+
+        crt = crt->next;
+    }
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#endif /* MBEDTLS_DEBUG_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/des.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1061 @@
+/*
+ *  FIPS-46-3 compliant Triple-DES implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  DES, on which TDES is based, was originally designed by Horst Feistel
+ *  at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
+ *
+ *  http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_DES_C)
+
+#include "mbedtls/des.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_DES_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+}
+#endif
+
+/*
+ * Expanded DES S-boxes
+ */
+static const uint32_t SB1[64] =
+{
+    0x01010400, 0x00000000, 0x00010000, 0x01010404,
+    0x01010004, 0x00010404, 0x00000004, 0x00010000,
+    0x00000400, 0x01010400, 0x01010404, 0x00000400,
+    0x01000404, 0x01010004, 0x01000000, 0x00000004,
+    0x00000404, 0x01000400, 0x01000400, 0x00010400,
+    0x00010400, 0x01010000, 0x01010000, 0x01000404,
+    0x00010004, 0x01000004, 0x01000004, 0x00010004,
+    0x00000000, 0x00000404, 0x00010404, 0x01000000,
+    0x00010000, 0x01010404, 0x00000004, 0x01010000,
+    0x01010400, 0x01000000, 0x01000000, 0x00000400,
+    0x01010004, 0x00010000, 0x00010400, 0x01000004,
+    0x00000400, 0x00000004, 0x01000404, 0x00010404,
+    0x01010404, 0x00010004, 0x01010000, 0x01000404,
+    0x01000004, 0x00000404, 0x00010404, 0x01010400,
+    0x00000404, 0x01000400, 0x01000400, 0x00000000,
+    0x00010004, 0x00010400, 0x00000000, 0x01010004
+};
+
+static const uint32_t SB2[64] =
+{
+    0x80108020, 0x80008000, 0x00008000, 0x00108020,
+    0x00100000, 0x00000020, 0x80100020, 0x80008020,
+    0x80000020, 0x80108020, 0x80108000, 0x80000000,
+    0x80008000, 0x00100000, 0x00000020, 0x80100020,
+    0x00108000, 0x00100020, 0x80008020, 0x00000000,
+    0x80000000, 0x00008000, 0x00108020, 0x80100000,
+    0x00100020, 0x80000020, 0x00000000, 0x00108000,
+    0x00008020, 0x80108000, 0x80100000, 0x00008020,
+    0x00000000, 0x00108020, 0x80100020, 0x00100000,
+    0x80008020, 0x80100000, 0x80108000, 0x00008000,
+    0x80100000, 0x80008000, 0x00000020, 0x80108020,
+    0x00108020, 0x00000020, 0x00008000, 0x80000000,
+    0x00008020, 0x80108000, 0x00100000, 0x80000020,
+    0x00100020, 0x80008020, 0x80000020, 0x00100020,
+    0x00108000, 0x00000000, 0x80008000, 0x00008020,
+    0x80000000, 0x80100020, 0x80108020, 0x00108000
+};
+
+static const uint32_t SB3[64] =
+{
+    0x00000208, 0x08020200, 0x00000000, 0x08020008,
+    0x08000200, 0x00000000, 0x00020208, 0x08000200,
+    0x00020008, 0x08000008, 0x08000008, 0x00020000,
+    0x08020208, 0x00020008, 0x08020000, 0x00000208,
+    0x08000000, 0x00000008, 0x08020200, 0x00000200,
+    0x00020200, 0x08020000, 0x08020008, 0x00020208,
+    0x08000208, 0x00020200, 0x00020000, 0x08000208,
+    0x00000008, 0x08020208, 0x00000200, 0x08000000,
+    0x08020200, 0x08000000, 0x00020008, 0x00000208,
+    0x00020000, 0x08020200, 0x08000200, 0x00000000,
+    0x00000200, 0x00020008, 0x08020208, 0x08000200,
+    0x08000008, 0x00000200, 0x00000000, 0x08020008,
+    0x08000208, 0x00020000, 0x08000000, 0x08020208,
+    0x00000008, 0x00020208, 0x00020200, 0x08000008,
+    0x08020000, 0x08000208, 0x00000208, 0x08020000,
+    0x00020208, 0x00000008, 0x08020008, 0x00020200
+};
+
+static const uint32_t SB4[64] =
+{
+    0x00802001, 0x00002081, 0x00002081, 0x00000080,
+    0x00802080, 0x00800081, 0x00800001, 0x00002001,
+    0x00000000, 0x00802000, 0x00802000, 0x00802081,
+    0x00000081, 0x00000000, 0x00800080, 0x00800001,
+    0x00000001, 0x00002000, 0x00800000, 0x00802001,
+    0x00000080, 0x00800000, 0x00002001, 0x00002080,
+    0x00800081, 0x00000001, 0x00002080, 0x00800080,
+    0x00002000, 0x00802080, 0x00802081, 0x00000081,
+    0x00800080, 0x00800001, 0x00802000, 0x00802081,
+    0x00000081, 0x00000000, 0x00000000, 0x00802000,
+    0x00002080, 0x00800080, 0x00800081, 0x00000001,
+    0x00802001, 0x00002081, 0x00002081, 0x00000080,
+    0x00802081, 0x00000081, 0x00000001, 0x00002000,
+    0x00800001, 0x00002001, 0x00802080, 0x00800081,
+    0x00002001, 0x00002080, 0x00800000, 0x00802001,
+    0x00000080, 0x00800000, 0x00002000, 0x00802080
+};
+
+static const uint32_t SB5[64] =
+{
+    0x00000100, 0x02080100, 0x02080000, 0x42000100,
+    0x00080000, 0x00000100, 0x40000000, 0x02080000,
+    0x40080100, 0x00080000, 0x02000100, 0x40080100,
+    0x42000100, 0x42080000, 0x00080100, 0x40000000,
+    0x02000000, 0x40080000, 0x40080000, 0x00000000,
+    0x40000100, 0x42080100, 0x42080100, 0x02000100,
+    0x42080000, 0x40000100, 0x00000000, 0x42000000,
+    0x02080100, 0x02000000, 0x42000000, 0x00080100,
+    0x00080000, 0x42000100, 0x00000100, 0x02000000,
+    0x40000000, 0x02080000, 0x42000100, 0x40080100,
+    0x02000100, 0x40000000, 0x42080000, 0x02080100,
+    0x40080100, 0x00000100, 0x02000000, 0x42080000,
+    0x42080100, 0x00080100, 0x42000000, 0x42080100,
+    0x02080000, 0x00000000, 0x40080000, 0x42000000,
+    0x00080100, 0x02000100, 0x40000100, 0x00080000,
+    0x00000000, 0x40080000, 0x02080100, 0x40000100
+};
+
+static const uint32_t SB6[64] =
+{
+    0x20000010, 0x20400000, 0x00004000, 0x20404010,
+    0x20400000, 0x00000010, 0x20404010, 0x00400000,
+    0x20004000, 0x00404010, 0x00400000, 0x20000010,
+    0x00400010, 0x20004000, 0x20000000, 0x00004010,
+    0x00000000, 0x00400010, 0x20004010, 0x00004000,
+    0x00404000, 0x20004010, 0x00000010, 0x20400010,
+    0x20400010, 0x00000000, 0x00404010, 0x20404000,
+    0x00004010, 0x00404000, 0x20404000, 0x20000000,
+    0x20004000, 0x00000010, 0x20400010, 0x00404000,
+    0x20404010, 0x00400000, 0x00004010, 0x20000010,
+    0x00400000, 0x20004000, 0x20000000, 0x00004010,
+    0x20000010, 0x20404010, 0x00404000, 0x20400000,
+    0x00404010, 0x20404000, 0x00000000, 0x20400010,
+    0x00000010, 0x00004000, 0x20400000, 0x00404010,
+    0x00004000, 0x00400010, 0x20004010, 0x00000000,
+    0x20404000, 0x20000000, 0x00400010, 0x20004010
+};
+
+static const uint32_t SB7[64] =
+{
+    0x00200000, 0x04200002, 0x04000802, 0x00000000,
+    0x00000800, 0x04000802, 0x00200802, 0x04200800,
+    0x04200802, 0x00200000, 0x00000000, 0x04000002,
+    0x00000002, 0x04000000, 0x04200002, 0x00000802,
+    0x04000800, 0x00200802, 0x00200002, 0x04000800,
+    0x04000002, 0x04200000, 0x04200800, 0x00200002,
+    0x04200000, 0x00000800, 0x00000802, 0x04200802,
+    0x00200800, 0x00000002, 0x04000000, 0x00200800,
+    0x04000000, 0x00200800, 0x00200000, 0x04000802,
+    0x04000802, 0x04200002, 0x04200002, 0x00000002,
+    0x00200002, 0x04000000, 0x04000800, 0x00200000,
+    0x04200800, 0x00000802, 0x00200802, 0x04200800,
+    0x00000802, 0x04000002, 0x04200802, 0x04200000,
+    0x00200800, 0x00000000, 0x00000002, 0x04200802,
+    0x00000000, 0x00200802, 0x04200000, 0x00000800,
+    0x04000002, 0x04000800, 0x00000800, 0x00200002
+};
+
+static const uint32_t SB8[64] =
+{
+    0x10001040, 0x00001000, 0x00040000, 0x10041040,
+    0x10000000, 0x10001040, 0x00000040, 0x10000000,
+    0x00040040, 0x10040000, 0x10041040, 0x00041000,
+    0x10041000, 0x00041040, 0x00001000, 0x00000040,
+    0x10040000, 0x10000040, 0x10001000, 0x00001040,
+    0x00041000, 0x00040040, 0x10040040, 0x10041000,
+    0x00001040, 0x00000000, 0x00000000, 0x10040040,
+    0x10000040, 0x10001000, 0x00041040, 0x00040000,
+    0x00041040, 0x00040000, 0x10041000, 0x00001000,
+    0x00000040, 0x10040040, 0x00001000, 0x00041040,
+    0x10001000, 0x00000040, 0x10000040, 0x10040000,
+    0x10040040, 0x10000000, 0x00040000, 0x10001040,
+    0x00000000, 0x10041040, 0x00040040, 0x10000040,
+    0x10040000, 0x10001000, 0x10001040, 0x00000000,
+    0x10041040, 0x00041000, 0x00041000, 0x00001040,
+    0x00001040, 0x00040040, 0x10000000, 0x10041000
+};
+
+/*
+ * PC1: left and right halves bit-swap
+ */
+static const uint32_t LHs[16] =
+{
+    0x00000000, 0x00000001, 0x00000100, 0x00000101,
+    0x00010000, 0x00010001, 0x00010100, 0x00010101,
+    0x01000000, 0x01000001, 0x01000100, 0x01000101,
+    0x01010000, 0x01010001, 0x01010100, 0x01010101
+};
+
+static const uint32_t RHs[16] =
+{
+    0x00000000, 0x01000000, 0x00010000, 0x01010000,
+    0x00000100, 0x01000100, 0x00010100, 0x01010100,
+    0x00000001, 0x01000001, 0x00010001, 0x01010001,
+    0x00000101, 0x01000101, 0x00010101, 0x01010101,
+};
+
+/*
+ * Initial Permutation macro
+ */
+#define DES_IP(X,Y)                                             \
+{                                                               \
+    T = ((X >>  4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T <<  4);   \
+    T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16);   \
+    T = ((Y >>  2) ^ X) & 0x33333333; X ^= T; Y ^= (T <<  2);   \
+    T = ((Y >>  8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T <<  8);   \
+    Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF;                    \
+    T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T;                   \
+    X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF;                    \
+}
+
+/*
+ * Final Permutation macro
+ */
+#define DES_FP(X,Y)                                             \
+{                                                               \
+    X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF;                    \
+    T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T;                   \
+    Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF;                    \
+    T = ((Y >>  8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T <<  8);   \
+    T = ((Y >>  2) ^ X) & 0x33333333; X ^= T; Y ^= (T <<  2);   \
+    T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16);   \
+    T = ((X >>  4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T <<  4);   \
+}
+
+/*
+ * DES round macro
+ */
+#define DES_ROUND(X,Y)                          \
+{                                               \
+    T = *SK++ ^ X;                              \
+    Y ^= SB8[ (T      ) & 0x3F ] ^              \
+         SB6[ (T >>  8) & 0x3F ] ^              \
+         SB4[ (T >> 16) & 0x3F ] ^              \
+         SB2[ (T >> 24) & 0x3F ];               \
+                                                \
+    T = *SK++ ^ ((X << 28) | (X >> 4));         \
+    Y ^= SB7[ (T      ) & 0x3F ] ^              \
+         SB5[ (T >>  8) & 0x3F ] ^              \
+         SB3[ (T >> 16) & 0x3F ] ^              \
+         SB1[ (T >> 24) & 0x3F ];               \
+}
+
+#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
+
+void mbedtls_des_init( mbedtls_des_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_des_context ) );
+}
+
+void mbedtls_des_free( mbedtls_des_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) );
+}
+
+void mbedtls_des3_init( mbedtls_des3_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_des3_context ) );
+}
+
+void mbedtls_des3_free( mbedtls_des3_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) );
+}
+
+static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
+        11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
+        47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
+        82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
+        115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
+        143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
+        171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
+        199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
+        227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
+        254 };
+
+void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+{
+    int i;
+
+    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
+        key[i] = odd_parity_table[key[i] / 2];
+}
+
+/*
+ * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
+ */
+int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+{
+    int i;
+
+    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
+        if( key[i] != odd_parity_table[key[i] / 2] )
+            return( 1 );
+
+    return( 0 );
+}
+
+/*
+ * Table of weak and semi-weak keys
+ *
+ * Source: http://en.wikipedia.org/wiki/Weak_key
+ *
+ * Weak:
+ * Alternating ones + zeros (0x0101010101010101)
+ * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
+ * '0xE0E0E0E0F1F1F1F1'
+ * '0x1F1F1F1F0E0E0E0E'
+ *
+ * Semi-weak:
+ * 0x011F011F010E010E and 0x1F011F010E010E01
+ * 0x01E001E001F101F1 and 0xE001E001F101F101
+ * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
+ * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
+ * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
+ * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
+ *
+ */
+
+#define WEAK_KEY_COUNT 16
+
+static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
+{
+    { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
+    { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
+    { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
+    { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
+
+    { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
+    { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
+    { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
+    { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
+    { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
+    { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
+    { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
+    { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
+    { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
+    { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
+    { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
+    { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
+};
+
+int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+{
+    int i;
+
+    for( i = 0; i < WEAK_KEY_COUNT; i++ )
+        if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
+            return( 1 );
+
+    return( 0 );
+}
+
+#if !defined(MBEDTLS_DES_SETKEY_ALT)
+void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+{
+    int i;
+    uint32_t X, Y, T;
+
+    GET_UINT32_BE( X, key, 0 );
+    GET_UINT32_BE( Y, key, 4 );
+
+    /*
+     * Permuted Choice 1
+     */
+    T =  ((Y >>  4) ^ X) & 0x0F0F0F0F;  X ^= T; Y ^= (T <<  4);
+    T =  ((Y      ) ^ X) & 0x10101010;  X ^= T; Y ^= (T      );
+
+    X =   (LHs[ (X      ) & 0xF] << 3) | (LHs[ (X >>  8) & 0xF ] << 2)
+        | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ]     )
+        | (LHs[ (X >>  5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
+        | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
+
+    Y =   (RHs[ (Y >>  1) & 0xF] << 3) | (RHs[ (Y >>  9) & 0xF ] << 2)
+        | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ]     )
+        | (RHs[ (Y >>  4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
+        | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
+
+    X &= 0x0FFFFFFF;
+    Y &= 0x0FFFFFFF;
+
+    /*
+     * calculate subkeys
+     */
+    for( i = 0; i < 16; i++ )
+    {
+        if( i < 2 || i == 8 || i == 15 )
+        {
+            X = ((X <<  1) | (X >> 27)) & 0x0FFFFFFF;
+            Y = ((Y <<  1) | (Y >> 27)) & 0x0FFFFFFF;
+        }
+        else
+        {
+            X = ((X <<  2) | (X >> 26)) & 0x0FFFFFFF;
+            Y = ((Y <<  2) | (Y >> 26)) & 0x0FFFFFFF;
+        }
+
+        *SK++ =   ((X <<  4) & 0x24000000) | ((X << 28) & 0x10000000)
+                | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
+                | ((X <<  6) & 0x01000000) | ((X <<  9) & 0x00200000)
+                | ((X >>  1) & 0x00100000) | ((X << 10) & 0x00040000)
+                | ((X <<  2) & 0x00020000) | ((X >> 10) & 0x00010000)
+                | ((Y >> 13) & 0x00002000) | ((Y >>  4) & 0x00001000)
+                | ((Y <<  6) & 0x00000800) | ((Y >>  1) & 0x00000400)
+                | ((Y >> 14) & 0x00000200) | ((Y      ) & 0x00000100)
+                | ((Y >>  5) & 0x00000020) | ((Y >> 10) & 0x00000010)
+                | ((Y >>  3) & 0x00000008) | ((Y >> 18) & 0x00000004)
+                | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
+
+        *SK++ =   ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
+                | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
+                | ((X >>  2) & 0x02000000) | ((X <<  1) & 0x01000000)
+                | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
+                | ((X <<  3) & 0x00080000) | ((X >>  6) & 0x00040000)
+                | ((X << 15) & 0x00020000) | ((X >>  4) & 0x00010000)
+                | ((Y >>  2) & 0x00002000) | ((Y <<  8) & 0x00001000)
+                | ((Y >> 14) & 0x00000808) | ((Y >>  9) & 0x00000400)
+                | ((Y      ) & 0x00000200) | ((Y <<  7) & 0x00000100)
+                | ((Y >>  7) & 0x00000020) | ((Y >>  3) & 0x00000011)
+                | ((Y <<  2) & 0x00000004) | ((Y >> 21) & 0x00000002);
+    }
+}
+#endif /* !MBEDTLS_DES_SETKEY_ALT */
+
+/*
+ * DES key schedule (56-bit, encryption)
+ */
+int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+{
+    mbedtls_des_setkey( ctx->sk, key );
+
+    return( 0 );
+}
+
+/*
+ * DES key schedule (56-bit, decryption)
+ */
+int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
+{
+    int i;
+
+    mbedtls_des_setkey( ctx->sk, key );
+
+    for( i = 0; i < 16; i += 2 )
+    {
+        SWAP( ctx->sk[i    ], ctx->sk[30 - i] );
+        SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
+    }
+
+    return( 0 );
+}
+
+static void des3_set2key( uint32_t esk[96],
+                          uint32_t dsk[96],
+                          const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
+{
+    int i;
+
+    mbedtls_des_setkey( esk, key );
+    mbedtls_des_setkey( dsk + 32, key + 8 );
+
+    for( i = 0; i < 32; i += 2 )
+    {
+        dsk[i     ] = esk[30 - i];
+        dsk[i +  1] = esk[31 - i];
+
+        esk[i + 32] = dsk[62 - i];
+        esk[i + 33] = dsk[63 - i];
+
+        esk[i + 64] = esk[i    ];
+        esk[i + 65] = esk[i + 1];
+
+        dsk[i + 64] = dsk[i    ];
+        dsk[i + 65] = dsk[i + 1];
+    }
+}
+
+/*
+ * Triple-DES key schedule (112-bit, encryption)
+ */
+int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
+{
+    uint32_t sk[96];
+
+    des3_set2key( ctx->sk, sk, key );
+    mbedtls_zeroize( sk,  sizeof( sk ) );
+
+    return( 0 );
+}
+
+/*
+ * Triple-DES key schedule (112-bit, decryption)
+ */
+int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
+{
+    uint32_t sk[96];
+
+    des3_set2key( sk, ctx->sk, key );
+    mbedtls_zeroize( sk,  sizeof( sk ) );
+
+    return( 0 );
+}
+
+static void des3_set3key( uint32_t esk[96],
+                          uint32_t dsk[96],
+                          const unsigned char key[24] )
+{
+    int i;
+
+    mbedtls_des_setkey( esk, key );
+    mbedtls_des_setkey( dsk + 32, key +  8 );
+    mbedtls_des_setkey( esk + 64, key + 16 );
+
+    for( i = 0; i < 32; i += 2 )
+    {
+        dsk[i     ] = esk[94 - i];
+        dsk[i +  1] = esk[95 - i];
+
+        esk[i + 32] = dsk[62 - i];
+        esk[i + 33] = dsk[63 - i];
+
+        dsk[i + 64] = esk[30 - i];
+        dsk[i + 65] = esk[31 - i];
+    }
+}
+
+/*
+ * Triple-DES key schedule (168-bit, encryption)
+ */
+int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
+{
+    uint32_t sk[96];
+
+    des3_set3key( ctx->sk, sk, key );
+    mbedtls_zeroize( sk,  sizeof( sk ) );
+
+    return( 0 );
+}
+
+/*
+ * Triple-DES key schedule (168-bit, decryption)
+ */
+int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
+{
+    uint32_t sk[96];
+
+    des3_set3key( sk, ctx->sk, key );
+    mbedtls_zeroize( sk,  sizeof( sk ) );
+
+    return( 0 );
+}
+
+/*
+ * DES-ECB block encryption/decryption
+ */
+#if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
+int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
+                    const unsigned char input[8],
+                    unsigned char output[8] )
+{
+    int i;
+    uint32_t X, Y, T, *SK;
+
+    SK = ctx->sk;
+
+    GET_UINT32_BE( X, input, 0 );
+    GET_UINT32_BE( Y, input, 4 );
+
+    DES_IP( X, Y );
+
+    for( i = 0; i < 8; i++ )
+    {
+        DES_ROUND( Y, X );
+        DES_ROUND( X, Y );
+    }
+
+    DES_FP( Y, X );
+
+    PUT_UINT32_BE( Y, output, 0 );
+    PUT_UINT32_BE( X, output, 4 );
+
+    return( 0 );
+}
+#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/*
+ * DES-CBC buffer encryption/decryption
+ */
+int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[8],
+                    const unsigned char *input,
+                    unsigned char *output )
+{
+    int i;
+    unsigned char temp[8];
+
+    if( length % 8 )
+        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
+
+    if( mode == MBEDTLS_DES_ENCRYPT )
+    {
+        while( length > 0 )
+        {
+            for( i = 0; i < 8; i++ )
+                output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+            mbedtls_des_crypt_ecb( ctx, output, output );
+            memcpy( iv, output, 8 );
+
+            input  += 8;
+            output += 8;
+            length -= 8;
+        }
+    }
+    else /* MBEDTLS_DES_DECRYPT */
+    {
+        while( length > 0 )
+        {
+            memcpy( temp, input, 8 );
+            mbedtls_des_crypt_ecb( ctx, input, output );
+
+            for( i = 0; i < 8; i++ )
+                output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+            memcpy( iv, temp, 8 );
+
+            input  += 8;
+            output += 8;
+            length -= 8;
+        }
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/*
+ * 3DES-ECB block encryption/decryption
+ */
+#if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
+int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
+                     const unsigned char input[8],
+                     unsigned char output[8] )
+{
+    int i;
+    uint32_t X, Y, T, *SK;
+
+    SK = ctx->sk;
+
+    GET_UINT32_BE( X, input, 0 );
+    GET_UINT32_BE( Y, input, 4 );
+
+    DES_IP( X, Y );
+
+    for( i = 0; i < 8; i++ )
+    {
+        DES_ROUND( Y, X );
+        DES_ROUND( X, Y );
+    }
+
+    for( i = 0; i < 8; i++ )
+    {
+        DES_ROUND( X, Y );
+        DES_ROUND( Y, X );
+    }
+
+    for( i = 0; i < 8; i++ )
+    {
+        DES_ROUND( Y, X );
+        DES_ROUND( X, Y );
+    }
+
+    DES_FP( Y, X );
+
+    PUT_UINT32_BE( Y, output, 0 );
+    PUT_UINT32_BE( X, output, 4 );
+
+    return( 0 );
+}
+#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/*
+ * 3DES-CBC buffer encryption/decryption
+ */
+int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
+                     int mode,
+                     size_t length,
+                     unsigned char iv[8],
+                     const unsigned char *input,
+                     unsigned char *output )
+{
+    int i;
+    unsigned char temp[8];
+
+    if( length % 8 )
+        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
+
+    if( mode == MBEDTLS_DES_ENCRYPT )
+    {
+        while( length > 0 )
+        {
+            for( i = 0; i < 8; i++ )
+                output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+            mbedtls_des3_crypt_ecb( ctx, output, output );
+            memcpy( iv, output, 8 );
+
+            input  += 8;
+            output += 8;
+            length -= 8;
+        }
+    }
+    else /* MBEDTLS_DES_DECRYPT */
+    {
+        while( length > 0 )
+        {
+            memcpy( temp, input, 8 );
+            mbedtls_des3_crypt_ecb( ctx, input, output );
+
+            for( i = 0; i < 8; i++ )
+                output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+            memcpy( iv, temp, 8 );
+
+            input  += 8;
+            output += 8;
+            length -= 8;
+        }
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#endif /* !MBEDTLS_DES_ALT */
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * DES and 3DES test vectors from:
+ *
+ * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
+ */
+static const unsigned char des3_test_keys[24] =
+{
+    0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+    0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
+    0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
+};
+
+static const unsigned char des3_test_buf[8] =
+{
+    0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
+};
+
+static const unsigned char des3_test_ecb_dec[3][8] =
+{
+    { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
+    { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
+    { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
+};
+
+static const unsigned char des3_test_ecb_enc[3][8] =
+{
+    { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
+    { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
+    { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
+};
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const unsigned char des3_test_iv[8] =
+{
+    0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
+};
+
+static const unsigned char des3_test_cbc_dec[3][8] =
+{
+    { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
+    { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
+    { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
+};
+
+static const unsigned char des3_test_cbc_enc[3][8] =
+{
+    { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
+    { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
+    { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+/*
+ * Checkup routine
+ */
+int mbedtls_des_self_test( int verbose )
+{
+    int i, j, u, v, ret = 0;
+    mbedtls_des_context ctx;
+    mbedtls_des3_context ctx3;
+    unsigned char buf[8];
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    unsigned char prv[8];
+    unsigned char iv[8];
+#endif
+
+    mbedtls_des_init( &ctx );
+    mbedtls_des3_init( &ctx3 );
+    /*
+     * ECB mode
+     */
+    for( i = 0; i < 6; i++ )
+    {
+        u = i >> 1;
+        v = i  & 1;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  DES%c-ECB-%3d (%s): ",
+                             ( u == 0 ) ? ' ' : '3', 56 + u * 56,
+                             ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
+
+        memcpy( buf, des3_test_buf, 8 );
+
+        switch( i )
+        {
+        case 0:
+            mbedtls_des_setkey_dec( &ctx, des3_test_keys );
+            break;
+
+        case 1:
+            mbedtls_des_setkey_enc( &ctx, des3_test_keys );
+            break;
+
+        case 2:
+            mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
+            break;
+
+        case 3:
+            mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
+            break;
+
+        case 4:
+            mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
+            break;
+
+        case 5:
+            mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
+            break;
+
+        default:
+            return( 1 );
+        }
+
+        for( j = 0; j < 10000; j++ )
+        {
+            if( u == 0 )
+                mbedtls_des_crypt_ecb( &ctx, buf, buf );
+            else
+                mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
+        }
+
+        if( ( v == MBEDTLS_DES_DECRYPT &&
+                memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
+            ( v != MBEDTLS_DES_DECRYPT &&
+                memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto exit;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    /*
+     * CBC mode
+     */
+    for( i = 0; i < 6; i++ )
+    {
+        u = i >> 1;
+        v = i  & 1;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  DES%c-CBC-%3d (%s): ",
+                             ( u == 0 ) ? ' ' : '3', 56 + u * 56,
+                             ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
+
+        memcpy( iv,  des3_test_iv,  8 );
+        memcpy( prv, des3_test_iv,  8 );
+        memcpy( buf, des3_test_buf, 8 );
+
+        switch( i )
+        {
+        case 0:
+            mbedtls_des_setkey_dec( &ctx, des3_test_keys );
+            break;
+
+        case 1:
+            mbedtls_des_setkey_enc( &ctx, des3_test_keys );
+            break;
+
+        case 2:
+            mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
+            break;
+
+        case 3:
+            mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
+            break;
+
+        case 4:
+            mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
+            break;
+
+        case 5:
+            mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
+            break;
+
+        default:
+            return( 1 );
+        }
+
+        if( v == MBEDTLS_DES_DECRYPT )
+        {
+            for( j = 0; j < 10000; j++ )
+            {
+                if( u == 0 )
+                    mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+                else
+                    mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+            }
+        }
+        else
+        {
+            for( j = 0; j < 10000; j++ )
+            {
+                unsigned char tmp[8];
+
+                if( u == 0 )
+                    mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+                else
+                    mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+
+                memcpy( tmp, prv, 8 );
+                memcpy( prv, buf, 8 );
+                memcpy( buf, tmp, 8 );
+            }
+
+            memcpy( buf, prv, 8 );
+        }
+
+        if( ( v == MBEDTLS_DES_DECRYPT &&
+                memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
+            ( v != MBEDTLS_DES_DECRYPT &&
+                memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto exit;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+exit:
+    mbedtls_des_free( &ctx );
+    mbedtls_des3_free( &ctx3 );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_DES_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/dhm.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,624 @@
+/*
+ *  Diffie-Hellman-Merkle key exchange
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  Reference:
+ *
+ *  http://www.cacr.math.uwaterloo.ca/hac/ (chapter 12)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+
+#include "mbedtls/dhm.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+#include "mbedtls/pem.h"
+#endif
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+#include "mbedtls/asn1.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#include <stdio.h>
+#define mbedtls_printf     printf
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * helper to validate the mbedtls_mpi size and import it
+ */
+static int dhm_read_bignum( mbedtls_mpi *X,
+                            unsigned char **p,
+                            const unsigned char *end )
+{
+    int ret, n;
+
+    if( end - *p < 2 )
+        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+
+    n = ( (*p)[0] << 8 ) | (*p)[1];
+    (*p) += 2;
+
+    if( (int)( end - *p ) < n )
+        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
+        return( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED + ret );
+
+    (*p) += n;
+
+    return( 0 );
+}
+
+/*
+ * Verify sanity of parameter with regards to P
+ *
+ * Parameter should be: 2 <= public_param <= P - 2
+ *
+ * For more information on the attack, see:
+ *  http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
+ *  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
+ */
+static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
+{
+    mbedtls_mpi L, U;
+    int ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+
+    mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
+
+    if( mbedtls_mpi_cmp_mpi( param, &L ) >= 0 &&
+        mbedtls_mpi_cmp_mpi( param, &U ) <= 0 )
+    {
+        ret = 0;
+    }
+
+cleanup:
+    mbedtls_mpi_free( &L ); mbedtls_mpi_free( &U );
+    return( ret );
+}
+
+void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
+}
+
+/*
+ * Parse the ServerKeyExchange parameters
+ */
+int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
+                     unsigned char **p,
+                     const unsigned char *end )
+{
+    int ret;
+
+    if( ( ret = dhm_read_bignum( &ctx->P,  p, end ) ) != 0 ||
+        ( ret = dhm_read_bignum( &ctx->G,  p, end ) ) != 0 ||
+        ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
+        return( ret );
+
+    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
+        return( ret );
+
+    ctx->len = mbedtls_mpi_size( &ctx->P );
+
+    return( 0 );
+}
+
+/*
+ * Setup and write the ServerKeyExchange parameters
+ */
+int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng )
+{
+    int ret, count = 0;
+    size_t n1, n2, n3;
+    unsigned char *p;
+
+    if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
+        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+
+    /*
+     * Generate X as large as possible ( < P )
+     */
+    do
+    {
+        mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
+
+        while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
+
+        if( count++ > 10 )
+            return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
+    }
+    while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
+
+    /*
+     * Calculate GX = G^X mod P
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
+                          &ctx->P , &ctx->RP ) );
+
+    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
+        return( ret );
+
+    /*
+     * export P, G, GX
+     */
+#define DHM_MPI_EXPORT(X,n)                     \
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, p + 2, n ) ); \
+    *p++ = (unsigned char)( n >> 8 );           \
+    *p++ = (unsigned char)( n      ); p += n;
+
+    n1 = mbedtls_mpi_size( &ctx->P  );
+    n2 = mbedtls_mpi_size( &ctx->G  );
+    n3 = mbedtls_mpi_size( &ctx->GX );
+
+    p = output;
+    DHM_MPI_EXPORT( &ctx->P , n1 );
+    DHM_MPI_EXPORT( &ctx->G , n2 );
+    DHM_MPI_EXPORT( &ctx->GX, n3 );
+
+    *olen  = p - output;
+
+    ctx->len = n1;
+
+cleanup:
+
+    if( ret != 0 )
+        return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret );
+
+    return( 0 );
+}
+
+/*
+ * Import the peer's public value G^Y
+ */
+int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
+                     const unsigned char *input, size_t ilen )
+{
+    int ret;
+
+    if( ctx == NULL || ilen < 1 || ilen > ctx->len )
+        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
+        return( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED + ret );
+
+    return( 0 );
+}
+
+/*
+ * Create own private value X and export G^X
+ */
+int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
+                     unsigned char *output, size_t olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng )
+{
+    int ret, count = 0;
+
+    if( ctx == NULL || olen < 1 || olen > ctx->len )
+        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+
+    if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
+        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+
+    /*
+     * generate X and calculate GX = G^X mod P
+     */
+    do
+    {
+        mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
+
+        while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
+
+        if( count++ > 10 )
+            return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
+    }
+    while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
+                          &ctx->P , &ctx->RP ) );
+
+    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
+        return( ret );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
+
+cleanup:
+
+    if( ret != 0 )
+        return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret );
+
+    return( 0 );
+}
+
+/*
+ * Use the blinding method and optimisation suggested in section 10 of:
+ *  KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
+ *  DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
+ *  Berlin Heidelberg, 1996. p. 104-113.
+ */
+static int dhm_update_blinding( mbedtls_dhm_context *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret, count;
+
+    /*
+     * Don't use any blinding the first time a particular X is used,
+     * but remember it to use blinding next time.
+     */
+    if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) );
+
+        return( 0 );
+    }
+
+    /*
+     * Ok, we need blinding. Can we re-use existing values?
+     * If yes, just update them by squaring them.
+     */
+    if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
+
+        return( 0 );
+    }
+
+    /*
+     * We need to generate blinding values from scratch
+     */
+
+    /* Vi = random( 2, P-1 ) */
+    count = 0;
+    do
+    {
+        mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng );
+
+        while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) );
+
+        if( count++ > 10 )
+            return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
+    }
+    while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
+
+    /* Vf = Vi^-X mod P */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Derive and export the shared secret (G^Y)^X mod P
+ */
+int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
+                     unsigned char *output, size_t output_size, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng )
+{
+    int ret;
+    mbedtls_mpi GYb;
+
+    if( ctx == NULL || output_size < ctx->len )
+        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+
+    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
+        return( ret );
+
+    mbedtls_mpi_init( &GYb );
+
+    /* Blind peer's value */
+    if( f_rng != NULL )
+    {
+        MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
+    }
+    else
+        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) );
+
+    /* Do modular exponentiation */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
+                          &ctx->P, &ctx->RP ) );
+
+    /* Unblind secret value */
+    if( f_rng != NULL )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
+    }
+
+    *olen = mbedtls_mpi_size( &ctx->K );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
+
+cleanup:
+    mbedtls_mpi_free( &GYb );
+
+    if( ret != 0 )
+        return( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED + ret );
+
+    return( 0 );
+}
+
+/*
+ * Free the components of a DHM key
+ */
+void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
+{
+    mbedtls_mpi_free( &ctx->pX); mbedtls_mpi_free( &ctx->Vf ); mbedtls_mpi_free( &ctx->Vi );
+    mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->K ); mbedtls_mpi_free( &ctx->GY );
+    mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X ); mbedtls_mpi_free( &ctx->G );
+    mbedtls_mpi_free( &ctx->P );
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
+}
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+/*
+ * Parse DHM parameters
+ */
+int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
+                   size_t dhminlen )
+{
+    int ret;
+    size_t len;
+    unsigned char *p, *end;
+#if defined(MBEDTLS_PEM_PARSE_C)
+    mbedtls_pem_context pem;
+
+    mbedtls_pem_init( &pem );
+
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                               "-----BEGIN DH PARAMETERS-----",
+                               "-----END DH PARAMETERS-----",
+                               dhmin, NULL, 0, &dhminlen );
+
+    if( ret == 0 )
+    {
+        /*
+         * Was PEM encoded
+         */
+        dhminlen = pem.buflen;
+    }
+    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        goto exit;
+
+    p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
+#else
+    p = (unsigned char *) dhmin;
+#endif /* MBEDTLS_PEM_PARSE_C */
+    end = p + dhminlen;
+
+    /*
+     *  DHParams ::= SEQUENCE {
+     *      prime              INTEGER,  -- P
+     *      generator          INTEGER,  -- g
+     *      privateValueLength INTEGER OPTIONAL
+     *  }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
+        goto exit;
+    }
+
+    end = p + len;
+
+    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P  ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
+    {
+        ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
+        goto exit;
+    }
+
+    if( p != end )
+    {
+        /* This might be the optional privateValueLength.
+         * If so, we can cleanly discard it */
+        mbedtls_mpi rec;
+        mbedtls_mpi_init( &rec );
+        ret = mbedtls_asn1_get_mpi( &p, end, &rec );
+        mbedtls_mpi_free( &rec );
+        if ( ret != 0 )
+        {
+            ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
+            goto exit;
+        }
+        if ( p != end )
+        {
+            ret = MBEDTLS_ERR_DHM_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+            goto exit;
+        }
+    }
+
+    ret = 0;
+
+    dhm->len = mbedtls_mpi_size( &dhm->P );
+
+exit:
+#if defined(MBEDTLS_PEM_PARSE_C)
+    mbedtls_pem_free( &pem );
+#endif
+    if( ret != 0 )
+        mbedtls_dhm_free( dhm );
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_FS_IO)
+/*
+ * Load all data from a file into a given buffer.
+ *
+ * The file is expected to contain either PEM or DER encoded data.
+ * A terminating null byte is always appended. It is included in the announced
+ * length only if the data looks like it is PEM encoded.
+ */
+static int load_file( const char *path, unsigned char **buf, size_t *n )
+{
+    FILE *f;
+    long size;
+
+    if( ( f = fopen( path, "rb" ) ) == NULL )
+        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+
+    fseek( f, 0, SEEK_END );
+    if( ( size = ftell( f ) ) == -1 )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+    }
+    fseek( f, 0, SEEK_SET );
+
+    *n = (size_t) size;
+
+    if( *n + 1 == 0 ||
+        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
+    }
+
+    if( fread( *buf, 1, *n, f ) != *n )
+    {
+        fclose( f );
+        mbedtls_free( *buf );
+        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+    }
+
+    fclose( f );
+
+    (*buf)[*n] = '\0';
+
+    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
+        ++*n;
+
+    return( 0 );
+}
+
+/*
+ * Load and parse DHM parameters
+ */
+int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
+{
+    int ret;
+    size_t n;
+    unsigned char *buf;
+
+    if( ( ret = load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
+
+    ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
+
+    mbedtls_zeroize( buf, n );
+    mbedtls_free( buf );
+
+    return( ret );
+}
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+#if defined(MBEDTLS_SELF_TEST)
+
+static const char mbedtls_test_dhm_params[] =
+"-----BEGIN DH PARAMETERS-----\r\n"
+"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
+"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
+"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
+"-----END DH PARAMETERS-----\r\n";
+
+static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
+
+/*
+ * Checkup routine
+ */
+int mbedtls_dhm_self_test( int verbose )
+{
+    int ret;
+    mbedtls_dhm_context dhm;
+
+    mbedtls_dhm_init( &dhm );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  DHM parameter load: " );
+
+    if( ( ret = mbedtls_dhm_parse_dhm( &dhm,
+                    (const unsigned char *) mbedtls_test_dhm_params,
+                    mbedtls_test_dhm_params_len ) ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        ret = 1;
+        goto exit;
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n\n" );
+
+exit:
+    mbedtls_dhm_free( &dhm );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_DHM_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ecdh.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,264 @@
+/*
+ *  Elliptic curve Diffie-Hellman
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * References:
+ *
+ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * RFC 4492
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ECDH_C)
+
+#include "mbedtls/ecdh.h"
+
+#include <string.h>
+
+/*
+ * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair
+ */
+int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng )
+{
+    return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
+}
+
+/*
+ * Compute shared secret (SEC1 3.3.1)
+ */
+int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
+                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng )
+{
+    int ret;
+    mbedtls_ecp_point P;
+
+    mbedtls_ecp_point_init( &P );
+
+    /*
+     * Make sure Q is a valid pubkey before using it
+     */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, &P, d, Q, f_rng, p_rng ) );
+
+    if( mbedtls_ecp_is_zero( &P ) )
+    {
+        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) );
+
+cleanup:
+    mbedtls_ecp_point_free( &P );
+
+    return( ret );
+}
+
+/*
+ * Initialize context
+ */
+void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
+}
+
+/*
+ * Free context
+ */
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_ecp_group_free( &ctx->grp );
+    mbedtls_ecp_point_free( &ctx->Q   );
+    mbedtls_ecp_point_free( &ctx->Qp  );
+    mbedtls_ecp_point_free( &ctx->Vi  );
+    mbedtls_ecp_point_free( &ctx->Vf  );
+    mbedtls_mpi_free( &ctx->d  );
+    mbedtls_mpi_free( &ctx->z  );
+    mbedtls_mpi_free( &ctx->_d );
+}
+
+/*
+ * Setup and write the ServerKeyExhange parameters (RFC 4492)
+ *      struct {
+ *          ECParameters    curve_params;
+ *          ECPoint         public;
+ *      } ServerECDHParams;
+ */
+int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng )
+{
+    int ret;
+    size_t grp_len, pt_len;
+
+    if( ctx == NULL || ctx->grp.pbits == 0 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
+                != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
+                != 0 )
+        return( ret );
+
+    buf += grp_len;
+    blen -= grp_len;
+
+    if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
+                                     &pt_len, buf, blen ) ) != 0 )
+        return( ret );
+
+    *olen = grp_len + pt_len;
+    return( 0 );
+}
+
+/*
+ * Read the ServerKeyExhange parameters (RFC 4492)
+ *      struct {
+ *          ECParameters    curve_params;
+ *          ECPoint         public;
+ *      } ServerECDHParams;
+ */
+int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
+                      const unsigned char **buf, const unsigned char *end )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
+                != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+/*
+ * Get parameters from a keypair
+ */
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
+                     mbedtls_ecdh_side side )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
+        return( ret );
+
+    /* If it's not our key, just import the public part as Qp */
+    if( side == MBEDTLS_ECDH_THEIRS )
+        return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
+
+    /* Our key: import public (as Q) and private parts */
+    if( side != MBEDTLS_ECDH_OURS )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
+        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+/*
+ * Setup and export the client public value
+ */
+int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng )
+{
+    int ret;
+
+    if( ctx == NULL || ctx->grp.pbits == 0 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
+                != 0 )
+        return( ret );
+
+    return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
+                                olen, buf, blen );
+}
+
+/*
+ * Parse and import the client's public value
+ */
+int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
+                      const unsigned char *buf, size_t blen )
+{
+    int ret;
+    const unsigned char *p = buf;
+
+    if( ctx == NULL )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, blen ) ) != 0 )
+        return( ret );
+
+    if( (size_t)( p - buf ) != blen )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    return( 0 );
+}
+
+/*
+ * Derive and export the shared secret
+ */
+int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
+                      unsigned char *buf, size_t blen,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng )
+{
+    int ret;
+
+    if( ctx == NULL )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d,
+                                     f_rng, p_rng ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    if( mbedtls_mpi_size( &ctx->z ) > blen )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
+    return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
+}
+
+#endif /* MBEDTLS_ECDH_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ecdsa.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,448 @@
+/*
+ *  Elliptic curve DSA
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * References:
+ *
+ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/asn1write.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#include "mbedtls/hmac_drbg.h"
+#endif
+
+/*
+ * Derive a suitable integer for group grp from a buffer of length len
+ * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
+ */
+static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
+                       const unsigned char *buf, size_t blen )
+{
+    int ret;
+    size_t n_size = ( grp->nbits + 7 ) / 8;
+    size_t use_size = blen > n_size ? n_size : blen;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( x, buf, use_size ) );
+    if( use_size * 8 > grp->nbits )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( x, use_size * 8 - grp->nbits ) );
+
+    /* While at it, reduce modulo N */
+    if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( x, x, &grp->N ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
+ * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
+ */
+int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret, key_tries, sign_tries, blind_tries;
+    mbedtls_ecp_point R;
+    mbedtls_mpi k, e, t;
+
+    /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
+    if( grp->N.p == NULL )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    mbedtls_ecp_point_init( &R );
+    mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
+
+    sign_tries = 0;
+    do
+    {
+        /*
+         * Steps 1-3: generate a suitable ephemeral keypair
+         * and set r = xR mod n
+         */
+        key_tries = 0;
+        do
+        {
+            MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) );
+
+            if( key_tries++ > 10 )
+            {
+                ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
+                goto cleanup;
+            }
+        }
+        while( mbedtls_mpi_cmp_int( r, 0 ) == 0 );
+
+        /*
+         * Step 5: derive MPI from hashed message
+         */
+        MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
+
+        /*
+         * Generate a random value to blind inv_mod in next step,
+         * avoiding a potential timing leak.
+         */
+        blind_tries = 0;
+        do
+        {
+            size_t n_size = ( grp->nbits + 7 ) / 8;
+            MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &t, n_size, f_rng, p_rng ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &t, 8 * n_size - grp->nbits ) );
+
+            /* See mbedtls_ecp_gen_keypair() */
+            if( ++blind_tries > 30 )
+                return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+        }
+        while( mbedtls_mpi_cmp_int( &t, 1 ) < 0 ||
+               mbedtls_mpi_cmp_mpi( &t, &grp->N ) >= 0 );
+
+        /*
+         * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n
+         */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, r, d ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &k, &k, &t ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, &k, &grp->N ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+        if( sign_tries++ > 10 )
+        {
+            ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
+            goto cleanup;
+        }
+    }
+    while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
+
+cleanup:
+    mbedtls_ecp_point_free( &R );
+    mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t );
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+/*
+ * Deterministic signature wrapper
+ */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                    mbedtls_md_type_t md_alg )
+{
+    int ret;
+    mbedtls_hmac_drbg_context rng_ctx;
+    unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
+    size_t grp_len = ( grp->nbits + 7 ) / 8;
+    const mbedtls_md_info_t *md_info;
+    mbedtls_mpi h;
+
+    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    mbedtls_mpi_init( &h );
+    mbedtls_hmac_drbg_init( &rng_ctx );
+
+    /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
+    MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
+    mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
+
+    ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
+                      mbedtls_hmac_drbg_random, &rng_ctx );
+
+cleanup:
+    mbedtls_hmac_drbg_free( &rng_ctx );
+    mbedtls_mpi_free( &h );
+
+    return( ret );
+}
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+/*
+ * Verify ECDSA signature of hashed message (SEC1 4.1.4)
+ * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
+ */
+int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
+                  const unsigned char *buf, size_t blen,
+                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s)
+{
+    int ret;
+    mbedtls_mpi e, s_inv, u1, u2;
+    mbedtls_ecp_point R;
+
+    mbedtls_ecp_point_init( &R );
+    mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
+
+    /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
+    if( grp->N.p == NULL )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * Step 1: make sure r and s are in range 1..n-1
+     */
+    if( mbedtls_mpi_cmp_int( r, 1 ) < 0 || mbedtls_mpi_cmp_mpi( r, &grp->N ) >= 0 ||
+        mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
+    {
+        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+        goto cleanup;
+    }
+
+    /*
+     * Additional precaution: make sure Q is valid
+     */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) );
+
+    /*
+     * Step 3: derive MPI from hashed message
+     */
+    MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
+
+    /*
+     * Step 4: u1 = e / s mod n, u2 = r / s mod n
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u1, &e, &s_inv ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &u1, &u1, &grp->N ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u2, r, &s_inv ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &u2, &u2, &grp->N ) );
+
+    /*
+     * Step 5: R = u1 G + u2 Q
+     *
+     * Since we're not using any secret data, no need to pass a RNG to
+     * mbedtls_ecp_mul() for countermesures.
+     */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, &R, &u1, &grp->G, &u2, Q ) );
+
+    if( mbedtls_ecp_is_zero( &R ) )
+    {
+        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+        goto cleanup;
+    }
+
+    /*
+     * Step 6: convert xR to an integer (no-op)
+     * Step 7: reduce xR mod n (gives v)
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &R.X, &R.X, &grp->N ) );
+
+    /*
+     * Step 8: check if v (that is, R.X) is equal to r
+     */
+    if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
+    {
+        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+        goto cleanup;
+    }
+
+cleanup:
+    mbedtls_ecp_point_free( &R );
+    mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
+
+    return( ret );
+}
+
+/*
+ * Convert a signature (given by context) to ASN.1
+ */
+static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
+                                    unsigned char *sig, size_t *slen )
+{
+    int ret;
+    unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
+    unsigned char *p = buf + sizeof( buf );
+    size_t len = 0;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
+                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+    memcpy( sig, p, len );
+    *slen = len;
+
+    return( 0 );
+}
+
+/*
+ * Compute and write signature
+ */
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
+                           const unsigned char *hash, size_t hlen,
+                           unsigned char *sig, size_t *slen,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng )
+{
+    int ret;
+    mbedtls_mpi r, s;
+
+    mbedtls_mpi_init( &r );
+    mbedtls_mpi_init( &s );
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+    (void) f_rng;
+    (void) p_rng;
+
+    MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ctx->grp, &r, &s, &ctx->d,
+                             hash, hlen, md_alg ) );
+#else
+    (void) md_alg;
+
+    MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d,
+                         hash, hlen, f_rng, p_rng ) );
+#endif
+
+    MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) );
+
+cleanup:
+    mbedtls_mpi_free( &r );
+    mbedtls_mpi_free( &s );
+
+    return( ret );
+}
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED) && \
+    defined(MBEDTLS_ECDSA_DETERMINISTIC)
+int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
+                               const unsigned char *hash, size_t hlen,
+                               unsigned char *sig, size_t *slen,
+                               mbedtls_md_type_t md_alg )
+{
+    return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
+                                   NULL, NULL ) );
+}
+#endif
+
+/*
+ * Read and check signature
+ */
+int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
+                          const unsigned char *hash, size_t hlen,
+                          const unsigned char *sig, size_t slen )
+{
+    int ret;
+    unsigned char *p = (unsigned char *) sig;
+    const unsigned char *end = sig + slen;
+    size_t len;
+    mbedtls_mpi r, s;
+
+    mbedtls_mpi_init( &r );
+    mbedtls_mpi_init( &s );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    if( p + len != end )
+    {
+        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA +
+              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+        goto cleanup;
+    }
+
+    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &r ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
+    {
+        ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen,
+                              &ctx->Q, &r, &s ) ) != 0 )
+        goto cleanup;
+
+    if( p != end )
+        ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
+
+cleanup:
+    mbedtls_mpi_free( &r );
+    mbedtls_mpi_free( &s );
+
+    return( ret );
+}
+
+/*
+ * Generate key pair
+ */
+int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
+                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
+            mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
+}
+
+/*
+ * Set context from an mbedtls_ecp_keypair
+ */
+int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
+        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
+        ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
+    {
+        mbedtls_ecdsa_free( ctx );
+    }
+
+    return( ret );
+}
+
+/*
+ * Initialize context
+ */
+void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
+{
+    mbedtls_ecp_keypair_init( ctx );
+}
+
+/*
+ * Free context
+ */
+void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
+{
+    mbedtls_ecp_keypair_free( ctx );
+}
+
+#endif /* MBEDTLS_ECDSA_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ecjpake.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1103 @@
+/*
+ *  Elliptic curve J-PAKE
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * References in the code are to the Thread v1.0 Specification,
+ * available to members of the Thread Group http://threadgroup.org/
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ECJPAKE_C)
+
+#include "mbedtls/ecjpake.h"
+
+#include <string.h>
+
+/*
+ * Convert a mbedtls_ecjpake_role to identifier string
+ */
+static const char * const ecjpake_id[] = {
+    "client",
+    "server"
+};
+
+#define ID_MINE     ( ecjpake_id[ ctx->role ] )
+#define ID_PEER     ( ecjpake_id[ 1 - ctx->role ] )
+
+/*
+ * Initialize context
+ */
+void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    ctx->md_info = NULL;
+    mbedtls_ecp_group_init( &ctx->grp );
+    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
+
+    mbedtls_ecp_point_init( &ctx->Xm1 );
+    mbedtls_ecp_point_init( &ctx->Xm2 );
+    mbedtls_ecp_point_init( &ctx->Xp1 );
+    mbedtls_ecp_point_init( &ctx->Xp2 );
+    mbedtls_ecp_point_init( &ctx->Xp  );
+
+    mbedtls_mpi_init( &ctx->xm1 );
+    mbedtls_mpi_init( &ctx->xm2 );
+    mbedtls_mpi_init( &ctx->s   );
+}
+
+/*
+ * Free context
+ */
+void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    ctx->md_info = NULL;
+    mbedtls_ecp_group_free( &ctx->grp );
+
+    mbedtls_ecp_point_free( &ctx->Xm1 );
+    mbedtls_ecp_point_free( &ctx->Xm2 );
+    mbedtls_ecp_point_free( &ctx->Xp1 );
+    mbedtls_ecp_point_free( &ctx->Xp2 );
+    mbedtls_ecp_point_free( &ctx->Xp  );
+
+    mbedtls_mpi_free( &ctx->xm1 );
+    mbedtls_mpi_free( &ctx->xm2 );
+    mbedtls_mpi_free( &ctx->s   );
+}
+
+/*
+ * Setup context
+ */
+int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
+                           mbedtls_ecjpake_role role,
+                           mbedtls_md_type_t hash,
+                           mbedtls_ecp_group_id curve,
+                           const unsigned char *secret,
+                           size_t len )
+{
+    int ret;
+
+    ctx->role = role;
+
+    if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
+        return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+
+    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) );
+
+cleanup:
+    if( ret != 0 )
+        mbedtls_ecjpake_free( ctx );
+
+    return( ret );
+}
+
+/*
+ * Check if context is ready for use
+ */
+int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
+{
+    if( ctx->md_info == NULL ||
+        ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
+        ctx->s.p == NULL )
+    {
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Write a point plus its length to a buffer
+ */
+static int ecjpake_write_len_point( unsigned char **p,
+                                    const unsigned char *end,
+                                    const mbedtls_ecp_group *grp,
+                                    const int pf,
+                                    const mbedtls_ecp_point *P )
+{
+    int ret;
+    size_t len;
+
+    /* Need at least 4 for length plus 1 for point */
+    if( end < *p || end - *p < 5 )
+        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+    ret = mbedtls_ecp_point_write_binary( grp, P, pf,
+                                          &len, *p + 4, end - ( *p + 4 ) );
+    if( ret != 0 )
+        return( ret );
+
+    (*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF );
+    (*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF );
+    (*p)[2] = (unsigned char)( ( len >>  8 ) & 0xFF );
+    (*p)[3] = (unsigned char)( ( len       ) & 0xFF );
+
+    *p += 4 + len;
+
+    return( 0 );
+}
+
+/*
+ * Size of the temporary buffer for ecjpake_hash:
+ * 3 EC points plus their length, plus ID and its length (4 + 6 bytes)
+ */
+#define ECJPAKE_HASH_BUF_LEN    ( 3 * ( 4 + MBEDTLS_ECP_MAX_PT_LEN ) + 4 + 6 )
+
+/*
+ * Compute hash for ZKP (7.4.2.2.2.1)
+ */
+static int ecjpake_hash( const mbedtls_md_info_t *md_info,
+                         const mbedtls_ecp_group *grp,
+                         const int pf,
+                         const mbedtls_ecp_point *G,
+                         const mbedtls_ecp_point *V,
+                         const mbedtls_ecp_point *X,
+                         const char *id,
+                         mbedtls_mpi *h )
+{
+    int ret;
+    unsigned char buf[ECJPAKE_HASH_BUF_LEN];
+    unsigned char *p = buf;
+    const unsigned char *end = buf + sizeof( buf );
+    const size_t id_len = strlen( id );
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+
+    /* Write things to temporary buffer */
+    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, G ) );
+    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, V ) );
+    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, X ) );
+
+    if( end - p < 4 )
+        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+    *p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF );
+    *p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF );
+    *p++ = (unsigned char)( ( id_len >>  8 ) & 0xFF );
+    *p++ = (unsigned char)( ( id_len       ) & 0xFF );
+
+    if( end < p || (size_t)( end - p ) < id_len )
+        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+    memcpy( p, id, id_len );
+    p += id_len;
+
+    /* Compute hash */
+    mbedtls_md( md_info, buf, p - buf, hash );
+
+    /* Turn it into an integer mod n */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,
+                                        mbedtls_md_get_size( md_info ) ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( h, h, &grp->N ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3)
+ */
+static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
+                             const mbedtls_ecp_group *grp,
+                             const int pf,
+                             const mbedtls_ecp_point *G,
+                             const mbedtls_ecp_point *X,
+                             const char *id,
+                             const unsigned char **p,
+                             const unsigned char *end )
+{
+    int ret;
+    mbedtls_ecp_point V, VV;
+    mbedtls_mpi r, h;
+    size_t r_len;
+
+    mbedtls_ecp_point_init( &V );
+    mbedtls_ecp_point_init( &VV );
+    mbedtls_mpi_init( &r );
+    mbedtls_mpi_init( &h );
+
+    /*
+     * struct {
+     *     ECPoint V;
+     *     opaque r<1..2^8-1>;
+     * } ECSchnorrZKP;
+     */
+    if( end < *p )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, &V, p, end - *p ) );
+
+    if( end < *p || (size_t)( end - *p ) < 1 )
+    {
+        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    r_len = *(*p)++;
+
+    if( end < *p || (size_t)( end - *p ) < r_len )
+    {
+        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, *p, r_len ) );
+    *p += r_len;
+
+    /*
+     * Verification
+     */
+    MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp,
+                     &VV, &h, X, &r, G ) );
+
+    if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
+    {
+        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+        goto cleanup;
+    }
+
+cleanup:
+    mbedtls_ecp_point_free( &V );
+    mbedtls_ecp_point_free( &VV );
+    mbedtls_mpi_free( &r );
+    mbedtls_mpi_free( &h );
+
+    return( ret );
+}
+
+/*
+ * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2)
+ */
+static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
+                              const mbedtls_ecp_group *grp,
+                              const int pf, 
+                              const mbedtls_ecp_point *G,
+                              const mbedtls_mpi *x,
+                              const mbedtls_ecp_point *X,
+                              const char *id,
+                              unsigned char **p,
+                              const unsigned char *end,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng )
+{
+    int ret;
+    mbedtls_ecp_point V;
+    mbedtls_mpi v;
+    mbedtls_mpi h; /* later recycled to hold r */
+    size_t len;
+
+    if( end < *p )
+        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+    mbedtls_ecp_point_init( &V );
+    mbedtls_mpi_init( &v );
+    mbedtls_mpi_init( &h );
+
+    /* Compute signature */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp,
+                                                   G, &v, &V, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &h, &h, x ) ); /* x*h */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &h, &v, &h ) ); /* v - x*h */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &h, &h, &grp->N ) ); /* r */
+
+    /* Write it out */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, &V,
+                pf, &len, *p, end - *p ) );
+    *p += len;
+
+    len = mbedtls_mpi_size( &h ); /* actually r */
+    if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
+    {
+        ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+        goto cleanup;
+    }
+
+    *(*p)++ = (unsigned char)( len & 0xFF );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
+    *p += len;
+
+cleanup:
+    mbedtls_ecp_point_free( &V );
+    mbedtls_mpi_free( &v );
+    mbedtls_mpi_free( &h );
+
+    return( ret );
+}
+
+/*
+ * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof
+ * Output: verified public key X
+ */
+static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
+                             const mbedtls_ecp_group *grp,
+                             const int pf,
+                             const mbedtls_ecp_point *G,
+                             mbedtls_ecp_point *X,
+                             const char *id,
+                             const unsigned char **p,
+                             const unsigned char *end )
+{
+    int ret;
+
+    if( end < *p )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * struct {
+     *     ECPoint X;
+     *     ECSchnorrZKP zkp;
+     * } ECJPAKEKeyKP;
+     */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, X, p, end - *p ) );
+    if( mbedtls_ecp_is_zero( X ) )
+    {
+        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+        goto cleanup;
+    }
+
+    MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, grp, pf, G, X, id, p, end ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Generate an ECJPAKEKeyKP
+ * Output: the serialized structure, plus private/public key pair
+ */
+static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
+                              const mbedtls_ecp_group *grp,
+                              const int pf,
+                              const mbedtls_ecp_point *G,
+                              mbedtls_mpi *x,
+                              mbedtls_ecp_point *X,
+                              const char *id,
+                              unsigned char **p,
+                              const unsigned char *end,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng )
+{
+    int ret;
+    size_t len;
+
+    if( end < *p )
+        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+    /* Generate key (7.4.2.3.1) and write it out */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, G, x, X,
+                                                   f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, X,
+                pf, &len, *p, end - *p ) );
+    *p += len;
+
+    /* Generate and write proof */
+    MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, grp, pf, G, x, X, id,
+                                        p, end, f_rng, p_rng ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
+ * Ouputs: verified peer public keys Xa, Xb
+ */
+static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
+                              const mbedtls_ecp_group *grp,
+                              const int pf,
+                              const mbedtls_ecp_point *G,
+                              mbedtls_ecp_point *Xa,
+                              mbedtls_ecp_point *Xb,
+                              const char *id,
+                              const unsigned char *buf,
+                              size_t len )
+{
+    int ret;
+    const unsigned char *p = buf;
+    const unsigned char *end = buf + len;
+
+    /*
+     * struct {
+     *     ECJPAKEKeyKP ecjpake_key_kp_pair_list[2];
+     * } ECJPAKEKeyKPPairList;
+     */
+    MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xa, id, &p, end ) );
+    MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xb, id, &p, end ) );
+
+    if( p != end )
+        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Generate a ECJPAKEKeyKPPairList
+ * Outputs: the serialized structure, plus two private/public key pairs
+ */
+static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
+                               const mbedtls_ecp_group *grp,
+                               const int pf,
+                               const mbedtls_ecp_point *G,
+                               mbedtls_mpi *xm1,
+                               mbedtls_ecp_point *Xa,
+                               mbedtls_mpi *xm2,
+                               mbedtls_ecp_point *Xb,
+                               const char *id,
+                               unsigned char *buf,
+                               size_t len,
+                               size_t *olen,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng )
+{
+    int ret;
+    unsigned char *p = buf;
+    const unsigned char *end = buf + len;
+
+    MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm1, Xa, id,
+                &p, end, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm2, Xb, id,
+                &p, end, f_rng, p_rng ) );
+
+    *olen = p - buf;
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Read and process the first round message
+ */
+int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
+                                    const unsigned char *buf,
+                                    size_t len )
+{
+    return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
+                               &ctx->grp.G,
+                               &ctx->Xp1, &ctx->Xp2, ID_PEER,
+                               buf, len ) );
+}
+
+/*
+ * Generate and write the first round message
+ */
+int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng )
+{
+    return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
+                                &ctx->grp.G,
+                                &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
+                                ID_MINE, buf, len, olen, f_rng, p_rng ) );
+}
+
+/*
+ * Compute the sum of three points R = A + B + C
+ */
+static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                             const mbedtls_ecp_point *A,
+                             const mbedtls_ecp_point *B,
+                             const mbedtls_ecp_point *C )
+{
+    int ret;
+    mbedtls_mpi one;
+
+    mbedtls_mpi_init( &one );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, A, &one, B ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, R, &one, C ) );
+
+cleanup:
+    mbedtls_mpi_free( &one );
+
+    return( ret );
+}
+
+/*
+ * Read and process second round message (C: 7.4.2.5, S: 7.4.2.6)
+ */
+int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
+                                            const unsigned char *buf,
+                                            size_t len )
+{
+    int ret;
+    const unsigned char *p = buf;
+    const unsigned char *end = buf + len;
+    mbedtls_ecp_group grp;
+    mbedtls_ecp_point G;    /* C: GB, S: GA */
+
+    mbedtls_ecp_group_init( &grp );
+    mbedtls_ecp_point_init( &G );
+
+    /*
+     * Server: GA = X3  + X4  + X1      (7.4.2.6.1)
+     * Client: GB = X1  + X2  + X3      (7.4.2.5.1)
+     * Unified: G = Xm1 + Xm2 + Xp1
+     * We need that before parsing in order to check Xp as we read it
+     */
+    MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
+                                       &ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) );
+
+    /*
+     * struct {
+     *     ECParameters curve_params;   // only client reading server msg
+     *     ECJPAKEKeyKP ecjpake_key_kp;
+     * } Client/ServerECJPAKEParams;
+     */
+    if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_group( &grp, &p, len ) );
+        if( grp.id != ctx->grp.id )
+        {
+            ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+            goto cleanup;
+        }
+    }
+
+    MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_info, &ctx->grp,
+                            ctx->point_format,
+                            &G, &ctx->Xp, ID_PEER, &p, end ) );
+
+    if( p != end )
+    {
+        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+cleanup:
+    mbedtls_ecp_group_free( &grp );
+    mbedtls_ecp_point_free( &G );
+
+    return( ret );
+}
+
+/*
+ * Compute R = +/- X * S mod N, taking care not to leak S
+ */
+static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
+                               const mbedtls_mpi *X,
+                               const mbedtls_mpi *S,
+                               const mbedtls_mpi *N,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng )
+{
+    int ret;
+    mbedtls_mpi b; /* Blinding value, then s + N * blinding */
+
+    mbedtls_mpi_init( &b );
+
+    /* b = s + rnd-128-bit * N */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &b, 16, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &b, &b, N ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &b, &b, S ) );
+
+    /* R = sign * X * b mod N */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( R, X, &b ) );
+    R->s *= sign;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( R, R, N ) );
+
+cleanup:
+    mbedtls_mpi_free( &b );
+
+    return( ret );
+}
+
+/*
+ * Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6)
+ */
+int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng )
+{
+    int ret;
+    mbedtls_ecp_point G;    /* C: GA, S: GB */
+    mbedtls_ecp_point Xm;   /* C: Xc, S: Xs */
+    mbedtls_mpi xm;         /* C: xc, S: xs */
+    unsigned char *p = buf;
+    const unsigned char *end = buf + len;
+    size_t ec_len;
+
+    mbedtls_ecp_point_init( &G );
+    mbedtls_ecp_point_init( &Xm );
+    mbedtls_mpi_init( &xm );
+
+    /*
+     * First generate private/public key pair (S: 7.4.2.5.1, C: 7.4.2.6.1)
+     *
+     * Client:  GA = X1  + X3  + X4  | xs = x2  * s | Xc = xc * GA
+     * Server:  GB = X3  + X1  + X2  | xs = x4  * s | Xs = xs * GB
+     * Unified: G  = Xm1 + Xp1 + Xp2 | xm = xm2 * s | Xm = xm * G
+     */
+    MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
+                                       &ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) );
+    MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s,
+                                         &ctx->grp.N, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) );
+
+    /*
+     * Now write things out
+     *
+     * struct {
+     *     ECParameters curve_params;   // only server writing its message
+     *     ECJPAKEKeyKP ecjpake_key_kp;
+     * } Client/ServerECJPAKEParams;
+     */
+    if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
+    {
+        if( end < p )
+        {
+            ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+            goto cleanup;
+        }
+        MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len,
+                                                      p, end - p ) );
+        p += ec_len;
+    }
+
+    if( end < p )
+    {
+        ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+        goto cleanup;
+    }
+    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm,
+                     ctx->point_format, &ec_len, p, end - p ) );
+    p += ec_len;
+
+    MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_info, &ctx->grp,
+                                        ctx->point_format,
+                                        &G, &xm, &Xm, ID_MINE,
+                                        &p, end, f_rng, p_rng ) );
+
+    *olen = p - buf;
+
+cleanup:
+    mbedtls_ecp_point_free( &G );
+    mbedtls_ecp_point_free( &Xm );
+    mbedtls_mpi_free( &xm );
+
+    return( ret );
+}
+
+/*
+ * Derive PMS (7.4.2.7 / 7.4.2.8)
+ */
+int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
+                            unsigned char *buf, size_t len, size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng )
+{
+    int ret;
+    mbedtls_ecp_point K;
+    mbedtls_mpi m_xm2_s, one;
+    unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
+    size_t x_bytes;
+
+    *olen = mbedtls_md_get_size( ctx->md_info );
+    if( len < *olen )
+        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+    mbedtls_ecp_point_init( &K );
+    mbedtls_mpi_init( &m_xm2_s );
+    mbedtls_mpi_init( &one );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
+
+    /*
+     * Client:  K = ( Xs - X4  * x2  * s ) * x2
+     * Server:  K = ( Xc - X2  * x4  * s ) * x4
+     * Unified: K = ( Xp - Xp2 * xm2 * s ) * xm2
+     */
+    MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s,
+                                         &ctx->grp.N, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K,
+                                         &one, &ctx->Xp,
+                                         &m_xm2_s, &ctx->Xp2 ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K,
+                                      f_rng, p_rng ) );
+
+    /* PMS = SHA-256( K.X ) */
+    x_bytes = ( ctx->grp.pbits + 7 ) / 8;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) );
+    MBEDTLS_MPI_CHK( mbedtls_md( ctx->md_info, kx, x_bytes, buf ) );
+
+cleanup:
+    mbedtls_ecp_point_free( &K );
+    mbedtls_mpi_free( &m_xm2_s );
+    mbedtls_mpi_free( &one );
+
+    return( ret );
+}
+
+#undef ID_MINE
+#undef ID_PEER
+
+
+#if defined(MBEDTLS_SELF_TEST)
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf     printf
+#endif
+
+#if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
+    !defined(MBEDTLS_SHA256_C)
+int mbedtls_ecjpake_self_test( int verbose )
+{
+    (void) verbose;
+    return( 0 );
+}
+#else
+
+static const unsigned char ecjpake_test_password[] = {
+    0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x6a, 0x70, 0x61, 0x6b, 0x65, 0x74,
+    0x65, 0x73, 0x74
+};
+
+static const unsigned char ecjpake_test_x1[] = {
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+    0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+    0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x21
+};
+
+static const unsigned char ecjpake_test_x2[] = {
+    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+    0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x81
+};
+
+static const unsigned char ecjpake_test_x3[] = {
+    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+    0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x81
+};
+
+static const unsigned char ecjpake_test_x4[] = {
+    0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc,
+    0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8,
+    0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe1
+};
+
+static const unsigned char ecjpake_test_cli_one[] = {
+    0x41, 0x04, 0xac, 0xcf, 0x01, 0x06, 0xef, 0x85, 0x8f, 0xa2, 0xd9, 0x19,
+    0x33, 0x13, 0x46, 0x80, 0x5a, 0x78, 0xb5, 0x8b, 0xba, 0xd0, 0xb8, 0x44,
+    0xe5, 0xc7, 0x89, 0x28, 0x79, 0x14, 0x61, 0x87, 0xdd, 0x26, 0x66, 0xad,
+    0xa7, 0x81, 0xbb, 0x7f, 0x11, 0x13, 0x72, 0x25, 0x1a, 0x89, 0x10, 0x62,
+    0x1f, 0x63, 0x4d, 0xf1, 0x28, 0xac, 0x48, 0xe3, 0x81, 0xfd, 0x6e, 0xf9,
+    0x06, 0x07, 0x31, 0xf6, 0x94, 0xa4, 0x41, 0x04, 0x1d, 0xd0, 0xbd, 0x5d,
+    0x45, 0x66, 0xc9, 0xbe, 0xd9, 0xce, 0x7d, 0xe7, 0x01, 0xb5, 0xe8, 0x2e,
+    0x08, 0xe8, 0x4b, 0x73, 0x04, 0x66, 0x01, 0x8a, 0xb9, 0x03, 0xc7, 0x9e,
+    0xb9, 0x82, 0x17, 0x22, 0x36, 0xc0, 0xc1, 0x72, 0x8a, 0xe4, 0xbf, 0x73,
+    0x61, 0x0d, 0x34, 0xde, 0x44, 0x24, 0x6e, 0xf3, 0xd9, 0xc0, 0x5a, 0x22,
+    0x36, 0xfb, 0x66, 0xa6, 0x58, 0x3d, 0x74, 0x49, 0x30, 0x8b, 0xab, 0xce,
+    0x20, 0x72, 0xfe, 0x16, 0x66, 0x29, 0x92, 0xe9, 0x23, 0x5c, 0x25, 0x00,
+    0x2f, 0x11, 0xb1, 0x50, 0x87, 0xb8, 0x27, 0x38, 0xe0, 0x3c, 0x94, 0x5b,
+    0xf7, 0xa2, 0x99, 0x5d, 0xda, 0x1e, 0x98, 0x34, 0x58, 0x41, 0x04, 0x7e,
+    0xa6, 0xe3, 0xa4, 0x48, 0x70, 0x37, 0xa9, 0xe0, 0xdb, 0xd7, 0x92, 0x62,
+    0xb2, 0xcc, 0x27, 0x3e, 0x77, 0x99, 0x30, 0xfc, 0x18, 0x40, 0x9a, 0xc5,
+    0x36, 0x1c, 0x5f, 0xe6, 0x69, 0xd7, 0x02, 0xe1, 0x47, 0x79, 0x0a, 0xeb,
+    0x4c, 0xe7, 0xfd, 0x65, 0x75, 0xab, 0x0f, 0x6c, 0x7f, 0xd1, 0xc3, 0x35,
+    0x93, 0x9a, 0xa8, 0x63, 0xba, 0x37, 0xec, 0x91, 0xb7, 0xe3, 0x2b, 0xb0,
+    0x13, 0xbb, 0x2b, 0x41, 0x04, 0xa4, 0x95, 0x58, 0xd3, 0x2e, 0xd1, 0xeb,
+    0xfc, 0x18, 0x16, 0xaf, 0x4f, 0xf0, 0x9b, 0x55, 0xfc, 0xb4, 0xca, 0x47,
+    0xb2, 0xa0, 0x2d, 0x1e, 0x7c, 0xaf, 0x11, 0x79, 0xea, 0x3f, 0xe1, 0x39,
+    0x5b, 0x22, 0xb8, 0x61, 0x96, 0x40, 0x16, 0xfa, 0xba, 0xf7, 0x2c, 0x97,
+    0x56, 0x95, 0xd9, 0x3d, 0x4d, 0xf0, 0xe5, 0x19, 0x7f, 0xe9, 0xf0, 0x40,
+    0x63, 0x4e, 0xd5, 0x97, 0x64, 0x93, 0x77, 0x87, 0xbe, 0x20, 0xbc, 0x4d,
+    0xee, 0xbb, 0xf9, 0xb8, 0xd6, 0x0a, 0x33, 0x5f, 0x04, 0x6c, 0xa3, 0xaa,
+    0x94, 0x1e, 0x45, 0x86, 0x4c, 0x7c, 0xad, 0xef, 0x9c, 0xf7, 0x5b, 0x3d,
+    0x8b, 0x01, 0x0e, 0x44, 0x3e, 0xf0
+};
+
+static const unsigned char ecjpake_test_srv_one[] = {
+    0x41, 0x04, 0x7e, 0xa6, 0xe3, 0xa4, 0x48, 0x70, 0x37, 0xa9, 0xe0, 0xdb,
+    0xd7, 0x92, 0x62, 0xb2, 0xcc, 0x27, 0x3e, 0x77, 0x99, 0x30, 0xfc, 0x18,
+    0x40, 0x9a, 0xc5, 0x36, 0x1c, 0x5f, 0xe6, 0x69, 0xd7, 0x02, 0xe1, 0x47,
+    0x79, 0x0a, 0xeb, 0x4c, 0xe7, 0xfd, 0x65, 0x75, 0xab, 0x0f, 0x6c, 0x7f,
+    0xd1, 0xc3, 0x35, 0x93, 0x9a, 0xa8, 0x63, 0xba, 0x37, 0xec, 0x91, 0xb7,
+    0xe3, 0x2b, 0xb0, 0x13, 0xbb, 0x2b, 0x41, 0x04, 0x09, 0xf8, 0x5b, 0x3d,
+    0x20, 0xeb, 0xd7, 0x88, 0x5c, 0xe4, 0x64, 0xc0, 0x8d, 0x05, 0x6d, 0x64,
+    0x28, 0xfe, 0x4d, 0xd9, 0x28, 0x7a, 0xa3, 0x65, 0xf1, 0x31, 0xf4, 0x36,
+    0x0f, 0xf3, 0x86, 0xd8, 0x46, 0x89, 0x8b, 0xc4, 0xb4, 0x15, 0x83, 0xc2,
+    0xa5, 0x19, 0x7f, 0x65, 0xd7, 0x87, 0x42, 0x74, 0x6c, 0x12, 0xa5, 0xec,
+    0x0a, 0x4f, 0xfe, 0x2f, 0x27, 0x0a, 0x75, 0x0a, 0x1d, 0x8f, 0xb5, 0x16,
+    0x20, 0x93, 0x4d, 0x74, 0xeb, 0x43, 0xe5, 0x4d, 0xf4, 0x24, 0xfd, 0x96,
+    0x30, 0x6c, 0x01, 0x17, 0xbf, 0x13, 0x1a, 0xfa, 0xbf, 0x90, 0xa9, 0xd3,
+    0x3d, 0x11, 0x98, 0xd9, 0x05, 0x19, 0x37, 0x35, 0x14, 0x41, 0x04, 0x19,
+    0x0a, 0x07, 0x70, 0x0f, 0xfa, 0x4b, 0xe6, 0xae, 0x1d, 0x79, 0xee, 0x0f,
+    0x06, 0xae, 0xb5, 0x44, 0xcd, 0x5a, 0xdd, 0xaa, 0xbe, 0xdf, 0x70, 0xf8,
+    0x62, 0x33, 0x21, 0x33, 0x2c, 0x54, 0xf3, 0x55, 0xf0, 0xfb, 0xfe, 0xc7,
+    0x83, 0xed, 0x35, 0x9e, 0x5d, 0x0b, 0xf7, 0x37, 0x7a, 0x0f, 0xc4, 0xea,
+    0x7a, 0xce, 0x47, 0x3c, 0x9c, 0x11, 0x2b, 0x41, 0xcc, 0xd4, 0x1a, 0xc5,
+    0x6a, 0x56, 0x12, 0x41, 0x04, 0x36, 0x0a, 0x1c, 0xea, 0x33, 0xfc, 0xe6,
+    0x41, 0x15, 0x64, 0x58, 0xe0, 0xa4, 0xea, 0xc2, 0x19, 0xe9, 0x68, 0x31,
+    0xe6, 0xae, 0xbc, 0x88, 0xb3, 0xf3, 0x75, 0x2f, 0x93, 0xa0, 0x28, 0x1d,
+    0x1b, 0xf1, 0xfb, 0x10, 0x60, 0x51, 0xdb, 0x96, 0x94, 0xa8, 0xd6, 0xe8,
+    0x62, 0xa5, 0xef, 0x13, 0x24, 0xa3, 0xd9, 0xe2, 0x78, 0x94, 0xf1, 0xee,
+    0x4f, 0x7c, 0x59, 0x19, 0x99, 0x65, 0xa8, 0xdd, 0x4a, 0x20, 0x91, 0x84,
+    0x7d, 0x2d, 0x22, 0xdf, 0x3e, 0xe5, 0x5f, 0xaa, 0x2a, 0x3f, 0xb3, 0x3f,
+    0xd2, 0xd1, 0xe0, 0x55, 0xa0, 0x7a, 0x7c, 0x61, 0xec, 0xfb, 0x8d, 0x80,
+    0xec, 0x00, 0xc2, 0xc9, 0xeb, 0x12
+};
+
+static const unsigned char ecjpake_test_srv_two[] = {
+    0x03, 0x00, 0x17, 0x41, 0x04, 0x0f, 0xb2, 0x2b, 0x1d, 0x5d, 0x11, 0x23,
+    0xe0, 0xef, 0x9f, 0xeb, 0x9d, 0x8a, 0x2e, 0x59, 0x0a, 0x1f, 0x4d, 0x7c,
+    0xed, 0x2c, 0x2b, 0x06, 0x58, 0x6e, 0x8f, 0x2a, 0x16, 0xd4, 0xeb, 0x2f,
+    0xda, 0x43, 0x28, 0xa2, 0x0b, 0x07, 0xd8, 0xfd, 0x66, 0x76, 0x54, 0xca,
+    0x18, 0xc5, 0x4e, 0x32, 0xa3, 0x33, 0xa0, 0x84, 0x54, 0x51, 0xe9, 0x26,
+    0xee, 0x88, 0x04, 0xfd, 0x7a, 0xf0, 0xaa, 0xa7, 0xa6, 0x41, 0x04, 0x55,
+    0x16, 0xea, 0x3e, 0x54, 0xa0, 0xd5, 0xd8, 0xb2, 0xce, 0x78, 0x6b, 0x38,
+    0xd3, 0x83, 0x37, 0x00, 0x29, 0xa5, 0xdb, 0xe4, 0x45, 0x9c, 0x9d, 0xd6,
+    0x01, 0xb4, 0x08, 0xa2, 0x4a, 0xe6, 0x46, 0x5c, 0x8a, 0xc9, 0x05, 0xb9,
+    0xeb, 0x03, 0xb5, 0xd3, 0x69, 0x1c, 0x13, 0x9e, 0xf8, 0x3f, 0x1c, 0xd4,
+    0x20, 0x0f, 0x6c, 0x9c, 0xd4, 0xec, 0x39, 0x22, 0x18, 0xa5, 0x9e, 0xd2,
+    0x43, 0xd3, 0xc8, 0x20, 0xff, 0x72, 0x4a, 0x9a, 0x70, 0xb8, 0x8c, 0xb8,
+    0x6f, 0x20, 0xb4, 0x34, 0xc6, 0x86, 0x5a, 0xa1, 0xcd, 0x79, 0x06, 0xdd,
+    0x7c, 0x9b, 0xce, 0x35, 0x25, 0xf5, 0x08, 0x27, 0x6f, 0x26, 0x83, 0x6c
+};
+
+static const unsigned char ecjpake_test_cli_two[] = {
+    0x41, 0x04, 0x69, 0xd5, 0x4e, 0xe8, 0x5e, 0x90, 0xce, 0x3f, 0x12, 0x46,
+    0x74, 0x2d, 0xe5, 0x07, 0xe9, 0x39, 0xe8, 0x1d, 0x1d, 0xc1, 0xc5, 0xcb,
+    0x98, 0x8b, 0x58, 0xc3, 0x10, 0xc9, 0xfd, 0xd9, 0x52, 0x4d, 0x93, 0x72,
+    0x0b, 0x45, 0x54, 0x1c, 0x83, 0xee, 0x88, 0x41, 0x19, 0x1d, 0xa7, 0xce,
+    0xd8, 0x6e, 0x33, 0x12, 0xd4, 0x36, 0x23, 0xc1, 0xd6, 0x3e, 0x74, 0x98,
+    0x9a, 0xba, 0x4a, 0xff, 0xd1, 0xee, 0x41, 0x04, 0x07, 0x7e, 0x8c, 0x31,
+    0xe2, 0x0e, 0x6b, 0xed, 0xb7, 0x60, 0xc1, 0x35, 0x93, 0xe6, 0x9f, 0x15,
+    0xbe, 0x85, 0xc2, 0x7d, 0x68, 0xcd, 0x09, 0xcc, 0xb8, 0xc4, 0x18, 0x36,
+    0x08, 0x91, 0x7c, 0x5c, 0x3d, 0x40, 0x9f, 0xac, 0x39, 0xfe, 0xfe, 0xe8,
+    0x2f, 0x72, 0x92, 0xd3, 0x6f, 0x0d, 0x23, 0xe0, 0x55, 0x91, 0x3f, 0x45,
+    0xa5, 0x2b, 0x85, 0xdd, 0x8a, 0x20, 0x52, 0xe9, 0xe1, 0x29, 0xbb, 0x4d,
+    0x20, 0x0f, 0x01, 0x1f, 0x19, 0x48, 0x35, 0x35, 0xa6, 0xe8, 0x9a, 0x58,
+    0x0c, 0x9b, 0x00, 0x03, 0xba, 0xf2, 0x14, 0x62, 0xec, 0xe9, 0x1a, 0x82,
+    0xcc, 0x38, 0xdb, 0xdc, 0xae, 0x60, 0xd9, 0xc5, 0x4c
+};
+
+static const unsigned char ecjpake_test_pms[] = {
+    0xf3, 0xd4, 0x7f, 0x59, 0x98, 0x44, 0xdb, 0x92, 0xa5, 0x69, 0xbb, 0xe7,
+    0x98, 0x1e, 0x39, 0xd9, 0x31, 0xfd, 0x74, 0x3b, 0xf2, 0x2e, 0x98, 0xf9,
+    0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51
+};
+
+/* Load my private keys and generate the correponding public keys */
+static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
+                              const unsigned char *xm1, size_t len1,
+                              const unsigned char *xm2, size_t len2 )
+{
+    int ret;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,
+                                      &ctx->grp.G, NULL, NULL ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,
+                                      &ctx->grp.G, NULL, NULL ) );
+
+cleanup:
+    return( ret );
+}
+
+/* For tests we don't need a secure RNG;
+ * use the LGC from Numerical Recipes for simplicity */
+static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
+{
+    static uint32_t x = 42;
+    (void) p;
+
+    while( len > 0 )
+    {
+        size_t use_len = len > 4 ? 4 : len;
+        x = 1664525 * x + 1013904223;
+        memcpy( out, &x, use_len );
+        out += use_len;
+        len -= use_len;
+    }
+
+    return( 0 );
+}
+
+#define TEST_ASSERT( x )    \
+    do {                    \
+        if( x )             \
+            ret = 0;        \
+        else                \
+        {                   \
+            ret = 1;        \
+            goto cleanup;   \
+        }                   \
+    } while( 0 )
+
+/*
+ * Checkup routine
+ */
+int mbedtls_ecjpake_self_test( int verbose )
+{
+    int ret;
+    mbedtls_ecjpake_context cli;
+    mbedtls_ecjpake_context srv;
+    unsigned char buf[512], pms[32];
+    size_t len, pmslen;
+
+    mbedtls_ecjpake_init( &cli );
+    mbedtls_ecjpake_init( &srv );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  ECJPAKE test #0 (setup): " );
+
+    TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT,
+                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
+                    ecjpake_test_password,
+            sizeof( ecjpake_test_password ) ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER,
+                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
+                    ecjpake_test_password,
+            sizeof( ecjpake_test_password ) ) == 0 );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  ECJPAKE test #1 (random handshake): " );
+
+    TEST_ASSERT( mbedtls_ecjpake_write_round_one( &cli,
+                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, buf, len ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_write_round_one( &srv,
+                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, buf, len ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_write_round_two( &srv,
+                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, buf, len ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
+                 pms, sizeof( pms ), &pmslen, ecjpake_lgc, NULL ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_write_round_two( &cli,
+                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, buf, len ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
+                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+    TEST_ASSERT( len == pmslen );
+    TEST_ASSERT( memcmp( buf, pms, len ) == 0 );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  ECJPAKE test #2 (reference handshake): " );
+
+    /* Simulate generation of round one */
+    MBEDTLS_MPI_CHK( ecjpake_test_load( &cli,
+                ecjpake_test_x1, sizeof( ecjpake_test_x1 ),
+                ecjpake_test_x2, sizeof( ecjpake_test_x2 ) ) );
+
+    MBEDTLS_MPI_CHK( ecjpake_test_load( &srv,
+                ecjpake_test_x3, sizeof( ecjpake_test_x3 ),
+                ecjpake_test_x4, sizeof( ecjpake_test_x4 ) ) );
+
+    /* Read round one */
+    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv,
+                                    ecjpake_test_cli_one,
+                            sizeof( ecjpake_test_cli_one ) ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli,
+                                    ecjpake_test_srv_one,
+                            sizeof( ecjpake_test_srv_one ) ) == 0 );
+
+    /* Skip generation of round two, read round two */
+    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli,
+                                    ecjpake_test_srv_two,
+                            sizeof( ecjpake_test_srv_two ) ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv,
+                                    ecjpake_test_cli_two,
+                            sizeof( ecjpake_test_cli_two ) ) == 0 );
+
+    /* Server derives PMS */
+    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
+                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+    TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
+    TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
+
+    memset( buf, 0, len ); /* Avoid interferences with next step */
+
+    /* Client derives PMS */
+    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
+                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
+
+    TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
+    TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+cleanup:
+    mbedtls_ecjpake_free( &cli );
+    mbedtls_ecjpake_free( &srv );
+
+    if( ret != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        ret = 1;
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( ret );
+}
+
+#undef TEST_ASSERT
+
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED && MBEDTLS_SHA256_C */
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_ECJPAKE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ecp.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2090 @@
+/*
+ *  Elliptic curves over GF(p): generic functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * References:
+ *
+ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
+ * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
+ * RFC 4492 for the related TLS structures and constants
+ *
+ * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
+ *
+ * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
+ *     for elliptic curve cryptosystems. In : Cryptographic Hardware and
+ *     Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
+ *     <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
+ *
+ * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to
+ *     render ECC resistant against Side Channel Attacks. IACR Cryptology
+ *     ePrint Archive, 2004, vol. 2004, p. 342.
+ *     <http://eprint.iacr.org/2004/342.pdf>
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+
+#include "mbedtls/ecp.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#include <stdio.h>
+#define mbedtls_printf     printf
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * Counts of point addition and doubling, and field multiplications.
+ * Used to test resistance of point multiplication to simple timing attacks.
+ */
+static unsigned long add_count, dbl_count, mul_count;
+#endif
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   ||   \
+    defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   ||   \
+    defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   ||   \
+    defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#define ECP_SHORTWEIERSTRASS
+#endif
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#define ECP_MONTGOMERY
+#endif
+
+/*
+ * Curve types: internal for now, might be exposed later
+ */
+typedef enum
+{
+    ECP_TYPE_NONE = 0,
+    ECP_TYPE_SHORT_WEIERSTRASS,    /* y^2 = x^3 + a x + b      */
+    ECP_TYPE_MONTGOMERY,           /* y^2 = x^3 + a x^2 + x    */
+} ecp_curve_type;
+
+/*
+ * List of supported curves:
+ *  - internal ID
+ *  - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
+ *  - size in bits
+ *  - readable name
+ *
+ * Curves are listed in order: largest curves first, and for a given size,
+ * fastest curves first. This provides the default order for the SSL module.
+ *
+ * Reminder: update profiles in x509_crt.c when adding a new curves!
+ */
+static const mbedtls_ecp_curve_info ecp_supported_curves[] =
+{
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP521R1,    25,     521,    "secp521r1"         },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+    { MBEDTLS_ECP_DP_BP512R1,      28,     512,    "brainpoolP512r1"   },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP384R1,    24,     384,    "secp384r1"         },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+    { MBEDTLS_ECP_DP_BP384R1,      27,     384,    "brainpoolP384r1"   },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP256R1,    23,     256,    "secp256r1"         },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP256K1,    22,     256,    "secp256k1"         },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+    { MBEDTLS_ECP_DP_BP256R1,      26,     256,    "brainpoolP256r1"   },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP224R1,    21,     224,    "secp224r1"         },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP224K1,    20,     224,    "secp224k1"         },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP192R1,    19,     192,    "secp192r1"         },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+    { MBEDTLS_ECP_DP_SECP192K1,    18,     192,    "secp192k1"         },
+#endif
+    { MBEDTLS_ECP_DP_NONE,          0,     0,      NULL                },
+};
+
+#define ECP_NB_CURVES   sizeof( ecp_supported_curves ) /    \
+                        sizeof( ecp_supported_curves[0] )
+
+static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES];
+
+/*
+ * List of supported curves and associated info
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void )
+{
+    return( ecp_supported_curves );
+}
+
+/*
+ * List of supported curves, group ID only
+ */
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void )
+{
+    static int init_done = 0;
+
+    if( ! init_done )
+    {
+        size_t i = 0;
+        const mbedtls_ecp_curve_info *curve_info;
+
+        for( curve_info = mbedtls_ecp_curve_list();
+             curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+             curve_info++ )
+        {
+            ecp_supported_grp_id[i++] = curve_info->grp_id;
+        }
+        ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE;
+
+        init_done = 1;
+    }
+
+    return( ecp_supported_grp_id );
+}
+
+/*
+ * Get the curve info for the internal identifier
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id )
+{
+    const mbedtls_ecp_curve_info *curve_info;
+
+    for( curve_info = mbedtls_ecp_curve_list();
+         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+         curve_info++ )
+    {
+        if( curve_info->grp_id == grp_id )
+            return( curve_info );
+    }
+
+    return( NULL );
+}
+
+/*
+ * Get the curve info from the TLS identifier
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id )
+{
+    const mbedtls_ecp_curve_info *curve_info;
+
+    for( curve_info = mbedtls_ecp_curve_list();
+         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+         curve_info++ )
+    {
+        if( curve_info->tls_id == tls_id )
+            return( curve_info );
+    }
+
+    return( NULL );
+}
+
+/*
+ * Get the curve info from the name
+ */
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name )
+{
+    const mbedtls_ecp_curve_info *curve_info;
+
+    for( curve_info = mbedtls_ecp_curve_list();
+         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+         curve_info++ )
+    {
+        if( strcmp( curve_info->name, name ) == 0 )
+            return( curve_info );
+    }
+
+    return( NULL );
+}
+
+/*
+ * Get the type of a curve
+ */
+static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp )
+{
+    if( grp->G.X.p == NULL )
+        return( ECP_TYPE_NONE );
+
+    if( grp->G.Y.p == NULL )
+        return( ECP_TYPE_MONTGOMERY );
+    else
+        return( ECP_TYPE_SHORT_WEIERSTRASS );
+}
+
+/*
+ * Initialize (the components of) a point
+ */
+void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
+{
+    if( pt == NULL )
+        return;
+
+    mbedtls_mpi_init( &pt->X );
+    mbedtls_mpi_init( &pt->Y );
+    mbedtls_mpi_init( &pt->Z );
+}
+
+/*
+ * Initialize (the components of) a group
+ */
+void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
+{
+    if( grp == NULL )
+        return;
+
+    memset( grp, 0, sizeof( mbedtls_ecp_group ) );
+}
+
+/*
+ * Initialize (the components of) a key pair
+ */
+void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
+{
+    if( key == NULL )
+        return;
+
+    mbedtls_ecp_group_init( &key->grp );
+    mbedtls_mpi_init( &key->d );
+    mbedtls_ecp_point_init( &key->Q );
+}
+
+/*
+ * Unallocate (the components of) a point
+ */
+void mbedtls_ecp_point_free( mbedtls_ecp_point *pt )
+{
+    if( pt == NULL )
+        return;
+
+    mbedtls_mpi_free( &( pt->X ) );
+    mbedtls_mpi_free( &( pt->Y ) );
+    mbedtls_mpi_free( &( pt->Z ) );
+}
+
+/*
+ * Unallocate (the components of) a group
+ */
+void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
+{
+    size_t i;
+
+    if( grp == NULL )
+        return;
+
+    if( grp->h != 1 )
+    {
+        mbedtls_mpi_free( &grp->P );
+        mbedtls_mpi_free( &grp->A );
+        mbedtls_mpi_free( &grp->B );
+        mbedtls_ecp_point_free( &grp->G );
+        mbedtls_mpi_free( &grp->N );
+    }
+
+    if( grp->T != NULL )
+    {
+        for( i = 0; i < grp->T_size; i++ )
+            mbedtls_ecp_point_free( &grp->T[i] );
+        mbedtls_free( grp->T );
+    }
+
+    mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) );
+}
+
+/*
+ * Unallocate (the components of) a key pair
+ */
+void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key )
+{
+    if( key == NULL )
+        return;
+
+    mbedtls_ecp_group_free( &key->grp );
+    mbedtls_mpi_free( &key->d );
+    mbedtls_ecp_point_free( &key->Q );
+}
+
+/*
+ * Copy the contents of a point
+ */
+int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
+{
+    int ret;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Copy the contents of a group object
+ */
+int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
+{
+    return mbedtls_ecp_group_load( dst, src->id );
+}
+
+/*
+ * Set point to zero
+ */
+int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
+{
+    int ret;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Tell if a point is zero
+ */
+int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
+{
+    return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
+}
+
+/*
+ * Compare two points lazyly
+ */
+int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
+                           const mbedtls_ecp_point *Q )
+{
+    if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
+        mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
+        mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
+    {
+        return( 0 );
+    }
+
+    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+}
+
+/*
+ * Import a non-zero point from ASCII strings
+ */
+int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
+                           const char *x, const char *y )
+{
+    int ret;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Export a point into unsigned binary data (SEC1 2.3.3)
+ */
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
+                            int format, size_t *olen,
+                            unsigned char *buf, size_t buflen )
+{
+    int ret = 0;
+    size_t plen;
+
+    if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
+        format != MBEDTLS_ECP_PF_COMPRESSED )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * Common case: P == 0
+     */
+    if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
+    {
+        if( buflen < 1 )
+            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+        buf[0] = 0x00;
+        *olen = 1;
+
+        return( 0 );
+    }
+
+    plen = mbedtls_mpi_size( &grp->P );
+
+    if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
+    {
+        *olen = 2 * plen + 1;
+
+        if( buflen < *olen )
+            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+        buf[0] = 0x04;
+        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
+    }
+    else if( format == MBEDTLS_ECP_PF_COMPRESSED )
+    {
+        *olen = plen + 1;
+
+        if( buflen < *olen )
+            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+        buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+    }
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Import a point from unsigned binary data (SEC1 2.3.4)
+ */
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+                           const unsigned char *buf, size_t ilen )
+{
+    int ret;
+    size_t plen;
+
+    if( ilen < 1 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    if( buf[0] == 0x00 )
+    {
+        if( ilen == 1 )
+            return( mbedtls_ecp_set_zero( pt ) );
+        else
+            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    }
+
+    plen = mbedtls_mpi_size( &grp->P );
+
+    if( buf[0] != 0x04 )
+        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+
+    if( ilen != 2 * plen + 1 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Import a point from a TLS ECPoint record (RFC 4492)
+ *      struct {
+ *          opaque point <1..2^8-1>;
+ *      } ECPoint;
+ */
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+                        const unsigned char **buf, size_t buf_len )
+{
+    unsigned char data_len;
+    const unsigned char *buf_start;
+
+    /*
+     * We must have at least two bytes (1 for length, at least one for data)
+     */
+    if( buf_len < 2 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    data_len = *(*buf)++;
+    if( data_len < 1 || data_len > buf_len - 1 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * Save buffer start for read_binary and update buf
+     */
+    buf_start = *buf;
+    *buf += data_len;
+
+    return mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len );
+}
+
+/*
+ * Export a point as a TLS ECPoint record (RFC 4492)
+ *      struct {
+ *          opaque point <1..2^8-1>;
+ *      } ECPoint;
+ */
+int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
+                         int format, size_t *olen,
+                         unsigned char *buf, size_t blen )
+{
+    int ret;
+
+    /*
+     * buffer length must be at least one, for our length byte
+     */
+    if( blen < 1 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format,
+                    olen, buf + 1, blen - 1) ) != 0 )
+        return( ret );
+
+    /*
+     * write length to the first byte and update total length
+     */
+    buf[0] = (unsigned char) *olen;
+    ++*olen;
+
+    return( 0 );
+}
+
+/*
+ * Set a group from an ECParameters record (RFC 4492)
+ */
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len )
+{
+    uint16_t tls_id;
+    const mbedtls_ecp_curve_info *curve_info;
+
+    /*
+     * We expect at least three bytes (see below)
+     */
+    if( len < 3 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * First byte is curve_type; only named_curve is handled
+     */
+    if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * Next two bytes are the namedcurve value
+     */
+    tls_id = *(*buf)++;
+    tls_id <<= 8;
+    tls_id |= *(*buf)++;
+
+    if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
+        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+
+    return mbedtls_ecp_group_load( grp, curve_info->grp_id );
+}
+
+/*
+ * Write the ECParameters record corresponding to a group (RFC 4492)
+ */
+int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
+                         unsigned char *buf, size_t blen )
+{
+    const mbedtls_ecp_curve_info *curve_info;
+
+    if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * We are going to write 3 bytes (see below)
+     */
+    *olen = 3;
+    if( blen < *olen )
+        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+
+    /*
+     * First byte is curve_type, always named_curve
+     */
+    *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
+
+    /*
+     * Next two bytes are the namedcurve value
+     */
+    buf[0] = curve_info->tls_id >> 8;
+    buf[1] = curve_info->tls_id & 0xFF;
+
+    return( 0 );
+}
+
+/*
+ * Wrapper around fast quasi-modp functions, with fall-back to mbedtls_mpi_mod_mpi.
+ * See the documentation of struct mbedtls_ecp_group.
+ *
+ * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf.
+ */
+static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp )
+{
+    int ret;
+
+    if( grp->modp == NULL )
+        return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) );
+
+    /* N->s < 0 is a much faster test, which fails only if N is 0 */
+    if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) ||
+        mbedtls_mpi_bitlen( N ) > 2 * grp->pbits )
+    {
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    }
+
+    MBEDTLS_MPI_CHK( grp->modp( N ) );
+
+    /* N->s < 0 is a much faster test, which fails only if N is 0 */
+    while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) );
+
+    while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 )
+        /* we known P, N and the result are positive */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Fast mod-p functions expect their argument to be in the 0..p^2 range.
+ *
+ * In order to guarantee that, we need to ensure that operands of
+ * mbedtls_mpi_mul_mpi are in the 0..p range. So, after each operation we will
+ * bring the result back to this range.
+ *
+ * The following macros are shortcuts for doing that.
+ */
+
+/*
+ * Reduce a mbedtls_mpi mod p in-place, general case, to use after mbedtls_mpi_mul_mpi
+ */
+#if defined(MBEDTLS_SELF_TEST)
+#define INC_MUL_COUNT   mul_count++;
+#else
+#define INC_MUL_COUNT
+#endif
+
+#define MOD_MUL( N )    do { MBEDTLS_MPI_CHK( ecp_modp( &N, grp ) ); INC_MUL_COUNT } \
+                        while( 0 )
+
+/*
+ * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
+ * N->s < 0 is a very fast test, which fails only if N is 0
+ */
+#define MOD_SUB( N )                                \
+    while( N.s < 0 && mbedtls_mpi_cmp_int( &N, 0 ) != 0 )   \
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &N, &N, &grp->P ) )
+
+/*
+ * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int.
+ * We known P, N and the result are positive, so sub_abs is correct, and
+ * a bit faster.
+ */
+#define MOD_ADD( N )                                \
+    while( mbedtls_mpi_cmp_mpi( &N, &grp->P ) >= 0 )        \
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &N, &N, &grp->P ) )
+
+#if defined(ECP_SHORTWEIERSTRASS)
+/*
+ * For curves in short Weierstrass form, we do all the internal operations in
+ * Jacobian coordinates.
+ *
+ * For multiplication, we'll use a comb method with coutermeasueres against
+ * SPA, hence timing attacks.
+ */
+
+/*
+ * Normalize jacobian coordinates so that Z == 0 || Z == 1  (GECC 3.2.1)
+ * Cost: 1N := 1I + 3M + 1S
+ */
+static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt )
+{
+    int ret;
+    mbedtls_mpi Zi, ZZi;
+
+    if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
+        return( 0 );
+
+    mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
+
+    /*
+     * X = X / Z^2  mod p
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi,      &pt->Z,     &grp->P ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi,     &Zi,        &Zi     ) ); MOD_MUL( ZZi );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X,   &pt->X,     &ZZi    ) ); MOD_MUL( pt->X );
+
+    /*
+     * Y = Y / Z^3  mod p
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y,   &pt->Y,     &ZZi    ) ); MOD_MUL( pt->Y );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y,   &pt->Y,     &Zi     ) ); MOD_MUL( pt->Y );
+
+    /*
+     * Z = 1
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+
+cleanup:
+
+    mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
+
+    return( ret );
+}
+
+/*
+ * Normalize jacobian coordinates of an array of (pointers to) points,
+ * using Montgomery's trick to perform only one inversion mod P.
+ * (See for example Cohen's "A Course in Computational Algebraic Number
+ * Theory", Algorithm 10.3.4.)
+ *
+ * Warning: fails (returning an error) if one of the points is zero!
+ * This should never happen, see choice of w in ecp_mul_comb().
+ *
+ * Cost: 1N(t) := 1I + (6t - 3)M + 1S
+ */
+static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
+                                   mbedtls_ecp_point *T[], size_t t_len )
+{
+    int ret;
+    size_t i;
+    mbedtls_mpi *c, u, Zi, ZZi;
+
+    if( t_len < 2 )
+        return( ecp_normalize_jac( grp, *T ) );
+
+    if( ( c = mbedtls_calloc( t_len, sizeof( mbedtls_mpi ) ) ) == NULL )
+        return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
+
+    mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
+
+    /*
+     * c[i] = Z_0 * ... * Z_i
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) );
+    for( i = 1; i < t_len; i++ )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &c[i], &c[i-1], &T[i]->Z ) );
+        MOD_MUL( c[i] );
+    }
+
+    /*
+     * u = 1 / (Z_0 * ... * Z_n) mod P
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[t_len-1], &grp->P ) );
+
+    for( i = t_len - 1; ; i-- )
+    {
+        /*
+         * Zi = 1 / Z_i mod p
+         * u = 1 / (Z_0 * ... * Z_i) mod P
+         */
+        if( i == 0 ) {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Zi, &u ) );
+        }
+        else
+        {
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Zi, &u, &c[i-1]  ) ); MOD_MUL( Zi );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u,  &u, &T[i]->Z ) ); MOD_MUL( u );
+        }
+
+        /*
+         * proceed as in normalize()
+         */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi,     &Zi,      &Zi  ) ); MOD_MUL( ZZi );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->X, &T[i]->X, &ZZi ) ); MOD_MUL( T[i]->X );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->Y, &T[i]->Y, &ZZi ) ); MOD_MUL( T[i]->Y );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->Y, &T[i]->Y, &Zi  ) ); MOD_MUL( T[i]->Y );
+
+        /*
+         * Post-precessing: reclaim some memory by shrinking coordinates
+         * - not storing Z (always 1)
+         * - shrinking other coordinates, but still keeping the same number of
+         *   limbs as P, as otherwise it will too likely be regrown too fast.
+         */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) );
+        mbedtls_mpi_free( &T[i]->Z );
+
+        if( i == 0 )
+            break;
+    }
+
+cleanup:
+
+    mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
+    for( i = 0; i < t_len; i++ )
+        mbedtls_mpi_free( &c[i] );
+    mbedtls_free( c );
+
+    return( ret );
+}
+
+/*
+ * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak.
+ * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid
+ */
+static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp,
+                            mbedtls_ecp_point *Q,
+                            unsigned char inv )
+{
+    int ret;
+    unsigned char nonzero;
+    mbedtls_mpi mQY;
+
+    mbedtls_mpi_init( &mQY );
+
+    /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) );
+    nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) );
+
+cleanup:
+    mbedtls_mpi_free( &mQY );
+
+    return( ret );
+}
+
+/*
+ * Point doubling R = 2 P, Jacobian coordinates
+ *
+ * Based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-1998-cmo-2 .
+ *
+ * We follow the variable naming fairly closely. The formula variations that trade a MUL for a SQR
+ * (plus a few ADDs) aren't useful as our bignum implementation doesn't distinguish squaring.
+ *
+ * Standard optimizations are applied when curve parameter A is one of { 0, -3 }.
+ *
+ * Cost: 1D := 3M + 4S          (A ==  0)
+ *             4M + 4S          (A == -3)
+ *             3M + 6S + 1a     otherwise
+ */
+static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                           const mbedtls_ecp_point *P )
+{
+    int ret;
+    mbedtls_mpi M, S, T, U;
+
+#if defined(MBEDTLS_SELF_TEST)
+    dbl_count++;
+#endif
+
+    mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
+
+    /* Special case for A = -3 */
+    if( grp->A.p == NULL )
+    {
+        /* M = 3(X + Z^2)(X - Z^2) */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &P->Z,  &P->Z   ) ); MOD_MUL( S );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T,  &P->X,  &S      ) ); MOD_ADD( T );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U,  &P->X,  &S      ) ); MOD_SUB( U );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &T,     &U      ) ); MOD_MUL( S );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M,  &S,     3       ) ); MOD_ADD( M );
+    }
+    else
+    {
+        /* M = 3.X^2 */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &P->X,  &P->X   ) ); MOD_MUL( S );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M,  &S,     3       ) ); MOD_ADD( M );
+
+        /* Optimize away for "koblitz" curves with A = 0 */
+        if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 )
+        {
+            /* M += A.Z^4 */
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &P->Z,  &P->Z   ) ); MOD_MUL( S );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T,  &S,     &S      ) ); MOD_MUL( T );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &T,     &grp->A ) ); MOD_MUL( S );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M,  &M,     &S      ) ); MOD_ADD( M );
+        }
+    }
+
+    /* S = 4.X.Y^2 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T,  &P->Y,  &P->Y   ) ); MOD_MUL( T );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T,  1               ) ); MOD_ADD( T );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &P->X,  &T      ) ); MOD_MUL( S );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &S,  1               ) ); MOD_ADD( S );
+
+    /* U = 8.Y^4 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U,  &T,     &T      ) ); MOD_MUL( U );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U,  1               ) ); MOD_ADD( U );
+
+    /* T = M^2 - 2.S */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T,  &M,     &M      ) ); MOD_MUL( T );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T,  &T,     &S      ) ); MOD_SUB( T );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T,  &T,     &S      ) ); MOD_SUB( T );
+
+    /* S = M(S - T) - U */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S,  &S,     &T      ) ); MOD_SUB( S );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &S,     &M      ) ); MOD_MUL( S );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S,  &S,     &U      ) ); MOD_SUB( S );
+
+    /* U = 2.Y.Z */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U,  &P->Y,  &P->Z   ) ); MOD_MUL( U );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U,  1               ) ); MOD_ADD( U );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) );
+
+cleanup:
+    mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U );
+
+    return( ret );
+}
+
+/*
+ * Addition: R = P + Q, mixed affine-Jacobian coordinates (GECC 3.22)
+ *
+ * The coordinates of Q must be normalized (= affine),
+ * but those of P don't need to. R is not normalized.
+ *
+ * Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q.
+ * None of these cases can happen as intermediate step in ecp_mul_comb():
+ * - at each step, P, Q and R are multiples of the base point, the factor
+ *   being less than its order, so none of them is zero;
+ * - Q is an odd multiple of the base point, P an even multiple,
+ *   due to the choice of precomputed points in the modified comb method.
+ * So branches for these cases do not leak secret information.
+ *
+ * We accept Q->Z being unset (saving memory in tables) as meaning 1.
+ *
+ * Cost: 1A := 8M + 3S
+ */
+static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                          const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
+{
+    int ret;
+    mbedtls_mpi T1, T2, T3, T4, X, Y, Z;
+
+#if defined(MBEDTLS_SELF_TEST)
+    add_count++;
+#endif
+
+    /*
+     * Trivial cases: P == 0 or Q == 0 (case 1)
+     */
+    if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
+        return( mbedtls_ecp_copy( R, Q ) );
+
+    if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 )
+        return( mbedtls_ecp_copy( R, P ) );
+
+    /*
+     * Make sure Q coordinates are normalized
+     */
+    if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 );
+    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1,  &P->Z,  &P->Z ) );  MOD_MUL( T1 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2,  &T1,    &P->Z ) );  MOD_MUL( T2 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1,  &T1,    &Q->X ) );  MOD_MUL( T1 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2,  &T2,    &Q->Y ) );  MOD_MUL( T2 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T1,  &T1,    &P->X ) );  MOD_SUB( T1 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T2,  &T2,    &P->Y ) );  MOD_SUB( T2 );
+
+    /* Special cases (2) and (3) */
+    if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 )
+    {
+        if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 )
+        {
+            ret = ecp_double_jac( grp, R, P );
+            goto cleanup;
+        }
+        else
+        {
+            ret = mbedtls_ecp_set_zero( R );
+            goto cleanup;
+        }
+    }
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Z,   &P->Z,  &T1   ) );  MOD_MUL( Z  );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3,  &T1,    &T1   ) );  MOD_MUL( T3 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4,  &T3,    &T1   ) );  MOD_MUL( T4 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3,  &T3,    &P->X ) );  MOD_MUL( T3 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1,  &T3,    2     ) );  MOD_ADD( T1 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X,   &T2,    &T2   ) );  MOD_MUL( X  );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X,   &X,     &T1   ) );  MOD_SUB( X  );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X,   &X,     &T4   ) );  MOD_SUB( X  );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T3,  &T3,    &X    ) );  MOD_SUB( T3 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3,  &T3,    &T2   ) );  MOD_MUL( T3 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4,  &T4,    &P->Y ) );  MOD_MUL( T4 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &Y,   &T3,    &T4   ) );  MOD_SUB( Y  );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) );
+
+cleanup:
+
+    mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 );
+    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
+
+    return( ret );
+}
+
+/*
+ * Randomize jacobian coordinates:
+ * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l
+ * This is sort of the reverse operation of ecp_normalize_jac().
+ *
+ * This countermeasure was first suggested in [2].
+ */
+static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret;
+    mbedtls_mpi l, ll;
+    size_t p_size = ( grp->pbits + 7 ) / 8;
+    int count = 0;
+
+    mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll );
+
+    /* Generate l such that 1 < l < p */
+    do
+    {
+        mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng );
+
+        while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
+
+        if( count++ > 10 )
+            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+    }
+    while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
+
+    /* Z = l * Z */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Z,   &pt->Z,     &l  ) ); MOD_MUL( pt->Z );
+
+    /* X = l^2 * X */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ll,      &l,         &l  ) ); MOD_MUL( ll );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X,   &pt->X,     &ll ) ); MOD_MUL( pt->X );
+
+    /* Y = l^3 * Y */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ll,      &ll,        &l  ) ); MOD_MUL( ll );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y,   &pt->Y,     &ll ) ); MOD_MUL( pt->Y );
+
+cleanup:
+    mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll );
+
+    return( ret );
+}
+
+/*
+ * Check and define parameters used by the comb method (see below for details)
+ */
+#if MBEDTLS_ECP_WINDOW_SIZE < 2 || MBEDTLS_ECP_WINDOW_SIZE > 7
+#error "MBEDTLS_ECP_WINDOW_SIZE out of bounds"
+#endif
+
+/* d = ceil( n / w ) */
+#define COMB_MAX_D      ( MBEDTLS_ECP_MAX_BITS + 1 ) / 2
+
+/* number of precomputed points */
+#define COMB_MAX_PRE    ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
+
+/*
+ * Compute the representation of m that will be used with our comb method.
+ *
+ * The basic comb method is described in GECC 3.44 for example. We use a
+ * modified version that provides resistance to SPA by avoiding zero
+ * digits in the representation as in [3]. We modify the method further by
+ * requiring that all K_i be odd, which has the small cost that our
+ * representation uses one more K_i, due to carries.
+ *
+ * Also, for the sake of compactness, only the seven low-order bits of x[i]
+ * are used to represent K_i, and the msb of x[i] encodes the the sign (s_i in
+ * the paper): it is set if and only if if s_i == -1;
+ *
+ * Calling conventions:
+ * - x is an array of size d + 1
+ * - w is the size, ie number of teeth, of the comb, and must be between
+ *   2 and 7 (in practice, between 2 and MBEDTLS_ECP_WINDOW_SIZE)
+ * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d
+ *   (the result will be incorrect if these assumptions are not satisfied)
+ */
+static void ecp_comb_fixed( unsigned char x[], size_t d,
+                            unsigned char w, const mbedtls_mpi *m )
+{
+    size_t i, j;
+    unsigned char c, cc, adjust;
+
+    memset( x, 0, d+1 );
+
+    /* First get the classical comb values (except for x_d = 0) */
+    for( i = 0; i < d; i++ )
+        for( j = 0; j < w; j++ )
+            x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j;
+
+    /* Now make sure x_1 .. x_d are odd */
+    c = 0;
+    for( i = 1; i <= d; i++ )
+    {
+        /* Add carry and update it */
+        cc   = x[i] & c;
+        x[i] = x[i] ^ c;
+        c = cc;
+
+        /* Adjust if needed, avoiding branches */
+        adjust = 1 - ( x[i] & 0x01 );
+        c   |= x[i] & ( x[i-1] * adjust );
+        x[i] = x[i] ^ ( x[i-1] * adjust );
+        x[i-1] |= adjust << 7;
+    }
+}
+
+/*
+ * Precompute points for the comb method
+ *
+ * If i = i_{w-1} ... i_1 is the binary representation of i, then
+ * T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P
+ *
+ * T must be able to hold 2^{w - 1} elements
+ *
+ * Cost: d(w-1) D + (2^{w-1} - 1) A + 1 N(w-1) + 1 N(2^{w-1} - 1)
+ */
+static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
+                                mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
+                                unsigned char w, size_t d )
+{
+    int ret;
+    unsigned char i, k;
+    size_t j;
+    mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
+
+    /*
+     * Set T[0] = P and
+     * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value)
+     */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) );
+
+    k = 0;
+    for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 )
+    {
+        cur = T + i;
+        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
+        for( j = 0; j < d; j++ )
+            MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) );
+
+        TT[k++] = cur;
+    }
+
+    MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) );
+
+    /*
+     * Compute the remaining ones using the minimal number of additions
+     * Be careful to update T[2^l] only after using it!
+     */
+    k = 0;
+    for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 )
+    {
+        j = i;
+        while( j-- )
+        {
+            MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) );
+            TT[k++] = &T[i + j];
+        }
+    }
+
+    MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ]
+ */
+static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                            const mbedtls_ecp_point T[], unsigned char t_len,
+                            unsigned char i )
+{
+    int ret;
+    unsigned char ii, j;
+
+    /* Ignore the "sign" bit and scale down */
+    ii =  ( i & 0x7Fu ) >> 1;
+
+    /* Read the whole table to thwart cache-based timing attacks */
+    for( j = 0; j < t_len; j++ )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) );
+    }
+
+    /* Safely invert result if i is "negative" */
+    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Core multiplication algorithm for the (modified) comb method.
+ * This part is actually common with the basic comb method (GECC 3.44)
+ *
+ * Cost: d A + d D + 1 R
+ */
+static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                              const mbedtls_ecp_point T[], unsigned char t_len,
+                              const unsigned char x[], size_t d,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng )
+{
+    int ret;
+    mbedtls_ecp_point Txi;
+    size_t i;
+
+    mbedtls_ecp_point_init( &Txi );
+
+    /* Start with a non-zero point and randomize its coordinates */
+    i = d;
+    MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
+    if( f_rng != 0 )
+        MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
+
+    while( i-- != 0 )
+    {
+        MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) );
+        MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, t_len, x[i] ) );
+        MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) );
+    }
+
+cleanup:
+    mbedtls_ecp_point_free( &Txi );
+
+    return( ret );
+}
+
+/*
+ * Multiplication using the comb method,
+ * for curves in short Weierstrass form
+ */
+static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                         const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng )
+{
+    int ret;
+    unsigned char w, m_is_odd, p_eq_g, pre_len, i;
+    size_t d;
+    unsigned char k[COMB_MAX_D + 1];
+    mbedtls_ecp_point *T;
+    mbedtls_mpi M, mm;
+
+    mbedtls_mpi_init( &M );
+    mbedtls_mpi_init( &mm );
+
+    /* we need N to be odd to trnaform m in an odd number, check now */
+    if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    /*
+     * Minimize the number of multiplications, that is minimize
+     * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w )
+     * (see costs of the various parts, with 1S = 1M)
+     */
+    w = grp->nbits >= 384 ? 5 : 4;
+
+    /*
+     * If P == G, pre-compute a bit more, since this may be re-used later.
+     * Just adding one avoids upping the cost of the first mul too much,
+     * and the memory cost too.
+     */
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+    p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
+               mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
+    if( p_eq_g )
+        w++;
+#else
+    p_eq_g = 0;
+#endif
+
+    /*
+     * Make sure w is within bounds.
+     * (The last test is useful only for very small curves in the test suite.)
+     */
+    if( w > MBEDTLS_ECP_WINDOW_SIZE )
+        w = MBEDTLS_ECP_WINDOW_SIZE;
+    if( w >= grp->nbits )
+        w = 2;
+
+    /* Other sizes that depend on w */
+    pre_len = 1U << ( w - 1 );
+    d = ( grp->nbits + w - 1 ) / w;
+
+    /*
+     * Prepare precomputed points: if P == G we want to
+     * use grp->T if already initialized, or initialize it.
+     */
+    T = p_eq_g ? grp->T : NULL;
+
+    if( T == NULL )
+    {
+        T = mbedtls_calloc( pre_len, sizeof( mbedtls_ecp_point ) );
+        if( T == NULL )
+        {
+            ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
+            goto cleanup;
+        }
+
+        MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d ) );
+
+        if( p_eq_g )
+        {
+            grp->T = T;
+            grp->T_size = pre_len;
+        }
+    }
+
+    /*
+     * Make sure M is odd (M = m or M = N - m, since N is odd)
+     * using the fact that m * P = - (N - m) * P
+     */
+    m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, ! m_is_odd ) );
+
+    /*
+     * Go for comb multiplication, R = M * P
+     */
+    ecp_comb_fixed( k, d, w, &M );
+    MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) );
+
+    /*
+     * Now get m * P from M * P and normalize it
+     */
+    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, ! m_is_odd ) );
+    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
+
+cleanup:
+
+    if( T != NULL && ! p_eq_g )
+    {
+        for( i = 0; i < pre_len; i++ )
+            mbedtls_ecp_point_free( &T[i] );
+        mbedtls_free( T );
+    }
+
+    mbedtls_mpi_free( &M );
+    mbedtls_mpi_free( &mm );
+
+    if( ret != 0 )
+        mbedtls_ecp_point_free( R );
+
+    return( ret );
+}
+
+#endif /* ECP_SHORTWEIERSTRASS */
+
+#if defined(ECP_MONTGOMERY)
+/*
+ * For Montgomery curves, we do all the internal arithmetic in projective
+ * coordinates. Import/export of points uses only the x coordinates, which is
+ * internaly represented as X / Z.
+ *
+ * For scalar multiplication, we'll use a Montgomery ladder.
+ */
+
+/*
+ * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1
+ * Cost: 1M + 1I
+ */
+static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P )
+{
+    int ret;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &P->Z ) ); MOD_MUL( P->X );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Randomize projective x/z coordinates:
+ * (X, Z) -> (l X, l Z) for random l
+ * This is sort of the reverse operation of ecp_normalize_mxz().
+ *
+ * This countermeasure was first suggested in [2].
+ * Cost: 2M
+ */
+static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret;
+    mbedtls_mpi l;
+    size_t p_size = ( grp->pbits + 7 ) / 8;
+    int count = 0;
+
+    mbedtls_mpi_init( &l );
+
+    /* Generate l such that 1 < l < p */
+    do
+    {
+        mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng );
+
+        while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
+
+        if( count++ > 10 )
+            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+    }
+    while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &l ) ); MOD_MUL( P->X );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->Z, &P->Z, &l ) ); MOD_MUL( P->Z );
+
+cleanup:
+    mbedtls_mpi_free( &l );
+
+    return( ret );
+}
+
+/*
+ * Double-and-add: R = 2P, S = P + Q, with d = X(P - Q),
+ * for Montgomery curves in x/z coordinates.
+ *
+ * http://www.hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3
+ * with
+ * d =  X1
+ * P = (X2, Z2)
+ * Q = (X3, Z3)
+ * R = (X4, Z4)
+ * S = (X5, Z5)
+ * and eliminating temporary variables tO, ..., t4.
+ *
+ * Cost: 5M + 4S
+ */
+static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
+                               mbedtls_ecp_point *R, mbedtls_ecp_point *S,
+                               const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
+                               const mbedtls_mpi *d )
+{
+    int ret;
+    mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB;
+
+    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B );
+    mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C );
+    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &A,    &P->X,   &P->Z ) ); MOD_ADD( A    );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &AA,   &A,      &A    ) ); MOD_MUL( AA   );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &B,    &P->X,   &P->Z ) ); MOD_SUB( B    );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &BB,   &B,      &B    ) ); MOD_MUL( BB   );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &E,    &AA,     &BB   ) ); MOD_SUB( E    );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &C,    &Q->X,   &Q->Z ) ); MOD_ADD( C    );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &D,    &Q->X,   &Q->Z ) ); MOD_SUB( D    );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DA,   &D,      &A    ) ); MOD_MUL( DA   );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &CB,   &C,      &B    ) ); MOD_MUL( CB   );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA,     &CB   ) ); MOD_MUL( S->X );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->X, &S->X,   &S->X ) ); MOD_MUL( S->X );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S->Z, &DA,     &CB   ) ); MOD_SUB( S->Z );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, &S->Z,   &S->Z ) ); MOD_MUL( S->Z );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, d,       &S->Z ) ); MOD_MUL( S->Z );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->X, &AA,     &BB   ) ); MOD_MUL( R->X );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &grp->A, &E    ) ); MOD_MUL( R->Z );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &R->Z, &BB,     &R->Z ) ); MOD_ADD( R->Z );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &E,      &R->Z ) ); MOD_MUL( R->Z );
+
+cleanup:
+    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B );
+    mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C );
+    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB );
+
+    return( ret );
+}
+
+/*
+ * Multiplication with Montgomery ladder in x/z coordinates,
+ * for curves in Montgomery form
+ */
+static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+                        const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng )
+{
+    int ret;
+    size_t i;
+    unsigned char b;
+    mbedtls_ecp_point RP;
+    mbedtls_mpi PX;
+
+    mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
+
+    /* Save PX and read from P before writing to R, in case P == R */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
+
+    /* Set R to zero in modified x/z coordinates */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) );
+    mbedtls_mpi_free( &R->Y );
+
+    /* RP.X might be sligtly larger than P, so reduce it */
+    MOD_ADD( RP.X );
+
+    /* Randomize coordinates of the starting point */
+    if( f_rng != NULL )
+        MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
+
+    /* Loop invariant: R = result so far, RP = R + P */
+    i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */
+    while( i-- > 0 )
+    {
+        b = mbedtls_mpi_get_bit( m, i );
+        /*
+         *  if (b) R = 2R + P else R = 2R,
+         * which is:
+         *  if (b) double_add( RP, R, RP, R )
+         *  else   double_add( R, RP, R, RP )
+         * but using safe conditional swaps to avoid leaks
+         */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
+        MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
+    }
+
+    MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
+
+cleanup:
+    mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
+
+    return( ret );
+}
+
+#endif /* ECP_MONTGOMERY */
+
+/*
+ * Multiplication R = m * P
+ */
+int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret;
+
+    /* Common sanity checks */
+    if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 )
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 ||
+        ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 )
+        return( ret );
+
+#if defined(ECP_MONTGOMERY)
+    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+        return( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+        return( ecp_mul_comb( grp, R, m, P, f_rng, p_rng ) );
+#endif
+    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+}
+
+#if defined(ECP_SHORTWEIERSTRASS)
+/*
+ * Check that an affine point is valid as a public key,
+ * short weierstrass curves (SEC1 3.2.3.1)
+ */
+static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+{
+    int ret;
+    mbedtls_mpi YY, RHS;
+
+    /* pt coordinates must be normalized for our checks */
+    if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 ||
+        mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 ||
+        mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
+        mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
+        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+
+    mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS );
+
+    /*
+     * YY = Y^2
+     * RHS = X (X^2 + A) + B = X^3 + A X + B
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &YY,  &pt->Y,   &pt->Y  ) );  MOD_MUL( YY  );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &RHS, &pt->X,   &pt->X  ) );  MOD_MUL( RHS );
+
+    /* Special case for A = -3 */
+    if( grp->A.p == NULL )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3       ) );  MOD_SUB( RHS );
+    }
+    else
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS, &grp->A ) );  MOD_ADD( RHS );
+    }
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &RHS, &RHS,     &pt->X  ) );  MOD_MUL( RHS );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS,     &grp->B ) );  MOD_ADD( RHS );
+
+    if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 )
+        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+
+cleanup:
+
+    mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS );
+
+    return( ret );
+}
+#endif /* ECP_SHORTWEIERSTRASS */
+
+/*
+ * R = m * P with shortcuts for m == 1 and m == -1
+ * NOT constant-time - ONLY for short Weierstrass!
+ */
+static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
+                                      mbedtls_ecp_point *R,
+                                      const mbedtls_mpi *m,
+                                      const mbedtls_ecp_point *P )
+{
+    int ret;
+
+    if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
+    }
+    else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
+        if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );
+    }
+    else
+    {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
+    }
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Linear combination
+ * NOT constant-time
+ */
+int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
+             const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
+{
+    int ret;
+    mbedtls_ecp_point mP;
+
+    if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
+        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+
+    mbedtls_ecp_point_init( &mP );
+
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R,   n, Q ) );
+
+    MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) );
+    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
+
+cleanup:
+    mbedtls_ecp_point_free( &mP );
+
+    return( ret );
+}
+
+
+#if defined(ECP_MONTGOMERY)
+/*
+ * Check validity of a public key for Montgomery curves with x-only schemes
+ */
+static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+{
+    /* [Curve25519 p. 5] Just check X is the correct number of bytes */
+    if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
+        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+
+    return( 0 );
+}
+#endif /* ECP_MONTGOMERY */
+
+/*
+ * Check that a point is valid as a public key
+ */
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
+{
+    /* Must use affine coordinates */
+    if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
+        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+
+#if defined(ECP_MONTGOMERY)
+    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+        return( ecp_check_pubkey_mx( grp, pt ) );
+#endif
+#if defined(ECP_SHORTWEIERSTRASS)
+    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+        return( ecp_check_pubkey_sw( grp, pt ) );
+#endif
+    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+}
+
+/*
+ * Check that an mbedtls_mpi is valid as a private key
+ */
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d )
+{
+#if defined(ECP_MONTGOMERY)
+    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+    {
+        /* see [Curve25519] page 5 */
+        if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
+            mbedtls_mpi_get_bit( d, 1 ) != 0 ||
+            mbedtls_mpi_get_bit( d, 2 ) != 0 ||
+            mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
+            return( MBEDTLS_ERR_ECP_INVALID_KEY );
+        else
+            return( 0 );
+    }
+#endif /* ECP_MONTGOMERY */
+#if defined(ECP_SHORTWEIERSTRASS)
+    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+    {
+        /* see SEC1 3.2 */
+        if( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
+            mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
+            return( MBEDTLS_ERR_ECP_INVALID_KEY );
+        else
+            return( 0 );
+    }
+#endif /* ECP_SHORTWEIERSTRASS */
+
+    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+}
+
+/*
+ * Generate a keypair with configurable base point
+ */
+int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
+                     const mbedtls_ecp_point *G,
+                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng )
+{
+    int ret;
+    size_t n_size = ( grp->nbits + 7 ) / 8;
+
+#if defined(ECP_MONTGOMERY)
+    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
+    {
+        /* [M225] page 5 */
+        size_t b;
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
+
+        /* Make sure the most significant bit is nbits */
+        b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
+        if( b > grp->nbits )
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - grp->nbits ) );
+        else
+            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) );
+
+        /* Make sure the last three bits are unset */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
+    }
+    else
+#endif /* ECP_MONTGOMERY */
+#if defined(ECP_SHORTWEIERSTRASS)
+    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
+    {
+        /* SEC1 3.2.1: Generate d such that 1 <= n < N */
+        int count = 0;
+        unsigned char rnd[MBEDTLS_ECP_MAX_BYTES];
+
+        /*
+         * Match the procedure given in RFC 6979 (deterministic ECDSA):
+         * - use the same byte ordering;
+         * - keep the leftmost nbits bits of the generated octet string;
+         * - try until result is in the desired range.
+         * This also avoids any biais, which is especially important for ECDSA.
+         */
+        do
+        {
+            MBEDTLS_MPI_CHK( f_rng( p_rng, rnd, n_size ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, rnd, n_size ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
+
+            /*
+             * Each try has at worst a probability 1/2 of failing (the msb has
+             * a probability 1/2 of being 0, and then the result will be < N),
+             * so after 30 tries failure probability is a most 2**(-30).
+             *
+             * For most curves, 1 try is enough with overwhelming probability,
+             * since N starts with a lot of 1s in binary, but some curves
+             * such as secp224k1 are actually very close to the worst case.
+             */
+            if( ++count > 30 )
+                return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+        }
+        while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
+               mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
+    }
+    else
+#endif /* ECP_SHORTWEIERSTRASS */
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+cleanup:
+    if( ret != 0 )
+        return( ret );
+
+    return( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
+}
+
+/*
+ * Generate key pair, wrapper for conventional base point
+ */
+int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp,
+                             mbedtls_mpi *d, mbedtls_ecp_point *Q,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng )
+{
+    return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
+}
+
+/*
+ * Generate a keypair, prettier wrapper
+ */
+int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
+        return( ret );
+
+    return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
+}
+
+/*
+ * Check a public-private key pair
+ */
+int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv )
+{
+    int ret;
+    mbedtls_ecp_point Q;
+    mbedtls_ecp_group grp;
+
+    if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
+        pub->grp.id != prv->grp.id ||
+        mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
+        mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
+        mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
+    {
+        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    }
+
+    mbedtls_ecp_point_init( &Q );
+    mbedtls_ecp_group_init( &grp );
+
+    /* mbedtls_ecp_mul() needs a non-const group... */
+    mbedtls_ecp_group_copy( &grp, &prv->grp );
+
+    /* Also checks d is valid */
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
+
+    if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
+        mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
+        mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
+    {
+        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+cleanup:
+    mbedtls_ecp_point_free( &Q );
+    mbedtls_ecp_group_free( &grp );
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+/*
+ * Checkup routine
+ */
+int mbedtls_ecp_self_test( int verbose )
+{
+    int ret;
+    size_t i;
+    mbedtls_ecp_group grp;
+    mbedtls_ecp_point R, P;
+    mbedtls_mpi m;
+    unsigned long add_c_prev, dbl_c_prev, mul_c_prev;
+    /* exponents especially adapted for secp192r1 */
+    const char *exponents[] =
+    {
+        "000000000000000000000000000000000000000000000001", /* one */
+        "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830", /* N - 1 */
+        "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */
+        "400000000000000000000000000000000000000000000000", /* one and zeros */
+        "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", /* all ones */
+        "555555555555555555555555555555555555555555555555", /* 101010... */
+    };
+
+    mbedtls_ecp_group_init( &grp );
+    mbedtls_ecp_point_init( &R );
+    mbedtls_ecp_point_init( &P );
+    mbedtls_mpi_init( &m );
+
+    /* Use secp192r1 if available, or any available curve */
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) );
+#else
+    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) );
+#endif
+
+    if( verbose != 0 )
+        mbedtls_printf( "  ECP test #1 (constant op_count, base point G): " );
+
+    /* Do a dummy multiplication first to trigger precomputation */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) );
+
+    add_count = 0;
+    dbl_count = 0;
+    mul_count = 0;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[0] ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) );
+
+    for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ )
+    {
+        add_c_prev = add_count;
+        dbl_c_prev = dbl_count;
+        mul_c_prev = mul_count;
+        add_count = 0;
+        dbl_count = 0;
+        mul_count = 0;
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[i] ) );
+        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) );
+
+        if( add_count != add_c_prev ||
+            dbl_count != dbl_c_prev ||
+            mul_count != mul_c_prev )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed (%u)\n", (unsigned int) i );
+
+            ret = 1;
+            goto cleanup;
+        }
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  ECP test #2 (constant op_count, other point): " );
+    /* We computed P = 2G last time, use it */
+
+    add_count = 0;
+    dbl_count = 0;
+    mul_count = 0;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[0] ) );
+    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &P, NULL, NULL ) );
+
+    for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ )
+    {
+        add_c_prev = add_count;
+        dbl_c_prev = dbl_count;
+        mul_c_prev = mul_count;
+        add_count = 0;
+        dbl_count = 0;
+        mul_count = 0;
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[i] ) );
+        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &P, NULL, NULL ) );
+
+        if( add_count != add_c_prev ||
+            dbl_count != dbl_c_prev ||
+            mul_count != mul_c_prev )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed (%u)\n", (unsigned int) i );
+
+            ret = 1;
+            goto cleanup;
+        }
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+cleanup:
+
+    if( ret < 0 && verbose != 0 )
+        mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
+
+    mbedtls_ecp_group_free( &grp );
+    mbedtls_ecp_point_free( &R );
+    mbedtls_ecp_point_free( &P );
+    mbedtls_mpi_free( &m );
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_ECP_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ecp_curves.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1325 @@
+/*
+ *  Elliptic curves over GF(p): curve-specific data and functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+
+#include "mbedtls/ecp.h"
+
+#include <string.h>
+
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
+/*
+ * Conversion macros for embedded constants:
+ * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2
+ */
+#if defined(MBEDTLS_HAVE_INT32)
+
+#define BYTES_TO_T_UINT_4( a, b, c, d )             \
+    ( (mbedtls_mpi_uint) a <<  0 ) |                          \
+    ( (mbedtls_mpi_uint) b <<  8 ) |                          \
+    ( (mbedtls_mpi_uint) c << 16 ) |                          \
+    ( (mbedtls_mpi_uint) d << 24 )
+
+#define BYTES_TO_T_UINT_2( a, b )                   \
+    BYTES_TO_T_UINT_4( a, b, 0, 0 )
+
+#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
+    BYTES_TO_T_UINT_4( a, b, c, d ),                \
+    BYTES_TO_T_UINT_4( e, f, g, h )
+
+#else /* 64-bits */
+
+#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
+    ( (mbedtls_mpi_uint) a <<  0 ) |                          \
+    ( (mbedtls_mpi_uint) b <<  8 ) |                          \
+    ( (mbedtls_mpi_uint) c << 16 ) |                          \
+    ( (mbedtls_mpi_uint) d << 24 ) |                          \
+    ( (mbedtls_mpi_uint) e << 32 ) |                          \
+    ( (mbedtls_mpi_uint) f << 40 ) |                          \
+    ( (mbedtls_mpi_uint) g << 48 ) |                          \
+    ( (mbedtls_mpi_uint) h << 56 )
+
+#define BYTES_TO_T_UINT_4( a, b, c, d )             \
+    BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
+
+#define BYTES_TO_T_UINT_2( a, b )                   \
+    BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
+
+#endif /* bits in mbedtls_mpi_uint */
+
+/*
+ * Note: the constants are in little-endian order
+ * to be directly usable in MPIs
+ */
+
+/*
+ * Domain parameters for secp192r1
+ */
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+static const mbedtls_mpi_uint secp192r1_p[] = {
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+static const mbedtls_mpi_uint secp192r1_b[] = {
+    BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
+    BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
+    BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
+};
+static const mbedtls_mpi_uint secp192r1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
+    BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
+    BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
+};
+static const mbedtls_mpi_uint secp192r1_gy[] = {
+    BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
+    BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
+    BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
+};
+static const mbedtls_mpi_uint secp192r1_n[] = {
+    BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
+    BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+/*
+ * Domain parameters for secp224r1
+ */
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+static const mbedtls_mpi_uint secp224r1_p[] = {
+    BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_b[] = {
+    BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
+    BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
+    BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
+    BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
+};
+static const mbedtls_mpi_uint secp224r1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
+    BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
+    BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
+    BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
+};
+static const mbedtls_mpi_uint secp224r1_gy[] = {
+    BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
+    BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
+    BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
+    BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
+};
+static const mbedtls_mpi_uint secp224r1_n[] = {
+    BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
+    BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+/*
+ * Domain parameters for secp256r1
+ */
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+static const mbedtls_mpi_uint secp256r1_p[] = {
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
+    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+static const mbedtls_mpi_uint secp256r1_b[] = {
+    BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
+    BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
+    BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
+    BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
+};
+static const mbedtls_mpi_uint secp256r1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
+    BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
+    BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
+    BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
+};
+static const mbedtls_mpi_uint secp256r1_gy[] = {
+    BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
+    BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
+    BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
+    BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
+};
+static const mbedtls_mpi_uint secp256r1_n[] = {
+    BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
+    BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+/*
+ * Domain parameters for secp384r1
+ */
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+static const mbedtls_mpi_uint secp384r1_p[] = {
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
+    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+static const mbedtls_mpi_uint secp384r1_b[] = {
+    BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
+    BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
+    BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
+    BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
+    BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
+    BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
+};
+static const mbedtls_mpi_uint secp384r1_gx[] = {
+    BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
+    BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
+    BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
+    BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
+    BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
+    BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
+};
+static const mbedtls_mpi_uint secp384r1_gy[] = {
+    BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
+    BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
+    BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
+    BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
+    BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
+    BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
+};
+static const mbedtls_mpi_uint secp384r1_n[] = {
+    BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
+    BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
+    BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+/*
+ * Domain parameters for secp521r1
+ */
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+static const mbedtls_mpi_uint secp521r1_p[] = {
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
+};
+static const mbedtls_mpi_uint secp521r1_b[] = {
+    BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
+    BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
+    BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
+    BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
+    BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
+    BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
+    BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
+    BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
+    BYTES_TO_T_UINT_2( 0x51, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
+    BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
+    BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
+    BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
+    BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
+    BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
+    BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
+    BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
+    BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_gy[] = {
+    BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
+    BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
+    BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
+    BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
+    BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
+    BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
+    BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
+    BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
+    BYTES_TO_T_UINT_2( 0x18, 0x01 ),
+};
+static const mbedtls_mpi_uint secp521r1_n[] = {
+    BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
+    BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
+    BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
+    BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
+    BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
+};
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+static const mbedtls_mpi_uint secp192k1_p[] = {
+    BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+static const mbedtls_mpi_uint secp192k1_a[] = {
+    BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp192k1_b[] = {
+    BYTES_TO_T_UINT_2( 0x03, 0x00 ),
+};
+static const mbedtls_mpi_uint secp192k1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
+    BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
+    BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
+};
+static const mbedtls_mpi_uint secp192k1_gy[] = {
+    BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
+    BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
+    BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
+};
+static const mbedtls_mpi_uint secp192k1_n[] = {
+    BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
+    BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+static const mbedtls_mpi_uint secp224k1_p[] = {
+    BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+static const mbedtls_mpi_uint secp224k1_a[] = {
+    BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_b[] = {
+    BYTES_TO_T_UINT_2( 0x05, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
+    BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
+    BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
+    BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
+};
+static const mbedtls_mpi_uint secp224k1_gy[] = {
+    BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
+    BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
+    BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
+    BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
+};
+static const mbedtls_mpi_uint secp224k1_n[] = {
+    BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
+    BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
+    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
+};
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+static const mbedtls_mpi_uint secp256k1_p[] = {
+    BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+static const mbedtls_mpi_uint secp256k1_a[] = {
+    BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp256k1_b[] = {
+    BYTES_TO_T_UINT_2( 0x07, 0x00 ),
+};
+static const mbedtls_mpi_uint secp256k1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
+    BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
+    BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
+    BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
+};
+static const mbedtls_mpi_uint secp256k1_gy[] = {
+    BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
+    BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
+    BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
+    BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
+};
+static const mbedtls_mpi_uint secp256k1_n[] = {
+    BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
+    BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
+    BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+};
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+/*
+ * Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
+ */
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
+    BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
+    BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
+    BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
+    BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
+    BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
+    BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
+    BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
+    BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
+    BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
+    BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
+    BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
+    BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
+    BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
+    BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
+    BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
+    BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
+    BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
+    BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
+    BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
+    BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
+    BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
+    BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
+    BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
+};
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+/*
+ * Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
+ */
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
+    BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
+    BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
+    BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
+    BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
+    BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
+    BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
+    BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
+    BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
+    BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
+    BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
+    BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
+    BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
+    BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
+    BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
+    BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
+    BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
+    BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
+    BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
+    BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
+    BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
+    BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
+    BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
+    BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
+    BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
+    BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
+    BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
+    BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
+    BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
+    BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
+    BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
+    BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
+    BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
+    BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
+    BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
+    BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
+};
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+/*
+ * Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
+ */
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
+    BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
+    BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
+    BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
+    BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
+    BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
+    BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
+    BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
+    BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
+    BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
+    BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
+    BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
+    BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
+    BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
+    BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
+    BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
+    BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
+    BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
+    BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
+    BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
+    BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
+    BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
+    BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
+    BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
+    BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
+    BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
+    BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
+    BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
+    BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
+    BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
+    BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
+    BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
+    BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
+    BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
+    BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
+    BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
+    BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
+    BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
+    BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
+    BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
+    BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
+    BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
+    BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
+    BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
+    BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
+    BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
+    BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
+    BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
+    BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
+};
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+/*
+ * Create an MPI from embedded constants
+ * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
+ */
+static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
+{
+    X->s = 1;
+    X->n = len / sizeof( mbedtls_mpi_uint );
+    X->p = (mbedtls_mpi_uint *) p;
+}
+
+/*
+ * Set an MPI to static value 1
+ */
+static inline void ecp_mpi_set1( mbedtls_mpi *X )
+{
+    static mbedtls_mpi_uint one[] = { 1 };
+    X->s = 1;
+    X->n = 1;
+    X->p = one;
+}
+
+/*
+ * Make group available from embedded constants
+ */
+static int ecp_group_load( mbedtls_ecp_group *grp,
+                           const mbedtls_mpi_uint *p,  size_t plen,
+                           const mbedtls_mpi_uint *a,  size_t alen,
+                           const mbedtls_mpi_uint *b,  size_t blen,
+                           const mbedtls_mpi_uint *gx, size_t gxlen,
+                           const mbedtls_mpi_uint *gy, size_t gylen,
+                           const mbedtls_mpi_uint *n,  size_t nlen)
+{
+    ecp_mpi_load( &grp->P, p, plen );
+    if( a != NULL )
+        ecp_mpi_load( &grp->A, a, alen );
+    ecp_mpi_load( &grp->B, b, blen );
+    ecp_mpi_load( &grp->N, n, nlen );
+
+    ecp_mpi_load( &grp->G.X, gx, gxlen );
+    ecp_mpi_load( &grp->G.Y, gy, gylen );
+    ecp_mpi_set1( &grp->G.Z );
+
+    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+    grp->nbits = mbedtls_mpi_bitlen( &grp->N );
+
+    grp->h = 1;
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+/* Forward declarations */
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+static int ecp_mod_p192( mbedtls_mpi * );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+static int ecp_mod_p224( mbedtls_mpi * );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+static int ecp_mod_p256( mbedtls_mpi * );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+static int ecp_mod_p384( mbedtls_mpi * );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+static int ecp_mod_p521( mbedtls_mpi * );
+#endif
+
+#define NIST_MODP( P )      grp->modp = ecp_mod_ ## P;
+#else
+#define NIST_MODP( P )
+#endif /* MBEDTLS_ECP_NIST_OPTIM */
+
+/* Additional forward declarations */
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+static int ecp_mod_p255( mbedtls_mpi * );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+static int ecp_mod_p192k1( mbedtls_mpi * );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+static int ecp_mod_p224k1( mbedtls_mpi * );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+static int ecp_mod_p256k1( mbedtls_mpi * );
+#endif
+
+#define LOAD_GROUP_A( G )   ecp_group_load( grp,            \
+                            G ## _p,  sizeof( G ## _p  ),   \
+                            G ## _a,  sizeof( G ## _a  ),   \
+                            G ## _b,  sizeof( G ## _b  ),   \
+                            G ## _gx, sizeof( G ## _gx ),   \
+                            G ## _gy, sizeof( G ## _gy ),   \
+                            G ## _n,  sizeof( G ## _n  ) )
+
+#define LOAD_GROUP( G )     ecp_group_load( grp,            \
+                            G ## _p,  sizeof( G ## _p  ),   \
+                            NULL,     0,                    \
+                            G ## _b,  sizeof( G ## _b  ),   \
+                            G ## _gx, sizeof( G ## _gx ),   \
+                            G ## _gy, sizeof( G ## _gy ),   \
+                            G ## _n,  sizeof( G ## _n  ) )
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+/*
+ * Specialized function for creating the Curve25519 group
+ */
+static int ecp_use_curve25519( mbedtls_ecp_group *grp )
+{
+    int ret;
+
+    /* Actually ( A + 2 ) / 4 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) );
+
+    /* P = 2^255 - 19 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
+    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+
+    /* Y intentionaly not set, since we use x/z coordinates.
+     * This is used as a marker to identify Montgomery curves! */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
+    mbedtls_mpi_free( &grp->G.Y );
+
+    /* Actually, the required msb for private keys */
+    grp->nbits = 254;
+
+cleanup:
+    if( ret != 0 )
+        mbedtls_ecp_group_free( grp );
+
+    return( ret );
+}
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+/*
+ * Set a group using well-known domain parameters
+ */
+int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
+{
+    mbedtls_ecp_group_free( grp );
+
+    grp->id = id;
+
+    switch( id )
+    {
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP192R1:
+            NIST_MODP( p192 );
+            return( LOAD_GROUP( secp192r1 ) );
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP224R1:
+            NIST_MODP( p224 );
+            return( LOAD_GROUP( secp224r1 ) );
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP256R1:
+            NIST_MODP( p256 );
+            return( LOAD_GROUP( secp256r1 ) );
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP384R1:
+            NIST_MODP( p384 );
+            return( LOAD_GROUP( secp384r1 ) );
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP521R1:
+            NIST_MODP( p521 );
+            return( LOAD_GROUP( secp521r1 ) );
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP192K1:
+            grp->modp = ecp_mod_p192k1;
+            return( LOAD_GROUP_A( secp192k1 ) );
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP224K1:
+            grp->modp = ecp_mod_p224k1;
+            return( LOAD_GROUP_A( secp224k1 ) );
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+        case MBEDTLS_ECP_DP_SECP256K1:
+            grp->modp = ecp_mod_p256k1;
+            return( LOAD_GROUP_A( secp256k1 ) );
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+        case MBEDTLS_ECP_DP_BP256R1:
+            return( LOAD_GROUP_A( brainpoolP256r1 ) );
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+        case MBEDTLS_ECP_DP_BP384R1:
+            return( LOAD_GROUP_A( brainpoolP384r1 ) );
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+        case MBEDTLS_ECP_DP_BP512R1:
+            return( LOAD_GROUP_A( brainpoolP512r1 ) );
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+        case MBEDTLS_ECP_DP_CURVE25519:
+            grp->modp = ecp_mod_p255;
+            return( ecp_use_curve25519( grp ) );
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+        default:
+            mbedtls_ecp_group_free( grp );
+            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+    }
+}
+
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+/*
+ * Fast reduction modulo the primes used by the NIST curves.
+ *
+ * These functions are critical for speed, but not needed for correct
+ * operations. So, we make the choice to heavily rely on the internals of our
+ * bignum library, which creates a tight coupling between these functions and
+ * our MPI implementation.  However, the coupling between the ECP module and
+ * MPI remains loose, since these functions can be deactivated at will.
+ */
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+/*
+ * Compared to the way things are presented in FIPS 186-3 D.2,
+ * we proceed in columns, from right (least significant chunk) to left,
+ * adding chunks to N in place, and keeping a carry for the next chunk.
+ * This avoids moving things around in memory, and uselessly adding zeros,
+ * compared to the more straightforward, line-oriented approach.
+ *
+ * For this prime we need to handle data in chunks of 64 bits.
+ * Since this is always a multiple of our basic mbedtls_mpi_uint, we can
+ * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it.
+ */
+
+/* Add 64-bit chunks (dst += src) and update carry */
+static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry )
+{
+    unsigned char i;
+    mbedtls_mpi_uint c = 0;
+    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
+    {
+        *dst += c;      c  = ( *dst < c );
+        *dst += *src;   c += ( *dst < *src );
+    }
+    *carry += c;
+}
+
+/* Add carry to a 64-bit chunk and update carry */
+static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
+{
+    unsigned char i;
+    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
+    {
+        *dst += *carry;
+        *carry  = ( *dst < *carry );
+    }
+}
+
+#define WIDTH       8 / sizeof( mbedtls_mpi_uint )
+#define A( i )      N->p + i * WIDTH
+#define ADD( i )    add64( p, A( i ), &c )
+#define NEXT        p += WIDTH; carry64( p, &c )
+#define LAST        p += WIDTH; *p = c; while( ++p < end ) *p = 0
+
+/*
+ * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
+ */
+static int ecp_mod_p192( mbedtls_mpi *N )
+{
+    int ret;
+    mbedtls_mpi_uint c = 0;
+    mbedtls_mpi_uint *p, *end;
+
+    /* Make sure we have enough blocks so that A(5) is legal */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) );
+
+    p = N->p;
+    end = p + N->n;
+
+    ADD( 3 ); ADD( 5 );             NEXT; // A0 += A3 + A5
+    ADD( 3 ); ADD( 4 ); ADD( 5 );   NEXT; // A1 += A3 + A4 + A5
+    ADD( 4 ); ADD( 5 );             LAST; // A2 += A4 + A5
+
+cleanup:
+    return( ret );
+}
+
+#undef WIDTH
+#undef A
+#undef ADD
+#undef NEXT
+#undef LAST
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+/*
+ * The reader is advised to first understand ecp_mod_p192() since the same
+ * general structure is used here, but with additional complications:
+ * (1) chunks of 32 bits, and (2) subtractions.
+ */
+
+/*
+ * For these primes, we need to handle data in chunks of 32 bits.
+ * This makes it more complicated if we use 64 bits limbs in MPI,
+ * which prevents us from using a uniform access method as for p192.
+ *
+ * So, we define a mini abstraction layer to access 32 bit chunks,
+ * load them in 'cur' for work, and store them back from 'cur' when done.
+ *
+ * While at it, also define the size of N in terms of 32-bit chunks.
+ */
+#define LOAD32      cur = A( i );
+
+#if defined(MBEDTLS_HAVE_INT32)  /* 32 bit */
+
+#define MAX32       N->n
+#define A( j )      N->p[j]
+#define STORE32     N->p[i] = cur;
+
+#else                               /* 64-bit */
+
+#define MAX32       N->n * 2
+#define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] )
+#define STORE32                                   \
+    if( i % 2 ) {                                 \
+        N->p[i/2] &= 0x00000000FFFFFFFF;          \
+        N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32;        \
+    } else {                                      \
+        N->p[i/2] &= 0xFFFFFFFF00000000;          \
+        N->p[i/2] |= (mbedtls_mpi_uint) cur;                \
+    }
+
+#endif /* sizeof( mbedtls_mpi_uint ) */
+
+/*
+ * Helpers for addition and subtraction of chunks, with signed carry.
+ */
+static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
+{
+    *dst += src;
+    *carry += ( *dst < src );
+}
+
+static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
+{
+    *carry -= ( *dst < src );
+    *dst -= src;
+}
+
+#define ADD( j )    add32( &cur, A( j ), &c );
+#define SUB( j )    sub32( &cur, A( j ), &c );
+
+/*
+ * Helpers for the main 'loop'
+ * (see fix_negative for the motivation of C)
+ */
+#define INIT( b )                                           \
+    int ret;                                                \
+    signed char c = 0, cc;                                  \
+    uint32_t cur;                                           \
+    size_t i = 0, bits = b;                                 \
+    mbedtls_mpi C;                                                  \
+    mbedtls_mpi_uint Cp[ b / 8 / sizeof( mbedtls_mpi_uint) + 1 ];               \
+                                                            \
+    C.s = 1;                                                \
+    C.n = b / 8 / sizeof( mbedtls_mpi_uint) + 1;                      \
+    C.p = Cp;                                               \
+    memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) );                \
+                                                            \
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, b * 2 / 8 / sizeof( mbedtls_mpi_uint ) ) ); \
+    LOAD32;
+
+#define NEXT                    \
+    STORE32; i++; LOAD32;       \
+    cc = c; c = 0;              \
+    if( cc < 0 )                \
+        sub32( &cur, -cc, &c ); \
+    else                        \
+        add32( &cur, cc, &c );  \
+
+#define LAST                                    \
+    STORE32; i++;                               \
+    cur = c > 0 ? c : 0; STORE32;               \
+    cur = 0; while( ++i < MAX32 ) { STORE32; }  \
+    if( c < 0 ) fix_negative( N, c, &C, bits );
+
+/*
+ * If the result is negative, we get it in the form
+ * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
+ */
+static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
+{
+    int ret;
+
+    /* C = - c * 2^(bits + 32) */
+#if !defined(MBEDTLS_HAVE_INT64)
+    ((void) bits);
+#else
+    if( bits == 224 )
+        C->p[ C->n - 1 ] = ((mbedtls_mpi_uint) -c) << 32;
+    else
+#endif
+        C->p[ C->n - 1 ] = (mbedtls_mpi_uint) -c;
+
+    /* N = - ( C - N ) */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, C, N ) );
+    N->s = -1;
+
+cleanup:
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
+ */
+static int ecp_mod_p224( mbedtls_mpi *N )
+{
+    INIT( 224 );
+
+    SUB(  7 ); SUB( 11 );               NEXT; // A0 += -A7 - A11
+    SUB(  8 ); SUB( 12 );               NEXT; // A1 += -A8 - A12
+    SUB(  9 ); SUB( 13 );               NEXT; // A2 += -A9 - A13
+    SUB( 10 ); ADD(  7 ); ADD( 11 );    NEXT; // A3 += -A10 + A7 + A11
+    SUB( 11 ); ADD(  8 ); ADD( 12 );    NEXT; // A4 += -A11 + A8 + A12
+    SUB( 12 ); ADD(  9 ); ADD( 13 );    NEXT; // A5 += -A12 + A9 + A13
+    SUB( 13 ); ADD( 10 );               LAST; // A6 += -A13 + A10
+
+cleanup:
+    return( ret );
+}
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
+ */
+static int ecp_mod_p256( mbedtls_mpi *N )
+{
+    INIT( 256 );
+
+    ADD(  8 ); ADD(  9 );
+    SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 );             NEXT; // A0
+
+    ADD(  9 ); ADD( 10 );
+    SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 );             NEXT; // A1
+
+    ADD( 10 ); ADD( 11 );
+    SUB( 13 ); SUB( 14 ); SUB( 15 );                        NEXT; // A2
+
+    ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
+    SUB( 15 ); SUB(  8 ); SUB(  9 );                        NEXT; // A3
+
+    ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
+    SUB(  9 ); SUB( 10 );                                   NEXT; // A4
+
+    ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
+    SUB( 10 ); SUB( 11 );                                   NEXT; // A5
+
+    ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
+    SUB(  8 ); SUB(  9 );                                   NEXT; // A6
+
+    ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
+    SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 );             LAST; // A7
+
+cleanup:
+    return( ret );
+}
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
+ */
+static int ecp_mod_p384( mbedtls_mpi *N )
+{
+    INIT( 384 );
+
+    ADD( 12 ); ADD( 21 ); ADD( 20 );
+    SUB( 23 );                                              NEXT; // A0
+
+    ADD( 13 ); ADD( 22 ); ADD( 23 );
+    SUB( 12 ); SUB( 20 );                                   NEXT; // A2
+
+    ADD( 14 ); ADD( 23 );
+    SUB( 13 ); SUB( 21 );                                   NEXT; // A2
+
+    ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
+    SUB( 14 ); SUB( 22 ); SUB( 23 );                        NEXT; // A3
+
+    ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
+    SUB( 15 ); SUB( 23 ); SUB( 23 );                        NEXT; // A4
+
+    ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
+    SUB( 16 );                                              NEXT; // A5
+
+    ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
+    SUB( 17 );                                              NEXT; // A6
+
+    ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
+    SUB( 18 );                                              NEXT; // A7
+
+    ADD( 20 ); ADD( 17 ); ADD( 16 );
+    SUB( 19 );                                              NEXT; // A8
+
+    ADD( 21 ); ADD( 18 ); ADD( 17 );
+    SUB( 20 );                                              NEXT; // A9
+
+    ADD( 22 ); ADD( 19 ); ADD( 18 );
+    SUB( 21 );                                              NEXT; // A10
+
+    ADD( 23 ); ADD( 20 ); ADD( 19 );
+    SUB( 22 );                                              LAST; // A11
+
+cleanup:
+    return( ret );
+}
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#undef A
+#undef LOAD32
+#undef STORE32
+#undef MAX32
+#undef INIT
+#undef NEXT
+#undef LAST
+
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED ||
+          MBEDTLS_ECP_DP_SECP256R1_ENABLED ||
+          MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+/*
+ * Here we have an actual Mersenne prime, so things are more straightforward.
+ * However, chunks are aligned on a 'weird' boundary (521 bits).
+ */
+
+/* Size of p521 in terms of mbedtls_mpi_uint */
+#define P521_WIDTH      ( 521 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
+
+/* Bits to keep in the most significant mbedtls_mpi_uint */
+#define P521_MASK       0x01FF
+
+/*
+ * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
+ * Write N as A1 + 2^521 A0, return A0 + A1
+ */
+static int ecp_mod_p521( mbedtls_mpi *N )
+{
+    int ret;
+    size_t i;
+    mbedtls_mpi M;
+    mbedtls_mpi_uint Mp[P521_WIDTH + 1];
+    /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits:
+     * we need to hold bits 513 to 1056, which is 34 limbs, that is
+     * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
+
+    if( N->n < P521_WIDTH )
+        return( 0 );
+
+    /* M = A1 */
+    M.s = 1;
+    M.n = N->n - ( P521_WIDTH - 1 );
+    if( M.n > P521_WIDTH + 1 )
+        M.n = P521_WIDTH + 1;
+    M.p = Mp;
+    memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
+
+    /* N = A0 */
+    N->p[P521_WIDTH - 1] &= P521_MASK;
+    for( i = P521_WIDTH; i < N->n; i++ )
+        N->p[i] = 0;
+
+    /* N = A0 + A1 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+
+cleanup:
+    return( ret );
+}
+
+#undef P521_WIDTH
+#undef P521_MASK
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#endif /* MBEDTLS_ECP_NIST_OPTIM */
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+
+/* Size of p255 in terms of mbedtls_mpi_uint */
+#define P255_WIDTH      ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
+
+/*
+ * Fast quasi-reduction modulo p255 = 2^255 - 19
+ * Write N as A0 + 2^255 A1, return A0 + 19 * A1
+ */
+static int ecp_mod_p255( mbedtls_mpi *N )
+{
+    int ret;
+    size_t i;
+    mbedtls_mpi M;
+    mbedtls_mpi_uint Mp[P255_WIDTH + 2];
+
+    if( N->n < P255_WIDTH )
+        return( 0 );
+
+    /* M = A1 */
+    M.s = 1;
+    M.n = N->n - ( P255_WIDTH - 1 );
+    if( M.n > P255_WIDTH + 1 )
+        M.n = P255_WIDTH + 1;
+    M.p = Mp;
+    memset( Mp, 0, sizeof Mp );
+    memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
+    M.n++; /* Make room for multiplication by 19 */
+
+    /* N = A0 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) );
+    for( i = P255_WIDTH; i < N->n; i++ )
+        N->p[i] = 0;
+
+    /* N = A0 + 19 * A1 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+
+cleanup:
+    return( ret );
+}
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+/*
+ * Fast quasi-reduction modulo P = 2^s - R,
+ * with R about 33 bits, used by the Koblitz curves.
+ *
+ * Write N as A0 + 2^224 A1, return A0 + R * A1.
+ * Actually do two passes, since R is big.
+ */
+#define P_KOBLITZ_MAX   ( 256 / 8 / sizeof( mbedtls_mpi_uint ) )  // Max limbs in P
+#define P_KOBLITZ_R     ( 8 / sizeof( mbedtls_mpi_uint ) )        // Limbs in R
+static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
+                                   size_t adjust, size_t shift, mbedtls_mpi_uint mask )
+{
+    int ret;
+    size_t i;
+    mbedtls_mpi M, R;
+    mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R];
+
+    if( N->n < p_limbs )
+        return( 0 );
+
+    /* Init R */
+    R.s = 1;
+    R.p = Rp;
+    R.n = P_KOBLITZ_R;
+
+    /* Common setup for M */
+    M.s = 1;
+    M.p = Mp;
+
+    /* M = A1 */
+    M.n = N->n - ( p_limbs - adjust );
+    if( M.n > p_limbs + adjust )
+        M.n = p_limbs + adjust;
+    memset( Mp, 0, sizeof Mp );
+    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
+    if( shift != 0 )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
+    M.n += R.n - adjust; /* Make room for multiplication by R */
+
+    /* N = A0 */
+    if( mask != 0 )
+        N->p[p_limbs - 1] &= mask;
+    for( i = p_limbs; i < N->n; i++ )
+        N->p[i] = 0;
+
+    /* N = A0 + R * A1 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+
+    /* Second pass */
+
+    /* M = A1 */
+    M.n = N->n - ( p_limbs - adjust );
+    if( M.n > p_limbs + adjust )
+        M.n = p_limbs + adjust;
+    memset( Mp, 0, sizeof Mp );
+    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
+    if( shift != 0 )
+        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
+    M.n += R.n - adjust; /* Make room for multiplication by R */
+
+    /* N = A0 */
+    if( mask != 0 )
+        N->p[p_limbs - 1] &= mask;
+    for( i = p_limbs; i < N->n; i++ )
+        N->p[i] = 0;
+
+    /* N = A0 + R * A1 */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
+
+cleanup:
+    return( ret );
+}
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
+          MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
+          MBEDTLS_ECP_DP_SECP256K1_ENABLED) */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p192k1 = 2^192 - R,
+ * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
+ */
+static int ecp_mod_p192k1( mbedtls_mpi *N )
+{
+    static mbedtls_mpi_uint Rp[] = {
+        BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
+
+    return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
+}
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p224k1 = 2^224 - R,
+ * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
+ */
+static int ecp_mod_p224k1( mbedtls_mpi *N )
+{
+    static mbedtls_mpi_uint Rp[] = {
+        BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
+
+#if defined(MBEDTLS_HAVE_INT64)
+    return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
+#else
+    return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
+#endif
+}
+
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+/*
+ * Fast quasi-reduction modulo p256k1 = 2^256 - R,
+ * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
+ */
+static int ecp_mod_p256k1( mbedtls_mpi *N )
+{
+    static mbedtls_mpi_uint Rp[] = {
+        BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
+    return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
+}
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#endif /* MBEDTLS_ECP_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/entropy.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,493 @@
+/*
+ *  Entropy accumulator implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C)
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#endif
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf     printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if defined(MBEDTLS_HAVEGE_C)
+#include "mbedtls/havege.h"
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+#define ENTROPY_MAX_LOOP    256     /**< Maximum amount to loop before error */
+
+void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
+{
+    memset( ctx, 0, sizeof(mbedtls_entropy_context) );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &ctx->mutex );
+#endif
+
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_starts( &ctx->accumulator, 0 );
+#else
+    mbedtls_sha256_starts( &ctx->accumulator, 0 );
+#endif
+#if defined(MBEDTLS_HAVEGE_C)
+    mbedtls_havege_init( &ctx->havege_data );
+#endif
+
+#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+    mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
+                                MBEDTLS_ENTROPY_MIN_PLATFORM,
+                                MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
+#if defined(MBEDTLS_TIMING_C)
+    mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
+                                MBEDTLS_ENTROPY_MIN_HARDCLOCK,
+                                MBEDTLS_ENTROPY_SOURCE_WEAK );
+#endif
+#if defined(MBEDTLS_HAVEGE_C)
+    mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
+                                MBEDTLS_ENTROPY_MIN_HAVEGE,
+                                MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+    mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
+                                MBEDTLS_ENTROPY_MIN_HARDWARE,
+                                MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
+#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
+}
+
+void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
+{
+#if defined(MBEDTLS_HAVEGE_C)
+    mbedtls_havege_free( &ctx->havege_data );
+#endif
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_free( &ctx->mutex );
+#endif
+    mbedtls_zeroize( ctx, sizeof( mbedtls_entropy_context ) );
+}
+
+int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
+                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
+                        size_t threshold, int strong )
+{
+    int index, ret = 0;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    index = ctx->source_count;
+    if( index >= MBEDTLS_ENTROPY_MAX_SOURCES )
+    {
+        ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
+        goto exit;
+    }
+
+    ctx->source[index].f_source  = f_source;
+    ctx->source[index].p_source  = p_source;
+    ctx->source[index].threshold = threshold;
+    ctx->source[index].strong    = strong;
+
+    ctx->source_count++;
+
+exit:
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+/*
+ * Entropy accumulator update
+ */
+static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id,
+                           const unsigned char *data, size_t len )
+{
+    unsigned char header[2];
+    unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
+    size_t use_len = len;
+    const unsigned char *p = data;
+
+    if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
+    {
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+        mbedtls_sha512( data, len, tmp, 0 );
+#else
+        mbedtls_sha256( data, len, tmp, 0 );
+#endif
+        p = tmp;
+        use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
+    }
+
+    header[0] = source_id;
+    header[1] = use_len & 0xFF;
+
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_update( &ctx->accumulator, header, 2 );
+    mbedtls_sha512_update( &ctx->accumulator, p, use_len );
+#else
+    mbedtls_sha256_update( &ctx->accumulator, header, 2 );
+    mbedtls_sha256_update( &ctx->accumulator, p, use_len );
+#endif
+
+    return( 0 );
+}
+
+int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
+                           const unsigned char *data, size_t len )
+{
+    int ret;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    ret = entropy_update( ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+/*
+ * Run through the different sources to add entropy to our accumulator
+ */
+static int entropy_gather_internal( mbedtls_entropy_context *ctx )
+{
+    int ret, i, have_one_strong = 0;
+    unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
+    size_t olen;
+
+    if( ctx->source_count == 0 )
+        return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED );
+
+    /*
+     * Run through our entropy sources
+     */
+    for( i = 0; i < ctx->source_count; i++ )
+    {
+        if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
+            have_one_strong = 1;
+
+        olen = 0;
+        if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
+                        buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
+        {
+            return( ret );
+        }
+
+        /*
+         * Add if we actually gathered something
+         */
+        if( olen > 0 )
+        {
+            entropy_update( ctx, (unsigned char) i, buf, olen );
+            ctx->source[i].size += olen;
+        }
+    }
+
+    if( have_one_strong == 0 )
+        return( MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE );
+
+    return( 0 );
+}
+
+/*
+ * Thread-safe wrapper for entropy_gather_internal()
+ */
+int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
+{
+    int ret;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    ret = entropy_gather_internal( ctx );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
+{
+    int ret, count = 0, i, done;
+    mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
+    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+    if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    /*
+     * Always gather extra entropy before a call
+     */
+    do
+    {
+        if( count++ > ENTROPY_MAX_LOOP )
+        {
+            ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+            goto exit;
+        }
+
+        if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
+            goto exit;
+
+        done = 1;
+        for( i = 0; i < ctx->source_count; i++ )
+            if( ctx->source[i].size < ctx->source[i].threshold )
+                done = 0;
+    }
+    while( ! done );
+
+    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
+
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_finish( &ctx->accumulator, buf );
+
+    /*
+     * Reset accumulator and counters and recycle existing entropy
+     */
+    memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) );
+    mbedtls_sha512_starts( &ctx->accumulator, 0 );
+    mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
+
+    /*
+     * Perform second SHA-512 on entropy
+     */
+    mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 );
+#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
+    mbedtls_sha256_finish( &ctx->accumulator, buf );
+
+    /*
+     * Reset accumulator and counters and recycle existing entropy
+     */
+    memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) );
+    mbedtls_sha256_starts( &ctx->accumulator, 0 );
+    mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
+
+    /*
+     * Perform second SHA-256 on entropy
+     */
+    mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 );
+#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
+
+    for( i = 0; i < ctx->source_count; i++ )
+        ctx->source[i].size = 0;
+
+    memcpy( output, buf, len );
+
+    ret = 0;
+
+exit:
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
+{
+    int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+    FILE *f;
+    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+    if( ( f = fopen( path, "wb" ) ) == NULL )
+        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+
+    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+        goto exit;
+
+    if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
+    {
+        ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+        goto exit;
+    }
+
+    ret = 0;
+
+exit:
+    fclose( f );
+    return( ret );
+}
+
+int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path )
+{
+    FILE *f;
+    size_t n;
+    unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
+
+    if( ( f = fopen( path, "rb" ) ) == NULL )
+        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+
+    fseek( f, 0, SEEK_END );
+    n = (size_t) ftell( f );
+    fseek( f, 0, SEEK_SET );
+
+    if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE )
+        n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
+
+    if( fread( buf, 1, n, f ) != n )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+    }
+
+    fclose( f );
+
+    mbedtls_entropy_update_manual( ctx, buf, n );
+
+    return( mbedtls_entropy_write_seed_file( ctx, path ) );
+}
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * Dummy source function
+ */
+static int entropy_dummy_source( void *data, unsigned char *output,
+                                 size_t len, size_t *olen )
+{
+    ((void) data);
+
+    memset( output, 0x2a, len );
+    *olen = len;
+
+    return( 0 );
+}
+
+/*
+ * The actual entropy quality is hard to test, but we can at least
+ * test that the functions don't cause errors and write the correct
+ * amount of data to buffers.
+ */
+int mbedtls_entropy_self_test( int verbose )
+{
+    int ret = 0;
+    mbedtls_entropy_context ctx;
+    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
+    unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
+    size_t i, j;
+
+    if( verbose != 0 )
+        mbedtls_printf( "  ENTROPY test: " );
+
+    mbedtls_entropy_init( &ctx );
+
+    /* First do a gather to make sure we have default sources */
+    if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
+        goto cleanup;
+
+    ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16,
+                                      MBEDTLS_ENTROPY_SOURCE_WEAK );
+    if( ret != 0 )
+        goto cleanup;
+
+    if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
+        goto cleanup;
+
+    /*
+     * To test that mbedtls_entropy_func writes correct number of bytes:
+     * - use the whole buffer and rely on ASan to detect overruns
+     * - collect entropy 8 times and OR the result in an accumulator:
+     *   any byte should then be 0 with probably 2^(-64), so requiring
+     *   each of the 32 or 64 bytes to be non-zero has a false failure rate
+     *   of at most 2^(-58) which is acceptable.
+     */
+    for( i = 0; i < 8; i++ )
+    {
+        if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
+            goto cleanup;
+
+        for( j = 0; j < sizeof( buf ); j++ )
+            acc[j] |= buf[j];
+    }
+
+    for( j = 0; j < sizeof( buf ); j++ )
+    {
+        if( acc[j] == 0 )
+        {
+            ret = 1;
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    mbedtls_entropy_free( &ctx );
+
+    if( verbose != 0 )
+    {
+        if( ret != 0 )
+            mbedtls_printf( "failed\n" );
+        else
+            mbedtls_printf( "passed\n" );
+
+        mbedtls_printf( "\n" );
+    }
+
+    return( ret != 0 );
+}
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_ENTROPY_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/entropy_hardware_poll.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,65 @@
+/*
+ *  Temporary "entropy" collector for Cortex-M4
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * WARNING: this is a temporary hack!
+ * 1. Currently does not provide strong entropy, should be replaced to use the
+ * on-board hardware RNG (see IOTSSL-303)
+ * 2. This should be in a separete yotta module which would be a target
+ * dependency of mbedtls (see IOTSSL-313)
+ */
+
+#if defined(TARGET_LIKE_CORTEX_M4)
+
+#include "MK64F12.h"
+#include "core_cm4.h"
+#include <string.h>
+
+unsigned long hardclock( void )
+{
+    static int dwt_started = 0;
+
+    if( dwt_started == 0 )
+    {
+        CoreDebug->DEMCR |= CoreDebug_DEMCR_TRCENA_Msk;
+        DWT->CTRL |= DWT_CTRL_CYCCNTENA_Msk;
+    }
+
+    return( DWT->CYCCNT );
+}
+
+int mbedtls_hardware_poll( void *data,
+                    unsigned char *output, size_t len, size_t *olen )
+{
+    unsigned long timer = hardclock();
+    ((void) data);
+    *olen = 0;
+
+    if( len < sizeof(unsigned long) )
+        return( 0 );
+
+    memcpy( output, &timer, sizeof(unsigned long) );
+    *olen = sizeof(unsigned long);
+
+    return( 0 );
+}
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/entropy_poll.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,216 @@
+/*
+ *  Platform-specific and custom entropy polling functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C)
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+
+#if defined(MBEDTLS_TIMING_C)
+#include <string.h>
+#include "mbedtls/timing.h"
+#endif
+#if defined(MBEDTLS_HAVEGE_C)
+#include "mbedtls/havege.h"
+#endif
+
+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+
+#if !defined(_WIN32_WINNT)
+#define _WIN32_WINNT 0x0400
+#endif
+#include <windows.h>
+#include <wincrypt.h>
+
+int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
+                           size_t *olen )
+{
+    HCRYPTPROV provider;
+    ((void) data);
+    *olen = 0;
+
+    if( CryptAcquireContext( &provider, NULL, NULL,
+                              PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
+    {
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    }
+
+    if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+
+    CryptReleaseContext( provider, 0 );
+    *olen = len;
+
+    return( 0 );
+}
+#else /* _WIN32 && !EFIX64 && !EFI32 */
+
+/*
+ * Test for Linux getrandom() support.
+ * Since there is no wrapper in the libc yet, use the generic syscall wrapper
+ * available in GNU libc and compatible libc's (eg uClibc).
+ */
+#if defined(__linux__) && defined(__GLIBC__)
+#include <unistd.h>
+#include <sys/syscall.h>
+#if defined(SYS_getrandom)
+#define HAVE_GETRANDOM
+
+static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
+{
+    /* MemSan cannot understand that the syscall writes to the buffer */
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+    memset( buf, 0, buflen );
+#endif
+#endif
+
+    return( syscall( SYS_getrandom, buf, buflen, flags ) );
+}
+
+#include <sys/utsname.h>
+/* Check if version is at least 3.17.0 */
+static int check_version_3_17_plus( void )
+{
+    int minor;
+    struct utsname un;
+    const char *ver;
+
+    /* Get version information */
+    uname(&un);
+    ver = un.release;
+
+    /* Check major version; assume a single digit */
+    if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' )
+        return( -1 );
+
+    if( ver[0] - '0' > 3 )
+        return( 0 );
+
+    /* Ok, so now we know major == 3, check minor.
+     * Assume 1 or 2 digits. */
+    if( ver[2] < '0' || ver[2] > '9' )
+        return( -1 );
+
+    minor = ver[2] - '0';
+
+    if( ver[3] >= '0' && ver[3] <= '9' )
+        minor = 10 * minor + ver[3] - '0';
+    else if( ver [3] != '.' )
+        return( -1 );
+
+    if( minor < 17 )
+        return( -1 );
+
+    return( 0 );
+}
+static int has_getrandom = -1;
+#endif /* SYS_getrandom */
+#endif /* __linux__ */
+
+#include <stdio.h>
+
+int mbedtls_platform_entropy_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen )
+{
+    FILE *file;
+    size_t read_len;
+    ((void) data);
+
+#if defined(HAVE_GETRANDOM)
+    if( has_getrandom == -1 )
+        has_getrandom = ( check_version_3_17_plus() == 0 );
+
+    if( has_getrandom )
+    {
+        int ret;
+
+        if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
+            return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+
+        *olen = ret;
+        return( 0 );
+    }
+#endif /* HAVE_GETRANDOM */
+
+    *olen = 0;
+
+    file = fopen( "/dev/urandom", "rb" );
+    if( file == NULL )
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+
+    read_len = fread( output, 1, len, file );
+    if( read_len != len )
+    {
+        fclose( file );
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    }
+
+    fclose( file );
+    *olen = len;
+
+    return( 0 );
+}
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
+
+#if defined(MBEDTLS_TIMING_C)
+int mbedtls_hardclock_poll( void *data,
+                    unsigned char *output, size_t len, size_t *olen )
+{
+    unsigned long timer = mbedtls_timing_hardclock();
+    ((void) data);
+    *olen = 0;
+
+    if( len < sizeof(unsigned long) )
+        return( 0 );
+
+    memcpy( output, &timer, sizeof(unsigned long) );
+    *olen = sizeof(unsigned long);
+
+    return( 0 );
+}
+#endif /* MBEDTLS_TIMING_C */
+
+#if defined(MBEDTLS_HAVEGE_C)
+int mbedtls_havege_poll( void *data,
+                 unsigned char *output, size_t len, size_t *olen )
+{
+    mbedtls_havege_state *hs = (mbedtls_havege_state *) data;
+    *olen = 0;
+
+    if( mbedtls_havege_random( hs, output, len ) != 0 )
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+
+    *olen = len;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_HAVEGE_C */
+
+#endif /* MBEDTLS_ENTROPY_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/error.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,698 @@
+/*
+ *  Error message information
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+#include "mbedtls/error.h"
+#include <string.h>
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#define mbedtls_snprintf snprintf
+#endif
+
+#if defined(MBEDTLS_ERROR_C)
+
+#include <stdio.h>
+
+#if defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
+#endif
+
+#if defined(MBEDTLS_BASE64_C)
+#include "mbedtls/base64.h"
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
+#if defined(MBEDTLS_BLOWFISH_C)
+#include "mbedtls/blowfish.h"
+#endif
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#include "mbedtls/camellia.h"
+#endif
+
+#if defined(MBEDTLS_CCM_C)
+#include "mbedtls/ccm.h"
+#endif
+
+#if defined(MBEDTLS_CIPHER_C)
+#include "mbedtls/cipher.h"
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/ctr_drbg.h"
+#endif
+
+#if defined(MBEDTLS_DES_C)
+#include "mbedtls/des.h"
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+#include "mbedtls/dhm.h"
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif
+
+#if defined(MBEDTLS_ENTROPY_C)
+#include "mbedtls/entropy.h"
+#endif
+
+#if defined(MBEDTLS_GCM_C)
+#include "mbedtls/gcm.h"
+#endif
+
+#if defined(MBEDTLS_HMAC_DRBG_C)
+#include "mbedtls/hmac_drbg.h"
+#endif
+
+#if defined(MBEDTLS_MD_C)
+#include "mbedtls/md.h"
+#endif
+
+#if defined(MBEDTLS_NET_C)
+#include "mbedtls/net.h"
+#endif
+
+#if defined(MBEDTLS_OID_C)
+#include "mbedtls/oid.h"
+#endif
+
+#if defined(MBEDTLS_PADLOCK_C)
+#include "mbedtls/padlock.h"
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
+#include "mbedtls/pem.h"
+#endif
+
+#if defined(MBEDTLS_PK_C)
+#include "mbedtls/pk.h"
+#endif
+
+#if defined(MBEDTLS_PKCS12_C)
+#include "mbedtls/pkcs12.h"
+#endif
+
+#if defined(MBEDTLS_PKCS5_C)
+#include "mbedtls/pkcs5.h"
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+#include "mbedtls/rsa.h"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C)
+#include "mbedtls/ssl.h"
+#endif
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+#include "mbedtls/x509.h"
+#endif
+
+#if defined(MBEDTLS_XTEA_C)
+#include "mbedtls/xtea.h"
+#endif
+
+
+void mbedtls_strerror( int ret, char *buf, size_t buflen )
+{
+    size_t len;
+    int use_ret;
+
+    if( buflen == 0 )
+        return;
+
+    memset( buf, 0x00, buflen );
+
+    if( ret < 0 )
+        ret = -ret;
+
+    if( ret & 0xFF80 )
+    {
+        use_ret = ret & 0xFF80;
+
+        // High level error codes
+        //
+        // BEGIN generated code
+#if defined(MBEDTLS_CIPHER_C)
+        if( use_ret == -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "CIPHER - The selected feature is not available" );
+        if( use_ret == -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "CIPHER - Failed to allocate memory" );
+        if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_PADDING) )
+            mbedtls_snprintf( buf, buflen, "CIPHER - Input data contains invalid padding and is rejected" );
+        if( use_ret == -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED) )
+            mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
+        if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) )
+            mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_DHM_C)
+        if( use_ret == -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED) )
+            mbedtls_snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" );
+        if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) )
+            mbedtls_snprintf( buf, buflen, "DHM - Making of the DHM parameters failed" );
+        if( use_ret == -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "DHM - Reading of the public values failed" );
+        if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "DHM - Making of the public value failed" );
+        if( use_ret == -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED) )
+            mbedtls_snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" );
+        if( use_ret == -(MBEDTLS_ERR_DHM_INVALID_FORMAT) )
+            mbedtls_snprintf( buf, buflen, "DHM - The ASN.1 data is not formatted correctly" );
+        if( use_ret == -(MBEDTLS_ERR_DHM_ALLOC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" );
+        if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) )
+            mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" );
+#endif /* MBEDTLS_DHM_C */
+
+#if defined(MBEDTLS_ECP_C)
+        if( use_ret == -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "ECP - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) )
+            mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
+        if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "ECP - Requested curve not available" );
+        if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) )
+            mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" );
+        if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" );
+        if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) )
+            mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
+        if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) )
+            mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" );
+        if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_MD_C)
+        if( use_ret == -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "MD - The selected feature is not available" );
+        if( use_ret == -(MBEDTLS_ERR_MD_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "MD - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_MD_ALLOC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "MD - Failed to allocate memory" );
+        if( use_ret == -(MBEDTLS_ERR_MD_FILE_IO_ERROR) )
+            mbedtls_snprintf( buf, buflen, "MD - Opening or reading of file failed" );
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
+        if( use_ret == -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
+            mbedtls_snprintf( buf, buflen, "PEM - No PEM header or footer found" );
+        if( use_ret == -(MBEDTLS_ERR_PEM_INVALID_DATA) )
+            mbedtls_snprintf( buf, buflen, "PEM - PEM string is not as expected" );
+        if( use_ret == -(MBEDTLS_ERR_PEM_ALLOC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "PEM - Failed to allocate memory" );
+        if( use_ret == -(MBEDTLS_ERR_PEM_INVALID_ENC_IV) )
+            mbedtls_snprintf( buf, buflen, "PEM - RSA IV is not in hex-format" );
+        if( use_ret == -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG) )
+            mbedtls_snprintf( buf, buflen, "PEM - Unsupported key encryption algorithm" );
+        if( use_ret == -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) )
+            mbedtls_snprintf( buf, buflen, "PEM - Private key password can't be empty" );
+        if( use_ret == -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
+        if( use_ret == -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
+        if( use_ret == -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "PEM - Bad input parameters to function" );
+#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
+
+#if defined(MBEDTLS_PK_C)
+        if( use_ret == -(MBEDTLS_ERR_PK_ALLOC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "PK - Memory allocation failed" );
+        if( use_ret == -(MBEDTLS_ERR_PK_TYPE_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
+        if( use_ret == -(MBEDTLS_ERR_PK_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "PK - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_PK_FILE_IO_ERROR) )
+            mbedtls_snprintf( buf, buflen, "PK - Read/write of file failed" );
+        if( use_ret == -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION) )
+            mbedtls_snprintf( buf, buflen, "PK - Unsupported key version" );
+        if( use_ret == -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT) )
+            mbedtls_snprintf( buf, buflen, "PK - Invalid key tag or value" );
+        if( use_ret == -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG) )
+            mbedtls_snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
+        if( use_ret == -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED) )
+            mbedtls_snprintf( buf, buflen, "PK - Private key password can't be empty" );
+        if( use_ret == -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" );
+        if( use_ret == -(MBEDTLS_ERR_PK_INVALID_PUBKEY) )
+            mbedtls_snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
+        if( use_ret == -(MBEDTLS_ERR_PK_INVALID_ALG) )
+            mbedtls_snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE) )
+            mbedtls_snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
+        if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
+        if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
+#endif /* MBEDTLS_PK_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+        if( use_ret == -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
+        if( use_ret == -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT) )
+            mbedtls_snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" );
+        if( use_ret == -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" );
+#endif /* MBEDTLS_PKCS12_C */
+
+#if defined(MBEDTLS_PKCS5_C)
+        if( use_ret == -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT) )
+            mbedtls_snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" );
+        if( use_ret == -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" );
+        if( use_ret == -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" );
+#endif /* MBEDTLS_PKCS5_C */
+
+#if defined(MBEDTLS_RSA_C)
+        if( use_ret == -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "RSA - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_RSA_INVALID_PADDING) )
+            mbedtls_snprintf( buf, buflen, "RSA - Input data contains invalid padding and is rejected" );
+        if( use_ret == -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED) )
+            mbedtls_snprintf( buf, buflen, "RSA - Something failed during generation of a key" );
+        if( use_ret == -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) )
+            mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the library's validity check" );
+        if( use_ret == -(MBEDTLS_ERR_RSA_PUBLIC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "RSA - The public key operation failed" );
+        if( use_ret == -(MBEDTLS_ERR_RSA_PRIVATE_FAILED) )
+            mbedtls_snprintf( buf, buflen, "RSA - The private key operation failed" );
+        if( use_ret == -(MBEDTLS_ERR_RSA_VERIFY_FAILED) )
+            mbedtls_snprintf( buf, buflen, "RSA - The PKCS#1 verification failed" );
+        if( use_ret == -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) )
+            mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
+        if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) )
+            mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_SSL_TLS_C)
+        if( use_ret == -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "SSL - The requested feature is not available" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "SSL - Bad input parameters to function" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_MAC) )
+            mbedtls_snprintf( buf, buflen, "SSL - Verification of the message MAC failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_RECORD) )
+            mbedtls_snprintf( buf, buflen, "SSL - An invalid SSL record was received" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_CONN_EOF) )
+            mbedtls_snprintf( buf, buflen, "SSL - The connection indicated an EOF" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER) )
+            mbedtls_snprintf( buf, buflen, "SSL - An unknown cipher was received" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN) )
+            mbedtls_snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_NO_RNG) )
+            mbedtls_snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE) )
+            mbedtls_snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE) )
+            mbedtls_snprintf( buf, buflen, "SSL - Our own certificate(s) is/are too large to send in an SSL message" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED) )
+            mbedtls_snprintf( buf, buflen, "SSL - The own certificate is not set, but needed by the server" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) )
+            mbedtls_snprintf( buf, buflen, "SSL - The own private key or pre-shared key is not set, but needed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED) )
+            mbedtls_snprintf( buf, buflen, "SSL - No CA Chain is set, but required to operate" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) )
+            mbedtls_snprintf( buf, buflen, "SSL - An unexpected message was received from our peer" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE) )
+        {
+            mbedtls_snprintf( buf, buflen, "SSL - A fatal alert message was received from our peer" );
+            return;
+        }
+        if( use_ret == -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED) )
+            mbedtls_snprintf( buf, buflen, "SSL - Verification of our peer failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) )
+            mbedtls_snprintf( buf, buflen, "SSL - The peer notified us that the connection is going to be closed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientHello handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerHello handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the Certificate handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the CertificateRequest handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerKeyExchange handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_ALLOC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "SSL - Memory allocation failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED) )
+            mbedtls_snprintf( buf, buflen, "SSL - Hardware acceleration function returned with error" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) )
+            mbedtls_snprintf( buf, buflen, "SSL - Hardware acceleration function skipped / left alone data" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION) )
+            mbedtls_snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET) )
+            mbedtls_snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) )
+            mbedtls_snprintf( buf, buflen, "SSL - Session ticket has expired" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) )
+            mbedtls_snprintf( buf, buflen, "SSL - Unknown identity received (eg, PSK identity)" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_INTERNAL_ERROR) )
+            mbedtls_snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING) )
+            mbedtls_snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) )
+            mbedtls_snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) )
+            mbedtls_snprintf( buf, buflen, "SSL - DTLS client must retry for hello verification" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) )
+            mbedtls_snprintf( buf, buflen, "SSL - A buffer is too small to receive or write a message" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) )
+            mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) )
+            mbedtls_snprintf( buf, buflen, "SSL - Connection requires a read call" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) )
+            mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) )
+            mbedtls_snprintf( buf, buflen, "SSL - The operation timed out" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT) )
+            mbedtls_snprintf( buf, buflen, "SSL - The client initiated a reconnect from the same port" );
+#endif /* MBEDTLS_SSL_TLS_C */
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+        if( use_ret == -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) )
+            mbedtls_snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
+        if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_OID) )
+            mbedtls_snprintf( buf, buflen, "X509 - Requested OID is unknown" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_FORMAT) )
+            mbedtls_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_VERSION) )
+            mbedtls_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_SERIAL) )
+            mbedtls_snprintf( buf, buflen, "X509 - The serial tag or value is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_ALG) )
+            mbedtls_snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_NAME) )
+            mbedtls_snprintf( buf, buflen, "X509 - The name tag or value is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_DATE) )
+            mbedtls_snprintf( buf, buflen, "X509 - The date tag or value is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_SIGNATURE) )
+            mbedtls_snprintf( buf, buflen, "X509 - The signature tag or value invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS) )
+            mbedtls_snprintf( buf, buflen, "X509 - The extension tag or value is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_VERSION) )
+            mbedtls_snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" );
+        if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG) )
+            mbedtls_snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" );
+        if( use_ret == -(MBEDTLS_ERR_X509_SIG_MISMATCH) )
+            mbedtls_snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" );
+        if( use_ret == -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) )
+            mbedtls_snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
+        if( use_ret == -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT) )
+            mbedtls_snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
+        if( use_ret == -(MBEDTLS_ERR_X509_BAD_INPUT_DATA) )
+            mbedtls_snprintf( buf, buflen, "X509 - Input invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_ALLOC_FAILED) )
+            mbedtls_snprintf( buf, buflen, "X509 - Allocation of memory failed" );
+        if( use_ret == -(MBEDTLS_ERR_X509_FILE_IO_ERROR) )
+            mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" );
+        if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) )
+            mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" );
+#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
+        // END generated code
+
+        if( strlen( buf ) == 0 )
+            mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
+    }
+
+    use_ret = ret & ~0xFF80;
+
+    if( use_ret == 0 )
+        return;
+
+    // If high level code is present, make a concatenation between both
+    // error strings.
+    //
+    len = strlen( buf );
+
+    if( len > 0 )
+    {
+        if( buflen - len < 5 )
+            return;
+
+        mbedtls_snprintf( buf + len, buflen - len, " : " );
+
+        buf += len + 3;
+        buflen -= len + 3;
+    }
+
+    // Low level error codes
+    //
+    // BEGIN generated code
+#if defined(MBEDTLS_AES_C)
+    if( use_ret == -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
+    if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" );
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+    if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) )
+        mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" );
+    if( use_ret == -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) )
+        mbedtls_snprintf( buf, buflen, "ASN1 - ASN1 tag was of an unexpected value" );
+    if( use_ret == -(MBEDTLS_ERR_ASN1_INVALID_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "ASN1 - Error when trying to determine the length or invalid length" );
+    if( use_ret == -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) )
+        mbedtls_snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" );
+    if( use_ret == -(MBEDTLS_ERR_ASN1_INVALID_DATA) )
+        mbedtls_snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" );
+    if( use_ret == -(MBEDTLS_ERR_ASN1_ALLOC_FAILED) )
+        mbedtls_snprintf( buf, buflen, "ASN1 - Memory allocation failed" );
+    if( use_ret == -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) )
+        mbedtls_snprintf( buf, buflen, "ASN1 - Buffer too small when writing ASN.1 data structure" );
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+#if defined(MBEDTLS_BASE64_C)
+    if( use_ret == -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) )
+        mbedtls_snprintf( buf, buflen, "BASE64 - Output buffer too small" );
+    if( use_ret == -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER) )
+        mbedtls_snprintf( buf, buflen, "BASE64 - Invalid character in input" );
+#endif /* MBEDTLS_BASE64_C */
+
+#if defined(MBEDTLS_BIGNUM_C)
+    if( use_ret == -(MBEDTLS_ERR_MPI_FILE_IO_ERROR) )
+        mbedtls_snprintf( buf, buflen, "BIGNUM - An error occurred while reading from or writing to a file" );
+    if( use_ret == -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "BIGNUM - Bad input parameters to function" );
+    if( use_ret == -(MBEDTLS_ERR_MPI_INVALID_CHARACTER) )
+        mbedtls_snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" );
+    if( use_ret == -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL) )
+        mbedtls_snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" );
+    if( use_ret == -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE) )
+        mbedtls_snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" );
+    if( use_ret == -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO) )
+        mbedtls_snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" );
+    if( use_ret == -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) )
+        mbedtls_snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" );
+    if( use_ret == -(MBEDTLS_ERR_MPI_ALLOC_FAILED) )
+        mbedtls_snprintf( buf, buflen, "BIGNUM - Memory allocation failed" );
+#endif /* MBEDTLS_BIGNUM_C */
+
+#if defined(MBEDTLS_BLOWFISH_C)
+    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
+    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
+#endif /* MBEDTLS_BLOWFISH_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+    if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
+    if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_CCM_C)
+    if( use_ret == -(MBEDTLS_ERR_CCM_BAD_INPUT) )
+        mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to function" );
+    if( use_ret == -(MBEDTLS_ERR_CCM_AUTH_FAILED) )
+        mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" );
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+    if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) )
+        mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" );
+    if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG) )
+        mbedtls_snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" );
+    if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG) )
+        mbedtls_snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" );
+    if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) )
+        mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" );
+#endif /* MBEDTLS_CTR_DRBG_C */
+
+#if defined(MBEDTLS_DES_C)
+    if( use_ret == -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "DES - The data input has an invalid length" );
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ENTROPY_C)
+    if( use_ret == -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED) )
+        mbedtls_snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" );
+    if( use_ret == -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES) )
+        mbedtls_snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
+    if( use_ret == -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED) )
+        mbedtls_snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
+    if( use_ret == -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE) )
+        mbedtls_snprintf( buf, buflen, "ENTROPY - No strong sources have been added to poll" );
+    if( use_ret == -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR) )
+        mbedtls_snprintf( buf, buflen, "ENTROPY - Read/write error in file" );
+#endif /* MBEDTLS_ENTROPY_C */
+
+#if defined(MBEDTLS_GCM_C)
+    if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) )
+        mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" );
+    if( use_ret == -(MBEDTLS_ERR_GCM_BAD_INPUT) )
+        mbedtls_snprintf( buf, buflen, "GCM - Bad input parameters to function" );
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_HMAC_DRBG_C)
+    if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG) )
+        mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Too many random requested in single call" );
+    if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG) )
+        mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Input too large (Entropy + additional)" );
+    if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR) )
+        mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Read/write error in file" );
+    if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED) )
+        mbedtls_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" );
+#endif /* MBEDTLS_HMAC_DRBG_C */
+
+#if defined(MBEDTLS_NET_C)
+    if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) )
+        mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" );
+    if( use_ret == -(MBEDTLS_ERR_NET_CONNECT_FAILED) )
+        mbedtls_snprintf( buf, buflen, "NET - The connection to the given server / port failed" );
+    if( use_ret == -(MBEDTLS_ERR_NET_BIND_FAILED) )
+        mbedtls_snprintf( buf, buflen, "NET - Binding of the socket failed" );
+    if( use_ret == -(MBEDTLS_ERR_NET_LISTEN_FAILED) )
+        mbedtls_snprintf( buf, buflen, "NET - Could not listen on the socket" );
+    if( use_ret == -(MBEDTLS_ERR_NET_ACCEPT_FAILED) )
+        mbedtls_snprintf( buf, buflen, "NET - Could not accept the incoming connection" );
+    if( use_ret == -(MBEDTLS_ERR_NET_RECV_FAILED) )
+        mbedtls_snprintf( buf, buflen, "NET - Reading information from the socket failed" );
+    if( use_ret == -(MBEDTLS_ERR_NET_SEND_FAILED) )
+        mbedtls_snprintf( buf, buflen, "NET - Sending information through the socket failed" );
+    if( use_ret == -(MBEDTLS_ERR_NET_CONN_RESET) )
+        mbedtls_snprintf( buf, buflen, "NET - Connection was reset by peer" );
+    if( use_ret == -(MBEDTLS_ERR_NET_UNKNOWN_HOST) )
+        mbedtls_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
+    if( use_ret == -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL) )
+        mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" );
+    if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) )
+        mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" );
+#endif /* MBEDTLS_NET_C */
+
+#if defined(MBEDTLS_OID_C)
+    if( use_ret == -(MBEDTLS_ERR_OID_NOT_FOUND) )
+        mbedtls_snprintf( buf, buflen, "OID - OID is not found" );
+    if( use_ret == -(MBEDTLS_ERR_OID_BUF_TOO_SMALL) )
+        mbedtls_snprintf( buf, buflen, "OID - output buffer is too small" );
+#endif /* MBEDTLS_OID_C */
+
+#if defined(MBEDTLS_PADLOCK_C)
+    if( use_ret == -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED) )
+        mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
+#endif /* MBEDTLS_PADLOCK_C */
+
+#if defined(MBEDTLS_THREADING_C)
+    if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) )
+        mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" );
+    if( use_ret == -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "THREADING - Bad input parameters to function" );
+    if( use_ret == -(MBEDTLS_ERR_THREADING_MUTEX_ERROR) )
+        mbedtls_snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" );
+#endif /* MBEDTLS_THREADING_C */
+
+#if defined(MBEDTLS_XTEA_C)
+    if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) )
+        mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
+#endif /* MBEDTLS_XTEA_C */
+    // END generated code
+
+    if( strlen( buf ) != 0 )
+        return;
+
+    mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
+}
+
+#else /* MBEDTLS_ERROR_C */
+
+#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+
+/*
+ * Provide an non-function in case MBEDTLS_ERROR_C is not defined
+ */
+void mbedtls_strerror( int ret, char *buf, size_t buflen )
+{
+    ((void) ret);
+
+    if( buflen > 0 )
+        buf[0] = '\0';
+}
+
+#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
+
+#endif /* MBEDTLS_ERROR_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/gcm.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,953 @@
+/*
+ *  NIST SP800-38D compliant GCM implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
+ *
+ * See also:
+ * [MGV] http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
+ *
+ * We use the algorithm described as Shoup's method with 4-bit tables in
+ * [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_GCM_C)
+
+#include "mbedtls/gcm.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_AESNI_C)
+#include "mbedtls/aesni.h"
+#endif
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+}
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * Initialize a context
+ */
+void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
+}
+
+/*
+ * Precompute small multiples of H, that is set
+ *      HH[i] || HL[i] = H times i,
+ * where i is seen as a field element as in [MGV], ie high-order bits
+ * correspond to low powers of P. The result is stored in the same way, that
+ * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
+ * corresponds to P^127.
+ */
+static int gcm_gen_table( mbedtls_gcm_context *ctx )
+{
+    int ret, i, j;
+    uint64_t hi, lo;
+    uint64_t vl, vh;
+    unsigned char h[16];
+    size_t olen = 0;
+
+    memset( h, 0, 16 );
+    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
+        return( ret );
+
+    /* pack h as two 64-bits ints, big-endian */
+    GET_UINT32_BE( hi, h,  0  );
+    GET_UINT32_BE( lo, h,  4  );
+    vh = (uint64_t) hi << 32 | lo;
+
+    GET_UINT32_BE( hi, h,  8  );
+    GET_UINT32_BE( lo, h,  12 );
+    vl = (uint64_t) hi << 32 | lo;
+
+    /* 8 = 1000 corresponds to 1 in GF(2^128) */
+    ctx->HL[8] = vl;
+    ctx->HH[8] = vh;
+
+#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+    /* With CLMUL support, we need only h, not the rest of the table */
+    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
+        return( 0 );
+#endif
+
+    /* 0 corresponds to 0 in GF(2^128) */
+    ctx->HH[0] = 0;
+    ctx->HL[0] = 0;
+
+    for( i = 4; i > 0; i >>= 1 )
+    {
+        uint32_t T = ( vl & 1 ) * 0xe1000000U;
+        vl  = ( vh << 63 ) | ( vl >> 1 );
+        vh  = ( vh >> 1 ) ^ ( (uint64_t) T << 32);
+
+        ctx->HL[i] = vl;
+        ctx->HH[i] = vh;
+    }
+
+    for( i = 2; i <= 8; i *= 2 )
+    {
+        uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
+        vh = *HiH;
+        vl = *HiL;
+        for( j = 1; j < i; j++ )
+        {
+            HiH[j] = vh ^ ctx->HH[j];
+            HiL[j] = vl ^ ctx->HL[j];
+        }
+    }
+
+    return( 0 );
+}
+
+int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
+                        mbedtls_cipher_id_t cipher,
+                        const unsigned char *key,
+                        unsigned int keybits )
+{
+    int ret;
+    const mbedtls_cipher_info_t *cipher_info;
+
+    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
+    if( cipher_info == NULL )
+        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+
+    if( cipher_info->block_size != 16 )
+        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+
+    mbedtls_cipher_free( &ctx->cipher_ctx );
+
+    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
+                               MBEDTLS_ENCRYPT ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    if( ( ret = gcm_gen_table( ctx ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+/*
+ * Shoup's method for multiplication use this table with
+ *      last4[x] = x times P^128
+ * where x and last4[x] are seen as elements of GF(2^128) as in [MGV]
+ */
+static const uint64_t last4[16] =
+{
+    0x0000, 0x1c20, 0x3840, 0x2460,
+    0x7080, 0x6ca0, 0x48c0, 0x54e0,
+    0xe100, 0xfd20, 0xd940, 0xc560,
+    0x9180, 0x8da0, 0xa9c0, 0xb5e0
+};
+
+/*
+ * Sets output to x times H using the precomputed tables.
+ * x and output are seen as elements of GF(2^128) as in [MGV].
+ */
+static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
+                      unsigned char output[16] )
+{
+    int i = 0;
+    unsigned char lo, hi, rem;
+    uint64_t zh, zl;
+
+#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
+        unsigned char h[16];
+
+        PUT_UINT32_BE( ctx->HH[8] >> 32, h,  0 );
+        PUT_UINT32_BE( ctx->HH[8],       h,  4 );
+        PUT_UINT32_BE( ctx->HL[8] >> 32, h,  8 );
+        PUT_UINT32_BE( ctx->HL[8],       h, 12 );
+
+        mbedtls_aesni_gcm_mult( output, x, h );
+        return;
+    }
+#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
+
+    lo = x[15] & 0xf;
+
+    zh = ctx->HH[lo];
+    zl = ctx->HL[lo];
+
+    for( i = 15; i >= 0; i-- )
+    {
+        lo = x[i] & 0xf;
+        hi = x[i] >> 4;
+
+        if( i != 15 )
+        {
+            rem = (unsigned char) zl & 0xf;
+            zl = ( zh << 60 ) | ( zl >> 4 );
+            zh = ( zh >> 4 );
+            zh ^= (uint64_t) last4[rem] << 48;
+            zh ^= ctx->HH[lo];
+            zl ^= ctx->HL[lo];
+
+        }
+
+        rem = (unsigned char) zl & 0xf;
+        zl = ( zh << 60 ) | ( zl >> 4 );
+        zh = ( zh >> 4 );
+        zh ^= (uint64_t) last4[rem] << 48;
+        zh ^= ctx->HH[hi];
+        zl ^= ctx->HL[hi];
+    }
+
+    PUT_UINT32_BE( zh >> 32, output, 0 );
+    PUT_UINT32_BE( zh, output, 4 );
+    PUT_UINT32_BE( zl >> 32, output, 8 );
+    PUT_UINT32_BE( zl, output, 12 );
+}
+
+int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
+                int mode,
+                const unsigned char *iv,
+                size_t iv_len,
+                const unsigned char *add,
+                size_t add_len )
+{
+    int ret;
+    unsigned char work_buf[16];
+    size_t i;
+    const unsigned char *p;
+    size_t use_len, olen = 0;
+
+    /* IV and AD are limited to 2^64 bits, so 2^61 bytes */
+    if( ( (uint64_t) iv_len  ) >> 61 != 0 ||
+        ( (uint64_t) add_len ) >> 61 != 0 )
+    {
+        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+    }
+
+    memset( ctx->y, 0x00, sizeof(ctx->y) );
+    memset( ctx->buf, 0x00, sizeof(ctx->buf) );
+
+    ctx->mode = mode;
+    ctx->len = 0;
+    ctx->add_len = 0;
+
+    if( iv_len == 12 )
+    {
+        memcpy( ctx->y, iv, iv_len );
+        ctx->y[15] = 1;
+    }
+    else
+    {
+        memset( work_buf, 0x00, 16 );
+        PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
+
+        p = iv;
+        while( iv_len > 0 )
+        {
+            use_len = ( iv_len < 16 ) ? iv_len : 16;
+
+            for( i = 0; i < use_len; i++ )
+                ctx->y[i] ^= p[i];
+
+            gcm_mult( ctx, ctx->y, ctx->y );
+
+            iv_len -= use_len;
+            p += use_len;
+        }
+
+        for( i = 0; i < 16; i++ )
+            ctx->y[i] ^= work_buf[i];
+
+        gcm_mult( ctx, ctx->y, ctx->y );
+    }
+
+    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr,
+                             &olen ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    ctx->add_len = add_len;
+    p = add;
+    while( add_len > 0 )
+    {
+        use_len = ( add_len < 16 ) ? add_len : 16;
+
+        for( i = 0; i < use_len; i++ )
+            ctx->buf[i] ^= p[i];
+
+        gcm_mult( ctx, ctx->buf, ctx->buf );
+
+        add_len -= use_len;
+        p += use_len;
+    }
+
+    return( 0 );
+}
+
+int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
+                size_t length,
+                const unsigned char *input,
+                unsigned char *output )
+{
+    int ret;
+    unsigned char ectr[16];
+    size_t i;
+    const unsigned char *p;
+    unsigned char *out_p = output;
+    size_t use_len, olen = 0;
+
+    if( output > input && (size_t) ( output - input ) < length )
+        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+
+    /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
+     * Also check for possible overflow */
+    if( ctx->len + length < ctx->len ||
+        (uint64_t) ctx->len + length > 0x03FFFFE0ull )
+    {
+        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+    }
+
+    ctx->len += length;
+
+    p = input;
+    while( length > 0 )
+    {
+        use_len = ( length < 16 ) ? length : 16;
+
+        for( i = 16; i > 12; i-- )
+            if( ++ctx->y[i - 1] != 0 )
+                break;
+
+        if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,
+                                   &olen ) ) != 0 )
+        {
+            return( ret );
+        }
+
+        for( i = 0; i < use_len; i++ )
+        {
+            if( ctx->mode == MBEDTLS_GCM_DECRYPT )
+                ctx->buf[i] ^= p[i];
+            out_p[i] = ectr[i] ^ p[i];
+            if( ctx->mode == MBEDTLS_GCM_ENCRYPT )
+                ctx->buf[i] ^= out_p[i];
+        }
+
+        gcm_mult( ctx, ctx->buf, ctx->buf );
+
+        length -= use_len;
+        p += use_len;
+        out_p += use_len;
+    }
+
+    return( 0 );
+}
+
+int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
+                unsigned char *tag,
+                size_t tag_len )
+{
+    unsigned char work_buf[16];
+    size_t i;
+    uint64_t orig_len = ctx->len * 8;
+    uint64_t orig_add_len = ctx->add_len * 8;
+
+    if( tag_len > 16 || tag_len < 4 )
+        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+
+    if( tag_len != 0 )
+        memcpy( tag, ctx->base_ectr, tag_len );
+
+    if( orig_len || orig_add_len )
+    {
+        memset( work_buf, 0x00, 16 );
+
+        PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0  );
+        PUT_UINT32_BE( ( orig_add_len       ), work_buf, 4  );
+        PUT_UINT32_BE( ( orig_len     >> 32 ), work_buf, 8  );
+        PUT_UINT32_BE( ( orig_len           ), work_buf, 12 );
+
+        for( i = 0; i < 16; i++ )
+            ctx->buf[i] ^= work_buf[i];
+
+        gcm_mult( ctx, ctx->buf, ctx->buf );
+
+        for( i = 0; i < tag_len; i++ )
+            tag[i] ^= ctx->buf[i];
+    }
+
+    return( 0 );
+}
+
+int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
+                       int mode,
+                       size_t length,
+                       const unsigned char *iv,
+                       size_t iv_len,
+                       const unsigned char *add,
+                       size_t add_len,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t tag_len,
+                       unsigned char *tag )
+{
+    int ret;
+
+    if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_gcm_update( ctx, length, input, output ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_gcm_finish( ctx, tag, tag_len ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
+                      size_t length,
+                      const unsigned char *iv,
+                      size_t iv_len,
+                      const unsigned char *add,
+                      size_t add_len,
+                      const unsigned char *tag,
+                      size_t tag_len,
+                      const unsigned char *input,
+                      unsigned char *output )
+{
+    int ret;
+    unsigned char check_tag[16];
+    size_t i;
+    int diff;
+
+    if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
+                                   iv, iv_len, add, add_len,
+                                   input, output, tag_len, check_tag ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    /* Check tag in "constant-time" */
+    for( diff = 0, i = 0; i < tag_len; i++ )
+        diff |= tag[i] ^ check_tag[i];
+
+    if( diff != 0 )
+    {
+        mbedtls_zeroize( output, length );
+        return( MBEDTLS_ERR_GCM_AUTH_FAILED );
+    }
+
+    return( 0 );
+}
+
+void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
+{
+    mbedtls_cipher_free( &ctx->cipher_ctx );
+    mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
+}
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+/*
+ * AES-GCM test vectors from:
+ *
+ * http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip
+ */
+#define MAX_TESTS   6
+
+static const int key_index[MAX_TESTS] =
+    { 0, 0, 1, 1, 1, 1 };
+
+static const unsigned char key[MAX_TESTS][32] =
+{
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
+};
+
+static const size_t iv_len[MAX_TESTS] =
+    { 12, 12, 12, 12, 8, 60 };
+
+static const int iv_index[MAX_TESTS] =
+    { 0, 0, 1, 1, 1, 2 };
+
+static const unsigned char iv[MAX_TESTS][64] =
+{
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00 },
+    { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+      0xde, 0xca, 0xf8, 0x88 },
+    { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
+      0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
+      0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
+      0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
+      0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
+      0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
+      0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
+      0xa6, 0x37, 0xb3, 0x9b },
+};
+
+static const size_t add_len[MAX_TESTS] =
+    { 0, 0, 0, 20, 20, 20 };
+
+static const int add_index[MAX_TESTS] =
+    { 0, 0, 0, 1, 1, 1 };
+
+static const unsigned char additional[MAX_TESTS][64] =
+{
+    { 0x00 },
+    { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+      0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+      0xab, 0xad, 0xda, 0xd2 },
+};
+
+static const size_t pt_len[MAX_TESTS] =
+    { 0, 16, 64, 60, 60, 60 };
+
+static const int pt_index[MAX_TESTS] =
+    { 0, 0, 1, 1, 1, 1 };
+
+static const unsigned char pt[MAX_TESTS][64] =
+{
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+      0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
+};
+
+static const unsigned char ct[MAX_TESTS * 3][64] =
+{
+    { 0x00 },
+    { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
+      0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
+    { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+      0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
+    { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+      0x3d, 0x58, 0xe0, 0x91 },
+    { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
+      0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
+      0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
+      0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
+      0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
+      0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
+      0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
+      0xc2, 0x3f, 0x45, 0x98 },
+    { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
+      0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
+      0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
+      0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
+      0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
+      0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
+      0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
+      0x4c, 0x34, 0xae, 0xe5 },
+    { 0x00 },
+    { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
+      0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
+    { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
+      0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
+      0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
+      0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
+      0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
+      0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
+      0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
+      0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
+    { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
+      0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
+      0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
+      0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
+      0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
+      0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
+      0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
+      0xcc, 0xda, 0x27, 0x10 },
+    { 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
+      0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
+      0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
+      0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
+      0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
+      0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
+      0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
+      0xa0, 0xf0, 0x62, 0xf7 },
+    { 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
+      0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
+      0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
+      0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
+      0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
+      0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
+      0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
+      0xe9, 0xb7, 0x37, 0x3b },
+    { 0x00 },
+    { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
+      0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 },
+    { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+      0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+      0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+      0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+      0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+      0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+      0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+      0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad },
+    { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+      0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+      0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+      0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+      0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+      0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+      0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+      0xbc, 0xc9, 0xf6, 0x62 },
+    { 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
+      0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
+      0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
+      0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
+      0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
+      0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
+      0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
+      0xf4, 0x7c, 0x9b, 0x1f },
+    { 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
+      0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
+      0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
+      0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
+      0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
+      0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
+      0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
+      0x44, 0xae, 0x7e, 0x3f },
+};
+
+static const unsigned char tag[MAX_TESTS * 3][16] =
+{
+    { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
+      0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
+    { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
+      0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
+    { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
+      0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
+    { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
+      0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
+    { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
+      0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb },
+    { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
+      0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 },
+    { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
+      0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
+    { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
+      0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
+    { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
+      0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
+    { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
+      0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
+    { 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
+      0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 },
+    { 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
+      0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 },
+    { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
+      0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
+    { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
+      0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
+    { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
+      0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
+    { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
+      0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
+    { 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
+      0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 },
+    { 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
+      0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
+};
+
+int mbedtls_gcm_self_test( int verbose )
+{
+    mbedtls_gcm_context ctx;
+    unsigned char buf[64];
+    unsigned char tag_buf[16];
+    int i, j, ret;
+    mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
+
+    mbedtls_gcm_init( &ctx );
+
+    for( j = 0; j < 3; j++ )
+    {
+        int key_len = 128 + 64 * j;
+
+        for( i = 0; i < MAX_TESTS; i++ )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
+                                 key_len, i, "enc" );
+
+            mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+
+            ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
+                                     pt_len[i],
+                                     iv[iv_index[i]], iv_len[i],
+                                     additional[add_index[i]], add_len[i],
+                                     pt[pt_index[i]], buf, 16, tag_buf );
+
+            if( ret != 0 ||
+                memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
+                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                return( 1 );
+            }
+
+            mbedtls_gcm_free( &ctx );
+
+            if( verbose != 0 )
+                mbedtls_printf( "passed\n" );
+
+            if( verbose != 0 )
+                mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
+                                 key_len, i, "dec" );
+
+            mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+
+            ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
+                                     pt_len[i],
+                                     iv[iv_index[i]], iv_len[i],
+                                     additional[add_index[i]], add_len[i],
+                                     ct[j * 6 + i], buf, 16, tag_buf );
+
+            if( ret != 0 ||
+                memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
+                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                return( 1 );
+            }
+
+            mbedtls_gcm_free( &ctx );
+
+            if( verbose != 0 )
+                mbedtls_printf( "passed\n" );
+
+            if( verbose != 0 )
+                mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
+                                 key_len, i, "enc" );
+
+            mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+
+            ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
+                              iv[iv_index[i]], iv_len[i],
+                              additional[add_index[i]], add_len[i] );
+            if( ret != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                return( 1 );
+            }
+
+            if( pt_len[i] > 32 )
+            {
+                size_t rest_len = pt_len[i] - 32;
+                ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf );
+                if( ret != 0 )
+                {
+                    if( verbose != 0 )
+                        mbedtls_printf( "failed\n" );
+
+                    return( 1 );
+                }
+
+                ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
+                                  buf + 32 );
+                if( ret != 0 )
+                {
+                    if( verbose != 0 )
+                        mbedtls_printf( "failed\n" );
+
+                    return( 1 );
+                }
+            }
+            else
+            {
+                ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
+                if( ret != 0 )
+                {
+                    if( verbose != 0 )
+                        mbedtls_printf( "failed\n" );
+
+                    return( 1 );
+                }
+            }
+
+            ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
+            if( ret != 0 ||
+                memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
+                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                return( 1 );
+            }
+
+            mbedtls_gcm_free( &ctx );
+
+            if( verbose != 0 )
+                mbedtls_printf( "passed\n" );
+
+            if( verbose != 0 )
+                mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
+                                 key_len, i, "dec" );
+
+            mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+
+            ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
+                              iv[iv_index[i]], iv_len[i],
+                              additional[add_index[i]], add_len[i] );
+            if( ret != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                return( 1 );
+            }
+
+            if( pt_len[i] > 32 )
+            {
+                size_t rest_len = pt_len[i] - 32;
+                ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf );
+                if( ret != 0 )
+                {
+                    if( verbose != 0 )
+                        mbedtls_printf( "failed\n" );
+
+                    return( 1 );
+                }
+
+                ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
+                                  buf + 32 );
+                if( ret != 0 )
+                {
+                    if( verbose != 0 )
+                        mbedtls_printf( "failed\n" );
+
+                    return( 1 );
+                }
+            }
+            else
+            {
+                ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf );
+                if( ret != 0 )
+                {
+                    if( verbose != 0 )
+                        mbedtls_printf( "failed\n" );
+
+                    return( 1 );
+                }
+            }
+
+            ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
+            if( ret != 0 ||
+                memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
+                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+            {
+                if( verbose != 0 )
+                    mbedtls_printf( "failed\n" );
+
+                return( 1 );
+            }
+
+            mbedtls_gcm_free( &ctx );
+
+            if( verbose != 0 )
+                mbedtls_printf( "passed\n" );
+
+        }
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+#endif /* MBEDTLS_GCM_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/havege.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,243 @@
+/**
+ *  \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The HAVEGE RNG was designed by Andre Seznec in 2002.
+ *
+ *  http://www.irisa.fr/caps/projects/hipsor/publi.php
+ *
+ *  Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_HAVEGE_C)
+
+#include "mbedtls/havege.h"
+#include "mbedtls/timing.h"
+
+#include <string.h>
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/* ------------------------------------------------------------------------
+ * On average, one iteration accesses two 8-word blocks in the havege WALK
+ * table, and generates 16 words in the RES array.
+ *
+ * The data read in the WALK table is updated and permuted after each use.
+ * The result of the hardware clock counter read is used  for this update.
+ *
+ * 25 conditional tests are present.  The conditional tests are grouped in
+ * two nested  groups of 12 conditional tests and 1 test that controls the
+ * permutation; on average, there should be 6 tests executed and 3 of them
+ * should be mispredicted.
+ * ------------------------------------------------------------------------
+ */
+
+#define SWAP(X,Y) { int *T = X; X = Y; Y = T; }
+
+#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
+#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
+
+#define TST1_LEAVE U1++; }
+#define TST2_LEAVE U2++; }
+
+#define ONE_ITERATION                                   \
+                                                        \
+    PTEST = PT1 >> 20;                                  \
+                                                        \
+    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
+    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
+    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
+                                                        \
+    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
+    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
+    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
+                                                        \
+    PTX = (PT1 >> 18) & 7;                              \
+    PT1 &= 0x1FFF;                                      \
+    PT2 &= 0x1FFF;                                      \
+    CLK = (int) mbedtls_timing_hardclock();                            \
+                                                        \
+    i = 0;                                              \
+    A = &WALK[PT1    ]; RES[i++] ^= *A;                 \
+    B = &WALK[PT2    ]; RES[i++] ^= *B;                 \
+    C = &WALK[PT1 ^ 1]; RES[i++] ^= *C;                 \
+    D = &WALK[PT2 ^ 4]; RES[i++] ^= *D;                 \
+                                                        \
+    IN = (*A >> (1)) ^ (*A << (31)) ^ CLK;              \
+    *A = (*B >> (2)) ^ (*B << (30)) ^ CLK;              \
+    *B = IN ^ U1;                                       \
+    *C = (*C >> (3)) ^ (*C << (29)) ^ CLK;              \
+    *D = (*D >> (4)) ^ (*D << (28)) ^ CLK;              \
+                                                        \
+    A = &WALK[PT1 ^ 2]; RES[i++] ^= *A;                 \
+    B = &WALK[PT2 ^ 2]; RES[i++] ^= *B;                 \
+    C = &WALK[PT1 ^ 3]; RES[i++] ^= *C;                 \
+    D = &WALK[PT2 ^ 6]; RES[i++] ^= *D;                 \
+                                                        \
+    if( PTEST & 1 ) SWAP( A, C );                       \
+                                                        \
+    IN = (*A >> (5)) ^ (*A << (27)) ^ CLK;              \
+    *A = (*B >> (6)) ^ (*B << (26)) ^ CLK;              \
+    *B = IN; CLK = (int) mbedtls_timing_hardclock();                   \
+    *C = (*C >> (7)) ^ (*C << (25)) ^ CLK;              \
+    *D = (*D >> (8)) ^ (*D << (24)) ^ CLK;              \
+                                                        \
+    A = &WALK[PT1 ^ 4];                                 \
+    B = &WALK[PT2 ^ 1];                                 \
+                                                        \
+    PTEST = PT2 >> 1;                                   \
+                                                        \
+    PT2 = (RES[(i - 8) ^ PTY] ^ WALK[PT2 ^ PTY ^ 7]);   \
+    PT2 = ((PT2 & 0x1FFF) & (~8)) ^ ((PT1 ^ 8) & 0x8);  \
+    PTY = (PT2 >> 10) & 7;                              \
+                                                        \
+    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
+    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
+    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
+                                                        \
+    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
+    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
+    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
+                                                        \
+    C = &WALK[PT1 ^ 5];                                 \
+    D = &WALK[PT2 ^ 5];                                 \
+                                                        \
+    RES[i++] ^= *A;                                     \
+    RES[i++] ^= *B;                                     \
+    RES[i++] ^= *C;                                     \
+    RES[i++] ^= *D;                                     \
+                                                        \
+    IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK;             \
+    *A = (*B >> (10)) ^ (*B << (22)) ^ CLK;             \
+    *B = IN ^ U2;                                       \
+    *C = (*C >> (11)) ^ (*C << (21)) ^ CLK;             \
+    *D = (*D >> (12)) ^ (*D << (20)) ^ CLK;             \
+                                                        \
+    A = &WALK[PT1 ^ 6]; RES[i++] ^= *A;                 \
+    B = &WALK[PT2 ^ 3]; RES[i++] ^= *B;                 \
+    C = &WALK[PT1 ^ 7]; RES[i++] ^= *C;                 \
+    D = &WALK[PT2 ^ 7]; RES[i++] ^= *D;                 \
+                                                        \
+    IN = (*A >> (13)) ^ (*A << (19)) ^ CLK;             \
+    *A = (*B >> (14)) ^ (*B << (18)) ^ CLK;             \
+    *B = IN;                                            \
+    *C = (*C >> (15)) ^ (*C << (17)) ^ CLK;             \
+    *D = (*D >> (16)) ^ (*D << (16)) ^ CLK;             \
+                                                        \
+    PT1 = ( RES[( i - 8 ) ^ PTX] ^                      \
+            WALK[PT1 ^ PTX ^ 7] ) & (~1);               \
+    PT1 ^= (PT2 ^ 0x10) & 0x10;                         \
+                                                        \
+    for( n++, i = 0; i < 16; i++ )                      \
+        hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
+
+/*
+ * Entropy gathering function
+ */
+static void havege_fill( mbedtls_havege_state *hs )
+{
+    int i, n = 0;
+    int  U1,  U2, *A, *B, *C, *D;
+    int PT1, PT2, *WALK, RES[16];
+    int PTX, PTY, CLK, PTEST, IN;
+
+    WALK = hs->WALK;
+    PT1  = hs->PT1;
+    PT2  = hs->PT2;
+
+    PTX  = U1 = 0;
+    PTY  = U2 = 0;
+
+    memset( RES, 0, sizeof( RES ) );
+
+    while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )
+    {
+        ONE_ITERATION
+        ONE_ITERATION
+        ONE_ITERATION
+        ONE_ITERATION
+    }
+
+    hs->PT1 = PT1;
+    hs->PT2 = PT2;
+
+    hs->offset[0] = 0;
+    hs->offset[1] = MBEDTLS_HAVEGE_COLLECT_SIZE / 2;
+}
+
+/*
+ * HAVEGE initialization
+ */
+void mbedtls_havege_init( mbedtls_havege_state *hs )
+{
+    memset( hs, 0, sizeof( mbedtls_havege_state ) );
+
+    havege_fill( hs );
+}
+
+void mbedtls_havege_free( mbedtls_havege_state *hs )
+{
+    if( hs == NULL )
+        return;
+
+    mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) );
+}
+
+/*
+ * HAVEGE rand function
+ */
+int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
+{
+    int val;
+    size_t use_len;
+    mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;
+    unsigned char *p = buf;
+
+    while( len > 0 )
+    {
+        use_len = len;
+        if( use_len > sizeof(int) )
+            use_len = sizeof(int);
+
+        if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE )
+            havege_fill( hs );
+
+        val  = hs->pool[hs->offset[0]++];
+        val ^= hs->pool[hs->offset[1]++];
+
+        memcpy( p, &val, use_len );
+
+        len -= use_len;
+        p += use_len;
+    }
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_HAVEGE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/hmac_drbg.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,529 @@
+/*
+ *  HMAC_DRBG implementation (NIST SP 800-90)
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ *  The NIST SP 800-90A DRBGs are described in the following publication.
+ *  http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
+ *  References below are based on rev. 1 (January 2012).
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_HMAC_DRBG_C)
+
+#include "mbedtls/hmac_drbg.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#endif
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_SELF_TEST */
+#endif /* MBEDTLS_PLATFORM_C */
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * HMAC_DRBG context initialization
+ */
+void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &ctx->mutex );
+#endif
+}
+
+/*
+ * HMAC_DRBG update, using optional additional data (10.1.2.2)
+ */
+void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+                       const unsigned char *additional, size_t add_len )
+{
+    size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
+    unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
+    unsigned char sep[1];
+    unsigned char K[MBEDTLS_MD_MAX_SIZE];
+
+    for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
+    {
+        /* Step 1 or 4 */
+        mbedtls_md_hmac_reset( &ctx->md_ctx );
+        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
+        mbedtls_md_hmac_update( &ctx->md_ctx, sep, 1 );
+        if( rounds == 2 )
+            mbedtls_md_hmac_update( &ctx->md_ctx, additional, add_len );
+        mbedtls_md_hmac_finish( &ctx->md_ctx, K );
+
+        /* Step 2 or 5 */
+        mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len );
+        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
+        mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
+    }
+}
+
+/*
+ * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
+ */
+int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
+                        const mbedtls_md_info_t * md_info,
+                        const unsigned char *data, size_t data_len )
+{
+    int ret;
+
+    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
+        return( ret );
+
+    /*
+     * Set initial working state.
+     * Use the V memory location, which is currently all 0, to initialize the
+     * MD context with an all-zero key. Then set V to its initial value.
+     */
+    mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, mbedtls_md_get_size( md_info ) );
+    memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
+
+    mbedtls_hmac_drbg_update( ctx, data, data_len );
+
+    return( 0 );
+}
+
+/*
+ * HMAC_DRBG reseeding: 10.1.2.4 (arabic) + 9.2 (Roman)
+ */
+int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
+                      const unsigned char *additional, size_t len )
+{
+    unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
+    size_t seedlen;
+
+    /* III. Check input length */
+    if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
+        ctx->entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
+    {
+        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+    }
+
+    memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
+
+    /* IV. Gather entropy_len bytes of entropy for the seed */
+    if( ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) != 0 )
+        return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
+
+    seedlen = ctx->entropy_len;
+
+    /* 1. Concatenate entropy and additional data if any */
+    if( additional != NULL && len != 0 )
+    {
+        memcpy( seed + seedlen, additional, len );
+        seedlen += len;
+    }
+
+    /* 2. Update state */
+    mbedtls_hmac_drbg_update( ctx, seed, seedlen );
+
+    /* 3. Reset reseed_counter */
+    ctx->reseed_counter = 1;
+
+    /* 4. Done */
+    return( 0 );
+}
+
+/*
+ * HMAC_DRBG initialisation (10.1.2.3 + 9.1)
+ */
+int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
+                    const mbedtls_md_info_t * md_info,
+                    int (*f_entropy)(void *, unsigned char *, size_t),
+                    void *p_entropy,
+                    const unsigned char *custom,
+                    size_t len )
+{
+    int ret;
+    size_t entropy_len, md_size;
+
+    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
+        return( ret );
+
+    md_size = mbedtls_md_get_size( md_info );
+
+    /*
+     * Set initial working state.
+     * Use the V memory location, which is currently all 0, to initialize the
+     * MD context with an all-zero key. Then set V to its initial value.
+     */
+    mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size );
+    memset( ctx->V, 0x01, md_size );
+
+    ctx->f_entropy = f_entropy;
+    ctx->p_entropy = p_entropy;
+
+    ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
+
+    /*
+     * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
+     * each hash function, then according to SP800-90A rev1 10.1 table 2,
+     * min_entropy_len (in bits) is security_strength.
+     *
+     * (This also matches the sizes used in the NIST test vectors.)
+     */
+    entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
+                  md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
+                                  32;  /* better (256+) -> 256 bits */
+
+    /*
+     * For initialisation, use more entropy to emulate a nonce
+     * (Again, matches test vectors.)
+     */
+    ctx->entropy_len = entropy_len * 3 / 2;
+
+    if( ( ret = mbedtls_hmac_drbg_reseed( ctx, custom, len ) ) != 0 )
+        return( ret );
+
+    ctx->entropy_len = entropy_len;
+
+    return( 0 );
+}
+
+/*
+ * Set prediction resistance
+ */
+void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
+                                          int resistance )
+{
+    ctx->prediction_resistance = resistance;
+}
+
+/*
+ * Set entropy length grabbed for reseeds
+ */
+void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
+{
+    ctx->entropy_len = len;
+}
+
+/*
+ * Set reseed interval
+ */
+void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int interval )
+{
+    ctx->reseed_interval = interval;
+}
+
+/*
+ * HMAC_DRBG random function with optional additional data:
+ * 10.1.2.5 (arabic) + 9.3 (Roman)
+ */
+int mbedtls_hmac_drbg_random_with_add( void *p_rng,
+                               unsigned char *output, size_t out_len,
+                               const unsigned char *additional, size_t add_len )
+{
+    int ret;
+    mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
+    size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
+    size_t left = out_len;
+    unsigned char *out = output;
+
+    /* II. Check request length */
+    if( out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST )
+        return( MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG );
+
+    /* III. Check input length */
+    if( add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT )
+        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+
+    /* 1. (aka VII and IX) Check reseed counter and PR */
+    if( ctx->f_entropy != NULL && /* For no-reseeding instances */
+        ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
+          ctx->reseed_counter > ctx->reseed_interval ) )
+    {
+        if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
+            return( ret );
+
+        add_len = 0; /* VII.4 */
+    }
+
+    /* 2. Use additional data if any */
+    if( additional != NULL && add_len != 0 )
+        mbedtls_hmac_drbg_update( ctx, additional, add_len );
+
+    /* 3, 4, 5. Generate bytes */
+    while( left != 0 )
+    {
+        size_t use_len = left > md_len ? md_len : left;
+
+        mbedtls_md_hmac_reset( &ctx->md_ctx );
+        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
+        mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
+
+        memcpy( out, ctx->V, use_len );
+        out += use_len;
+        left -= use_len;
+    }
+
+    /* 6. Update */
+    mbedtls_hmac_drbg_update( ctx, additional, add_len );
+
+    /* 7. Update reseed counter */
+    ctx->reseed_counter++;
+
+    /* 8. Done */
+    return( 0 );
+}
+
+/*
+ * HMAC_DRBG random function
+ */
+int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
+{
+    int ret;
+    mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+/*
+ * Free an HMAC_DRBG context
+ */
+void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_free( &ctx->mutex );
+#endif
+    mbedtls_md_free( &ctx->md_ctx );
+    mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
+}
+
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
+{
+    int ret;
+    FILE *f;
+    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
+
+    if( ( f = fopen( path, "wb" ) ) == NULL )
+        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
+
+    if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 )
+        goto exit;
+
+    if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) )
+    {
+        ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
+        goto exit;
+    }
+
+    ret = 0;
+
+exit:
+    fclose( f );
+    return( ret );
+}
+
+int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
+{
+    FILE *f;
+    size_t n;
+    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
+
+    if( ( f = fopen( path, "rb" ) ) == NULL )
+        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
+
+    fseek( f, 0, SEEK_END );
+    n = (size_t) ftell( f );
+    fseek( f, 0, SEEK_SET );
+
+    if( n > MBEDTLS_HMAC_DRBG_MAX_INPUT )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+    }
+
+    if( fread( buf, 1, n, f ) != n )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
+    }
+
+    fclose( f );
+
+    mbedtls_hmac_drbg_update( ctx, buf, n );
+
+    return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
+}
+#endif /* MBEDTLS_FS_IO */
+
+
+#if defined(MBEDTLS_SELF_TEST)
+
+#if !defined(MBEDTLS_SHA1_C)
+/* Dummy checkup routine */
+int mbedtls_hmac_drbg_self_test( int verbose )
+{
+    (void) verbose;
+    return( 0 );
+}
+#else
+
+#define OUTPUT_LEN  80
+
+/* From a NIST PR=true test vector */
+static const unsigned char entropy_pr[] = {
+    0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
+    0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
+    0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
+    0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
+    0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
+static const unsigned char result_pr[OUTPUT_LEN] = {
+    0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
+    0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
+    0x10, 0x10, 0x98, 0x12, 0x93, 0x25, 0xca, 0xb8, 0xfc, 0xcc, 0x2d, 0x54,
+    0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
+    0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
+    0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
+    0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
+
+/* From a NIST PR=false test vector */
+static const unsigned char entropy_nopr[] = {
+    0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
+    0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
+    0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
+    0xe9, 0x9d, 0xfe, 0xdf };
+static const unsigned char result_nopr[OUTPUT_LEN] = {
+    0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
+    0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
+    0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe, 0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a,
+    0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
+    0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
+    0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
+    0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
+
+/* "Entropy" from buffer */
+static size_t test_offset;
+static int hmac_drbg_self_test_entropy( void *data,
+                                        unsigned char *buf, size_t len )
+{
+    const unsigned char *p = data;
+    memcpy( buf, p + test_offset, len );
+    test_offset += len;
+    return( 0 );
+}
+
+#define CHK( c )    if( (c) != 0 )                          \
+                    {                                       \
+                        if( verbose != 0 )                  \
+                            mbedtls_printf( "failed\n" );  \
+                        return( 1 );                        \
+                    }
+
+/*
+ * Checkup routine for HMAC_DRBG with SHA-1
+ */
+int mbedtls_hmac_drbg_self_test( int verbose )
+{
+    mbedtls_hmac_drbg_context ctx;
+    unsigned char buf[OUTPUT_LEN];
+    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+
+    mbedtls_hmac_drbg_init( &ctx );
+
+    /*
+     * PR = True
+     */
+    if( verbose != 0 )
+        mbedtls_printf( "  HMAC_DRBG (PR = True) : " );
+
+    test_offset = 0;
+    CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
+                         hmac_drbg_self_test_entropy, (void *) entropy_pr,
+                         NULL, 0 ) );
+    mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
+    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
+    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
+    CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
+    mbedtls_hmac_drbg_free( &ctx );
+
+    mbedtls_hmac_drbg_free( &ctx );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    /*
+     * PR = False
+     */
+    if( verbose != 0 )
+        mbedtls_printf( "  HMAC_DRBG (PR = False) : " );
+
+    mbedtls_hmac_drbg_init( &ctx );
+
+    test_offset = 0;
+    CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
+                         hmac_drbg_self_test_entropy, (void *) entropy_nopr,
+                         NULL, 0 ) );
+    CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );
+    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
+    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
+    CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
+    mbedtls_hmac_drbg_free( &ctx );
+
+    mbedtls_hmac_drbg_free( &ctx );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_HMAC_DRBG_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/md.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,471 @@
+/**
+ * \file mbedtls_md.c
+ *
+ * \brief Generic message digest wrapper for mbed TLS
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_MD_C)
+
+#include "mbedtls/md.h"
+#include "mbedtls/md_internal.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#include <string.h>
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * Reminder: update profiles in x509_crt.c when adding a new hash!
+ */
+static const int supported_digests[] = {
+
+#if defined(MBEDTLS_SHA512_C)
+        MBEDTLS_MD_SHA512,
+        MBEDTLS_MD_SHA384,
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+        MBEDTLS_MD_SHA256,
+        MBEDTLS_MD_SHA224,
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+        MBEDTLS_MD_SHA1,
+#endif
+
+#if defined(MBEDTLS_RIPEMD160_C)
+        MBEDTLS_MD_RIPEMD160,
+#endif
+
+#if defined(MBEDTLS_MD5_C)
+        MBEDTLS_MD_MD5,
+#endif
+
+#if defined(MBEDTLS_MD4_C)
+        MBEDTLS_MD_MD4,
+#endif
+
+#if defined(MBEDTLS_MD2_C)
+        MBEDTLS_MD_MD2,
+#endif
+
+        MBEDTLS_MD_NONE
+};
+
+const int *mbedtls_md_list( void )
+{
+    return( supported_digests );
+}
+
+const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
+{
+    if( NULL == md_name )
+        return( NULL );
+
+    /* Get the appropriate digest information */
+#if defined(MBEDTLS_MD2_C)
+    if( !strcmp( "MD2", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 );
+#endif
+#if defined(MBEDTLS_MD4_C)
+    if( !strcmp( "MD4", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 );
+#endif
+#if defined(MBEDTLS_MD5_C)
+    if( !strcmp( "MD5", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 );
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+    if( !strcmp( "RIPEMD160", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_RIPEMD160 );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+    if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+    if( !strcmp( "SHA224", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
+    if( !strcmp( "SHA256", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+    if( !strcmp( "SHA384", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
+    if( !strcmp( "SHA512", md_name ) )
+        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
+#endif
+    return( NULL );
+}
+
+const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
+{
+    switch( md_type )
+    {
+#if defined(MBEDTLS_MD2_C)
+        case MBEDTLS_MD_MD2:
+            return( &mbedtls_md2_info );
+#endif
+#if defined(MBEDTLS_MD4_C)
+        case MBEDTLS_MD_MD4:
+            return( &mbedtls_md4_info );
+#endif
+#if defined(MBEDTLS_MD5_C)
+        case MBEDTLS_MD_MD5:
+            return( &mbedtls_md5_info );
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+        case MBEDTLS_MD_RIPEMD160:
+            return( &mbedtls_ripemd160_info );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+        case MBEDTLS_MD_SHA1:
+            return( &mbedtls_sha1_info );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+        case MBEDTLS_MD_SHA224:
+            return( &mbedtls_sha224_info );
+        case MBEDTLS_MD_SHA256:
+            return( &mbedtls_sha256_info );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+        case MBEDTLS_MD_SHA384:
+            return( &mbedtls_sha384_info );
+        case MBEDTLS_MD_SHA512:
+            return( &mbedtls_sha512_info );
+#endif
+        default:
+            return( NULL );
+    }
+}
+
+void mbedtls_md_init( mbedtls_md_context_t *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_md_context_t ) );
+}
+
+void mbedtls_md_free( mbedtls_md_context_t *ctx )
+{
+    if( ctx == NULL || ctx->md_info == NULL )
+        return;
+
+    if( ctx->md_ctx != NULL )
+        ctx->md_info->ctx_free_func( ctx->md_ctx );
+
+    if( ctx->hmac_ctx != NULL )
+    {
+        mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size );
+        mbedtls_free( ctx->hmac_ctx );
+    }
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
+}
+
+int mbedtls_md_clone( mbedtls_md_context_t *dst,
+                      const mbedtls_md_context_t *src )
+{
+    if( dst == NULL || dst->md_info == NULL ||
+        src == NULL || src->md_info == NULL ||
+        dst->md_info != src->md_info )
+    {
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+    }
+
+    dst->md_info->clone_func( dst->md_ctx, src->md_ctx );
+
+    return( 0 );
+}
+
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
+{
+    return mbedtls_md_setup( ctx, md_info, 1 );
+}
+#endif
+
+int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
+{
+    if( md_info == NULL || ctx == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
+        return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+
+    if( hmac != 0 )
+    {
+        ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size );
+        if( ctx->hmac_ctx == NULL )
+        {
+            md_info->ctx_free_func( ctx->md_ctx );
+            return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+        }
+    }
+
+    ctx->md_info = md_info;
+
+    return( 0 );
+}
+
+int mbedtls_md_starts( mbedtls_md_context_t *ctx )
+{
+    if( ctx == NULL || ctx->md_info == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    ctx->md_info->starts_func( ctx->md_ctx );
+
+    return( 0 );
+}
+
+int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
+{
+    if( ctx == NULL || ctx->md_info == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    ctx->md_info->update_func( ctx->md_ctx, input, ilen );
+
+    return( 0 );
+}
+
+int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
+{
+    if( ctx == NULL || ctx->md_info == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    ctx->md_info->finish_func( ctx->md_ctx, output );
+
+    return( 0 );
+}
+
+int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+            unsigned char *output )
+{
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    md_info->digest_func( input, ilen, output );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
+{
+    int ret;
+    FILE *f;
+    size_t n;
+    mbedtls_md_context_t ctx;
+    unsigned char buf[1024];
+
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    if( ( f = fopen( path, "rb" ) ) == NULL )
+        return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
+
+    mbedtls_md_init( &ctx );
+
+    if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
+        goto cleanup;
+
+    md_info->starts_func( ctx.md_ctx );
+
+    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
+        md_info->update_func( ctx.md_ctx, buf, n );
+
+    if( ferror( f ) != 0 )
+    {
+        ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
+        goto cleanup;
+    }
+
+    md_info->finish_func( ctx.md_ctx, output );
+
+cleanup:
+    fclose( f );
+    mbedtls_md_free( &ctx );
+
+    return( ret );
+}
+#endif /* MBEDTLS_FS_IO */
+
+int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
+{
+    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
+    unsigned char *ipad, *opad;
+    size_t i;
+
+    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    if( keylen > (size_t) ctx->md_info->block_size )
+    {
+        ctx->md_info->starts_func( ctx->md_ctx );
+        ctx->md_info->update_func( ctx->md_ctx, key, keylen );
+        ctx->md_info->finish_func( ctx->md_ctx, sum );
+
+        keylen = ctx->md_info->size;
+        key = sum;
+    }
+
+    ipad = (unsigned char *) ctx->hmac_ctx;
+    opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
+
+    memset( ipad, 0x36, ctx->md_info->block_size );
+    memset( opad, 0x5C, ctx->md_info->block_size );
+
+    for( i = 0; i < keylen; i++ )
+    {
+        ipad[i] = (unsigned char)( ipad[i] ^ key[i] );
+        opad[i] = (unsigned char)( opad[i] ^ key[i] );
+    }
+
+    mbedtls_zeroize( sum, sizeof( sum ) );
+
+    ctx->md_info->starts_func( ctx->md_ctx );
+    ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size );
+
+    return( 0 );
+}
+
+int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
+{
+    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    ctx->md_info->update_func( ctx->md_ctx, input, ilen );
+
+    return( 0 );
+}
+
+int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
+{
+    unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
+    unsigned char *opad;
+
+    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
+
+    ctx->md_info->finish_func( ctx->md_ctx, tmp );
+    ctx->md_info->starts_func( ctx->md_ctx );
+    ctx->md_info->update_func( ctx->md_ctx, opad, ctx->md_info->block_size );
+    ctx->md_info->update_func( ctx->md_ctx, tmp, ctx->md_info->size );
+    ctx->md_info->finish_func( ctx->md_ctx, output );
+
+    return( 0 );
+}
+
+int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
+{
+    unsigned char *ipad;
+
+    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    ipad = (unsigned char *) ctx->hmac_ctx;
+
+    ctx->md_info->starts_func( ctx->md_ctx );
+    ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size );
+
+    return( 0 );
+}
+
+int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output )
+{
+    mbedtls_md_context_t ctx;
+    int ret;
+
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    mbedtls_md_init( &ctx );
+
+    if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 )
+        return( ret );
+
+    mbedtls_md_hmac_starts( &ctx, key, keylen );
+    mbedtls_md_hmac_update( &ctx, input, ilen );
+    mbedtls_md_hmac_finish( &ctx, output );
+
+    mbedtls_md_free( &ctx );
+
+    return( 0 );
+}
+
+int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
+{
+    if( ctx == NULL || ctx->md_info == NULL )
+        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+
+    ctx->md_info->process_func( ctx->md_ctx, data );
+
+    return( 0 );
+}
+
+unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
+{
+    if( md_info == NULL )
+        return( 0 );
+
+    return md_info->size;
+}
+
+mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
+{
+    if( md_info == NULL )
+        return( MBEDTLS_MD_NONE );
+
+    return md_info->type;
+}
+
+const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
+{
+    if( md_info == NULL )
+        return( NULL );
+
+    return md_info->name;
+}
+
+#endif /* MBEDTLS_MD_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/md2.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,288 @@
+/*
+ *  RFC 1115/1319 compliant MD2 implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The MD2 algorithm was designed by Ron Rivest in 1989.
+ *
+ *  http://www.ietf.org/rfc/rfc1115.txt
+ *  http://www.ietf.org/rfc/rfc1319.txt
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_MD2_C)
+
+#include "mbedtls/md2.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_MD2_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+static const unsigned char PI_SUBST[256] =
+{
+    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
+    0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
+    0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
+    0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
+    0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
+    0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
+    0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
+    0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
+    0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
+    0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
+    0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
+    0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
+    0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
+    0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
+    0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
+    0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
+    0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
+    0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
+    0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
+    0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
+};
+
+void mbedtls_md2_init( mbedtls_md2_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_md2_context ) );
+}
+
+void mbedtls_md2_free( mbedtls_md2_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) );
+}
+
+void mbedtls_md2_clone( mbedtls_md2_context *dst,
+                        const mbedtls_md2_context *src )
+{
+    *dst = *src;
+}
+
+/*
+ * MD2 context setup
+ */
+void mbedtls_md2_starts( mbedtls_md2_context *ctx )
+{
+    memset( ctx->cksum, 0, 16 );
+    memset( ctx->state, 0, 46 );
+    memset( ctx->buffer, 0, 16 );
+    ctx->left = 0;
+}
+
+#if !defined(MBEDTLS_MD2_PROCESS_ALT)
+void mbedtls_md2_process( mbedtls_md2_context *ctx )
+{
+    int i, j;
+    unsigned char t = 0;
+
+    for( i = 0; i < 16; i++ )
+    {
+        ctx->state[i + 16] = ctx->buffer[i];
+        ctx->state[i + 32] =
+            (unsigned char)( ctx->buffer[i] ^ ctx->state[i]);
+    }
+
+    for( i = 0; i < 18; i++ )
+    {
+        for( j = 0; j < 48; j++ )
+        {
+            ctx->state[j] = (unsigned char)
+               ( ctx->state[j] ^ PI_SUBST[t] );
+            t  = ctx->state[j];
+        }
+
+        t = (unsigned char)( t + i );
+    }
+
+    t = ctx->cksum[15];
+
+    for( i = 0; i < 16; i++ )
+    {
+        ctx->cksum[i] = (unsigned char)
+           ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] );
+        t  = ctx->cksum[i];
+    }
+}
+#endif /* !MBEDTLS_MD2_PROCESS_ALT */
+
+/*
+ * MD2 process buffer
+ */
+void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen )
+{
+    size_t fill;
+
+    while( ilen > 0 )
+    {
+        if( ctx->left + ilen > 16 )
+            fill = 16 - ctx->left;
+        else
+            fill = ilen;
+
+        memcpy( ctx->buffer + ctx->left, input, fill );
+
+        ctx->left += fill;
+        input += fill;
+        ilen  -= fill;
+
+        if( ctx->left == 16 )
+        {
+            ctx->left = 0;
+            mbedtls_md2_process( ctx );
+        }
+    }
+}
+
+/*
+ * MD2 final digest
+ */
+void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] )
+{
+    size_t i;
+    unsigned char x;
+
+    x = (unsigned char)( 16 - ctx->left );
+
+    for( i = ctx->left; i < 16; i++ )
+        ctx->buffer[i] = x;
+
+    mbedtls_md2_process( ctx );
+
+    memcpy( ctx->buffer, ctx->cksum, 16 );
+    mbedtls_md2_process( ctx );
+
+    memcpy( output, ctx->state, 16 );
+}
+
+#endif /* !MBEDTLS_MD2_ALT */
+
+/*
+ * output = MD2( input buffer )
+ */
+void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
+{
+    mbedtls_md2_context ctx;
+
+    mbedtls_md2_init( &ctx );
+    mbedtls_md2_starts( &ctx );
+    mbedtls_md2_update( &ctx, input, ilen );
+    mbedtls_md2_finish( &ctx, output );
+    mbedtls_md2_free( &ctx );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+/*
+ * RFC 1319 test vectors
+ */
+static const char md2_test_str[7][81] =
+{
+    { "" },
+    { "a" },
+    { "abc" },
+    { "message digest" },
+    { "abcdefghijklmnopqrstuvwxyz" },
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
+    { "12345678901234567890123456789012345678901234567890123456789012" \
+      "345678901234567890" }
+};
+
+static const unsigned char md2_test_sum[7][16] =
+{
+    { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
+      0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 },
+    { 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72,
+      0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 },
+    { 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B,
+      0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB },
+    { 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B,
+      0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 },
+    { 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB,
+      0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B },
+    { 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39,
+      0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD },
+    { 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D,
+      0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_md2_self_test( int verbose )
+{
+    int i;
+    unsigned char md2sum[16];
+
+    for( i = 0; i < 7; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  MD2 test #%d: ", i + 1 );
+
+        mbedtls_md2( (unsigned char *) md2_test_str[i],
+             strlen( md2_test_str[i] ), md2sum );
+
+        if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_MD2_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/md4.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,384 @@
+/*
+ *  RFC 1186/1320 compliant MD4 implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The MD4 algorithm was designed by Ron Rivest in 1990.
+ *
+ *  http://www.ietf.org/rfc/rfc1186.txt
+ *  http://www.ietf.org/rfc/rfc1320.txt
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_MD4_C)
+
+#include "mbedtls/md4.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_MD4_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (little endian)
+ */
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ]       )             \
+        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
+}
+#endif
+
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
+}
+#endif
+
+void mbedtls_md4_init( mbedtls_md4_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_md4_context ) );
+}
+
+void mbedtls_md4_free( mbedtls_md4_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) );
+}
+
+void mbedtls_md4_clone( mbedtls_md4_context *dst,
+                        const mbedtls_md4_context *src )
+{
+    *dst = *src;
+}
+
+/*
+ * MD4 context setup
+ */
+void mbedtls_md4_starts( mbedtls_md4_context *ctx )
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xEFCDAB89;
+    ctx->state[2] = 0x98BADCFE;
+    ctx->state[3] = 0x10325476;
+}
+
+#if !defined(MBEDTLS_MD4_PROCESS_ALT)
+void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] )
+{
+    uint32_t X[16], A, B, C, D;
+
+    GET_UINT32_LE( X[ 0], data,  0 );
+    GET_UINT32_LE( X[ 1], data,  4 );
+    GET_UINT32_LE( X[ 2], data,  8 );
+    GET_UINT32_LE( X[ 3], data, 12 );
+    GET_UINT32_LE( X[ 4], data, 16 );
+    GET_UINT32_LE( X[ 5], data, 20 );
+    GET_UINT32_LE( X[ 6], data, 24 );
+    GET_UINT32_LE( X[ 7], data, 28 );
+    GET_UINT32_LE( X[ 8], data, 32 );
+    GET_UINT32_LE( X[ 9], data, 36 );
+    GET_UINT32_LE( X[10], data, 40 );
+    GET_UINT32_LE( X[11], data, 44 );
+    GET_UINT32_LE( X[12], data, 48 );
+    GET_UINT32_LE( X[13], data, 52 );
+    GET_UINT32_LE( X[14], data, 56 );
+    GET_UINT32_LE( X[15], data, 60 );
+
+#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+
+#define F(x, y, z) ((x & y) | ((~x) & z))
+#define P(a,b,c,d,x,s) { a += F(b,c,d) + x; a = S(a,s); }
+
+    P( A, B, C, D, X[ 0],  3 );
+    P( D, A, B, C, X[ 1],  7 );
+    P( C, D, A, B, X[ 2], 11 );
+    P( B, C, D, A, X[ 3], 19 );
+    P( A, B, C, D, X[ 4],  3 );
+    P( D, A, B, C, X[ 5],  7 );
+    P( C, D, A, B, X[ 6], 11 );
+    P( B, C, D, A, X[ 7], 19 );
+    P( A, B, C, D, X[ 8],  3 );
+    P( D, A, B, C, X[ 9],  7 );
+    P( C, D, A, B, X[10], 11 );
+    P( B, C, D, A, X[11], 19 );
+    P( A, B, C, D, X[12],  3 );
+    P( D, A, B, C, X[13],  7 );
+    P( C, D, A, B, X[14], 11 );
+    P( B, C, D, A, X[15], 19 );
+
+#undef P
+#undef F
+
+#define F(x,y,z) ((x & y) | (x & z) | (y & z))
+#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x5A827999; a = S(a,s); }
+
+    P( A, B, C, D, X[ 0],  3 );
+    P( D, A, B, C, X[ 4],  5 );
+    P( C, D, A, B, X[ 8],  9 );
+    P( B, C, D, A, X[12], 13 );
+    P( A, B, C, D, X[ 1],  3 );
+    P( D, A, B, C, X[ 5],  5 );
+    P( C, D, A, B, X[ 9],  9 );
+    P( B, C, D, A, X[13], 13 );
+    P( A, B, C, D, X[ 2],  3 );
+    P( D, A, B, C, X[ 6],  5 );
+    P( C, D, A, B, X[10],  9 );
+    P( B, C, D, A, X[14], 13 );
+    P( A, B, C, D, X[ 3],  3 );
+    P( D, A, B, C, X[ 7],  5 );
+    P( C, D, A, B, X[11],  9 );
+    P( B, C, D, A, X[15], 13 );
+
+#undef P
+#undef F
+
+#define F(x,y,z) (x ^ y ^ z)
+#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x6ED9EBA1; a = S(a,s); }
+
+    P( A, B, C, D, X[ 0],  3 );
+    P( D, A, B, C, X[ 8],  9 );
+    P( C, D, A, B, X[ 4], 11 );
+    P( B, C, D, A, X[12], 15 );
+    P( A, B, C, D, X[ 2],  3 );
+    P( D, A, B, C, X[10],  9 );
+    P( C, D, A, B, X[ 6], 11 );
+    P( B, C, D, A, X[14], 15 );
+    P( A, B, C, D, X[ 1],  3 );
+    P( D, A, B, C, X[ 9],  9 );
+    P( C, D, A, B, X[ 5], 11 );
+    P( B, C, D, A, X[13], 15 );
+    P( A, B, C, D, X[ 3],  3 );
+    P( D, A, B, C, X[11],  9 );
+    P( C, D, A, B, X[ 7], 11 );
+    P( B, C, D, A, X[15], 15 );
+
+#undef F
+#undef P
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+}
+#endif /* !MBEDTLS_MD4_PROCESS_ALT */
+
+/*
+ * MD4 process buffer
+ */
+void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen )
+{
+    size_t fill;
+    uint32_t left;
+
+    if( ilen == 0 )
+        return;
+
+    left = ctx->total[0] & 0x3F;
+    fill = 64 - left;
+
+    ctx->total[0] += (uint32_t) ilen;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if( ctx->total[0] < (uint32_t) ilen )
+        ctx->total[1]++;
+
+    if( left && ilen >= fill )
+    {
+        memcpy( (void *) (ctx->buffer + left),
+                (void *) input, fill );
+        mbedtls_md4_process( ctx, ctx->buffer );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+    }
+
+    while( ilen >= 64 )
+    {
+        mbedtls_md4_process( ctx, input );
+        input += 64;
+        ilen  -= 64;
+    }
+
+    if( ilen > 0 )
+    {
+        memcpy( (void *) (ctx->buffer + left),
+                (void *) input, ilen );
+    }
+}
+
+static const unsigned char md4_padding[64] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/*
+ * MD4 final digest
+ */
+void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] )
+{
+    uint32_t last, padn;
+    uint32_t high, low;
+    unsigned char msglen[8];
+
+    high = ( ctx->total[0] >> 29 )
+         | ( ctx->total[1] <<  3 );
+    low  = ( ctx->total[0] <<  3 );
+
+    PUT_UINT32_LE( low,  msglen, 0 );
+    PUT_UINT32_LE( high, msglen, 4 );
+
+    last = ctx->total[0] & 0x3F;
+    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+
+    mbedtls_md4_update( ctx, (unsigned char *) md4_padding, padn );
+    mbedtls_md4_update( ctx, msglen, 8 );
+
+    PUT_UINT32_LE( ctx->state[0], output,  0 );
+    PUT_UINT32_LE( ctx->state[1], output,  4 );
+    PUT_UINT32_LE( ctx->state[2], output,  8 );
+    PUT_UINT32_LE( ctx->state[3], output, 12 );
+}
+
+#endif /* !MBEDTLS_MD4_ALT */
+
+/*
+ * output = MD4( input buffer )
+ */
+void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
+{
+    mbedtls_md4_context ctx;
+
+    mbedtls_md4_init( &ctx );
+    mbedtls_md4_starts( &ctx );
+    mbedtls_md4_update( &ctx, input, ilen );
+    mbedtls_md4_finish( &ctx, output );
+    mbedtls_md4_free( &ctx );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+/*
+ * RFC 1320 test vectors
+ */
+static const char md4_test_str[7][81] =
+{
+    { "" },
+    { "a" },
+    { "abc" },
+    { "message digest" },
+    { "abcdefghijklmnopqrstuvwxyz" },
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
+    { "12345678901234567890123456789012345678901234567890123456789012" \
+      "345678901234567890" }
+};
+
+static const unsigned char md4_test_sum[7][16] =
+{
+    { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
+      0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 },
+    { 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46,
+      0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 },
+    { 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52,
+      0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D },
+    { 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8,
+      0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B },
+    { 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD,
+      0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 },
+    { 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35,
+      0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 },
+    { 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19,
+      0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_md4_self_test( int verbose )
+{
+    int i;
+    unsigned char md4sum[16];
+
+    for( i = 0; i < 7; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  MD4 test #%d: ", i + 1 );
+
+        mbedtls_md4( (unsigned char *) md4_test_str[i],
+             strlen( md4_test_str[i] ), md4sum );
+
+        if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_MD4_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/md5.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,404 @@
+/*
+ *  RFC 1321 compliant MD5 implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The MD5 algorithm was designed by Ron Rivest in 1991.
+ *
+ *  http://www.ietf.org/rfc/rfc1321.txt
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_MD5_C)
+
+#include "mbedtls/md5.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_MD5_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (little endian)
+ */
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ]       )             \
+        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
+}
+#endif
+
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
+}
+#endif
+
+void mbedtls_md5_init( mbedtls_md5_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_md5_context ) );
+}
+
+void mbedtls_md5_free( mbedtls_md5_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) );
+}
+
+void mbedtls_md5_clone( mbedtls_md5_context *dst,
+                        const mbedtls_md5_context *src )
+{
+    *dst = *src;
+}
+
+/*
+ * MD5 context setup
+ */
+void mbedtls_md5_starts( mbedtls_md5_context *ctx )
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xEFCDAB89;
+    ctx->state[2] = 0x98BADCFE;
+    ctx->state[3] = 0x10325476;
+}
+
+#if !defined(MBEDTLS_MD5_PROCESS_ALT)
+void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] )
+{
+    uint32_t X[16], A, B, C, D;
+
+    GET_UINT32_LE( X[ 0], data,  0 );
+    GET_UINT32_LE( X[ 1], data,  4 );
+    GET_UINT32_LE( X[ 2], data,  8 );
+    GET_UINT32_LE( X[ 3], data, 12 );
+    GET_UINT32_LE( X[ 4], data, 16 );
+    GET_UINT32_LE( X[ 5], data, 20 );
+    GET_UINT32_LE( X[ 6], data, 24 );
+    GET_UINT32_LE( X[ 7], data, 28 );
+    GET_UINT32_LE( X[ 8], data, 32 );
+    GET_UINT32_LE( X[ 9], data, 36 );
+    GET_UINT32_LE( X[10], data, 40 );
+    GET_UINT32_LE( X[11], data, 44 );
+    GET_UINT32_LE( X[12], data, 48 );
+    GET_UINT32_LE( X[13], data, 52 );
+    GET_UINT32_LE( X[14], data, 56 );
+    GET_UINT32_LE( X[15], data, 60 );
+
+#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
+
+#define P(a,b,c,d,k,s,t)                                \
+{                                                       \
+    a += F(b,c,d) + X[k] + t; a = S(a,s) + b;           \
+}
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+
+#define F(x,y,z) (z ^ (x & (y ^ z)))
+
+    P( A, B, C, D,  0,  7, 0xD76AA478 );
+    P( D, A, B, C,  1, 12, 0xE8C7B756 );
+    P( C, D, A, B,  2, 17, 0x242070DB );
+    P( B, C, D, A,  3, 22, 0xC1BDCEEE );
+    P( A, B, C, D,  4,  7, 0xF57C0FAF );
+    P( D, A, B, C,  5, 12, 0x4787C62A );
+    P( C, D, A, B,  6, 17, 0xA8304613 );
+    P( B, C, D, A,  7, 22, 0xFD469501 );
+    P( A, B, C, D,  8,  7, 0x698098D8 );
+    P( D, A, B, C,  9, 12, 0x8B44F7AF );
+    P( C, D, A, B, 10, 17, 0xFFFF5BB1 );
+    P( B, C, D, A, 11, 22, 0x895CD7BE );
+    P( A, B, C, D, 12,  7, 0x6B901122 );
+    P( D, A, B, C, 13, 12, 0xFD987193 );
+    P( C, D, A, B, 14, 17, 0xA679438E );
+    P( B, C, D, A, 15, 22, 0x49B40821 );
+
+#undef F
+
+#define F(x,y,z) (y ^ (z & (x ^ y)))
+
+    P( A, B, C, D,  1,  5, 0xF61E2562 );
+    P( D, A, B, C,  6,  9, 0xC040B340 );
+    P( C, D, A, B, 11, 14, 0x265E5A51 );
+    P( B, C, D, A,  0, 20, 0xE9B6C7AA );
+    P( A, B, C, D,  5,  5, 0xD62F105D );
+    P( D, A, B, C, 10,  9, 0x02441453 );
+    P( C, D, A, B, 15, 14, 0xD8A1E681 );
+    P( B, C, D, A,  4, 20, 0xE7D3FBC8 );
+    P( A, B, C, D,  9,  5, 0x21E1CDE6 );
+    P( D, A, B, C, 14,  9, 0xC33707D6 );
+    P( C, D, A, B,  3, 14, 0xF4D50D87 );
+    P( B, C, D, A,  8, 20, 0x455A14ED );
+    P( A, B, C, D, 13,  5, 0xA9E3E905 );
+    P( D, A, B, C,  2,  9, 0xFCEFA3F8 );
+    P( C, D, A, B,  7, 14, 0x676F02D9 );
+    P( B, C, D, A, 12, 20, 0x8D2A4C8A );
+
+#undef F
+
+#define F(x,y,z) (x ^ y ^ z)
+
+    P( A, B, C, D,  5,  4, 0xFFFA3942 );
+    P( D, A, B, C,  8, 11, 0x8771F681 );
+    P( C, D, A, B, 11, 16, 0x6D9D6122 );
+    P( B, C, D, A, 14, 23, 0xFDE5380C );
+    P( A, B, C, D,  1,  4, 0xA4BEEA44 );
+    P( D, A, B, C,  4, 11, 0x4BDECFA9 );
+    P( C, D, A, B,  7, 16, 0xF6BB4B60 );
+    P( B, C, D, A, 10, 23, 0xBEBFBC70 );
+    P( A, B, C, D, 13,  4, 0x289B7EC6 );
+    P( D, A, B, C,  0, 11, 0xEAA127FA );
+    P( C, D, A, B,  3, 16, 0xD4EF3085 );
+    P( B, C, D, A,  6, 23, 0x04881D05 );
+    P( A, B, C, D,  9,  4, 0xD9D4D039 );
+    P( D, A, B, C, 12, 11, 0xE6DB99E5 );
+    P( C, D, A, B, 15, 16, 0x1FA27CF8 );
+    P( B, C, D, A,  2, 23, 0xC4AC5665 );
+
+#undef F
+
+#define F(x,y,z) (y ^ (x | ~z))
+
+    P( A, B, C, D,  0,  6, 0xF4292244 );
+    P( D, A, B, C,  7, 10, 0x432AFF97 );
+    P( C, D, A, B, 14, 15, 0xAB9423A7 );
+    P( B, C, D, A,  5, 21, 0xFC93A039 );
+    P( A, B, C, D, 12,  6, 0x655B59C3 );
+    P( D, A, B, C,  3, 10, 0x8F0CCC92 );
+    P( C, D, A, B, 10, 15, 0xFFEFF47D );
+    P( B, C, D, A,  1, 21, 0x85845DD1 );
+    P( A, B, C, D,  8,  6, 0x6FA87E4F );
+    P( D, A, B, C, 15, 10, 0xFE2CE6E0 );
+    P( C, D, A, B,  6, 15, 0xA3014314 );
+    P( B, C, D, A, 13, 21, 0x4E0811A1 );
+    P( A, B, C, D,  4,  6, 0xF7537E82 );
+    P( D, A, B, C, 11, 10, 0xBD3AF235 );
+    P( C, D, A, B,  2, 15, 0x2AD7D2BB );
+    P( B, C, D, A,  9, 21, 0xEB86D391 );
+
+#undef F
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+}
+#endif /* !MBEDTLS_MD5_PROCESS_ALT */
+
+/*
+ * MD5 process buffer
+ */
+void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen )
+{
+    size_t fill;
+    uint32_t left;
+
+    if( ilen == 0 )
+        return;
+
+    left = ctx->total[0] & 0x3F;
+    fill = 64 - left;
+
+    ctx->total[0] += (uint32_t) ilen;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if( ctx->total[0] < (uint32_t) ilen )
+        ctx->total[1]++;
+
+    if( left && ilen >= fill )
+    {
+        memcpy( (void *) (ctx->buffer + left), input, fill );
+        mbedtls_md5_process( ctx, ctx->buffer );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+    }
+
+    while( ilen >= 64 )
+    {
+        mbedtls_md5_process( ctx, input );
+        input += 64;
+        ilen  -= 64;
+    }
+
+    if( ilen > 0 )
+    {
+        memcpy( (void *) (ctx->buffer + left), input, ilen );
+    }
+}
+
+static const unsigned char md5_padding[64] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/*
+ * MD5 final digest
+ */
+void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] )
+{
+    uint32_t last, padn;
+    uint32_t high, low;
+    unsigned char msglen[8];
+
+    high = ( ctx->total[0] >> 29 )
+         | ( ctx->total[1] <<  3 );
+    low  = ( ctx->total[0] <<  3 );
+
+    PUT_UINT32_LE( low,  msglen, 0 );
+    PUT_UINT32_LE( high, msglen, 4 );
+
+    last = ctx->total[0] & 0x3F;
+    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+
+    mbedtls_md5_update( ctx, md5_padding, padn );
+    mbedtls_md5_update( ctx, msglen, 8 );
+
+    PUT_UINT32_LE( ctx->state[0], output,  0 );
+    PUT_UINT32_LE( ctx->state[1], output,  4 );
+    PUT_UINT32_LE( ctx->state[2], output,  8 );
+    PUT_UINT32_LE( ctx->state[3], output, 12 );
+}
+
+#endif /* !MBEDTLS_MD5_ALT */
+
+/*
+ * output = MD5( input buffer )
+ */
+void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
+{
+    mbedtls_md5_context ctx;
+
+    mbedtls_md5_init( &ctx );
+    mbedtls_md5_starts( &ctx );
+    mbedtls_md5_update( &ctx, input, ilen );
+    mbedtls_md5_finish( &ctx, output );
+    mbedtls_md5_free( &ctx );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * RFC 1321 test vectors
+ */
+static const unsigned char md5_test_buf[7][81] =
+{
+    { "" },
+    { "a" },
+    { "abc" },
+    { "message digest" },
+    { "abcdefghijklmnopqrstuvwxyz" },
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
+    { "12345678901234567890123456789012345678901234567890123456789012" \
+      "345678901234567890" }
+};
+
+static const int md5_test_buflen[7] =
+{
+    0, 1, 3, 14, 26, 62, 80
+};
+
+static const unsigned char md5_test_sum[7][16] =
+{
+    { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04,
+      0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E },
+    { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8,
+      0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 },
+    { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0,
+      0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 },
+    { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D,
+      0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 },
+    { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00,
+      0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B },
+    { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5,
+      0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F },
+    { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55,
+      0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_md5_self_test( int verbose )
+{
+    int i;
+    unsigned char md5sum[16];
+
+    for( i = 0; i < 7; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  MD5 test #%d: ", i + 1 );
+
+        mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum );
+
+        if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_MD5_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/md_wrap.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,575 @@
+/**
+ * \file md_wrap.c
+ *
+ * \brief Generic message digest wrapper for mbed TLS
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_MD_C)
+
+#include "mbedtls/md_internal.h"
+
+#if defined(MBEDTLS_MD2_C)
+#include "mbedtls/md2.h"
+#endif
+
+#if defined(MBEDTLS_MD4_C)
+#include "mbedtls/md4.h"
+#endif
+
+#if defined(MBEDTLS_MD5_C)
+#include "mbedtls/md5.h"
+#endif
+
+#if defined(MBEDTLS_RIPEMD160_C)
+#include "mbedtls/ripemd160.h"
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+#include "mbedtls/sha1.h"
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#include "mbedtls/sha256.h"
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+#include "mbedtls/sha512.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#if defined(MBEDTLS_MD2_C)
+
+static void md2_starts_wrap( void *ctx )
+{
+    mbedtls_md2_starts( (mbedtls_md2_context *) ctx );
+}
+
+static void md2_update_wrap( void *ctx, const unsigned char *input,
+                             size_t ilen )
+{
+    mbedtls_md2_update( (mbedtls_md2_context *) ctx, input, ilen );
+}
+
+static void md2_finish_wrap( void *ctx, unsigned char *output )
+{
+    mbedtls_md2_finish( (mbedtls_md2_context *) ctx, output );
+}
+
+static void *md2_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) );
+
+    if( ctx != NULL )
+        mbedtls_md2_init( (mbedtls_md2_context *) ctx );
+
+    return( ctx );
+}
+
+static void md2_ctx_free( void *ctx )
+{
+    mbedtls_md2_free( (mbedtls_md2_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void md2_clone_wrap( void *dst, const void *src )
+{
+    mbedtls_md2_clone( (mbedtls_md2_context *) dst,
+                 (const mbedtls_md2_context *) src );
+}
+
+static void md2_process_wrap( void *ctx, const unsigned char *data )
+{
+    ((void) data);
+
+    mbedtls_md2_process( (mbedtls_md2_context *) ctx );
+}
+
+const mbedtls_md_info_t mbedtls_md2_info = {
+    MBEDTLS_MD_MD2,
+    "MD2",
+    16,
+    16,
+    md2_starts_wrap,
+    md2_update_wrap,
+    md2_finish_wrap,
+    mbedtls_md2,
+    md2_ctx_alloc,
+    md2_ctx_free,
+    md2_clone_wrap,
+    md2_process_wrap,
+};
+
+#endif /* MBEDTLS_MD2_C */
+
+#if defined(MBEDTLS_MD4_C)
+
+static void md4_starts_wrap( void *ctx )
+{
+    mbedtls_md4_starts( (mbedtls_md4_context *) ctx );
+}
+
+static void md4_update_wrap( void *ctx, const unsigned char *input,
+                             size_t ilen )
+{
+    mbedtls_md4_update( (mbedtls_md4_context *) ctx, input, ilen );
+}
+
+static void md4_finish_wrap( void *ctx, unsigned char *output )
+{
+    mbedtls_md4_finish( (mbedtls_md4_context *) ctx, output );
+}
+
+static void *md4_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) );
+
+    if( ctx != NULL )
+        mbedtls_md4_init( (mbedtls_md4_context *) ctx );
+
+    return( ctx );
+}
+
+static void md4_ctx_free( void *ctx )
+{
+    mbedtls_md4_free( (mbedtls_md4_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void md4_clone_wrap( void *dst, const void *src )
+{
+    mbedtls_md4_clone( (mbedtls_md4_context *) dst,
+                 (const mbedtls_md4_context *) src );
+}
+
+static void md4_process_wrap( void *ctx, const unsigned char *data )
+{
+    mbedtls_md4_process( (mbedtls_md4_context *) ctx, data );
+}
+
+const mbedtls_md_info_t mbedtls_md4_info = {
+    MBEDTLS_MD_MD4,
+    "MD4",
+    16,
+    64,
+    md4_starts_wrap,
+    md4_update_wrap,
+    md4_finish_wrap,
+    mbedtls_md4,
+    md4_ctx_alloc,
+    md4_ctx_free,
+    md4_clone_wrap,
+    md4_process_wrap,
+};
+
+#endif /* MBEDTLS_MD4_C */
+
+#if defined(MBEDTLS_MD5_C)
+
+static void md5_starts_wrap( void *ctx )
+{
+    mbedtls_md5_starts( (mbedtls_md5_context *) ctx );
+}
+
+static void md5_update_wrap( void *ctx, const unsigned char *input,
+                             size_t ilen )
+{
+    mbedtls_md5_update( (mbedtls_md5_context *) ctx, input, ilen );
+}
+
+static void md5_finish_wrap( void *ctx, unsigned char *output )
+{
+    mbedtls_md5_finish( (mbedtls_md5_context *) ctx, output );
+}
+
+static void *md5_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) );
+
+    if( ctx != NULL )
+        mbedtls_md5_init( (mbedtls_md5_context *) ctx );
+
+    return( ctx );
+}
+
+static void md5_ctx_free( void *ctx )
+{
+    mbedtls_md5_free( (mbedtls_md5_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void md5_clone_wrap( void *dst, const void *src )
+{
+    mbedtls_md5_clone( (mbedtls_md5_context *) dst,
+                 (const mbedtls_md5_context *) src );
+}
+
+static void md5_process_wrap( void *ctx, const unsigned char *data )
+{
+    mbedtls_md5_process( (mbedtls_md5_context *) ctx, data );
+}
+
+const mbedtls_md_info_t mbedtls_md5_info = {
+    MBEDTLS_MD_MD5,
+    "MD5",
+    16,
+    64,
+    md5_starts_wrap,
+    md5_update_wrap,
+    md5_finish_wrap,
+    mbedtls_md5,
+    md5_ctx_alloc,
+    md5_ctx_free,
+    md5_clone_wrap,
+    md5_process_wrap,
+};
+
+#endif /* MBEDTLS_MD5_C */
+
+#if defined(MBEDTLS_RIPEMD160_C)
+
+static void ripemd160_starts_wrap( void *ctx )
+{
+    mbedtls_ripemd160_starts( (mbedtls_ripemd160_context *) ctx );
+}
+
+static void ripemd160_update_wrap( void *ctx, const unsigned char *input,
+                                   size_t ilen )
+{
+    mbedtls_ripemd160_update( (mbedtls_ripemd160_context *) ctx, input, ilen );
+}
+
+static void ripemd160_finish_wrap( void *ctx, unsigned char *output )
+{
+    mbedtls_ripemd160_finish( (mbedtls_ripemd160_context *) ctx, output );
+}
+
+static void *ripemd160_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) );
+
+    if( ctx != NULL )
+        mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx );
+
+    return( ctx );
+}
+
+static void ripemd160_ctx_free( void *ctx )
+{
+    mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void ripemd160_clone_wrap( void *dst, const void *src )
+{
+    mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst,
+                       (const mbedtls_ripemd160_context *) src );
+}
+
+static void ripemd160_process_wrap( void *ctx, const unsigned char *data )
+{
+    mbedtls_ripemd160_process( (mbedtls_ripemd160_context *) ctx, data );
+}
+
+const mbedtls_md_info_t mbedtls_ripemd160_info = {
+    MBEDTLS_MD_RIPEMD160,
+    "RIPEMD160",
+    20,
+    64,
+    ripemd160_starts_wrap,
+    ripemd160_update_wrap,
+    ripemd160_finish_wrap,
+    mbedtls_ripemd160,
+    ripemd160_ctx_alloc,
+    ripemd160_ctx_free,
+    ripemd160_clone_wrap,
+    ripemd160_process_wrap,
+};
+
+#endif /* MBEDTLS_RIPEMD160_C */
+
+#if defined(MBEDTLS_SHA1_C)
+
+static void sha1_starts_wrap( void *ctx )
+{
+    mbedtls_sha1_starts( (mbedtls_sha1_context *) ctx );
+}
+
+static void sha1_update_wrap( void *ctx, const unsigned char *input,
+                              size_t ilen )
+{
+    mbedtls_sha1_update( (mbedtls_sha1_context *) ctx, input, ilen );
+}
+
+static void sha1_finish_wrap( void *ctx, unsigned char *output )
+{
+    mbedtls_sha1_finish( (mbedtls_sha1_context *) ctx, output );
+}
+
+static void *sha1_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) );
+
+    if( ctx != NULL )
+        mbedtls_sha1_init( (mbedtls_sha1_context *) ctx );
+
+    return( ctx );
+}
+
+static void sha1_clone_wrap( void *dst, const void *src )
+{
+    mbedtls_sha1_clone( (mbedtls_sha1_context *) dst,
+                  (const mbedtls_sha1_context *) src );
+}
+
+static void sha1_ctx_free( void *ctx )
+{
+    mbedtls_sha1_free( (mbedtls_sha1_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void sha1_process_wrap( void *ctx, const unsigned char *data )
+{
+    mbedtls_sha1_process( (mbedtls_sha1_context *) ctx, data );
+}
+
+const mbedtls_md_info_t mbedtls_sha1_info = {
+    MBEDTLS_MD_SHA1,
+    "SHA1",
+    20,
+    64,
+    sha1_starts_wrap,
+    sha1_update_wrap,
+    sha1_finish_wrap,
+    mbedtls_sha1,
+    sha1_ctx_alloc,
+    sha1_ctx_free,
+    sha1_clone_wrap,
+    sha1_process_wrap,
+};
+
+#endif /* MBEDTLS_SHA1_C */
+
+/*
+ * Wrappers for generic message digests
+ */
+#if defined(MBEDTLS_SHA256_C)
+
+static void sha224_starts_wrap( void *ctx )
+{
+    mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 1 );
+}
+
+static void sha224_update_wrap( void *ctx, const unsigned char *input,
+                                size_t ilen )
+{
+    mbedtls_sha256_update( (mbedtls_sha256_context *) ctx, input, ilen );
+}
+
+static void sha224_finish_wrap( void *ctx, unsigned char *output )
+{
+    mbedtls_sha256_finish( (mbedtls_sha256_context *) ctx, output );
+}
+
+static void sha224_wrap( const unsigned char *input, size_t ilen,
+                    unsigned char *output )
+{
+    mbedtls_sha256( input, ilen, output, 1 );
+}
+
+static void *sha224_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) );
+
+    if( ctx != NULL )
+        mbedtls_sha256_init( (mbedtls_sha256_context *) ctx );
+
+    return( ctx );
+}
+
+static void sha224_ctx_free( void *ctx )
+{
+    mbedtls_sha256_free( (mbedtls_sha256_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void sha224_clone_wrap( void *dst, const void *src )
+{
+    mbedtls_sha256_clone( (mbedtls_sha256_context *) dst,
+                    (const mbedtls_sha256_context *) src );
+}
+
+static void sha224_process_wrap( void *ctx, const unsigned char *data )
+{
+    mbedtls_sha256_process( (mbedtls_sha256_context *) ctx, data );
+}
+
+const mbedtls_md_info_t mbedtls_sha224_info = {
+    MBEDTLS_MD_SHA224,
+    "SHA224",
+    28,
+    64,
+    sha224_starts_wrap,
+    sha224_update_wrap,
+    sha224_finish_wrap,
+    sha224_wrap,
+    sha224_ctx_alloc,
+    sha224_ctx_free,
+    sha224_clone_wrap,
+    sha224_process_wrap,
+};
+
+static void sha256_starts_wrap( void *ctx )
+{
+    mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 0 );
+}
+
+static void sha256_wrap( const unsigned char *input, size_t ilen,
+                    unsigned char *output )
+{
+    mbedtls_sha256( input, ilen, output, 0 );
+}
+
+const mbedtls_md_info_t mbedtls_sha256_info = {
+    MBEDTLS_MD_SHA256,
+    "SHA256",
+    32,
+    64,
+    sha256_starts_wrap,
+    sha224_update_wrap,
+    sha224_finish_wrap,
+    sha256_wrap,
+    sha224_ctx_alloc,
+    sha224_ctx_free,
+    sha224_clone_wrap,
+    sha224_process_wrap,
+};
+
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+
+static void sha384_starts_wrap( void *ctx )
+{
+    mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 1 );
+}
+
+static void sha384_update_wrap( void *ctx, const unsigned char *input,
+                                size_t ilen )
+{
+    mbedtls_sha512_update( (mbedtls_sha512_context *) ctx, input, ilen );
+}
+
+static void sha384_finish_wrap( void *ctx, unsigned char *output )
+{
+    mbedtls_sha512_finish( (mbedtls_sha512_context *) ctx, output );
+}
+
+static void sha384_wrap( const unsigned char *input, size_t ilen,
+                    unsigned char *output )
+{
+    mbedtls_sha512( input, ilen, output, 1 );
+}
+
+static void *sha384_ctx_alloc( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) );
+
+    if( ctx != NULL )
+        mbedtls_sha512_init( (mbedtls_sha512_context *) ctx );
+
+    return( ctx );
+}
+
+static void sha384_ctx_free( void *ctx )
+{
+    mbedtls_sha512_free( (mbedtls_sha512_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void sha384_clone_wrap( void *dst, const void *src )
+{
+    mbedtls_sha512_clone( (mbedtls_sha512_context *) dst,
+                    (const mbedtls_sha512_context *) src );
+}
+
+static void sha384_process_wrap( void *ctx, const unsigned char *data )
+{
+    mbedtls_sha512_process( (mbedtls_sha512_context *) ctx, data );
+}
+
+const mbedtls_md_info_t mbedtls_sha384_info = {
+    MBEDTLS_MD_SHA384,
+    "SHA384",
+    48,
+    128,
+    sha384_starts_wrap,
+    sha384_update_wrap,
+    sha384_finish_wrap,
+    sha384_wrap,
+    sha384_ctx_alloc,
+    sha384_ctx_free,
+    sha384_clone_wrap,
+    sha384_process_wrap,
+};
+
+static void sha512_starts_wrap( void *ctx )
+{
+    mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 0 );
+}
+
+static void sha512_wrap( const unsigned char *input, size_t ilen,
+                    unsigned char *output )
+{
+    mbedtls_sha512( input, ilen, output, 0 );
+}
+
+const mbedtls_md_info_t mbedtls_sha512_info = {
+    MBEDTLS_MD_SHA512,
+    "SHA512",
+    64,
+    128,
+    sha512_starts_wrap,
+    sha384_update_wrap,
+    sha384_finish_wrap,
+    sha512_wrap,
+    sha384_ctx_alloc,
+    sha384_ctx_free,
+    sha384_clone_wrap,
+    sha384_process_wrap,
+};
+
+#endif /* MBEDTLS_SHA512_C */
+
+#endif /* MBEDTLS_MD_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/memory_buffer_alloc.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,750 @@
+/*
+ *  Buffer-based memory allocator
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+
+/* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C
+   is dependent upon MBEDTLS_PLATFORM_C */
+#include "mbedtls/platform.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+#include <execinfo.h>
+#endif
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+#define MAGIC1       0xFF00AA55
+#define MAGIC2       0xEE119966
+#define MAX_BT 20
+
+typedef struct _memory_header memory_header;
+struct _memory_header
+{
+    size_t          magic1;
+    size_t          size;
+    size_t          alloc;
+    memory_header   *prev;
+    memory_header   *next;
+    memory_header   *prev_free;
+    memory_header   *next_free;
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    char            **trace;
+    size_t          trace_count;
+#endif
+    size_t          magic2;
+};
+
+typedef struct
+{
+    unsigned char   *buf;
+    size_t          len;
+    memory_header   *first;
+    memory_header   *first_free;
+    int             verify;
+#if defined(MBEDTLS_MEMORY_DEBUG)
+    size_t          alloc_count;
+    size_t          free_count;
+    size_t          total_used;
+    size_t          maximum_used;
+    size_t          header_count;
+    size_t          maximum_header_count;
+#endif
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t   mutex;
+#endif
+}
+buffer_alloc_ctx;
+
+static buffer_alloc_ctx heap;
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+static void debug_header( memory_header *hdr )
+{
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    size_t i;
+#endif
+
+    mbedtls_fprintf( stderr, "HDR:  PTR(%10zu), PREV(%10zu), NEXT(%10zu), "
+                              "ALLOC(%zu), SIZE(%10zu)\n",
+                      (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
+                      hdr->alloc, hdr->size );
+    mbedtls_fprintf( stderr, "      FPREV(%10zu), FNEXT(%10zu)\n",
+                      (size_t) hdr->prev_free, (size_t) hdr->next_free );
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    mbedtls_fprintf( stderr, "TRACE: \n" );
+    for( i = 0; i < hdr->trace_count; i++ )
+        mbedtls_fprintf( stderr, "%s\n", hdr->trace[i] );
+    mbedtls_fprintf( stderr, "\n" );
+#endif
+}
+
+static void debug_chain()
+{
+    memory_header *cur = heap.first;
+
+    mbedtls_fprintf( stderr, "\nBlock list\n" );
+    while( cur != NULL )
+    {
+        debug_header( cur );
+        cur = cur->next;
+    }
+
+    mbedtls_fprintf( stderr, "Free list\n" );
+    cur = heap.first_free;
+
+    while( cur != NULL )
+    {
+        debug_header( cur );
+        cur = cur->next_free;
+    }
+}
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+static int verify_header( memory_header *hdr )
+{
+    if( hdr->magic1 != MAGIC1 )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: MAGIC1 mismatch\n" );
+#endif
+        return( 1 );
+    }
+
+    if( hdr->magic2 != MAGIC2 )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: MAGIC2 mismatch\n" );
+#endif
+        return( 1 );
+    }
+
+    if( hdr->alloc > 1 )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: alloc has illegal value\n" );
+#endif
+        return( 1 );
+    }
+
+    if( hdr->prev != NULL && hdr->prev == hdr->next )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: prev == next\n" );
+#endif
+        return( 1 );
+    }
+
+    if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: prev_free == next_free\n" );
+#endif
+        return( 1 );
+    }
+
+    return( 0 );
+}
+
+static int verify_chain()
+{
+    memory_header *prv = heap.first, *cur = heap.first->next;
+
+    if( verify_header( heap.first ) != 0 )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: verification of first header "
+                                  "failed\n" );
+#endif
+        return( 1 );
+    }
+
+    if( heap.first->prev != NULL )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: verification failed: "
+                                  "first->prev != NULL\n" );
+#endif
+        return( 1 );
+    }
+
+    while( cur != NULL )
+    {
+        if( verify_header( cur ) != 0 )
+        {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+            mbedtls_fprintf( stderr, "FATAL: verification of header "
+                                      "failed\n" );
+#endif
+            return( 1 );
+        }
+
+        if( cur->prev != prv )
+        {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+            mbedtls_fprintf( stderr, "FATAL: verification failed: "
+                                      "cur->prev != prv\n" );
+#endif
+            return( 1 );
+        }
+
+        prv = cur;
+        cur = cur->next;
+    }
+
+    return( 0 );
+}
+
+static void *buffer_alloc_calloc( size_t n, size_t size )
+{
+    memory_header *new, *cur = heap.first_free;
+    unsigned char *p;
+    void *ret;
+    size_t original_len, len;
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    void *trace_buffer[MAX_BT];
+    size_t trace_cnt;
+#endif
+
+    if( heap.buf == NULL || heap.first == NULL )
+        return( NULL );
+
+    original_len = len = n * size;
+
+    if( n != 0 && len / n != size )
+        return( NULL );
+
+    if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+    {
+        len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+        len += MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+    }
+
+    // Find block that fits
+    //
+    while( cur != NULL )
+    {
+        if( cur->size >= len )
+            break;
+
+        cur = cur->next_free;
+    }
+
+    if( cur == NULL )
+        return( NULL );
+
+    if( cur->alloc != 0 )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: block in free_list but allocated "
+                                  "data\n" );
+#endif
+        mbedtls_exit( 1 );
+    }
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+    heap.alloc_count++;
+#endif
+
+    // Found location, split block if > memory_header + 4 room left
+    //
+    if( cur->size - len < sizeof(memory_header) +
+                          MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+    {
+        cur->alloc = 1;
+
+        // Remove from free_list
+        //
+        if( cur->prev_free != NULL )
+            cur->prev_free->next_free = cur->next_free;
+        else
+            heap.first_free = cur->next_free;
+
+        if( cur->next_free != NULL )
+            cur->next_free->prev_free = cur->prev_free;
+
+        cur->prev_free = NULL;
+        cur->next_free = NULL;
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        heap.total_used += cur->size;
+        if( heap.total_used > heap.maximum_used )
+            heap.maximum_used = heap.total_used;
+#endif
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+        trace_cnt = backtrace( trace_buffer, MAX_BT );
+        cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
+        cur->trace_count = trace_cnt;
+#endif
+
+        if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
+            mbedtls_exit( 1 );
+
+        ret = (unsigned char *) cur + sizeof( memory_header );
+        memset( ret, 0, original_len );
+
+        return( ret );
+    }
+
+    p = ( (unsigned char *) cur ) + sizeof(memory_header) + len;
+    new = (memory_header *) p;
+
+    new->size = cur->size - len - sizeof(memory_header);
+    new->alloc = 0;
+    new->prev = cur;
+    new->next = cur->next;
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    new->trace = NULL;
+    new->trace_count = 0;
+#endif
+    new->magic1 = MAGIC1;
+    new->magic2 = MAGIC2;
+
+    if( new->next != NULL )
+        new->next->prev = new;
+
+    // Replace cur with new in free_list
+    //
+    new->prev_free = cur->prev_free;
+    new->next_free = cur->next_free;
+    if( new->prev_free != NULL )
+        new->prev_free->next_free = new;
+    else
+        heap.first_free = new;
+
+    if( new->next_free != NULL )
+        new->next_free->prev_free = new;
+
+    cur->alloc = 1;
+    cur->size = len;
+    cur->next = new;
+    cur->prev_free = NULL;
+    cur->next_free = NULL;
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+    heap.header_count++;
+    if( heap.header_count > heap.maximum_header_count )
+        heap.maximum_header_count = heap.header_count;
+    heap.total_used += cur->size;
+    if( heap.total_used > heap.maximum_used )
+        heap.maximum_used = heap.total_used;
+#endif
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    trace_cnt = backtrace( trace_buffer, MAX_BT );
+    cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
+    cur->trace_count = trace_cnt;
+#endif
+
+    if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
+        mbedtls_exit( 1 );
+
+    ret = (unsigned char *) cur + sizeof( memory_header );
+    memset( ret, 0, original_len );
+
+    return( ret );
+}
+
+static void buffer_alloc_free( void *ptr )
+{
+    memory_header *hdr, *old = NULL;
+    unsigned char *p = (unsigned char *) ptr;
+
+    if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
+        return;
+
+    if( p < heap.buf || p > heap.buf + heap.len )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
+                                  "space\n" );
+#endif
+        mbedtls_exit( 1 );
+    }
+
+    p -= sizeof(memory_header);
+    hdr = (memory_header *) p;
+
+    if( verify_header( hdr ) != 0 )
+        mbedtls_exit( 1 );
+
+    if( hdr->alloc != 1 )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        mbedtls_fprintf( stderr, "FATAL: mbedtls_free() on unallocated "
+                                  "data\n" );
+#endif
+        mbedtls_exit( 1 );
+    }
+
+    hdr->alloc = 0;
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+    heap.free_count++;
+    heap.total_used -= hdr->size;
+#endif
+
+    // Regroup with block before
+    //
+    if( hdr->prev != NULL && hdr->prev->alloc == 0 )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        heap.header_count--;
+#endif
+        hdr->prev->size += sizeof(memory_header) + hdr->size;
+        hdr->prev->next = hdr->next;
+        old = hdr;
+        hdr = hdr->prev;
+
+        if( hdr->next != NULL )
+            hdr->next->prev = hdr;
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+        free( old->trace );
+#endif
+        memset( old, 0, sizeof(memory_header) );
+    }
+
+    // Regroup with block after
+    //
+    if( hdr->next != NULL && hdr->next->alloc == 0 )
+    {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        heap.header_count--;
+#endif
+        hdr->size += sizeof(memory_header) + hdr->next->size;
+        old = hdr->next;
+        hdr->next = hdr->next->next;
+
+        if( hdr->prev_free != NULL || hdr->next_free != NULL )
+        {
+            if( hdr->prev_free != NULL )
+                hdr->prev_free->next_free = hdr->next_free;
+            else
+                heap.first_free = hdr->next_free;
+
+            if( hdr->next_free != NULL )
+                hdr->next_free->prev_free = hdr->prev_free;
+        }
+
+        hdr->prev_free = old->prev_free;
+        hdr->next_free = old->next_free;
+
+        if( hdr->prev_free != NULL )
+            hdr->prev_free->next_free = hdr;
+        else
+            heap.first_free = hdr;
+
+        if( hdr->next_free != NULL )
+            hdr->next_free->prev_free = hdr;
+
+        if( hdr->next != NULL )
+            hdr->next->prev = hdr;
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+        free( old->trace );
+#endif
+        memset( old, 0, sizeof(memory_header) );
+    }
+
+    // Prepend to free_list if we have not merged
+    // (Does not have to stay in same order as prev / next list)
+    //
+    if( old == NULL )
+    {
+        hdr->next_free = heap.first_free;
+        if( heap.first_free != NULL )
+            heap.first_free->prev_free = hdr;
+        heap.first_free = hdr;
+    }
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    hdr->trace = NULL;
+    hdr->trace_count = 0;
+#endif
+
+    if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
+        mbedtls_exit( 1 );
+}
+
+void mbedtls_memory_buffer_set_verify( int verify )
+{
+    heap.verify = verify;
+}
+
+int mbedtls_memory_buffer_alloc_verify()
+{
+    return verify_chain();
+}
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+void mbedtls_memory_buffer_alloc_status()
+{
+    mbedtls_fprintf( stderr,
+                      "Current use: %zu blocks / %zu bytes, max: %zu blocks / "
+                      "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
+                      heap.header_count, heap.total_used,
+                      heap.maximum_header_count, heap.maximum_used,
+                      heap.maximum_header_count * sizeof( memory_header )
+                      + heap.maximum_used,
+                      heap.alloc_count, heap.free_count );
+
+    if( heap.first->next == NULL )
+        mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" );
+    else
+    {
+        mbedtls_fprintf( stderr, "Memory currently allocated:\n" );
+        debug_chain();
+    }
+}
+
+void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks )
+{
+    *max_used   = heap.maximum_used;
+    *max_blocks = heap.maximum_header_count;
+}
+
+void mbedtls_memory_buffer_alloc_max_reset( void )
+{
+    heap.maximum_used = 0;
+    heap.maximum_header_count = 0;
+}
+
+void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks )
+{
+    *cur_used   = heap.total_used;
+    *cur_blocks = heap.header_count;
+}
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+#if defined(MBEDTLS_THREADING_C)
+static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
+{
+    void *buf;
+    if( mbedtls_mutex_lock( &heap.mutex ) != 0 )
+        return( NULL );
+    buf = buffer_alloc_calloc( n, size );
+    if( mbedtls_mutex_unlock( &heap.mutex ) )
+        return( NULL );
+    return( buf );
+}
+
+static void buffer_alloc_free_mutexed( void *ptr )
+{
+    /* We have to good option here, but corrupting the heap seems
+     * worse than loosing memory. */
+    if( mbedtls_mutex_lock( &heap.mutex ) )
+        return;
+    buffer_alloc_free( ptr );
+    (void) mbedtls_mutex_unlock( &heap.mutex );
+}
+#endif /* MBEDTLS_THREADING_C */
+
+void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
+{
+    memset( &heap, 0, sizeof(buffer_alloc_ctx) );
+    memset( buf, 0, len );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &heap.mutex );
+    mbedtls_platform_set_calloc_free( buffer_alloc_calloc_mutexed,
+                              buffer_alloc_free_mutexed );
+#else
+    mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
+#endif
+
+    if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+    {
+        /* Adjust len first since buf is used in the computation */
+        len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
+             - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+        buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
+             - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+    }
+
+    heap.buf = buf;
+    heap.len = len;
+
+    heap.first = (memory_header *) buf;
+    heap.first->size = len - sizeof(memory_header);
+    heap.first->magic1 = MAGIC1;
+    heap.first->magic2 = MAGIC2;
+    heap.first_free = heap.first;
+}
+
+void mbedtls_memory_buffer_alloc_free()
+{
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_free( &heap.mutex );
+#endif
+    mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+static int check_pointer( void *p )
+{
+    if( p == NULL )
+        return( -1 );
+
+    if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 )
+        return( -1 );
+
+    return( 0 );
+}
+
+static int check_all_free( )
+{
+    if(
+#if defined(MBEDTLS_MEMORY_DEBUG)
+        heap.total_used != 0 ||
+#endif
+        heap.first != heap.first_free ||
+        (void *) heap.first != (void *) heap.buf )
+    {
+        return( -1 );
+    }
+
+    return( 0 );
+}
+
+#define TEST_ASSERT( condition )            \
+    if( ! (condition) )                     \
+    {                                       \
+        if( verbose != 0 )                  \
+            mbedtls_printf( "failed\n" );  \
+                                            \
+        ret = 1;                            \
+        goto cleanup;                       \
+    }
+
+int mbedtls_memory_buffer_alloc_self_test( int verbose )
+{
+    unsigned char buf[1024];
+    unsigned char *p, *q, *r, *end;
+    int ret = 0;
+
+    if( verbose != 0 )
+        mbedtls_printf( "  MBA test #1 (basic alloc-free cycle): " );
+
+    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+
+    p = mbedtls_calloc( 1, 1 );
+    q = mbedtls_calloc( 1, 128 );
+    r = mbedtls_calloc( 1, 16 );
+
+    TEST_ASSERT( check_pointer( p ) == 0 &&
+                 check_pointer( q ) == 0 &&
+                 check_pointer( r ) == 0 );
+
+    mbedtls_free( r );
+    mbedtls_free( q );
+    mbedtls_free( p );
+
+    TEST_ASSERT( check_all_free( ) == 0 );
+
+    /* Memorize end to compare with the next test */
+    end = heap.buf + heap.len;
+
+    mbedtls_memory_buffer_alloc_free( );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  MBA test #2 (buf not aligned): " );
+
+    mbedtls_memory_buffer_alloc_init( buf + 1, sizeof( buf ) - 1 );
+
+    TEST_ASSERT( heap.buf + heap.len == end );
+
+    p = mbedtls_calloc( 1, 1 );
+    q = mbedtls_calloc( 1, 128 );
+    r = mbedtls_calloc( 1, 16 );
+
+    TEST_ASSERT( check_pointer( p ) == 0 &&
+                 check_pointer( q ) == 0 &&
+                 check_pointer( r ) == 0 );
+
+    mbedtls_free( r );
+    mbedtls_free( q );
+    mbedtls_free( p );
+
+    TEST_ASSERT( check_all_free( ) == 0 );
+
+    mbedtls_memory_buffer_alloc_free( );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  MBA test #3 (full): " );
+
+    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+
+    p = mbedtls_calloc( 1, sizeof( buf ) - sizeof( memory_header ) );
+
+    TEST_ASSERT( check_pointer( p ) == 0 );
+    TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
+
+    mbedtls_free( p );
+
+    p = mbedtls_calloc( 1, sizeof( buf ) - 2 * sizeof( memory_header ) - 16 );
+    q = mbedtls_calloc( 1, 16 );
+
+    TEST_ASSERT( check_pointer( p ) == 0 && check_pointer( q ) == 0 );
+    TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
+
+    mbedtls_free( q );
+
+    TEST_ASSERT( mbedtls_calloc( 1, 17 ) == NULL );
+
+    mbedtls_free( p );
+
+    TEST_ASSERT( check_all_free( ) == 0 );
+
+    mbedtls_memory_buffer_alloc_free( );
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+cleanup:
+    mbedtls_memory_buffer_alloc_free( );
+
+    return( ret );
+}
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/net.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,575 @@
+/*
+ *  TCP/IP or UDP/IP networking functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_NET_C)
+
+#include "mbedtls/net.h"
+
+#include <string.h>
+
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+    !defined(EFI32)
+
+#ifdef _WIN32_WINNT
+#undef _WIN32_WINNT
+#endif
+/* Enables getaddrinfo() & Co */
+#define _WIN32_WINNT 0x0501
+#include <ws2tcpip.h>
+
+#include <winsock2.h>
+#include <windows.h>
+
+#if defined(_MSC_VER)
+#if defined(_WIN32_WCE)
+#pragma comment( lib, "ws2.lib" )
+#else
+#pragma comment( lib, "ws2_32.lib" )
+#endif
+#endif /* _MSC_VER */
+
+#define read(fd,buf,len)        recv(fd,(char*)buf,(int) len,0)
+#define write(fd,buf,len)       send(fd,(char*)buf,(int) len,0)
+#define close(fd)               closesocket(fd)
+
+static int wsa_init_done = 0;
+
+#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <netdb.h>
+#include <errno.h>
+
+#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
+
+/* Some MS functions want int and MSVC warns if we pass size_t,
+ * but the standard fucntions use socklen_t, so cast only for MSVC */
+#if defined(_MSC_VER)
+#define MSVC_INT_CAST   (int)
+#else
+#define MSVC_INT_CAST
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <time.h>
+
+#include <stdint.h>
+
+/*
+ * Prepare for using the sockets interface
+ */
+static int net_prepare( void )
+{
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+    !defined(EFI32)
+    WSADATA wsaData;
+
+    if( wsa_init_done == 0 )
+    {
+        if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
+            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
+
+        wsa_init_done = 1;
+    }
+#else
+#if !defined(EFIX64) && !defined(EFI32)
+    signal( SIGPIPE, SIG_IGN );
+#endif
+#endif
+    return( 0 );
+}
+
+/*
+ * Initialize a context
+ */
+void mbedtls_net_init( mbedtls_net_context *ctx )
+{
+    ctx->fd = -1;
+}
+
+/*
+ * Initiate a TCP connection with host:port and the given protocol
+ */
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto )
+{
+    int ret;
+    struct addrinfo hints, *addr_list, *cur;
+
+    if( ( ret = net_prepare() ) != 0 )
+        return( ret );
+
+    /* Do name resolution with both IPv6 and IPv4 */
+    memset( &hints, 0, sizeof( hints ) );
+    hints.ai_family = AF_UNSPEC;
+    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
+    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
+
+    if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
+        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
+
+    /* Try the sockaddrs until a connection succeeds */
+    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
+    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
+    {
+        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
+                            cur->ai_protocol );
+        if( ctx->fd < 0 )
+        {
+            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
+            continue;
+        }
+
+        if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 )
+        {
+            ret = 0;
+            break;
+        }
+
+        close( ctx->fd );
+        ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
+    }
+
+    freeaddrinfo( addr_list );
+
+    return( ret );
+}
+
+/*
+ * Create a listening socket on bind_ip:port
+ */
+int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
+{
+    int n, ret;
+    struct addrinfo hints, *addr_list, *cur;
+
+    if( ( ret = net_prepare() ) != 0 )
+        return( ret );
+
+    /* Bind to IPv6 and/or IPv4, but only in the desired protocol */
+    memset( &hints, 0, sizeof( hints ) );
+    hints.ai_family = AF_UNSPEC;
+    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
+    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
+    if( bind_ip == NULL )
+        hints.ai_flags = AI_PASSIVE;
+
+    if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 )
+        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
+
+    /* Try the sockaddrs until a binding succeeds */
+    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
+    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
+    {
+        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
+                            cur->ai_protocol );
+        if( ctx->fd < 0 )
+        {
+            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
+            continue;
+        }
+
+        n = 1;
+        if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR,
+                        (const char *) &n, sizeof( n ) ) != 0 )
+        {
+            close( ctx->fd );
+            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
+            continue;
+        }
+
+        if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 )
+        {
+            close( ctx->fd );
+            ret = MBEDTLS_ERR_NET_BIND_FAILED;
+            continue;
+        }
+
+        /* Listen only makes sense for TCP */
+        if( proto == MBEDTLS_NET_PROTO_TCP )
+        {
+            if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
+            {
+                close( ctx->fd );
+                ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
+                continue;
+            }
+        }
+
+        /* I we ever get there, it's a success */
+        ret = 0;
+        break;
+    }
+
+    freeaddrinfo( addr_list );
+
+    return( ret );
+
+}
+
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+    !defined(EFI32)
+/*
+ * Check if the requested operation would be blocking on a non-blocking socket
+ * and thus 'failed' with a negative return value.
+ */
+static int net_would_block( const mbedtls_net_context *ctx )
+{
+    ((void) ctx);
+    return( WSAGetLastError() == WSAEWOULDBLOCK );
+}
+#else
+/*
+ * Check if the requested operation would be blocking on a non-blocking socket
+ * and thus 'failed' with a negative return value.
+ *
+ * Note: on a blocking socket this function always returns 0!
+ */
+static int net_would_block( const mbedtls_net_context *ctx )
+{
+    /*
+     * Never return 'WOULD BLOCK' on a non-blocking socket
+     */
+    if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
+        return( 0 );
+
+    switch( errno )
+    {
+#if defined EAGAIN
+        case EAGAIN:
+#endif
+#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
+        case EWOULDBLOCK:
+#endif
+            return( 1 );
+    }
+    return( 0 );
+}
+#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
+
+/*
+ * Accept a connection from a remote client
+ */
+int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
+                        mbedtls_net_context *client_ctx,
+                        void *client_ip, size_t buf_size, size_t *ip_len )
+{
+    int ret;
+    int type;
+
+    struct sockaddr_storage client_addr;
+
+#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) ||  \
+    defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t)
+    socklen_t n = (socklen_t) sizeof( client_addr );
+    socklen_t type_len = (socklen_t) sizeof( type );
+#else
+    int n = (int) sizeof( client_addr );
+    int type_len = (int) sizeof( type );
+#endif
+
+    /* Is this a TCP or UDP socket? */
+    if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
+                    (void *) &type, &type_len ) != 0 ||
+        ( type != SOCK_STREAM && type != SOCK_DGRAM ) )
+    {
+        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+    }
+
+    if( type == SOCK_STREAM )
+    {
+        /* TCP: actual accept() */
+        ret = client_ctx->fd = (int) accept( bind_ctx->fd,
+                                         (struct sockaddr *) &client_addr, &n );
+    }
+    else
+    {
+        /* UDP: wait for a message, but keep it in the queue */
+        char buf[1] = { 0 };
+
+        ret = (int) recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
+                        (struct sockaddr *) &client_addr, &n );
+
+#if defined(_WIN32)
+        if( ret == SOCKET_ERROR &&
+            WSAGetLastError() == WSAEMSGSIZE )
+        {
+            /* We know buf is too small, thanks, just peeking here */
+            ret = 0;
+        }
+#endif
+    }
+
+    if( ret < 0 )
+    {
+        if( net_would_block( bind_ctx ) != 0 )
+            return( MBEDTLS_ERR_SSL_WANT_READ );
+
+        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+    }
+
+    /* UDP: hijack the listening socket to communicate with the client,
+     * then bind a new socket to accept new connections */
+    if( type != SOCK_STREAM )
+    {
+        struct sockaddr_storage local_addr;
+        int one = 1;
+
+        if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 )
+            return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+
+        client_ctx->fd = bind_ctx->fd;
+        bind_ctx->fd   = -1; /* In case we exit early */
+
+        n = sizeof( struct sockaddr_storage );
+        if( getsockname( client_ctx->fd,
+                         (struct sockaddr *) &local_addr, &n ) != 0 ||
+            ( bind_ctx->fd = (int) socket( local_addr.ss_family,
+                                           SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
+            setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
+                        (const char *) &one, sizeof( one ) ) != 0 )
+        {
+            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
+        }
+
+        if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
+        {
+            return( MBEDTLS_ERR_NET_BIND_FAILED );
+        }
+    }
+
+    if( client_ip != NULL )
+    {
+        if( client_addr.ss_family == AF_INET )
+        {
+            struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
+            *ip_len = sizeof( addr4->sin_addr.s_addr );
+
+            if( buf_size < *ip_len )
+                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
+
+            memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
+        }
+        else
+        {
+            struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
+            *ip_len = sizeof( addr6->sin6_addr.s6_addr );
+
+            if( buf_size < *ip_len )
+                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
+
+            memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
+        }
+    }
+
+    return( 0 );
+}
+
+/*
+ * Set the socket blocking or non-blocking
+ */
+int mbedtls_net_set_block( mbedtls_net_context *ctx )
+{
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+    !defined(EFI32)
+    u_long n = 0;
+    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
+#else
+    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) & ~O_NONBLOCK ) );
+#endif
+}
+
+int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
+{
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+    !defined(EFI32)
+    u_long n = 1;
+    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
+#else
+    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) | O_NONBLOCK ) );
+#endif
+}
+
+/*
+ * Portable usleep helper
+ */
+void mbedtls_net_usleep( unsigned long usec )
+{
+#if defined(_WIN32)
+    Sleep( ( usec + 999 ) / 1000 );
+#else
+    struct timeval tv;
+    tv.tv_sec  = usec / 1000000;
+#if defined(__unix__) || defined(__unix) || \
+    ( defined(__APPLE__) && defined(__MACH__) )
+    tv.tv_usec = (suseconds_t) usec % 1000000;
+#else
+    tv.tv_usec = usec % 1000000;
+#endif
+    select( 0, NULL, NULL, NULL, &tv );
+#endif
+}
+
+/*
+ * Read at most 'len' characters
+ */
+int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
+{
+    int ret;
+    int fd = ((mbedtls_net_context *) ctx)->fd;
+
+    if( fd < 0 )
+        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+    ret = (int) read( fd, buf, len );
+
+    if( ret < 0 )
+    {
+        if( net_would_block( ctx ) != 0 )
+            return( MBEDTLS_ERR_SSL_WANT_READ );
+
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+    !defined(EFI32)
+        if( WSAGetLastError() == WSAECONNRESET )
+            return( MBEDTLS_ERR_NET_CONN_RESET );
+#else
+        if( errno == EPIPE || errno == ECONNRESET )
+            return( MBEDTLS_ERR_NET_CONN_RESET );
+
+        if( errno == EINTR )
+            return( MBEDTLS_ERR_SSL_WANT_READ );
+#endif
+
+        return( MBEDTLS_ERR_NET_RECV_FAILED );
+    }
+
+    return( ret );
+}
+
+/*
+ * Read at most 'len' characters, blocking for at most 'timeout' ms
+ */
+int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+                      uint32_t timeout )
+{
+    int ret;
+    struct timeval tv;
+    fd_set read_fds;
+    int fd = ((mbedtls_net_context *) ctx)->fd;
+
+    if( fd < 0 )
+        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+    FD_ZERO( &read_fds );
+    FD_SET( fd, &read_fds );
+
+    tv.tv_sec  = timeout / 1000;
+    tv.tv_usec = ( timeout % 1000 ) * 1000;
+
+    ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
+
+    /* Zero fds ready means we timed out */
+    if( ret == 0 )
+        return( MBEDTLS_ERR_SSL_TIMEOUT );
+
+    if( ret < 0 )
+    {
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+    !defined(EFI32)
+        if( WSAGetLastError() == WSAEINTR )
+            return( MBEDTLS_ERR_SSL_WANT_READ );
+#else
+        if( errno == EINTR )
+            return( MBEDTLS_ERR_SSL_WANT_READ );
+#endif
+
+        return( MBEDTLS_ERR_NET_RECV_FAILED );
+    }
+
+    /* This call will not block */
+    return( mbedtls_net_recv( ctx, buf, len ) );
+}
+
+/*
+ * Write at most 'len' characters
+ */
+int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
+{
+    int ret;
+    int fd = ((mbedtls_net_context *) ctx)->fd;
+
+    if( fd < 0 )
+        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+    ret = (int) write( fd, buf, len );
+
+    if( ret < 0 )
+    {
+        if( net_would_block( ctx ) != 0 )
+            return( MBEDTLS_ERR_SSL_WANT_WRITE );
+
+#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
+    !defined(EFI32)
+        if( WSAGetLastError() == WSAECONNRESET )
+            return( MBEDTLS_ERR_NET_CONN_RESET );
+#else
+        if( errno == EPIPE || errno == ECONNRESET )
+            return( MBEDTLS_ERR_NET_CONN_RESET );
+
+        if( errno == EINTR )
+            return( MBEDTLS_ERR_SSL_WANT_WRITE );
+#endif
+
+        return( MBEDTLS_ERR_NET_SEND_FAILED );
+    }
+
+    return( ret );
+}
+
+/*
+ * Gracefully close the connection
+ */
+void mbedtls_net_free( mbedtls_net_context *ctx )
+{
+    if( ctx->fd == -1 )
+        return;
+
+    shutdown( ctx->fd, 2 );
+    close( ctx->fd );
+
+    ctx->fd = -1;
+}
+
+#endif /* MBEDTLS_NET_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/oid.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,650 @@
+/**
+ * \file oid.c
+ *
+ * \brief Object Identifier (OID) database
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_OID_C)
+
+#include "mbedtls/oid.h"
+#include "mbedtls/rsa.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#define mbedtls_snprintf snprintf
+#endif
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+#include "mbedtls/x509.h"
+#endif
+
+/*
+ * Macro to automatically add the size of #define'd OIDs
+ */
+#define ADD_LEN(s)      s, MBEDTLS_OID_SIZE(s)
+
+/*
+ * Macro to generate an internal function for oid_XXX_from_asn1() (used by
+ * the other functions)
+ */
+#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST )                        \
+static const TYPE_T * oid_ ## NAME ## _from_asn1( const mbedtls_asn1_buf *oid )     \
+{                                                                           \
+    const TYPE_T *p = LIST;                                                 \
+    const mbedtls_oid_descriptor_t *cur = (const mbedtls_oid_descriptor_t *) p;             \
+    if( p == NULL || oid == NULL ) return( NULL );                          \
+    while( cur->asn1 != NULL ) {                                            \
+        if( cur->asn1_len == oid->len &&                                    \
+            memcmp( cur->asn1, oid->p, oid->len ) == 0 ) {                  \
+            return( p );                                                    \
+        }                                                                   \
+        p++;                                                                \
+        cur = (const mbedtls_oid_descriptor_t *) p;                                 \
+    }                                                                       \
+    return( NULL );                                                         \
+}
+
+/*
+ * Macro to generate a function for retrieving a single attribute from the
+ * descriptor of an mbedtls_oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
+int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )                  \
+{                                                                       \
+    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );        \
+    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );            \
+    *ATTR1 = data->descriptor.ATTR1;                                    \
+    return( 0 );                                                        \
+}
+
+/*
+ * Macro to generate a function for retrieving a single attribute from an
+ * mbedtls_oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
+int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )                  \
+{                                                                       \
+    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );        \
+    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );            \
+    *ATTR1 = data->ATTR1;                                               \
+    return( 0 );                                                        \
+}
+
+/*
+ * Macro to generate a function for retrieving two attributes from an
+ * mbedtls_oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1,     \
+                         ATTR2_TYPE, ATTR2)                                 \
+int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, ATTR2_TYPE * ATTR2 )  \
+{                                                                           \
+    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );            \
+    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );                \
+    *ATTR1 = data->ATTR1;                                                   \
+    *ATTR2 = data->ATTR2;                                                   \
+    return( 0 );                                                            \
+}
+
+/*
+ * Macro to generate a function for retrieving the OID based on a single
+ * attribute from a mbedtls_oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1)   \
+int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen )             \
+{                                                                           \
+    const TYPE_T *cur = LIST;                                               \
+    while( cur->descriptor.asn1 != NULL ) {                                 \
+        if( cur->ATTR1 == ATTR1 ) {                                         \
+            *oid = cur->descriptor.asn1;                                    \
+            *olen = cur->descriptor.asn1_len;                               \
+            return( 0 );                                                    \
+        }                                                                   \
+        cur++;                                                              \
+    }                                                                       \
+    return( MBEDTLS_ERR_OID_NOT_FOUND );                                   \
+}
+
+/*
+ * Macro to generate a function for retrieving the OID based on two
+ * attributes from a mbedtls_oid_descriptor_t wrapper.
+ */
+#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1,   \
+                                ATTR2_TYPE, ATTR2)                          \
+int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid ,         \
+             size_t *olen )                                                 \
+{                                                                           \
+    const TYPE_T *cur = LIST;                                               \
+    while( cur->descriptor.asn1 != NULL ) {                                 \
+        if( cur->ATTR1 == ATTR1 && cur->ATTR2 == ATTR2 ) {                  \
+            *oid = cur->descriptor.asn1;                                    \
+            *olen = cur->descriptor.asn1_len;                               \
+            return( 0 );                                                    \
+        }                                                                   \
+        cur++;                                                              \
+    }                                                                       \
+    return( MBEDTLS_ERR_OID_NOT_FOUND );                                   \
+}
+
+/*
+ * For X520 attribute types
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    const char          *short_name;
+} oid_x520_attr_t;
+
+static const oid_x520_attr_t oid_x520_attr_type[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_CN ),          "id-at-commonName",               "Common Name" },
+        "CN",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_COUNTRY ),     "id-at-countryName",              "Country" },
+        "C",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_LOCALITY ),    "id-at-locality",                 "Locality" },
+        "L",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_STATE ),       "id-at-state",                    "State" },
+        "ST",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName",         "Organization" },
+        "O",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ),    "id-at-organizationalUnitName",   "Org Unit" },
+        "OU",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ),    "emailAddress",                   "E-mail address" },
+        "emailAddress",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber",            "Serial number" },
+        "serialNumber",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress",          "Postal address" },
+        "postalAddress",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode",               "Postal code" },
+        "postalCode",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ),    "id-at-surName",                  "Surname" },
+        "SN",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ),  "id-at-givenName",                "Given name" },
+        "GN",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_INITIALS ),    "id-at-initials",                 "Initials" },
+        "initials",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
+        "generationQualifier",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_TITLE ),       "id-at-title",                    "Title" },
+        "title",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier",              "Distinguished Name qualifier" },
+        "dnQualifier",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ),   "id-at-pseudonym",                "Pseudonym" },
+        "pseudonym",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent",           "Domain component" },
+        "DC",
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier",    "Unique Identifier" },
+        "uniqueIdentifier",
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        NULL,
+    }
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
+FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
+
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
+/*
+ * For X509 extensions
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    int                 ext_type;
+} oid_x509_ext_t;
+
+static const oid_x509_ext_t oid_x509_ext[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ),    "id-ce-basicConstraints",   "Basic Constraints" },
+        MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_KEY_USAGE ),            "id-ce-keyUsage",           "Key Usage" },
+        MBEDTLS_X509_EXT_KEY_USAGE,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ),   "id-ce-extKeyUsage",        "Extended Key Usage" },
+        MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ),     "id-ce-subjectAltName",     "Subject Alt Name" },
+        MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ),         "id-netscape-certtype",     "Netscape Certificate Type" },
+        MBEDTLS_X509_EXT_NS_CERT_TYPE,
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        0,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
+FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
+
+static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
+{
+    { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ),      "id-kp-serverAuth",      "TLS Web Server Authentication" },
+    { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ),      "id-kp-clientAuth",      "TLS Web Client Authentication" },
+    { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ),     "id-kp-codeSigning",     "Code Signing" },
+    { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
+    { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ),    "id-kp-timeStamping",    "Time Stamping" },
+    { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ),     "id-kp-OCSPSigning",     "OCSP Signing" },
+    { NULL, 0, NULL, NULL },
+};
+
+FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
+FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
+#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
+
+#if defined(MBEDTLS_MD_C)
+/*
+ * For SignatureAlgorithmIdentifier
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    mbedtls_md_type_t           md_alg;
+    mbedtls_pk_type_t           pk_alg;
+} oid_sig_alg_t;
+
+static const oid_sig_alg_t oid_sig_alg[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ),        "md2WithRSAEncryption",     "RSA with MD2" },
+        MBEDTLS_MD_MD2,      MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ),        "md4WithRSAEncryption",     "RSA with MD4" },
+        MBEDTLS_MD_MD4,      MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ),        "md5WithRSAEncryption",     "RSA with MD5" },
+        MBEDTLS_MD_MD5,      MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ),       "sha-1WithRSAEncryption",   "RSA with SHA1" },
+        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ),     "sha224WithRSAEncryption",  "RSA with SHA-224" },
+        MBEDTLS_MD_SHA224,   MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ),     "sha256WithRSAEncryption",  "RSA with SHA-256" },
+        MBEDTLS_MD_SHA256,   MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ),     "sha384WithRSAEncryption",  "RSA with SHA-384" },
+        MBEDTLS_MD_SHA384,   MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ),     "sha512WithRSAEncryption",  "RSA with SHA-512" },
+        MBEDTLS_MD_SHA512,   MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ),      "sha-1WithRSAEncryption",   "RSA with SHA1" },
+        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ),       "ecdsa-with-SHA1",      "ECDSA with SHA1" },
+        MBEDTLS_MD_SHA1,     MBEDTLS_PK_ECDSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ),     "ecdsa-with-SHA224",    "ECDSA with SHA224" },
+        MBEDTLS_MD_SHA224,   MBEDTLS_PK_ECDSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ),     "ecdsa-with-SHA256",    "ECDSA with SHA256" },
+        MBEDTLS_MD_SHA256,   MBEDTLS_PK_ECDSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ),     "ecdsa-with-SHA384",    "ECDSA with SHA384" },
+        MBEDTLS_MD_SHA384,   MBEDTLS_PK_ECDSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ),     "ecdsa-with-SHA512",    "ECDSA with SHA512" },
+        MBEDTLS_MD_SHA512,   MBEDTLS_PK_ECDSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ),        "RSASSA-PSS",           "RSASSA-PSS" },
+        MBEDTLS_MD_NONE,     MBEDTLS_PK_RSASSA_PSS,
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
+FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
+FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
+FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
+#endif /* MBEDTLS_MD_C */
+
+/*
+ * For PublicKeyInfo (PKCS1, RFC 5480)
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    mbedtls_pk_type_t           pk_alg;
+} oid_pk_alg_t;
+
+static const oid_pk_alg_t oid_pk_alg[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS1_RSA ),      "rsaEncryption",   "RSA" },
+        MBEDTLS_PK_RSA,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ),  "id-ecPublicKey",   "Generic EC key" },
+        MBEDTLS_PK_ECKEY,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ),          "id-ecDH",          "EC key for ECDH" },
+        MBEDTLS_PK_ECKEY_DH,
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        MBEDTLS_PK_NONE,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
+FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * For namedCurve (RFC 5480)
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    mbedtls_ecp_group_id        grp_id;
+} oid_ecp_grp_t;
+
+static const oid_ecp_grp_t oid_ecp_grp[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1",    "secp192r1" },
+        MBEDTLS_ECP_DP_SECP192R1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1",    "secp224r1" },
+        MBEDTLS_ECP_DP_SECP224R1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1",    "secp256r1" },
+        MBEDTLS_ECP_DP_SECP256R1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1",    "secp384r1" },
+        MBEDTLS_ECP_DP_SECP384R1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1",    "secp521r1" },
+        MBEDTLS_ECP_DP_SECP521R1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1",    "secp192k1" },
+        MBEDTLS_ECP_DP_SECP192K1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1",    "secp224k1" },
+        MBEDTLS_ECP_DP_SECP224K1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1",    "secp256k1" },
+        MBEDTLS_ECP_DP_SECP256K1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ),   "brainpoolP256r1","brainpool256r1" },
+        MBEDTLS_ECP_DP_BP256R1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ),   "brainpoolP384r1","brainpool384r1" },
+        MBEDTLS_ECP_DP_BP384R1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ),   "brainpoolP512r1","brainpool512r1" },
+        MBEDTLS_ECP_DP_BP512R1,
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        MBEDTLS_ECP_DP_NONE,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
+FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_CIPHER_C)
+/*
+ * For PKCS#5 PBES2 encryption algorithm
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    mbedtls_cipher_type_t       cipher_alg;
+} oid_cipher_alg_t;
+
+static const oid_cipher_alg_t oid_cipher_alg[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_DES_CBC ),              "desCBC",       "DES-CBC" },
+        MBEDTLS_CIPHER_DES_CBC,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ),         "des-ede3-cbc", "DES-EDE3-CBC" },
+        MBEDTLS_CIPHER_DES_EDE3_CBC,
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        MBEDTLS_CIPHER_NONE,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
+FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_MD_C)
+/*
+ * For digestAlgorithm
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    mbedtls_md_type_t           md_alg;
+} oid_md_alg_t;
+
+static const oid_md_alg_t oid_md_alg[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ),       "id-md2",       "MD2" },
+        MBEDTLS_MD_MD2,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ),       "id-md4",       "MD4" },
+        MBEDTLS_MD_MD4,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ),       "id-md5",       "MD5" },
+        MBEDTLS_MD_MD5,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ),      "id-sha1",      "SHA-1" },
+        MBEDTLS_MD_SHA1,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ),    "id-sha224",    "SHA-224" },
+        MBEDTLS_MD_SHA224,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ),    "id-sha256",    "SHA-256" },
+        MBEDTLS_MD_SHA256,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ),    "id-sha384",    "SHA-384" },
+        MBEDTLS_MD_SHA384,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ),    "id-sha512",    "SHA-512" },
+        MBEDTLS_MD_SHA512,
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        MBEDTLS_MD_NONE,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
+FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+/*
+ * For PKCS#12 PBEs
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    mbedtls_md_type_t           md_alg;
+    mbedtls_cipher_type_t       cipher_alg;
+} oid_pkcs12_pbe_alg_t;
+
+static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
+{
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
+        MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE3_CBC,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
+        MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE_CBC,
+    },
+    {
+        { NULL, 0, NULL, NULL },
+        MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
+FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
+#endif /* MBEDTLS_PKCS12_C */
+
+#define OID_SAFE_SNPRINTF                               \
+    do {                                                \
+        if( ret < 0 || (size_t) ret >= n )              \
+            return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );    \
+                                                        \
+        n -= (size_t) ret;                              \
+        p += (size_t) ret;                              \
+    } while( 0 )
+
+/* Return the x.y.z.... style numeric string for the given OID */
+int mbedtls_oid_get_numeric_string( char *buf, size_t size,
+                            const mbedtls_asn1_buf *oid )
+{
+    int ret;
+    size_t i, n;
+    unsigned int value;
+    char *p;
+
+    p = buf;
+    n = size;
+
+    /* First byte contains first two dots */
+    if( oid->len > 0 )
+    {
+        ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
+        OID_SAFE_SNPRINTF;
+    }
+
+    value = 0;
+    for( i = 1; i < oid->len; i++ )
+    {
+        /* Prevent overflow in value. */
+        if( ( ( value << 7 ) >> 7 ) != value )
+            return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );
+
+        value <<= 7;
+        value += oid->p[i] & 0x7F;
+
+        if( !( oid->p[i] & 0x80 ) )
+        {
+            /* Last byte */
+            ret = mbedtls_snprintf( p, n, ".%d", value );
+            OID_SAFE_SNPRINTF;
+            value = 0;
+        }
+    }
+
+    return( (int) ( size - n ) );
+}
+
+#endif /* MBEDTLS_OID_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/padlock.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,170 @@
+/*
+ *  VIA PadLock support functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  This implementation is based on the VIA PadLock Programming Guide:
+ *
+ *  http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/
+ *  programming_guide.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PADLOCK_C)
+
+#include "mbedtls/padlock.h"
+
+#include <string.h>
+
+#ifndef asm
+#define asm __asm
+#endif
+
+#if defined(MBEDTLS_HAVE_X86)
+
+/*
+ * PadLock detection routine
+ */
+int mbedtls_padlock_has_support( int feature )
+{
+    static int flags = -1;
+    int ebx = 0, edx = 0;
+
+    if( flags == -1 )
+    {
+        asm( "movl  %%ebx, %0           \n\t"
+             "movl  $0xC0000000, %%eax  \n\t"
+             "cpuid                     \n\t"
+             "cmpl  $0xC0000001, %%eax  \n\t"
+             "movl  $0, %%edx           \n\t"
+             "jb    unsupported         \n\t"
+             "movl  $0xC0000001, %%eax  \n\t"
+             "cpuid                     \n\t"
+             "unsupported:              \n\t"
+             "movl  %%edx, %1           \n\t"
+             "movl  %2, %%ebx           \n\t"
+             : "=m" (ebx), "=m" (edx)
+             :  "m" (ebx)
+             : "eax", "ecx", "edx" );
+
+        flags = edx;
+    }
+
+    return( flags & feature );
+}
+
+/*
+ * PadLock AES-ECB block en(de)cryption
+ */
+int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
+                       int mode,
+                       const unsigned char input[16],
+                       unsigned char output[16] )
+{
+    int ebx = 0;
+    uint32_t *rk;
+    uint32_t *blk;
+    uint32_t *ctrl;
+    unsigned char buf[256];
+
+    rk  = ctx->rk;
+    blk = MBEDTLS_PADLOCK_ALIGN16( buf );
+    memcpy( blk, input, 16 );
+
+     ctrl = blk + 4;
+    *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 );
+
+    asm( "pushfl                        \n\t"
+         "popfl                         \n\t"
+         "movl    %%ebx, %0             \n\t"
+         "movl    $1, %%ecx             \n\t"
+         "movl    %2, %%edx             \n\t"
+         "movl    %3, %%ebx             \n\t"
+         "movl    %4, %%esi             \n\t"
+         "movl    %4, %%edi             \n\t"
+         ".byte  0xf3,0x0f,0xa7,0xc8    \n\t"
+         "movl    %1, %%ebx             \n\t"
+         : "=m" (ebx)
+         :  "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
+         : "memory", "ecx", "edx", "esi", "edi" );
+
+    memcpy( output, blk, 16 );
+
+    return( 0 );
+}
+
+/*
+ * PadLock AES-CBC buffer en(de)cryption
+ */
+int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int ebx = 0;
+    size_t count;
+    uint32_t *rk;
+    uint32_t *iw;
+    uint32_t *ctrl;
+    unsigned char buf[256];
+
+    if( ( (long) input  & 15 ) != 0 ||
+        ( (long) output & 15 ) != 0 )
+        return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED );
+
+    rk = ctx->rk;
+    iw = MBEDTLS_PADLOCK_ALIGN16( buf );
+    memcpy( iw, iv, 16 );
+
+     ctrl = iw + 4;
+    *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 );
+
+    count = ( length + 15 ) >> 4;
+
+    asm( "pushfl                        \n\t"
+         "popfl                         \n\t"
+         "movl    %%ebx, %0             \n\t"
+         "movl    %2, %%ecx             \n\t"
+         "movl    %3, %%edx             \n\t"
+         "movl    %4, %%ebx             \n\t"
+         "movl    %5, %%esi             \n\t"
+         "movl    %6, %%edi             \n\t"
+         "movl    %7, %%eax             \n\t"
+         ".byte  0xf3,0x0f,0xa7,0xd0    \n\t"
+         "movl    %1, %%ebx             \n\t"
+         : "=m" (ebx)
+         :  "m" (ebx), "m" (count), "m" (ctrl),
+            "m"  (rk), "m" (input), "m" (output), "m" (iw)
+         : "memory", "eax", "ecx", "edx", "esi", "edi" );
+
+    memcpy( iv, iw, 16 );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_HAVE_X86 */
+
+#endif /* MBEDTLS_PADLOCK_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/pem.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,447 @@
+/*
+ *  Privacy Enhanced Mail (PEM) decoding
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
+
+#include "mbedtls/pem.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/des.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/cipher.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+void mbedtls_pem_init( mbedtls_pem_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_pem_context ) );
+}
+
+#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
+    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
+/*
+ * Read a 16-byte hex string and convert it to binary
+ */
+static int pem_get_iv( const unsigned char *s, unsigned char *iv,
+                       size_t iv_len )
+{
+    size_t i, j, k;
+
+    memset( iv, 0, iv_len );
+
+    for( i = 0; i < iv_len * 2; i++, s++ )
+    {
+        if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
+        if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
+        if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
+            return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+
+        k = ( ( i & 1 ) != 0 ) ? j : j << 4;
+
+        iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
+    }
+
+    return( 0 );
+}
+
+static void pem_pbkdf1( unsigned char *key, size_t keylen,
+                        unsigned char *iv,
+                        const unsigned char *pwd, size_t pwdlen )
+{
+    mbedtls_md5_context md5_ctx;
+    unsigned char md5sum[16];
+    size_t use_len;
+
+    mbedtls_md5_init( &md5_ctx );
+
+    /*
+     * key[ 0..15] = MD5(pwd || IV)
+     */
+    mbedtls_md5_starts( &md5_ctx );
+    mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
+    mbedtls_md5_update( &md5_ctx, iv,  8 );
+    mbedtls_md5_finish( &md5_ctx, md5sum );
+
+    if( keylen <= 16 )
+    {
+        memcpy( key, md5sum, keylen );
+
+        mbedtls_md5_free( &md5_ctx );
+        mbedtls_zeroize( md5sum, 16 );
+        return;
+    }
+
+    memcpy( key, md5sum, 16 );
+
+    /*
+     * key[16..23] = MD5(key[ 0..15] || pwd || IV])
+     */
+    mbedtls_md5_starts( &md5_ctx );
+    mbedtls_md5_update( &md5_ctx, md5sum,  16 );
+    mbedtls_md5_update( &md5_ctx, pwd, pwdlen );
+    mbedtls_md5_update( &md5_ctx, iv,  8 );
+    mbedtls_md5_finish( &md5_ctx, md5sum );
+
+    use_len = 16;
+    if( keylen < 32 )
+        use_len = keylen - 16;
+
+    memcpy( key + 16, md5sum, use_len );
+
+    mbedtls_md5_free( &md5_ctx );
+    mbedtls_zeroize( md5sum, 16 );
+}
+
+#if defined(MBEDTLS_DES_C)
+/*
+ * Decrypt with DES-CBC, using PBKDF1 for key derivation
+ */
+static void pem_des_decrypt( unsigned char des_iv[8],
+                               unsigned char *buf, size_t buflen,
+                               const unsigned char *pwd, size_t pwdlen )
+{
+    mbedtls_des_context des_ctx;
+    unsigned char des_key[8];
+
+    mbedtls_des_init( &des_ctx );
+
+    pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
+
+    mbedtls_des_setkey_dec( &des_ctx, des_key );
+    mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
+                     des_iv, buf, buf );
+
+    mbedtls_des_free( &des_ctx );
+    mbedtls_zeroize( des_key, 8 );
+}
+
+/*
+ * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
+ */
+static void pem_des3_decrypt( unsigned char des3_iv[8],
+                               unsigned char *buf, size_t buflen,
+                               const unsigned char *pwd, size_t pwdlen )
+{
+    mbedtls_des3_context des3_ctx;
+    unsigned char des3_key[24];
+
+    mbedtls_des3_init( &des3_ctx );
+
+    pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
+
+    mbedtls_des3_set3key_dec( &des3_ctx, des3_key );
+    mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
+                     des3_iv, buf, buf );
+
+    mbedtls_des3_free( &des3_ctx );
+    mbedtls_zeroize( des3_key, 24 );
+}
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_AES_C)
+/*
+ * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
+ */
+static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
+                               unsigned char *buf, size_t buflen,
+                               const unsigned char *pwd, size_t pwdlen )
+{
+    mbedtls_aes_context aes_ctx;
+    unsigned char aes_key[32];
+
+    mbedtls_aes_init( &aes_ctx );
+
+    pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
+
+    mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
+    mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
+                     aes_iv, buf, buf );
+
+    mbedtls_aes_free( &aes_ctx );
+    mbedtls_zeroize( aes_key, keylen );
+}
+#endif /* MBEDTLS_AES_C */
+
+#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
+          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
+
+int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
+                     const unsigned char *data, const unsigned char *pwd,
+                     size_t pwdlen, size_t *use_len )
+{
+    int ret, enc;
+    size_t len;
+    unsigned char *buf;
+    const unsigned char *s1, *s2, *end;
+#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
+    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
+    unsigned char pem_iv[16];
+    mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
+#else
+    ((void) pwd);
+    ((void) pwdlen);
+#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
+          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
+
+    if( ctx == NULL )
+        return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA );
+
+    s1 = (unsigned char *) strstr( (const char *) data, header );
+
+    if( s1 == NULL )
+        return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+
+    s2 = (unsigned char *) strstr( (const char *) data, footer );
+
+    if( s2 == NULL || s2 <= s1 )
+        return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+
+    s1 += strlen( header );
+    if( *s1 == ' '  ) s1++;
+    if( *s1 == '\r' ) s1++;
+    if( *s1 == '\n' ) s1++;
+    else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
+
+    end = s2;
+    end += strlen( footer );
+    if( *end == ' '  ) end++;
+    if( *end == '\r' ) end++;
+    if( *end == '\n' ) end++;
+    *use_len = end - data;
+
+    enc = 0;
+
+    if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
+    {
+#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
+    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
+        enc++;
+
+        s1 += 22;
+        if( *s1 == '\r' ) s1++;
+        if( *s1 == '\n' ) s1++;
+        else return( MBEDTLS_ERR_PEM_INVALID_DATA );
+
+
+#if defined(MBEDTLS_DES_C)
+        if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
+        {
+            enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
+
+            s1 += 23;
+            if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
+                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+
+            s1 += 16;
+        }
+        else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
+        {
+            enc_alg = MBEDTLS_CIPHER_DES_CBC;
+
+            s1 += 18;
+            if( pem_get_iv( s1, pem_iv, 8) != 0 )
+                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+
+            s1 += 16;
+        }
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_AES_C)
+        if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
+        {
+            if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
+                enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
+            else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
+                enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
+            else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
+                enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
+            else
+                return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
+
+            s1 += 22;
+            if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
+                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
+
+            s1 += 32;
+        }
+#endif /* MBEDTLS_AES_C */
+
+        if( enc_alg == MBEDTLS_CIPHER_NONE )
+            return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
+
+        if( *s1 == '\r' ) s1++;
+        if( *s1 == '\n' ) s1++;
+        else return( MBEDTLS_ERR_PEM_INVALID_DATA );
+#else
+        return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
+          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
+    }
+
+    if( s1 == s2 )
+        return( MBEDTLS_ERR_PEM_INVALID_DATA );
+
+    ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
+
+    if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
+        return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
+
+    if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
+        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
+
+    if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
+    {
+        mbedtls_free( buf );
+        return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
+    }
+
+    if( enc != 0 )
+    {
+#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
+    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
+        if( pwd == NULL )
+        {
+            mbedtls_free( buf );
+            return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
+        }
+
+#if defined(MBEDTLS_DES_C)
+        if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
+            pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
+        else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
+            pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_AES_C)
+        if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
+            pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
+        else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
+            pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
+        else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
+            pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
+#endif /* MBEDTLS_AES_C */
+
+        /*
+         * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
+         * length bytes (allow 4 to be sure) in all known use cases.
+         *
+         * Use that as heurisitic to try detecting password mismatchs.
+         */
+        if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
+        {
+            mbedtls_free( buf );
+            return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
+        }
+#else
+        mbedtls_free( buf );
+        return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
+          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
+    }
+
+    ctx->buf = buf;
+    ctx->buflen = len;
+
+    return( 0 );
+}
+
+void mbedtls_pem_free( mbedtls_pem_context *ctx )
+{
+    mbedtls_free( ctx->buf );
+    mbedtls_free( ctx->info );
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) );
+}
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+int mbedtls_pem_write_buffer( const char *header, const char *footer,
+                      const unsigned char *der_data, size_t der_len,
+                      unsigned char *buf, size_t buf_len, size_t *olen )
+{
+    int ret;
+    unsigned char *encode_buf, *c, *p = buf;
+    size_t len = 0, use_len, add_len = 0;
+
+    mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
+    add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
+
+    if( use_len + add_len > buf_len )
+    {
+        *olen = use_len + add_len;
+        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+    }
+
+    if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
+        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
+
+    if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
+                               der_len ) ) != 0 )
+    {
+        mbedtls_free( encode_buf );
+        return( ret );
+    }
+
+    memcpy( p, header, strlen( header ) );
+    p += strlen( header );
+    c = encode_buf;
+
+    while( use_len )
+    {
+        len = ( use_len > 64 ) ? 64 : use_len;
+        memcpy( p, c, len );
+        use_len -= len;
+        p += len;
+        c += len;
+        *p++ = '\n';
+    }
+
+    memcpy( p, footer, strlen( footer ) );
+    p += strlen( footer );
+
+    *p++ = '\0';
+    *olen = p - buf;
+
+    mbedtls_free( encode_buf );
+    return( 0 );
+}
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/pk.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,374 @@
+/*
+ *  Public Key abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PK_C)
+#include "mbedtls/pk.h"
+#include "mbedtls/pk_internal.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "mbedtls/rsa.h"
+#endif
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+#include "mbedtls/ecdsa.h"
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * Initialise a mbedtls_pk_context
+ */
+void mbedtls_pk_init( mbedtls_pk_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    ctx->pk_info = NULL;
+    ctx->pk_ctx = NULL;
+}
+
+/*
+ * Free (the components of) a mbedtls_pk_context
+ */
+void mbedtls_pk_free( mbedtls_pk_context *ctx )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return;
+
+    ctx->pk_info->ctx_free_func( ctx->pk_ctx );
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
+}
+
+/*
+ * Get pk_info structure from type
+ */
+const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
+{
+    switch( pk_type ) {
+#if defined(MBEDTLS_RSA_C)
+        case MBEDTLS_PK_RSA:
+            return( &mbedtls_rsa_info );
+#endif
+#if defined(MBEDTLS_ECP_C)
+        case MBEDTLS_PK_ECKEY:
+            return( &mbedtls_eckey_info );
+        case MBEDTLS_PK_ECKEY_DH:
+            return( &mbedtls_eckeydh_info );
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+        case MBEDTLS_PK_ECDSA:
+            return( &mbedtls_ecdsa_info );
+#endif
+        /* MBEDTLS_PK_RSA_ALT omitted on purpose */
+        default:
+            return( NULL );
+    }
+}
+
+/*
+ * Initialise context
+ */
+int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
+{
+    if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
+        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+
+    ctx->pk_info = info;
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/*
+ * Initialize an RSA-alt context
+ */
+int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
+                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+                         mbedtls_pk_rsa_alt_sign_func sign_func,
+                         mbedtls_pk_rsa_alt_key_len_func key_len_func )
+{
+    mbedtls_rsa_alt_context *rsa_alt;
+    const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
+
+    if( ctx == NULL || ctx->pk_info != NULL )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
+        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+
+    ctx->pk_info = info;
+
+    rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
+
+    rsa_alt->key = key;
+    rsa_alt->decrypt_func = decrypt_func;
+    rsa_alt->sign_func = sign_func;
+    rsa_alt->key_len_func = key_len_func;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+/*
+ * Tell if a PK can do the operations of the given type
+ */
+int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
+{
+    /* null or NONE context can't do anything */
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( 0 );
+
+    return( ctx->pk_info->can_do( type ) );
+}
+
+/*
+ * Helper for mbedtls_pk_sign and mbedtls_pk_verify
+ */
+static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
+{
+    const mbedtls_md_info_t *md_info;
+
+    if( *hash_len != 0 )
+        return( 0 );
+
+    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
+        return( -1 );
+
+    *hash_len = mbedtls_md_get_size( md_info );
+    return( 0 );
+}
+
+/*
+ * Verify a signature
+ */
+int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+               const unsigned char *hash, size_t hash_len,
+               const unsigned char *sig, size_t sig_len )
+{
+    if( ctx == NULL || ctx->pk_info == NULL ||
+        pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( ctx->pk_info->verify_func == NULL )
+        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+    return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
+                                       sig, sig_len ) );
+}
+
+/*
+ * Verify a signature with options
+ */
+int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
+                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   const unsigned char *sig, size_t sig_len )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( ! mbedtls_pk_can_do( ctx, type ) )
+        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+    if( type == MBEDTLS_PK_RSASSA_PSS )
+    {
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
+        int ret;
+        const mbedtls_pk_rsassa_pss_options *pss_opts;
+
+        if( options == NULL )
+            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+        pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
+
+        if( sig_len < mbedtls_pk_get_len( ctx ) )
+            return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+        ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
+                NULL, NULL, MBEDTLS_RSA_PUBLIC,
+                md_alg, (unsigned int) hash_len, hash,
+                pss_opts->mgf1_hash_id,
+                pss_opts->expected_salt_len,
+                sig );
+        if( ret != 0 )
+            return( ret );
+
+        if( sig_len > mbedtls_pk_get_len( ctx ) )
+            return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+
+        return( 0 );
+#else
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+#endif
+    }
+
+    /* General case: no options */
+    if( options != NULL )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
+}
+
+/*
+ * Make a signature
+ */
+int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
+             const unsigned char *hash, size_t hash_len,
+             unsigned char *sig, size_t *sig_len,
+             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    if( ctx == NULL || ctx->pk_info == NULL ||
+        pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( ctx->pk_info->sign_func == NULL )
+        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+    return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
+                                     sig, sig_len, f_rng, p_rng ) );
+}
+
+/*
+ * Decrypt message
+ */
+int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( ctx->pk_info->decrypt_func == NULL )
+        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+    return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
+                output, olen, osize, f_rng, p_rng ) );
+}
+
+/*
+ * Encrypt message
+ */
+int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
+                const unsigned char *input, size_t ilen,
+                unsigned char *output, size_t *olen, size_t osize,
+                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( ctx->pk_info->encrypt_func == NULL )
+        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+    return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
+                output, olen, osize, f_rng, p_rng ) );
+}
+
+/*
+ * Check public-private key pair
+ */
+int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
+{
+    if( pub == NULL || pub->pk_info == NULL ||
+        prv == NULL || prv->pk_info == NULL ||
+        prv->pk_info->check_pair_func == NULL )
+    {
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    }
+
+    if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
+    {
+        if( pub->pk_info->type != MBEDTLS_PK_RSA )
+            return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    }
+    else
+    {
+        if( pub->pk_info != prv->pk_info )
+            return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+    }
+
+    return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
+}
+
+/*
+ * Get key size in bits
+ */
+size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( 0 );
+
+    return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
+}
+
+/*
+ * Export debug information
+ */
+int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    if( ctx->pk_info->debug_func == NULL )
+        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+    ctx->pk_info->debug_func( ctx->pk_ctx, items );
+    return( 0 );
+}
+
+/*
+ * Access the PK type name
+ */
+const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( "invalid PK" );
+
+    return( ctx->pk_info->name );
+}
+
+/*
+ * Access the PK type
+ */
+mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( MBEDTLS_PK_NONE );
+
+    return( ctx->pk_info->type );
+}
+
+#endif /* MBEDTLS_PK_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/pk_wrap.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,495 @@
+/*
+ *  Public Key abstraction layer: wrapper functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PK_C)
+#include "mbedtls/pk_internal.h"
+
+/* Even if RSA not activated, for the sake of RSA-alt */
+#include "mbedtls/rsa.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif
+
+#if defined(MBEDTLS_ECDSA_C)
+#include "mbedtls/ecdsa.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+static int rsa_can_do( mbedtls_pk_type_t type )
+{
+    return( type == MBEDTLS_PK_RSA ||
+            type == MBEDTLS_PK_RSASSA_PSS );
+}
+
+static size_t rsa_get_bitlen( const void *ctx )
+{
+    return( 8 * ((const mbedtls_rsa_context *) ctx)->len );
+}
+
+static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   const unsigned char *sig, size_t sig_len )
+{
+    int ret;
+
+    if( sig_len < ((mbedtls_rsa_context *) ctx)->len )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( ( ret = mbedtls_rsa_pkcs1_verify( (mbedtls_rsa_context *) ctx, NULL, NULL,
+                                  MBEDTLS_RSA_PUBLIC, md_alg,
+                                  (unsigned int) hash_len, hash, sig ) ) != 0 )
+        return( ret );
+
+    if( sig_len > ((mbedtls_rsa_context *) ctx)->len )
+        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+
+    return( 0 );
+}
+
+static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   unsigned char *sig, size_t *sig_len,
+                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    *sig_len = ((mbedtls_rsa_context *) ctx)->len;
+
+    return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
+                md_alg, (unsigned int) hash_len, hash, sig ) );
+}
+
+static int rsa_decrypt_wrap( void *ctx,
+                    const unsigned char *input, size_t ilen,
+                    unsigned char *output, size_t *olen, size_t osize,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    if( ilen != ((mbedtls_rsa_context *) ctx)->len )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
+                MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
+}
+
+static int rsa_encrypt_wrap( void *ctx,
+                    const unsigned char *input, size_t ilen,
+                    unsigned char *output, size_t *olen, size_t osize,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    *olen = ((mbedtls_rsa_context *) ctx)->len;
+
+    if( *olen > osize )
+        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+
+    return( mbedtls_rsa_pkcs1_encrypt( (mbedtls_rsa_context *) ctx,
+                f_rng, p_rng, MBEDTLS_RSA_PUBLIC, ilen, input, output ) );
+}
+
+static int rsa_check_pair_wrap( const void *pub, const void *prv )
+{
+    return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
+                                (const mbedtls_rsa_context *) prv ) );
+}
+
+static void *rsa_alloc_wrap( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
+
+    if( ctx != NULL )
+        mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
+
+    return( ctx );
+}
+
+static void rsa_free_wrap( void *ctx )
+{
+    mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
+{
+    items->type = MBEDTLS_PK_DEBUG_MPI;
+    items->name = "rsa.N";
+    items->value = &( ((mbedtls_rsa_context *) ctx)->N );
+
+    items++;
+
+    items->type = MBEDTLS_PK_DEBUG_MPI;
+    items->name = "rsa.E";
+    items->value = &( ((mbedtls_rsa_context *) ctx)->E );
+}
+
+const mbedtls_pk_info_t mbedtls_rsa_info = {
+    MBEDTLS_PK_RSA,
+    "RSA",
+    rsa_get_bitlen,
+    rsa_can_do,
+    rsa_verify_wrap,
+    rsa_sign_wrap,
+    rsa_decrypt_wrap,
+    rsa_encrypt_wrap,
+    rsa_check_pair_wrap,
+    rsa_alloc_wrap,
+    rsa_free_wrap,
+    rsa_debug,
+};
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * Generic EC key
+ */
+static int eckey_can_do( mbedtls_pk_type_t type )
+{
+    return( type == MBEDTLS_PK_ECKEY ||
+            type == MBEDTLS_PK_ECKEY_DH ||
+            type == MBEDTLS_PK_ECDSA );
+}
+
+static size_t eckey_get_bitlen( const void *ctx )
+{
+    return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
+}
+
+#if defined(MBEDTLS_ECDSA_C)
+/* Forward declarations */
+static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
+                       const unsigned char *sig, size_t sig_len );
+
+static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   unsigned char *sig, size_t *sig_len,
+                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
+                       const unsigned char *sig, size_t sig_len )
+{
+    int ret;
+    mbedtls_ecdsa_context ecdsa;
+
+    mbedtls_ecdsa_init( &ecdsa );
+
+    if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
+        ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
+
+    mbedtls_ecdsa_free( &ecdsa );
+
+    return( ret );
+}
+
+static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   unsigned char *sig, size_t *sig_len,
+                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret;
+    mbedtls_ecdsa_context ecdsa;
+
+    mbedtls_ecdsa_init( &ecdsa );
+
+    if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
+        ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
+                               f_rng, p_rng );
+
+    mbedtls_ecdsa_free( &ecdsa );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_ECDSA_C */
+
+static int eckey_check_pair( const void *pub, const void *prv )
+{
+    return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
+                                (const mbedtls_ecp_keypair *) prv ) );
+}
+
+static void *eckey_alloc_wrap( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
+
+    if( ctx != NULL )
+        mbedtls_ecp_keypair_init( ctx );
+
+    return( ctx );
+}
+
+static void eckey_free_wrap( void *ctx )
+{
+    mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
+    mbedtls_free( ctx );
+}
+
+static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
+{
+    items->type = MBEDTLS_PK_DEBUG_ECP;
+    items->name = "eckey.Q";
+    items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
+}
+
+const mbedtls_pk_info_t mbedtls_eckey_info = {
+    MBEDTLS_PK_ECKEY,
+    "EC",
+    eckey_get_bitlen,
+    eckey_can_do,
+#if defined(MBEDTLS_ECDSA_C)
+    eckey_verify_wrap,
+    eckey_sign_wrap,
+#else
+    NULL,
+    NULL,
+#endif
+    NULL,
+    NULL,
+    eckey_check_pair,
+    eckey_alloc_wrap,
+    eckey_free_wrap,
+    eckey_debug,
+};
+
+/*
+ * EC key restricted to ECDH
+ */
+static int eckeydh_can_do( mbedtls_pk_type_t type )
+{
+    return( type == MBEDTLS_PK_ECKEY ||
+            type == MBEDTLS_PK_ECKEY_DH );
+}
+
+const mbedtls_pk_info_t mbedtls_eckeydh_info = {
+    MBEDTLS_PK_ECKEY_DH,
+    "EC_DH",
+    eckey_get_bitlen,         /* Same underlying key structure */
+    eckeydh_can_do,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    eckey_check_pair,
+    eckey_alloc_wrap,       /* Same underlying key structure */
+    eckey_free_wrap,        /* Same underlying key structure */
+    eckey_debug,            /* Same underlying key structure */
+};
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_ECDSA_C)
+static int ecdsa_can_do( mbedtls_pk_type_t type )
+{
+    return( type == MBEDTLS_PK_ECDSA );
+}
+
+static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
+                       const unsigned char *sig, size_t sig_len )
+{
+    int ret;
+    ((void) md_alg);
+
+    ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
+                                hash, hash_len, sig, sig_len );
+
+    if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
+        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
+
+    return( ret );
+}
+
+static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   unsigned char *sig, size_t *sig_len,
+                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
+                md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
+}
+
+static void *ecdsa_alloc_wrap( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
+
+    if( ctx != NULL )
+        mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
+
+    return( ctx );
+}
+
+static void ecdsa_free_wrap( void *ctx )
+{
+    mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+const mbedtls_pk_info_t mbedtls_ecdsa_info = {
+    MBEDTLS_PK_ECDSA,
+    "ECDSA",
+    eckey_get_bitlen,     /* Compatible key structures */
+    ecdsa_can_do,
+    ecdsa_verify_wrap,
+    ecdsa_sign_wrap,
+    NULL,
+    NULL,
+    eckey_check_pair,   /* Compatible key structures */
+    ecdsa_alloc_wrap,
+    ecdsa_free_wrap,
+    eckey_debug,        /* Compatible key structures */
+};
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+/*
+ * Support for alternative RSA-private implementations
+ */
+
+static int rsa_alt_can_do( mbedtls_pk_type_t type )
+{
+    return( type == MBEDTLS_PK_RSA );
+}
+
+static size_t rsa_alt_get_bitlen( const void *ctx )
+{
+    const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
+
+    return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
+}
+
+static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   unsigned char *sig, size_t *sig_len,
+                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
+
+    *sig_len = rsa_alt->key_len_func( rsa_alt->key );
+
+    return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
+                md_alg, (unsigned int) hash_len, hash, sig ) );
+}
+
+static int rsa_alt_decrypt_wrap( void *ctx,
+                    const unsigned char *input, size_t ilen,
+                    unsigned char *output, size_t *olen, size_t osize,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
+
+    ((void) f_rng);
+    ((void) p_rng);
+
+    if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    return( rsa_alt->decrypt_func( rsa_alt->key,
+                MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
+}
+
+#if defined(MBEDTLS_RSA_C)
+static int rsa_alt_check_pair( const void *pub, const void *prv )
+{
+    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char hash[32];
+    size_t sig_len = 0;
+    int ret;
+
+    if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+
+    memset( hash, 0x2a, sizeof( hash ) );
+
+    if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
+                                   hash, sizeof( hash ),
+                                   sig, &sig_len, NULL, NULL ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
+                         hash, sizeof( hash ), sig, sig_len ) != 0 )
+    {
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_RSA_C */
+
+static void *rsa_alt_alloc_wrap( void )
+{
+    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
+
+    if( ctx != NULL )
+        memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
+
+    return( ctx );
+}
+
+static void rsa_alt_free_wrap( void *ctx )
+{
+    mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
+    mbedtls_free( ctx );
+}
+
+const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
+    MBEDTLS_PK_RSA_ALT,
+    "RSA-alt",
+    rsa_alt_get_bitlen,
+    rsa_alt_can_do,
+    NULL,
+    rsa_alt_sign_wrap,
+    rsa_alt_decrypt_wrap,
+    NULL,
+#if defined(MBEDTLS_RSA_C)
+    rsa_alt_check_pair,
+#else
+    NULL,
+#endif
+    rsa_alt_alloc_wrap,
+    rsa_alt_free_wrap,
+    NULL,
+};
+
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+#endif /* MBEDTLS_PK_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/pkcs11.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,240 @@
+/**
+ * \file pkcs11.c
+ *
+ * \brief Wrapper for PKCS#11 library libpkcs11-helper
+ *
+ * \author Adriaan de Jong <dejong@fox-it.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#include "mbedtls/pkcs11.h"
+
+#if defined(MBEDTLS_PKCS11_C)
+
+#include "mbedtls/md.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/x509_crt.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#include <string.h>
+
+void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) );
+}
+
+int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
+{
+    int ret = 1;
+    unsigned char *cert_blob = NULL;
+    size_t cert_blob_size = 0;
+
+    if( cert == NULL )
+    {
+        ret = 2;
+        goto cleanup;
+    }
+
+    if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
+                                                &cert_blob_size ) != CKR_OK )
+    {
+        ret = 3;
+        goto cleanup;
+    }
+
+    cert_blob = mbedtls_calloc( 1, cert_blob_size );
+    if( NULL == cert_blob )
+    {
+        ret = 4;
+        goto cleanup;
+    }
+
+    if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
+                                                &cert_blob_size ) != CKR_OK )
+    {
+        ret = 5;
+        goto cleanup;
+    }
+
+    if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) )
+    {
+        ret = 6;
+        goto cleanup;
+    }
+
+    ret = 0;
+
+cleanup:
+    if( NULL != cert_blob )
+        mbedtls_free( cert_blob );
+
+    return( ret );
+}
+
+
+int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
+        pkcs11h_certificate_t pkcs11_cert )
+{
+    int ret = 1;
+    mbedtls_x509_crt cert;
+
+    mbedtls_x509_crt_init( &cert );
+
+    if( priv_key == NULL )
+        goto cleanup;
+
+    if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) )
+        goto cleanup;
+
+    priv_key->len = mbedtls_pk_get_len( &cert.pk );
+    priv_key->pkcs11h_cert = pkcs11_cert;
+
+    ret = 0;
+
+cleanup:
+    mbedtls_x509_crt_free( &cert );
+
+    return( ret );
+}
+
+void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
+{
+    if( NULL != priv_key )
+        pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
+}
+
+int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len )
+{
+    size_t input_len, output_len;
+
+    if( NULL == ctx )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    if( MBEDTLS_RSA_PRIVATE != mode )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    output_len = input_len = ctx->len;
+
+    if( input_len < 16 || input_len > output_max_len )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    /* Determine size of output buffer */
+    if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
+            input_len, NULL, &output_len ) != CKR_OK )
+    {
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    }
+
+    if( output_len > output_max_len )
+        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+
+    if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
+            input_len, output, &output_len ) != CKR_OK )
+    {
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    }
+    *olen = output_len;
+    return( 0 );
+}
+
+int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig )
+{
+    size_t sig_len = 0, asn_len = 0, oid_size = 0;
+    unsigned char *p = sig;
+    const char *oid;
+
+    if( NULL == ctx )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    if( MBEDTLS_RSA_PRIVATE != mode )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    if( md_alg != MBEDTLS_MD_NONE )
+    {
+        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+        if( md_info == NULL )
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+        if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+        hashlen = mbedtls_md_get_size( md_info );
+        asn_len = 10 + oid_size;
+    }
+
+    sig_len = ctx->len;
+    if( hashlen > sig_len || asn_len > sig_len ||
+        hashlen + asn_len > sig_len )
+    {
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    }
+
+    if( md_alg != MBEDTLS_MD_NONE )
+    {
+        /*
+         * DigestInfo ::= SEQUENCE {
+         *   digestAlgorithm DigestAlgorithmIdentifier,
+         *   digest Digest }
+         *
+         * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+         *
+         * Digest ::= OCTET STRING
+         */
+        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
+        *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
+        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
+        *p++ = (unsigned char) ( 0x04 + oid_size );
+        *p++ = MBEDTLS_ASN1_OID;
+        *p++ = oid_size & 0xFF;
+        memcpy( p, oid, oid_size );
+        p += oid_size;
+        *p++ = MBEDTLS_ASN1_NULL;
+        *p++ = 0x00;
+        *p++ = MBEDTLS_ASN1_OCTET_STRING;
+        *p++ = hashlen;
+    }
+
+    memcpy( p, hash, hashlen );
+
+    if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
+            asn_len + hashlen, sig, &sig_len ) != CKR_OK )
+    {
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    }
+
+    return( 0 );
+}
+
+#endif /* defined(MBEDTLS_PKCS11_C) */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/pkcs12.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,365 @@
+/*
+ *  PKCS#12 Personal Information Exchange Syntax
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The PKCS #12 Personal Information Exchange Syntax Standard v1.1
+ *
+ *  http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
+ *  ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PKCS12_C)
+
+#include "mbedtls/pkcs12.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/cipher.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_ARC4_C)
+#include "mbedtls/arc4.h"
+#endif
+
+#if defined(MBEDTLS_DES_C)
+#include "mbedtls/des.h"
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
+                                    mbedtls_asn1_buf *salt, int *iterations )
+{
+    int ret;
+    unsigned char **p = &params->p;
+    const unsigned char *end = params->p + params->len;
+
+    /*
+     *  pkcs-12PbeParams ::= SEQUENCE {
+     *    salt          OCTET STRING,
+     *    iterations    INTEGER
+     *  }
+     *
+     */
+    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
+
+    salt->p = *p;
+    *p += salt->len;
+
+    if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
+        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
+
+    if( *p != end )
+        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+#define PKCS12_MAX_PWDLEN 128
+
+static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
+                                     const unsigned char *pwd,  size_t pwdlen,
+                                     unsigned char *key, size_t keylen,
+                                     unsigned char *iv,  size_t ivlen )
+{
+    int ret, iterations;
+    mbedtls_asn1_buf salt;
+    size_t i;
+    unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
+
+    if( pwdlen > PKCS12_MAX_PWDLEN )
+        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+
+    memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
+    memset( &unipwd, 0, sizeof(unipwd) );
+
+    if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
+                                         &iterations ) ) != 0 )
+        return( ret );
+
+    for( i = 0; i < pwdlen; i++ )
+        unipwd[i * 2 + 1] = pwd[i];
+
+    if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
+                                   salt.p, salt.len, md_type,
+                                   MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    if( iv == NULL || ivlen == 0 )
+        return( 0 );
+
+    if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
+                                   salt.p, salt.len, md_type,
+                                   MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
+    {
+        return( ret );
+    }
+    return( 0 );
+}
+
+#undef PKCS12_MAX_PWDLEN
+
+int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
+                             const unsigned char *pwd,  size_t pwdlen,
+                             const unsigned char *data, size_t len,
+                             unsigned char *output )
+{
+#if !defined(MBEDTLS_ARC4_C)
+    ((void) pbe_params);
+    ((void) mode);
+    ((void) pwd);
+    ((void) pwdlen);
+    ((void) data);
+    ((void) len);
+    ((void) output);
+    return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+#else
+    int ret;
+    unsigned char key[16];
+    mbedtls_arc4_context ctx;
+    ((void) mode);
+
+    mbedtls_arc4_init( &ctx );
+
+    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,
+                                          pwd, pwdlen,
+                                          key, 16, NULL, 0 ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    mbedtls_arc4_setup( &ctx, key, 16 );
+    if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )
+        goto exit;
+
+exit:
+    mbedtls_zeroize( key, sizeof( key ) );
+    mbedtls_arc4_free( &ctx );
+
+    return( ret );
+#endif /* MBEDTLS_ARC4_C */
+}
+
+int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
+                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
+                const unsigned char *pwd,  size_t pwdlen,
+                const unsigned char *data, size_t len,
+                unsigned char *output )
+{
+    int ret, keylen = 0;
+    unsigned char key[32];
+    unsigned char iv[16];
+    const mbedtls_cipher_info_t *cipher_info;
+    mbedtls_cipher_context_t cipher_ctx;
+    size_t olen = 0;
+
+    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
+    if( cipher_info == NULL )
+        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+
+    keylen = cipher_info->key_bitlen / 8;
+
+    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
+                                          key, keylen,
+                                          iv, cipher_info->iv_size ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    mbedtls_cipher_init( &cipher_ctx );
+
+    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
+        goto exit;
+
+    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
+        goto exit;
+
+    if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
+        goto exit;
+
+    if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )
+        goto exit;
+
+    if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,
+                                output, &olen ) ) != 0 )
+    {
+        goto exit;
+    }
+
+    if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
+        ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
+
+exit:
+    mbedtls_zeroize( key, sizeof( key ) );
+    mbedtls_zeroize( iv,  sizeof( iv  ) );
+    mbedtls_cipher_free( &cipher_ctx );
+
+    return( ret );
+}
+
+static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
+                                const unsigned char *filler, size_t fill_len )
+{
+    unsigned char *p = data;
+    size_t use_len;
+
+    while( data_len > 0 )
+    {
+        use_len = ( data_len > fill_len ) ? fill_len : data_len;
+        memcpy( p, filler, use_len );
+        p += use_len;
+        data_len -= use_len;
+    }
+}
+
+int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
+                       const unsigned char *pwd, size_t pwdlen,
+                       const unsigned char *salt, size_t saltlen,
+                       mbedtls_md_type_t md_type, int id, int iterations )
+{
+    int ret;
+    unsigned int j;
+
+    unsigned char diversifier[128];
+    unsigned char salt_block[128], pwd_block[128], hash_block[128];
+    unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
+    unsigned char *p;
+    unsigned char c;
+
+    size_t hlen, use_len, v, i;
+
+    const mbedtls_md_info_t *md_info;
+    mbedtls_md_context_t md_ctx;
+
+    // This version only allows max of 64 bytes of password or salt
+    if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
+        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
+
+    md_info = mbedtls_md_info_from_type( md_type );
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
+
+    mbedtls_md_init( &md_ctx );
+
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+        return( ret );
+    hlen = mbedtls_md_get_size( md_info );
+
+    if( hlen <= 32 )
+        v = 64;
+    else
+        v = 128;
+
+    memset( diversifier, (unsigned char) id, v );
+
+    pkcs12_fill_buffer( salt_block, v, salt, saltlen );
+    pkcs12_fill_buffer( pwd_block,  v, pwd,  pwdlen  );
+
+    p = data;
+    while( datalen > 0 )
+    {
+        // Calculate hash( diversifier || salt_block || pwd_block )
+        if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
+            goto exit;
+
+        if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
+            goto exit;
+
+        if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
+            goto exit;
+
+        if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
+            goto exit;
+
+        if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
+            goto exit;
+
+        // Perform remaining ( iterations - 1 ) recursive hash calculations
+        for( i = 1; i < (size_t) iterations; i++ )
+        {
+            if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
+                goto exit;
+        }
+
+        use_len = ( datalen > hlen ) ? hlen : datalen;
+        memcpy( p, hash_output, use_len );
+        datalen -= use_len;
+        p += use_len;
+
+        if( datalen == 0 )
+            break;
+
+        // Concatenating copies of hash_output into hash_block (B)
+        pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
+
+        // B += 1
+        for( i = v; i > 0; i-- )
+            if( ++hash_block[i - 1] != 0 )
+                break;
+
+        // salt_block += B
+        c = 0;
+        for( i = v; i > 0; i-- )
+        {
+            j = salt_block[i - 1] + hash_block[i - 1] + c;
+            c = (unsigned char) (j >> 8);
+            salt_block[i - 1] = j & 0xFF;
+        }
+
+        // pwd_block  += B
+        c = 0;
+        for( i = v; i > 0; i-- )
+        {
+            j = pwd_block[i - 1] + hash_block[i - 1] + c;
+            c = (unsigned char) (j >> 8);
+            pwd_block[i - 1] = j & 0xFF;
+        }
+    }
+
+    ret = 0;
+
+exit:
+    mbedtls_zeroize( salt_block, sizeof( salt_block ) );
+    mbedtls_zeroize( pwd_block, sizeof( pwd_block ) );
+    mbedtls_zeroize( hash_block, sizeof( hash_block ) );
+    mbedtls_zeroize( hash_output, sizeof( hash_output ) );
+
+    mbedtls_md_free( &md_ctx );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_PKCS12_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/pkcs5.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,405 @@
+/**
+ * \file pkcs5.c
+ *
+ * \brief PKCS#5 functions
+ *
+ * \author Mathias Olsson <mathias@kompetensum.com>
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * PKCS#5 includes PBKDF2 and more
+ *
+ * http://tools.ietf.org/html/rfc2898 (Specification)
+ * http://tools.ietf.org/html/rfc6070 (Test vectors)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PKCS5_C)
+
+#include "mbedtls/pkcs5.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/oid.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
+                                      mbedtls_asn1_buf *salt, int *iterations,
+                                      int *keylen, mbedtls_md_type_t *md_type )
+{
+    int ret;
+    mbedtls_asn1_buf prf_alg_oid;
+    unsigned char *p = params->p;
+    const unsigned char *end = params->p + params->len;
+
+    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+    /*
+     *  PBKDF2-params ::= SEQUENCE {
+     *    salt              OCTET STRING,
+     *    iterationCount    INTEGER,
+     *    keyLength         INTEGER OPTIONAL
+     *    prf               AlgorithmIdentifier DEFAULT algid-hmacWithSHA1
+     *  }
+     *
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
+
+    salt->p = p;
+    p += salt->len;
+
+    if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 )
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
+
+    if( p == end )
+        return( 0 );
+
+    if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 )
+    {
+        if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+            return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
+    }
+
+    if( p == end )
+        return( 0 );
+
+    if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
+
+    if( MBEDTLS_OID_CMP( MBEDTLS_OID_HMAC_SHA1, &prf_alg_oid ) != 0 )
+        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+    *md_type = MBEDTLS_MD_SHA1;
+
+    if( p != end )
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
+                 const unsigned char *pwd,  size_t pwdlen,
+                 const unsigned char *data, size_t datalen,
+                 unsigned char *output )
+{
+    int ret, iterations = 0, keylen = 0;
+    unsigned char *p, *end;
+    mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
+    mbedtls_asn1_buf salt;
+    mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
+    unsigned char key[32], iv[32];
+    size_t olen = 0;
+    const mbedtls_md_info_t *md_info;
+    const mbedtls_cipher_info_t *cipher_info;
+    mbedtls_md_context_t md_ctx;
+    mbedtls_cipher_type_t cipher_alg;
+    mbedtls_cipher_context_t cipher_ctx;
+
+    p = pbe_params->p;
+    end = p + pbe_params->len;
+
+    /*
+     *  PBES2-params ::= SEQUENCE {
+     *    keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+     *    encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
+     *  }
+     */
+    if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+    if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 )
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
+
+    // Only PBKDF2 supported at the moment
+    //
+    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 )
+        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+    if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
+                                           &salt, &iterations, &keylen,
+                                           &md_type ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    md_info = mbedtls_md_info_from_type( md_type );
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+    if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
+                              &enc_scheme_params ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
+    }
+
+    if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
+        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+    cipher_info = mbedtls_cipher_info_from_type( cipher_alg );
+    if( cipher_info == NULL )
+        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
+
+    /*
+     * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
+     * since it is optional and we don't know if it was set or not
+     */
+    keylen = cipher_info->key_bitlen / 8;
+
+    if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
+        enc_scheme_params.len != cipher_info->iv_size )
+    {
+        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT );
+    }
+
+    mbedtls_md_init( &md_ctx );
+    mbedtls_cipher_init( &cipher_ctx );
+
+    memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
+
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+        goto exit;
+
+    if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
+                                   iterations, keylen, key ) ) != 0 )
+    {
+        goto exit;
+    }
+
+    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
+        goto exit;
+
+    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
+        goto exit;
+
+    if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
+                              data, datalen, output, &olen ) ) != 0 )
+        ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
+
+exit:
+    mbedtls_md_free( &md_ctx );
+    mbedtls_cipher_free( &cipher_ctx );
+
+    return( ret );
+}
+
+int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
+                       size_t plen, const unsigned char *salt, size_t slen,
+                       unsigned int iteration_count,
+                       uint32_t key_length, unsigned char *output )
+{
+    int ret, j;
+    unsigned int i;
+    unsigned char md1[MBEDTLS_MD_MAX_SIZE];
+    unsigned char work[MBEDTLS_MD_MAX_SIZE];
+    unsigned char md_size = mbedtls_md_get_size( ctx->md_info );
+    size_t use_len;
+    unsigned char *out_p = output;
+    unsigned char counter[4];
+
+    memset( counter, 0, 4 );
+    counter[3] = 1;
+
+    if( iteration_count > 0xFFFFFFFF )
+        return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA );
+
+    while( key_length )
+    {
+        // U1 ends up in work
+        //
+        if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
+            return( ret );
+
+        if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
+            return( ret );
+
+        if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
+            return( ret );
+
+        if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
+            return( ret );
+
+        memcpy( md1, work, md_size );
+
+        for( i = 1; i < iteration_count; i++ )
+        {
+            // U2 ends up in md1
+            //
+            if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
+                return( ret );
+
+            if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
+                return( ret );
+
+            if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
+                return( ret );
+
+            // U1 xor U2
+            //
+            for( j = 0; j < md_size; j++ )
+                work[j] ^= md1[j];
+        }
+
+        use_len = ( key_length < md_size ) ? key_length : md_size;
+        memcpy( out_p, work, use_len );
+
+        key_length -= (uint32_t) use_len;
+        out_p += use_len;
+
+        for( i = 4; i > 0; i-- )
+            if( ++counter[i - 1] != 0 )
+                break;
+    }
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+#if !defined(MBEDTLS_SHA1_C)
+int mbedtls_pkcs5_self_test( int verbose )
+{
+    if( verbose != 0 )
+        mbedtls_printf( "  PBKDF2 (SHA1): skipped\n\n" );
+
+    return( 0 );
+}
+#else
+
+#define MAX_TESTS   6
+
+static const size_t plen[MAX_TESTS] =
+    { 8, 8, 8, 24, 9 };
+
+static const unsigned char password[MAX_TESTS][32] =
+{
+    "password",
+    "password",
+    "password",
+    "passwordPASSWORDpassword",
+    "pass\0word",
+};
+
+static const size_t slen[MAX_TESTS] =
+    { 4, 4, 4, 36, 5 };
+
+static const unsigned char salt[MAX_TESTS][40] =
+{
+    "salt",
+    "salt",
+    "salt",
+    "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+    "sa\0lt",
+};
+
+static const uint32_t it_cnt[MAX_TESTS] =
+    { 1, 2, 4096, 4096, 4096 };
+
+static const uint32_t key_len[MAX_TESTS] =
+    { 20, 20, 20, 25, 16 };
+
+static const unsigned char result_key[MAX_TESTS][32] =
+{
+    { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
+      0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
+      0x2f, 0xe0, 0x37, 0xa6 },
+    { 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
+      0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
+      0xd8, 0xde, 0x89, 0x57 },
+    { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
+      0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
+      0x65, 0xa4, 0x29, 0xc1 },
+    { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
+      0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
+      0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
+      0x38 },
+    { 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
+      0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 },
+};
+
+int mbedtls_pkcs5_self_test( int verbose )
+{
+    mbedtls_md_context_t sha1_ctx;
+    const mbedtls_md_info_t *info_sha1;
+    int ret, i;
+    unsigned char key[64];
+
+    mbedtls_md_init( &sha1_ctx );
+
+    info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+    if( info_sha1 == NULL )
+    {
+        ret = 1;
+        goto exit;
+    }
+
+    if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 )
+    {
+        ret = 1;
+        goto exit;
+    }
+
+    for( i = 0; i < MAX_TESTS; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  PBKDF2 (SHA1) #%d: ", i );
+
+        ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
+                                  slen[i], it_cnt[i], key_len[i], key );
+        if( ret != 0 ||
+            memcmp( result_key[i], key, key_len[i] ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto exit;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    mbedtls_printf( "\n" );
+
+exit:
+    mbedtls_md_free( &sha1_ctx );
+
+    return( ret );
+}
+#endif /* MBEDTLS_SHA1_C */
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_PKCS5_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/pkparse.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1293 @@
+/*
+ *  Public Key layer for parsing key files and structures
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PK_PARSE_C)
+
+#include "mbedtls/pk.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/oid.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_RSA_C)
+#include "mbedtls/rsa.h"
+#endif
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+#include "mbedtls/ecdsa.h"
+#endif
+#if defined(MBEDTLS_PEM_PARSE_C)
+#include "mbedtls/pem.h"
+#endif
+#if defined(MBEDTLS_PKCS5_C)
+#include "mbedtls/pkcs5.h"
+#endif
+#if defined(MBEDTLS_PKCS12_C)
+#include "mbedtls/pkcs12.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#if defined(MBEDTLS_FS_IO)
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * Load all data from a file into a given buffer.
+ *
+ * The file is expected to contain either PEM or DER encoded data.
+ * A terminating null byte is always appended. It is included in the announced
+ * length only if the data looks like it is PEM encoded.
+ */
+int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
+{
+    FILE *f;
+    long size;
+
+    if( ( f = fopen( path, "rb" ) ) == NULL )
+        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+
+    fseek( f, 0, SEEK_END );
+    if( ( size = ftell( f ) ) == -1 )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+    }
+    fseek( f, 0, SEEK_SET );
+
+    *n = (size_t) size;
+
+    if( *n + 1 == 0 ||
+        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
+    {
+        fclose( f );
+        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+    }
+
+    if( fread( *buf, 1, *n, f ) != *n )
+    {
+        fclose( f );
+        mbedtls_free( *buf );
+        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+    }
+
+    fclose( f );
+
+    (*buf)[*n] = '\0';
+
+    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
+        ++*n;
+
+    return( 0 );
+}
+
+/*
+ * Load and parse a private key
+ */
+int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
+                      const char *path, const char *pwd )
+{
+    int ret;
+    size_t n;
+    unsigned char *buf;
+
+    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
+
+    if( pwd == NULL )
+        ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
+    else
+        ret = mbedtls_pk_parse_key( ctx, buf, n,
+                (const unsigned char *) pwd, strlen( pwd ) );
+
+    mbedtls_zeroize( buf, n );
+    mbedtls_free( buf );
+
+    return( ret );
+}
+
+/*
+ * Load and parse a public key
+ */
+int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
+{
+    int ret;
+    size_t n;
+    unsigned char *buf;
+
+    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
+
+    ret = mbedtls_pk_parse_public_key( ctx, buf, n );
+
+    mbedtls_zeroize( buf, n );
+    mbedtls_free( buf );
+
+    return( ret );
+}
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_ECP_C)
+/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
+ *
+ * ECParameters ::= CHOICE {
+ *   namedCurve         OBJECT IDENTIFIER
+ *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
+ *   -- implicitCurve   NULL
+ * }
+ */
+static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
+                            mbedtls_asn1_buf *params )
+{
+    int ret;
+
+    /* Tag may be either OID or SEQUENCE */
+    params->tag = **p;
+    if( params->tag != MBEDTLS_ASN1_OID
+#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+            && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
+#endif
+            )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+    }
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    params->p = *p;
+    *p += params->len;
+
+    if( *p != end )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+/*
+ * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
+ * WARNING: the resulting group should only be used with
+ * pk_group_id_from_specified(), since its base point may not be set correctly
+ * if it was encoded compressed.
+ *
+ *  SpecifiedECDomain ::= SEQUENCE {
+ *      version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
+ *      fieldID FieldID {{FieldTypes}},
+ *      curve Curve,
+ *      base ECPoint,
+ *      order INTEGER,
+ *      cofactor INTEGER OPTIONAL,
+ *      hash HashAlgorithm OPTIONAL,
+ *      ...
+ *  }
+ *
+ * We only support prime-field as field type, and ignore hash and cofactor.
+ */
+static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
+{
+    int ret;
+    unsigned char *p = params->p;
+    const unsigned char * const end = params->p + params->len;
+    const unsigned char *end_field, *end_curve;
+    size_t len;
+    int ver;
+
+    /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
+    if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( ver < 1 || ver > 3 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+
+    /*
+     * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
+     *       fieldType FIELD-ID.&id({IOSet}),
+     *       parameters FIELD-ID.&Type({IOSet}{@fieldType})
+     * }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( ret );
+
+    end_field = p + len;
+
+    /*
+     * FIELD-ID ::= TYPE-IDENTIFIER
+     * FieldTypes FIELD-ID ::= {
+     *       { Prime-p IDENTIFIED BY prime-field } |
+     *       { Characteristic-two IDENTIFIED BY characteristic-two-field }
+     * }
+     * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
+        return( ret );
+
+    if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
+        memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+    }
+
+    p += len;
+
+    /* Prime-p ::= INTEGER -- Field of size p. */
+    if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
+
+    if( p != end_field )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    /*
+     * Curve ::= SEQUENCE {
+     *       a FieldElement,
+     *       b FieldElement,
+     *       seed BIT STRING OPTIONAL
+     *       -- Shall be present if used in SpecifiedECDomain
+     *       -- with version equal to ecdpVer2 or ecdpVer3
+     * }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( ret );
+
+    end_curve = p + len;
+
+    /*
+     * FieldElement ::= OCTET STRING
+     * containing an integer in the case of a prime field
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
+        ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    p += len;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
+        ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    p += len;
+
+    /* Ignore seed BIT STRING OPTIONAL */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
+        p += len;
+
+    if( p != end_curve )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    /*
+     * ECPoint ::= OCTET STRING
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
+                                      ( const unsigned char *) p, len ) ) != 0 )
+    {
+        /*
+         * If we can't read the point because it's compressed, cheat by
+         * reading only the X coordinate and the parity bit of Y.
+         */
+        if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
+            ( p[0] != 0x02 && p[0] != 0x03 ) ||
+            len != mbedtls_mpi_size( &grp->P ) + 1 ||
+            mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
+            mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
+            mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
+        {
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+        }
+    }
+
+    p += len;
+
+    /*
+     * order INTEGER
+     */
+    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    grp->nbits = mbedtls_mpi_bitlen( &grp->N );
+
+    /*
+     * Allow optional elements by purposefully not enforcing p == end here.
+     */
+
+    return( 0 );
+}
+
+/*
+ * Find the group id associated with an (almost filled) group as generated by
+ * pk_group_from_specified(), or return an error if unknown.
+ */
+static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
+{
+    int ret = 0;
+    mbedtls_ecp_group ref;
+    const mbedtls_ecp_group_id *id;
+
+    mbedtls_ecp_group_init( &ref );
+
+    for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
+    {
+        /* Load the group associated to that id */
+        mbedtls_ecp_group_free( &ref );
+        MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
+
+        /* Compare to the group we were given, starting with easy tests */
+        if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
+            mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
+            mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
+            mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
+            mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
+            mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
+            mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
+            /* For Y we may only know the parity bit, so compare only that */
+            mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
+        {
+            break;
+        }
+
+    }
+
+cleanup:
+    mbedtls_ecp_group_free( &ref );
+
+    *grp_id = *id;
+
+    if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
+        ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+
+    return( ret );
+}
+
+/*
+ * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
+ */
+static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
+                                       mbedtls_ecp_group_id *grp_id )
+{
+    int ret;
+    mbedtls_ecp_group grp;
+
+    mbedtls_ecp_group_init( &grp );
+
+    if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
+        goto cleanup;
+
+    ret = pk_group_id_from_group( &grp, grp_id );
+
+cleanup:
+    mbedtls_ecp_group_free( &grp );
+
+    return( ret );
+}
+#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
+
+/*
+ * Use EC parameters to initialise an EC group
+ *
+ * ECParameters ::= CHOICE {
+ *   namedCurve         OBJECT IDENTIFIER
+ *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
+ *   -- implicitCurve   NULL
+ */
+static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
+{
+    int ret;
+    mbedtls_ecp_group_id grp_id;
+
+    if( params->tag == MBEDTLS_ASN1_OID )
+    {
+        if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
+            return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
+    }
+    else
+    {
+#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+        if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
+            return( ret );
+#else
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+#endif
+    }
+
+    /*
+     * grp may already be initilialized; if so, make sure IDs match
+     */
+    if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+
+    if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+/*
+ * EC public key is an EC point
+ *
+ * The caller is responsible for clearing the structure upon failure if
+ * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
+ * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
+ */
+static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
+                            mbedtls_ecp_keypair *key )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
+                    (const unsigned char *) *p, end - *p ) ) == 0 )
+    {
+        ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
+    }
+
+    /*
+     * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
+     */
+    *p = (unsigned char *) end;
+
+    return( ret );
+}
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_RSA_C)
+/*
+ *  RSAPublicKey ::= SEQUENCE {
+ *      modulus           INTEGER,  -- n
+ *      publicExponent    INTEGER   -- e
+ *  }
+ */
+static int pk_get_rsapubkey( unsigned char **p,
+                             const unsigned char *end,
+                             mbedtls_rsa_context *rsa )
+{
+    int ret;
+    size_t len;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
+
+    if( *p + len != end )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
+
+    if( *p != end )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
+
+    rsa->len = mbedtls_mpi_size( &rsa->N );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_RSA_C */
+
+/* Get a PK algorithm identifier
+ *
+ *  AlgorithmIdentifier  ::=  SEQUENCE  {
+ *       algorithm               OBJECT IDENTIFIER,
+ *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
+ */
+static int pk_get_pk_alg( unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
+{
+    int ret;
+    mbedtls_asn1_buf alg_oid;
+
+    memset( params, 0, sizeof(mbedtls_asn1_buf) );
+
+    if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
+        return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
+
+    if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
+        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+    /*
+     * No parameters with RSA (only for EC)
+     */
+    if( *pk_alg == MBEDTLS_PK_RSA &&
+            ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
+                params->len != 0 ) )
+    {
+        return( MBEDTLS_ERR_PK_INVALID_ALG );
+    }
+
+    return( 0 );
+}
+
+/*
+ *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+ *       algorithm            AlgorithmIdentifier,
+ *       subjectPublicKey     BIT STRING }
+ */
+int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
+                        mbedtls_pk_context *pk )
+{
+    int ret;
+    size_t len;
+    mbedtls_asn1_buf alg_params;
+    mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
+    const mbedtls_pk_info_t *pk_info;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    end = *p + len;
+
+    if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
+
+    if( *p + len != end )
+        return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
+        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
+        return( ret );
+
+#if defined(MBEDTLS_RSA_C)
+    if( pk_alg == MBEDTLS_PK_RSA )
+    {
+        ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
+    } else
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+    if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
+    {
+        ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
+        if( ret == 0 )
+            ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
+    } else
+#endif /* MBEDTLS_ECP_C */
+        ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
+
+    if( ret == 0 && *p != end )
+        ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
+              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+
+    if( ret != 0 )
+        mbedtls_pk_free( pk );
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_RSA_C)
+/*
+ * Parse a PKCS#1 encoded private RSA key
+ */
+static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
+                                   const unsigned char *key,
+                                   size_t keylen )
+{
+    int ret;
+    size_t len;
+    unsigned char *p, *end;
+
+    p = (unsigned char *) key;
+    end = p + keylen;
+
+    /*
+     * This function parses the RSAPrivateKey (PKCS#1)
+     *
+     *  RSAPrivateKey ::= SEQUENCE {
+     *      version           Version,
+     *      modulus           INTEGER,  -- n
+     *      publicExponent    INTEGER,  -- e
+     *      privateExponent   INTEGER,  -- d
+     *      prime1            INTEGER,  -- p
+     *      prime2            INTEGER,  -- q
+     *      exponent1         INTEGER,  -- d mod (p-1)
+     *      exponent2         INTEGER,  -- d mod (q-1)
+     *      coefficient       INTEGER,  -- (inverse of q) mod p
+     *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
+     *  }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    end = p + len;
+
+    if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    if( rsa->ver != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
+    }
+
+    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N  ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E  ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D  ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P  ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q  ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
+    {
+        mbedtls_rsa_free( rsa );
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    rsa->len = mbedtls_mpi_size( &rsa->N );
+
+    if( p != end )
+    {
+        mbedtls_rsa_free( rsa );
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
+    if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 )
+    {
+        mbedtls_rsa_free( rsa );
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * Parse a SEC1 encoded private EC key
+ */
+static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
+                                  const unsigned char *key,
+                                  size_t keylen )
+{
+    int ret;
+    int version, pubkey_done;
+    size_t len;
+    mbedtls_asn1_buf params;
+    unsigned char *p = (unsigned char *) key;
+    unsigned char *end = p + keylen;
+    unsigned char *end2;
+
+    /*
+     * RFC 5915, or SEC1 Appendix C.4
+     *
+     * ECPrivateKey ::= SEQUENCE {
+     *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+     *      privateKey     OCTET STRING,
+     *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+     *      publicKey  [1] BIT STRING OPTIONAL
+     *    }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    end = p + len;
+
+    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( version != 1 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
+    {
+        mbedtls_ecp_keypair_free( eck );
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    p += len;
+
+    pubkey_done = 0;
+    if( p != end )
+    {
+        /*
+         * Is 'parameters' present?
+         */
+        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
+        {
+            if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
+                ( ret = pk_use_ecparams( &params, &eck->grp )  ) != 0 )
+            {
+                mbedtls_ecp_keypair_free( eck );
+                return( ret );
+            }
+        }
+        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        {
+            mbedtls_ecp_keypair_free( eck );
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+        }
+
+        /*
+         * Is 'publickey' present? If not, or if we can't read it (eg because it
+         * is compressed), create it from the private key.
+         */
+        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
+        {
+            end2 = p + len;
+
+            if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
+                return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+            if( p + len != end2 )
+                return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                        MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+            if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
+                pubkey_done = 1;
+            else
+            {
+                /*
+                 * The only acceptable failure mode of pk_get_ecpubkey() above
+                 * is if the point format is not recognized.
+                 */
+                if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
+                    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+            }
+        }
+        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        {
+            mbedtls_ecp_keypair_free( eck );
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+        }
+    }
+
+    if( ! pubkey_done &&
+        ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
+                                                      NULL, NULL ) ) != 0 )
+    {
+        mbedtls_ecp_keypair_free( eck );
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
+    {
+        mbedtls_ecp_keypair_free( eck );
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_ECP_C */
+
+/*
+ * Parse an unencrypted PKCS#8 encoded private key
+ */
+static int pk_parse_key_pkcs8_unencrypted_der(
+                                    mbedtls_pk_context *pk,
+                                    const unsigned char* key,
+                                    size_t keylen )
+{
+    int ret, version;
+    size_t len;
+    mbedtls_asn1_buf params;
+    unsigned char *p = (unsigned char *) key;
+    unsigned char *end = p + keylen;
+    mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
+    const mbedtls_pk_info_t *pk_info;
+
+    /*
+     * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
+     *
+     *    PrivateKeyInfo ::= SEQUENCE {
+     *      version                   Version,
+     *      privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
+     *      privateKey                PrivateKey,
+     *      attributes           [0]  IMPLICIT Attributes OPTIONAL }
+     *
+     *    Version ::= INTEGER
+     *    PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
+     *    PrivateKey ::= OCTET STRING
+     *
+     *  The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
+     */
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    end = p + len;
+
+    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( version != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
+
+    if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( len < 1 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
+        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
+        return( ret );
+
+#if defined(MBEDTLS_RSA_C)
+    if( pk_alg == MBEDTLS_PK_RSA )
+    {
+        if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
+        {
+            mbedtls_pk_free( pk );
+            return( ret );
+        }
+    } else
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+    if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
+    {
+        if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
+            ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len )  ) != 0 )
+        {
+            mbedtls_pk_free( pk );
+            return( ret );
+        }
+    } else
+#endif /* MBEDTLS_ECP_C */
+        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+    return( 0 );
+}
+
+/*
+ * Parse an encrypted PKCS#8 encoded private key
+ */
+#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
+static int pk_parse_key_pkcs8_encrypted_der(
+                                    mbedtls_pk_context *pk,
+                                    const unsigned char *key, size_t keylen,
+                                    const unsigned char *pwd, size_t pwdlen )
+{
+    int ret, decrypted = 0;
+    size_t len;
+    unsigned char buf[2048];
+    unsigned char *p, *end;
+    mbedtls_asn1_buf pbe_alg_oid, pbe_params;
+#if defined(MBEDTLS_PKCS12_C)
+    mbedtls_cipher_type_t cipher_alg;
+    mbedtls_md_type_t md_alg;
+#endif
+
+    memset( buf, 0, sizeof( buf ) );
+
+    p = (unsigned char *) key;
+    end = p + keylen;
+
+    if( pwdlen == 0 )
+        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
+
+    /*
+     * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
+     *
+     *  EncryptedPrivateKeyInfo ::= SEQUENCE {
+     *    encryptionAlgorithm  EncryptionAlgorithmIdentifier,
+     *    encryptedData        EncryptedData
+     *  }
+     *
+     *  EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+     *
+     *  EncryptedData ::= OCTET STRING
+     *
+     *  The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+    }
+
+    end = p + len;
+
+    if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
+
+    if( len > sizeof( buf ) )
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+    /*
+     * Decrypt EncryptedData with appropriate PDE
+     */
+#if defined(MBEDTLS_PKCS12_C)
+    if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
+    {
+        if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
+                                cipher_alg, md_alg,
+                                pwd, pwdlen, p, len, buf ) ) != 0 )
+        {
+            if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
+                return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
+
+            return( ret );
+        }
+
+        decrypted = 1;
+    }
+    else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
+    {
+        if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
+                                             MBEDTLS_PKCS12_PBE_DECRYPT,
+                                             pwd, pwdlen,
+                                             p, len, buf ) ) != 0 )
+        {
+            return( ret );
+        }
+
+        // Best guess for password mismatch when using RC4. If first tag is
+        // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
+        //
+        if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+            return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
+
+        decrypted = 1;
+    }
+    else
+#endif /* MBEDTLS_PKCS12_C */
+#if defined(MBEDTLS_PKCS5_C)
+    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
+    {
+        if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
+                                  p, len, buf ) ) != 0 )
+        {
+            if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
+                return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
+
+            return( ret );
+        }
+
+        decrypted = 1;
+    }
+    else
+#endif /* MBEDTLS_PKCS5_C */
+    {
+        ((void) pwd);
+    }
+
+    if( decrypted == 0 )
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+    return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
+}
+#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
+
+/*
+ * Parse a private key
+ */
+int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
+                  const unsigned char *key, size_t keylen,
+                  const unsigned char *pwd, size_t pwdlen )
+{
+    int ret;
+    const mbedtls_pk_info_t *pk_info;
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+    size_t len;
+    mbedtls_pem_context pem;
+
+    mbedtls_pem_init( &pem );
+
+#if defined(MBEDTLS_RSA_C)
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( keylen == 0 || key[keylen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                               "-----BEGIN RSA PRIVATE KEY-----",
+                               "-----END RSA PRIVATE KEY-----",
+                               key, pwd, pwdlen, &len );
+
+    if( ret == 0 )
+    {
+        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
+            return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+        if( ( ret = mbedtls_pk_setup( pk, pk_info                    ) ) != 0 ||
+            ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
+                                            pem.buf, pem.buflen ) ) != 0 )
+        {
+            mbedtls_pk_free( pk );
+        }
+
+        mbedtls_pem_free( &pem );
+        return( ret );
+    }
+    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
+        return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
+    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
+        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
+    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        return( ret );
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( keylen == 0 || key[keylen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                               "-----BEGIN EC PRIVATE KEY-----",
+                               "-----END EC PRIVATE KEY-----",
+                               key, pwd, pwdlen, &len );
+    if( ret == 0 )
+    {
+        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
+            return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+        if( ( ret = mbedtls_pk_setup( pk, pk_info                   ) ) != 0 ||
+            ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
+                                           pem.buf, pem.buflen ) ) != 0 )
+        {
+            mbedtls_pk_free( pk );
+        }
+
+        mbedtls_pem_free( &pem );
+        return( ret );
+    }
+    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
+        return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
+    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
+        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
+    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        return( ret );
+#endif /* MBEDTLS_ECP_C */
+
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( keylen == 0 || key[keylen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                               "-----BEGIN PRIVATE KEY-----",
+                               "-----END PRIVATE KEY-----",
+                               key, NULL, 0, &len );
+    if( ret == 0 )
+    {
+        if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
+                                                pem.buf, pem.buflen ) ) != 0 )
+        {
+            mbedtls_pk_free( pk );
+        }
+
+        mbedtls_pem_free( &pem );
+        return( ret );
+    }
+    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        return( ret );
+
+#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( keylen == 0 || key[keylen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                               "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+                               "-----END ENCRYPTED PRIVATE KEY-----",
+                               key, NULL, 0, &len );
+    if( ret == 0 )
+    {
+        if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
+                                                      pem.buf, pem.buflen,
+                                                      pwd, pwdlen ) ) != 0 )
+        {
+            mbedtls_pk_free( pk );
+        }
+
+        mbedtls_pem_free( &pem );
+        return( ret );
+    }
+    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        return( ret );
+#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
+#else
+    ((void) ret);
+    ((void) pwd);
+    ((void) pwdlen);
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+    /*
+    * At this point we only know it's not a PEM formatted key. Could be any
+    * of the known DER encoded private key formats
+    *
+    * We try the different DER format parsers to see if one passes without
+    * error
+    */
+#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
+    if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
+                                                  pwd, pwdlen ) ) == 0 )
+    {
+        return( 0 );
+    }
+
+    mbedtls_pk_free( pk );
+
+    if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
+    {
+        return( ret );
+    }
+#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
+
+    if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
+        return( 0 );
+
+    mbedtls_pk_free( pk );
+
+#if defined(MBEDTLS_RSA_C)
+    if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
+        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+    if( ( ret = mbedtls_pk_setup( pk, pk_info                           ) ) != 0 ||
+        ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
+    {
+        return( 0 );
+    }
+
+    mbedtls_pk_free( pk );
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+    if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
+        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+
+    if( ( ret = mbedtls_pk_setup( pk, pk_info                         ) ) != 0 ||
+        ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
+    {
+        return( 0 );
+    }
+
+    mbedtls_pk_free( pk );
+#endif /* MBEDTLS_ECP_C */
+
+    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+}
+
+/*
+ * Parse a public key
+ */
+int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
+                         const unsigned char *key, size_t keylen )
+{
+    int ret;
+    unsigned char *p;
+#if defined(MBEDTLS_PEM_PARSE_C)
+    size_t len;
+    mbedtls_pem_context pem;
+
+    mbedtls_pem_init( &pem );
+
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( keylen == 0 || key[keylen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                "-----BEGIN PUBLIC KEY-----",
+                "-----END PUBLIC KEY-----",
+                key, NULL, 0, &len );
+
+    if( ret == 0 )
+    {
+        /*
+         * Was PEM encoded
+         */
+        key = pem.buf;
+        keylen = pem.buflen;
+    }
+    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+    {
+        mbedtls_pem_free( &pem );
+        return( ret );
+    }
+#endif /* MBEDTLS_PEM_PARSE_C */
+    p = (unsigned char *) key;
+
+    ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+    mbedtls_pem_free( &pem );
+#endif
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_PK_PARSE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/pkwrite.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,439 @@
+/*
+ *  Public Key layer for writing key files and structures
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PK_WRITE_C)
+
+#include "mbedtls/pk.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/oid.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_RSA_C)
+#include "mbedtls/rsa.h"
+#endif
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+#include "mbedtls/ecdsa.h"
+#endif
+#if defined(MBEDTLS_PEM_WRITE_C)
+#include "mbedtls/pem.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+/*
+ *  RSAPublicKey ::= SEQUENCE {
+ *      modulus           INTEGER,  -- n
+ *      publicExponent    INTEGER   -- e
+ *  }
+ */
+static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
+                                  mbedtls_rsa_context *rsa )
+{
+    int ret;
+    size_t len = 0;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->E ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->N ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                 MBEDTLS_ASN1_SEQUENCE ) );
+
+    return( (int) len );
+}
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * EC public key is an EC point
+ */
+static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
+                                 mbedtls_ecp_keypair *ec )
+{
+    int ret;
+    size_t len = 0;
+    unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
+
+    if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
+                                        MBEDTLS_ECP_PF_UNCOMPRESSED,
+                                        &len, buf, sizeof( buf ) ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    if( *p < start || (size_t)( *p - start ) < len )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    *p -= len;
+    memcpy( *p, buf, len );
+
+    return( (int) len );
+}
+
+/*
+ * ECParameters ::= CHOICE {
+ *   namedCurve         OBJECT IDENTIFIER
+ * }
+ */
+static int pk_write_ec_param( unsigned char **p, unsigned char *start,
+                                mbedtls_ecp_keypair *ec )
+{
+    int ret;
+    size_t len = 0;
+    const char *oid;
+    size_t oid_len;
+
+    if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
+        return( ret );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+
+    return( (int) len );
+}
+#endif /* MBEDTLS_ECP_C */
+
+int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
+                     const mbedtls_pk_context *key )
+{
+    int ret;
+    size_t len = 0;
+
+#if defined(MBEDTLS_RSA_C)
+    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
+        MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
+    else
+#endif
+#if defined(MBEDTLS_ECP_C)
+    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
+        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
+    else
+#endif
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+    return( (int) len );
+}
+
+int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char *c;
+    size_t len = 0, par_len = 0, oid_len;
+    const char *oid;
+
+    c = buf + size;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
+
+    if( c - buf < 1 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    /*
+     *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+     *       algorithm            AlgorithmIdentifier,
+     *       subjectPublicKey     BIT STRING }
+     */
+    *--c = 0;
+    len += 1;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
+
+    if( ( ret = mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_get_type( key ),
+                                       &oid, &oid_len ) ) != 0 )
+    {
+        return( ret );
+    }
+
+#if defined(MBEDTLS_ECP_C)
+    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
+    {
+        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
+    }
+#endif
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
+                                                        par_len ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                MBEDTLS_ASN1_SEQUENCE ) );
+
+    return( (int) len );
+}
+
+int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char *c = buf + size;
+    size_t len = 0;
+
+#if defined(MBEDTLS_RSA_C)
+    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
+    {
+        mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
+
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->QP ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->DQ ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->DP ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->Q ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->P ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->D ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->E ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->N ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
+
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_SEQUENCE ) );
+    }
+    else
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
+    {
+        mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
+        size_t pub_len = 0, par_len = 0;
+
+        /*
+         * RFC 5915, or SEC1 Appendix C.4
+         *
+         * ECPrivateKey ::= SEQUENCE {
+         *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+         *      privateKey     OCTET STRING,
+         *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+         *      publicKey  [1] BIT STRING OPTIONAL
+         *    }
+         */
+
+        /* publicKey */
+        MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
+
+        if( c - buf < 1 )
+            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        *--c = 0;
+        pub_len += 1;
+
+        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
+        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
+
+        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
+        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,
+                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );
+        len += pub_len;
+
+        /* parameters */
+        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
+
+        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
+        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
+                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+        len += par_len;
+
+        /* privateKey: write as MPI then fix tag */
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );
+        *c = MBEDTLS_ASN1_OCTET_STRING;
+
+        /* version */
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
+
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_SEQUENCE ) );
+    }
+    else
+#endif /* MBEDTLS_ECP_C */
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+    return( (int) len );
+}
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+
+#define PEM_BEGIN_PUBLIC_KEY    "-----BEGIN PUBLIC KEY-----\n"
+#define PEM_END_PUBLIC_KEY      "-----END PUBLIC KEY-----\n"
+
+#define PEM_BEGIN_PRIVATE_KEY_RSA   "-----BEGIN RSA PRIVATE KEY-----\n"
+#define PEM_END_PRIVATE_KEY_RSA     "-----END RSA PRIVATE KEY-----\n"
+#define PEM_BEGIN_PRIVATE_KEY_EC    "-----BEGIN EC PRIVATE KEY-----\n"
+#define PEM_END_PRIVATE_KEY_EC      "-----END EC PRIVATE KEY-----\n"
+
+/*
+ * Max sizes of key per types. Shown as tag + len (+ content).
+ */
+
+#if defined(MBEDTLS_RSA_C)
+/*
+ * RSA public keys:
+ *  SubjectPublicKeyInfo  ::=  SEQUENCE  {          1 + 3
+ *       algorithm            AlgorithmIdentifier,  1 + 1 (sequence)
+ *                                                + 1 + 1 + 9 (rsa oid)
+ *                                                + 1 + 1 (params null)
+ *       subjectPublicKey     BIT STRING }          1 + 3 + (1 + below)
+ *  RSAPublicKey ::= SEQUENCE {                     1 + 3
+ *      modulus           INTEGER,  -- n            1 + 3 + MPI_MAX + 1
+ *      publicExponent    INTEGER   -- e            1 + 3 + MPI_MAX + 1
+ *  }
+ */
+#define RSA_PUB_DER_MAX_BYTES   38 + 2 * MBEDTLS_MPI_MAX_SIZE
+
+/*
+ * RSA private keys:
+ *  RSAPrivateKey ::= SEQUENCE {                    1 + 3
+ *      version           Version,                  1 + 1 + 1
+ *      modulus           INTEGER,                  1 + 3 + MPI_MAX + 1
+ *      publicExponent    INTEGER,                  1 + 3 + MPI_MAX + 1
+ *      privateExponent   INTEGER,                  1 + 3 + MPI_MAX + 1
+ *      prime1            INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
+ *      prime2            INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
+ *      exponent1         INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
+ *      exponent2         INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
+ *      coefficient       INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
+ *      otherPrimeInfos   OtherPrimeInfos OPTIONAL  0 (not supported)
+ *  }
+ */
+#define MPI_MAX_SIZE_2          MBEDTLS_MPI_MAX_SIZE / 2 + \
+                                MBEDTLS_MPI_MAX_SIZE % 2
+#define RSA_PRV_DER_MAX_BYTES   47 + 3 * MBEDTLS_MPI_MAX_SIZE \
+                                   + 5 * MPI_MAX_SIZE_2
+
+#else /* MBEDTLS_RSA_C */
+
+#define RSA_PUB_DER_MAX_BYTES   0
+#define RSA_PRV_DER_MAX_BYTES   0
+
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * EC public keys:
+ *  SubjectPublicKeyInfo  ::=  SEQUENCE  {      1 + 2
+ *    algorithm         AlgorithmIdentifier,    1 + 1 (sequence)
+ *                                            + 1 + 1 + 7 (ec oid)
+ *                                            + 1 + 1 + 9 (namedCurve oid)
+ *    subjectPublicKey  BIT STRING              1 + 2 + 1               [1]
+ *                                            + 1 (point format)        [1]
+ *                                            + 2 * ECP_MAX (coords)    [1]
+ *  }
+ */
+#define ECP_PUB_DER_MAX_BYTES   30 + 2 * MBEDTLS_ECP_MAX_BYTES
+
+/*
+ * EC private keys:
+ * ECPrivateKey ::= SEQUENCE {                  1 + 2
+ *      version        INTEGER ,                1 + 1 + 1
+ *      privateKey     OCTET STRING,            1 + 1 + ECP_MAX
+ *      parameters [0] ECParameters OPTIONAL,   1 + 1 + (1 + 1 + 9)
+ *      publicKey  [1] BIT STRING OPTIONAL      1 + 2 + [1] above
+ *    }
+ */
+#define ECP_PRV_DER_MAX_BYTES   29 + 3 * MBEDTLS_ECP_MAX_BYTES
+
+#else /* MBEDTLS_ECP_C */
+
+#define ECP_PUB_DER_MAX_BYTES   0
+#define ECP_PRV_DER_MAX_BYTES   0
+
+#endif /* MBEDTLS_ECP_C */
+
+#define PUB_DER_MAX_BYTES   RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
+                            RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES
+#define PRV_DER_MAX_BYTES   RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
+                            RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES
+
+int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char output_buf[PUB_DER_MAX_BYTES];
+    size_t olen = 0;
+
+    if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
+                                     sizeof(output_buf) ) ) < 0 )
+    {
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
+                                  output_buf + sizeof(output_buf) - ret,
+                                  ret, buf, size, &olen ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+{
+    int ret;
+    unsigned char output_buf[PRV_DER_MAX_BYTES];
+    const char *begin, *end;
+    size_t olen = 0;
+
+    if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
+        return( ret );
+
+#if defined(MBEDTLS_RSA_C)
+    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
+    {
+        begin = PEM_BEGIN_PRIVATE_KEY_RSA;
+        end = PEM_END_PRIVATE_KEY_RSA;
+    }
+    else
+#endif
+#if defined(MBEDTLS_ECP_C)
+    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
+    {
+        begin = PEM_BEGIN_PRIVATE_KEY_EC;
+        end = PEM_END_PRIVATE_KEY_EC;
+    }
+    else
+#endif
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
+    if( ( ret = mbedtls_pem_write_buffer( begin, end,
+                                  output_buf + sizeof(output_buf) - ret,
+                                  ret, buf, size, &olen ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#endif /* MBEDTLS_PK_WRITE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/platform.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,193 @@
+/*
+ *  Platform abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
+static void *platform_calloc_uninit( size_t n, size_t size )
+{
+    ((void) n);
+    ((void) size);
+    return( NULL );
+}
+
+#define MBEDTLS_PLATFORM_STD_CALLOC   platform_calloc_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_CALLOC */
+
+#if !defined(MBEDTLS_PLATFORM_STD_FREE)
+static void platform_free_uninit( void *ptr )
+{
+    ((void) ptr);
+}
+
+#define MBEDTLS_PLATFORM_STD_FREE     platform_free_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_FREE */
+
+void * (*mbedtls_calloc)( size_t, size_t ) = MBEDTLS_PLATFORM_STD_CALLOC;
+void (*mbedtls_free)( void * )     = MBEDTLS_PLATFORM_STD_FREE;
+
+int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
+                              void (*free_func)( void * ) )
+{
+    mbedtls_calloc = calloc_func;
+    mbedtls_free = free_func;
+    return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_MEMORY */
+
+#if defined(_WIN32)
+#include <stdarg.h>
+int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
+{
+    int ret;
+    va_list argp;
+
+    /* Avoid calling the invalid parameter handler by checking ourselves */
+    if( s == NULL || n == 0 || fmt == NULL )
+        return( -1 );
+
+    va_start( argp, fmt );
+#if defined(_TRUNCATE)
+    ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
+#else
+    ret = _vsnprintf( s, n, fmt, argp );
+    if( ret < 0 || (size_t) ret == n )
+    {
+        s[n-1] = '\0';
+        ret = -1;
+    }
+#endif
+    va_end( argp );
+
+    return( ret );
+}
+#endif
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static int platform_snprintf_uninit( char * s, size_t n,
+                                     const char * format, ... )
+{
+    ((void) s);
+    ((void) n);
+    ((void) format);
+    return( 0 );
+}
+
+#define MBEDTLS_PLATFORM_STD_SNPRINTF    platform_snprintf_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_SNPRINTF */
+
+int (*mbedtls_snprintf)( char * s, size_t n,
+                          const char * format,
+                          ... ) = MBEDTLS_PLATFORM_STD_SNPRINTF;
+
+int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
+                                                 const char * format,
+                                                 ... ) )
+{
+    mbedtls_snprintf = snprintf_func;
+    return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static int platform_printf_uninit( const char *format, ... )
+{
+    ((void) format);
+    return( 0 );
+}
+
+#define MBEDTLS_PLATFORM_STD_PRINTF    platform_printf_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_PRINTF */
+
+int (*mbedtls_printf)( const char *, ... ) = MBEDTLS_PLATFORM_STD_PRINTF;
+
+int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
+{
+    mbedtls_printf = printf_func;
+    return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static int platform_fprintf_uninit( FILE *stream, const char *format, ... )
+{
+    ((void) stream);
+    ((void) format);
+    return( 0 );
+}
+
+#define MBEDTLS_PLATFORM_STD_FPRINTF   platform_fprintf_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_FPRINTF */
+
+int (*mbedtls_fprintf)( FILE *, const char *, ... ) =
+                                        MBEDTLS_PLATFORM_STD_FPRINTF;
+
+int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) )
+{
+    mbedtls_fprintf = fprintf_func;
+    return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
+/*
+ * Make dummy function to prevent NULL pointer dereferences
+ */
+static void platform_exit_uninit( int status )
+{
+    ((void) status);
+}
+
+#define MBEDTLS_PLATFORM_STD_EXIT   platform_exit_uninit
+#endif /* !MBEDTLS_PLATFORM_STD_EXIT */
+
+void (*mbedtls_exit)( int status ) = MBEDTLS_PLATFORM_STD_EXIT;
+
+int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
+{
+    mbedtls_exit = exit_func;
+    return( 0 );
+}
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+
+#endif /* MBEDTLS_PLATFORM_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ripemd160.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,464 @@
+/*
+ *  RIPE MD-160 implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ *  The RIPEMD-160 algorithm was designed by RIPE in 1996
+ *  http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html
+ *  http://ehash.iaik.tugraz.at/wiki/RIPEMD-160
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_RIPEMD160_C)
+
+#include "mbedtls/ripemd160.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+/*
+ * 32-bit integer manipulation macros (little endian)
+ */
+#ifndef GET_UINT32_LE
+#define GET_UINT32_LE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ]       )             \
+        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
+}
+#endif
+
+#ifndef PUT_UINT32_LE
+#define PUT_UINT32_LE(n,b,i)                                    \
+{                                                               \
+    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
+    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
+    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
+    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
+}
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
+}
+
+void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
+}
+
+void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
+                        const mbedtls_ripemd160_context *src )
+{
+    *dst = *src;
+}
+
+/*
+ * RIPEMD-160 context setup
+ */
+void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xEFCDAB89;
+    ctx->state[2] = 0x98BADCFE;
+    ctx->state[3] = 0x10325476;
+    ctx->state[4] = 0xC3D2E1F0;
+}
+
+#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
+/*
+ * Process one block
+ */
+void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] )
+{
+    uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
+
+    GET_UINT32_LE( X[ 0], data,  0 );
+    GET_UINT32_LE( X[ 1], data,  4 );
+    GET_UINT32_LE( X[ 2], data,  8 );
+    GET_UINT32_LE( X[ 3], data, 12 );
+    GET_UINT32_LE( X[ 4], data, 16 );
+    GET_UINT32_LE( X[ 5], data, 20 );
+    GET_UINT32_LE( X[ 6], data, 24 );
+    GET_UINT32_LE( X[ 7], data, 28 );
+    GET_UINT32_LE( X[ 8], data, 32 );
+    GET_UINT32_LE( X[ 9], data, 36 );
+    GET_UINT32_LE( X[10], data, 40 );
+    GET_UINT32_LE( X[11], data, 44 );
+    GET_UINT32_LE( X[12], data, 48 );
+    GET_UINT32_LE( X[13], data, 52 );
+    GET_UINT32_LE( X[14], data, 56 );
+    GET_UINT32_LE( X[15], data, 60 );
+
+    A = Ap = ctx->state[0];
+    B = Bp = ctx->state[1];
+    C = Cp = ctx->state[2];
+    D = Dp = ctx->state[3];
+    E = Ep = ctx->state[4];
+
+#define F1( x, y, z )   ( x ^ y ^ z )
+#define F2( x, y, z )   ( ( x & y ) | ( ~x & z ) )
+#define F3( x, y, z )   ( ( x | ~y ) ^ z )
+#define F4( x, y, z )   ( ( x & z ) | ( y & ~z ) )
+#define F5( x, y, z )   ( x ^ ( y | ~z ) )
+
+#define S( x, n ) ( ( x << n ) | ( x >> (32 - n) ) )
+
+#define P( a, b, c, d, e, r, s, f, k )      \
+    a += f( b, c, d ) + X[r] + k;           \
+    a = S( a, s ) + e;                      \
+    c = S( c, 10 );
+
+#define P2( a, b, c, d, e, r, s, rp, sp )   \
+    P( a, b, c, d, e, r, s, F, K );         \
+    P( a ## p, b ## p, c ## p, d ## p, e ## p, rp, sp, Fp, Kp );
+
+#define F   F1
+#define K   0x00000000
+#define Fp  F5
+#define Kp  0x50A28BE6
+    P2( A, B, C, D, E,  0, 11,  5,  8 );
+    P2( E, A, B, C, D,  1, 14, 14,  9 );
+    P2( D, E, A, B, C,  2, 15,  7,  9 );
+    P2( C, D, E, A, B,  3, 12,  0, 11 );
+    P2( B, C, D, E, A,  4,  5,  9, 13 );
+    P2( A, B, C, D, E,  5,  8,  2, 15 );
+    P2( E, A, B, C, D,  6,  7, 11, 15 );
+    P2( D, E, A, B, C,  7,  9,  4,  5 );
+    P2( C, D, E, A, B,  8, 11, 13,  7 );
+    P2( B, C, D, E, A,  9, 13,  6,  7 );
+    P2( A, B, C, D, E, 10, 14, 15,  8 );
+    P2( E, A, B, C, D, 11, 15,  8, 11 );
+    P2( D, E, A, B, C, 12,  6,  1, 14 );
+    P2( C, D, E, A, B, 13,  7, 10, 14 );
+    P2( B, C, D, E, A, 14,  9,  3, 12 );
+    P2( A, B, C, D, E, 15,  8, 12,  6 );
+#undef F
+#undef K
+#undef Fp
+#undef Kp
+
+#define F   F2
+#define K   0x5A827999
+#define Fp  F4
+#define Kp  0x5C4DD124
+    P2( E, A, B, C, D,  7,  7,  6,  9 );
+    P2( D, E, A, B, C,  4,  6, 11, 13 );
+    P2( C, D, E, A, B, 13,  8,  3, 15 );
+    P2( B, C, D, E, A,  1, 13,  7,  7 );
+    P2( A, B, C, D, E, 10, 11,  0, 12 );
+    P2( E, A, B, C, D,  6,  9, 13,  8 );
+    P2( D, E, A, B, C, 15,  7,  5,  9 );
+    P2( C, D, E, A, B,  3, 15, 10, 11 );
+    P2( B, C, D, E, A, 12,  7, 14,  7 );
+    P2( A, B, C, D, E,  0, 12, 15,  7 );
+    P2( E, A, B, C, D,  9, 15,  8, 12 );
+    P2( D, E, A, B, C,  5,  9, 12,  7 );
+    P2( C, D, E, A, B,  2, 11,  4,  6 );
+    P2( B, C, D, E, A, 14,  7,  9, 15 );
+    P2( A, B, C, D, E, 11, 13,  1, 13 );
+    P2( E, A, B, C, D,  8, 12,  2, 11 );
+#undef F
+#undef K
+#undef Fp
+#undef Kp
+
+#define F   F3
+#define K   0x6ED9EBA1
+#define Fp  F3
+#define Kp  0x6D703EF3
+    P2( D, E, A, B, C,  3, 11, 15,  9 );
+    P2( C, D, E, A, B, 10, 13,  5,  7 );
+    P2( B, C, D, E, A, 14,  6,  1, 15 );
+    P2( A, B, C, D, E,  4,  7,  3, 11 );
+    P2( E, A, B, C, D,  9, 14,  7,  8 );
+    P2( D, E, A, B, C, 15,  9, 14,  6 );
+    P2( C, D, E, A, B,  8, 13,  6,  6 );
+    P2( B, C, D, E, A,  1, 15,  9, 14 );
+    P2( A, B, C, D, E,  2, 14, 11, 12 );
+    P2( E, A, B, C, D,  7,  8,  8, 13 );
+    P2( D, E, A, B, C,  0, 13, 12,  5 );
+    P2( C, D, E, A, B,  6,  6,  2, 14 );
+    P2( B, C, D, E, A, 13,  5, 10, 13 );
+    P2( A, B, C, D, E, 11, 12,  0, 13 );
+    P2( E, A, B, C, D,  5,  7,  4,  7 );
+    P2( D, E, A, B, C, 12,  5, 13,  5 );
+#undef F
+#undef K
+#undef Fp
+#undef Kp
+
+#define F   F4
+#define K   0x8F1BBCDC
+#define Fp  F2
+#define Kp  0x7A6D76E9
+    P2( C, D, E, A, B,  1, 11,  8, 15 );
+    P2( B, C, D, E, A,  9, 12,  6,  5 );
+    P2( A, B, C, D, E, 11, 14,  4,  8 );
+    P2( E, A, B, C, D, 10, 15,  1, 11 );
+    P2( D, E, A, B, C,  0, 14,  3, 14 );
+    P2( C, D, E, A, B,  8, 15, 11, 14 );
+    P2( B, C, D, E, A, 12,  9, 15,  6 );
+    P2( A, B, C, D, E,  4,  8,  0, 14 );
+    P2( E, A, B, C, D, 13,  9,  5,  6 );
+    P2( D, E, A, B, C,  3, 14, 12,  9 );
+    P2( C, D, E, A, B,  7,  5,  2, 12 );
+    P2( B, C, D, E, A, 15,  6, 13,  9 );
+    P2( A, B, C, D, E, 14,  8,  9, 12 );
+    P2( E, A, B, C, D,  5,  6,  7,  5 );
+    P2( D, E, A, B, C,  6,  5, 10, 15 );
+    P2( C, D, E, A, B,  2, 12, 14,  8 );
+#undef F
+#undef K
+#undef Fp
+#undef Kp
+
+#define F   F5
+#define K   0xA953FD4E
+#define Fp  F1
+#define Kp  0x00000000
+    P2( B, C, D, E, A,  4,  9, 12,  8 );
+    P2( A, B, C, D, E,  0, 15, 15,  5 );
+    P2( E, A, B, C, D,  5,  5, 10, 12 );
+    P2( D, E, A, B, C,  9, 11,  4,  9 );
+    P2( C, D, E, A, B,  7,  6,  1, 12 );
+    P2( B, C, D, E, A, 12,  8,  5,  5 );
+    P2( A, B, C, D, E,  2, 13,  8, 14 );
+    P2( E, A, B, C, D, 10, 12,  7,  6 );
+    P2( D, E, A, B, C, 14,  5,  6,  8 );
+    P2( C, D, E, A, B,  1, 12,  2, 13 );
+    P2( B, C, D, E, A,  3, 13, 13,  6 );
+    P2( A, B, C, D, E,  8, 14, 14,  5 );
+    P2( E, A, B, C, D, 11, 11,  0, 15 );
+    P2( D, E, A, B, C,  6,  8,  3, 13 );
+    P2( C, D, E, A, B, 15,  5,  9, 11 );
+    P2( B, C, D, E, A, 13,  6, 11, 11 );
+#undef F
+#undef K
+#undef Fp
+#undef Kp
+
+    C             = ctx->state[1] + C + Dp;
+    ctx->state[1] = ctx->state[2] + D + Ep;
+    ctx->state[2] = ctx->state[3] + E + Ap;
+    ctx->state[3] = ctx->state[4] + A + Bp;
+    ctx->state[4] = ctx->state[0] + B + Cp;
+    ctx->state[0] = C;
+}
+#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
+
+/*
+ * RIPEMD-160 process buffer
+ */
+void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
+                       const unsigned char *input, size_t ilen )
+{
+    size_t fill;
+    uint32_t left;
+
+    if( ilen == 0 )
+        return;
+
+    left = ctx->total[0] & 0x3F;
+    fill = 64 - left;
+
+    ctx->total[0] += (uint32_t) ilen;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if( ctx->total[0] < (uint32_t) ilen )
+        ctx->total[1]++;
+
+    if( left && ilen >= fill )
+    {
+        memcpy( (void *) (ctx->buffer + left), input, fill );
+        mbedtls_ripemd160_process( ctx, ctx->buffer );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+    }
+
+    while( ilen >= 64 )
+    {
+        mbedtls_ripemd160_process( ctx, input );
+        input += 64;
+        ilen  -= 64;
+    }
+
+    if( ilen > 0 )
+    {
+        memcpy( (void *) (ctx->buffer + left), input, ilen );
+    }
+}
+
+static const unsigned char ripemd160_padding[64] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/*
+ * RIPEMD-160 final digest
+ */
+void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] )
+{
+    uint32_t last, padn;
+    uint32_t high, low;
+    unsigned char msglen[8];
+
+    high = ( ctx->total[0] >> 29 )
+         | ( ctx->total[1] <<  3 );
+    low  = ( ctx->total[0] <<  3 );
+
+    PUT_UINT32_LE( low,  msglen, 0 );
+    PUT_UINT32_LE( high, msglen, 4 );
+
+    last = ctx->total[0] & 0x3F;
+    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+
+    mbedtls_ripemd160_update( ctx, ripemd160_padding, padn );
+    mbedtls_ripemd160_update( ctx, msglen, 8 );
+
+    PUT_UINT32_LE( ctx->state[0], output,  0 );
+    PUT_UINT32_LE( ctx->state[1], output,  4 );
+    PUT_UINT32_LE( ctx->state[2], output,  8 );
+    PUT_UINT32_LE( ctx->state[3], output, 12 );
+    PUT_UINT32_LE( ctx->state[4], output, 16 );
+}
+
+/*
+ * output = RIPEMD-160( input buffer )
+ */
+void mbedtls_ripemd160( const unsigned char *input, size_t ilen,
+                unsigned char output[20] )
+{
+    mbedtls_ripemd160_context ctx;
+
+    mbedtls_ripemd160_init( &ctx );
+    mbedtls_ripemd160_starts( &ctx );
+    mbedtls_ripemd160_update( &ctx, input, ilen );
+    mbedtls_ripemd160_finish( &ctx, output );
+    mbedtls_ripemd160_free( &ctx );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * Test vectors from the RIPEMD-160 paper and
+ * http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC
+ */
+#define TESTS   8
+#define KEYS    2
+static const char *ripemd160_test_input[TESTS] =
+{
+    "",
+    "a",
+    "abc",
+    "message digest",
+    "abcdefghijklmnopqrstuvwxyz",
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+    "1234567890123456789012345678901234567890"
+        "1234567890123456789012345678901234567890",
+};
+
+static const unsigned char ripemd160_test_md[TESTS][20] =
+{
+    { 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
+      0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 },
+    { 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
+      0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe },
+    { 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
+      0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc },
+    { 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
+      0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 },
+    { 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
+      0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc },
+    { 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
+      0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b },
+    { 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed,
+      0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 },
+    { 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb,
+      0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb },
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_ripemd160_self_test( int verbose )
+{
+    int i;
+    unsigned char output[20];
+
+    memset( output, 0, sizeof output );
+
+    for( i = 0; i < TESTS; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  RIPEMD-160 test #%d: ", i + 1 );
+
+        mbedtls_ripemd160( (const unsigned char *) ripemd160_test_input[i],
+                   strlen( ripemd160_test_input[i] ),
+                   output );
+
+        if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_RIPEMD160_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/rsa.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1699 @@
+/*
+ *  The RSA public-key cryptosystem
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  RSA was designed by Ron Rivest, Adi Shamir and Len Adleman.
+ *
+ *  http://theory.lcs.mit.edu/~rivest/rsapaper.pdf
+ *  http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_RSA_C)
+
+#include "mbedtls/rsa.h"
+#include "mbedtls/oid.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PKCS1_V21)
+#include "mbedtls/md.h"
+#endif
+
+#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__)
+#include <stdlib.h>
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#define mbedtls_calloc calloc
+#define mbedtls_free   free
+#endif
+
+/*
+ * Initialize an RSA context
+ */
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
+               int padding,
+               int hash_id )
+{
+    memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
+
+    mbedtls_rsa_set_padding( ctx, padding, hash_id );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &ctx->mutex );
+#endif
+}
+
+/*
+ * Set padding for an existing RSA context
+ */
+void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
+{
+    ctx->padding = padding;
+    ctx->hash_id = hash_id;
+}
+
+#if defined(MBEDTLS_GENPRIME)
+
+/*
+ * Generate an RSA keypair
+ */
+int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
+                 unsigned int nbits, int exponent )
+{
+    int ret;
+    mbedtls_mpi P1, Q1, H, G;
+
+    if( f_rng == NULL || nbits < 128 || exponent < 3 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
+
+    /*
+     * find primes P and Q with Q < P so that:
+     * GCD( E, (P-1)*(Q-1) ) == 1
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
+
+    do
+    {
+        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
+                                f_rng, p_rng ) );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
+                                f_rng, p_rng ) );
+
+        if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
+            mbedtls_mpi_swap( &ctx->P, &ctx->Q );
+
+        if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
+            continue;
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
+        if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
+            continue;
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H  ) );
+    }
+    while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 );
+
+    /*
+     * D  = E^-1 mod ((P-1)*(Q-1))
+     * DP = D mod (P - 1)
+     * DQ = D mod (Q - 1)
+     * QP = Q^-1 mod P
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D , &ctx->E, &H  ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) );
+
+    ctx->len = ( mbedtls_mpi_bitlen( &ctx->N ) + 7 ) >> 3;
+
+cleanup:
+
+    mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
+
+    if( ret != 0 )
+    {
+        mbedtls_rsa_free( ctx );
+        return( MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret );
+    }
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_GENPRIME */
+
+/*
+ * Check a public RSA key
+ */
+int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
+{
+    if( !ctx->N.p || !ctx->E.p )
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+
+    if( ( ctx->N.p[0] & 1 ) == 0 ||
+        ( ctx->E.p[0] & 1 ) == 0 )
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+
+    if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ||
+        mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS )
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+
+    if( mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
+        mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+
+    return( 0 );
+}
+
+/*
+ * Check a private RSA key
+ */
+int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
+{
+    int ret;
+    mbedtls_mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP;
+
+    if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 )
+        return( ret );
+
+    if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+
+    mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
+    mbedtls_mpi_init( &H  ); mbedtls_mpi_init( &I  ); mbedtls_mpi_init( &G  ); mbedtls_mpi_init( &G2 );
+    mbedtls_mpi_init( &L1 ); mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ );
+    mbedtls_mpi_init( &QP );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H  ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G2, &P1, &Q1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1  ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) );
+    /*
+     * Check for a valid PKCS1v2 private key
+     */
+    if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 ||
+        mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 ||
+        mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 ||
+        mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 ||
+        mbedtls_mpi_cmp_int( &L2, 0 ) != 0 ||
+        mbedtls_mpi_cmp_int( &I, 1 ) != 0 ||
+        mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
+    {
+        ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+    }
+
+cleanup:
+    mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 );
+    mbedtls_mpi_free( &H  ); mbedtls_mpi_free( &I  ); mbedtls_mpi_free( &G  ); mbedtls_mpi_free( &G2 );
+    mbedtls_mpi_free( &L1 ); mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ );
+    mbedtls_mpi_free( &QP );
+
+    if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )
+        return( ret );
+
+    if( ret != 0 )
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED + ret );
+
+    return( 0 );
+}
+
+/*
+ * Check if contexts holding a public and private key match
+ */
+int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv )
+{
+    if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
+        mbedtls_rsa_check_privkey( prv ) != 0 )
+    {
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    }
+
+    if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
+        mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
+    {
+        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Do an RSA public key operation
+ */
+int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
+                const unsigned char *input,
+                unsigned char *output )
+{
+    int ret;
+    size_t olen;
+    mbedtls_mpi T;
+
+    mbedtls_mpi_init( &T );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
+
+    if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
+    {
+        ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    olen = ctx->len;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
+
+cleanup:
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    mbedtls_mpi_free( &T );
+
+    if( ret != 0 )
+        return( MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret );
+
+    return( 0 );
+}
+
+/*
+ * Generate or update blinding values, see section 10 of:
+ *  KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
+ *  DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
+ *  Berlin Heidelberg, 1996. p. 104-113.
+ */
+static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    int ret, count = 0;
+
+    if( ctx->Vf.p != NULL )
+    {
+        /* We already have blinding values, just update them by squaring */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
+
+        goto cleanup;
+    }
+
+    /* Unblinding value: Vf = random number, invertible mod N */
+    do {
+        if( count++ > 10 )
+            return( MBEDTLS_ERR_RSA_RNG_FAILED );
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) );
+    } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 );
+
+    /* Blinding value: Vi =  Vf^(-e) mod N */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
+
+
+cleanup:
+    return( ret );
+}
+
+/*
+ * Do an RSA private key operation
+ */
+int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
+                 const unsigned char *input,
+                 unsigned char *output )
+{
+    int ret;
+    size_t olen;
+    mbedtls_mpi T, T1, T2;
+
+    /* Make sure we have private key info, prevent possible misuse */
+    if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
+    if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
+    {
+        ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    if( f_rng != NULL )
+    {
+        /*
+         * Blinding
+         * T = T * Vi mod N
+         */
+        MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
+    }
+
+#if defined(MBEDTLS_RSA_NO_CRT)
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
+#else
+    /*
+     * faster decryption using the CRT
+     *
+     * T1 = input ^ dP mod P
+     * T2 = input ^ dQ mod Q
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
+
+    /*
+     * T = (T1 - T2) * (Q^-1 mod P) mod P
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T1, &T2 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->QP ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T1, &ctx->P ) );
+
+    /*
+     * T = T2 + T * Q
+     */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->Q ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &T2, &T1 ) );
+#endif /* MBEDTLS_RSA_NO_CRT */
+
+    if( f_rng != NULL )
+    {
+        /*
+         * Unblind
+         * T = T * Vf mod N
+         */
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
+    }
+
+    olen = ctx->len;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
+
+cleanup:
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
+
+    if( ret != 0 )
+        return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_PKCS1_V21)
+/**
+ * Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.
+ *
+ * \param dst       buffer to mask
+ * \param dlen      length of destination buffer
+ * \param src       source of the mask generation
+ * \param slen      length of the source buffer
+ * \param md_ctx    message digest context to use
+ */
+static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
+                      size_t slen, mbedtls_md_context_t *md_ctx )
+{
+    unsigned char mask[MBEDTLS_MD_MAX_SIZE];
+    unsigned char counter[4];
+    unsigned char *p;
+    unsigned int hlen;
+    size_t i, use_len;
+
+    memset( mask, 0, MBEDTLS_MD_MAX_SIZE );
+    memset( counter, 0, 4 );
+
+    hlen = mbedtls_md_get_size( md_ctx->md_info );
+
+    // Generate and apply dbMask
+    //
+    p = dst;
+
+    while( dlen > 0 )
+    {
+        use_len = hlen;
+        if( dlen < hlen )
+            use_len = dlen;
+
+        mbedtls_md_starts( md_ctx );
+        mbedtls_md_update( md_ctx, src, slen );
+        mbedtls_md_update( md_ctx, counter, 4 );
+        mbedtls_md_finish( md_ctx, mask );
+
+        for( i = 0; i < use_len; ++i )
+            *p++ ^= mask[i];
+
+        counter[3]++;
+
+        dlen -= use_len;
+    }
+}
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PKCS1_V21)
+/*
+ * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function
+ */
+int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
+                            int mode,
+                            const unsigned char *label, size_t label_len,
+                            size_t ilen,
+                            const unsigned char *input,
+                            unsigned char *output )
+{
+    size_t olen;
+    int ret;
+    unsigned char *p = output;
+    unsigned int hlen;
+    const mbedtls_md_info_t *md_info;
+    mbedtls_md_context_t md_ctx;
+
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    if( f_rng == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    olen = ctx->len;
+    hlen = mbedtls_md_get_size( md_info );
+
+    if( olen < ilen + 2 * hlen + 2 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    memset( output, 0, olen );
+
+    *p++ = 0;
+
+    // Generate a random octet string seed
+    //
+    if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
+        return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
+
+    p += hlen;
+
+    // Construct DB
+    //
+    mbedtls_md( md_info, label, label_len, p );
+    p += hlen;
+    p += olen - 2 * hlen - 2 - ilen;
+    *p++ = 1;
+    memcpy( p, input, ilen );
+
+    mbedtls_md_init( &md_ctx );
+    mbedtls_md_setup( &md_ctx, md_info, 0 );
+
+    // maskedDB: Apply dbMask to DB
+    //
+    mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
+               &md_ctx );
+
+    // maskedSeed: Apply seedMask to seed
+    //
+    mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
+               &md_ctx );
+
+    mbedtls_md_free( &md_ctx );
+
+    return( ( mode == MBEDTLS_RSA_PUBLIC )
+            ? mbedtls_rsa_public(  ctx, output, output )
+            : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+}
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PKCS1_V15)
+/*
+ * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function
+ */
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode, size_t ilen,
+                                 const unsigned char *input,
+                                 unsigned char *output )
+{
+    size_t nb_pad, olen;
+    int ret;
+    unsigned char *p = output;
+
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    if( f_rng == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    olen = ctx->len;
+
+    if( olen < ilen + 11 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    nb_pad = olen - 3 - ilen;
+
+    *p++ = 0;
+    if( mode == MBEDTLS_RSA_PUBLIC )
+    {
+        *p++ = MBEDTLS_RSA_CRYPT;
+
+        while( nb_pad-- > 0 )
+        {
+            int rng_dl = 100;
+
+            do {
+                ret = f_rng( p_rng, p, 1 );
+            } while( *p == 0 && --rng_dl && ret == 0 );
+
+            // Check if RNG failed to generate data
+            //
+            if( rng_dl == 0 || ret != 0 )
+                return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
+
+            p++;
+        }
+    }
+    else
+    {
+        *p++ = MBEDTLS_RSA_SIGN;
+
+        while( nb_pad-- > 0 )
+            *p++ = 0xFF;
+    }
+
+    *p++ = 0;
+    memcpy( p, input, ilen );
+
+    return( ( mode == MBEDTLS_RSA_PUBLIC )
+            ? mbedtls_rsa_public(  ctx, output, output )
+            : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+}
+#endif /* MBEDTLS_PKCS1_V15 */
+
+/*
+ * Add the message padding, then do an RSA operation
+ */
+int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
+                       int mode, size_t ilen,
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    switch( ctx->padding )
+    {
+#if defined(MBEDTLS_PKCS1_V15)
+        case MBEDTLS_RSA_PKCS_V15:
+            return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
+                                                input, output );
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21)
+        case MBEDTLS_RSA_PKCS_V21:
+            return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
+                                           ilen, input, output );
+#endif
+
+        default:
+            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    }
+}
+
+#if defined(MBEDTLS_PKCS1_V21)
+/*
+ * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function
+ */
+int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
+                            int mode,
+                            const unsigned char *label, size_t label_len,
+                            size_t *olen,
+                            const unsigned char *input,
+                            unsigned char *output,
+                            size_t output_max_len )
+{
+    int ret;
+    size_t ilen, i, pad_len;
+    unsigned char *p, bad, pad_done;
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
+    unsigned int hlen;
+    const mbedtls_md_info_t *md_info;
+    mbedtls_md_context_t md_ctx;
+
+    /*
+     * Parameters sanity checks
+     */
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    ilen = ctx->len;
+
+    if( ilen < 16 || ilen > sizeof( buf ) )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    /*
+     * RSA operation
+     */
+    ret = ( mode == MBEDTLS_RSA_PUBLIC )
+          ? mbedtls_rsa_public(  ctx, input, buf )
+          : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
+
+    if( ret != 0 )
+        return( ret );
+
+    /*
+     * Unmask data and generate lHash
+     */
+    hlen = mbedtls_md_get_size( md_info );
+
+    mbedtls_md_init( &md_ctx );
+    mbedtls_md_setup( &md_ctx, md_info, 0 );
+
+    /* Generate lHash */
+    mbedtls_md( md_info, label, label_len, lhash );
+
+    /* seed: Apply seedMask to maskedSeed */
+    mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
+               &md_ctx );
+
+    /* DB: Apply dbMask to maskedDB */
+    mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
+               &md_ctx );
+
+    mbedtls_md_free( &md_ctx );
+
+    /*
+     * Check contents, in "constant-time"
+     */
+    p = buf;
+    bad = 0;
+
+    bad |= *p++; /* First byte must be 0 */
+
+    p += hlen; /* Skip seed */
+
+    /* Check lHash */
+    for( i = 0; i < hlen; i++ )
+        bad |= lhash[i] ^ *p++;
+
+    /* Get zero-padding len, but always read till end of buffer
+     * (minus one, for the 01 byte) */
+    pad_len = 0;
+    pad_done = 0;
+    for( i = 0; i < ilen - 2 * hlen - 2; i++ )
+    {
+        pad_done |= p[i];
+        pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
+    }
+
+    p += pad_len;
+    bad |= *p++ ^ 0x01;
+
+    /*
+     * The only information "leaked" is whether the padding was correct or not
+     * (eg, no data is copied if it was not correct). This meets the
+     * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
+     * the different error conditions.
+     */
+    if( bad != 0 )
+        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+
+    if( ilen - ( p - buf ) > output_max_len )
+        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+
+    *olen = ilen - (p - buf);
+    memcpy( output, p, *olen );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PKCS1_V15)
+/*
+ * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
+ */
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode, size_t *olen,
+                                 const unsigned char *input,
+                                 unsigned char *output,
+                                 size_t output_max_len)
+{
+    int ret;
+    size_t ilen, pad_count = 0, i;
+    unsigned char *p, bad, pad_done = 0;
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    ilen = ctx->len;
+
+    if( ilen < 16 || ilen > sizeof( buf ) )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    ret = ( mode == MBEDTLS_RSA_PUBLIC )
+          ? mbedtls_rsa_public(  ctx, input, buf )
+          : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
+
+    if( ret != 0 )
+        return( ret );
+
+    p = buf;
+    bad = 0;
+
+    /*
+     * Check and get padding len in "constant-time"
+     */
+    bad |= *p++; /* First byte must be 0 */
+
+    /* This test does not depend on secret data */
+    if( mode == MBEDTLS_RSA_PRIVATE )
+    {
+        bad |= *p++ ^ MBEDTLS_RSA_CRYPT;
+
+        /* Get padding len, but always read till end of buffer
+         * (minus one, for the 00 byte) */
+        for( i = 0; i < ilen - 3; i++ )
+        {
+            pad_done  |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
+            pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
+        }
+
+        p += pad_count;
+        bad |= *p++; /* Must be zero */
+    }
+    else
+    {
+        bad |= *p++ ^ MBEDTLS_RSA_SIGN;
+
+        /* Get padding len, but always read till end of buffer
+         * (minus one, for the 00 byte) */
+        for( i = 0; i < ilen - 3; i++ )
+        {
+            pad_done |= ( p[i] != 0xFF );
+            pad_count += ( pad_done == 0 );
+        }
+
+        p += pad_count;
+        bad |= *p++; /* Must be zero */
+    }
+
+    if( bad )
+        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+
+    if( ilen - ( p - buf ) > output_max_len )
+        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+
+    *olen = ilen - (p - buf);
+    memcpy( output, p, *olen );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_PKCS1_V15 */
+
+/*
+ * Do an RSA operation, then remove the message padding
+ */
+int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
+                       int mode, size_t *olen,
+                       const unsigned char *input,
+                       unsigned char *output,
+                       size_t output_max_len)
+{
+    switch( ctx->padding )
+    {
+#if defined(MBEDTLS_PKCS1_V15)
+        case MBEDTLS_RSA_PKCS_V15:
+            return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
+                                                input, output, output_max_len );
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21)
+        case MBEDTLS_RSA_PKCS_V21:
+            return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
+                                           olen, input, output,
+                                           output_max_len );
+#endif
+
+        default:
+            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    }
+}
+
+#if defined(MBEDTLS_PKCS1_V21)
+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
+ */
+int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng,
+                         int mode,
+                         mbedtls_md_type_t md_alg,
+                         unsigned int hashlen,
+                         const unsigned char *hash,
+                         unsigned char *sig )
+{
+    size_t olen;
+    unsigned char *p = sig;
+    unsigned char salt[MBEDTLS_MD_MAX_SIZE];
+    unsigned int slen, hlen, offset = 0;
+    int ret;
+    size_t msb;
+    const mbedtls_md_info_t *md_info;
+    mbedtls_md_context_t md_ctx;
+
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    if( f_rng == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    olen = ctx->len;
+
+    if( md_alg != MBEDTLS_MD_NONE )
+    {
+        // Gather length of hash to sign
+        //
+        md_info = mbedtls_md_info_from_type( md_alg );
+        if( md_info == NULL )
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+        hashlen = mbedtls_md_get_size( md_info );
+    }
+
+    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    hlen = mbedtls_md_get_size( md_info );
+    slen = hlen;
+
+    if( olen < hlen + slen + 2 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    memset( sig, 0, olen );
+
+    // Generate salt of length slen
+    //
+    if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
+        return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
+
+    // Note: EMSA-PSS encoding is over the length of N - 1 bits
+    //
+    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+    p += olen - hlen * 2 - 2;
+    *p++ = 0x01;
+    memcpy( p, salt, slen );
+    p += slen;
+
+    mbedtls_md_init( &md_ctx );
+    mbedtls_md_setup( &md_ctx, md_info, 0 );
+
+    // Generate H = Hash( M' )
+    //
+    mbedtls_md_starts( &md_ctx );
+    mbedtls_md_update( &md_ctx, p, 8 );
+    mbedtls_md_update( &md_ctx, hash, hashlen );
+    mbedtls_md_update( &md_ctx, salt, slen );
+    mbedtls_md_finish( &md_ctx, p );
+
+    // Compensate for boundary condition when applying mask
+    //
+    if( msb % 8 == 0 )
+        offset = 1;
+
+    // maskedDB: Apply dbMask to DB
+    //
+    mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
+
+    mbedtls_md_free( &md_ctx );
+
+    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+    sig[0] &= 0xFF >> ( olen * 8 - msb );
+
+    p += hlen;
+    *p++ = 0xBC;
+
+    return( ( mode == MBEDTLS_RSA_PUBLIC )
+            ? mbedtls_rsa_public(  ctx, sig, sig )
+            : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
+}
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PKCS1_V15)
+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function
+ */
+/*
+ * Do an RSA operation to sign the message digest
+ */
+int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               int mode,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               unsigned char *sig )
+{
+    size_t nb_pad, olen, oid_size = 0;
+    unsigned char *p = sig;
+    const char *oid = NULL;
+    unsigned char *sig_try = NULL, *verif = NULL;
+    size_t i;
+    unsigned char diff;
+    volatile unsigned char diff_no_optimize;
+    int ret;
+
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    olen = ctx->len;
+    nb_pad = olen - 3;
+
+    if( md_alg != MBEDTLS_MD_NONE )
+    {
+        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+        if( md_info == NULL )
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+        if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+        nb_pad -= 10 + oid_size;
+
+        hashlen = mbedtls_md_get_size( md_info );
+    }
+
+    nb_pad -= hashlen;
+
+    if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    *p++ = 0;
+    *p++ = MBEDTLS_RSA_SIGN;
+    memset( p, 0xFF, nb_pad );
+    p += nb_pad;
+    *p++ = 0;
+
+    if( md_alg == MBEDTLS_MD_NONE )
+    {
+        memcpy( p, hash, hashlen );
+    }
+    else
+    {
+        /*
+         * DigestInfo ::= SEQUENCE {
+         *   digestAlgorithm DigestAlgorithmIdentifier,
+         *   digest Digest }
+         *
+         * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+         *
+         * Digest ::= OCTET STRING
+         */
+        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
+        *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
+        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
+        *p++ = (unsigned char) ( 0x04 + oid_size );
+        *p++ = MBEDTLS_ASN1_OID;
+        *p++ = oid_size & 0xFF;
+        memcpy( p, oid, oid_size );
+        p += oid_size;
+        *p++ = MBEDTLS_ASN1_NULL;
+        *p++ = 0x00;
+        *p++ = MBEDTLS_ASN1_OCTET_STRING;
+        *p++ = hashlen;
+        memcpy( p, hash, hashlen );
+    }
+
+    if( mode == MBEDTLS_RSA_PUBLIC )
+        return( mbedtls_rsa_public(  ctx, sig, sig ) );
+
+    /*
+     * In order to prevent Lenstra's attack, make the signature in a
+     * temporary buffer and check it before returning it.
+     */
+    sig_try = mbedtls_calloc( 1, ctx->len );
+    verif   = mbedtls_calloc( 1, ctx->len );
+    if( sig_try == NULL || verif == NULL )
+        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+
+    MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
+    MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
+
+    /* Compare in constant time just in case */
+    for( diff = 0, i = 0; i < ctx->len; i++ )
+        diff |= verif[i] ^ sig[i];
+    diff_no_optimize = diff;
+
+    if( diff_no_optimize != 0 )
+    {
+        ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
+        goto cleanup;
+    }
+
+    memcpy( sig, sig_try, ctx->len );
+
+cleanup:
+    mbedtls_free( sig_try );
+    mbedtls_free( verif );
+
+    return( ret );
+}
+#endif /* MBEDTLS_PKCS1_V15 */
+
+/*
+ * Do an RSA operation to sign the message digest
+ */
+int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
+                    int (*f_rng)(void *, unsigned char *, size_t),
+                    void *p_rng,
+                    int mode,
+                    mbedtls_md_type_t md_alg,
+                    unsigned int hashlen,
+                    const unsigned char *hash,
+                    unsigned char *sig )
+{
+    switch( ctx->padding )
+    {
+#if defined(MBEDTLS_PKCS1_V15)
+        case MBEDTLS_RSA_PKCS_V15:
+            return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
+                                              hashlen, hash, sig );
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21)
+        case MBEDTLS_RSA_PKCS_V21:
+            return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
+                                        hashlen, hash, sig );
+#endif
+
+        default:
+            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    }
+}
+
+#if defined(MBEDTLS_PKCS1_V21)
+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
+ */
+int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
+                               int mode,
+                               mbedtls_md_type_t md_alg,
+                               unsigned int hashlen,
+                               const unsigned char *hash,
+                               mbedtls_md_type_t mgf1_hash_id,
+                               int expected_salt_len,
+                               const unsigned char *sig )
+{
+    int ret;
+    size_t siglen;
+    unsigned char *p;
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char result[MBEDTLS_MD_MAX_SIZE];
+    unsigned char zeros[8];
+    unsigned int hlen;
+    size_t slen, msb;
+    const mbedtls_md_info_t *md_info;
+    mbedtls_md_context_t md_ctx;
+
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    siglen = ctx->len;
+
+    if( siglen < 16 || siglen > sizeof( buf ) )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    ret = ( mode == MBEDTLS_RSA_PUBLIC )
+          ? mbedtls_rsa_public(  ctx, sig, buf )
+          : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
+
+    if( ret != 0 )
+        return( ret );
+
+    p = buf;
+
+    if( buf[siglen - 1] != 0xBC )
+        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+
+    if( md_alg != MBEDTLS_MD_NONE )
+    {
+        // Gather length of hash to sign
+        //
+        md_info = mbedtls_md_info_from_type( md_alg );
+        if( md_info == NULL )
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+        hashlen = mbedtls_md_get_size( md_info );
+    }
+
+    md_info = mbedtls_md_info_from_type( mgf1_hash_id );
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    hlen = mbedtls_md_get_size( md_info );
+    slen = siglen - hlen - 1; /* Currently length of salt + padding */
+
+    memset( zeros, 0, 8 );
+
+    // Note: EMSA-PSS verification is over the length of N - 1 bits
+    //
+    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+
+    // Compensate for boundary condition when applying mask
+    //
+    if( msb % 8 == 0 )
+    {
+        p++;
+        siglen -= 1;
+    }
+    if( buf[0] >> ( 8 - siglen * 8 + msb ) )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    mbedtls_md_init( &md_ctx );
+    mbedtls_md_setup( &md_ctx, md_info, 0 );
+
+    mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
+
+    buf[0] &= 0xFF >> ( siglen * 8 - msb );
+
+    while( p < buf + siglen && *p == 0 )
+        p++;
+
+    if( p == buf + siglen ||
+        *p++ != 0x01 )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    }
+
+    /* Actual salt len */
+    slen -= p - buf;
+
+    if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
+        slen != (size_t) expected_salt_len )
+    {
+        mbedtls_md_free( &md_ctx );
+        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    }
+
+    // Generate H = Hash( M' )
+    //
+    mbedtls_md_starts( &md_ctx );
+    mbedtls_md_update( &md_ctx, zeros, 8 );
+    mbedtls_md_update( &md_ctx, hash, hashlen );
+    mbedtls_md_update( &md_ctx, p, slen );
+    mbedtls_md_finish( &md_ctx, result );
+
+    mbedtls_md_free( &md_ctx );
+
+    if( memcmp( p + slen, result, hlen ) == 0 )
+        return( 0 );
+    else
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+}
+
+/*
+ * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
+ */
+int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng,
+                           int mode,
+                           mbedtls_md_type_t md_alg,
+                           unsigned int hashlen,
+                           const unsigned char *hash,
+                           const unsigned char *sig )
+{
+    mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
+                             ? (mbedtls_md_type_t) ctx->hash_id
+                             : md_alg;
+
+    return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
+                                       md_alg, hashlen, hash,
+                                       mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
+                                       sig ) );
+
+}
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PKCS1_V15)
+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
+ */
+int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
+                                 int mode,
+                                 mbedtls_md_type_t md_alg,
+                                 unsigned int hashlen,
+                                 const unsigned char *hash,
+                                 const unsigned char *sig )
+{
+    int ret;
+    size_t len, siglen, asn1_len;
+    unsigned char *p, *end;
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    mbedtls_md_type_t msg_md_alg;
+    const mbedtls_md_info_t *md_info;
+    mbedtls_asn1_buf oid;
+
+    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    siglen = ctx->len;
+
+    if( siglen < 16 || siglen > sizeof( buf ) )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+    ret = ( mode == MBEDTLS_RSA_PUBLIC )
+          ? mbedtls_rsa_public(  ctx, sig, buf )
+          : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
+
+    if( ret != 0 )
+        return( ret );
+
+    p = buf;
+
+    if( *p++ != 0 || *p++ != MBEDTLS_RSA_SIGN )
+        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+
+    while( *p != 0 )
+    {
+        if( p >= buf + siglen - 1 || *p != 0xFF )
+            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+        p++;
+    }
+    p++;
+
+    len = siglen - ( p - buf );
+
+    if( len == hashlen && md_alg == MBEDTLS_MD_NONE )
+    {
+        if( memcmp( p, hash, hashlen ) == 0 )
+            return( 0 );
+        else
+            return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+    }
+
+    md_info = mbedtls_md_info_from_type( md_alg );
+    if( md_info == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    hashlen = mbedtls_md_get_size( md_info );
+
+    end = p + len;
+
+    // Parse the ASN.1 structure inside the PKCS#1 v1.5 structure
+    //
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( asn1_len + 2 != len )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( asn1_len + 6 + hashlen != len )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    oid.p = p;
+    p += oid.len;
+
+    if( mbedtls_oid_get_md_alg( &oid, &msg_md_alg ) != 0 )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( md_alg != msg_md_alg )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    /*
+     * assume the algorithm parameters must be NULL
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_NULL ) ) != 0 )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( asn1_len != hashlen )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    if( memcmp( p, hash, hashlen ) != 0 )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    p += hashlen;
+
+    if( p != end )
+        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_PKCS1_V15 */
+
+/*
+ * Do an RSA operation and check the message digest
+ */
+int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng,
+                      int mode,
+                      mbedtls_md_type_t md_alg,
+                      unsigned int hashlen,
+                      const unsigned char *hash,
+                      const unsigned char *sig )
+{
+    switch( ctx->padding )
+    {
+#if defined(MBEDTLS_PKCS1_V15)
+        case MBEDTLS_RSA_PKCS_V15:
+            return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
+                                                hashlen, hash, sig );
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21)
+        case MBEDTLS_RSA_PKCS_V21:
+            return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
+                                          hashlen, hash, sig );
+#endif
+
+        default:
+            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    }
+}
+
+/*
+ * Copy the components of an RSA key
+ */
+int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
+{
+    int ret;
+
+    dst->ver = src->ver;
+    dst->len = src->len;
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) );
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) );
+
+    dst->padding = src->padding;
+    dst->hash_id = src->hash_id;
+
+cleanup:
+    if( ret != 0 )
+        mbedtls_rsa_free( dst );
+
+    return( ret );
+}
+
+/*
+ * Free the components of an RSA key
+ */
+void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
+{
+    mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
+    mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->RN );
+    mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); mbedtls_mpi_free( &ctx->DP );
+    mbedtls_mpi_free( &ctx->Q  ); mbedtls_mpi_free( &ctx->P  ); mbedtls_mpi_free( &ctx->D );
+    mbedtls_mpi_free( &ctx->E  ); mbedtls_mpi_free( &ctx->N  );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_free( &ctx->mutex );
+#endif
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+#include "mbedtls/sha1.h"
+
+/*
+ * Example RSA-1024 keypair, for test purposes
+ */
+#define KEY_LEN 128
+
+#define RSA_N   "9292758453063D803DD603D5E777D788" \
+                "8ED1D5BF35786190FA2F23EBC0848AEA" \
+                "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
+                "7130B9CED7ACDF54CFC7555AC14EEBAB" \
+                "93A89813FBF3C4F8066D2D800F7C38A8" \
+                "1AE31942917403FF4946B0A83D3D3E05" \
+                "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
+                "5E94BB77B07507233A0BC7BAC8F90F79"
+
+#define RSA_E   "10001"
+
+#define RSA_D   "24BF6185468786FDD303083D25E64EFC" \
+                "66CA472BC44D253102F8B4A9D3BFA750" \
+                "91386C0077937FE33FA3252D28855837" \
+                "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
+                "DF79C5CE07EE72C7F123142198164234" \
+                "CABB724CF78B8173B9F880FC86322407" \
+                "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
+                "071513A1E85B5DFA031F21ECAE91A34D"
+
+#define RSA_P   "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
+                "2C01CAD19EA484A87EA4377637E75500" \
+                "FCB2005C5C7DD6EC4AC023CDA285D796" \
+                "C3D9E75E1EFC42488BB4F1D13AC30A57"
+
+#define RSA_Q   "C000DF51A7C77AE8D7C7370C1FF55B69" \
+                "E211C2B9E5DB1ED0BF61D0D9899620F4" \
+                "910E4168387E3C30AA1E00C339A79508" \
+                "8452DD96A9A5EA5D9DCA68DA636032AF"
+
+#define RSA_DP  "C1ACF567564274FB07A0BBAD5D26E298" \
+                "3C94D22288ACD763FD8E5600ED4A702D" \
+                "F84198A5F06C2E72236AE490C93F07F8" \
+                "3CC559CD27BC2D1CA488811730BB5725"
+
+#define RSA_DQ  "4959CBF6F8FEF750AEE6977C155579C7" \
+                "D8AAEA56749EA28623272E4F7D0592AF" \
+                "7C1F1313CAC9471B5C523BFE592F517B" \
+                "407A1BD76C164B93DA2D32A383E58357"
+
+#define RSA_QP  "9AE7FBC99546432DF71896FC239EADAE" \
+                "F38D18D2B2F0E2DD275AA977E2BF4411" \
+                "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
+                "A74206CEC169D74BF5A8C50D6F48EA08"
+
+#define PT_LEN  24
+#define RSA_PT  "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
+                "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
+
+#if defined(MBEDTLS_PKCS1_V15)
+static int myrand( void *rng_state, unsigned char *output, size_t len )
+{
+#if !defined(__OpenBSD__)
+    size_t i;
+
+    if( rng_state != NULL )
+        rng_state  = NULL;
+
+    for( i = 0; i < len; ++i )
+        output[i] = rand();
+#else
+    if( rng_state != NULL )
+        rng_state = NULL;
+
+    arc4random_buf( output, len );
+#endif /* !OpenBSD */
+
+    return( 0 );
+}
+#endif /* MBEDTLS_PKCS1_V15 */
+
+/*
+ * Checkup routine
+ */
+int mbedtls_rsa_self_test( int verbose )
+{
+    int ret = 0;
+#if defined(MBEDTLS_PKCS1_V15)
+    size_t len;
+    mbedtls_rsa_context rsa;
+    unsigned char rsa_plaintext[PT_LEN];
+    unsigned char rsa_decrypted[PT_LEN];
+    unsigned char rsa_ciphertext[KEY_LEN];
+#if defined(MBEDTLS_SHA1_C)
+    unsigned char sha1sum[20];
+#endif
+
+    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+
+    rsa.len = KEY_LEN;
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.N , 16, RSA_N  ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.E , 16, RSA_E  ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.D , 16, RSA_D  ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.P , 16, RSA_P  ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.Q , 16, RSA_Q  ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.DP, 16, RSA_DP ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.DQ, 16, RSA_DQ ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.QP, 16, RSA_QP ) );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  RSA key validation: " );
+
+    if( mbedtls_rsa_check_pubkey(  &rsa ) != 0 ||
+        mbedtls_rsa_check_privkey( &rsa ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( 1 );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n  PKCS#1 encryption : " );
+
+    memcpy( rsa_plaintext, RSA_PT, PT_LEN );
+
+    if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, PT_LEN,
+                           rsa_plaintext, rsa_ciphertext ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( 1 );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n  PKCS#1 decryption : " );
+
+    if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, &len,
+                           rsa_ciphertext, rsa_decrypted,
+                           sizeof(rsa_decrypted) ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( 1 );
+    }
+
+    if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( 1 );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+#if defined(MBEDTLS_SHA1_C)
+    if( verbose != 0 )
+        mbedtls_printf( "PKCS#1 data sign  : " );
+
+    mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
+
+    if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
+                        sha1sum, rsa_ciphertext ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( 1 );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n  PKCS#1 sig. verify: " );
+
+    if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
+                          sha1sum, rsa_ciphertext ) != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( 1 );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+#endif /* MBEDTLS_SHA1_C */
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+cleanup:
+    mbedtls_rsa_free( &rsa );
+#else /* MBEDTLS_PKCS1_V15 */
+    ((void) verbose);
+#endif /* MBEDTLS_PKCS1_V15 */
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_RSA_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/sha1.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,448 @@
+/*
+ *  FIPS-180-1 compliant SHA-1 implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The SHA-1 standard was published by NIST in 1993.
+ *
+ *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+
+#include "mbedtls/sha1.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_SHA1_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+}
+#endif
+
+void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
+}
+
+void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
+}
+
+void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
+                         const mbedtls_sha1_context *src )
+{
+    *dst = *src;
+}
+
+/*
+ * SHA-1 context setup
+ */
+void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xEFCDAB89;
+    ctx->state[2] = 0x98BADCFE;
+    ctx->state[3] = 0x10325476;
+    ctx->state[4] = 0xC3D2E1F0;
+}
+
+#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
+void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
+{
+    uint32_t temp, W[16], A, B, C, D, E;
+
+    GET_UINT32_BE( W[ 0], data,  0 );
+    GET_UINT32_BE( W[ 1], data,  4 );
+    GET_UINT32_BE( W[ 2], data,  8 );
+    GET_UINT32_BE( W[ 3], data, 12 );
+    GET_UINT32_BE( W[ 4], data, 16 );
+    GET_UINT32_BE( W[ 5], data, 20 );
+    GET_UINT32_BE( W[ 6], data, 24 );
+    GET_UINT32_BE( W[ 7], data, 28 );
+    GET_UINT32_BE( W[ 8], data, 32 );
+    GET_UINT32_BE( W[ 9], data, 36 );
+    GET_UINT32_BE( W[10], data, 40 );
+    GET_UINT32_BE( W[11], data, 44 );
+    GET_UINT32_BE( W[12], data, 48 );
+    GET_UINT32_BE( W[13], data, 52 );
+    GET_UINT32_BE( W[14], data, 56 );
+    GET_UINT32_BE( W[15], data, 60 );
+
+#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
+
+#define R(t)                                            \
+(                                                       \
+    temp = W[( t -  3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
+           W[( t - 14 ) & 0x0F] ^ W[  t       & 0x0F],  \
+    ( W[t & 0x0F] = S(temp,1) )                         \
+)
+
+#define P(a,b,c,d,e,x)                                  \
+{                                                       \
+    e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
+}
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+    E = ctx->state[4];
+
+#define F(x,y,z) (z ^ (x & (y ^ z)))
+#define K 0x5A827999
+
+    P( A, B, C, D, E, W[0]  );
+    P( E, A, B, C, D, W[1]  );
+    P( D, E, A, B, C, W[2]  );
+    P( C, D, E, A, B, W[3]  );
+    P( B, C, D, E, A, W[4]  );
+    P( A, B, C, D, E, W[5]  );
+    P( E, A, B, C, D, W[6]  );
+    P( D, E, A, B, C, W[7]  );
+    P( C, D, E, A, B, W[8]  );
+    P( B, C, D, E, A, W[9]  );
+    P( A, B, C, D, E, W[10] );
+    P( E, A, B, C, D, W[11] );
+    P( D, E, A, B, C, W[12] );
+    P( C, D, E, A, B, W[13] );
+    P( B, C, D, E, A, W[14] );
+    P( A, B, C, D, E, W[15] );
+    P( E, A, B, C, D, R(16) );
+    P( D, E, A, B, C, R(17) );
+    P( C, D, E, A, B, R(18) );
+    P( B, C, D, E, A, R(19) );
+
+#undef K
+#undef F
+
+#define F(x,y,z) (x ^ y ^ z)
+#define K 0x6ED9EBA1
+
+    P( A, B, C, D, E, R(20) );
+    P( E, A, B, C, D, R(21) );
+    P( D, E, A, B, C, R(22) );
+    P( C, D, E, A, B, R(23) );
+    P( B, C, D, E, A, R(24) );
+    P( A, B, C, D, E, R(25) );
+    P( E, A, B, C, D, R(26) );
+    P( D, E, A, B, C, R(27) );
+    P( C, D, E, A, B, R(28) );
+    P( B, C, D, E, A, R(29) );
+    P( A, B, C, D, E, R(30) );
+    P( E, A, B, C, D, R(31) );
+    P( D, E, A, B, C, R(32) );
+    P( C, D, E, A, B, R(33) );
+    P( B, C, D, E, A, R(34) );
+    P( A, B, C, D, E, R(35) );
+    P( E, A, B, C, D, R(36) );
+    P( D, E, A, B, C, R(37) );
+    P( C, D, E, A, B, R(38) );
+    P( B, C, D, E, A, R(39) );
+
+#undef K
+#undef F
+
+#define F(x,y,z) ((x & y) | (z & (x | y)))
+#define K 0x8F1BBCDC
+
+    P( A, B, C, D, E, R(40) );
+    P( E, A, B, C, D, R(41) );
+    P( D, E, A, B, C, R(42) );
+    P( C, D, E, A, B, R(43) );
+    P( B, C, D, E, A, R(44) );
+    P( A, B, C, D, E, R(45) );
+    P( E, A, B, C, D, R(46) );
+    P( D, E, A, B, C, R(47) );
+    P( C, D, E, A, B, R(48) );
+    P( B, C, D, E, A, R(49) );
+    P( A, B, C, D, E, R(50) );
+    P( E, A, B, C, D, R(51) );
+    P( D, E, A, B, C, R(52) );
+    P( C, D, E, A, B, R(53) );
+    P( B, C, D, E, A, R(54) );
+    P( A, B, C, D, E, R(55) );
+    P( E, A, B, C, D, R(56) );
+    P( D, E, A, B, C, R(57) );
+    P( C, D, E, A, B, R(58) );
+    P( B, C, D, E, A, R(59) );
+
+#undef K
+#undef F
+
+#define F(x,y,z) (x ^ y ^ z)
+#define K 0xCA62C1D6
+
+    P( A, B, C, D, E, R(60) );
+    P( E, A, B, C, D, R(61) );
+    P( D, E, A, B, C, R(62) );
+    P( C, D, E, A, B, R(63) );
+    P( B, C, D, E, A, R(64) );
+    P( A, B, C, D, E, R(65) );
+    P( E, A, B, C, D, R(66) );
+    P( D, E, A, B, C, R(67) );
+    P( C, D, E, A, B, R(68) );
+    P( B, C, D, E, A, R(69) );
+    P( A, B, C, D, E, R(70) );
+    P( E, A, B, C, D, R(71) );
+    P( D, E, A, B, C, R(72) );
+    P( C, D, E, A, B, R(73) );
+    P( B, C, D, E, A, R(74) );
+    P( A, B, C, D, E, R(75) );
+    P( E, A, B, C, D, R(76) );
+    P( D, E, A, B, C, R(77) );
+    P( C, D, E, A, B, R(78) );
+    P( B, C, D, E, A, R(79) );
+
+#undef K
+#undef F
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+    ctx->state[4] += E;
+}
+#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
+
+/*
+ * SHA-1 process buffer
+ */
+void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
+{
+    size_t fill;
+    uint32_t left;
+
+    if( ilen == 0 )
+        return;
+
+    left = ctx->total[0] & 0x3F;
+    fill = 64 - left;
+
+    ctx->total[0] += (uint32_t) ilen;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if( ctx->total[0] < (uint32_t) ilen )
+        ctx->total[1]++;
+
+    if( left && ilen >= fill )
+    {
+        memcpy( (void *) (ctx->buffer + left), input, fill );
+        mbedtls_sha1_process( ctx, ctx->buffer );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+    }
+
+    while( ilen >= 64 )
+    {
+        mbedtls_sha1_process( ctx, input );
+        input += 64;
+        ilen  -= 64;
+    }
+
+    if( ilen > 0 )
+        memcpy( (void *) (ctx->buffer + left), input, ilen );
+}
+
+static const unsigned char sha1_padding[64] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/*
+ * SHA-1 final digest
+ */
+void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
+{
+    uint32_t last, padn;
+    uint32_t high, low;
+    unsigned char msglen[8];
+
+    high = ( ctx->total[0] >> 29 )
+         | ( ctx->total[1] <<  3 );
+    low  = ( ctx->total[0] <<  3 );
+
+    PUT_UINT32_BE( high, msglen, 0 );
+    PUT_UINT32_BE( low,  msglen, 4 );
+
+    last = ctx->total[0] & 0x3F;
+    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+
+    mbedtls_sha1_update( ctx, sha1_padding, padn );
+    mbedtls_sha1_update( ctx, msglen, 8 );
+
+    PUT_UINT32_BE( ctx->state[0], output,  0 );
+    PUT_UINT32_BE( ctx->state[1], output,  4 );
+    PUT_UINT32_BE( ctx->state[2], output,  8 );
+    PUT_UINT32_BE( ctx->state[3], output, 12 );
+    PUT_UINT32_BE( ctx->state[4], output, 16 );
+}
+
+#endif /* !MBEDTLS_SHA1_ALT */
+
+/*
+ * output = SHA-1( input buffer )
+ */
+void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
+{
+    mbedtls_sha1_context ctx;
+
+    mbedtls_sha1_init( &ctx );
+    mbedtls_sha1_starts( &ctx );
+    mbedtls_sha1_update( &ctx, input, ilen );
+    mbedtls_sha1_finish( &ctx, output );
+    mbedtls_sha1_free( &ctx );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * FIPS-180-1 test vectors
+ */
+static const unsigned char sha1_test_buf[3][57] =
+{
+    { "abc" },
+    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
+    { "" }
+};
+
+static const int sha1_test_buflen[3] =
+{
+    3, 56, 1000
+};
+
+static const unsigned char sha1_test_sum[3][20] =
+{
+    { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
+      0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
+    { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
+      0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
+    { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
+      0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_sha1_self_test( int verbose )
+{
+    int i, j, buflen, ret = 0;
+    unsigned char buf[1024];
+    unsigned char sha1sum[20];
+    mbedtls_sha1_context ctx;
+
+    mbedtls_sha1_init( &ctx );
+
+    /*
+     * SHA-1
+     */
+    for( i = 0; i < 3; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  SHA-1 test #%d: ", i + 1 );
+
+        mbedtls_sha1_starts( &ctx );
+
+        if( i == 2 )
+        {
+            memset( buf, 'a', buflen = 1000 );
+
+            for( j = 0; j < 1000; j++ )
+                mbedtls_sha1_update( &ctx, buf, buflen );
+        }
+        else
+            mbedtls_sha1_update( &ctx, sha1_test_buf[i],
+                               sha1_test_buflen[i] );
+
+        mbedtls_sha1_finish( &ctx, sha1sum );
+
+        if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto exit;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+exit:
+    mbedtls_sha1_free( &ctx );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_SHA1_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/sha256.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,445 @@
+/*
+ *  FIPS-180-2 compliant SHA-256 implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The SHA-256 Secure Hash Standard was published by NIST in 2002.
+ *
+ *  http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+
+#include "mbedtls/sha256.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_SHA256_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+do {                                                    \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+} while( 0 )
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+do {                                                    \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+} while( 0 )
+#endif
+
+void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
+}
+
+void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
+}
+
+void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
+                           const mbedtls_sha256_context *src )
+{
+    *dst = *src;
+}
+
+/*
+ * SHA-256 context setup
+ */
+void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    if( is224 == 0 )
+    {
+        /* SHA-256 */
+        ctx->state[0] = 0x6A09E667;
+        ctx->state[1] = 0xBB67AE85;
+        ctx->state[2] = 0x3C6EF372;
+        ctx->state[3] = 0xA54FF53A;
+        ctx->state[4] = 0x510E527F;
+        ctx->state[5] = 0x9B05688C;
+        ctx->state[6] = 0x1F83D9AB;
+        ctx->state[7] = 0x5BE0CD19;
+    }
+    else
+    {
+        /* SHA-224 */
+        ctx->state[0] = 0xC1059ED8;
+        ctx->state[1] = 0x367CD507;
+        ctx->state[2] = 0x3070DD17;
+        ctx->state[3] = 0xF70E5939;
+        ctx->state[4] = 0xFFC00B31;
+        ctx->state[5] = 0x68581511;
+        ctx->state[6] = 0x64F98FA7;
+        ctx->state[7] = 0xBEFA4FA4;
+    }
+
+    ctx->is224 = is224;
+}
+
+#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
+static const uint32_t K[] =
+{
+    0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
+    0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
+    0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
+    0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
+    0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
+    0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
+    0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
+    0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
+    0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
+    0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
+    0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
+    0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
+    0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
+    0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
+    0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
+    0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
+};
+
+#define  SHR(x,n) ((x & 0xFFFFFFFF) >> n)
+#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
+
+#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
+#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
+
+#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+
+#define F0(x,y,z) ((x & y) | (z & (x | y)))
+#define F1(x,y,z) (z ^ (x & (y ^ z)))
+
+#define R(t)                                    \
+(                                               \
+    W[t] = S1(W[t -  2]) + W[t -  7] +          \
+           S0(W[t - 15]) + W[t - 16]            \
+)
+
+#define P(a,b,c,d,e,f,g,h,x,K)                  \
+{                                               \
+    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
+    temp2 = S2(a) + F0(a,b,c);                  \
+    d += temp1; h = temp1 + temp2;              \
+}
+
+void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
+{
+    uint32_t temp1, temp2, W[64];
+    uint32_t A[8];
+    unsigned int i;
+
+    for( i = 0; i < 8; i++ )
+        A[i] = ctx->state[i];
+
+#if defined(MBEDTLS_SHA256_SMALLER)
+    for( i = 0; i < 64; i++ )
+    {
+        if( i < 16 )
+            GET_UINT32_BE( W[i], data, 4 * i );
+        else
+            R( i );
+
+        P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
+
+        temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
+        A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
+    }
+#else /* MBEDTLS_SHA256_SMALLER */
+    for( i = 0; i < 16; i++ )
+        GET_UINT32_BE( W[i], data, 4 * i );
+
+    for( i = 0; i < 16; i += 8 )
+    {
+        P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
+        P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
+        P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
+        P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
+        P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
+        P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
+        P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
+        P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
+    }
+
+    for( i = 16; i < 64; i += 8 )
+    {
+        P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
+        P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
+        P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
+        P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
+        P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
+        P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
+        P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
+        P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
+    }
+#endif /* MBEDTLS_SHA256_SMALLER */
+
+    for( i = 0; i < 8; i++ )
+        ctx->state[i] += A[i];
+}
+#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
+
+/*
+ * SHA-256 process buffer
+ */
+void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
+                    size_t ilen )
+{
+    size_t fill;
+    uint32_t left;
+
+    if( ilen == 0 )
+        return;
+
+    left = ctx->total[0] & 0x3F;
+    fill = 64 - left;
+
+    ctx->total[0] += (uint32_t) ilen;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if( ctx->total[0] < (uint32_t) ilen )
+        ctx->total[1]++;
+
+    if( left && ilen >= fill )
+    {
+        memcpy( (void *) (ctx->buffer + left), input, fill );
+        mbedtls_sha256_process( ctx, ctx->buffer );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+    }
+
+    while( ilen >= 64 )
+    {
+        mbedtls_sha256_process( ctx, input );
+        input += 64;
+        ilen  -= 64;
+    }
+
+    if( ilen > 0 )
+        memcpy( (void *) (ctx->buffer + left), input, ilen );
+}
+
+static const unsigned char sha256_padding[64] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/*
+ * SHA-256 final digest
+ */
+void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
+{
+    uint32_t last, padn;
+    uint32_t high, low;
+    unsigned char msglen[8];
+
+    high = ( ctx->total[0] >> 29 )
+         | ( ctx->total[1] <<  3 );
+    low  = ( ctx->total[0] <<  3 );
+
+    PUT_UINT32_BE( high, msglen, 0 );
+    PUT_UINT32_BE( low,  msglen, 4 );
+
+    last = ctx->total[0] & 0x3F;
+    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
+
+    mbedtls_sha256_update( ctx, sha256_padding, padn );
+    mbedtls_sha256_update( ctx, msglen, 8 );
+
+    PUT_UINT32_BE( ctx->state[0], output,  0 );
+    PUT_UINT32_BE( ctx->state[1], output,  4 );
+    PUT_UINT32_BE( ctx->state[2], output,  8 );
+    PUT_UINT32_BE( ctx->state[3], output, 12 );
+    PUT_UINT32_BE( ctx->state[4], output, 16 );
+    PUT_UINT32_BE( ctx->state[5], output, 20 );
+    PUT_UINT32_BE( ctx->state[6], output, 24 );
+
+    if( ctx->is224 == 0 )
+        PUT_UINT32_BE( ctx->state[7], output, 28 );
+}
+
+#endif /* !MBEDTLS_SHA256_ALT */
+
+/*
+ * output = SHA-256( input buffer )
+ */
+void mbedtls_sha256( const unsigned char *input, size_t ilen,
+             unsigned char output[32], int is224 )
+{
+    mbedtls_sha256_context ctx;
+
+    mbedtls_sha256_init( &ctx );
+    mbedtls_sha256_starts( &ctx, is224 );
+    mbedtls_sha256_update( &ctx, input, ilen );
+    mbedtls_sha256_finish( &ctx, output );
+    mbedtls_sha256_free( &ctx );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+/*
+ * FIPS-180-2 test vectors
+ */
+static const unsigned char sha256_test_buf[3][57] =
+{
+    { "abc" },
+    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
+    { "" }
+};
+
+static const int sha256_test_buflen[3] =
+{
+    3, 56, 1000
+};
+
+static const unsigned char sha256_test_sum[6][32] =
+{
+    /*
+     * SHA-224 test vectors
+     */
+    { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
+      0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
+      0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
+      0xE3, 0x6C, 0x9D, 0xA7 },
+    { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
+      0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
+      0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
+      0x52, 0x52, 0x25, 0x25 },
+    { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
+      0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
+      0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
+      0x4E, 0xE7, 0xAD, 0x67 },
+
+    /*
+     * SHA-256 test vectors
+     */
+    { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
+      0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
+      0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
+      0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
+    { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
+      0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
+      0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
+      0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
+    { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
+      0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
+      0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
+      0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_sha256_self_test( int verbose )
+{
+    int i, j, k, buflen, ret = 0;
+    unsigned char buf[1024];
+    unsigned char sha256sum[32];
+    mbedtls_sha256_context ctx;
+
+    mbedtls_sha256_init( &ctx );
+
+    for( i = 0; i < 6; i++ )
+    {
+        j = i % 3;
+        k = i < 3;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  SHA-%d test #%d: ", 256 - k * 32, j + 1 );
+
+        mbedtls_sha256_starts( &ctx, k );
+
+        if( j == 2 )
+        {
+            memset( buf, 'a', buflen = 1000 );
+
+            for( j = 0; j < 1000; j++ )
+                mbedtls_sha256_update( &ctx, buf, buflen );
+        }
+        else
+            mbedtls_sha256_update( &ctx, sha256_test_buf[j],
+                                 sha256_test_buflen[j] );
+
+        mbedtls_sha256_finish( &ctx, sha256sum );
+
+        if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto exit;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+exit:
+    mbedtls_sha256_free( &ctx );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_SHA256_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/sha512.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,500 @@
+/*
+ *  FIPS-180-2 compliant SHA-384/512 implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The SHA-512 Secure Hash Standard was published by NIST in 2002.
+ *
+ *  http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+
+#include "mbedtls/sha512.h"
+
+#if defined(_MSC_VER) || defined(__WATCOMC__)
+  #define UL64(x) x##ui64
+#else
+  #define UL64(x) x##ULL
+#endif
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_SHA512_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 64-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT64_BE
+#define GET_UINT64_BE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint64_t) (b)[(i)    ] << 56 )       \
+        | ( (uint64_t) (b)[(i) + 1] << 48 )       \
+        | ( (uint64_t) (b)[(i) + 2] << 40 )       \
+        | ( (uint64_t) (b)[(i) + 3] << 32 )       \
+        | ( (uint64_t) (b)[(i) + 4] << 24 )       \
+        | ( (uint64_t) (b)[(i) + 5] << 16 )       \
+        | ( (uint64_t) (b)[(i) + 6] <<  8 )       \
+        | ( (uint64_t) (b)[(i) + 7]       );      \
+}
+#endif /* GET_UINT64_BE */
+
+#ifndef PUT_UINT64_BE
+#define PUT_UINT64_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 56 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 48 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >> 40 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n) >> 32 );       \
+    (b)[(i) + 4] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 5] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 6] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 7] = (unsigned char) ( (n)       );       \
+}
+#endif /* PUT_UINT64_BE */
+
+/*
+ * Round constants
+ */
+static const uint64_t K[80] =
+{
+    UL64(0x428A2F98D728AE22),  UL64(0x7137449123EF65CD),
+    UL64(0xB5C0FBCFEC4D3B2F),  UL64(0xE9B5DBA58189DBBC),
+    UL64(0x3956C25BF348B538),  UL64(0x59F111F1B605D019),
+    UL64(0x923F82A4AF194F9B),  UL64(0xAB1C5ED5DA6D8118),
+    UL64(0xD807AA98A3030242),  UL64(0x12835B0145706FBE),
+    UL64(0x243185BE4EE4B28C),  UL64(0x550C7DC3D5FFB4E2),
+    UL64(0x72BE5D74F27B896F),  UL64(0x80DEB1FE3B1696B1),
+    UL64(0x9BDC06A725C71235),  UL64(0xC19BF174CF692694),
+    UL64(0xE49B69C19EF14AD2),  UL64(0xEFBE4786384F25E3),
+    UL64(0x0FC19DC68B8CD5B5),  UL64(0x240CA1CC77AC9C65),
+    UL64(0x2DE92C6F592B0275),  UL64(0x4A7484AA6EA6E483),
+    UL64(0x5CB0A9DCBD41FBD4),  UL64(0x76F988DA831153B5),
+    UL64(0x983E5152EE66DFAB),  UL64(0xA831C66D2DB43210),
+    UL64(0xB00327C898FB213F),  UL64(0xBF597FC7BEEF0EE4),
+    UL64(0xC6E00BF33DA88FC2),  UL64(0xD5A79147930AA725),
+    UL64(0x06CA6351E003826F),  UL64(0x142929670A0E6E70),
+    UL64(0x27B70A8546D22FFC),  UL64(0x2E1B21385C26C926),
+    UL64(0x4D2C6DFC5AC42AED),  UL64(0x53380D139D95B3DF),
+    UL64(0x650A73548BAF63DE),  UL64(0x766A0ABB3C77B2A8),
+    UL64(0x81C2C92E47EDAEE6),  UL64(0x92722C851482353B),
+    UL64(0xA2BFE8A14CF10364),  UL64(0xA81A664BBC423001),
+    UL64(0xC24B8B70D0F89791),  UL64(0xC76C51A30654BE30),
+    UL64(0xD192E819D6EF5218),  UL64(0xD69906245565A910),
+    UL64(0xF40E35855771202A),  UL64(0x106AA07032BBD1B8),
+    UL64(0x19A4C116B8D2D0C8),  UL64(0x1E376C085141AB53),
+    UL64(0x2748774CDF8EEB99),  UL64(0x34B0BCB5E19B48A8),
+    UL64(0x391C0CB3C5C95A63),  UL64(0x4ED8AA4AE3418ACB),
+    UL64(0x5B9CCA4F7763E373),  UL64(0x682E6FF3D6B2B8A3),
+    UL64(0x748F82EE5DEFB2FC),  UL64(0x78A5636F43172F60),
+    UL64(0x84C87814A1F0AB72),  UL64(0x8CC702081A6439EC),
+    UL64(0x90BEFFFA23631E28),  UL64(0xA4506CEBDE82BDE9),
+    UL64(0xBEF9A3F7B2C67915),  UL64(0xC67178F2E372532B),
+    UL64(0xCA273ECEEA26619C),  UL64(0xD186B8C721C0C207),
+    UL64(0xEADA7DD6CDE0EB1E),  UL64(0xF57D4F7FEE6ED178),
+    UL64(0x06F067AA72176FBA),  UL64(0x0A637DC5A2C898A6),
+    UL64(0x113F9804BEF90DAE),  UL64(0x1B710B35131C471B),
+    UL64(0x28DB77F523047D84),  UL64(0x32CAAB7B40C72493),
+    UL64(0x3C9EBE0A15C9BEBC),  UL64(0x431D67C49C100D4C),
+    UL64(0x4CC5D4BECB3E42B6),  UL64(0x597F299CFC657E2A),
+    UL64(0x5FCB6FAB3AD6FAEC),  UL64(0x6C44198C4A475817)
+};
+
+void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
+}
+
+void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
+}
+
+void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
+                           const mbedtls_sha512_context *src )
+{
+    *dst = *src;
+}
+
+/*
+ * SHA-512 context setup
+ */
+void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    if( is384 == 0 )
+    {
+        /* SHA-512 */
+        ctx->state[0] = UL64(0x6A09E667F3BCC908);
+        ctx->state[1] = UL64(0xBB67AE8584CAA73B);
+        ctx->state[2] = UL64(0x3C6EF372FE94F82B);
+        ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
+        ctx->state[4] = UL64(0x510E527FADE682D1);
+        ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
+        ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
+        ctx->state[7] = UL64(0x5BE0CD19137E2179);
+    }
+    else
+    {
+        /* SHA-384 */
+        ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
+        ctx->state[1] = UL64(0x629A292A367CD507);
+        ctx->state[2] = UL64(0x9159015A3070DD17);
+        ctx->state[3] = UL64(0x152FECD8F70E5939);
+        ctx->state[4] = UL64(0x67332667FFC00B31);
+        ctx->state[5] = UL64(0x8EB44A8768581511);
+        ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
+        ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
+    }
+
+    ctx->is384 = is384;
+}
+
+#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
+void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
+{
+    int i;
+    uint64_t temp1, temp2, W[80];
+    uint64_t A, B, C, D, E, F, G, H;
+
+#define  SHR(x,n) (x >> n)
+#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
+
+#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^  SHR(x, 7))
+#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^  SHR(x, 6))
+
+#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+
+#define F0(x,y,z) ((x & y) | (z & (x | y)))
+#define F1(x,y,z) (z ^ (x & (y ^ z)))
+
+#define P(a,b,c,d,e,f,g,h,x,K)                  \
+{                                               \
+    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
+    temp2 = S2(a) + F0(a,b,c);                  \
+    d += temp1; h = temp1 + temp2;              \
+}
+
+    for( i = 0; i < 16; i++ )
+    {
+        GET_UINT64_BE( W[i], data, i << 3 );
+    }
+
+    for( ; i < 80; i++ )
+    {
+        W[i] = S1(W[i -  2]) + W[i -  7] +
+               S0(W[i - 15]) + W[i - 16];
+    }
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+    E = ctx->state[4];
+    F = ctx->state[5];
+    G = ctx->state[6];
+    H = ctx->state[7];
+    i = 0;
+
+    do
+    {
+        P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
+        P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
+        P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
+        P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
+        P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
+        P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
+        P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
+        P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
+    }
+    while( i < 80 );
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+    ctx->state[4] += E;
+    ctx->state[5] += F;
+    ctx->state[6] += G;
+    ctx->state[7] += H;
+}
+#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
+
+/*
+ * SHA-512 process buffer
+ */
+void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
+                    size_t ilen )
+{
+    size_t fill;
+    unsigned int left;
+
+    if( ilen == 0 )
+        return;
+
+    left = (unsigned int) (ctx->total[0] & 0x7F);
+    fill = 128 - left;
+
+    ctx->total[0] += (uint64_t) ilen;
+
+    if( ctx->total[0] < (uint64_t) ilen )
+        ctx->total[1]++;
+
+    if( left && ilen >= fill )
+    {
+        memcpy( (void *) (ctx->buffer + left), input, fill );
+        mbedtls_sha512_process( ctx, ctx->buffer );
+        input += fill;
+        ilen  -= fill;
+        left = 0;
+    }
+
+    while( ilen >= 128 )
+    {
+        mbedtls_sha512_process( ctx, input );
+        input += 128;
+        ilen  -= 128;
+    }
+
+    if( ilen > 0 )
+        memcpy( (void *) (ctx->buffer + left), input, ilen );
+}
+
+static const unsigned char sha512_padding[128] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/*
+ * SHA-512 final digest
+ */
+void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
+{
+    size_t last, padn;
+    uint64_t high, low;
+    unsigned char msglen[16];
+
+    high = ( ctx->total[0] >> 61 )
+         | ( ctx->total[1] <<  3 );
+    low  = ( ctx->total[0] <<  3 );
+
+    PUT_UINT64_BE( high, msglen, 0 );
+    PUT_UINT64_BE( low,  msglen, 8 );
+
+    last = (size_t)( ctx->total[0] & 0x7F );
+    padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
+
+    mbedtls_sha512_update( ctx, sha512_padding, padn );
+    mbedtls_sha512_update( ctx, msglen, 16 );
+
+    PUT_UINT64_BE( ctx->state[0], output,  0 );
+    PUT_UINT64_BE( ctx->state[1], output,  8 );
+    PUT_UINT64_BE( ctx->state[2], output, 16 );
+    PUT_UINT64_BE( ctx->state[3], output, 24 );
+    PUT_UINT64_BE( ctx->state[4], output, 32 );
+    PUT_UINT64_BE( ctx->state[5], output, 40 );
+
+    if( ctx->is384 == 0 )
+    {
+        PUT_UINT64_BE( ctx->state[6], output, 48 );
+        PUT_UINT64_BE( ctx->state[7], output, 56 );
+    }
+}
+
+#endif /* !MBEDTLS_SHA512_ALT */
+
+/*
+ * output = SHA-512( input buffer )
+ */
+void mbedtls_sha512( const unsigned char *input, size_t ilen,
+             unsigned char output[64], int is384 )
+{
+    mbedtls_sha512_context ctx;
+
+    mbedtls_sha512_init( &ctx );
+    mbedtls_sha512_starts( &ctx, is384 );
+    mbedtls_sha512_update( &ctx, input, ilen );
+    mbedtls_sha512_finish( &ctx, output );
+    mbedtls_sha512_free( &ctx );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+/*
+ * FIPS-180-2 test vectors
+ */
+static const unsigned char sha512_test_buf[3][113] =
+{
+    { "abc" },
+    { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+      "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
+    { "" }
+};
+
+static const int sha512_test_buflen[3] =
+{
+    3, 112, 1000
+};
+
+static const unsigned char sha512_test_sum[6][64] =
+{
+    /*
+     * SHA-384 test vectors
+     */
+    { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
+      0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
+      0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
+      0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
+      0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
+      0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
+    { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
+      0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
+      0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
+      0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
+      0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
+      0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
+    { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
+      0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
+      0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
+      0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
+      0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
+      0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
+
+    /*
+     * SHA-512 test vectors
+     */
+    { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
+      0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
+      0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
+      0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
+      0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
+      0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
+      0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
+      0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
+    { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
+      0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
+      0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
+      0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
+      0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
+      0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
+      0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
+      0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
+    { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
+      0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
+      0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
+      0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
+      0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
+      0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
+      0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
+      0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_sha512_self_test( int verbose )
+{
+    int i, j, k, buflen, ret = 0;
+    unsigned char buf[1024];
+    unsigned char sha512sum[64];
+    mbedtls_sha512_context ctx;
+
+    mbedtls_sha512_init( &ctx );
+
+    for( i = 0; i < 6; i++ )
+    {
+        j = i % 3;
+        k = i < 3;
+
+        if( verbose != 0 )
+            mbedtls_printf( "  SHA-%d test #%d: ", 512 - k * 128, j + 1 );
+
+        mbedtls_sha512_starts( &ctx, k );
+
+        if( j == 2 )
+        {
+            memset( buf, 'a', buflen = 1000 );
+
+            for( j = 0; j < 1000; j++ )
+                mbedtls_sha512_update( &ctx, buf, buflen );
+        }
+        else
+            mbedtls_sha512_update( &ctx, sha512_test_buf[j],
+                                 sha512_test_buflen[j] );
+
+        mbedtls_sha512_finish( &ctx, sha512sum );
+
+        if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto exit;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+exit:
+    mbedtls_sha512_free( &ctx );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_SHA512_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ssl_cache.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,326 @@
+/*
+ *  SSL session cache implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * These session callbacks use a simple chained list
+ * to store and retrieve the session information.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+
+#include "mbedtls/ssl_cache.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
+{
+    memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
+
+    cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
+    cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &cache->mutex );
+#endif
+}
+
+int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
+{
+    int ret = 1;
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t t = time( NULL );
+#endif
+    mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
+    mbedtls_ssl_cache_entry *cur, *entry;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
+        return( 1 );
+#endif
+
+    cur = cache->chain;
+    entry = NULL;
+
+    while( cur != NULL )
+    {
+        entry = cur;
+        cur = cur->next;
+
+#if defined(MBEDTLS_HAVE_TIME)
+        if( cache->timeout != 0 &&
+            (int) ( t - entry->timestamp ) > cache->timeout )
+            continue;
+#endif
+
+        if( session->ciphersuite != entry->session.ciphersuite ||
+            session->compression != entry->session.compression ||
+            session->id_len != entry->session.id_len )
+            continue;
+
+        if( memcmp( session->id, entry->session.id,
+                    entry->session.id_len ) != 0 )
+            continue;
+
+        memcpy( session->master, entry->session.master, 48 );
+
+        session->verify_result = entry->session.verify_result;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+        /*
+         * Restore peer certificate (without rest of the original chain)
+         */
+        if( entry->peer_cert.p != NULL )
+        {
+            if( ( session->peer_cert = mbedtls_calloc( 1,
+                                 sizeof(mbedtls_x509_crt) ) ) == NULL )
+            {
+                ret = 1;
+                goto exit;
+            }
+
+            mbedtls_x509_crt_init( session->peer_cert );
+            if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p,
+                                entry->peer_cert.len ) != 0 )
+            {
+                mbedtls_free( session->peer_cert );
+                session->peer_cert = NULL;
+                ret = 1;
+                goto exit;
+            }
+        }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+        ret = 0;
+        goto exit;
+    }
+
+exit:
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+        ret = 1;
+#endif
+
+    return( ret );
+}
+
+int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
+{
+    int ret = 1;
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t t = time( NULL ), oldest = 0;
+    mbedtls_ssl_cache_entry *old = NULL;
+#endif
+    mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
+    mbedtls_ssl_cache_entry *cur, *prv;
+    int count = 0;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    cur = cache->chain;
+    prv = NULL;
+
+    while( cur != NULL )
+    {
+        count++;
+
+#if defined(MBEDTLS_HAVE_TIME)
+        if( cache->timeout != 0 &&
+            (int) ( t - cur->timestamp ) > cache->timeout )
+        {
+            cur->timestamp = t;
+            break; /* expired, reuse this slot, update timestamp */
+        }
+#endif
+
+        if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
+            break; /* client reconnected, keep timestamp for session id */
+
+#if defined(MBEDTLS_HAVE_TIME)
+        if( oldest == 0 || cur->timestamp < oldest )
+        {
+            oldest = cur->timestamp;
+            old = cur;
+        }
+#endif
+
+        prv = cur;
+        cur = cur->next;
+    }
+
+    if( cur == NULL )
+    {
+#if defined(MBEDTLS_HAVE_TIME)
+        /*
+         * Reuse oldest entry if max_entries reached
+         */
+        if( count >= cache->max_entries )
+        {
+            if( old == NULL )
+            {
+                ret = 1;
+                goto exit;
+            }
+
+            cur = old;
+        }
+#else /* MBEDTLS_HAVE_TIME */
+        /*
+         * Reuse first entry in chain if max_entries reached,
+         * but move to last place
+         */
+        if( count >= cache->max_entries )
+        {
+            if( cache->chain == NULL )
+            {
+                ret = 1;
+                goto exit;
+            }
+
+            cur = cache->chain;
+            cache->chain = cur->next;
+            cur->next = NULL;
+            prv->next = cur;
+        }
+#endif /* MBEDTLS_HAVE_TIME */
+        else
+        {
+            /*
+             * max_entries not reached, create new entry
+             */
+            cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
+            if( cur == NULL )
+            {
+                ret = 1;
+                goto exit;
+            }
+
+            if( prv == NULL )
+                cache->chain = cur;
+            else
+                prv->next = cur;
+        }
+
+#if defined(MBEDTLS_HAVE_TIME)
+        cur->timestamp = t;
+#endif
+    }
+
+    memcpy( &cur->session, session, sizeof( mbedtls_ssl_session ) );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    /*
+     * If we're reusing an entry, free its certificate first
+     */
+    if( cur->peer_cert.p != NULL )
+    {
+        mbedtls_free( cur->peer_cert.p );
+        memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
+    }
+
+    /*
+     * Store peer certificate
+     */
+    if( session->peer_cert != NULL )
+    {
+        cur->peer_cert.p = mbedtls_calloc( 1, session->peer_cert->raw.len );
+        if( cur->peer_cert.p == NULL )
+        {
+            ret = 1;
+            goto exit;
+        }
+
+        memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
+                session->peer_cert->raw.len );
+        cur->peer_cert.len = session->peer_cert->raw.len;
+
+        cur->session.peer_cert = NULL;
+    }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+    ret = 0;
+
+exit:
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
+        ret = 1;
+#endif
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_HAVE_TIME)
+void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
+{
+    if( timeout < 0 ) timeout = 0;
+
+    cache->timeout = timeout;
+}
+#endif /* MBEDTLS_HAVE_TIME */
+
+void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
+{
+    if( max < 0 ) max = 0;
+
+    cache->max_entries = max;
+}
+
+void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
+{
+    mbedtls_ssl_cache_entry *cur, *prv;
+
+    cur = cache->chain;
+
+    while( cur != NULL )
+    {
+        prv = cur;
+        cur = cur->next;
+
+        mbedtls_ssl_session_free( &prv->session );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+        mbedtls_free( prv->peer_cert.p );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+        mbedtls_free( prv );
+    }
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_free( &cache->mutex );
+#endif
+}
+
+#endif /* MBEDTLS_SSL_CACHE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ssl_ciphersuites.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1852 @@
+/**
+ * \file ssl_ciphersuites.c
+ *
+ * \brief SSL ciphersuites for mbed TLS
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C)
+
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/ssl.h"
+
+// #include <stdlib.h>
+#include <string.h>
+
+/*
+ * Ordered from most preferred to least preferred in terms of security.
+ *
+ * Current rule (except rc4, weak and null which come last):
+ * 1. By key exchange:
+ *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
+ * 2. By key length and cipher:
+ *    AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
+ * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
+ * 4. By hash function used when relevant
+ * 5. By key exchange/auth again: EC > non-EC
+ */
+static const int ciphersuite_preference[] =
+{
+#if defined(MBEDTLS_SSL_CIPHERSUITES)
+    MBEDTLS_SSL_CIPHERSUITES,
+#else
+    /* All AES-256 ephemeral suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
+
+    /* All CAMELLIA-256 ephemeral suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+
+    /* All AES-128 ephemeral suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
+
+    /* All CAMELLIA-128 ephemeral suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+
+    /* All remaining >= 128-bit ephemeral suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+
+    /* The PSK ephemeral suites */
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
+
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
+
+    MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+
+    /* The ECJPAKE suite */
+    MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
+
+    /* All AES-256 suites */
+    MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
+    MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
+    MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
+
+    /* All CAMELLIA-256 suites */
+    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+
+    /* All AES-128 suites */
+    MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
+    MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
+
+    /* All CAMELLIA-128 suites */
+    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+
+    /* All remaining >= 128-bit suites */
+    MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+
+    /* The RSA PSK suites */
+    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+
+    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+
+    MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+
+    /* The PSK suites */
+    MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
+    MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
+    MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
+    MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
+    MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+    MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+    MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
+
+    MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
+    MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
+    MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
+    MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+    MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+    MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
+
+    MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
+
+    /* RC4 suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA,
+    MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA,
+    MBEDTLS_TLS_RSA_WITH_RC4_128_SHA,
+    MBEDTLS_TLS_RSA_WITH_RC4_128_MD5,
+    MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+    MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA,
+    MBEDTLS_TLS_PSK_WITH_RC4_128_SHA,
+
+    /* Weak suites */
+    MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA,
+    MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA,
+
+    /* NULL suites */
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+    MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
+    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
+    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
+    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
+    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
+
+    MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
+    MBEDTLS_TLS_RSA_WITH_NULL_SHA,
+    MBEDTLS_TLS_RSA_WITH_NULL_MD5,
+    MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
+    MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
+    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
+    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
+    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
+    MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
+    MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
+    MBEDTLS_TLS_PSK_WITH_NULL_SHA,
+
+#endif /* MBEDTLS_SSL_CIPHERSUITES */
+    0
+};
+
+static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
+{
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SHA512_C */
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+#endif /* MBEDTLS_CCM_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+#endif /* MBEDTLS_CCM_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+    { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+#endif /* MBEDTLS_CCM_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_MD5_C)
+    { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif
+#endif /* MBEDTLS_ARC4_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_GCM_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_ARC4_C */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+    { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+#endif /* MBEDTLS_CCM_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_ARC4_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
+      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+#endif /* MBEDTLS_CCM_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_ARC4_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if defined(MBEDTLS_AES_C)
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_ARC4_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
+      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
+      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
+      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+
+    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
+      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
+      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
+      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
+      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
+      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_NODTLS },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_ARC4_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CCM_C)
+    { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
+      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_SHORT_TAG },
+#endif /* MBEDTLS_CCM_C */
+#endif /* MBEDTLS_AES_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+#if defined(MBEDTLS_MD5_C)
+    { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA256_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
+      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+      MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+#if defined(MBEDTLS_SHA1_C)
+    { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
+      MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_CIPHERSUITE_WEAK },
+#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_DES_C */
+#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
+
+    { 0, "",
+      MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
+      0, 0, 0, 0, 0 }
+};
+
+#if defined(MBEDTLS_SSL_CIPHERSUITES)
+const int *mbedtls_ssl_list_ciphersuites( void )
+{
+    return( ciphersuite_preference );
+}
+#else
+#define MAX_CIPHERSUITES    sizeof( ciphersuite_definitions     ) /         \
+                            sizeof( ciphersuite_definitions[0]  )
+static int supported_ciphersuites[MAX_CIPHERSUITES];
+static int supported_init = 0;
+
+const int *mbedtls_ssl_list_ciphersuites( void )
+{
+    /*
+     * On initial call filter out all ciphersuites not supported by current
+     * build based on presence in the ciphersuite_definitions.
+     */
+    if( supported_init == 0 )
+    {
+        const int *p;
+        int *q;
+
+        for( p = ciphersuite_preference, q = supported_ciphersuites;
+             *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
+             p++ )
+        {
+#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
+            const mbedtls_ssl_ciphersuite_t *cs_info;
+            if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
+                cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 )
+#else
+            if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL )
+#endif
+                *(q++) = *p;
+        }
+        *q = 0;
+
+        supported_init = 1;
+    }
+
+    return( supported_ciphersuites );
+}
+#endif /* MBEDTLS_SSL_CIPHERSUITES */
+
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
+                                                const char *ciphersuite_name )
+{
+    const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
+
+    if( NULL == ciphersuite_name )
+        return( NULL );
+
+    while( cur->id != 0 )
+    {
+        if( 0 == strcmp( cur->name, ciphersuite_name ) )
+            return( cur );
+
+        cur++;
+    }
+
+    return( NULL );
+}
+
+const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite )
+{
+    const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
+
+    while( cur->id != 0 )
+    {
+        if( cur->id == ciphersuite )
+            return( cur );
+
+        cur++;
+    }
+
+    return( NULL );
+}
+
+const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id )
+{
+    const mbedtls_ssl_ciphersuite_t *cur;
+
+    cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
+
+    if( cur == NULL )
+        return( "unknown" );
+
+    return( cur->name );
+}
+
+int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name )
+{
+    const mbedtls_ssl_ciphersuite_t *cur;
+
+    cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name );
+
+    if( cur == NULL )
+        return( 0 );
+
+    return( cur->id );
+}
+
+#if defined(MBEDTLS_PK_C)
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
+{
+    switch( info->key_exchange )
+    {
+        case MBEDTLS_KEY_EXCHANGE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+            return( MBEDTLS_PK_RSA );
+
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+            return( MBEDTLS_PK_ECDSA );
+
+        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+            return( MBEDTLS_PK_ECKEY );
+
+        default:
+            return( MBEDTLS_PK_NONE );
+    }
+}
+#endif /* MBEDTLS_PK_C */
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
+{
+    switch( info->key_exchange )
+    {
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+            return( 1 );
+
+        default:
+            return( 0 );
+    }
+}
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
+{
+    switch( info->key_exchange )
+    {
+        case MBEDTLS_KEY_EXCHANGE_PSK:
+        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+            return( 1 );
+
+        default:
+            return( 0 );
+    }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#endif /* MBEDTLS_SSL_TLS_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ssl_cli.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,3390 @@
+/*
+ *  SSLv3/TLSv1 client-side functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SSL_CLI_C)
+
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_internal.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#include <stdint.h>
+
+#if defined(MBEDTLS_HAVE_TIME)
+#include <time.h>
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+                                    unsigned char *buf,
+                                    size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t hostname_len;
+
+    *olen = 0;
+
+    if( ssl->hostname == NULL )
+        return;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
+                   ssl->hostname ) );
+
+    hostname_len = strlen( ssl->hostname );
+
+    if( end < p || (size_t)( end - p ) < hostname_len + 9 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    /*
+     * struct {
+     *     NameType name_type;
+     *     select (name_type) {
+     *         case host_name: HostName;
+     *     } name;
+     * } ServerName;
+     *
+     * enum {
+     *     host_name(0), (255)
+     * } NameType;
+     *
+     * opaque HostName<1..2^16-1>;
+     *
+     * struct {
+     *     ServerName server_name_list<1..2^16-1>
+     * } ServerNameList;
+     */
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME      ) & 0xFF );
+
+    *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( (hostname_len + 5)      ) & 0xFF );
+
+    *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( (hostname_len + 3)      ) & 0xFF );
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
+    *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( hostname_len      ) & 0xFF );
+
+    memcpy( p, ssl->hostname, hostname_len );
+
+    *olen = hostname_len + 9;
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
+                                         unsigned char *buf,
+                                         size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
+
+    if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+        return;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    /*
+     * Secure renegotiation
+     */
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
+    *p++ = ssl->verify_data_len & 0xFF;
+
+    memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+
+    *olen = 5 + ssl->verify_data_len;
+}
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/*
+ * Only if we handle at least one key exchange that needs signatures.
+ */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
+                                                unsigned char *buf,
+                                                size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t sig_alg_len = 0;
+    const int *md;
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
+    unsigned char *sig_alg_list = buf + 6;
+#endif
+
+    *olen = 0;
+
+    if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
+        return;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
+
+    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
+    {
+#if defined(MBEDTLS_ECDSA_C)
+        sig_alg_len += 2;
+#endif
+#if defined(MBEDTLS_RSA_C)
+        sig_alg_len += 2;
+#endif
+    }
+
+    if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    /*
+     * Prepare signature_algorithms extension (TLS 1.2)
+     */
+    sig_alg_len = 0;
+
+    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
+    {
+#if defined(MBEDTLS_ECDSA_C)
+        sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
+        sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
+#endif
+#if defined(MBEDTLS_RSA_C)
+        sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
+        sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
+#endif
+    }
+
+    /*
+     * enum {
+     *     none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
+     *     sha512(6), (255)
+     * } HashAlgorithm;
+     *
+     * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
+     *   SignatureAlgorithm;
+     *
+     * struct {
+     *     HashAlgorithm hash;
+     *     SignatureAlgorithm signature;
+     * } SignatureAndHashAlgorithm;
+     *
+     * SignatureAndHashAlgorithm
+     *   supported_signature_algorithms<2..2^16-2>;
+     */
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG      ) & 0xFF );
+
+    *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( ( sig_alg_len + 2 )      ) & 0xFF );
+
+    *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( sig_alg_len      ) & 0xFF );
+
+    *olen = 6 + sig_alg_len;
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
+          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
+                                                     unsigned char *buf,
+                                                     size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    unsigned char *elliptic_curve_list = p + 6;
+    size_t elliptic_curve_len = 0;
+    const mbedtls_ecp_curve_info *info;
+#if defined(MBEDTLS_ECP_C)
+    const mbedtls_ecp_group_id *grp_id;
+#else
+    ((void) ssl);
+#endif
+
+    *olen = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
+
+#if defined(MBEDTLS_ECP_C)
+    for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
+    {
+        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+#else
+    for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
+    {
+#endif
+        elliptic_curve_len += 2;
+    }
+
+    if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    elliptic_curve_len = 0;
+
+#if defined(MBEDTLS_ECP_C)
+    for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
+    {
+        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
+#else
+    for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
+    {
+#endif
+
+        elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
+        elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
+    }
+
+    if( elliptic_curve_len == 0 )
+        return;
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES      ) & 0xFF );
+
+    *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 )      ) & 0xFF );
+
+    *p++ = (unsigned char)( ( ( elliptic_curve_len     ) >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( ( elliptic_curve_len     )      ) & 0xFF );
+
+    *olen = 6 + elliptic_curve_len;
+}
+
+static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
+                                                   unsigned char *buf,
+                                                   size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 6 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 2;
+
+    *p++ = 1;
+    *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
+
+    *olen = 6;
+}
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || 
+          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
+                                        unsigned char *buf,
+                                        size_t *olen )
+{
+    int ret;
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t kkpp_len;
+
+    *olen = 0;
+
+    /* Skip costly extension if we can't use EC J-PAKE anyway */
+    if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+        return;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) );
+
+    if( end - p < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP      ) & 0xFF );
+
+    /*
+     * We may need to send ClientHello multiple times for Hello verification.
+     * We don't want to compute fresh values every time (both for performance
+     * and consistency reasons), so cache the extension content.
+     */
+    if( ssl->handshake->ecjpake_cache == NULL ||
+        ssl->handshake->ecjpake_cache_len == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
+
+        ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
+                                        p + 2, end - p - 2, &kkpp_len,
+                                        ssl->conf->f_rng, ssl->conf->p_rng );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
+            return;
+        }
+
+        ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
+        if( ssl->handshake->ecjpake_cache == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) );
+            return;
+        }
+
+        memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
+        ssl->handshake->ecjpake_cache_len = kkpp_len;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) );
+
+        kkpp_len = ssl->handshake->ecjpake_cache_len;
+
+        if( (size_t)( end - p - 2 ) < kkpp_len )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+            return;
+        }
+
+        memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
+    }
+
+    *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( kkpp_len      ) & 0xFF );
+
+    *olen = kkpp_len + 4;
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
+                                               unsigned char *buf,
+                                               size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
+
+    if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 5 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 1;
+
+    *p++ = ssl->conf->mfl_code;
+
+    *olen = 5;
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
+                                          unsigned char *buf, size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
+
+    if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
+    {
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 0x00;
+
+    *olen = 4;
+}
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
+                                       unsigned char *buf, size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
+
+    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
+        ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac "
+                        "extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 0x00;
+
+    *olen = 4;
+}
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
+                                       unsigned char *buf, size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    *olen = 0;
+
+    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+        ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret "
+                        "extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 0x00;
+
+    *olen = 4;
+}
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
+                                          unsigned char *buf, size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t tlen = ssl->session_negotiate->ticket_len;
+
+    *olen = 0;
+
+    if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
+    {
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
+
+    if( end < p || (size_t)( end - p ) < 4 + tlen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET      ) & 0xFF );
+
+    *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( tlen      ) & 0xFF );
+
+    *olen = 4;
+
+    if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
+    {
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) );
+
+    memcpy( p, ssl->session_negotiate->ticket, tlen );
+
+    *olen += tlen;
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
+                                unsigned char *buf, size_t *olen )
+{
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t alpnlen = 0;
+    const char **cur;
+
+    *olen = 0;
+
+    if( ssl->conf->alpn_list == NULL )
+    {
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
+
+    for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
+        alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
+
+    if( end < p || (size_t)( end - p ) < 6 + alpnlen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN      ) & 0xFF );
+
+    /*
+     * opaque ProtocolName<1..2^8-1>;
+     *
+     * struct {
+     *     ProtocolName protocol_name_list<2..2^16-1>
+     * } ProtocolNameList;
+     */
+
+    /* Skip writing extension and list length for now */
+    p += 4;
+
+    for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
+    {
+        *p = (unsigned char)( strlen( *cur ) & 0xFF );
+        memcpy( p + 1, *cur, *p );
+        p += 1 + *p;
+    }
+
+    *olen = p - buf;
+
+    /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
+    buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
+    buf[5] = (unsigned char)( ( ( *olen - 6 )      ) & 0xFF );
+
+    /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
+    buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
+    buf[3] = (unsigned char)( ( ( *olen - 4 )      ) & 0xFF );
+}
+#endif /* MBEDTLS_SSL_ALPN */
+
+/*
+ * Generate random bytes for ClientHello
+ */
+static int ssl_generate_random( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *p = ssl->handshake->randbytes;
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t t;
+#endif
+
+    /*
+     * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
+     */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->verify_cookie != NULL )
+    {
+        return( 0 );
+    }
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME)
+    t = time( NULL );
+    *p++ = (unsigned char)( t >> 24 );
+    *p++ = (unsigned char)( t >> 16 );
+    *p++ = (unsigned char)( t >>  8 );
+    *p++ = (unsigned char)( t       );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
+#else
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
+        return( ret );
+
+    p += 4;
+#endif /* MBEDTLS_HAVE_TIME */
+
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    size_t i, n, olen, ext_len = 0;
+    unsigned char *buf;
+    unsigned char *p, *q;
+    unsigned char offer_compress;
+    const int *ciphersuites;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
+
+    if( ssl->conf->f_rng == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+        return( MBEDTLS_ERR_SSL_NO_RNG );
+    }
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+#endif
+    {
+        ssl->major_ver = ssl->conf->min_major_ver;
+        ssl->minor_ver = ssl->conf->min_minor_ver;
+    }
+
+    if( ssl->conf->max_major_ver == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, "
+                            "consider using mbedtls_ssl_config_defaults()" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    /*
+     *     0  .   0   handshake type
+     *     1  .   3   handshake length
+     *     4  .   5   highest version supported
+     *     6  .   9   current UNIX time
+     *    10  .  37   random bytes
+     */
+    buf = ssl->out_msg;
+    p = buf + 4;
+
+    mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
+                       ssl->conf->transport, p );
+    p += 2;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
+                   buf[4], buf[5] ) );
+
+    if( ( ret = ssl_generate_random( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
+        return( ret );
+    }
+
+    memcpy( p, ssl->handshake->randbytes, 32 );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 );
+    p += 32;
+
+    /*
+     *    38  .  38   session id length
+     *    39  . 39+n  session id
+     *   39+n . 39+n  DTLS only: cookie length (1 byte)
+     *   40+n .  ..   DTSL only: cookie
+     *   ..   . ..    ciphersuitelist length (2 bytes)
+     *   ..   . ..    ciphersuitelist
+     *   ..   . ..    compression methods length (1 byte)
+     *   ..   . ..    compression methods
+     *   ..   . ..    extensions length (2 bytes)
+     *   ..   . ..    extensions
+     */
+    n = ssl->session_negotiate->id_len;
+
+    if( n < 16 || n > 32 ||
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+        ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
+#endif
+        ssl->handshake->resume == 0 )
+    {
+        n = 0;
+    }
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    /*
+     * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
+     * generate and include a Session ID in the TLS ClientHello."
+     */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+#endif
+    {
+        if( ssl->session_negotiate->ticket != NULL &&
+                ssl->session_negotiate->ticket_len != 0 )
+        {
+            ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
+
+            if( ret != 0 )
+                return( ret );
+
+            ssl->session_negotiate->id_len = n = 32;
+        }
+    }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+    *p++ = (unsigned char) n;
+
+    for( i = 0; i < n; i++ )
+        *p++ = ssl->session_negotiate->id[i];
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
+    MBEDTLS_SSL_DEBUG_BUF( 3,   "client hello, session id", buf + 39, n );
+
+    /*
+     * DTLS cookie
+     */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        if( ssl->handshake->verify_cookie == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
+            *p++ = 0;
+        }
+        else
+        {
+            MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
+                              ssl->handshake->verify_cookie,
+                              ssl->handshake->verify_cookie_len );
+
+            *p++ = ssl->handshake->verify_cookie_len;
+            memcpy( p, ssl->handshake->verify_cookie,
+                       ssl->handshake->verify_cookie_len );
+            p += ssl->handshake->verify_cookie_len;
+        }
+    }
+#endif
+
+    /*
+     * Ciphersuite list
+     */
+    ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
+
+    /* Skip writing ciphersuite length for now */
+    n = 0;
+    q = p;
+    p += 2;
+
+    for( i = 0; ciphersuites[i] != 0; i++ )
+    {
+        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
+
+        if( ciphersuite_info == NULL )
+            continue;
+
+        if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
+            ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
+            continue;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+            ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
+            continue;
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+        if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
+            ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+            continue;
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+            mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+            continue;
+#endif
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
+                                    ciphersuites[i] ) );
+
+        n++;
+        *p++ = (unsigned char)( ciphersuites[i] >> 8 );
+        *p++ = (unsigned char)( ciphersuites[i]      );
+    }
+
+    /*
+     * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+     */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+#endif
+    {
+        *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
+        *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO      );
+        n++;
+    }
+
+    /* Some versions of OpenSSL don't handle it correctly if not at end */
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
+    if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
+        *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
+        *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE      );
+        n++;
+    }
+#endif
+
+    *q++ = (unsigned char)( n >> 7 );
+    *q++ = (unsigned char)( n << 1 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    offer_compress = 1;
+#else
+    offer_compress = 0;
+#endif
+
+    /*
+     * We don't support compression with DTLS right now: is many records come
+     * in the same datagram, uncompressing one could overwrite the next one.
+     * We don't want to add complexity for handling that case unless there is
+     * an actual need for it.
+     */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        offer_compress = 0;
+#endif
+
+    if( offer_compress )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
+                            MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) );
+
+        *p++ = 2;
+        *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE;
+        *p++ = MBEDTLS_SSL_COMPRESS_NULL;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d",
+                            MBEDTLS_SSL_COMPRESS_NULL ) );
+
+        *p++ = 1;
+        *p++ = MBEDTLS_SSL_COMPRESS_NULL;
+    }
+
+    // First write extensions, then the total length
+    //
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+    ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+
+    ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+    /* olen unused if all extensions are disabled */
+    ((void) olen);
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
+                   ext_len ) );
+
+    if( ext_len > 0 )
+    {
+        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+        p += ext_len;
+    }
+
+    ssl->out_msglen  = p - buf;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_HELLO;
+
+    ssl->state++;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        mbedtls_ssl_send_flight_completed( ssl );
+#endif
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
+
+    return( 0 );
+}
+
+static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         size_t len )
+{
+    int ret;
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    {
+        /* Check verify-data in constant-time. The length OTOH is no secret */
+        if( len    != 1 + ssl->verify_data_len * 2 ||
+            buf[0] !=     ssl->verify_data_len * 2 ||
+            mbedtls_ssl_safer_memcmp( buf + 1,
+                          ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
+            mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len,
+                          ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
+
+            if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                return( ret );
+
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+        }
+    }
+    else
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+    {
+        if( len != 1 || buf[0] != 0x00 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
+
+            if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                return( ret );
+
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+        }
+
+        ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
+    }
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              size_t len )
+{
+    /*
+     * server should use the extension only if we did,
+     * and if so the server's value should match ours (and len is always 1)
+     */
+    if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
+        len != 1 ||
+        buf[0] != ssl->conf->mfl_code )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         size_t len )
+{
+    if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
+        len != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    ((void) buf);
+
+    ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         size_t len )
+{
+    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
+        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
+        len != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    ((void) buf);
+
+    ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         size_t len )
+{
+    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
+        len != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    ((void) buf);
+
+    ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         size_t len )
+{
+    if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
+        len != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    ((void) buf);
+
+    ssl->handshake->new_session_ticket = 1;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
+                                                  const unsigned char *buf,
+                                                  size_t len )
+{
+    size_t list_size;
+    const unsigned char *p;
+
+    list_size = buf[0];
+    if( list_size + 1 != len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    p = buf + 1;
+    while( list_size > 0 )
+    {
+        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
+        {
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+            ssl->handshake->ecdh_ctx.point_format = p[0];
+#endif            
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+            ssl->handshake->ecjpake_ctx.point_format = p[0];
+#endif
+            MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
+            return( 0 );
+        }
+
+        list_size--;
+        p++;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
+    return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+}
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || 
+          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
+                                   const unsigned char *buf,
+                                   size_t len )
+{
+    int ret;
+
+    if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
+        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
+        return( 0 );
+    }
+
+    /* If we got here, we no longer need our cached extension */
+    mbedtls_free( ssl->handshake->ecjpake_cache );
+    ssl->handshake->ecjpake_cache = NULL;
+    ssl->handshake->ecjpake_cache_len = 0;
+
+    if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
+                                                buf, len ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_ALPN)
+static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
+                               const unsigned char *buf, size_t len )
+{
+    size_t list_len, name_len;
+    const char **p;
+
+    /* If we didn't send it, the server shouldn't send it */
+    if( ssl->conf->alpn_list == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+
+    /*
+     * opaque ProtocolName<1..2^8-1>;
+     *
+     * struct {
+     *     ProtocolName protocol_name_list<2..2^16-1>
+     * } ProtocolNameList;
+     *
+     * the "ProtocolNameList" MUST contain exactly one "ProtocolName"
+     */
+
+    /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
+    if( len < 4 )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+
+    list_len = ( buf[0] << 8 ) | buf[1];
+    if( list_len != len - 2 )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+
+    name_len = buf[2];
+    if( name_len != list_len - 1 )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+
+    /* Check that the server chosen protocol was in our list and save it */
+    for( p = ssl->conf->alpn_list; *p != NULL; p++ )
+    {
+        if( name_len == strlen( *p ) &&
+            memcmp( buf + 3, *p, name_len ) == 0 )
+        {
+            ssl->alpn_chosen = *p;
+            return( 0 );
+        }
+    }
+
+    return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+}
+#endif /* MBEDTLS_SSL_ALPN */
+
+/*
+ * Parse HelloVerifyRequest.  Only called after verifying the HS type.
+ */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
+{
+    const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+    int major_ver, minor_ver;
+    unsigned char cookie_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
+
+    /*
+     * struct {
+     *   ProtocolVersion server_version;
+     *   opaque cookie<0..2^8-1>;
+     * } HelloVerifyRequest;
+     */
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
+    mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
+    p += 2;
+
+    /*
+     * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
+     * even is lower than our min version.
+     */
+    if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
+        minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
+        major_ver > ssl->conf->max_major_ver  ||
+        minor_ver > ssl->conf->max_minor_ver  )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
+
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
+
+        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+    }
+
+    cookie_len = *p++;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
+
+    mbedtls_free( ssl->handshake->verify_cookie );
+
+    ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
+    if( ssl->handshake->verify_cookie  == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    memcpy( ssl->handshake->verify_cookie, p, cookie_len );
+    ssl->handshake->verify_cookie_len = cookie_len;
+
+    /* Start over at ClientHello */
+    ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+    mbedtls_ssl_reset_checksum( ssl );
+
+    mbedtls_ssl_recv_flight_completed( ssl );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
+{
+    int ret, i;
+    size_t n;
+    size_t ext_len;
+    unsigned char *buf, *ext;
+    unsigned char comp;
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    int accept_comp;
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    int renegotiation_info_seen = 0;
+#endif
+    int handshake_failure = 0;
+    const mbedtls_ssl_ciphersuite_t *suite_info;
+#if defined(MBEDTLS_DEBUG_C)
+    uint32_t t;
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
+
+    buf = ssl->in_msg;
+
+    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+        if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+        {
+            ssl->renego_records_seen++;
+
+            if( ssl->conf->renego_max_records >= 0 &&
+                ssl->renego_records_seen > ssl->conf->renego_max_records )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
+                                    "but not honored by server" ) );
+                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            }
+
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) );
+            return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
+        }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received hello verify request" ) );
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
+            return( ssl_parse_hello_verify_request( ssl ) );
+        }
+        else
+        {
+            /* We made it through the verification process */
+            mbedtls_free( ssl->handshake->verify_cookie );
+            ssl->handshake->verify_cookie = NULL;
+            ssl->handshake->verify_cookie_len = 0;
+        }
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+    if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) ||
+        buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    /*
+     *  0   .  1    server_version
+     *  2   . 33    random (maybe including 4 bytes of Unix time)
+     * 34   . 34    session_id length = n
+     * 35   . 34+n  session_id
+     * 35+n . 36+n  cipher_suite
+     * 37+n . 37+n  compression_method
+     *
+     * 38+n . 39+n  extensions length (optional)
+     * 40+n .  ..   extensions
+     */
+    buf += mbedtls_ssl_hs_hdr_len( ssl );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
+    mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
+                      ssl->conf->transport, buf + 0 );
+
+    if( ssl->major_ver < ssl->conf->min_major_ver ||
+        ssl->minor_ver < ssl->conf->min_minor_ver ||
+        ssl->major_ver > ssl->conf->max_major_ver ||
+        ssl->minor_ver > ssl->conf->max_minor_ver )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
+                            " min: [%d:%d], server: [%d:%d], max: [%d:%d]",
+                            ssl->conf->min_major_ver, ssl->conf->min_minor_ver,
+                            ssl->major_ver, ssl->minor_ver,
+                            ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
+
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
+
+        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+    }
+
+#if defined(MBEDTLS_DEBUG_C)
+    t = ( (uint32_t) buf[2] << 24 )
+      | ( (uint32_t) buf[3] << 16 )
+      | ( (uint32_t) buf[4] <<  8 )
+      | ( (uint32_t) buf[5]       );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
+#endif
+
+    memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
+
+    n = buf[34];
+
+    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, random bytes", buf + 2, 32 );
+
+    if( n > 32 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
+    {
+        ext_len = ( ( buf[38 + n] <<  8 )
+                  | ( buf[39 + n]       ) );
+
+        if( ( ext_len > 0 && ext_len < 4 ) ||
+            ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+        }
+    }
+    else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
+    {
+        ext_len = 0;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    /* ciphersuite (used later) */
+    i = ( buf[35 + n] << 8 ) | buf[36 + n];
+
+    /*
+     * Read and check compression
+     */
+    comp = buf[37 + n];
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    /* See comments in ssl_write_client_hello() */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        accept_comp = 0;
+    else
+#endif
+        accept_comp = 1;
+
+    if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
+        ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
+#else /* MBEDTLS_ZLIB_SUPPORT */
+    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
+#endif/* MBEDTLS_ZLIB_SUPPORT */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) );
+        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
+
+    /*
+     * Initialize update checksum functions
+     */
+    ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
+
+    if( ssl->transform_negotiate->ciphersuite_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
+    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 35, n );
+
+    /*
+     * Check if the session can be resumed
+     */
+    if( ssl->handshake->resume == 0 || n == 0 ||
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+        ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
+#endif
+        ssl->session_negotiate->ciphersuite != i ||
+        ssl->session_negotiate->compression != comp ||
+        ssl->session_negotiate->id_len != n ||
+        memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
+    {
+        ssl->state++;
+        ssl->handshake->resume = 0;
+#if defined(MBEDTLS_HAVE_TIME)
+        ssl->session_negotiate->start = time( NULL );
+#endif
+        ssl->session_negotiate->ciphersuite = i;
+        ssl->session_negotiate->compression = comp;
+        ssl->session_negotiate->id_len = n;
+        memcpy( ssl->session_negotiate->id, buf + 35, n );
+    }
+    else
+    {
+        ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
+
+        if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+            return( ret );
+        }
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
+                   ssl->handshake->resume ? "a" : "no" ) );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
+
+    suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
+    if( suite_info == NULL
+#if defined(MBEDTLS_ARC4_C)
+            || ( ssl->conf->arc4_disabled &&
+                suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+#endif
+        )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
+
+    i = 0;
+    while( 1 )
+    {
+        if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+        }
+
+        if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
+            ssl->session_negotiate->ciphersuite )
+        {
+            break;
+        }
+    }
+
+    if( comp != MBEDTLS_SSL_COMPRESS_NULL
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+        && comp != MBEDTLS_SSL_COMPRESS_DEFLATE
+#endif
+      )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+    ssl->session_negotiate->compression = comp;
+
+    ext = buf + 40 + n;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) );
+
+    while( ext_len )
+    {
+        unsigned int ext_id   = ( ( ext[0] <<  8 )
+                                | ( ext[1]       ) );
+        unsigned int ext_size = ( ( ext[2] <<  8 )
+                                | ( ext[3]       ) );
+
+        if( ext_size + 4 > ext_len )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+        }
+
+        switch( ext_id )
+        {
+        case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+            renegotiation_info_seen = 1;
+#endif
+
+            if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
+                                                      ext_size ) ) != 0 )
+                return( ret );
+
+            break;
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+        case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) );
+
+            if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
+                            ext + 4, ext_size ) ) != 0 )
+            {
+                return( ret );
+            }
+
+            break;
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+        case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
+
+            if( ( ret = ssl_parse_truncated_hmac_ext( ssl,
+                            ext + 4, ext_size ) ) != 0 )
+            {
+                return( ret );
+            }
+
+            break;
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+        case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
+
+            if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl,
+                            ext + 4, ext_size ) ) != 0 )
+            {
+                return( ret );
+            }
+
+            break;
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+        case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) );
+
+            if( ( ret = ssl_parse_extended_ms_ext( ssl,
+                            ext + 4, ext_size ) ) != 0 )
+            {
+                return( ret );
+            }
+
+            break;
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+        case MBEDTLS_TLS_EXT_SESSION_TICKET:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) );
+
+            if( ( ret = ssl_parse_session_ticket_ext( ssl,
+                            ext + 4, ext_size ) ) != 0 )
+            {
+                return( ret );
+            }
+
+            break;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+        case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
+
+            if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
+                            ext + 4, ext_size ) ) != 0 )
+            {
+                return( ret );
+            }
+
+            break;
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+        case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) );
+
+            if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
+                            ext + 4, ext_size ) ) != 0 )
+            {
+                return( ret );
+            }
+
+            break;
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_ALPN)
+        case MBEDTLS_TLS_EXT_ALPN:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+
+            if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 )
+                return( ret );
+
+            break;
+#endif /* MBEDTLS_SSL_ALPN */
+
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
+                           ext_id ) );
+        }
+
+        ext_len -= 4 + ext_size;
+        ext += 4 + ext_size;
+
+        if( ext_len > 0 && ext_len < 4 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+        }
+    }
+
+    /*
+     * Renegotiation security checks
+     */
+    if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+        ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+        handshake_failure = 1;
+    }
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+             ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
+             renegotiation_info_seen == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+        handshake_failure = 1;
+    }
+    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+             ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+        handshake_failure = 1;
+    }
+    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+             renegotiation_info_seen == 1 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+        handshake_failure = 1;
+    }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+    if( handshake_failure == 1 )
+    {
+        if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+            return( ret );
+
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p,
+                                       unsigned char *end )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+
+    /*
+     * Ephemeral DH parameters:
+     *
+     * struct {
+     *     opaque dh_p<1..2^16-1>;
+     *     opaque dh_g<1..2^16-1>;
+     *     opaque dh_Ys<1..2^16-1>;
+     * } ServerDHParams;
+     */
+    if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret );
+        return( ret );
+    }
+
+    if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
+                                    ssl->handshake->dhm_ctx.len * 8,
+                                    ssl->conf->dhm_min_bitlen ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
+
+    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P  );
+    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G  );
+    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
+
+    return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
+{
+    const mbedtls_ecp_curve_info *curve_info;
+
+    curve_info = mbedtls_ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
+    if( curve_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+
+#if defined(MBEDTLS_ECP_C)
+    if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 )
+#else
+    if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
+        ssl->handshake->ecdh_ctx.grp.nbits > 521 )
+#endif
+        return( -1 );
+
+    MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
+                                         unsigned char **p,
+                                         unsigned char *end )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+
+    /*
+     * Ephemeral ECDH parameters:
+     *
+     * struct {
+     *     ECParameters curve_params;
+     *     ECPoint      public;
+     * } ServerECDHParams;
+     */
+    if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx,
+                                  (const unsigned char **) p, end ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
+        return( ret );
+    }
+
+    if( ssl_check_server_ecdh_params( ssl ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
+
+    return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
+                                      unsigned char **p,
+                                      unsigned char *end )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    size_t  len;
+    ((void) ssl);
+
+    /*
+     * PSK parameters:
+     *
+     * opaque psk_identity_hint<0..2^16-1>;
+     */
+    len = (*p)[0] << 8 | (*p)[1];
+    *p += 2;
+
+    if( (*p) + len > end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (psk_identity_hint length)" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
+
+    // TODO: Retrieve PSK identity hint and callback to app
+    //
+    *p += len;
+    ret = 0;
+
+    return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                           \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+/*
+ * Generate a pre-master secret and encrypt it with the server's RSA key
+ */
+static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
+                                    size_t offset, size_t *olen,
+                                    size_t pms_offset )
+{
+    int ret;
+    size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
+    unsigned char *p = ssl->handshake->premaster + pms_offset;
+
+    if( offset + len_bytes > MBEDTLS_SSL_MAX_CONTENT_LEN )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    }
+
+    /*
+     * Generate (part of) the pre-master as
+     *  struct {
+     *      ProtocolVersion client_version;
+     *      opaque random[46];
+     *  } PreMasterSecret;
+     */
+    mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
+                       ssl->conf->transport, p );
+
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
+        return( ret );
+    }
+
+    ssl->handshake->pmslen = 48;
+
+    if( ssl->session_negotiate->peer_cert == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    /*
+     * Now write it out, encrypted
+     */
+    if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
+                MBEDTLS_PK_RSA ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
+        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    }
+
+    if( ( ret = mbedtls_pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
+                            p, ssl->handshake->pmslen,
+                            ssl->out_msg + offset + len_bytes, olen,
+                            MBEDTLS_SSL_MAX_CONTENT_LEN - offset - len_bytes,
+                            ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
+        return( ret );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( len_bytes == 2 )
+    {
+        ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
+        ssl->out_msg[offset+1] = (unsigned char)( *olen      );
+        *olen += 2;
+    }
+#endif
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
+                                          unsigned char **p,
+                                          unsigned char *end,
+                                          mbedtls_md_type_t *md_alg,
+                                          mbedtls_pk_type_t *pk_alg )
+{
+    ((void) ssl);
+    *md_alg = MBEDTLS_MD_NONE;
+    *pk_alg = MBEDTLS_PK_NONE;
+
+    /* Only in TLS 1.2 */
+    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        return( 0 );
+    }
+
+    if( (*p) + 2 > end )
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+
+    /*
+     * Get hash algorithm
+     */
+    if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used unsupported "
+                            "HashAlgorithm %d", *(p)[0] ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
+
+    /*
+     * Get signature algorithm
+     */
+    if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used unsupported "
+                            "SignatureAlgorithm %d", (*p)[1] ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
+
+    /*
+     * Check if the hash is acceptable
+     */
+    if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "server used HashAlgorithm "
+                                    "that was not offered" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) );
+    *p += 2;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    const mbedtls_ecp_keypair *peer_key;
+
+    if( ssl->session_negotiate->peer_cert == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
+                     MBEDTLS_PK_ECKEY ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
+        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    }
+
+    peer_key = mbedtls_pk_ec( ssl->session_negotiate->peer_cert->pk );
+
+    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
+                                 MBEDTLS_ECDH_THEIRS ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
+        return( ret );
+    }
+
+    if( ssl_check_server_ecdh_params( ssl ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+    }
+
+    return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+    unsigned char *p, *end;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
+        ssl->state++;
+        return( 0 );
+    }
+    ((void) p);
+    ((void) end);
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+    {
+        if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
+            return( ret );
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
+        ssl->state++;
+        return( 0 );
+    }
+    ((void) p);
+    ((void) end);
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    /*
+     * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
+     * doesn't use a psk_identity_hint
+     */
+    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
+    {
+        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+            ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+        {
+            ssl->record_read = 1;
+            goto exit;
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    p   = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+    end = ssl->in_msg + ssl->in_hslen;
+    MBEDTLS_SSL_DEBUG_BUF( 3,   "server key exchange", p, end - p );
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+    {
+        if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+        }
+    } /* FALLTROUGH */
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+        ; /* nothing more to do */
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
+    {
+        if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+    {
+        if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
+                                              p, end - p );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+    {
+        size_t sig_len, hashlen;
+        unsigned char hash[64];
+        mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
+        mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
+        unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+        size_t params_len = p - params;
+
+        /*
+         * Handle the digitally-signed structure
+         */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+        {
+            if( ssl_parse_signature_algorithm( ssl, &p, end,
+                                               &md_alg, &pk_alg ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+                return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+            }
+
+            if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+                return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+            }
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
+        {
+            pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+
+            /* Default hash for ECDSA is SHA-1 */
+            if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE )
+                md_alg = MBEDTLS_MD_SHA1;
+        }
+        else
+#endif
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        /*
+         * Read signature
+         */
+        sig_len = ( p[0] << 8 ) | p[1];
+        p += 2;
+
+        if( end != p + sig_len )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len );
+
+        /*
+         * Compute the hash that has been signed
+         */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+        if( md_alg == MBEDTLS_MD_NONE )
+        {
+            mbedtls_md5_context mbedtls_md5;
+            mbedtls_sha1_context mbedtls_sha1;
+
+            mbedtls_md5_init(  &mbedtls_md5  );
+            mbedtls_sha1_init( &mbedtls_sha1 );
+
+            hashlen = 36;
+
+            /*
+             * digitally-signed struct {
+             *     opaque md5_hash[16];
+             *     opaque sha_hash[20];
+             * };
+             *
+             * md5_hash
+             *     MD5(ClientHello.random + ServerHello.random
+             *                            + ServerParams);
+             * sha_hash
+             *     SHA(ClientHello.random + ServerHello.random
+             *                            + ServerParams);
+             */
+            mbedtls_md5_starts( &mbedtls_md5 );
+            mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 );
+            mbedtls_md5_update( &mbedtls_md5, params, params_len );
+            mbedtls_md5_finish( &mbedtls_md5, hash );
+
+            mbedtls_sha1_starts( &mbedtls_sha1 );
+            mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 );
+            mbedtls_sha1_update( &mbedtls_sha1, params, params_len );
+            mbedtls_sha1_finish( &mbedtls_sha1, hash + 16 );
+
+            mbedtls_md5_free(  &mbedtls_md5  );
+            mbedtls_sha1_free( &mbedtls_sha1 );
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
+          MBEDTLS_SSL_PROTO_TLS1_1 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( md_alg != MBEDTLS_MD_NONE )
+        {
+            mbedtls_md_context_t ctx;
+
+            mbedtls_md_init( &ctx );
+
+            /* Info from md_alg will be used instead */
+            hashlen = 0;
+
+            /*
+             * digitally-signed struct {
+             *     opaque client_random[32];
+             *     opaque server_random[32];
+             *     ServerDHParams params;
+             * };
+             */
+            if( ( ret = mbedtls_md_setup( &ctx,
+                                     mbedtls_md_info_from_type( md_alg ), 0 ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+                return( ret );
+            }
+
+            mbedtls_md_starts( &ctx );
+            mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 );
+            mbedtls_md_update( &ctx, params, params_len );
+            mbedtls_md_finish( &ctx, hash );
+            mbedtls_md_free( &ctx );
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
+          MBEDTLS_SSL_PROTO_TLS1_2 */
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
+            (unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );
+
+        if( ssl->session_negotiate->peer_cert == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        }
+
+        /*
+         * Verify signature
+         */
+        if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+            return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+        }
+
+        if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
+                               md_alg, hash, hashlen, p, sig_len ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
+            return( ret );
+        }
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+exit:
+    ssl->state++;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
+
+    return( 0 );
+}
+
+#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
+    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+#else
+static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *buf, *p;
+    size_t n = 0, m = 0;
+    size_t cert_type_len = 0, dn_len = 0;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    if( ssl->record_read == 0 )
+    {
+        if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+            return( ret );
+        }
+
+        if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        }
+
+        ssl->record_read = 1;
+    }
+
+    ssl->client_auth = 0;
+    ssl->state++;
+
+    if( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST )
+        ssl->client_auth++;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
+                        ssl->client_auth ? "a" : "no" ) );
+
+    if( ssl->client_auth == 0 )
+        goto exit;
+
+    ssl->record_read = 0;
+
+    // TODO: handshake_failure alert for an anonymous server to request
+    // client authentication
+
+    /*
+     *  struct {
+     *      ClientCertificateType certificate_types<1..2^8-1>;
+     *      SignatureAndHashAlgorithm
+     *        supported_signature_algorithms<2^16-1>; -- TLS 1.2 only
+     *      DistinguishedName certificate_authorities<0..2^16-1>;
+     *  } CertificateRequest;
+     */
+    buf = ssl->in_msg;
+
+    // Retrieve cert types
+    //
+    cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
+    n = cert_type_len;
+
+    if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+    }
+
+    p = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 1;
+    while( cert_type_len > 0 )
+    {
+#if defined(MBEDTLS_RSA_C)
+        if( *p == MBEDTLS_SSL_CERT_TYPE_RSA_SIGN &&
+            mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) )
+        {
+            ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
+            break;
+        }
+        else
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+        if( *p == MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN &&
+            mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
+        {
+            ssl->handshake->cert_type = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
+            break;
+        }
+        else
+#endif
+        {
+            ; /* Unsupported cert type, ignore */
+        }
+
+        cert_type_len--;
+        p++;
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        /* Ignored, see comments about hash in write_certificate_verify */
+        // TODO: should check the signature part against our pk_key though
+        size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
+                             | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]       ) );
+
+        m += 2;
+        n += sig_alg_len;
+
+        if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+        }
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+    /* Ignore certificate_authorities, we only have one cert anyway */
+    // TODO: should not send cert if no CA matches
+    dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + m + n] <<  8 )
+             | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + m + n]       ) );
+
+    n += dn_len;
+    if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + m + n )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
+    }
+
+exit:
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
+
+    return( 0 );
+}
+#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
+
+    if( ssl->record_read == 0 )
+    {
+        if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+            return( ret );
+        }
+
+        if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
+            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        }
+    }
+    ssl->record_read = 0;
+
+    if( ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) ||
+        ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE );
+    }
+
+    ssl->state++;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        mbedtls_ssl_recv_flight_completed( ssl );
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) );
+
+    return( 0 );
+}
+
+static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    size_t i, n;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
+    {
+        /*
+         * DHM key exchange -- send G^X mod P
+         */
+        n = ssl->handshake->dhm_ctx.len;
+
+        ssl->out_msg[4] = (unsigned char)( n >> 8 );
+        ssl->out_msg[5] = (unsigned char)( n      );
+        i = 6;
+
+        ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
+                                (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                               &ssl->out_msg[i], n,
+                                ssl->conf->f_rng, ssl->conf->p_rng );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
+            return( ret );
+        }
+
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X  );
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+
+        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
+                                      ssl->handshake->premaster,
+                                      MBEDTLS_PREMASTER_SIZE,
+                                     &ssl->handshake->pmslen,
+                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
+            return( ret );
+        }
+
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+    {
+        /*
+         * ECDH key exchange -- send client public value
+         */
+        i = 4;
+
+        ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
+                                &n,
+                                &ssl->out_msg[i], 1000,
+                                ssl->conf->f_rng, ssl->conf->p_rng );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
+            return( ret );
+        }
+
+        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+
+        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
+                                      &ssl->handshake->pmslen,
+                                       ssl->handshake->premaster,
+                                       MBEDTLS_MPI_MAX_SIZE,
+                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+            return( ret );
+        }
+
+        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+    {
+        /*
+         * opaque psk_identity<0..2^16-1>;
+         */
+        if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) );
+            return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+        }
+
+        i = 4;
+        n = ssl->conf->psk_identity_len;
+
+        if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
+                                        "SSL buffer too short" ) );
+            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        }
+
+        ssl->out_msg[i++] = (unsigned char)( n >> 8 );
+        ssl->out_msg[i++] = (unsigned char)( n      );
+
+        memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
+        i += ssl->conf->psk_identity_len;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
+        {
+            n = 0;
+        }
+        else
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+        {
+            if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
+                return( ret );
+        }
+        else
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
+        {
+            /*
+             * ClientDiffieHellmanPublic public (DHM send G^X mod P)
+             */
+            n = ssl->handshake->dhm_ctx.len;
+
+            if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
+                                            " or SSL buffer too short" ) );
+                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+            }
+
+            ssl->out_msg[i++] = (unsigned char)( n >> 8 );
+            ssl->out_msg[i++] = (unsigned char)( n      );
+
+            ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
+                    (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                    &ssl->out_msg[i], n,
+                    ssl->conf->f_rng, ssl->conf->p_rng );
+            if( ret != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
+                return( ret );
+            }
+        }
+        else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+        {
+            /*
+             * ClientECDiffieHellmanPublic public;
+             */
+            ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
+                    &ssl->out_msg[i], MBEDTLS_SSL_MAX_CONTENT_LEN - i,
+                    ssl->conf->f_rng, ssl->conf->p_rng );
+            if( ret != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
+                return( ret );
+            }
+
+            MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
+        }
+        else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
+                        ciphersuite_info->key_exchange ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
+            return( ret );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
+    {
+        i = 4;
+        if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
+            return( ret );
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        i = 4;
+
+        ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
+                ssl->out_msg + i, MBEDTLS_SSL_MAX_CONTENT_LEN - i, &n,
+                ssl->conf->f_rng, ssl->conf->p_rng );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
+            return( ret );
+        }
+
+        ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
+                ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
+                ssl->conf->f_rng, ssl->conf->p_rng );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
+            return( ret );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+    {
+        ((void) ciphersuite_info);
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    ssl->out_msglen  = i + n;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
+
+    ssl->state++;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
+
+    return( 0 );
+}
+
+#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
+    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+
+    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+        return( ret );
+    }
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+#else
+static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+    size_t n = 0, offset = 0;
+    unsigned char hash[48];
+    unsigned char *hash_start = hash;
+    mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
+    unsigned int hashlen;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
+
+    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+        return( ret );
+    }
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    if( mbedtls_ssl_own_key( ssl ) == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for certificate" ) );
+        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+    }
+
+    /*
+     * Make an RSA signature of the handshake digests
+     */
+    ssl->handshake->calc_verify( ssl, hash );
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        /*
+         * digitally-signed struct {
+         *     opaque md5_hash[16];
+         *     opaque sha_hash[20];
+         * };
+         *
+         * md5_hash
+         *     MD5(handshake_messages);
+         *
+         * sha_hash
+         *     SHA(handshake_messages);
+         */
+        hashlen = 36;
+        md_alg = MBEDTLS_MD_NONE;
+
+        /*
+         * For ECDSA, default hash is SHA-1 only
+         */
+        if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
+        {
+            hash_start += 16;
+            hashlen -= 16;
+            md_alg = MBEDTLS_MD_SHA1;
+        }
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
+          MBEDTLS_SSL_PROTO_TLS1_1 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        /*
+         * digitally-signed struct {
+         *     opaque handshake_messages[handshake_messages_length];
+         * };
+         *
+         * Taking shortcut here. We assume that the server always allows the
+         * PRF Hash function and has sent it in the allowed signature
+         * algorithms list received in the Certificate Request message.
+         *
+         * Until we encounter a server that does not, we will take this
+         * shortcut.
+         *
+         * Reason: Otherwise we should have running hashes for SHA512 and SHA224
+         *         in order to satisfy 'weird' needs from the server side.
+         */
+        if( ssl->transform_negotiate->ciphersuite_info->mac ==
+            MBEDTLS_MD_SHA384 )
+        {
+            md_alg = MBEDTLS_MD_SHA384;
+            ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
+        }
+        else
+        {
+            md_alg = MBEDTLS_MD_SHA256;
+            ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
+        }
+        ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
+
+        /* Info from md_alg will be used instead */
+        hashlen = 0;
+        offset = 2;
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash_start, hashlen,
+                         ssl->out_msg + 6 + offset, &n,
+                         ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
+        return( ret );
+    }
+
+    ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
+    ssl->out_msg[5 + offset] = (unsigned char)( n      );
+
+    ssl->out_msglen  = 6 + n + offset;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY;
+
+    ssl->state++;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
+
+    return( ret );
+}
+#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    uint32_t lifetime;
+    size_t ticket_len;
+    unsigned char *ticket;
+    const unsigned char *msg;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
+
+    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    /*
+     * struct {
+     *     uint32 ticket_lifetime_hint;
+     *     opaque ticket<0..2^16-1>;
+     * } NewSessionTicket;
+     *
+     * 0  .  3   ticket_lifetime_hint
+     * 4  .  5   ticket_len (n)
+     * 6  .  5+n ticket content
+     */
+    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
+        ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
+    }
+
+    msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+
+    lifetime = ( msg[0] << 24 ) | ( msg[1] << 16 ) |
+               ( msg[2] <<  8 ) | ( msg[3]       );
+
+    ticket_len = ( msg[4] << 8 ) | ( msg[5] );
+
+    if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
+
+    /* We're not waiting for a NewSessionTicket message any more */
+    ssl->handshake->new_session_ticket = 0;
+    ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
+
+    /*
+     * Zero-length ticket means the server changed his mind and doesn't want
+     * to send a ticket after all, so just forget it
+     */
+    if( ticket_len == 0 )
+        return( 0 );
+
+    mbedtls_zeroize( ssl->session_negotiate->ticket,
+                      ssl->session_negotiate->ticket_len );
+    mbedtls_free( ssl->session_negotiate->ticket );
+    ssl->session_negotiate->ticket = NULL;
+    ssl->session_negotiate->ticket_len = 0;
+
+    if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) );
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    memcpy( ticket, msg + 6, ticket_len );
+
+    ssl->session_negotiate->ticket = ticket;
+    ssl->session_negotiate->ticket_len = ticket_len;
+    ssl->session_negotiate->ticket_lifetime = lifetime;
+
+    /*
+     * RFC 5077 section 3.4:
+     * "If the client receives a session ticket from the server, then it
+     * discards any Session ID that was sent in the ServerHello."
+     */
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) );
+    ssl->session_negotiate->id_len = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+/*
+ * SSL handshake -- client side -- single step
+ */
+int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
+
+    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+        return( ret );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
+    {
+        if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+            return( ret );
+    }
+#endif
+
+    /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
+     * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
+        ssl->handshake->new_session_ticket != 0 )
+    {
+        ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET;
+    }
+#endif
+
+    switch( ssl->state )
+    {
+        case MBEDTLS_SSL_HELLO_REQUEST:
+            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+            break;
+
+       /*
+        *  ==>   ClientHello
+        */
+       case MBEDTLS_SSL_CLIENT_HELLO:
+           ret = ssl_write_client_hello( ssl );
+           break;
+
+       /*
+        *  <==   ServerHello
+        *        Certificate
+        *      ( ServerKeyExchange  )
+        *      ( CertificateRequest )
+        *        ServerHelloDone
+        */
+       case MBEDTLS_SSL_SERVER_HELLO:
+           ret = ssl_parse_server_hello( ssl );
+           break;
+
+       case MBEDTLS_SSL_SERVER_CERTIFICATE:
+           ret = mbedtls_ssl_parse_certificate( ssl );
+           break;
+
+       case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
+           ret = ssl_parse_server_key_exchange( ssl );
+           break;
+
+       case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+           ret = ssl_parse_certificate_request( ssl );
+           break;
+
+       case MBEDTLS_SSL_SERVER_HELLO_DONE:
+           ret = ssl_parse_server_hello_done( ssl );
+           break;
+
+       /*
+        *  ==> ( Certificate/Alert  )
+        *        ClientKeyExchange
+        *      ( CertificateVerify  )
+        *        ChangeCipherSpec
+        *        Finished
+        */
+       case MBEDTLS_SSL_CLIENT_CERTIFICATE:
+           ret = mbedtls_ssl_write_certificate( ssl );
+           break;
+
+       case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
+           ret = ssl_write_client_key_exchange( ssl );
+           break;
+
+       case MBEDTLS_SSL_CERTIFICATE_VERIFY:
+           ret = ssl_write_certificate_verify( ssl );
+           break;
+
+       case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
+           ret = mbedtls_ssl_write_change_cipher_spec( ssl );
+           break;
+
+       case MBEDTLS_SSL_CLIENT_FINISHED:
+           ret = mbedtls_ssl_write_finished( ssl );
+           break;
+
+       /*
+        *  <==   ( NewSessionTicket )
+        *        ChangeCipherSpec
+        *        Finished
+        */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+       case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
+           ret = ssl_parse_new_session_ticket( ssl );
+           break;
+#endif
+
+       case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
+           ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
+           break;
+
+       case MBEDTLS_SSL_SERVER_FINISHED:
+           ret = mbedtls_ssl_parse_finished( ssl );
+           break;
+
+       case MBEDTLS_SSL_FLUSH_BUFFERS:
+           MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
+           ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+           break;
+
+       case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
+           mbedtls_ssl_handshake_wrapup( ssl );
+           break;
+
+       default:
+           MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
+           return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+   }
+
+    return( ret );
+}
+#endif /* MBEDTLS_SSL_CLI_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ssl_cookie.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,260 @@
+/*
+ *  DTLS cookie callbacks implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * These session callbacks use a simple chained list
+ * to store and retrieve the session information.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SSL_COOKIE_C)
+
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl_internal.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#include <string.h>
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
+ * available. Try SHA-256 first, 512 wastes resources since we need to stay
+ * with max 32 bytes of cookie for DTLS 1.0
+ */
+#if defined(MBEDTLS_SHA256_C)
+#define COOKIE_MD           MBEDTLS_MD_SHA224
+#define COOKIE_MD_OUTLEN    32
+#define COOKIE_HMAC_LEN     28
+#elif defined(MBEDTLS_SHA512_C)
+#define COOKIE_MD           MBEDTLS_MD_SHA384
+#define COOKIE_MD_OUTLEN    48
+#define COOKIE_HMAC_LEN     28
+#elif defined(MBEDTLS_SHA1_C)
+#define COOKIE_MD           MBEDTLS_MD_SHA1
+#define COOKIE_MD_OUTLEN    20
+#define COOKIE_HMAC_LEN     20
+#else
+#error "DTLS hello verify needs SHA-1 or SHA-2"
+#endif
+
+/*
+ * Cookies are formed of a 4-bytes timestamp (or serial number) and
+ * an HMAC of timestemp and client ID.
+ */
+#define COOKIE_LEN      ( 4 + COOKIE_HMAC_LEN )
+
+void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
+{
+    mbedtls_md_init( &ctx->hmac_ctx );
+#if !defined(MBEDTLS_HAVE_TIME)
+    ctx->serial = 0;
+#endif
+    ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &ctx->mutex );
+#endif
+}
+
+void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
+{
+    ctx->timeout = delay;
+}
+
+void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
+{
+    mbedtls_md_free( &ctx->hmac_ctx );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &ctx->mutex );
+#endif
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
+}
+
+int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng )
+{
+    int ret;
+    unsigned char key[COOKIE_MD_OUTLEN];
+
+    if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
+        return( ret );
+
+    ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
+    if( ret != 0 )
+        return( ret );
+
+    ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
+    if( ret != 0 )
+        return( ret );
+
+    mbedtls_zeroize( key, sizeof( key ) );
+
+    return( 0 );
+}
+
+/*
+ * Generate the HMAC part of a cookie
+ */
+static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
+                            const unsigned char time[4],
+                            unsigned char **p, unsigned char *end,
+                            const unsigned char *cli_id, size_t cli_id_len )
+{
+    unsigned char hmac_out[COOKIE_MD_OUTLEN];
+
+    if( (size_t)( end - *p ) < COOKIE_HMAC_LEN )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    if( mbedtls_md_hmac_reset(  hmac_ctx ) != 0 ||
+        mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
+        mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
+        mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
+    *p += COOKIE_HMAC_LEN;
+
+    return( 0 );
+}
+
+/*
+ * Generate cookie for DTLS ClientHello verification
+ */
+int mbedtls_ssl_cookie_write( void *p_ctx,
+                      unsigned char **p, unsigned char *end,
+                      const unsigned char *cli_id, size_t cli_id_len )
+{
+    int ret;
+    mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
+    unsigned long t;
+
+    if( ctx == NULL || cli_id == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( (size_t)( end - *p ) < COOKIE_LEN )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+#if defined(MBEDTLS_HAVE_TIME)
+    t = (unsigned long) time( NULL );
+#else
+    t = ctx->serial++;
+#endif
+
+    (*p)[0] = (unsigned char)( t >> 24 );
+    (*p)[1] = (unsigned char)( t >> 16 );
+    (*p)[2] = (unsigned char)( t >>  8 );
+    (*p)[3] = (unsigned char)( t       );
+    *p += 4;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
+#endif
+
+    ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
+                           p, end, cli_id, cli_id_len );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
+                MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+/*
+ * Check a cookie
+ */
+int mbedtls_ssl_cookie_check( void *p_ctx,
+                      const unsigned char *cookie, size_t cookie_len,
+                      const unsigned char *cli_id, size_t cli_id_len )
+{
+    unsigned char ref_hmac[COOKIE_HMAC_LEN];
+    int ret = 0;
+    unsigned char *p = ref_hmac;
+    mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
+    unsigned long cur_time, cookie_time;
+
+    if( ctx == NULL || cli_id == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( cookie_len != COOKIE_LEN )
+        return( -1 );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
+#endif
+
+    if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
+                         &p, p + sizeof( ref_hmac ),
+                         cli_id, cli_id_len ) != 0 )
+        ret = -1;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
+                MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    if( ret != 0 )
+        return( ret );
+
+    if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
+        return( -1 );
+
+#if defined(MBEDTLS_HAVE_TIME)
+    cur_time = (unsigned long) time( NULL );
+#else
+    cur_time = ctx->serial;
+#endif
+
+    cookie_time = ( (unsigned long) cookie[0] << 24 ) |
+                  ( (unsigned long) cookie[1] << 16 ) |
+                  ( (unsigned long) cookie[2] <<  8 ) |
+                  ( (unsigned long) cookie[3]       );
+
+    if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
+        return( -1 );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_COOKIE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ssl_srv.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,3879 @@
+/*
+ *  SSLv3/TLSv1 server-side functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C)
+
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_internal.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_ECP_C)
+#include "mbedtls/ecp.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#if defined(MBEDTLS_HAVE_TIME)
+#include <time.h>
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
+                                 const unsigned char *info,
+                                 size_t ilen )
+{
+    if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    mbedtls_free( ssl->cli_id );
+
+    if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL )
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+    memcpy( ssl->cli_id, info, ilen );
+    ssl->cli_id_len = ilen;
+
+    return( 0 );
+}
+
+void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
+                           mbedtls_ssl_cookie_write_t *f_cookie_write,
+                           mbedtls_ssl_cookie_check_t *f_cookie_check,
+                           void *p_cookie )
+{
+    conf->f_cookie_write = f_cookie_write;
+    conf->f_cookie_check = f_cookie_check;
+    conf->p_cookie       = p_cookie;
+}
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
+                                     const unsigned char *buf,
+                                     size_t len )
+{
+    int ret;
+    size_t servername_list_size, hostname_len;
+    const unsigned char *p;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
+
+    servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
+    if( servername_list_size + 2 != len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    p = buf + 2;
+    while( servername_list_size > 0 )
+    {
+        hostname_len = ( ( p[1] << 8 ) | p[2] );
+        if( hostname_len + 3 > servername_list_size )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+
+        if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
+        {
+            ret = ssl->conf->f_sni( ssl->conf->p_sni,
+                                    ssl, p + 3, hostname_len );
+            if( ret != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
+                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                        MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+            }
+            return( 0 );
+        }
+
+        servername_list_size -= hostname_len + 3;
+        p += hostname_len + 3;
+    }
+
+    if( servername_list_size != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         size_t len )
+{
+    int ret;
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    {
+        /* Check verify-data in constant-time. The length OTOH is no secret */
+        if( len    != 1 + ssl->verify_data_len ||
+            buf[0] !=     ssl->verify_data_len ||
+            mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data,
+                          ssl->verify_data_len ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
+
+            if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                return( ret );
+
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+    }
+    else
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+    {
+        if( len != 1 || buf[0] != 0x0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
+
+            if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                return( ret );
+
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+
+        ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
+    }
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
+                                               const unsigned char *buf,
+                                               size_t len )
+{
+    size_t sig_alg_list_size;
+    const unsigned char *p;
+    const unsigned char *end = buf + len;
+    const int *md_cur;
+
+
+    sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
+    if( sig_alg_list_size + 2 != len ||
+        sig_alg_list_size % 2 != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    /*
+     * For now, ignore the SignatureAlgorithm part and rely on offered
+     * ciphersuites only for that part. To be fixed later.
+     *
+     * So, just look at the HashAlgorithm part.
+     */
+    for( md_cur = ssl->conf->sig_hashes; *md_cur != MBEDTLS_MD_NONE; md_cur++ ) {
+        for( p = buf + 2; p < end; p += 2 ) {
+            if( *md_cur == (int) mbedtls_ssl_md_alg_from_hash( p[0] ) ) {
+                ssl->handshake->sig_alg = p[0];
+                goto have_sig_alg;
+            }
+        }
+    }
+
+    /* Some key echanges do not need signatures at all */
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature_algorithm in common" ) );
+    return( 0 );
+
+have_sig_alg:
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
+                   ssl->handshake->sig_alg ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
+          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
+                                                const unsigned char *buf,
+                                                size_t len )
+{
+    size_t list_size, our_size;
+    const unsigned char *p;
+    const mbedtls_ecp_curve_info *curve_info, **curves;
+
+    list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
+    if( list_size + 2 != len ||
+        list_size % 2 != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    /* Should never happen unless client duplicates the extension */
+    if( ssl->handshake->curves != NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    /* Don't allow our peer to make us allocate too much memory,
+     * and leave room for a final 0 */
+    our_size = list_size / 2 + 1;
+    if( our_size > MBEDTLS_ECP_DP_MAX )
+        our_size = MBEDTLS_ECP_DP_MAX;
+
+    if( ( curves = mbedtls_calloc( our_size, sizeof( *curves ) ) ) == NULL )
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+    ssl->handshake->curves = curves;
+
+    p = buf + 2;
+    while( list_size > 0 && our_size > 1 )
+    {
+        curve_info = mbedtls_ecp_curve_info_from_tls_id( ( p[0] << 8 ) | p[1] );
+
+        if( curve_info != NULL )
+        {
+            *curves++ = curve_info;
+            our_size--;
+        }
+
+        list_size -= 2;
+        p += 2;
+    }
+
+    return( 0 );
+}
+
+static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              size_t len )
+{
+    size_t list_size;
+    const unsigned char *p;
+
+    list_size = buf[0];
+    if( list_size + 1 != len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    p = buf + 1;
+    while( list_size > 0 )
+    {
+        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
+            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
+        {
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+            ssl->handshake->ecdh_ctx.point_format = p[0];
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+            ssl->handshake->ecjpake_ctx.point_format = p[0];
+#endif
+            MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
+            return( 0 );
+        }
+
+        list_size--;
+        p++;
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
+                                   const unsigned char *buf,
+                                   size_t len )
+{
+    int ret;
+
+    if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
+        return( 0 );
+    }
+
+    if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
+                                                buf, len ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
+        return( ret );
+    }
+
+    /* Only mark the extension as OK when we're sure it is */
+    ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
+                                              const unsigned char *buf,
+                                              size_t len )
+{
+    if( len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    ssl->session_negotiate->mfl_code = buf[0];
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf,
+                                         size_t len )
+{
+    if( len != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    ((void) buf);
+
+    if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
+        ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
+                                      const unsigned char *buf,
+                                      size_t len )
+{
+    if( len != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    ((void) buf);
+
+    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
+        ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
+                                      const unsigned char *buf,
+                                      size_t len )
+{
+    if( len != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    ((void) buf);
+
+    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
+        ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
+                                         unsigned char *buf,
+                                         size_t len )
+{
+    int ret;
+    mbedtls_ssl_session session;
+
+    mbedtls_ssl_session_init( &session );
+
+    if( ssl->conf->f_ticket_parse == NULL ||
+        ssl->conf->f_ticket_write == NULL )
+    {
+        return( 0 );
+    }
+
+    /* Remember the client asked us to send a new ticket */
+    ssl->handshake->new_session_ticket = 1;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) );
+
+    if( len == 0 )
+        return( 0 );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+    /*
+     * Failures are ok: just ignore the ticket and proceed.
+     */
+    if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session,
+                                           buf, len ) ) != 0 )
+    {
+        mbedtls_ssl_session_free( &session );
+
+        if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) );
+        else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED )
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) );
+        else
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_parse", ret );
+
+        return( 0 );
+    }
+
+    /*
+     * Keep the session ID sent by the client, since we MUST send it back to
+     * inform them we're accepting the ticket  (RFC 5077 section 3.4)
+     */
+    session.id_len = ssl->session_negotiate->id_len;
+    memcpy( &session.id, ssl->session_negotiate->id, session.id_len );
+
+    mbedtls_ssl_session_free( ssl->session_negotiate );
+    memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
+
+    /* Zeroize instead of free as we copied the content */
+    mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
+
+    ssl->handshake->resume = 1;
+
+    /* Don't send a new ticket after all, this one is OK */
+    ssl->handshake->new_session_ticket = 0;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
+                               const unsigned char *buf, size_t len )
+{
+    size_t list_len, cur_len, ours_len;
+    const unsigned char *theirs, *start, *end;
+    const char **ours;
+
+    /* If ALPN not configured, just ignore the extension */
+    if( ssl->conf->alpn_list == NULL )
+        return( 0 );
+
+    /*
+     * opaque ProtocolName<1..2^8-1>;
+     *
+     * struct {
+     *     ProtocolName protocol_name_list<2..2^16-1>
+     * } ProtocolNameList;
+     */
+
+    /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
+    if( len < 4 )
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+
+    list_len = ( buf[0] << 8 ) | buf[1];
+    if( list_len != len - 2 )
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+
+    /*
+     * Use our order of preference
+     */
+    start = buf + 2;
+    end = buf + len;
+    for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ )
+    {
+        ours_len = strlen( *ours );
+        for( theirs = start; theirs != end; theirs += cur_len )
+        {
+            /* If the list is well formed, we should get equality first */
+            if( theirs > end )
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+
+            cur_len = *theirs++;
+
+            /* Empty strings MUST NOT be included */
+            if( cur_len == 0 )
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+
+            if( cur_len == ours_len &&
+                memcmp( theirs, *ours, cur_len ) == 0 )
+            {
+                ssl->alpn_chosen = *ours;
+                return( 0 );
+            }
+        }
+    }
+
+    /* If we get there, no match was found */
+    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                            MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL );
+    return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+}
+#endif /* MBEDTLS_SSL_ALPN */
+
+/*
+ * Auxiliary functions for ServerHello parsing and related actions
+ */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/*
+ * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
+ */
+#if defined(MBEDTLS_ECDSA_C)
+static int ssl_check_key_curve( mbedtls_pk_context *pk,
+                                const mbedtls_ecp_curve_info **curves )
+{
+    const mbedtls_ecp_curve_info **crv = curves;
+    mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id;
+
+    while( *crv != NULL )
+    {
+        if( (*crv)->grp_id == grp_id )
+            return( 0 );
+        crv++;
+    }
+
+    return( -1 );
+}
+#endif /* MBEDTLS_ECDSA_C */
+
+/*
+ * Try picking a certificate for this ciphersuite,
+ * return 0 on success and -1 on failure.
+ */
+static int ssl_pick_cert( mbedtls_ssl_context *ssl,
+                          const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
+{
+    mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
+    mbedtls_pk_type_t pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+    uint32_t flags;
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    if( ssl->handshake->sni_key_cert != NULL )
+        list = ssl->handshake->sni_key_cert;
+    else
+#endif
+        list = ssl->conf->key_cert;
+
+    if( pk_alg == MBEDTLS_PK_NONE )
+        return( 0 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
+
+    if( list == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "server has no certificate" ) );
+        return( -1 );
+    }
+
+    for( cur = list; cur != NULL; cur = cur->next )
+    {
+        MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
+                          cur->cert );
+
+        if( ! mbedtls_pk_can_do( cur->key, pk_alg ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
+            continue;
+        }
+
+        /*
+         * This avoids sending the client a cert it'll reject based on
+         * keyUsage or other extensions.
+         *
+         * It also allows the user to provision different certificates for
+         * different uses based on keyUsage, eg if they want to avoid signing
+         * and decrypting with the same RSA key.
+         */
+        if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info,
+                                  MBEDTLS_SSL_IS_SERVER, &flags ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
+                                "(extended) key usage extension" ) );
+            continue;
+        }
+
+#if defined(MBEDTLS_ECDSA_C)
+        if( pk_alg == MBEDTLS_PK_ECDSA &&
+            ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
+            continue;
+        }
+#endif
+
+        /*
+         * Try to select a SHA-1 certificate for pre-1.2 clients, but still
+         * present them a SHA-higher cert rather than failing if it's the only
+         * one we got that satisfies the other conditions.
+         */
+        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 &&
+            cur->cert->sig_md != MBEDTLS_MD_SHA1 )
+        {
+            if( fallback == NULL )
+                fallback = cur;
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
+                                    "sha-2 with pre-TLS 1.2 client" ) );
+            continue;
+            }
+        }
+
+        /* If we get there, we got a winner */
+        break;
+    }
+
+    if( cur == NULL )
+        cur = fallback;
+
+    /* Do not update ssl->handshake->key_cert unless there is a match */
+    if( cur != NULL )
+    {
+        ssl->handshake->key_cert = cur;
+        MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate chain, certificate",
+                          ssl->handshake->key_cert->cert );
+        return( 0 );
+    }
+
+    return( -1 );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+/*
+ * Check if a given ciphersuite is suitable for use with our config/keys/etc
+ * Sets ciphersuite_info only if the suite matches.
+ */
+static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
+                                  const mbedtls_ssl_ciphersuite_t **ciphersuite_info )
+{
+    const mbedtls_ssl_ciphersuite_t *suite_info;
+
+    suite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
+    if( suite_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", suite_info->name ) );
+
+    if( suite_info->min_minor_ver > ssl->minor_ver ||
+        suite_info->max_minor_ver < ssl->minor_ver )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
+        return( 0 );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
+        return( 0 );
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+    if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
+            suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
+        return( 0 );
+    }
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
+        ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake "
+                                    "not configured or ext missing" ) );
+        return( 0 );
+    }
+#endif
+
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+    if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) &&
+        ( ssl->handshake->curves == NULL ||
+          ssl->handshake->curves[0] == NULL ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
+                            "no common elliptic curve" ) );
+        return( 0 );
+    }
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    /* If the ciphersuite requires a pre-shared key and we don't
+     * have one, skip it now rather than failing later */
+    if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
+        ssl->conf->f_psk == NULL &&
+        ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
+          ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
+        return( 0 );
+    }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    /*
+     * Final check: if ciphersuite requires us to have a
+     * certificate/key of a particular type:
+     * - select the appropriate certificate if we have one, or
+     * - try the next ciphersuite if we don't
+     * This must be done last since we modify the key_cert list.
+     */
+    if( ssl_pick_cert( ssl, suite_info ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
+                            "no suitable certificate" ) );
+        return( 0 );
+    }
+#endif
+
+    *ciphersuite_info = suite_info;
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
+{
+    int ret, got_common_suite;
+    unsigned int i, j;
+    size_t n;
+    unsigned int ciph_len, sess_len, chal_len;
+    unsigned char *buf, *p;
+    const int *ciphersuites;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
+
+        if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+            return( ret );
+
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+    buf = ssl->in_hdr;
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, 5 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d",
+                   buf[2] ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d",
+                   ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]",
+                   buf[3], buf[4] ) );
+
+    /*
+     * SSLv2 Client Hello
+     *
+     * Record layer:
+     *     0  .   1   message length
+     *
+     * SSL layer:
+     *     2  .   2   message type
+     *     3  .   4   protocol version
+     */
+    if( buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO ||
+        buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
+
+    if( n < 17 || n > 512 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
+    ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
+                     ? buf[4]  : ssl->conf->max_minor_ver;
+
+    if( ssl->minor_ver < ssl->conf->min_minor_ver )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
+                            " [%d:%d] < [%d:%d]",
+                            ssl->major_ver, ssl->minor_ver,
+                            ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
+
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
+        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+    }
+
+    ssl->handshake->max_major_ver = buf[3];
+    ssl->handshake->max_minor_ver = buf[4];
+
+    if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+        return( ret );
+    }
+
+    ssl->handshake->update_checksum( ssl, buf + 2, n );
+
+    buf = ssl->in_msg;
+    n = ssl->in_left - 5;
+
+    /*
+     *    0  .   1   ciphersuitelist length
+     *    2  .   3   session id length
+     *    4  .   5   challenge length
+     *    6  .  ..   ciphersuitelist
+     *   ..  .  ..   session id
+     *   ..  .  ..   challenge
+     */
+    MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n );
+
+    ciph_len = ( buf[0] << 8 ) | buf[1];
+    sess_len = ( buf[2] << 8 ) | buf[3];
+    chal_len = ( buf[4] << 8 ) | buf[5];
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
+                   ciph_len, sess_len, chal_len ) );
+
+    /*
+     * Make sure each parameter length is valid
+     */
+    if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    if( sess_len > 32 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    if( chal_len < 8 || chal_len > 32 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    if( n != 6 + ciph_len + sess_len + chal_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
+                   buf + 6, ciph_len );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id",
+                   buf + 6 + ciph_len, sess_len );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, challenge",
+                   buf + 6 + ciph_len + sess_len, chal_len );
+
+    p = buf + 6 + ciph_len;
+    ssl->session_negotiate->id_len = sess_len;
+    memset( ssl->session_negotiate->id, 0,
+            sizeof( ssl->session_negotiate->id ) );
+    memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
+
+    p += sess_len;
+    memset( ssl->handshake->randbytes, 0, 64 );
+    memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
+
+    /*
+     * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+     */
+    for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
+    {
+        if( p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+            if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
+                                    "during renegotiation" ) );
+
+                if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                    return( ret );
+
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+            }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+            ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
+            break;
+        }
+    }
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
+    for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
+    {
+        if( p[0] == 0 &&
+            p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) &&
+            p[2] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE      ) & 0xff ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
+
+            if( ssl->minor_ver < ssl->conf->max_minor_ver )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
+
+                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                        MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
+
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+            }
+
+            break;
+        }
+    }
+#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
+
+    got_common_suite = 0;
+    ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
+    ciphersuite_info = NULL;
+#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
+    for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
+    {
+        for( i = 0; ciphersuites[i] != 0; i++ )
+#else
+    for( i = 0; ciphersuites[i] != 0; i++ )
+    {
+        for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
+#endif
+        {
+            if( p[0] != 0 ||
+                p[1] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
+                p[2] != ( ( ciphersuites[i]      ) & 0xFF ) )
+                continue;
+
+            got_common_suite = 1;
+
+            if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+                                               &ciphersuite_info ) ) != 0 )
+                return( ret );
+
+            if( ciphersuite_info != NULL )
+                goto have_ciphersuite_v2;
+        }
+    }
+
+    if( got_common_suite )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
+                            "but none of them usable" ) );
+        return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE );
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
+        return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
+    }
+
+have_ciphersuite_v2:
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+
+    ssl->session_negotiate->ciphersuite = ciphersuites[i];
+    ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
+    mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+
+    /*
+     * SSLv2 Client Hello relevant renegotiation security checks
+     */
+    if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+        ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+
+        if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+            return( ret );
+
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    ssl->in_left = 0;
+    ssl->state++;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello v2" ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
+
+static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
+{
+    int ret, got_common_suite;
+    size_t i, j;
+    size_t ciph_offset, comp_offset, ext_offset;
+    size_t msg_len, ciph_len, sess_len, comp_len, ext_len;
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    size_t cookie_offset, cookie_len;
+#endif
+    unsigned char *buf, *p, *ext;
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    int renegotiation_info_seen = 0;
+#endif
+    int handshake_failure = 0;
+    const int *ciphersuites;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+    int major, minor;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+read_record_header:
+#endif
+    /*
+     * If renegotiating, then the input was read with mbedtls_ssl_read_record(),
+     * otherwise read it ourselves manually in order to support SSLv2
+     * ClientHello, which doesn't use the same record layer format.
+     */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
+#endif
+    {
+        if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+            return( ret );
+        }
+    }
+
+    buf = ssl->in_hdr;
+
+#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+#endif
+        if( ( buf[0] & 0x80 ) != 0 )
+            return ssl_parse_client_hello_v2( ssl );
+#endif
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
+
+    /*
+     * SSLv3/TLS Client Hello
+     *
+     * Record layer:
+     *     0  .   0   message type
+     *     1  .   2   protocol version
+     *     3  .   11  DTLS: epoch + record sequence number
+     *     3  .   4   message length
+     */
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d",
+                   buf[0] ) );
+
+    if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d",
+                   ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
+                   buf[1], buf[2] ) );
+
+    mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
+
+    /* According to RFC 5246 Appendix E.1, the version here is typically
+     * "{03,00}, the lowest version number supported by the client, [or] the
+     * value of ClientHello.client_version", so the only meaningful check here
+     * is the major version shouldn't be less than 3 */
+    if( major < MBEDTLS_SSL_MAJOR_VERSION_3 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    /* For DTLS if this is the initial handshake, remember the client sequence
+     * number to use it in our next message (RFC 6347 4.2.1) */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+        && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
+#endif
+        )
+    {
+        /* Epoch should be 0 for initial handshakes */
+        if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+
+        memcpy( ssl->out_ctr + 2, ssl->in_ctr + 2, 6 );
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+        if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record, discarding" ) );
+            ssl->next_record_offset = 0;
+            ssl->in_left = 0;
+            goto read_record_header;
+        }
+
+        /* No MAC to check yet, so we can update right now */
+        mbedtls_ssl_dtls_replay_update( ssl );
+#endif
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+    msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    {
+        /* Set by mbedtls_ssl_read_record() */
+        msg_len = ssl->in_hslen;
+    }
+    else
+#endif
+    {
+        if( msg_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+
+        if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+            return( ret );
+        }
+
+    /* Done reading this record, get ready for the next one */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+            ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
+        else
+#endif
+            ssl->in_left = 0;
+    }
+
+    buf = ssl->in_msg;
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, msg_len );
+
+    ssl->handshake->update_checksum( ssl, buf, msg_len );
+
+    /*
+     * Handshake layer:
+     *     0  .   0   handshake type
+     *     1  .   3   handshake length
+     *     4  .   5   DTLS only: message seqence number
+     *     6  .   8   DTLS only: fragment offset
+     *     9  .  11   DTLS only: fragment length
+     */
+    if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d", buf[0] ) );
+
+    if( buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
+                   ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
+
+    /* We don't support fragmentation of ClientHello (yet?) */
+    if( buf[1] != 0 ||
+        msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        /*
+         * Copy the client's handshake message_seq on initial handshakes,
+         * check sequence number on renego.
+         */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+        if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+        {
+            /* This couldn't be done in ssl_prepare_handshake_record() */
+            unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
+                                         ssl->in_msg[5];
+
+            if( cli_msg_seq != ssl->handshake->in_msg_seq )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
+                                    "%d (expected %d)", cli_msg_seq,
+                                    ssl->handshake->in_msg_seq ) );
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+            }
+
+            ssl->handshake->in_msg_seq++;
+        }
+        else
+#endif
+        {
+            unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
+                                         ssl->in_msg[5];
+            ssl->handshake->out_msg_seq = cli_msg_seq;
+            ssl->handshake->in_msg_seq  = cli_msg_seq + 1;
+        }
+
+        /*
+         * For now we don't support fragmentation, so make sure
+         * fragment_offset == 0 and fragment_length == length
+         */
+        if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
+            memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) );
+            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        }
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+    buf += mbedtls_ssl_hs_hdr_len( ssl );
+    msg_len -= mbedtls_ssl_hs_hdr_len( ssl );
+
+    /*
+     * ClientHello layer:
+     *     0  .   1   protocol version
+     *     2  .  33   random bytes (starting with 4 bytes of Unix time)
+     *    34  .  35   session id length (1 byte)
+     *    35  . 34+x  session id
+     *   35+x . 35+x  DTLS only: cookie length (1 byte)
+     *   36+x .  ..   DTLS only: cookie
+     *    ..  .  ..   ciphersuite list length (2 bytes)
+     *    ..  .  ..   ciphersuite list
+     *    ..  .  ..   compression alg. list length (1 byte)
+     *    ..  .  ..   compression alg. list
+     *    ..  .  ..   extensions length (2 bytes, optional)
+     *    ..  .  ..   extensions (optional)
+     */
+
+    /*
+     * Minimal length (with everything empty and extensions ommitted) is
+     * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
+     * read at least up to session id length without worrying.
+     */
+    if( msg_len < 38 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    /*
+     * Check and save the protocol version
+     */
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
+
+    mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
+                      ssl->conf->transport, buf );
+
+    ssl->handshake->max_major_ver = ssl->major_ver;
+    ssl->handshake->max_minor_ver = ssl->minor_ver;
+
+    if( ssl->major_ver < ssl->conf->min_major_ver ||
+        ssl->minor_ver < ssl->conf->min_minor_ver )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
+                            " [%d:%d] < [%d:%d]",
+                            ssl->major_ver, ssl->minor_ver,
+                            ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
+
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
+
+        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
+    }
+
+    if( ssl->major_ver > ssl->conf->max_major_ver )
+    {
+        ssl->major_ver = ssl->conf->max_major_ver;
+        ssl->minor_ver = ssl->conf->max_minor_ver;
+    }
+    else if( ssl->minor_ver > ssl->conf->max_minor_ver )
+        ssl->minor_ver = ssl->conf->max_minor_ver;
+
+    /*
+     * Save client random (inc. Unix time)
+     */
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 2, 32 );
+
+    memcpy( ssl->handshake->randbytes, buf + 2, 32 );
+
+    /*
+     * Check the session ID length and save session ID
+     */
+    sess_len = buf[34];
+
+    if( sess_len > sizeof( ssl->session_negotiate->id ) ||
+        sess_len + 34 + 2 > msg_len ) /* 2 for cipherlist length field */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len );
+
+    ssl->session_negotiate->id_len = sess_len;
+    memset( ssl->session_negotiate->id, 0,
+            sizeof( ssl->session_negotiate->id ) );
+    memcpy( ssl->session_negotiate->id, buf + 35,
+            ssl->session_negotiate->id_len );
+
+    /*
+     * Check the cookie length and content
+     */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        cookie_offset = 35 + sess_len;
+        cookie_len = buf[cookie_offset];
+
+        if( cookie_offset + 1 + cookie_len + 2 > msg_len )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
+                       buf + cookie_offset + 1, cookie_len );
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+        if( ssl->conf->f_cookie_check != NULL
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+            && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
+#endif
+            )
+        {
+            if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
+                                     buf + cookie_offset + 1, cookie_len,
+                                     ssl->cli_id, ssl->cli_id_len ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification failed" ) );
+                ssl->handshake->verify_cookie_len = 1;
+            }
+            else
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification passed" ) );
+                ssl->handshake->verify_cookie_len = 0;
+            }
+        }
+        else
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+        {
+            /* We know we didn't send a cookie, so it should be empty */
+            if( cookie_len != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+            }
+
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification skipped" ) );
+        }
+
+    /*
+     * Check the ciphersuitelist length (will be parsed later)
+     */
+        ciph_offset = cookie_offset + 1 + cookie_len;
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+        ciph_offset = 35 + sess_len;
+
+    ciph_len = ( buf[ciph_offset + 0] << 8 )
+             | ( buf[ciph_offset + 1]      );
+
+    if( ciph_len < 2 ||
+        ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */
+        ( ciph_len % 2 ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
+                   buf + ciph_offset + 2,  ciph_len );
+
+    /*
+     * Check the compression algorithms length and pick one
+     */
+    comp_offset = ciph_offset + 2 + ciph_len;
+
+    comp_len = buf[comp_offset];
+
+    if( comp_len < 1 ||
+        comp_len > 16 ||
+        comp_len + comp_offset + 1 > msg_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, compression",
+                      buf + comp_offset + 1, comp_len );
+
+    ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    for( i = 0; i < comp_len; ++i )
+    {
+        if( buf[comp_offset + 1 + i] == MBEDTLS_SSL_COMPRESS_DEFLATE )
+        {
+            ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_DEFLATE;
+            break;
+        }
+    }
+#endif
+
+    /* See comments in ssl_write_client_hello() */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
+#endif
+
+    /*
+     * Check the extension length
+     */
+    ext_offset = comp_offset + 1 + comp_len;
+    if( msg_len > ext_offset )
+    {
+        if( msg_len < ext_offset + 2 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+
+        ext_len = ( buf[ext_offset + 0] << 8 )
+                | ( buf[ext_offset + 1]      );
+
+        if( ( ext_len > 0 && ext_len < 4 ) ||
+            msg_len != ext_offset + 2 + ext_len )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+    }
+    else
+        ext_len = 0;
+
+    ext = buf + ext_offset + 2;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
+
+    while( ext_len != 0 )
+    {
+        unsigned int ext_id   = ( ( ext[0] <<  8 )
+                                | ( ext[1]       ) );
+        unsigned int ext_size = ( ( ext[2] <<  8 )
+                                | ( ext[3]       ) );
+
+        if( ext_size + 4 > ext_len )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+        switch( ext_id )
+        {
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+        case MBEDTLS_TLS_EXT_SERVERNAME:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
+            if( ssl->conf->f_sni == NULL )
+                break;
+
+            ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+        case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+            renegotiation_info_seen = 1;
+#endif
+
+            ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+        case MBEDTLS_TLS_EXT_SIG_ALG:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+            if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+                break;
+#endif
+
+            ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
+          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+        case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
+
+            ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+
+        case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
+            ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
+
+            ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
+          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+        case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
+
+            ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+        case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
+
+            ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+        case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
+
+            ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+        case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
+
+            ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+        case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
+
+            ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+        case MBEDTLS_TLS_EXT_SESSION_TICKET:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
+
+            ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+        case MBEDTLS_TLS_EXT_ALPN:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
+
+            ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
+            if( ret != 0 )
+                return( ret );
+            break;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
+                           ext_id ) );
+        }
+
+        ext_len -= 4 + ext_size;
+        ext += 4 + ext_size;
+
+        if( ext_len > 0 && ext_len < 4 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+        }
+    }
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
+    for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
+    {
+        if( p[0] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) &&
+            p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE      ) & 0xff ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) );
+
+            if( ssl->minor_ver < ssl->conf->max_minor_ver )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
+
+                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                        MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
+
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+            }
+
+            break;
+        }
+    }
+#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
+
+    /*
+     * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+     */
+    for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
+    {
+        if( p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+            if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
+
+                if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                    return( ret );
+
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+            }
+#endif
+            ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
+            break;
+        }
+    }
+
+    /*
+     * Renegotiation security checks
+     */
+    if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
+        ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+        handshake_failure = 1;
+    }
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+             ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
+             renegotiation_info_seen == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+        handshake_failure = 1;
+    }
+    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+             ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
+        handshake_failure = 1;
+    }
+    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+             renegotiation_info_seen == 1 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+        handshake_failure = 1;
+    }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+    if( handshake_failure == 1 )
+    {
+        if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+            return( ret );
+
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    /*
+     * Search for a matching ciphersuite
+     * (At the end because we need information from the EC-based extensions
+     * and certificate from the SNI callback triggered by the SNI extension.)
+     */
+    got_common_suite = 0;
+    ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
+    ciphersuite_info = NULL;
+#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
+    for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
+    {
+        for( i = 0; ciphersuites[i] != 0; i++ )
+#else
+    for( i = 0; ciphersuites[i] != 0; i++ )
+    {
+        for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
+#endif
+        {
+            if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
+                p[1] != ( ( ciphersuites[i]      ) & 0xFF ) )
+                continue;
+
+            got_common_suite = 1;
+
+            if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+                                               &ciphersuite_info ) ) != 0 )
+                return( ret );
+
+            if( ciphersuite_info != NULL )
+                goto have_ciphersuite;
+        }
+    }
+
+    if( got_common_suite )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
+                            "but none of them usable" ) );
+        mbedtls_ssl_send_fatal_handshake_failure( ssl );
+        return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE );
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
+        mbedtls_ssl_send_fatal_handshake_failure( ssl );
+        return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
+    }
+
+have_ciphersuite:
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
+
+    ssl->session_negotiate->ciphersuite = ciphersuites[i];
+    ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
+    mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
+
+    ssl->state++;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        mbedtls_ssl_recv_flight_completed( ssl );
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
+                                          unsigned char *buf,
+                                          size_t *olen )
+{
+    unsigned char *p = buf;
+
+    if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
+    {
+        *olen = 0;
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) );
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 0x00;
+
+    *olen = 4;
+}
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
+                                            unsigned char *buf,
+                                            size_t *olen )
+{
+    unsigned char *p = buf;
+    const mbedtls_ssl_ciphersuite_t *suite = NULL;
+    const mbedtls_cipher_info_t *cipher = NULL;
+
+    if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        *olen = 0;
+        return;
+    }
+
+    /*
+     * RFC 7366: "If a server receives an encrypt-then-MAC request extension
+     * from a client and then selects a stream or Authenticated Encryption
+     * with Associated Data (AEAD) ciphersuite, it MUST NOT send an
+     * encrypt-then-MAC response extension back to the client."
+     */
+    if( ( suite = mbedtls_ssl_ciphersuite_from_id(
+                    ssl->session_negotiate->ciphersuite ) ) == NULL ||
+        ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL ||
+        cipher->mode != MBEDTLS_MODE_CBC )
+    {
+        *olen = 0;
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 0x00;
+
+    *olen = 4;
+}
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
+                                       unsigned char *buf,
+                                       size_t *olen )
+{
+    unsigned char *p = buf;
+
+    if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        *olen = 0;
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
+                        "extension" ) );
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 0x00;
+
+    *olen = 4;
+}
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
+                                          unsigned char *buf,
+                                          size_t *olen )
+{
+    unsigned char *p = buf;
+
+    if( ssl->handshake->new_session_ticket == 0 )
+    {
+        *olen = 0;
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 0x00;
+
+    *olen = 4;
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
+                                         unsigned char *buf,
+                                         size_t *olen )
+{
+    unsigned char *p = buf;
+
+    if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION )
+    {
+        *olen = 0;
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      ) & 0xFF );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+    {
+        *p++ = 0x00;
+        *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
+        *p++ = ssl->verify_data_len * 2 & 0xFF;
+
+        memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
+        p += ssl->verify_data_len;
+        memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+        p += ssl->verify_data_len;
+    }
+    else
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+    {
+        *p++ = 0x00;
+        *p++ = 0x01;
+        *p++ = 0x00;
+    }
+
+    *olen = p - buf;
+}
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
+                                               unsigned char *buf,
+                                               size_t *olen )
+{
+    unsigned char *p = buf;
+
+    if( ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
+    {
+        *olen = 0;
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 1;
+
+    *p++ = ssl->session_negotiate->mfl_code;
+
+    *olen = 5;
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
+                                                   unsigned char *buf,
+                                                   size_t *olen )
+{
+    unsigned char *p = buf;
+    ((void) ssl);
+
+    if( ( ssl->handshake->cli_exts &
+          MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 )
+    {
+        *olen = 0;
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS      ) & 0xFF );
+
+    *p++ = 0x00;
+    *p++ = 2;
+
+    *p++ = 1;
+    *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
+
+    *olen = 6;
+}
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
+                                        unsigned char *buf,
+                                        size_t *olen )
+{
+    int ret;
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t kkpp_len;
+
+    *olen = 0;
+
+    /* Skip costly computation if not needed */
+    if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
+        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+        return;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) );
+
+    if( end - p < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP      ) & 0xFF );
+
+    ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
+                                        p + 2, end - p - 2, &kkpp_len,
+                                        ssl->conf->f_rng, ssl->conf->p_rng );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( kkpp_len      ) & 0xFF );
+
+    *olen = kkpp_len + 4;
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_ALPN )
+static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
+                                unsigned char *buf, size_t *olen )
+{
+    if( ssl->alpn_chosen == NULL )
+    {
+        *olen = 0;
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding alpn extension" ) );
+
+    /*
+     * 0 . 1    ext identifier
+     * 2 . 3    ext length
+     * 4 . 5    protocol list length
+     * 6 . 6    protocol name length
+     * 7 . 7+n  protocol name
+     */
+    buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
+    buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN      ) & 0xFF );
+
+    *olen = 7 + strlen( ssl->alpn_chosen );
+
+    buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
+    buf[3] = (unsigned char)( ( ( *olen - 4 )      ) & 0xFF );
+
+    buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
+    buf[5] = (unsigned char)( ( ( *olen - 6 )      ) & 0xFF );
+
+    buf[6] = (unsigned char)( ( ( *olen - 7 )      ) & 0xFF );
+
+    memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
+}
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *p = ssl->out_msg + 4;
+    unsigned char *cookie_len_byte;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello verify request" ) );
+
+    /*
+     * struct {
+     *   ProtocolVersion server_version;
+     *   opaque cookie<0..2^8-1>;
+     * } HelloVerifyRequest;
+     */
+
+    /* The RFC is not clear on this point, but sending the actual negotiated
+     * version looks like the most interoperable thing to do. */
+    mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+                       ssl->conf->transport, p );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
+    p += 2;
+
+    /* If we get here, f_cookie_check is not null */
+    if( ssl->conf->f_cookie_write == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /* Skip length byte until we know the length */
+    cookie_len_byte = p++;
+
+    if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
+                                     &p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN,
+                                     ssl->cli_id, ssl->cli_id_len ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "f_cookie_write", ret );
+        return( ret );
+    }
+
+    *cookie_len_byte = (unsigned char)( p - ( cookie_len_byte + 1 ) );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte );
+
+    ssl->out_msglen  = p - ssl->out_msg;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
+
+    ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_HAVE_TIME)
+    time_t t;
+#endif
+    int ret;
+    size_t olen, ext_len = 0, n;
+    unsigned char *buf, *p;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->verify_cookie_len != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
+
+        return( ssl_write_hello_verify_request( ssl ) );
+    }
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+    if( ssl->conf->f_rng == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
+        return( MBEDTLS_ERR_SSL_NO_RNG );
+    }
+
+    /*
+     *     0  .   0   handshake type
+     *     1  .   3   handshake length
+     *     4  .   5   protocol version
+     *     6  .   9   UNIX time()
+     *    10  .  37   random bytes
+     */
+    buf = ssl->out_msg;
+    p = buf + 4;
+
+    mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+                       ssl->conf->transport, p );
+    p += 2;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
+                        buf[4], buf[5] ) );
+
+#if defined(MBEDTLS_HAVE_TIME)
+    t = time( NULL );
+    *p++ = (unsigned char)( t >> 24 );
+    *p++ = (unsigned char)( t >> 16 );
+    *p++ = (unsigned char)( t >>  8 );
+    *p++ = (unsigned char)( t       );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
+#else
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
+        return( ret );
+
+    p += 4;
+#endif /* MBEDTLS_HAVE_TIME */
+
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
+        return( ret );
+
+    p += 28;
+
+    memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
+
+    /*
+     * Resume is 0  by default, see ssl_handshake_init().
+     * It may be already set to 1 by ssl_parse_session_ticket_ext().
+     * If not, try looking up session ID in our cache.
+     */
+    if( ssl->handshake->resume == 0 &&
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+        ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
+#endif
+        ssl->session_negotiate->id_len != 0 &&
+        ssl->conf->f_get_cache != NULL &&
+        ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
+        ssl->handshake->resume = 1;
+    }
+
+    if( ssl->handshake->resume == 0 )
+    {
+        /*
+         * New session, create a new session id,
+         * unless we're about to issue a session ticket
+         */
+        ssl->state++;
+
+#if defined(MBEDTLS_HAVE_TIME)
+        ssl->session_negotiate->start = time( NULL );
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+        if( ssl->handshake->new_session_ticket != 0 )
+        {
+            ssl->session_negotiate->id_len = n = 0;
+            memset( ssl->session_negotiate->id, 0, 32 );
+        }
+        else
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+        {
+            ssl->session_negotiate->id_len = n = 32;
+            if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id,
+                                    n ) ) != 0 )
+                return( ret );
+        }
+    }
+    else
+    {
+        /*
+         * Resuming a session
+         */
+        n = ssl->session_negotiate->id_len;
+        ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
+
+        if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+            return( ret );
+        }
+    }
+
+    /*
+     *    38  .  38     session id length
+     *    39  . 38+n    session id
+     *   39+n . 40+n    chosen ciphersuite
+     *   41+n . 41+n    chosen compression alg.
+     *   42+n . 43+n    extensions length
+     *   44+n . 43+n+m  extensions
+     */
+    *p++ = (unsigned char) ssl->session_negotiate->id_len;
+    memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
+    p += ssl->session_negotiate->id_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
+    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 39, n );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
+                   ssl->handshake->resume ? "a" : "no" ) );
+
+    *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
+    *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite      );
+    *p++ = (unsigned char)( ssl->session_negotiate->compression      );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
+           mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
+                   ssl->session_negotiate->compression ) );
+
+    /*
+     *  First write extensions, then the total length
+     */
+    ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
+
+    if( ext_len > 0 )
+    {
+        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+        p += ext_len;
+    }
+
+    ssl->out_msglen  = p - buf;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_HELLO;
+
+    ret = mbedtls_ssl_write_record( ssl );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
+
+    return( ret );
+}
+
+#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
+    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+#else
+static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+    size_t dn_size, total_dn_size; /* excluding length bytes */
+    size_t ct_len, sa_len; /* including length bytes */
+    unsigned char *buf, *p;
+    const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const mbedtls_x509_crt *crt;
+    int authmode;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
+
+    ssl->state++;
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
+        authmode = ssl->handshake->sni_authmode;
+    else
+#endif
+        authmode = ssl->conf->authmode;
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
+        authmode == MBEDTLS_SSL_VERIFY_NONE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
+        return( 0 );
+    }
+
+    /*
+     *     0  .   0   handshake type
+     *     1  .   3   handshake length
+     *     4  .   4   cert type count
+     *     5  .. m-1  cert types
+     *     m  .. m+1  sig alg length (TLS 1.2 only)
+     *    m+1 .. n-1  SignatureAndHashAlgorithms (TLS 1.2 only)
+     *     n  .. n+1  length of all DNs
+     *    n+2 .. n+3  length of DN 1
+     *    n+4 .. ...  Distinguished Name #1
+     *    ... .. ...  length of DN 2, etc.
+     */
+    buf = ssl->out_msg;
+    p = buf + 4;
+
+    /*
+     * Supported certificate types
+     *
+     *     ClientCertificateType certificate_types<1..2^8-1>;
+     *     enum { (255) } ClientCertificateType;
+     */
+    ct_len = 0;
+
+#if defined(MBEDTLS_RSA_C)
+    p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+    p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
+#endif
+
+    p[0] = (unsigned char) ct_len++;
+    p += ct_len;
+
+    sa_len = 0;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    /*
+     * Add signature_algorithms for verify (TLS 1.2)
+     *
+     *     SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>;
+     *
+     *     struct {
+     *           HashAlgorithm hash;
+     *           SignatureAlgorithm signature;
+     *     } SignatureAndHashAlgorithm;
+     *
+     *     enum { (255) } HashAlgorithm;
+     *     enum { (255) } SignatureAlgorithm;
+     */
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        /*
+         * Only use current running hash algorithm that is already required
+         * for requested ciphersuite.
+         */
+        ssl->handshake->verify_sig_alg = MBEDTLS_SSL_HASH_SHA256;
+
+        if( ssl->transform_negotiate->ciphersuite_info->mac ==
+            MBEDTLS_MD_SHA384 )
+        {
+            ssl->handshake->verify_sig_alg = MBEDTLS_SSL_HASH_SHA384;
+        }
+
+        /*
+         * Supported signature algorithms
+         */
+#if defined(MBEDTLS_RSA_C)
+        p[2 + sa_len++] = ssl->handshake->verify_sig_alg;
+        p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+        p[2 + sa_len++] = ssl->handshake->verify_sig_alg;
+        p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
+#endif
+
+        p[0] = (unsigned char)( sa_len >> 8 );
+        p[1] = (unsigned char)( sa_len      );
+        sa_len += 2;
+        p += sa_len;
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+    /*
+     * DistinguishedName certificate_authorities<0..2^16-1>;
+     * opaque DistinguishedName<1..2^16-1>;
+     */
+    p += 2;
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    if( ssl->handshake->sni_ca_chain != NULL )
+        crt = ssl->handshake->sni_ca_chain;
+    else
+#endif
+        crt = ssl->conf->ca_chain;
+
+    total_dn_size = 0;
+    while( crt != NULL && crt->version != 0 )
+    {
+        dn_size = crt->subject_raw.len;
+
+        if( end < p || (size_t)( end - p ) < 2 + dn_size )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
+            break;
+        }
+
+        *p++ = (unsigned char)( dn_size >> 8 );
+        *p++ = (unsigned char)( dn_size      );
+        memcpy( p, crt->subject_raw.p, dn_size );
+        p += dn_size;
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size );
+
+        total_dn_size += 2 + dn_size;
+        crt = crt->next;
+    }
+
+    ssl->out_msglen  = p - buf;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
+    ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size  >> 8 );
+    ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size       );
+
+    ret = mbedtls_ssl_write_record( ssl );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
+
+    return( ret );
+}
+#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
+        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    }
+
+    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx,
+                                 mbedtls_pk_ec( *mbedtls_ssl_own_key( ssl ) ),
+                                 MBEDTLS_ECDH_OURS ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    size_t n = 0;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+                            ssl->transform_negotiate->ciphersuite_info;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    unsigned char *p = ssl->out_msg + 4;
+    unsigned char *dig_signed = p;
+    size_t dig_signed_len = 0, len;
+    ((void) dig_signed);
+    ((void) dig_signed_len);
+    ((void) len);
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                           \
+    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                           \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
+        ssl->state++;
+        return( 0 );
+    }
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+    {
+        ssl_get_ecdh_params_from_cert( ssl );
+
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
+        ssl->state++;
+        return( 0 );
+    }
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        size_t jlen;
+        const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+        ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
+                p, end - p, &jlen, ssl->conf->f_rng, ssl->conf->p_rng );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
+            return( ret );
+        }
+
+        p += jlen;
+        n += jlen;
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+    {
+        /* TODO: Support identity hints */
+        *(p++) = 0x00;
+        *(p++) = 0x00;
+
+        n += 2;
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
+    {
+        if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "no DH parameters set" ) );
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        }
+
+        /*
+         * Ephemeral DH parameters:
+         *
+         * struct {
+         *     opaque dh_p<1..2^16-1>;
+         *     opaque dh_g<1..2^16-1>;
+         *     opaque dh_Ys<1..2^16-1>;
+         * } ServerDHParams;
+         */
+        if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 ||
+            ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
+            return( ret );
+        }
+
+        if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx,
+                        (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+                        p, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret );
+            return( ret );
+        }
+
+        dig_signed = p;
+        dig_signed_len = len;
+
+        p += len;
+        n += len;
+
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X  );
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P  );
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G  );
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+    {
+        /*
+         * Ephemeral ECDH parameters:
+         *
+         * struct {
+         *     ECParameters curve_params;
+         *     ECPoint      public;
+         * } ServerECDHParams;
+         */
+        const mbedtls_ecp_curve_info **curve = NULL;
+        const mbedtls_ecp_group_id *gid;
+
+        /* Match our preference list against the offered curves */
+        for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
+            for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
+                if( (*curve)->grp_id == *gid )
+                    goto curve_matching_done;
+
+curve_matching_done:
+        if( curve == NULL || *curve == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) );
+            return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
+
+        if( ( ret = mbedtls_ecp_group_load( &ssl->handshake->ecdh_ctx.grp,
+                                       (*curve)->grp_id ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
+            return( ret );
+        }
+
+        if( ( ret = mbedtls_ecdh_make_params( &ssl->handshake->ecdh_ctx, &len,
+                                      p, MBEDTLS_SSL_MAX_CONTENT_LEN - n,
+                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
+            return( ret );
+        }
+
+        dig_signed = p;
+        dig_signed_len = len;
+
+        p += len;
+        n += len;
+
+        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+    {
+        size_t signature_len = 0;
+        unsigned int hashlen = 0;
+        unsigned char hash[64];
+        mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
+
+        /*
+         * Choose hash algorithm. NONE means MD5 + SHA1 here.
+         */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+        {
+            md_alg = mbedtls_ssl_md_alg_from_hash( ssl->handshake->sig_alg );
+
+            if( md_alg == MBEDTLS_MD_NONE )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+        if( ciphersuite_info->key_exchange ==
+                  MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+        {
+            md_alg = MBEDTLS_MD_SHA1;
+        }
+        else
+#endif
+        {
+            md_alg = MBEDTLS_MD_NONE;
+        }
+
+        /*
+         * Compute the hash to be signed
+         */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+        if( md_alg == MBEDTLS_MD_NONE )
+        {
+            mbedtls_md5_context mbedtls_md5;
+            mbedtls_sha1_context mbedtls_sha1;
+
+            mbedtls_md5_init(  &mbedtls_md5  );
+            mbedtls_sha1_init( &mbedtls_sha1 );
+
+            /*
+             * digitally-signed struct {
+             *     opaque md5_hash[16];
+             *     opaque sha_hash[20];
+             * };
+             *
+             * md5_hash
+             *     MD5(ClientHello.random + ServerHello.random
+             *                            + ServerParams);
+             * sha_hash
+             *     SHA(ClientHello.random + ServerHello.random
+             *                            + ServerParams);
+             */
+            mbedtls_md5_starts( &mbedtls_md5 );
+            mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes,  64 );
+            mbedtls_md5_update( &mbedtls_md5, dig_signed, dig_signed_len );
+            mbedtls_md5_finish( &mbedtls_md5, hash );
+
+            mbedtls_sha1_starts( &mbedtls_sha1 );
+            mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes,  64 );
+            mbedtls_sha1_update( &mbedtls_sha1, dig_signed, dig_signed_len );
+            mbedtls_sha1_finish( &mbedtls_sha1, hash + 16 );
+
+            hashlen = 36;
+
+            mbedtls_md5_free(  &mbedtls_md5  );
+            mbedtls_sha1_free( &mbedtls_sha1 );
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
+          MBEDTLS_SSL_PROTO_TLS1_1 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( md_alg != MBEDTLS_MD_NONE )
+        {
+            mbedtls_md_context_t ctx;
+            const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+
+            mbedtls_md_init( &ctx );
+
+            /* Info from md_alg will be used instead */
+            hashlen = 0;
+
+            /*
+             * digitally-signed struct {
+             *     opaque client_random[32];
+             *     opaque server_random[32];
+             *     ServerDHParams params;
+             * };
+             */
+            if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+                return( ret );
+            }
+
+            mbedtls_md_starts( &ctx );
+            mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 );
+            mbedtls_md_update( &ctx, dig_signed, dig_signed_len );
+            mbedtls_md_finish( &ctx, hash );
+            mbedtls_md_free( &ctx );
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
+          MBEDTLS_SSL_PROTO_TLS1_2 */
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
+            (unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );
+
+        /*
+         * Make the signature
+         */
+        if( mbedtls_ssl_own_key( ssl ) == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key" ) );
+            return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+        }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+        {
+            *(p++) = ssl->handshake->sig_alg;
+            *(p++) = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
+
+            n += 2;
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+        if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash, hashlen,
+                        p + 2 , &signature_len,
+                        ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
+            return( ret );
+        }
+
+        *(p++) = (unsigned char)( signature_len >> 8 );
+        *(p++) = (unsigned char)( signature_len      );
+        n += 2;
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", p, signature_len );
+
+        n += signature_len;
+    }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+    ssl->out_msglen  = 4 + n;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE;
+
+    ssl->state++;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) );
+
+    return( 0 );
+}
+
+static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) );
+
+    ssl->out_msglen  = 4;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_HELLO_DONE;
+
+    ssl->state++;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        mbedtls_ssl_send_flight_completed( ssl );
+#endif
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p,
+                                       const unsigned char *end )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    size_t n;
+
+    /*
+     * Receive G^Y mod P, premaster = (G^Y)^X mod P
+     */
+    if( *p + 2 > end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+    n = ( (*p)[0] << 8 ) | (*p)[1];
+    *p += 2;
+
+    if( *p + n > end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+    if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_read_public", ret );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+    }
+
+    *p += n;
+
+    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
+
+    return( ret );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                           \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
+                                    const unsigned char *p,
+                                    const unsigned char *end,
+                                    size_t pms_offset )
+{
+    int ret;
+    size_t len = mbedtls_pk_get_len( mbedtls_ssl_own_key( ssl ) );
+    unsigned char *pms = ssl->handshake->premaster + pms_offset;
+    unsigned char ver[2];
+    unsigned char fake_pms[48], peer_pms[48];
+    unsigned char mask;
+    size_t i, peer_pmslen;
+    unsigned int diff;
+
+    if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
+        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+    }
+
+    /*
+     * Decrypt the premaster using own private RSA key
+     */
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
+            *p++ != ( ( len      ) & 0xFF ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+        }
+    }
+#endif
+
+    if( p + len != end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+    mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
+                       ssl->handshake->max_minor_ver,
+                       ssl->conf->transport, ver );
+
+    /*
+     * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
+     * must not cause the connection to end immediately; instead, send a
+     * bad_record_mac later in the handshake.
+     * Also, avoid data-dependant branches here to protect against
+     * timing-based variants.
+     */
+    ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
+    if( ret != 0 )
+        return( ret );
+
+    ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len,
+                      peer_pms, &peer_pmslen,
+                      sizeof( peer_pms ),
+                      ssl->conf->f_rng, ssl->conf->p_rng );
+
+    diff  = (unsigned int) ret;
+    diff |= peer_pmslen ^ 48;
+    diff |= peer_pms[0] ^ ver[0];
+    diff |= peer_pms[1] ^ ver[1];
+
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+    if( diff != 0 )
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+#endif
+
+    if( sizeof( ssl->handshake->premaster ) < pms_offset ||
+        sizeof( ssl->handshake->premaster ) - pms_offset < 48 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+    ssl->handshake->pmslen = 48;
+
+    /* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */
+    /* MSVC has a warning about unary minus on unsigned, but this is
+     * well-defined and precisely what we want to do here */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+    mask = - ( ( diff | - diff ) >> ( sizeof( unsigned int ) * 8 - 1 ) );
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+    for( i = 0; i < ssl->handshake->pmslen; i++ )
+        pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p,
+                                          const unsigned char *end )
+{
+    int ret = 0;
+    size_t n;
+
+    if( ssl->conf->f_psk == NULL &&
+        ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
+          ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
+        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+    }
+
+    /*
+     * Receive client pre-shared key identity name
+     */
+    if( *p + 2 > end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+    n = ( (*p)[0] << 8 ) | (*p)[1];
+    *p += 2;
+
+    if( n < 1 || n > 65535 || *p + n > end )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+    if( ssl->conf->f_psk != NULL )
+    {
+        if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
+            ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
+    }
+    else
+    {
+        /* Identity is not a big secret since clients send it in the clear,
+         * but treat it carefully anyway, just in case */
+        if( n != ssl->conf->psk_identity_len ||
+            mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
+        {
+            ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
+        }
+    }
+
+    if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY )
+    {
+        MBEDTLS_SSL_DEBUG_BUF( 3, "Unknown PSK identity", *p, n );
+        if( ( ret = mbedtls_ssl_send_alert_message( ssl,
+                              MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                              MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY ) ) != 0 )
+        {
+            return( ret );
+        }
+
+        return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY );
+    }
+
+    *p += n;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+    unsigned char *p, *end;
+
+    ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
+
+    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+    end = ssl->in_msg + ssl->in_hslen;
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+    }
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
+    {
+        if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
+            return( ret );
+        }
+
+        if( p != end )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+        }
+
+        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
+                                      ssl->handshake->premaster,
+                                      MBEDTLS_PREMASTER_SIZE,
+                                     &ssl->handshake->pmslen,
+                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
+        }
+
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+    {
+        if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
+                                      p, end - p) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+        }
+
+        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+
+        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
+                                      &ssl->handshake->pmslen,
+                                       ssl->handshake->premaster,
+                                       MBEDTLS_MPI_MAX_SIZE,
+                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
+        }
+
+        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z  ", &ssl->handshake->ecdh_ctx.z );
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
+    {
+        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+            return( ret );
+        }
+
+        if( p != end )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+        }
+
+        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
+                        ciphersuite_info->key_exchange ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
+            return( ret );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+    {
+        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+            return( ret );
+        }
+
+        if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret );
+            return( ret );
+        }
+
+        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
+                        ciphersuite_info->key_exchange ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
+            return( ret );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
+    {
+        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+            return( ret );
+        }
+        if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
+            return( ret );
+        }
+
+        if( p != end )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+        }
+
+        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
+                        ciphersuite_info->key_exchange ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
+            return( ret );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+    {
+        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
+            return( ret );
+        }
+
+        if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
+                                       p, end - p ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
+        }
+
+        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
+
+        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
+                        ciphersuite_info->key_exchange ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
+            return( ret );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
+    {
+        if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_parse_encrypted_pms_secret" ), ret );
+            return( ret );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
+                                              p, end - p );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+        }
+
+        ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
+                ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
+                ssl->conf->f_rng, ssl->conf->p_rng );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
+            return( ret );
+        }
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
+        return( ret );
+    }
+
+    ssl->state++;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) );
+
+    return( 0 );
+}
+
+#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
+    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+#else
+static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    size_t i, sig_len;
+    unsigned char hash[48];
+    unsigned char *hash_start = hash;
+    size_t hashlen;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    mbedtls_pk_type_t pk_alg;
+#endif
+    mbedtls_md_type_t md_alg;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
+        ssl->session_negotiate->peer_cert == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    /* Needs to be done before read_record() to exclude current message */
+    ssl->handshake->calc_verify( ssl, hash );
+
+    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    ssl->state++;
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
+        ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+    }
+
+    i = mbedtls_ssl_hs_hdr_len( ssl );
+
+    /*
+     *  struct {
+     *     SignatureAndHashAlgorithm algorithm; -- TLS 1.2 only
+     *     opaque signature<0..2^16-1>;
+     *  } DigitallySigned;
+     */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        md_alg = MBEDTLS_MD_NONE;
+        hashlen = 36;
+
+        /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
+        if( mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
+                        MBEDTLS_PK_ECDSA ) )
+        {
+            hash_start += 16;
+            hashlen -= 16;
+            md_alg = MBEDTLS_MD_SHA1;
+        }
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 ||
+          MBEDTLS_SSL_PROTO_TLS1_1 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        if( i + 2 > ssl->in_hslen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+        }
+
+        /*
+         * Hash
+         */
+        if( ssl->in_msg[i] != ssl->handshake->verify_sig_alg )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+                                " for verify message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+        }
+
+        md_alg = mbedtls_ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
+
+        /* Info from md_alg will be used instead */
+        hashlen = 0;
+
+        i++;
+
+        /*
+         * Signature
+         */
+        if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
+                        == MBEDTLS_PK_NONE )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+                                " for verify message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+        }
+
+        /*
+         * Check the certificate's key type matches the signature alg
+         */
+        if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+        }
+
+        i++;
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    if( i + 2 > ssl->in_hslen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+    }
+
+    sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1];
+    i += 2;
+
+    if( i + sig_len != ssl->in_hslen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+    }
+
+    if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
+                           md_alg, hash_start, hashlen,
+                           ssl->in_msg + i, sig_len ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+
+    return( ret );
+}
+#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
+          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    size_t tlen;
+    uint32_t lifetime;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
+
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_NEW_SESSION_TICKET;
+
+    /*
+     * struct {
+     *     uint32 ticket_lifetime_hint;
+     *     opaque ticket<0..2^16-1>;
+     * } NewSessionTicket;
+     *
+     * 4  .  7   ticket_lifetime_hint (0 = unspecified)
+     * 8  .  9   ticket_len (n)
+     * 10 .  9+n ticket content
+     */
+
+    if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket,
+                                ssl->session_negotiate,
+                                ssl->out_msg + 10,
+                                ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN,
+                                &tlen, &lifetime ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret );
+        tlen = 0;
+    }
+
+    ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF;
+    ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF;
+    ssl->out_msg[6] = ( lifetime >>  8 ) & 0xFF;
+    ssl->out_msg[7] = ( lifetime       ) & 0xFF;
+
+    ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF );
+    ssl->out_msg[9] = (unsigned char)( ( tlen      ) & 0xFF );
+
+    ssl->out_msglen = 10 + tlen;
+
+    /*
+     * Morally equivalent to updating ssl->state, but NewSessionTicket and
+     * ChangeCipherSpec share the same state.
+     */
+    ssl->handshake->new_session_ticket = 0;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+/*
+ * SSL handshake -- server side -- single step
+ */
+int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
+
+    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+        return( ret );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
+    {
+        if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+            return( ret );
+    }
+#endif
+
+    switch( ssl->state )
+    {
+        case MBEDTLS_SSL_HELLO_REQUEST:
+            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+            break;
+
+        /*
+         *  <==   ClientHello
+         */
+        case MBEDTLS_SSL_CLIENT_HELLO:
+            ret = ssl_parse_client_hello( ssl );
+            break;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
+            return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
+#endif
+
+        /*
+         *  ==>   ServerHello
+         *        Certificate
+         *      ( ServerKeyExchange  )
+         *      ( CertificateRequest )
+         *        ServerHelloDone
+         */
+        case MBEDTLS_SSL_SERVER_HELLO:
+            ret = ssl_write_server_hello( ssl );
+            break;
+
+        case MBEDTLS_SSL_SERVER_CERTIFICATE:
+            ret = mbedtls_ssl_write_certificate( ssl );
+            break;
+
+        case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
+            ret = ssl_write_server_key_exchange( ssl );
+            break;
+
+        case MBEDTLS_SSL_CERTIFICATE_REQUEST:
+            ret = ssl_write_certificate_request( ssl );
+            break;
+
+        case MBEDTLS_SSL_SERVER_HELLO_DONE:
+            ret = ssl_write_server_hello_done( ssl );
+            break;
+
+        /*
+         *  <== ( Certificate/Alert  )
+         *        ClientKeyExchange
+         *      ( CertificateVerify  )
+         *        ChangeCipherSpec
+         *        Finished
+         */
+        case MBEDTLS_SSL_CLIENT_CERTIFICATE:
+            ret = mbedtls_ssl_parse_certificate( ssl );
+            break;
+
+        case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
+            ret = ssl_parse_client_key_exchange( ssl );
+            break;
+
+        case MBEDTLS_SSL_CERTIFICATE_VERIFY:
+            ret = ssl_parse_certificate_verify( ssl );
+            break;
+
+        case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
+            ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
+            break;
+
+        case MBEDTLS_SSL_CLIENT_FINISHED:
+            ret = mbedtls_ssl_parse_finished( ssl );
+            break;
+
+        /*
+         *  ==> ( NewSessionTicket )
+         *        ChangeCipherSpec
+         *        Finished
+         */
+        case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+            if( ssl->handshake->new_session_ticket != 0 )
+                ret = ssl_write_new_session_ticket( ssl );
+            else
+#endif
+                ret = mbedtls_ssl_write_change_cipher_spec( ssl );
+            break;
+
+        case MBEDTLS_SSL_SERVER_FINISHED:
+            ret = mbedtls_ssl_write_finished( ssl );
+            break;
+
+        case MBEDTLS_SSL_FLUSH_BUFFERS:
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
+            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+            break;
+
+        case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
+            mbedtls_ssl_handshake_wrapup( ssl );
+            break;
+
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    return( ret );
+}
+#endif /* MBEDTLS_SSL_SRV_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ssl_ticket.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,489 @@
+/*
+ *  TLS server tickets callbacks implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SSL_TICKET_C)
+
+#include "mbedtls/ssl_ticket.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+#include <string.h>
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * Initialze context
+ */
+void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_init( &ctx->mutex );
+#endif
+}
+
+#define MAX_KEY_BYTES 32    /* 256 bits */
+
+/*
+ * Generate/update a key
+ */
+static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
+                               unsigned char index )
+{
+    int ret;
+    unsigned char buf[MAX_KEY_BYTES];
+    mbedtls_ssl_ticket_key *key = ctx->keys + index;
+
+#if defined(MBEDTLS_HAVE_TIME)
+    key->generation_time = (uint32_t) time( NULL );
+#endif
+
+    if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
+        return( ret );
+
+    if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 )
+        return( ret );
+
+    /* With GCM and CCM, same context can encrypt & decrypt */
+    ret = mbedtls_cipher_setkey( &key->ctx, buf,
+                                 mbedtls_cipher_get_key_bitlen( &key->ctx ),
+                                 MBEDTLS_ENCRYPT );
+
+    mbedtls_zeroize( buf, sizeof( buf ) );
+
+    return( ret );
+}
+
+/*
+ * Rotate/generate keys if necessary
+ */
+static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
+{
+#if !defined(MBEDTLS_HAVE_TIME)
+    ((void) ctx);
+#else
+    if( ctx->ticket_lifetime != 0 )
+    {
+        uint32_t current_time = (uint32_t) time( NULL );
+        uint32_t key_time = ctx->keys[ctx->active].generation_time;
+
+        if( current_time > key_time &&
+            current_time - key_time < ctx->ticket_lifetime )
+        {
+            return( 0 );
+        }
+
+        ctx->active = 1 - ctx->active;
+
+        return( ssl_ticket_gen_key( ctx, ctx->active ) );
+    }
+    else
+#endif /* MBEDTLS_HAVE_TIME */
+        return( 0 );
+}
+
+/*
+ * Setup context for actual use
+ */
+int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
+    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
+    uint32_t lifetime )
+{
+    int ret;
+    const mbedtls_cipher_info_t *cipher_info;
+
+    ctx->f_rng = f_rng;
+    ctx->p_rng = p_rng;
+
+    ctx->ticket_lifetime = lifetime;
+
+    cipher_info = mbedtls_cipher_info_from_type( cipher);
+    if( cipher_info == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( cipher_info->mode != MBEDTLS_MODE_GCM &&
+        cipher_info->mode != MBEDTLS_MODE_CCM )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ||
+        ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
+        ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Serialize a session in the following format:
+ *  0   .   n-1     session structure, n = sizeof(mbedtls_ssl_session)
+ *  n   .   n+2     peer_cert length = m (0 if no certificate)
+ *  n+3 .   n+2+m   peer cert ASN.1
+ */
+static int ssl_save_session( const mbedtls_ssl_session *session,
+                             unsigned char *buf, size_t buf_len,
+                             size_t *olen )
+{
+    unsigned char *p = buf;
+    size_t left = buf_len;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    size_t cert_len;
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+    if( left < sizeof( mbedtls_ssl_session ) )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    memcpy( p, session, sizeof( mbedtls_ssl_session ) );
+    p += sizeof( mbedtls_ssl_session );
+    left -= sizeof( mbedtls_ssl_session );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if( session->peer_cert == NULL )
+        cert_len = 0;
+    else
+        cert_len = session->peer_cert->raw.len;
+
+    if( left < 3 + cert_len )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    *p++ = (unsigned char)( cert_len >> 16 & 0xFF );
+    *p++ = (unsigned char)( cert_len >>  8 & 0xFF );
+    *p++ = (unsigned char)( cert_len       & 0xFF );
+
+    if( session->peer_cert != NULL )
+        memcpy( p, session->peer_cert->raw.p, cert_len );
+
+    p += cert_len;
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+    *olen = p - buf;
+
+    return( 0 );
+}
+
+/*
+ * Unserialise session, see ssl_save_session()
+ */
+static int ssl_load_session( mbedtls_ssl_session *session,
+                             const unsigned char *buf, size_t len )
+{
+    const unsigned char *p = buf;
+    const unsigned char * const end = buf + len;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    size_t cert_len;
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+    if( p + sizeof( mbedtls_ssl_session ) > end )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    memcpy( session, p, sizeof( mbedtls_ssl_session ) );
+    p += sizeof( mbedtls_ssl_session );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if( p + 3 > end )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+    p += 3;
+
+    if( cert_len == 0 )
+    {
+        session->peer_cert = NULL;
+    }
+    else
+    {
+        int ret;
+
+        if( p + cert_len > end )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+        session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+
+        if( session->peer_cert == NULL )
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+        mbedtls_x509_crt_init( session->peer_cert );
+
+        if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
+                                        p, cert_len ) ) != 0 )
+        {
+            mbedtls_x509_crt_free( session->peer_cert );
+            mbedtls_free( session->peer_cert );
+            session->peer_cert = NULL;
+            return( ret );
+        }
+
+        p += cert_len;
+    }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+    if( p != end )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    return( 0 );
+}
+
+/*
+ * Create session ticket, with the following structure:
+ *
+ *    struct {
+ *        opaque key_name[4];
+ *        opaque iv[12];
+ *        opaque encrypted_state<0..2^16-1>;
+ *        opaque tag[16];
+ *    } ticket;
+ *
+ * The key_name, iv, and length of encrypted_state are the additional
+ * authenticated data.
+ */
+int mbedtls_ssl_ticket_write( void *p_ticket,
+                              const mbedtls_ssl_session *session,
+                              unsigned char *start,
+                              const unsigned char *end,
+                              size_t *tlen,
+                              uint32_t *ticket_lifetime )
+{
+    int ret;
+    mbedtls_ssl_ticket_context *ctx = p_ticket;
+    mbedtls_ssl_ticket_key *key;
+    unsigned char *key_name = start;
+    unsigned char *iv = start + 4;
+    unsigned char *state_len_bytes = iv + 12;
+    unsigned char *state = state_len_bytes + 2;
+    unsigned char *tag;
+    size_t clear_len, ciph_len;
+
+    *tlen = 0;
+
+    if( ctx == NULL || ctx->f_rng == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
+     * in addition to session itself, that will be checked when writing it. */
+    if( end - start < 4 + 12 + 2 + 16 )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
+        goto cleanup;
+
+    key = &ctx->keys[ctx->active];
+
+    *ticket_lifetime = ctx->ticket_lifetime;
+
+    memcpy( key_name, key->name, 4 );
+
+    if( ( ret = ctx->f_rng( ctx->p_rng, iv, 12 ) ) != 0 )
+        goto cleanup;
+
+    /* Dump session state */
+    if( ( ret = ssl_save_session( session,
+                                  state, end - state, &clear_len ) ) != 0 ||
+        (unsigned long) clear_len > 65535 )
+    {
+         goto cleanup;
+    }
+    state_len_bytes[0] = ( clear_len >> 8 ) & 0xff;
+    state_len_bytes[1] = ( clear_len      ) & 0xff;
+
+    /* Encrypt and authenticate */
+    tag = state + clear_len;
+    if( ( ret = mbedtls_cipher_auth_encrypt( &key->ctx,
+                    iv, 12, key_name, 4 + 12 + 2,
+                    state, clear_len, state, &ciph_len, tag, 16 ) ) != 0 )
+    {
+        goto cleanup;
+    }
+    if( ciph_len != clear_len )
+    {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto cleanup;
+    }
+
+    *tlen = 4 + 12 + 2 + 16 + ciph_len;
+
+cleanup:
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+/*
+ * Select key based on name
+ */
+static mbedtls_ssl_ticket_key *ssl_ticket_select_key(
+        mbedtls_ssl_ticket_context *ctx,
+        const unsigned char name[4] )
+{
+    unsigned char i;
+
+    for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ )
+        if( memcmp( name, ctx->keys[i].name, 4 ) == 0 )
+            return( &ctx->keys[i] );
+
+    return( NULL );
+}
+
+/*
+ * Load session ticket (see mbedtls_ssl_ticket_write for structure)
+ */
+int mbedtls_ssl_ticket_parse( void *p_ticket,
+                              mbedtls_ssl_session *session,
+                              unsigned char *buf,
+                              size_t len )
+{
+    int ret;
+    mbedtls_ssl_ticket_context *ctx = p_ticket;
+    mbedtls_ssl_ticket_key *key;
+    unsigned char *key_name = buf;
+    unsigned char *iv = buf + 4;
+    unsigned char *enc_len_p = iv + 12;
+    unsigned char *ticket = enc_len_p + 2;
+    unsigned char *tag;
+    size_t enc_len, clear_len;
+
+    if( ctx == NULL || ctx->f_rng == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    /* See mbedtls_ssl_ticket_write() */
+    if( len < 4 + 12 + 2 + 16 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
+
+    if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
+        goto cleanup;
+
+    enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
+    tag = ticket + enc_len;
+
+    if( len != 4 + 12 + 2 + enc_len + 16 )
+    {
+        ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        goto cleanup;
+    }
+
+    /* Select key */
+    if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL )
+    {
+        /* We can't know for sure but this is a likely option unless we're
+         * under attack - this is only informative anyway */
+        ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+        goto cleanup;
+    }
+
+    /* Decrypt and authenticate */
+    if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx, iv, 12,
+                    key_name, 4 + 12 + 2, ticket, enc_len,
+                    ticket, &clear_len, tag, 16 ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
+            ret = MBEDTLS_ERR_SSL_INVALID_MAC;
+
+        goto cleanup;
+    }
+    if( clear_len != enc_len )
+    {
+        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+        goto cleanup;
+    }
+
+    /* Actually load session */
+    if( ( ret = ssl_load_session( session, ticket, clear_len ) ) != 0 )
+        goto cleanup;
+
+#if defined(MBEDTLS_HAVE_TIME)
+    {
+        /* Check for expiration */
+        time_t current_time = time( NULL );
+
+        if( current_time < session->start ||
+            (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
+        {
+            ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+            goto cleanup;
+        }
+    }
+#endif
+
+cleanup:
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+
+/*
+ * Free context
+ */
+void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
+{
+    mbedtls_cipher_free( &ctx->keys[0].ctx );
+    mbedtls_cipher_free( &ctx->keys[1].ctx );
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_free( &ctx->mutex );
+#endif
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
+}
+
+#endif /* MBEDTLS_SSL_TICKET_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/ssl_tls.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,7559 @@
+/*
+ *  SSLv3/TLSv1 shared functions
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The SSL 3.0 specification was drafted by Netscape in 1996,
+ *  and became an IETF standard in 1999.
+ *
+ *  http://wp.netscape.com/eng/ssl3/
+ *  http://www.ietf.org/rfc/rfc2246.txt
+ *  http://www.ietf.org/rfc/rfc4346.txt
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C)
+
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_internal.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+#include "mbedtls/oid.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free       free
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/* Length of the "epoch" field in the record header */
+static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( 2 );
+#else
+    ((void) ssl);
+#endif
+    return( 0 );
+}
+
+/*
+ * Start a timer.
+ * Passing millisecs = 0 cancels a running timer.
+ */
+static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs )
+{
+    if( ssl->f_set_timer == NULL )
+        return;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) );
+    ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs );
+}
+
+/*
+ * Return -1 is timer is expired, 0 if it isn't.
+ */
+static int ssl_check_timer( mbedtls_ssl_context *ssl )
+{
+    if( ssl->f_get_timer == NULL )
+        return( 0 );
+
+    if( ssl->f_get_timer( ssl->p_timer ) == 2 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
+        return( -1 );
+    }
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/*
+ * Double the retransmit timeout value, within the allowed range,
+ * returning -1 if the maximum value has already been reached.
+ */
+static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
+{
+    uint32_t new_timeout;
+
+    if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
+        return( -1 );
+
+    new_timeout = 2 * ssl->handshake->retransmit_timeout;
+
+    /* Avoid arithmetic overflow and range overflow */
+    if( new_timeout < ssl->handshake->retransmit_timeout ||
+        new_timeout > ssl->conf->hs_timeout_max )
+    {
+        new_timeout = ssl->conf->hs_timeout_max;
+    }
+
+    ssl->handshake->retransmit_timeout = new_timeout;
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
+                        ssl->handshake->retransmit_timeout ) );
+
+    return( 0 );
+}
+
+static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
+{
+    ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
+                        ssl->handshake->retransmit_timeout ) );
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/*
+ * Convert max_fragment_length codes to length.
+ * RFC 6066 says:
+ *    enum{
+ *        2^9(1), 2^10(2), 2^11(3), 2^12(4), (255)
+ *    } MaxFragmentLength;
+ * and we add 0 -> extension unused
+ */
+static unsigned int mfl_code_to_length[MBEDTLS_SSL_MAX_FRAG_LEN_INVALID] =
+{
+    MBEDTLS_SSL_MAX_CONTENT_LEN,    /* MBEDTLS_SSL_MAX_FRAG_LEN_NONE */
+    512,                    /* MBEDTLS_SSL_MAX_FRAG_LEN_512  */
+    1024,                   /* MBEDTLS_SSL_MAX_FRAG_LEN_1024 */
+    2048,                   /* MBEDTLS_SSL_MAX_FRAG_LEN_2048 */
+    4096,                   /* MBEDTLS_SSL_MAX_FRAG_LEN_4096 */
+};
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src )
+{
+    mbedtls_ssl_session_free( dst );
+    memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if( src->peer_cert != NULL )
+    {
+        int ret;
+
+        dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
+        if( dst->peer_cert == NULL )
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+        mbedtls_x509_crt_init( dst->peer_cert );
+
+        if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p,
+                                        src->peer_cert->raw.len ) ) != 0 )
+        {
+            mbedtls_free( dst->peer_cert );
+            dst->peer_cert = NULL;
+            return( ret );
+        }
+    }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    if( src->ticket != NULL )
+    {
+        dst->ticket = mbedtls_calloc( 1, src->ticket_len );
+        if( dst->ticket == NULL )
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+        memcpy( dst->ticket, src->ticket, src->ticket_len );
+    }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
+                     const unsigned char *key_enc, const unsigned char *key_dec,
+                     size_t keylen,
+                     const unsigned char *iv_enc,  const unsigned char *iv_dec,
+                     size_t ivlen,
+                     const unsigned char *mac_enc, const unsigned char *mac_dec,
+                     size_t maclen ) = NULL;
+int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL;
+int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL;
+int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL;
+int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL;
+int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL;
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+
+/*
+ * Key material generation
+ */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+static int ssl3_prf( const unsigned char *secret, size_t slen,
+                     const char *label,
+                     const unsigned char *random, size_t rlen,
+                     unsigned char *dstbuf, size_t dlen )
+{
+    size_t i;
+    mbedtls_md5_context md5;
+    mbedtls_sha1_context sha1;
+    unsigned char padding[16];
+    unsigned char sha1sum[20];
+    ((void)label);
+
+    mbedtls_md5_init(  &md5  );
+    mbedtls_sha1_init( &sha1 );
+
+    /*
+     *  SSLv3:
+     *    block =
+     *      MD5( secret + SHA1( 'A'    + secret + random ) ) +
+     *      MD5( secret + SHA1( 'BB'   + secret + random ) ) +
+     *      MD5( secret + SHA1( 'CCC'  + secret + random ) ) +
+     *      ...
+     */
+    for( i = 0; i < dlen / 16; i++ )
+    {
+        memset( padding, (unsigned char) ('A' + i), 1 + i );
+
+        mbedtls_sha1_starts( &sha1 );
+        mbedtls_sha1_update( &sha1, padding, 1 + i );
+        mbedtls_sha1_update( &sha1, secret, slen );
+        mbedtls_sha1_update( &sha1, random, rlen );
+        mbedtls_sha1_finish( &sha1, sha1sum );
+
+        mbedtls_md5_starts( &md5 );
+        mbedtls_md5_update( &md5, secret, slen );
+        mbedtls_md5_update( &md5, sha1sum, 20 );
+        mbedtls_md5_finish( &md5, dstbuf + i * 16 );
+    }
+
+    mbedtls_md5_free(  &md5  );
+    mbedtls_sha1_free( &sha1 );
+
+    mbedtls_zeroize( padding, sizeof( padding ) );
+    mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
+static int tls1_prf( const unsigned char *secret, size_t slen,
+                     const char *label,
+                     const unsigned char *random, size_t rlen,
+                     unsigned char *dstbuf, size_t dlen )
+{
+    size_t nb, hs;
+    size_t i, j, k;
+    const unsigned char *S1, *S2;
+    unsigned char tmp[128];
+    unsigned char h_i[20];
+    const mbedtls_md_info_t *md_info;
+    mbedtls_md_context_t md_ctx;
+    int ret;
+
+    mbedtls_md_init( &md_ctx );
+
+    if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    hs = ( slen + 1 ) / 2;
+    S1 = secret;
+    S2 = secret + slen - hs;
+
+    nb = strlen( label );
+    memcpy( tmp + 20, label, nb );
+    memcpy( tmp + 20 + nb, random, rlen );
+    nb += rlen;
+
+    /*
+     * First compute P_md5(secret,label+random)[0..dlen]
+     */
+    if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+        return( ret );
+
+    mbedtls_md_hmac_starts( &md_ctx, S1, hs );
+    mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
+    mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
+
+    for( i = 0; i < dlen; i += 16 )
+    {
+        mbedtls_md_hmac_reset ( &md_ctx );
+        mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
+        mbedtls_md_hmac_finish( &md_ctx, h_i );
+
+        mbedtls_md_hmac_reset ( &md_ctx );
+        mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
+        mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
+
+        k = ( i + 16 > dlen ) ? dlen % 16 : 16;
+
+        for( j = 0; j < k; j++ )
+            dstbuf[i + j]  = h_i[j];
+    }
+
+    mbedtls_md_free( &md_ctx );
+
+    /*
+     * XOR out with P_sha1(secret,label+random)[0..dlen]
+     */
+    if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+        return( ret );
+
+    mbedtls_md_hmac_starts( &md_ctx, S2, hs );
+    mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
+    mbedtls_md_hmac_finish( &md_ctx, tmp );
+
+    for( i = 0; i < dlen; i += 20 )
+    {
+        mbedtls_md_hmac_reset ( &md_ctx );
+        mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
+        mbedtls_md_hmac_finish( &md_ctx, h_i );
+
+        mbedtls_md_hmac_reset ( &md_ctx );
+        mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
+        mbedtls_md_hmac_finish( &md_ctx, tmp );
+
+        k = ( i + 20 > dlen ) ? dlen % 20 : 20;
+
+        for( j = 0; j < k; j++ )
+            dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
+    }
+
+    mbedtls_md_free( &md_ctx );
+
+    mbedtls_zeroize( tmp, sizeof( tmp ) );
+    mbedtls_zeroize( h_i, sizeof( h_i ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+static int tls_prf_generic( mbedtls_md_type_t md_type,
+                            const unsigned char *secret, size_t slen,
+                            const char *label,
+                            const unsigned char *random, size_t rlen,
+                            unsigned char *dstbuf, size_t dlen )
+{
+    size_t nb;
+    size_t i, j, k, md_len;
+    unsigned char tmp[128];
+    unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
+    const mbedtls_md_info_t *md_info;
+    mbedtls_md_context_t md_ctx;
+    int ret;
+
+    mbedtls_md_init( &md_ctx );
+
+    if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    md_len = mbedtls_md_get_size( md_info );
+
+    if( sizeof( tmp ) < md_len + strlen( label ) + rlen )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    nb = strlen( label );
+    memcpy( tmp + md_len, label, nb );
+    memcpy( tmp + md_len + nb, random, rlen );
+    nb += rlen;
+
+    /*
+     * Compute P_<hash>(secret, label + random)[0..dlen]
+     */
+    if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
+        return( ret );
+
+    mbedtls_md_hmac_starts( &md_ctx, secret, slen );
+    mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
+    mbedtls_md_hmac_finish( &md_ctx, tmp );
+
+    for( i = 0; i < dlen; i += md_len )
+    {
+        mbedtls_md_hmac_reset ( &md_ctx );
+        mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
+        mbedtls_md_hmac_finish( &md_ctx, h_i );
+
+        mbedtls_md_hmac_reset ( &md_ctx );
+        mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
+        mbedtls_md_hmac_finish( &md_ctx, tmp );
+
+        k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
+
+        for( j = 0; j < k; j++ )
+            dstbuf[i + j]  = h_i[j];
+    }
+
+    mbedtls_md_free( &md_ctx );
+
+    mbedtls_zeroize( tmp, sizeof( tmp ) );
+    mbedtls_zeroize( h_i, sizeof( h_i ) );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SHA256_C)
+static int tls_prf_sha256( const unsigned char *secret, size_t slen,
+                           const char *label,
+                           const unsigned char *random, size_t rlen,
+                           unsigned char *dstbuf, size_t dlen )
+{
+    return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
+                             label, random, rlen, dstbuf, dlen ) );
+}
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+static int tls_prf_sha384( const unsigned char *secret, size_t slen,
+                           const char *label,
+                           const unsigned char *random, size_t rlen,
+                           unsigned char *dstbuf, size_t dlen )
+{
+    return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
+                             label, random, rlen, dstbuf, dlen ) );
+}
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * );
+static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int );
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
+static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * );
+static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
+static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * );
+static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
+static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * );
+static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+    unsigned char tmp[64];
+    unsigned char keyblk[256];
+    unsigned char *key1;
+    unsigned char *key2;
+    unsigned char *mac_enc;
+    unsigned char *mac_dec;
+    size_t iv_copy_len;
+    const mbedtls_cipher_info_t *cipher_info;
+    const mbedtls_md_info_t *md_info;
+
+    mbedtls_ssl_session *session = ssl->session_negotiate;
+    mbedtls_ssl_transform *transform = ssl->transform_negotiate;
+    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
+
+    cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher );
+    if( cipher_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
+                            transform->ciphersuite_info->cipher ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac );
+    if( md_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
+                            transform->ciphersuite_info->mac ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    /*
+     * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
+     */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        handshake->tls_prf = ssl3_prf;
+        handshake->calc_verify = ssl_calc_verify_ssl;
+        handshake->calc_finished = ssl_calc_finished_ssl;
+    }
+    else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
+    if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        handshake->tls_prf = tls1_prf;
+        handshake->calc_verify = ssl_calc_verify_tls;
+        handshake->calc_finished = ssl_calc_finished_tls;
+    }
+    else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA512_C)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
+        transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+    {
+        handshake->tls_prf = tls_prf_sha384;
+        handshake->calc_verify = ssl_calc_verify_tls_sha384;
+        handshake->calc_finished = ssl_calc_finished_tls_sha384;
+    }
+    else
+#endif
+#if defined(MBEDTLS_SHA256_C)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+    {
+        handshake->tls_prf = tls_prf_sha256;
+        handshake->calc_verify = ssl_calc_verify_tls_sha256;
+        handshake->calc_finished = ssl_calc_finished_tls_sha256;
+    }
+    else
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /*
+     * SSLv3:
+     *   master =
+     *     MD5( premaster + SHA1( 'A'   + premaster + randbytes ) ) +
+     *     MD5( premaster + SHA1( 'BB'  + premaster + randbytes ) ) +
+     *     MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
+     *
+     * TLSv1+:
+     *   master = PRF( premaster, "master secret", randbytes )[0..47]
+     */
+    if( handshake->resume == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
+                       handshake->pmslen );
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+        if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
+        {
+            unsigned char session_hash[48];
+            size_t hash_len;
+
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
+
+            ssl->handshake->calc_verify( ssl, session_hash );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+            if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+            {
+#if defined(MBEDTLS_SHA512_C)
+                if( ssl->transform_negotiate->ciphersuite_info->mac ==
+                    MBEDTLS_MD_SHA384 )
+                {
+                    hash_len = 48;
+                }
+                else
+#endif
+                    hash_len = 32;
+            }
+            else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+                hash_len = 36;
+
+            MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
+
+            ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
+                                      "extended master secret",
+                                      session_hash, hash_len,
+                                      session->master, 48 );
+            if( ret != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
+                return( ret );
+            }
+
+        }
+        else
+#endif
+        ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
+                                  "master secret",
+                                  handshake->randbytes, 64,
+                                  session->master, 48 );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
+            return( ret );
+        }
+
+        mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) );
+    }
+    else
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
+
+    /*
+     * Swap the client and server random values.
+     */
+    memcpy( tmp, handshake->randbytes, 64 );
+    memcpy( handshake->randbytes, tmp + 32, 32 );
+    memcpy( handshake->randbytes + 32, tmp, 32 );
+    mbedtls_zeroize( tmp, sizeof( tmp ) );
+
+    /*
+     *  SSLv3:
+     *    key block =
+     *      MD5( master + SHA1( 'A'    + master + randbytes ) ) +
+     *      MD5( master + SHA1( 'BB'   + master + randbytes ) ) +
+     *      MD5( master + SHA1( 'CCC'  + master + randbytes ) ) +
+     *      MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
+     *      ...
+     *
+     *  TLSv1:
+     *    key block = PRF( master, "key expansion", randbytes )
+     */
+    ret = handshake->tls_prf( session->master, 48, "key expansion",
+                              handshake->randbytes, 64, keyblk, 256 );
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
+                   mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
+    MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
+    MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
+
+    mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) );
+
+    /*
+     * Determine the appropriate key, IV and MAC length.
+     */
+
+    transform->keylen = cipher_info->key_bitlen / 8;
+
+    if( cipher_info->mode == MBEDTLS_MODE_GCM ||
+        cipher_info->mode == MBEDTLS_MODE_CCM )
+    {
+        transform->maclen = 0;
+
+        transform->ivlen = 12;
+        transform->fixed_ivlen = 4;
+
+        /* Minimum length is expicit IV + tag */
+        transform->minlen = transform->ivlen - transform->fixed_ivlen
+                            + ( transform->ciphersuite_info->flags &
+                                MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 );
+    }
+    else
+    {
+        /* Initialize HMAC contexts */
+        if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
+            ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+            return( ret );
+        }
+
+        /* Get MAC length */
+        transform->maclen = mbedtls_md_get_size( md_info );
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+        /*
+         * If HMAC is to be truncated, we shall keep the leftmost bytes,
+         * (rfc 6066 page 13 or rfc 2104 section 4),
+         * so we only need to adjust the length here.
+         */
+        if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
+            transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+        /* IV length */
+        transform->ivlen = cipher_info->iv_size;
+
+        /* Minimum length */
+        if( cipher_info->mode == MBEDTLS_MODE_STREAM )
+            transform->minlen = transform->maclen;
+        else
+        {
+            /*
+             * GenericBlockCipher:
+             * 1. if EtM is in use: one block plus MAC
+             *    otherwise: * first multiple of blocklen greater than maclen
+             * 2. IV except for SSL3 and TLS 1.0
+             */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+            if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+            {
+                transform->minlen = transform->maclen
+                                  + cipher_info->block_size;
+            }
+            else
+#endif
+            {
+                transform->minlen = transform->maclen
+                                  + cipher_info->block_size
+                                  - transform->maclen % cipher_info->block_size;
+            }
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
+            if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
+                ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
+                ; /* No need to adjust minlen */
+            else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+            if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
+                ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+            {
+                transform->minlen += transform->ivlen;
+            }
+            else
+#endif
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
+        }
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
+                   transform->keylen, transform->minlen, transform->ivlen,
+                   transform->maclen ) );
+
+    /*
+     * Finally setup the cipher contexts, IVs and MAC secrets.
+     */
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+        key1 = keyblk + transform->maclen * 2;
+        key2 = keyblk + transform->maclen * 2 + transform->keylen;
+
+        mac_enc = keyblk;
+        mac_dec = keyblk + transform->maclen;
+
+        /*
+         * This is not used in TLS v1.1.
+         */
+        iv_copy_len = ( transform->fixed_ivlen ) ?
+                            transform->fixed_ivlen : transform->ivlen;
+        memcpy( transform->iv_enc, key2 + transform->keylen,  iv_copy_len );
+        memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
+                iv_copy_len );
+    }
+    else
+#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_SRV_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+        key1 = keyblk + transform->maclen * 2 + transform->keylen;
+        key2 = keyblk + transform->maclen * 2;
+
+        mac_enc = keyblk + transform->maclen;
+        mac_dec = keyblk;
+
+        /*
+         * This is not used in TLS v1.1.
+         */
+        iv_copy_len = ( transform->fixed_ivlen ) ?
+                            transform->fixed_ivlen : transform->ivlen;
+        memcpy( transform->iv_dec, key1 + transform->keylen,  iv_copy_len );
+        memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
+                iv_copy_len );
+    }
+    else
+#endif /* MBEDTLS_SSL_SRV_C */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        if( transform->maclen > sizeof transform->mac_enc )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        memcpy( transform->mac_enc, mac_enc, transform->maclen );
+        memcpy( transform->mac_dec, mac_dec, transform->maclen );
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+    {
+        mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, transform->maclen );
+        mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, transform->maclen );
+    }
+    else
+#endif
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( mbedtls_ssl_hw_record_init != NULL )
+    {
+        int ret = 0;
+
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
+
+        if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen,
+                                        transform->iv_enc, transform->iv_dec,
+                                        iv_copy_len,
+                                        mac_enc, mac_dec,
+                                        transform->maclen ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+    }
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    if( ssl->conf->f_export_keys != NULL )
+    {
+        ssl->conf->f_export_keys( ssl->conf->p_export_keys,
+                                  session->master, keyblk,
+                                  transform->maclen, transform->keylen,
+                                  iv_copy_len );
+    }
+#endif
+
+    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
+                                 cipher_info ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
+                                 cipher_info ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
+                               cipher_info->key_bitlen,
+                               MBEDTLS_ENCRYPT ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
+                               cipher_info->key_bitlen,
+                               MBEDTLS_DECRYPT ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
+        return( ret );
+    }
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    if( cipher_info->mode == MBEDTLS_MODE_CBC )
+    {
+        if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
+                                             MBEDTLS_PADDING_NONE ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+            return( ret );
+        }
+
+        if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
+                                             MBEDTLS_PADDING_NONE ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
+            return( ret );
+        }
+    }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+    mbedtls_zeroize( keyblk, sizeof( keyblk ) );
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    // Initialize compression
+    //
+    if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
+    {
+        if( ssl->compress_buf == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
+            ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN );
+            if( ssl->compress_buf == NULL )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+                                    MBEDTLS_SSL_BUFFER_LEN ) );
+                return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+            }
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
+
+        memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
+        memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
+
+        if( deflateInit( &transform->ctx_deflate,
+                         Z_DEFAULT_COMPRESSION )   != Z_OK ||
+            inflateInit( &transform->ctx_inflate ) != Z_OK )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
+            return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
+        }
+    }
+#endif /* MBEDTLS_ZLIB_SUPPORT */
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] )
+{
+    mbedtls_md5_context md5;
+    mbedtls_sha1_context sha1;
+    unsigned char pad_1[48];
+    unsigned char pad_2[48];
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
+
+    mbedtls_md5_init( &md5 );
+    mbedtls_sha1_init( &sha1 );
+
+    mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
+    mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
+
+    memset( pad_1, 0x36, 48 );
+    memset( pad_2, 0x5C, 48 );
+
+    mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 );
+    mbedtls_md5_update( &md5, pad_1, 48 );
+    mbedtls_md5_finish( &md5, hash );
+
+    mbedtls_md5_starts( &md5 );
+    mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 );
+    mbedtls_md5_update( &md5, pad_2, 48 );
+    mbedtls_md5_update( &md5, hash,  16 );
+    mbedtls_md5_finish( &md5, hash );
+
+    mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 );
+    mbedtls_sha1_update( &sha1, pad_1, 40 );
+    mbedtls_sha1_finish( &sha1, hash + 16 );
+
+    mbedtls_sha1_starts( &sha1 );
+    mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 );
+    mbedtls_sha1_update( &sha1, pad_2, 40 );
+    mbedtls_sha1_update( &sha1, hash + 16, 20 );
+    mbedtls_sha1_finish( &sha1, hash + 16 );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+    mbedtls_md5_free(  &md5  );
+    mbedtls_sha1_free( &sha1 );
+
+    return;
+}
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
+void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
+{
+    mbedtls_md5_context md5;
+    mbedtls_sha1_context sha1;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
+
+    mbedtls_md5_init( &md5 );
+    mbedtls_sha1_init( &sha1 );
+
+    mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
+    mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
+
+     mbedtls_md5_finish( &md5,  hash );
+    mbedtls_sha1_finish( &sha1, hash + 16 );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+    mbedtls_md5_free(  &md5  );
+    mbedtls_sha1_free( &sha1 );
+
+    return;
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
+{
+    mbedtls_sha256_context sha256;
+
+    mbedtls_sha256_init( &sha256 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
+
+    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+    mbedtls_sha256_finish( &sha256, hash );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+    mbedtls_sha256_free( &sha256 );
+
+    return;
+}
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
+{
+    mbedtls_sha512_context sha512;
+
+    mbedtls_sha512_init( &sha512 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
+
+    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+    mbedtls_sha512_finish( &sha512, hash );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
+
+    mbedtls_sha512_free( &sha512 );
+
+    return;
+}
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
+{
+    unsigned char *p = ssl->handshake->premaster;
+    unsigned char *end = p + sizeof( ssl->handshake->premaster );
+    const unsigned char *psk = ssl->conf->psk;
+    size_t psk_len = ssl->conf->psk_len;
+
+    /* If the psk callback was called, use its result */
+    if( ssl->handshake->psk != NULL )
+    {
+        psk = ssl->handshake->psk;
+        psk_len = ssl->handshake->psk_len;
+    }
+
+    /*
+     * PMS = struct {
+     *     opaque other_secret<0..2^16-1>;
+     *     opaque psk<0..2^16-1>;
+     * };
+     * with "other_secret" depending on the particular key exchange
+     */
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+    if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
+    {
+        if( end - p < 2 )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+        *(p++) = (unsigned char)( psk_len >> 8 );
+        *(p++) = (unsigned char)( psk_len      );
+
+        if( end < p || (size_t)( end - p ) < psk_len )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+        memset( p, 0, psk_len );
+        p += psk_len;
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+    {
+        /*
+         * other_secret already set by the ClientKeyExchange message,
+         * and is 48 bytes long
+         */
+        *p++ = 0;
+        *p++ = 48;
+        p += 48;
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
+    {
+        int ret;
+        size_t len;
+
+        /* Write length only when we know the actual value */
+        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
+                                      p + 2, end - ( p + 2 ), &len,
+                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
+            return( ret );
+        }
+        *(p++) = (unsigned char)( len >> 8 );
+        *(p++) = (unsigned char)( len );
+        p += len;
+
+        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+    {
+        int ret;
+        size_t zlen;
+
+        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
+                                       p + 2, end - ( p + 2 ),
+                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+            return( ret );
+        }
+
+        *(p++) = (unsigned char)( zlen >> 8 );
+        *(p++) = (unsigned char)( zlen      );
+        p += zlen;
+
+        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
+    }
+    else
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /* opaque psk<0..2^16-1>; */
+    if( end - p < 2 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    *(p++) = (unsigned char)( psk_len >> 8 );
+    *(p++) = (unsigned char)( psk_len      );
+
+    if( end < p || (size_t)( end - p ) < psk_len )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    memcpy( p, psk, psk_len );
+    p += psk_len;
+
+    ssl->handshake->pmslen = p - ssl->handshake->premaster;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+/*
+ * SSLv3.0 MAC functions
+ */
+static void ssl_mac( mbedtls_md_context_t *md_ctx, unsigned char *secret,
+                     unsigned char *buf, size_t len,
+                     unsigned char *ctr, int type )
+{
+    unsigned char header[11];
+    unsigned char padding[48];
+    int padlen;
+    int md_size = mbedtls_md_get_size( md_ctx->md_info );
+    int md_type = mbedtls_md_get_type( md_ctx->md_info );
+
+    /* Only MD5 and SHA-1 supported */
+    if( md_type == MBEDTLS_MD_MD5 )
+        padlen = 48;
+    else
+        padlen = 40;
+
+    memcpy( header, ctr, 8 );
+    header[ 8] = (unsigned char)  type;
+    header[ 9] = (unsigned char)( len >> 8 );
+    header[10] = (unsigned char)( len      );
+
+    memset( padding, 0x36, padlen );
+    mbedtls_md_starts( md_ctx );
+    mbedtls_md_update( md_ctx, secret,  md_size );
+    mbedtls_md_update( md_ctx, padding, padlen  );
+    mbedtls_md_update( md_ctx, header,  11      );
+    mbedtls_md_update( md_ctx, buf,     len     );
+    mbedtls_md_finish( md_ctx, buf +    len     );
+
+    memset( padding, 0x5C, padlen );
+    mbedtls_md_starts( md_ctx );
+    mbedtls_md_update( md_ctx, secret,    md_size );
+    mbedtls_md_update( md_ctx, padding,   padlen  );
+    mbedtls_md_update( md_ctx, buf + len, md_size );
+    mbedtls_md_finish( md_ctx, buf + len          );
+}
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) ||     \
+    ( defined(MBEDTLS_CIPHER_MODE_CBC) &&                                  \
+      ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) )
+#define SSL_SOME_MODES_USE_MAC
+#endif
+
+/*
+ * Encryption/decryption functions
+ */
+static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
+{
+    mbedtls_cipher_mode_t mode;
+    int auth_done = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
+
+    if( ssl->session_out == NULL || ssl->transform_out == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
+                      ssl->out_msg, ssl->out_msglen );
+
+    /*
+     * Add MAC before if needed
+     */
+#if defined(SSL_SOME_MODES_USE_MAC)
+    if( mode == MBEDTLS_MODE_STREAM ||
+        ( mode == MBEDTLS_MODE_CBC
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+          && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
+#endif
+        ) )
+    {
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        {
+            ssl_mac( &ssl->transform_out->md_ctx_enc,
+                      ssl->transform_out->mac_enc,
+                      ssl->out_msg, ssl->out_msglen,
+                      ssl->out_ctr, ssl->out_msgtype );
+        }
+        else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+        defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+        {
+            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 );
+            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 );
+            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 );
+            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
+                             ssl->out_msg, ssl->out_msglen );
+            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
+                             ssl->out_msg + ssl->out_msglen );
+            mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
+        }
+        else
+#endif
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac",
+                       ssl->out_msg + ssl->out_msglen,
+                       ssl->transform_out->maclen );
+
+        ssl->out_msglen += ssl->transform_out->maclen;
+        auth_done++;
+    }
+#endif /* AEAD not the only option */
+
+    /*
+     * Encrypt
+     */
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
+    if( mode == MBEDTLS_MODE_STREAM )
+    {
+        int ret;
+        size_t olen = 0;
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+                            "including %d bytes of padding",
+                       ssl->out_msglen, 0 ) );
+
+        if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
+                                   ssl->transform_out->iv_enc,
+                                   ssl->transform_out->ivlen,
+                                   ssl->out_msg, ssl->out_msglen,
+                                   ssl->out_msg, &olen ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
+            return( ret );
+        }
+
+        if( ssl->out_msglen != olen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+    }
+    else
+#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+    if( mode == MBEDTLS_MODE_GCM ||
+        mode == MBEDTLS_MODE_CCM )
+    {
+        int ret;
+        size_t enc_msglen, olen;
+        unsigned char *enc_msg;
+        unsigned char add_data[13];
+        unsigned char taglen = ssl->transform_out->ciphersuite_info->flags &
+                               MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+
+        memcpy( add_data, ssl->out_ctr, 8 );
+        add_data[8]  = ssl->out_msgtype;
+        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+                           ssl->conf->transport, add_data + 9 );
+        add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
+        add_data[12] = ssl->out_msglen & 0xFF;
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
+                       add_data, 13 );
+
+        /*
+         * Generate IV
+         */
+#if defined(MBEDTLS_SSL_AEAD_RANDOM_IV)
+        ret = ssl->conf->f_rng( ssl->conf->p_rng,
+                ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
+                ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+        if( ret != 0 )
+            return( ret );
+
+        memcpy( ssl->out_iv,
+                ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
+                ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+#else
+        if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
+        {
+            /* Reminder if we ever add an AEAD mode with a different size */
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
+                             ssl->out_ctr, 8 );
+        memcpy( ssl->out_iv, ssl->out_ctr, 8 );
+#endif
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
+                ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+
+        /*
+         * Fix pointer positions and message length with added IV
+         */
+        enc_msg = ssl->out_msg;
+        enc_msglen = ssl->out_msglen;
+        ssl->out_msglen += ssl->transform_out->ivlen -
+                           ssl->transform_out->fixed_ivlen;
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+                            "including %d bytes of padding",
+                       ssl->out_msglen, 0 ) );
+
+        /*
+         * Encrypt and authenticate
+         */
+        if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc,
+                                         ssl->transform_out->iv_enc,
+                                         ssl->transform_out->ivlen,
+                                         add_data, 13,
+                                         enc_msg, enc_msglen,
+                                         enc_msg, &olen,
+                                         enc_msg + enc_msglen, taglen ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
+            return( ret );
+        }
+
+        if( olen != enc_msglen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        ssl->out_msglen += taglen;
+        auth_done++;
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
+    }
+    else
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
+#if defined(MBEDTLS_CIPHER_MODE_CBC) &&                                    \
+    ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
+    if( mode == MBEDTLS_MODE_CBC )
+    {
+        int ret;
+        unsigned char *enc_msg;
+        size_t enc_msglen, padlen, olen = 0, i;
+
+        padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
+                 ssl->transform_out->ivlen;
+        if( padlen == ssl->transform_out->ivlen )
+            padlen = 0;
+
+        for( i = 0; i <= padlen; i++ )
+            ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
+
+        ssl->out_msglen += padlen + 1;
+
+        enc_msglen = ssl->out_msglen;
+        enc_msg = ssl->out_msg;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        /*
+         * Prepend per-record IV for block cipher in TLS v1.1 and up as per
+         * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
+         */
+        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+        {
+            /*
+             * Generate IV
+             */
+            ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
+                                  ssl->transform_out->ivlen );
+            if( ret != 0 )
+                return( ret );
+
+            memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
+                    ssl->transform_out->ivlen );
+
+            /*
+             * Fix pointer positions and message length with added IV
+             */
+            enc_msg = ssl->out_msg;
+            enc_msglen = ssl->out_msglen;
+            ssl->out_msglen += ssl->transform_out->ivlen;
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
+                            "including %d bytes of IV and %d bytes of padding",
+                            ssl->out_msglen, ssl->transform_out->ivlen,
+                            padlen + 1 ) );
+
+        if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
+                                   ssl->transform_out->iv_enc,
+                                   ssl->transform_out->ivlen,
+                                   enc_msg, enc_msglen,
+                                   enc_msg, &olen ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
+            return( ret );
+        }
+
+        if( enc_msglen != olen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
+        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+        {
+            /*
+             * Save IV in SSL3 and TLS1
+             */
+            memcpy( ssl->transform_out->iv_enc,
+                    ssl->transform_out->cipher_ctx_enc.iv,
+                    ssl->transform_out->ivlen );
+        }
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+        if( auth_done == 0 )
+        {
+            /*
+             * MAC(MAC_write_key, seq_num +
+             *     TLSCipherText.type +
+             *     TLSCipherText.version +
+             *     length_of( (IV +) ENC(...) ) +
+             *     IV + // except for TLS 1.0
+             *     ENC(content + padding + padding_length));
+             */
+            unsigned char pseudo_hdr[13];
+
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+
+            memcpy( pseudo_hdr +  0, ssl->out_ctr, 8 );
+            memcpy( pseudo_hdr +  8, ssl->out_hdr, 3 );
+            pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF );
+            pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen      ) & 0xFF );
+
+            MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
+
+            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
+            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
+                             ssl->out_iv, ssl->out_msglen );
+            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
+                             ssl->out_iv + ssl->out_msglen );
+            mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
+
+            ssl->out_msglen += ssl->transform_out->maclen;
+            auth_done++;
+        }
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+    }
+    else
+#endif /* MBEDTLS_CIPHER_MODE_CBC &&
+          ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /* Make extra sure authentication was performed, exactly once */
+    if( auth_done != 1 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
+
+    return( 0 );
+}
+
+#define SSL_MAX_MAC_SIZE   48
+
+static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
+{
+    size_t i;
+    mbedtls_cipher_mode_t mode;
+    int auth_done = 0;
+#if defined(SSL_SOME_MODES_USE_MAC)
+    size_t padlen = 0, correct = 1;
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
+
+    if( ssl->session_in == NULL || ssl->transform_in == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec );
+
+    if( ssl->in_msglen < ssl->transform_in->minlen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
+                       ssl->in_msglen, ssl->transform_in->minlen ) );
+        return( MBEDTLS_ERR_SSL_INVALID_MAC );
+    }
+
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
+    if( mode == MBEDTLS_MODE_STREAM )
+    {
+        int ret;
+        size_t olen = 0;
+
+        padlen = 0;
+
+        if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
+                                   ssl->transform_in->iv_dec,
+                                   ssl->transform_in->ivlen,
+                                   ssl->in_msg, ssl->in_msglen,
+                                   ssl->in_msg, &olen ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
+            return( ret );
+        }
+
+        if( ssl->in_msglen != olen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+    }
+    else
+#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+    if( mode == MBEDTLS_MODE_GCM ||
+        mode == MBEDTLS_MODE_CCM )
+    {
+        int ret;
+        size_t dec_msglen, olen;
+        unsigned char *dec_msg;
+        unsigned char *dec_msg_result;
+        unsigned char add_data[13];
+        unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
+                               MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+        size_t explicit_iv_len = ssl->transform_in->ivlen -
+                                 ssl->transform_in->fixed_ivlen;
+
+        if( ssl->in_msglen < explicit_iv_len + taglen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
+                                "+ taglen (%d)", ssl->in_msglen,
+                                explicit_iv_len, taglen ) );
+            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+        }
+        dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
+
+        dec_msg = ssl->in_msg;
+        dec_msg_result = ssl->in_msg;
+        ssl->in_msglen = dec_msglen;
+
+        memcpy( add_data, ssl->in_ctr, 8 );
+        add_data[8]  = ssl->in_msgtype;
+        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+                           ssl->conf->transport, add_data + 9 );
+        add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
+        add_data[12] = ssl->in_msglen & 0xFF;
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
+                       add_data, 13 );
+
+        memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
+                ssl->in_iv,
+                ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
+                                     ssl->transform_in->ivlen );
+        MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
+
+        /*
+         * Decrypt and authenticate
+         */
+        if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
+                                         ssl->transform_in->iv_dec,
+                                         ssl->transform_in->ivlen,
+                                         add_data, 13,
+                                         dec_msg, dec_msglen,
+                                         dec_msg_result, &olen,
+                                         dec_msg + dec_msglen, taglen ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
+
+            if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
+                return( MBEDTLS_ERR_SSL_INVALID_MAC );
+
+            return( ret );
+        }
+        auth_done++;
+
+        if( olen != dec_msglen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+    }
+    else
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
+#if defined(MBEDTLS_CIPHER_MODE_CBC) &&                                    \
+    ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
+    if( mode == MBEDTLS_MODE_CBC )
+    {
+        /*
+         * Decrypt and check the padding
+         */
+        int ret;
+        unsigned char *dec_msg;
+        unsigned char *dec_msg_result;
+        size_t dec_msglen;
+        size_t minlen = 0;
+        size_t olen = 0;
+
+        /*
+         * Check immediate ciphertext sanity
+         */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+            minlen += ssl->transform_in->ivlen;
+#endif
+
+        if( ssl->in_msglen < minlen + ssl->transform_in->ivlen ||
+            ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
+                                "+ 1 ) ( + expl IV )", ssl->in_msglen,
+                                ssl->transform_in->ivlen,
+                                ssl->transform_in->maclen ) );
+            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+        }
+
+        dec_msglen = ssl->in_msglen;
+        dec_msg = ssl->in_msg;
+        dec_msg_result = ssl->in_msg;
+
+        /*
+         * Authenticate before decrypt if enabled
+         */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+        if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
+        {
+            unsigned char computed_mac[SSL_MAX_MAC_SIZE];
+            unsigned char pseudo_hdr[13];
+
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
+
+            dec_msglen -= ssl->transform_in->maclen;
+            ssl->in_msglen -= ssl->transform_in->maclen;
+
+            memcpy( pseudo_hdr +  0, ssl->in_ctr, 8 );
+            memcpy( pseudo_hdr +  8, ssl->in_hdr, 3 );
+            pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF );
+            pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen      ) & 0xFF );
+
+            MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
+
+            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 );
+            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec,
+                             ssl->in_iv, ssl->in_msglen );
+            mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, computed_mac );
+            mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
+
+            MBEDTLS_SSL_DEBUG_BUF( 4, "message  mac", ssl->in_iv + ssl->in_msglen,
+                                              ssl->transform_in->maclen );
+            MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", computed_mac,
+                                              ssl->transform_in->maclen );
+
+            if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, computed_mac,
+                              ssl->transform_in->maclen ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
+
+                return( MBEDTLS_ERR_SSL_INVALID_MAC );
+            }
+            auth_done++;
+        }
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+        /*
+         * Check length sanity
+         */
+        if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
+                           ssl->in_msglen, ssl->transform_in->ivlen ) );
+            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+        }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        /*
+         * Initialize for prepended IV for block cipher in TLS v1.1 and up
+         */
+        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+        {
+            dec_msglen -= ssl->transform_in->ivlen;
+            ssl->in_msglen -= ssl->transform_in->ivlen;
+
+            for( i = 0; i < ssl->transform_in->ivlen; i++ )
+                ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
+
+        if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
+                                   ssl->transform_in->iv_dec,
+                                   ssl->transform_in->ivlen,
+                                   dec_msg, dec_msglen,
+                                   dec_msg_result, &olen ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
+            return( ret );
+        }
+
+        if( dec_msglen != olen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
+        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+        {
+            /*
+             * Save IV in SSL3 and TLS1
+             */
+            memcpy( ssl->transform_in->iv_dec,
+                    ssl->transform_in->cipher_ctx_dec.iv,
+                    ssl->transform_in->ivlen );
+        }
+#endif
+
+        padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
+
+        if( ssl->in_msglen < ssl->transform_in->maclen + padlen &&
+            auth_done == 0 )
+        {
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
+                        ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
+#endif
+            padlen = 0;
+            correct = 0;
+        }
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        {
+            if( padlen > ssl->transform_in->ivlen )
+            {
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
+                                    "should be no more than %d",
+                               padlen, ssl->transform_in->ivlen ) );
+#endif
+                correct = 0;
+            }
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+        {
+            /*
+             * TLSv1+: always check the padding up to the first failure
+             * and fake check up to 256 bytes of padding
+             */
+            size_t pad_count = 0, real_count = 1;
+            size_t padding_idx = ssl->in_msglen - padlen - 1;
+
+            /*
+             * Padding is guaranteed to be incorrect if:
+             *   1. padlen >= ssl->in_msglen
+             *
+             *   2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN +
+             *                     ssl->transform_in->maclen
+             *
+             * In both cases we reset padding_idx to a safe value (0) to
+             * prevent out-of-buffer reads.
+             */
+            correct &= ( ssl->in_msglen >= padlen + 1 );
+            correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN +
+                                       ssl->transform_in->maclen );
+
+            padding_idx *= correct;
+
+            for( i = 1; i <= 256; i++ )
+            {
+                real_count &= ( i <= padlen );
+                pad_count += real_count *
+                             ( ssl->in_msg[padding_idx + i] == padlen - 1 );
+            }
+
+            correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
+
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+            if( padlen > 0 && correct == 0 )
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
+#endif
+            padlen &= correct * 0x1FF;
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
+          MBEDTLS_SSL_PROTO_TLS1_2 */
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        ssl->in_msglen -= padlen;
+    }
+    else
+#endif /* MBEDTLS_CIPHER_MODE_CBC &&
+          ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
+                   ssl->in_msg, ssl->in_msglen );
+
+    /*
+     * Authenticate if not done yet.
+     * Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
+     */
+#if defined(SSL_SOME_MODES_USE_MAC)
+    if( auth_done == 0 )
+    {
+        unsigned char tmp[SSL_MAX_MAC_SIZE];
+
+        ssl->in_msglen -= ssl->transform_in->maclen;
+
+        ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
+        ssl->in_len[1] = (unsigned char)( ssl->in_msglen      );
+
+        memcpy( tmp, ssl->in_msg + ssl->in_msglen, ssl->transform_in->maclen );
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        {
+            ssl_mac( &ssl->transform_in->md_ctx_dec,
+                      ssl->transform_in->mac_dec,
+                      ssl->in_msg, ssl->in_msglen,
+                      ssl->in_ctr, ssl->in_msgtype );
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+        defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
+        {
+            /*
+             * Process MAC and always update for padlen afterwards to make
+             * total time independent of padlen
+             *
+             * extra_run compensates MAC check for padlen
+             *
+             * Known timing attacks:
+             *  - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
+             *
+             * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values
+             * correctly. (We round down instead of up, so -56 is the correct
+             * value for our calculations instead of -55)
+             */
+            size_t j, extra_run = 0;
+            extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
+                        ( 13 + ssl->in_msglen          + 8 ) / 64;
+
+            extra_run &= correct * 0xFF;
+
+            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 );
+            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 );
+            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
+            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
+                             ssl->in_msglen );
+            mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec,
+                             ssl->in_msg + ssl->in_msglen );
+            /* Call mbedtls_md_process at least once due to cache attacks */
+            for( j = 0; j < extra_run + 1; j++ )
+                mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
+
+            mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
+        }
+        else
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
+              MBEDTLS_SSL_PROTO_TLS1_2 */
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "message  mac", tmp, ssl->transform_in->maclen );
+        MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
+                       ssl->transform_in->maclen );
+
+        if( mbedtls_ssl_safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
+                         ssl->transform_in->maclen ) != 0 )
+        {
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
+#endif
+            correct = 0;
+        }
+        auth_done++;
+
+        /*
+         * Finally check the correct flag
+         */
+        if( correct == 0 )
+            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+    }
+#endif /* SSL_SOME_MODES_USE_MAC */
+
+    /* Make extra sure authentication was performed, exactly once */
+    if( auth_done != 1 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    if( ssl->in_msglen == 0 )
+    {
+        ssl->nb_zero++;
+
+        /*
+         * Three or more empty messages may be a DoS attack
+         * (excessive CPU consumption).
+         */
+        if( ssl->nb_zero > 3 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
+                                "messages, possible DoS attack" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_MAC );
+        }
+    }
+    else
+        ssl->nb_zero = 0;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        ; /* in_ctr read from peer, not maintained internally */
+    }
+    else
+#endif
+    {
+        for( i = 8; i > ssl_ep_len( ssl ); i-- )
+            if( ++ssl->in_ctr[i - 1] != 0 )
+                break;
+
+        /* The loop goes to its end iff the counter is wrapping */
+        if( i == ssl_ep_len( ssl ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
+            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+        }
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
+
+    return( 0 );
+}
+
+#undef MAC_NONE
+#undef MAC_PLAINTEXT
+#undef MAC_CIPHERTEXT
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+/*
+ * Compression/decompression functions
+ */
+static int ssl_compress_buf( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *msg_post = ssl->out_msg;
+    size_t len_pre = ssl->out_msglen;
+    unsigned char *msg_pre = ssl->compress_buf;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
+
+    if( len_pre == 0 )
+        return( 0 );
+
+    memcpy( msg_pre, ssl->out_msg, len_pre );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
+                   ssl->out_msglen ) );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
+                   ssl->out_msg, ssl->out_msglen );
+
+    ssl->transform_out->ctx_deflate.next_in = msg_pre;
+    ssl->transform_out->ctx_deflate.avail_in = len_pre;
+    ssl->transform_out->ctx_deflate.next_out = msg_post;
+    ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN;
+
+    ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
+    if( ret != Z_OK )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
+        return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
+    }
+
+    ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN -
+                      ssl->transform_out->ctx_deflate.avail_out;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
+                   ssl->out_msglen ) );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
+                   ssl->out_msg, ssl->out_msglen );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
+
+    return( 0 );
+}
+
+static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *msg_post = ssl->in_msg;
+    size_t len_pre = ssl->in_msglen;
+    unsigned char *msg_pre = ssl->compress_buf;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
+
+    if( len_pre == 0 )
+        return( 0 );
+
+    memcpy( msg_pre, ssl->in_msg, len_pre );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
+                   ssl->in_msglen ) );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
+                   ssl->in_msg, ssl->in_msglen );
+
+    ssl->transform_in->ctx_inflate.next_in = msg_pre;
+    ssl->transform_in->ctx_inflate.avail_in = len_pre;
+    ssl->transform_in->ctx_inflate.next_out = msg_post;
+    ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+    ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
+    if( ret != Z_OK )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
+        return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
+    }
+
+    ssl->in_msglen = MBEDTLS_SSL_MAX_CONTENT_LEN -
+                     ssl->transform_in->ctx_inflate.avail_out;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
+                   ssl->in_msglen ) );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
+                   ssl->in_msg, ssl->in_msglen );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_ZLIB_SUPPORT */
+
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
+static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+static int ssl_resend_hello_request( mbedtls_ssl_context *ssl )
+{
+    /* If renegotiation is not enforced, retransmit until we would reach max
+     * timeout if we were using the usual handshake doubling scheme */
+    if( ssl->conf->renego_max_records < 0 )
+    {
+        uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
+        unsigned char doublings = 1;
+
+        while( ratio != 0 )
+        {
+            ++doublings;
+            ratio >>= 1;
+        }
+
+        if( ++ssl->renego_records_seen > doublings )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) );
+            return( 0 );
+        }
+    }
+
+    return( ssl_write_hello_request( ssl ) );
+}
+#endif
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
+
+/*
+ * Fill the input message buffer by appending data to it.
+ * The amount of data already fetched is in ssl->in_left.
+ *
+ * If we return 0, is it guaranteed that (at least) nb_want bytes are
+ * available (from this read and/or a previous one). Otherwise, an error code
+ * is returned (possibly EOF or WANT_READ).
+ *
+ * With stream transport (TLS) on success ssl->in_left == nb_want, but
+ * with datagram transport (DTLS) on success ssl->in_left >= nb_want,
+ * since we always read a whole datagram at once.
+ *
+ * For DTLS, it is up to the caller to set ssl->next_record_offset when
+ * they're done reading a record.
+ */
+int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
+{
+    int ret;
+    size_t len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
+
+    if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
+                            "or mbedtls_ssl_set_bio()" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        uint32_t timeout;
+
+        /* Just to be sure */
+        if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
+                        "mbedtls_ssl_set_timer_cb() for DTLS" ) );
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        }
+
+        /*
+         * The point is, we need to always read a full datagram at once, so we
+         * sometimes read more then requested, and handle the additional data.
+         * It could be the rest of the current record (while fetching the
+         * header) and/or some other records in the same datagram.
+         */
+
+        /*
+         * Move to the next record in the already read datagram if applicable
+         */
+        if( ssl->next_record_offset != 0 )
+        {
+            if( ssl->in_left < ssl->next_record_offset )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
+
+            ssl->in_left -= ssl->next_record_offset;
+
+            if( ssl->in_left != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
+                                    ssl->next_record_offset ) );
+                memmove( ssl->in_hdr,
+                         ssl->in_hdr + ssl->next_record_offset,
+                         ssl->in_left );
+            }
+
+            ssl->next_record_offset = 0;
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+                       ssl->in_left, nb_want ) );
+
+        /*
+         * Done if we already have enough data.
+         */
+        if( nb_want <= ssl->in_left)
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
+            return( 0 );
+        }
+
+        /*
+         * A record can't be split accross datagrams. If we need to read but
+         * are not at the beginning of a new record, the caller did something
+         * wrong.
+         */
+        if( ssl->in_left != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        /*
+         * Don't even try to read if time's out already.
+         * This avoids by-passing the timer when repeatedly receiving messages
+         * that will end up being dropped.
+         */
+        if( ssl_check_timer( ssl ) != 0 )
+            ret = MBEDTLS_ERR_SSL_TIMEOUT;
+        else
+        {
+            len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
+
+            if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+                timeout = ssl->handshake->retransmit_timeout;
+            else
+                timeout = ssl->conf->read_timeout;
+
+            MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
+
+            if( ssl->f_recv_timeout != NULL )
+                ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
+                                                                    timeout );
+            else
+                ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len );
+
+            MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
+
+            if( ret == 0 )
+                return( MBEDTLS_ERR_SSL_CONN_EOF );
+        }
+
+        if( ret == MBEDTLS_ERR_SSL_TIMEOUT )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
+            ssl_set_timer( ssl, 0 );
+
+            if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+            {
+                if( ssl_double_retransmit_timeout( ssl ) != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
+                    return( MBEDTLS_ERR_SSL_TIMEOUT );
+                }
+
+                if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
+                    return( ret );
+                }
+
+                return( MBEDTLS_ERR_SSL_WANT_READ );
+            }
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
+            else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+                     ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
+            {
+                if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
+                    return( ret );
+                }
+
+                return( MBEDTLS_ERR_SSL_WANT_READ );
+            }
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
+        }
+
+        if( ret < 0 )
+            return( ret );
+
+        ssl->in_left = ret;
+    }
+    else
+#endif
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+                       ssl->in_left, nb_want ) );
+
+        while( ssl->in_left < nb_want )
+        {
+            len = nb_want - ssl->in_left;
+
+            if( ssl_check_timer( ssl ) != 0 )
+                ret = MBEDTLS_ERR_SSL_TIMEOUT;
+            else
+            {
+                if( ssl->f_recv_timeout != NULL )
+                {
+                    ret = ssl->f_recv_timeout( ssl->p_bio,
+                                               ssl->in_hdr + ssl->in_left, len,
+                                               ssl->conf->read_timeout );
+                }
+                else
+                {
+                    ret = ssl->f_recv( ssl->p_bio,
+                                       ssl->in_hdr + ssl->in_left, len );
+                }
+            }
+
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
+                                        ssl->in_left, nb_want ) );
+            MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
+
+            if( ret == 0 )
+                return( MBEDTLS_ERR_SSL_CONN_EOF );
+
+            if( ret < 0 )
+                return( ret );
+
+            ssl->in_left += ret;
+        }
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
+
+    return( 0 );
+}
+
+/*
+ * Flush any data not yet written
+ */
+int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *buf, i;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
+
+    if( ssl->f_send == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
+                            "or mbedtls_ssl_set_bio()" ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    /* Avoid incrementing counter if data is flushed */
+    if( ssl->out_left == 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
+        return( 0 );
+    }
+
+    while( ssl->out_left > 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
+                       mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
+
+        buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) +
+              ssl->out_msglen - ssl->out_left;
+        ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
+
+        MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
+
+        if( ret <= 0 )
+            return( ret );
+
+        ssl->out_left -= ret;
+    }
+
+    for( i = 8; i > ssl_ep_len( ssl ); i-- )
+        if( ++ssl->out_ctr[i - 1] != 0 )
+            break;
+
+    /* The loop goes to its end iff the counter is wrapping */
+    if( i == ssl_ep_len( ssl ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
+        return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
+
+    return( 0 );
+}
+
+/*
+ * Functions to handle the DTLS retransmission state machine
+ */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/*
+ * Append current handshake message to current outgoing flight
+ */
+static int ssl_flight_append( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_flight_item *msg;
+
+    /* Allocate space for current message */
+    if( ( msg = mbedtls_calloc( 1, sizeof(  mbedtls_ssl_flight_item ) ) ) == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
+                            sizeof( mbedtls_ssl_flight_item ) ) );
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
+        mbedtls_free( msg );
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    /* Copy current handshake message with headers */
+    memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
+    msg->len = ssl->out_msglen;
+    msg->type = ssl->out_msgtype;
+    msg->next = NULL;
+
+    /* Append to the current flight */
+    if( ssl->handshake->flight == NULL )
+        ssl->handshake->flight = msg;
+    else
+    {
+        mbedtls_ssl_flight_item *cur = ssl->handshake->flight;
+        while( cur->next != NULL )
+            cur = cur->next;
+        cur->next = msg;
+    }
+
+    return( 0 );
+}
+
+/*
+ * Free the current flight of handshake messages
+ */
+static void ssl_flight_free( mbedtls_ssl_flight_item *flight )
+{
+    mbedtls_ssl_flight_item *cur = flight;
+    mbedtls_ssl_flight_item *next;
+
+    while( cur != NULL )
+    {
+        next = cur->next;
+
+        mbedtls_free( cur->p );
+        mbedtls_free( cur );
+
+        cur = next;
+    }
+}
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
+#endif
+
+/*
+ * Swap transform_out and out_ctr with the alternative ones
+ */
+static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_transform *tmp_transform;
+    unsigned char tmp_out_ctr[8];
+
+    if( ssl->transform_out == ssl->handshake->alt_transform_out )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
+        return;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
+
+    /* Swap transforms */
+    tmp_transform                     = ssl->transform_out;
+    ssl->transform_out                = ssl->handshake->alt_transform_out;
+    ssl->handshake->alt_transform_out = tmp_transform;
+
+    /* Swap epoch + sequence_number */
+    memcpy( tmp_out_ctr,                 ssl->out_ctr,                8 );
+    memcpy( ssl->out_ctr,                ssl->handshake->alt_out_ctr, 8 );
+    memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,                 8 );
+
+    /* Adjust to the newly activated transform */
+    if( ssl->transform_out != NULL &&
+        ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+    {
+        ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen -
+                                     ssl->transform_out->fixed_ivlen;
+    }
+    else
+        ssl->out_msg = ssl->out_iv;
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( mbedtls_ssl_hw_record_activate != NULL )
+    {
+        if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+    }
+#endif
+}
+
+/*
+ * Retransmit the current flight of messages.
+ *
+ * Need to remember the current message in case flush_output returns
+ * WANT_WRITE, causing us to exit this function and come back later.
+ * This function must be called until state is no longer SENDING.
+ */
+int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
+{
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
+
+    if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) );
+
+        ssl->handshake->cur_msg = ssl->handshake->flight;
+        ssl_swap_epochs( ssl );
+
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
+    }
+
+    while( ssl->handshake->cur_msg != NULL )
+    {
+        int ret;
+        mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg;
+
+        /* Swap epochs before sending Finished: we can't do it after
+         * sending ChangeCipherSpec, in case write returns WANT_READ.
+         * Must be done before copying, may change out_msg pointer */
+        if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
+            cur->p[0] == MBEDTLS_SSL_HS_FINISHED )
+        {
+            ssl_swap_epochs( ssl );
+        }
+
+        memcpy( ssl->out_msg, cur->p, cur->len );
+        ssl->out_msglen = cur->len;
+        ssl->out_msgtype = cur->type;
+
+        ssl->handshake->cur_msg = cur->next;
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 );
+
+        if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+            return( ret );
+        }
+    }
+
+    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
+    else
+    {
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+        ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
+
+    return( 0 );
+}
+
+/*
+ * To be called when the last message of an incoming flight is received.
+ */
+void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
+{
+    /* We won't need to resend that one any more */
+    ssl_flight_free( ssl->handshake->flight );
+    ssl->handshake->flight = NULL;
+    ssl->handshake->cur_msg = NULL;
+
+    /* The next incoming flight will start with this msg_seq */
+    ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
+
+    /* Cancel timer */
+    ssl_set_timer( ssl, 0 );
+
+    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+        ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
+    {
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
+    }
+    else
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
+}
+
+/*
+ * To be called when the last message of an outgoing flight is send.
+ */
+void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
+{
+    ssl_reset_retransmit_timeout( ssl );
+    ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
+
+    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+        ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
+    {
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
+    }
+    else
+        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+/*
+ * Record layer functions
+ */
+
+/*
+ * Write current record.
+ * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg.
+ */
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
+{
+    int ret, done = 0;
+    size_t len = ssl->out_msglen;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake != NULL &&
+        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
+    {
+        ; /* Skip special handshake treatment when resending */
+    }
+    else
+#endif
+    if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+        if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST &&
+            ssl->handshake == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
+        ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >>  8 );
+        ssl->out_msg[3] = (unsigned char)( ( len - 4 )       );
+
+        /*
+         * DTLS has additional fields in the Handshake layer,
+         * between the length field and the actual payload:
+         *      uint16 message_seq;
+         *      uint24 fragment_offset;
+         *      uint24 fragment_length;
+         */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        {
+            /* Make room for the additional DTLS fields */
+            memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
+            ssl->out_msglen += 8;
+            len += 8;
+
+            /* Write message_seq and update it, except for HelloRequest */
+            if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
+            {
+                ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
+                ssl->out_msg[5] = ( ssl->handshake->out_msg_seq      ) & 0xFF;
+                ++( ssl->handshake->out_msg_seq );
+            }
+            else
+            {
+                ssl->out_msg[4] = 0;
+                ssl->out_msg[5] = 0;
+            }
+
+            /* We don't fragment, so frag_offset = 0 and frag_len = len */
+            memset( ssl->out_msg + 6, 0x00, 3 );
+            memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
+        }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+        if( ssl->out_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST )
+            ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
+    }
+
+    /* Save handshake and CCS messages for resending */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake != NULL &&
+        ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING &&
+        ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ||
+          ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) )
+    {
+        if( ( ret = ssl_flight_append( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret );
+            return( ret );
+        }
+    }
+#endif
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    if( ssl->transform_out != NULL &&
+        ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
+    {
+        if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
+            return( ret );
+        }
+
+        len = ssl->out_msglen;
+    }
+#endif /*MBEDTLS_ZLIB_SUPPORT */
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( mbedtls_ssl_hw_record_write != NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) );
+
+        ret = mbedtls_ssl_hw_record_write( ssl );
+        if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        if( ret == 0 )
+            done = 1;
+    }
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+    if( !done )
+    {
+        ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
+        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
+                           ssl->conf->transport, ssl->out_hdr + 1 );
+
+        ssl->out_len[0] = (unsigned char)( len >> 8 );
+        ssl->out_len[1] = (unsigned char)( len      );
+
+        if( ssl->transform_out != NULL )
+        {
+            if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
+                return( ret );
+            }
+
+            len = ssl->out_msglen;
+            ssl->out_len[0] = (unsigned char)( len >> 8 );
+            ssl->out_len[1] = (unsigned char)( len      );
+        }
+
+        ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen;
+
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
+                            "version = [%d:%d], msglen = %d",
+                       ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
+                     ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) );
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
+                       ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen );
+    }
+
+    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/*
+ * Mark bits in bitmask (used for DTLS HS reassembly)
+ */
+static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
+{
+    unsigned int start_bits, end_bits;
+
+    start_bits = 8 - ( offset % 8 );
+    if( start_bits != 8 )
+    {
+        size_t first_byte_idx = offset / 8;
+
+        /* Special case */
+        if( len <= start_bits )
+        {
+            for( ; len != 0; len-- )
+                mask[first_byte_idx] |= 1 << ( start_bits - len );
+
+            /* Avoid potential issues with offset or len becoming invalid */
+            return;
+        }
+
+        offset += start_bits; /* Now offset % 8 == 0 */
+        len -= start_bits;
+
+        for( ; start_bits != 0; start_bits-- )
+            mask[first_byte_idx] |= 1 << ( start_bits - 1 );
+    }
+
+    end_bits = len % 8;
+    if( end_bits != 0 )
+    {
+        size_t last_byte_idx = ( offset + len ) / 8;
+
+        len -= end_bits; /* Now len % 8 == 0 */
+
+        for( ; end_bits != 0; end_bits-- )
+            mask[last_byte_idx] |= 1 << ( 8 - end_bits );
+    }
+
+    memset( mask + offset / 8, 0xFF, len / 8 );
+}
+
+/*
+ * Check that bitmask is full
+ */
+static int ssl_bitmask_check( unsigned char *mask, size_t len )
+{
+    size_t i;
+
+    for( i = 0; i < len / 8; i++ )
+        if( mask[i] != 0xFF )
+            return( -1 );
+
+    for( i = 0; i < len % 8; i++ )
+        if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
+            return( -1 );
+
+    return( 0 );
+}
+
+/*
+ * Reassemble fragmented DTLS handshake messages.
+ *
+ * Use a temporary buffer for reassembly, divided in two parts:
+ * - the first holds the reassembled message (including handshake header),
+ * - the second holds a bitmask indicating which parts of the message
+ *   (excluding headers) have been received so far.
+ */
+static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
+{
+    unsigned char *msg, *bitmask;
+    size_t frag_len, frag_off;
+    size_t msg_len = ssl->in_hslen - 12; /* Without headers */
+
+    if( ssl->handshake == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) );
+        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
+
+    /*
+     * For first fragment, check size and allocate buffer
+     */
+    if( ssl->handshake->hs_msg == NULL )
+    {
+        size_t alloc_len;
+
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
+                            msg_len ) );
+
+        if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
+            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        }
+
+        /* The bitmask needs one bit per byte of message excluding header */
+        alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 );
+
+        ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len );
+        if( ssl->handshake->hs_msg == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) );
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        }
+
+        /* Prepare final header: copy msg_type, length and message_seq,
+         * then add standardised fragment_offset and fragment_length */
+        memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 );
+        memset( ssl->handshake->hs_msg + 6, 0, 3 );
+        memcpy( ssl->handshake->hs_msg + 9,
+                ssl->handshake->hs_msg + 1, 3 );
+    }
+    else
+    {
+        /* Make sure msg_type and length are consistent */
+        if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+    }
+
+    msg = ssl->handshake->hs_msg + 12;
+    bitmask = msg + msg_len;
+
+    /*
+     * Check and copy current fragment
+     */
+    frag_off = ( ssl->in_msg[6]  << 16 ) |
+               ( ssl->in_msg[7]  << 8  ) |
+                 ssl->in_msg[8];
+    frag_len = ( ssl->in_msg[9]  << 16 ) |
+               ( ssl->in_msg[10] << 8  ) |
+                 ssl->in_msg[11];
+
+    if( frag_off + frag_len > msg_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d",
+                          frag_off, frag_len, msg_len ) );
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
+
+    if( frag_len + 12 > ssl->in_msglen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d",
+                          frag_len, ssl->in_msglen ) );
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
+                        frag_off, frag_len ) );
+
+    memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
+    ssl_bitmask_set( bitmask, frag_off, frag_len );
+
+    /*
+     * Do we have the complete message by now?
+     * If yes, finalize it, else ask to read the next record.
+     */
+    if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
+        return( MBEDTLS_ERR_SSL_WANT_READ );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
+
+    if( frag_len + 12 < ssl->in_msglen )
+    {
+        /*
+         * We'got more handshake messages in the same record.
+         * This case is not handled now because no know implementation does
+         * that and it's hard to test, so we prefer to fail cleanly for now.
+         */
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) );
+        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
+
+    if( ssl->in_left > ssl->next_record_offset )
+    {
+        /*
+         * We've got more data in the buffer after the current record,
+         * that we don't want to overwrite. Move it before writing the
+         * reassembled message, and adjust in_left and next_record_offset.
+         */
+        unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset;
+        unsigned char *new_remain = ssl->in_msg + ssl->in_hslen;
+        size_t remain_len = ssl->in_left - ssl->next_record_offset;
+
+        /* First compute and check new lengths */
+        ssl->next_record_offset = new_remain - ssl->in_hdr;
+        ssl->in_left = ssl->next_record_offset + remain_len;
+
+        if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN -
+                           (size_t)( ssl->in_hdr - ssl->in_buf ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) );
+            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+        }
+
+        memmove( new_remain, cur_remain, remain_len );
+    }
+
+    memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
+
+    mbedtls_free( ssl->handshake->hs_msg );
+    ssl->handshake->hs_msg = NULL;
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message",
+                   ssl->in_msg, ssl->in_hslen );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+static int ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
+{
+    if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
+                            ssl->in_msglen ) );
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
+
+    ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + (
+                    ( ssl->in_msg[1] << 16 ) |
+                    ( ssl->in_msg[2] << 8  ) |
+                      ssl->in_msg[3] );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
+                        " %d, type = %d, hslen = %d",
+                        ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        int ret;
+        unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+
+        /* ssl->handshake is NULL when receiving ClientHello for renego */
+        if( ssl->handshake != NULL &&
+            recv_msg_seq != ssl->handshake->in_msg_seq )
+        {
+            /* Retransmit only on last message from previous flight, to avoid
+             * too many retransmissions.
+             * Besides, No sane server ever retransmits HelloVerifyRequest */
+            if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
+                ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
+                                    "message_seq = %d, start_of_flight = %d",
+                                    recv_msg_seq,
+                                    ssl->handshake->in_flight_start_seq ) );
+
+                if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
+                    return( ret );
+                }
+            }
+            else
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
+                                    "message_seq = %d, expected = %d",
+                                    recv_msg_seq,
+                                    ssl->handshake->in_msg_seq ) );
+            }
+
+            return( MBEDTLS_ERR_SSL_WANT_READ );
+        }
+        /* Wait until message completion to increment in_msg_seq */
+
+        /* Reassemble if current message is fragmented or reassembly is
+         * already in progress */
+        if( ssl->in_msglen < ssl->in_hslen ||
+            memcmp( ssl->in_msg + 6, "\0\0\0",        3 ) != 0 ||
+            memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 ||
+            ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
+
+            if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret );
+                return( ret );
+            }
+        }
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+    /* With TLS we don't handle fragmentation (for now) */
+    if( ssl->in_msglen < ssl->in_hslen )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
+        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
+
+    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
+        ssl->handshake != NULL )
+    {
+        ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+    }
+
+    /* Handshake message is complete, increment counter */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake != NULL )
+    {
+        ssl->handshake->in_msg_seq++;
+    }
+#endif
+
+    return( 0 );
+}
+
+/*
+ * DTLS anti-replay: RFC 6347 4.1.2.6
+ *
+ * in_window is a field of bits numbered from 0 (lsb) to 63 (msb).
+ * Bit n is set iff record number in_window_top - n has been seen.
+ *
+ * Usually, in_window_top is the last record number seen and the lsb of
+ * in_window is set. The only exception is the initial state (record number 0
+ * not seen yet).
+ */
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl )
+{
+    ssl->in_window_top = 0;
+    ssl->in_window = 0;
+}
+
+static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
+{
+    return( ( (uint64_t) buf[0] << 40 ) |
+            ( (uint64_t) buf[1] << 32 ) |
+            ( (uint64_t) buf[2] << 24 ) |
+            ( (uint64_t) buf[3] << 16 ) |
+            ( (uint64_t) buf[4] <<  8 ) |
+            ( (uint64_t) buf[5]       ) );
+}
+
+/*
+ * Return 0 if sequence number is acceptable, -1 otherwise
+ */
+int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl )
+{
+    uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
+    uint64_t bit;
+
+    if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
+        return( 0 );
+
+    if( rec_seqnum > ssl->in_window_top )
+        return( 0 );
+
+    bit = ssl->in_window_top - rec_seqnum;
+
+    if( bit >= 64 )
+        return( -1 );
+
+    if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 )
+        return( -1 );
+
+    return( 0 );
+}
+
+/*
+ * Update replay window on new validated record
+ */
+void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
+{
+    uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
+
+    if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
+        return;
+
+    if( rec_seqnum > ssl->in_window_top )
+    {
+        /* Update window_top and the contents of the window */
+        uint64_t shift = rec_seqnum - ssl->in_window_top;
+
+        if( shift >= 64 )
+            ssl->in_window = 1;
+        else
+        {
+            ssl->in_window <<= shift;
+            ssl->in_window |= 1;
+        }
+
+        ssl->in_window_top = rec_seqnum;
+    }
+    else
+    {
+        /* Mark that number as seen in the current window */
+        uint64_t bit = ssl->in_window_top - rec_seqnum;
+
+        if( bit < 64 ) /* Always true, but be extra sure */
+            ssl->in_window |= (uint64_t) 1 << bit;
+    }
+}
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
+/* Forward declaration */
+static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
+
+/*
+ * Without any SSL context, check if a datagram looks like a ClientHello with
+ * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message.
+ * Both input and output include full DTLS headers.
+ *
+ * - if cookie is valid, return 0
+ * - if ClientHello looks superficially valid but cookie is not,
+ *   fill obuf and set olen, then
+ *   return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
+ * - otherwise return a specific error code
+ */
+static int ssl_check_dtls_clihlo_cookie(
+                           mbedtls_ssl_cookie_write_t *f_cookie_write,
+                           mbedtls_ssl_cookie_check_t *f_cookie_check,
+                           void *p_cookie,
+                           const unsigned char *cli_id, size_t cli_id_len,
+                           const unsigned char *in, size_t in_len,
+                           unsigned char *obuf, size_t buf_len, size_t *olen )
+{
+    size_t sid_len, cookie_len;
+    unsigned char *p;
+
+    if( f_cookie_write == NULL || f_cookie_check == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    /*
+     * Structure of ClientHello with record and handshake headers,
+     * and expected values. We don't need to check a lot, more checks will be
+     * done when actually parsing the ClientHello - skipping those checks
+     * avoids code duplication and does not make cookie forging any easier.
+     *
+     *  0-0  ContentType type;                  copied, must be handshake
+     *  1-2  ProtocolVersion version;           copied
+     *  3-4  uint16 epoch;                      copied, must be 0
+     *  5-10 uint48 sequence_number;            copied
+     * 11-12 uint16 length;                     (ignored)
+     *
+     * 13-13 HandshakeType msg_type;            (ignored)
+     * 14-16 uint24 length;                     (ignored)
+     * 17-18 uint16 message_seq;                copied
+     * 19-21 uint24 fragment_offset;            copied, must be 0
+     * 22-24 uint24 fragment_length;            (ignored)
+     *
+     * 25-26 ProtocolVersion client_version;    (ignored)
+     * 27-58 Random random;                     (ignored)
+     * 59-xx SessionID session_id;              1 byte len + sid_len content
+     * 60+   opaque cookie<0..2^8-1>;           1 byte len + content
+     *       ...
+     *
+     * Minimum length is 61 bytes.
+     */
+    if( in_len < 61 ||
+        in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
+        in[3] != 0 || in[4] != 0 ||
+        in[19] != 0 || in[20] != 0 || in[21] != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
+
+    sid_len = in[59];
+    if( sid_len > in_len - 61 )
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+
+    cookie_len = in[60 + sid_len];
+    if( cookie_len > in_len - 60 )
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+
+    if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len,
+                        cli_id, cli_id_len ) == 0 )
+    {
+        /* Valid cookie */
+        return( 0 );
+    }
+
+    /*
+     * If we get here, we've got an invalid cookie, let's prepare HVR.
+     *
+     *  0-0  ContentType type;                  copied
+     *  1-2  ProtocolVersion version;           copied
+     *  3-4  uint16 epoch;                      copied
+     *  5-10 uint48 sequence_number;            copied
+     * 11-12 uint16 length;                     olen - 13
+     *
+     * 13-13 HandshakeType msg_type;            hello_verify_request
+     * 14-16 uint24 length;                     olen - 25
+     * 17-18 uint16 message_seq;                copied
+     * 19-21 uint24 fragment_offset;            copied
+     * 22-24 uint24 fragment_length;            olen - 25
+     *
+     * 25-26 ProtocolVersion server_version;    0xfe 0xff
+     * 27-27 opaque cookie<0..2^8-1>;           cookie_len = olen - 27, cookie
+     *
+     * Minimum length is 28.
+     */
+    if( buf_len < 28 )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    /* Copy most fields and adapt others */
+    memcpy( obuf, in, 25 );
+    obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
+    obuf[25] = 0xfe;
+    obuf[26] = 0xff;
+
+    /* Generate and write actual cookie */
+    p = obuf + 28;
+    if( f_cookie_write( p_cookie,
+                        &p, obuf + buf_len, cli_id, cli_id_len ) != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    *olen = p - obuf;
+
+    /* Go back and fill length fields */
+    obuf[27] = (unsigned char)( *olen - 28 );
+
+    obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 );
+    obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >>  8 );
+    obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 )       );
+
+    obuf[11] = (unsigned char)( ( *olen - 13 ) >>  8 );
+    obuf[12] = (unsigned char)( ( *olen - 13 )       );
+
+    return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
+}
+
+/*
+ * Handle possible client reconnect with the same UDP quadruplet
+ * (RFC 6347 Section 4.2.8).
+ *
+ * Called by ssl_parse_record_header() in case we receive an epoch 0 record
+ * that looks like a ClientHello.
+ *
+ * - if the input looks like a ClientHello without cookies,
+ *   send back HelloVerifyRequest, then
+ *   return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
+ * - if the input looks like a ClientHello with a valid cookie,
+ *   reset the session of the current context, and
+ *   return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+ * - if anything goes wrong, return a specific error code
+ *
+ * mbedtls_ssl_read_record() will ignore the record if anything else than
+ * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function
+ * cannot not return 0.
+ */
+static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    size_t len;
+
+    ret = ssl_check_dtls_clihlo_cookie(
+            ssl->conf->f_cookie_write,
+            ssl->conf->f_cookie_check,
+            ssl->conf->p_cookie,
+            ssl->cli_id, ssl->cli_id_len,
+            ssl->in_buf, ssl->in_left,
+            ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len );
+
+    MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
+
+    if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
+    {
+        /* Dont check write errors as we can't do anything here.
+         * If the error is permanent we'll catch it later,
+         * if it's not, then hopefully it'll work next time. */
+        (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
+
+        return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
+    }
+
+    if( ret == 0 )
+    {
+        /* Got a valid cookie, partially reset context */
+        if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
+            return( ret );
+        }
+
+        return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT );
+    }
+
+    return( ret );
+}
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
+
+/*
+ * ContentType type;
+ * ProtocolVersion version;
+ * uint16 epoch;            // DTLS only
+ * uint48 sequence_number;  // DTLS only
+ * uint16 length;
+ */
+static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    int major_ver, minor_ver;
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
+
+    ssl->in_msgtype =  ssl->in_hdr[0];
+    ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
+    mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
+                        "version = [%d:%d], msglen = %d",
+                        ssl->in_msgtype,
+                        major_ver, minor_ver, ssl->in_msglen ) );
+
+    /* Check record type */
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
+        ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
+        ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
+        ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
+
+        if( ( ret = mbedtls_ssl_send_alert_message( ssl,
+                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 )
+        {
+            return( ret );
+        }
+
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        /* Drop unexpected ChangeCipherSpec messages */
+        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
+            ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
+            ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+
+        /* Drop unexpected ApplicationData records,
+         * except at the beginning of renegotiations */
+        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
+            ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+            && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
+                   ssl->state == MBEDTLS_SSL_SERVER_HELLO )
+#endif
+            )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+    }
+#endif
+
+    /* Check version */
+    if( major_ver != ssl->major_ver )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
+
+    if( minor_ver > ssl->conf->max_minor_ver )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
+
+    /* Check epoch (and sequence number) with DTLS */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
+
+        if( rec_epoch != ssl->in_epoch )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
+                                        "expected %d, received %d",
+                                        ssl->in_epoch, rec_epoch ) );
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
+            /*
+             * Check for an epoch 0 ClientHello. We can't use in_msg here to
+             * access the first byte of record content (handshake type), as we
+             * have an active transform (possibly iv_len != 0), so use the
+             * fact that the record header len is 13 instead.
+             */
+            if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+                ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
+                rec_epoch == 0 &&
+                ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+                ssl->in_left > 13 &&
+                ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
+                                            "from the same port" ) );
+                return( ssl_handle_possible_reconnect( ssl ) );
+            }
+            else
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
+                return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+        /* Replay detection only works for the current epoch */
+        if( rec_epoch == ssl->in_epoch &&
+            mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+#endif
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+    /* Check length against the size of our buffer */
+    if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN
+                         - (size_t)( ssl->in_msg - ssl->in_buf ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+    }
+
+    /* Check length against bounds of the current transform and version */
+    if( ssl->transform_in == NULL )
+    {
+        if( ssl->in_msglen < 1 ||
+            ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+    }
+    else
+    {
+        if( ssl->in_msglen < ssl->transform_in->minlen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
+            ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        /*
+         * TLS encrypted messages can have up to 256 bytes of padding
+         */
+        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
+            ssl->in_msglen > ssl->transform_in->minlen +
+                             MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+#endif
+    }
+
+    return( 0 );
+}
+
+/*
+ * If applicable, decrypt (and decompress) record content
+ */
+static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
+{
+    int ret, done = 0;
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
+                   ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( mbedtls_ssl_hw_record_read != NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) );
+
+        ret = mbedtls_ssl_hw_record_read( ssl );
+        if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        if( ret == 0 )
+            done = 1;
+    }
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+    if( !done && ssl->transform_in != NULL )
+    {
+        if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
+            return( ret );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
+                       ssl->in_msg, ssl->in_msglen );
+
+        if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+    }
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    if( ssl->transform_in != NULL &&
+        ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
+    {
+        if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
+            return( ret );
+        }
+
+        // TODO: what's the purpose of these lines? is in_len used?
+        ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
+        ssl->in_len[1] = (unsigned char)( ssl->in_msglen      );
+    }
+#endif /* MBEDTLS_ZLIB_SUPPORT */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        mbedtls_ssl_dtls_replay_update( ssl );
+    }
+#endif
+
+    return( 0 );
+}
+
+static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
+
+/*
+ * Read a record.
+ *
+ * Silently ignore non-fatal alert (and for DTLS, invalid records as well,
+ * RFC 6347 4.1.2.7) and continue reading until a valid record is found.
+ *
+ */
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) );
+
+    if( ssl->in_hslen != 0 && ssl->in_hslen < ssl->in_msglen )
+    {
+        /*
+         * Get next Handshake message in the current record
+         */
+        ssl->in_msglen -= ssl->in_hslen;
+
+        memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
+                 ssl->in_msglen );
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record",
+                           ssl->in_msg, ssl->in_msglen );
+
+        if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 )
+            return( ret );
+
+        return( 0 );
+    }
+
+    ssl->in_hslen = 0;
+
+    /*
+     * Read the record header and parse it
+     */
+read_record_header:
+    if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+        return( ret );
+    }
+
+    if( ( ret = ssl_parse_record_header( ssl ) ) != 0 )
+    {
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+            ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
+        {
+            /* Ignore bad record and get next one; drop the whole datagram
+             * since current header cannot be trusted to find the next record
+             * in current datagram */
+            ssl->next_record_offset = 0;
+            ssl->in_left = 0;
+
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (header)" ) );
+            goto read_record_header;
+        }
+#endif
+        return( ret );
+    }
+
+    /*
+     * Read and optionally decrypt the message contents
+     */
+    if( ( ret = mbedtls_ssl_fetch_input( ssl,
+                                 mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
+        return( ret );
+    }
+
+    /* Done reading this record, get ready for the next one */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
+    else
+#endif
+        ssl->in_left = 0;
+
+    if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
+    {
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        {
+            /* Silently discard invalid records */
+            if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD ||
+                ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+            {
+                /* Except when waiting for Finished as a bad mac here
+                 * probably means something went wrong in the handshake
+                 * (eg wrong psk used, mitm downgrade attempt, etc.) */
+                if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
+                    ssl->state == MBEDTLS_SSL_SERVER_FINISHED )
+                {
+#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
+                    if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+                    {
+                        mbedtls_ssl_send_alert_message( ssl,
+                                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
+                    }
+#endif
+                    return( ret );
+                }
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+                if( ssl->conf->badmac_limit != 0 &&
+                    ++ssl->badmac_seen >= ssl->conf->badmac_limit )
+                {
+                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
+                    return( MBEDTLS_ERR_SSL_INVALID_MAC );
+                }
+#endif
+
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
+                goto read_record_header;
+            }
+
+            return( ret );
+        }
+        else
+#endif
+        {
+            /* Error out (and send alert) on invalid records */
+#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
+            if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
+            {
+                mbedtls_ssl_send_alert_message( ssl,
+                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                        MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
+            }
+#endif
+            return( ret );
+        }
+    }
+
+    /*
+     * When we sent the last flight of the handshake, we MUST respond to a
+     * retransmit of the peer's previous flight with a retransmit. (In
+     * practice, only the Finished message will make it, other messages
+     * including CCS use the old transform so they're dropped as invalid.)
+     *
+     * If the record we received is not a handshake message, however, it
+     * means the peer received our last flight so we can clean up
+     * handshake info.
+     *
+     * This check needs to be done before prepare_handshake() due to an edge
+     * case: if the client immediately requests renegotiation, this
+     * finishes the current handshake first, avoiding the new ClientHello
+     * being mistaken for an ancient message in the current handshake.
+     */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake != NULL &&
+        ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
+        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+                ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) );
+
+            if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
+                return( ret );
+            }
+
+            return( MBEDTLS_ERR_SSL_WANT_READ );
+        }
+        else
+        {
+            ssl_handshake_wrapup_free_hs_transform( ssl );
+        }
+    }
+#endif
+
+    /*
+     * Handle particular types of records
+     */
+    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+        if( ( ret = ssl_prepare_handshake_record( ssl ) ) != 0 )
+            return( ret );
+    }
+
+    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
+                       ssl->in_msg[0], ssl->in_msg[1] ) );
+
+        /*
+         * Ignore non-fatal alerts, except close_notify and no_renegotiation
+         */
+        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
+                           ssl->in_msg[1] ) );
+            return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
+        }
+
+        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
+            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
+            return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY );
+        }
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
+        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
+            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
+            /* Will be handled when trying to parse ServerHello */
+            return( 0 );
+        }
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
+            ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+            ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
+            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
+            /* Will be handled in mbedtls_ssl_parse_certificate() */
+            return( 0 );
+        }
+#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
+
+        /* Silently ignore: fetch new message */
+        goto read_record_header;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
+
+    return( 0 );
+}
+
+int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    if( ( ret = mbedtls_ssl_send_alert_message( ssl,
+                    MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
+                            unsigned char level,
+                            unsigned char message )
+{
+    int ret;
+
+    if( ssl == NULL || ssl->conf == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
+
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
+    ssl->out_msglen = 2;
+    ssl->out_msg[0] = level;
+    ssl->out_msg[1] = message;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
+
+    return( 0 );
+}
+
+/*
+ * Handshake functions
+ */
+#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)         && \
+    !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)     && \
+    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)     && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)   && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)    && \
+    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+{
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+#else
+int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    size_t i, n;
+    const mbedtls_x509_crt *crt;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+        if( ssl->client_auth == 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
+            ssl->state++;
+            return( 0 );
+        }
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+        /*
+         * If using SSLv3 and got no cert, send an Alert message
+         * (otherwise an empty Certificate message will be sent).
+         */
+        if( mbedtls_ssl_own_cert( ssl )  == NULL &&
+            ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        {
+            ssl->out_msglen  = 2;
+            ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
+            ssl->out_msg[0]  = MBEDTLS_SSL_ALERT_LEVEL_WARNING;
+            ssl->out_msg[1]  = MBEDTLS_SSL_ALERT_MSG_NO_CERT;
+
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
+            goto write_msg;
+        }
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+    }
+#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_SRV_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+        if( mbedtls_ssl_own_cert( ssl ) == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
+            return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
+        }
+    }
+#endif
+
+    MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) );
+
+    /*
+     *     0  .  0    handshake type
+     *     1  .  3    handshake length
+     *     4  .  6    length of all certs
+     *     7  .  9    length of cert. 1
+     *    10  . n-1   peer certificate
+     *     n  . n+2   length of cert. 2
+     *    n+3 . ...   upper level cert, etc.
+     */
+    i = 7;
+    crt = mbedtls_ssl_own_cert( ssl );
+
+    while( crt != NULL )
+    {
+        n = crt->raw.len;
+        if( n > MBEDTLS_SSL_MAX_CONTENT_LEN - 3 - i )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
+                           i + 3 + n, MBEDTLS_SSL_MAX_CONTENT_LEN ) );
+            return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
+        }
+
+        ssl->out_msg[i    ] = (unsigned char)( n >> 16 );
+        ssl->out_msg[i + 1] = (unsigned char)( n >>  8 );
+        ssl->out_msg[i + 2] = (unsigned char)( n       );
+
+        i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
+        i += n; crt = crt->next;
+    }
+
+    ssl->out_msg[4]  = (unsigned char)( ( i - 7 ) >> 16 );
+    ssl->out_msg[5]  = (unsigned char)( ( i - 7 ) >>  8 );
+    ssl->out_msg[6]  = (unsigned char)( ( i - 7 )       );
+
+    ssl->out_msglen  = i;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE;
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
+write_msg:
+#endif
+
+    ssl->state++;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
+
+    return( ret );
+}
+
+int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    size_t i, n;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+    int authmode = ssl->conf->authmode;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
+
+    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+#if defined(MBEDTLS_SSL_SRV_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+        ssl->state++;
+        return( 0 );
+    }
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
+        authmode = ssl->handshake->sni_authmode;
+#endif
+
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+        authmode == MBEDTLS_SSL_VERIFY_NONE )
+    {
+        ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
+        ssl->state++;
+        return( 0 );
+    }
+#endif
+
+    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    ssl->state++;
+
+#if defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    /*
+     * Check if the client sent an empty certificate
+     */
+    if( ssl->conf->endpoint  == MBEDTLS_SSL_IS_SERVER &&
+        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        if( ssl->in_msglen  == 2                        &&
+            ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT            &&
+            ssl->in_msg[0]  == MBEDTLS_SSL_ALERT_LEVEL_WARNING  &&
+            ssl->in_msg[1]  == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
+
+            ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
+            if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
+                return( 0 );
+            else
+                return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
+        }
+    }
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    if( ssl->conf->endpoint  == MBEDTLS_SSL_IS_SERVER &&
+        ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
+    {
+        if( ssl->in_hslen   == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
+            ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE    &&
+            ssl->in_msg[0]  == MBEDTLS_SSL_HS_CERTIFICATE   &&
+            memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
+
+            ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
+            if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
+                return( 0 );
+            else
+                return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
+        }
+    }
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
+          MBEDTLS_SSL_PROTO_TLS1_2 */
+#endif /* MBEDTLS_SSL_SRV_C */
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE ||
+        ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+    }
+
+    i = mbedtls_ssl_hs_hdr_len( ssl );
+
+    /*
+     * Same message structure as in mbedtls_ssl_write_certificate()
+     */
+    n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2];
+
+    if( ssl->in_msg[i] != 0 ||
+        ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+    }
+
+    /* In case we tried to reuse a session but it failed */
+    if( ssl->session_negotiate->peer_cert != NULL )
+    {
+        mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
+        mbedtls_free( ssl->session_negotiate->peer_cert );
+    }
+
+    if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1,
+                    sizeof( mbedtls_x509_crt ) ) ) == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
+                       sizeof( mbedtls_x509_crt ) ) );
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
+
+    i += 3;
+
+    while( i < ssl->in_hslen )
+    {
+        if( ssl->in_msg[i] != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+        }
+
+        n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
+            | (unsigned int) ssl->in_msg[i + 2];
+        i += 3;
+
+        if( n < 128 || i + n > ssl->in_hslen )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+        }
+
+        ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
+                                  ssl->in_msg + i, n );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
+            return( ret );
+        }
+
+        i += n;
+    }
+
+    MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
+
+    /*
+     * On client, make sure the server cert doesn't change during renego to
+     * avoid "triple handshake" attack: https://secure-resumption.com/
+     */
+#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+    {
+        if( ssl->session->peer_cert == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+        }
+
+        if( ssl->session->peer_cert->raw.len !=
+            ssl->session_negotiate->peer_cert->raw.len ||
+            memcmp( ssl->session->peer_cert->raw.p,
+                    ssl->session_negotiate->peer_cert->raw.p,
+                    ssl->session->peer_cert->raw.len ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+        }
+    }
+#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
+
+    if( authmode != MBEDTLS_SSL_VERIFY_NONE )
+    {
+        mbedtls_x509_crt *ca_chain;
+        mbedtls_x509_crl *ca_crl;
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+        if( ssl->handshake->sni_ca_chain != NULL )
+        {
+            ca_chain = ssl->handshake->sni_ca_chain;
+            ca_crl   = ssl->handshake->sni_ca_crl;
+        }
+        else
+#endif
+        {
+            ca_chain = ssl->conf->ca_chain;
+            ca_crl   = ssl->conf->ca_crl;
+        }
+
+        if( ca_chain == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
+            return( MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED );
+        }
+
+        /*
+         * Main check: verify certificate
+         */
+        ret = mbedtls_x509_crt_verify_with_profile(
+                                ssl->session_negotiate->peer_cert,
+                                ca_chain, ca_crl,
+                                ssl->conf->cert_profile,
+                                ssl->hostname,
+                               &ssl->session_negotiate->verify_result,
+                                ssl->conf->f_vrfy, ssl->conf->p_vrfy );
+
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+        }
+
+        /*
+         * Secondary checks: always done, but change 'ret' only if it was 0
+         */
+
+#if defined(MBEDTLS_ECP_C)
+        {
+            const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
+
+            /* If certificate uses an EC key, make sure the curve is OK */
+            if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
+                mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
+                if( ret == 0 )
+                    ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
+            }
+        }
+#endif /* MBEDTLS_ECP_C */
+
+        if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
+                                  ciphersuite_info,
+                                  ! ssl->conf->endpoint,
+                                 &ssl->session_negotiate->verify_result ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
+            if( ret == 0 )
+                ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
+        }
+
+        if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
+            ret = 0;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
+
+    return( ret );
+}
+#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+          !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
+
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
+    ssl->out_msglen  = 1;
+    ssl->out_msg[0]  = 1;
+
+    ssl->state++;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
+
+    return( 0 );
+}
+
+int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
+
+    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
+    }
+
+    /*
+     * Switch to our negotiated transform and session parameters for inbound
+     * data.
+     */
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
+    ssl->transform_in = ssl->transform_negotiate;
+    ssl->session_in = ssl->session_negotiate;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+        ssl_dtls_replay_reset( ssl );
+#endif
+
+        /* Increment epoch */
+        if( ++ssl->in_epoch == 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
+            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+        }
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+    memset( ssl->in_ctr, 0, 8 );
+
+    /*
+     * Set the in_msg pointer to the correct location based on IV length
+     */
+    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+    {
+        ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
+                      ssl->transform_negotiate->fixed_ivlen;
+    }
+    else
+        ssl->in_msg = ssl->in_iv;
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( mbedtls_ssl_hw_record_activate != NULL )
+    {
+        if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+    }
+#endif
+
+    ssl->state++;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
+
+    return( 0 );
+}
+
+void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
+                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
+{
+    ((void) ciphersuite_info);
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+    if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
+        ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
+    else
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA512_C)
+    if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+        ssl->handshake->update_checksum = ssl_update_checksum_sha384;
+    else
+#endif
+#if defined(MBEDTLS_SHA256_C)
+    if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
+        ssl->handshake->update_checksum = ssl_update_checksum_sha256;
+    else
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return;
+    }
+}
+
+void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+     mbedtls_md5_starts( &ssl->handshake->fin_md5  );
+    mbedtls_sha1_starts( &ssl->handshake->fin_sha1 );
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+    mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+    mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+}
+
+static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
+                                       const unsigned char *buf, size_t len )
+{
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+     mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
+    mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+    mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+    mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+}
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
+                                         const unsigned char *buf, size_t len )
+{
+     mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
+    mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
+}
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf, size_t len )
+{
+    mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+}
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
+                                        const unsigned char *buf, size_t len )
+{
+    mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
+}
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+static void ssl_calc_finished_ssl(
+                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+{
+    const char *sender;
+    mbedtls_md5_context  md5;
+    mbedtls_sha1_context sha1;
+
+    unsigned char padbuf[48];
+    unsigned char md5sum[16];
+    unsigned char sha1sum[20];
+
+    mbedtls_ssl_session *session = ssl->session_negotiate;
+    if( !session )
+        session = ssl->session;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished ssl" ) );
+
+    mbedtls_md5_init( &md5 );
+    mbedtls_sha1_init( &sha1 );
+
+    mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
+    mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
+
+    /*
+     * SSLv3:
+     *   hash =
+     *      MD5( master + pad2 +
+     *          MD5( handshake + sender + master + pad1 ) )
+     *   + SHA1( master + pad2 +
+     *         SHA1( handshake + sender + master + pad1 ) )
+     */
+
+#if !defined(MBEDTLS_MD5_ALT)
+    MBEDTLS_SSL_DEBUG_BUF( 4, "finished  md5 state", (unsigned char *)
+                    md5.state, sizeof(  md5.state ) );
+#endif
+
+#if !defined(MBEDTLS_SHA1_ALT)
+    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
+                   sha1.state, sizeof( sha1.state ) );
+#endif
+
+    sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT"
+                                       : "SRVR";
+
+    memset( padbuf, 0x36, 48 );
+
+    mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 );
+    mbedtls_md5_update( &md5, session->master, 48 );
+    mbedtls_md5_update( &md5, padbuf, 48 );
+    mbedtls_md5_finish( &md5, md5sum );
+
+    mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 );
+    mbedtls_sha1_update( &sha1, session->master, 48 );
+    mbedtls_sha1_update( &sha1, padbuf, 40 );
+    mbedtls_sha1_finish( &sha1, sha1sum );
+
+    memset( padbuf, 0x5C, 48 );
+
+    mbedtls_md5_starts( &md5 );
+    mbedtls_md5_update( &md5, session->master, 48 );
+    mbedtls_md5_update( &md5, padbuf, 48 );
+    mbedtls_md5_update( &md5, md5sum, 16 );
+    mbedtls_md5_finish( &md5, buf );
+
+    mbedtls_sha1_starts( &sha1 );
+    mbedtls_sha1_update( &sha1, session->master, 48 );
+    mbedtls_sha1_update( &sha1, padbuf , 40 );
+    mbedtls_sha1_update( &sha1, sha1sum, 20 );
+    mbedtls_sha1_finish( &sha1, buf + 16 );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
+
+    mbedtls_md5_free(  &md5  );
+    mbedtls_sha1_free( &sha1 );
+
+    mbedtls_zeroize(  padbuf, sizeof(  padbuf ) );
+    mbedtls_zeroize(  md5sum, sizeof(  md5sum ) );
+    mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
+}
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
+static void ssl_calc_finished_tls(
+                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+{
+    int len = 12;
+    const char *sender;
+    mbedtls_md5_context  md5;
+    mbedtls_sha1_context sha1;
+    unsigned char padbuf[36];
+
+    mbedtls_ssl_session *session = ssl->session_negotiate;
+    if( !session )
+        session = ssl->session;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls" ) );
+
+    mbedtls_md5_init( &md5 );
+    mbedtls_sha1_init( &sha1 );
+
+    mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
+    mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
+
+    /*
+     * TLSv1:
+     *   hash = PRF( master, finished_label,
+     *               MD5( handshake ) + SHA1( handshake ) )[0..11]
+     */
+
+#if !defined(MBEDTLS_MD5_ALT)
+    MBEDTLS_SSL_DEBUG_BUF( 4, "finished  md5 state", (unsigned char *)
+                    md5.state, sizeof(  md5.state ) );
+#endif
+
+#if !defined(MBEDTLS_SHA1_ALT)
+    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
+                   sha1.state, sizeof( sha1.state ) );
+#endif
+
+    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+             ? "client finished"
+             : "server finished";
+
+    mbedtls_md5_finish(  &md5, padbuf );
+    mbedtls_sha1_finish( &sha1, padbuf + 16 );
+
+    ssl->handshake->tls_prf( session->master, 48, sender,
+                             padbuf, 36, buf, len );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+
+    mbedtls_md5_free(  &md5  );
+    mbedtls_sha1_free( &sha1 );
+
+    mbedtls_zeroize(  padbuf, sizeof(  padbuf ) );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+static void ssl_calc_finished_tls_sha256(
+                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+{
+    int len = 12;
+    const char *sender;
+    mbedtls_sha256_context sha256;
+    unsigned char padbuf[32];
+
+    mbedtls_ssl_session *session = ssl->session_negotiate;
+    if( !session )
+        session = ssl->session;
+
+    mbedtls_sha256_init( &sha256 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha256" ) );
+
+    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+
+    /*
+     * TLSv1.2:
+     *   hash = PRF( master, finished_label,
+     *               Hash( handshake ) )[0.11]
+     */
+
+#if !defined(MBEDTLS_SHA256_ALT)
+    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
+                   sha256.state, sizeof( sha256.state ) );
+#endif
+
+    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+             ? "client finished"
+             : "server finished";
+
+    mbedtls_sha256_finish( &sha256, padbuf );
+
+    ssl->handshake->tls_prf( session->master, 48, sender,
+                             padbuf, 32, buf, len );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+
+    mbedtls_sha256_free( &sha256 );
+
+    mbedtls_zeroize(  padbuf, sizeof(  padbuf ) );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
+}
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA512_C)
+static void ssl_calc_finished_tls_sha384(
+                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
+{
+    int len = 12;
+    const char *sender;
+    mbedtls_sha512_context sha512;
+    unsigned char padbuf[48];
+
+    mbedtls_ssl_session *session = ssl->session_negotiate;
+    if( !session )
+        session = ssl->session;
+
+    mbedtls_sha512_init( &sha512 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha384" ) );
+
+    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+
+    /*
+     * TLSv1.2:
+     *   hash = PRF( master, finished_label,
+     *               Hash( handshake ) )[0.11]
+     */
+
+#if !defined(MBEDTLS_SHA512_ALT)
+    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
+                   sha512.state, sizeof( sha512.state ) );
+#endif
+
+    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
+             ? "client finished"
+             : "server finished";
+
+    mbedtls_sha512_finish( &sha512, padbuf );
+
+    ssl->handshake->tls_prf( session->master, 48, sender,
+                             padbuf, 48, buf, len );
+
+    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
+
+    mbedtls_sha512_free( &sha512 );
+
+    mbedtls_zeroize(  padbuf, sizeof( padbuf ) );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
+}
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
+{
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) );
+
+    /*
+     * Free our handshake params
+     */
+    mbedtls_ssl_handshake_free( ssl->handshake );
+    mbedtls_free( ssl->handshake );
+    ssl->handshake = NULL;
+
+    /*
+     * Free the previous transform and swith in the current one
+     */
+    if( ssl->transform )
+    {
+        mbedtls_ssl_transform_free( ssl->transform );
+        mbedtls_free( ssl->transform );
+    }
+    ssl->transform = ssl->transform_negotiate;
+    ssl->transform_negotiate = NULL;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) );
+}
+
+void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
+{
+    int resume = ssl->handshake->resume;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+    {
+        ssl->renego_status =  MBEDTLS_SSL_RENEGOTIATION_DONE;
+        ssl->renego_records_seen = 0;
+    }
+#endif
+
+    /*
+     * Free the previous session and switch in the current one
+     */
+    if( ssl->session )
+    {
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+        /* RFC 7366 3.1: keep the EtM state */
+        ssl->session_negotiate->encrypt_then_mac =
+                  ssl->session->encrypt_then_mac;
+#endif
+
+        mbedtls_ssl_session_free( ssl->session );
+        mbedtls_free( ssl->session );
+    }
+    ssl->session = ssl->session_negotiate;
+    ssl->session_negotiate = NULL;
+
+    /*
+     * Add cache entry
+     */
+    if( ssl->conf->f_set_cache != NULL &&
+        ssl->session->id_len != 0 &&
+        resume == 0 )
+    {
+        if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->flight != NULL )
+    {
+        /* Cancel handshake timer */
+        ssl_set_timer( ssl, 0 );
+
+        /* Keep last flight around in case we need to resend it:
+         * we need the handshake and transform structures for that */
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
+    }
+    else
+#endif
+        ssl_handshake_wrapup_free_hs_transform( ssl );
+
+    ssl->state++;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
+}
+
+int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
+{
+    int ret, hash_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
+
+    /*
+     * Set the out_msg pointer to the correct location based on IV length
+     */
+    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+    {
+        ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
+                       ssl->transform_negotiate->fixed_ivlen;
+    }
+    else
+        ssl->out_msg = ssl->out_iv;
+
+    ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
+
+    // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
+    hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    ssl->verify_data_len = hash_len;
+    memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
+#endif
+
+    ssl->out_msglen  = 4 + hash_len;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_FINISHED;
+
+    /*
+     * In case of session resuming, invert the client and server
+     * ChangeCipherSpec messages order.
+     */
+    if( ssl->handshake->resume != 0 )
+    {
+#if defined(MBEDTLS_SSL_CLI_C)
+        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+            ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+#endif
+    }
+    else
+        ssl->state++;
+
+    /*
+     * Switch to our negotiated transform and session parameters for outbound
+     * data.
+     */
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        unsigned char i;
+
+        /* Remember current epoch settings for resending */
+        ssl->handshake->alt_transform_out = ssl->transform_out;
+        memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 );
+
+        /* Set sequence_number to zero */
+        memset( ssl->out_ctr + 2, 0, 6 );
+
+        /* Increment epoch */
+        for( i = 2; i > 0; i-- )
+            if( ++ssl->out_ctr[i - 1] != 0 )
+                break;
+
+        /* The loop goes to its end iff the counter is wrapping */
+        if( i == 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
+            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+        }
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+    memset( ssl->out_ctr, 0, 8 );
+
+    ssl->transform_out = ssl->transform_negotiate;
+    ssl->session_out = ssl->session_negotiate;
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( mbedtls_ssl_hw_record_activate != NULL )
+    {
+        if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+    }
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        mbedtls_ssl_send_flight_completed( ssl );
+#endif
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+#define SSL_MAX_HASH_LEN 36
+#else
+#define SSL_MAX_HASH_LEN 12
+#endif
+
+int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned int hash_len;
+    unsigned char buf[SSL_MAX_HASH_LEN];
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
+
+    ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
+
+    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+        return( ret );
+    }
+
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    /* There is currently no ciphersuite using another length with TLS 1.2 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+        hash_len = 36;
+    else
+#endif
+        hash_len = 12;
+
+    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
+        ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
+    }
+
+    if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
+                      buf, hash_len ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
+    }
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    ssl->verify_data_len = hash_len;
+    memcpy( ssl->peer_verify_data, buf, hash_len );
+#endif
+
+    if( ssl->handshake->resume != 0 )
+    {
+#if defined(MBEDTLS_SSL_CLI_C)
+        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+            ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+#endif
+    }
+    else
+        ssl->state++;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        mbedtls_ssl_recv_flight_completed( ssl );
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
+
+    return( 0 );
+}
+
+static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
+{
+    memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+     mbedtls_md5_init(   &handshake->fin_md5  );
+    mbedtls_sha1_init(   &handshake->fin_sha1 );
+     mbedtls_md5_starts( &handshake->fin_md5  );
+    mbedtls_sha1_starts( &handshake->fin_sha1 );
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+    mbedtls_sha256_init(   &handshake->fin_sha256    );
+    mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+    mbedtls_sha512_init(   &handshake->fin_sha512    );
+    mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+    handshake->update_checksum = ssl_update_checksum_start;
+    handshake->sig_alg = MBEDTLS_SSL_HASH_SHA1;
+
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_dhm_init( &handshake->dhm_ctx );
+#endif
+#if defined(MBEDTLS_ECDH_C)
+    mbedtls_ecdh_init( &handshake->ecdh_ctx );
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
+#if defined(MBEDTLS_SSL_CLI_C)
+    handshake->ecjpake_cache = NULL;
+    handshake->ecjpake_cache_len = 0;
+#endif
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
+#endif
+}
+
+static void ssl_transform_init( mbedtls_ssl_transform *transform )
+{
+    memset( transform, 0, sizeof(mbedtls_ssl_transform) );
+
+    mbedtls_cipher_init( &transform->cipher_ctx_enc );
+    mbedtls_cipher_init( &transform->cipher_ctx_dec );
+
+    mbedtls_md_init( &transform->md_ctx_enc );
+    mbedtls_md_init( &transform->md_ctx_dec );
+}
+
+void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
+{
+    memset( session, 0, sizeof(mbedtls_ssl_session) );
+}
+
+static int ssl_handshake_init( mbedtls_ssl_context *ssl )
+{
+    /* Clear old handshake information if present */
+    if( ssl->transform_negotiate )
+        mbedtls_ssl_transform_free( ssl->transform_negotiate );
+    if( ssl->session_negotiate )
+        mbedtls_ssl_session_free( ssl->session_negotiate );
+    if( ssl->handshake )
+        mbedtls_ssl_handshake_free( ssl->handshake );
+
+    /*
+     * Either the pointers are now NULL or cleared properly and can be freed.
+     * Now allocate missing structures.
+     */
+    if( ssl->transform_negotiate == NULL )
+    {
+        ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
+    }
+
+    if( ssl->session_negotiate == NULL )
+    {
+        ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) );
+    }
+
+    if( ssl->handshake == NULL )
+    {
+        ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) );
+    }
+
+    /* All pointers should exist and can be directly freed without issue */
+    if( ssl->handshake == NULL ||
+        ssl->transform_negotiate == NULL ||
+        ssl->session_negotiate == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
+
+        mbedtls_free( ssl->handshake );
+        mbedtls_free( ssl->transform_negotiate );
+        mbedtls_free( ssl->session_negotiate );
+
+        ssl->handshake = NULL;
+        ssl->transform_negotiate = NULL;
+        ssl->session_negotiate = NULL;
+
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    /* Initialize structures */
+    mbedtls_ssl_session_init( ssl->session_negotiate );
+    ssl_transform_init( ssl->transform_negotiate );
+    ssl_handshake_params_init( ssl->handshake );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        ssl->handshake->alt_transform_out = ssl->transform_out;
+
+        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+            ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
+        else
+            ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
+
+        ssl_set_timer( ssl, 0 );
+    }
+#endif
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+/* Dummy cookie callbacks for defaults */
+static int ssl_cookie_write_dummy( void *ctx,
+                      unsigned char **p, unsigned char *end,
+                      const unsigned char *cli_id, size_t cli_id_len )
+{
+    ((void) ctx);
+    ((void) p);
+    ((void) end);
+    ((void) cli_id);
+    ((void) cli_id_len);
+
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+
+static int ssl_cookie_check_dummy( void *ctx,
+                      const unsigned char *cookie, size_t cookie_len,
+                      const unsigned char *cli_id, size_t cli_id_len )
+{
+    ((void) ctx);
+    ((void) cookie);
+    ((void) cookie_len);
+    ((void) cli_id);
+    ((void) cli_id_len);
+
+    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+}
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
+
+/*
+ * Initialize an SSL context
+ */
+void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
+{
+    memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
+}
+
+/*
+ * Setup an SSL context
+ */
+int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
+                       const mbedtls_ssl_config *conf )
+{
+    int ret;
+    const size_t len = MBEDTLS_SSL_BUFFER_LEN;
+
+    ssl->conf = conf;
+
+    /*
+     * Prepare base structures
+     */
+    if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL ||
+        ( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", len ) );
+        mbedtls_free( ssl->in_buf );
+        ssl->in_buf = NULL;
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        ssl->out_hdr = ssl->out_buf;
+        ssl->out_ctr = ssl->out_buf +  3;
+        ssl->out_len = ssl->out_buf + 11;
+        ssl->out_iv  = ssl->out_buf + 13;
+        ssl->out_msg = ssl->out_buf + 13;
+
+        ssl->in_hdr = ssl->in_buf;
+        ssl->in_ctr = ssl->in_buf +  3;
+        ssl->in_len = ssl->in_buf + 11;
+        ssl->in_iv  = ssl->in_buf + 13;
+        ssl->in_msg = ssl->in_buf + 13;
+    }
+    else
+#endif
+    {
+        ssl->out_ctr = ssl->out_buf;
+        ssl->out_hdr = ssl->out_buf +  8;
+        ssl->out_len = ssl->out_buf + 11;
+        ssl->out_iv  = ssl->out_buf + 13;
+        ssl->out_msg = ssl->out_buf + 13;
+
+        ssl->in_ctr = ssl->in_buf;
+        ssl->in_hdr = ssl->in_buf +  8;
+        ssl->in_len = ssl->in_buf + 11;
+        ssl->in_iv  = ssl->in_buf + 13;
+        ssl->in_msg = ssl->in_buf + 13;
+    }
+
+    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+/*
+ * Reset an initialized and used SSL context for re-use while retaining
+ * all application-set variables, function pointers and data.
+ *
+ * If partial is non-zero, keep data in the input buffer and client ID.
+ * (Use when a DTLS client reconnects from the same port.)
+ */
+static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
+{
+    int ret;
+
+    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
+
+    /* Cancel any possibly running timer */
+    ssl_set_timer( ssl, 0 );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
+    ssl->renego_records_seen = 0;
+
+    ssl->verify_data_len = 0;
+    memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
+    memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
+#endif
+    ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
+
+    ssl->in_offt = NULL;
+
+    ssl->in_msg = ssl->in_buf + 13;
+    ssl->in_msgtype = 0;
+    ssl->in_msglen = 0;
+    if( partial == 0 )
+        ssl->in_left = 0;
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    ssl->next_record_offset = 0;
+    ssl->in_epoch = 0;
+#endif
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    ssl_dtls_replay_reset( ssl );
+#endif
+
+    ssl->in_hslen = 0;
+    ssl->nb_zero = 0;
+    ssl->record_read = 0;
+
+    ssl->out_msg = ssl->out_buf + 13;
+    ssl->out_msgtype = 0;
+    ssl->out_msglen = 0;
+    ssl->out_left = 0;
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED )
+        ssl->split_done = 0;
+#endif
+
+    ssl->transform_in = NULL;
+    ssl->transform_out = NULL;
+
+    memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
+    if( partial == 0 )
+        memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( mbedtls_ssl_hw_record_reset != NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) );
+        if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret );
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+    }
+#endif
+
+    if( ssl->transform )
+    {
+        mbedtls_ssl_transform_free( ssl->transform );
+        mbedtls_free( ssl->transform );
+        ssl->transform = NULL;
+    }
+
+    if( ssl->session )
+    {
+        mbedtls_ssl_session_free( ssl->session );
+        mbedtls_free( ssl->session );
+        ssl->session = NULL;
+    }
+
+#if defined(MBEDTLS_SSL_ALPN)
+    ssl->alpn_chosen = NULL;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    if( partial == 0 )
+    {
+        mbedtls_free( ssl->cli_id );
+        ssl->cli_id = NULL;
+        ssl->cli_id_len = 0;
+    }
+#endif
+
+    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+/*
+ * Reset an initialized and used SSL context for re-use while retaining
+ * all application-set variables, function pointers and data.
+ */
+int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
+{
+    return( ssl_session_reset_int( ssl, 0 ) );
+}
+
+/*
+ * SSL set accessors
+ */
+void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
+{
+    conf->endpoint   = endpoint;
+}
+
+void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
+{
+    conf->transport = transport;
+}
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
+{
+    conf->anti_replay = mode;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
+{
+    conf->badmac_limit = limit;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
+{
+    conf->hs_timeout_min = min;
+    conf->hs_timeout_max = max;
+}
+#endif
+
+void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode )
+{
+    conf->authmode   = authmode;
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy )
+{
+    conf->f_vrfy      = f_vrfy;
+    conf->p_vrfy      = p_vrfy;
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
+                  int (*f_rng)(void *, unsigned char *, size_t),
+                  void *p_rng )
+{
+    conf->f_rng      = f_rng;
+    conf->p_rng      = p_rng;
+}
+
+void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
+                  void (*f_dbg)(void *, int, const char *, int, const char *),
+                  void  *p_dbg )
+{
+    conf->f_dbg      = f_dbg;
+    conf->p_dbg      = p_dbg;
+}
+
+void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
+        void *p_bio,
+        int (*f_send)(void *, const unsigned char *, size_t),
+        int (*f_recv)(void *, unsigned char *, size_t),
+        int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) )
+{
+    ssl->p_bio          = p_bio;
+    ssl->f_send         = f_send;
+    ssl->f_recv         = f_recv;
+    ssl->f_recv_timeout = f_recv_timeout;
+}
+
+void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
+{
+    conf->read_timeout   = timeout;
+}
+
+void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
+                               void *p_timer,
+                               void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms),
+                               int (*f_get_timer)(void *) )
+{
+    ssl->p_timer        = p_timer;
+    ssl->f_set_timer    = f_set_timer;
+    ssl->f_get_timer    = f_get_timer;
+
+    /* Make sure we start with no timer running */
+    ssl_set_timer( ssl, 0 );
+}
+
+#if defined(MBEDTLS_SSL_SRV_C)
+void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
+        void *p_cache,
+        int (*f_get_cache)(void *, mbedtls_ssl_session *),
+        int (*f_set_cache)(void *, const mbedtls_ssl_session *) )
+{
+    conf->p_cache = p_cache;
+    conf->f_get_cache = f_get_cache;
+    conf->f_set_cache = f_set_cache;
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
+{
+    int ret;
+
+    if( ssl == NULL ||
+        session == NULL ||
+        ssl->session_negotiate == NULL ||
+        ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
+        return( ret );
+
+    ssl->handshake->resume = 1;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_CLI_C */
+
+void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
+                                   const int *ciphersuites )
+{
+    conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
+    conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
+    conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
+    conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
+}
+
+void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
+                                       const int *ciphersuites,
+                                       int major, int minor )
+{
+    if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
+        return;
+
+    if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
+        return;
+
+    conf->ciphersuite_list[minor] = ciphersuites;
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
+                                    const mbedtls_x509_crt_profile *profile )
+{
+    conf->cert_profile = profile;
+}
+
+/* Append a new keycert entry to a (possibly empty) list */
+static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
+                                mbedtls_x509_crt *cert,
+                                mbedtls_pk_context *key )
+{
+    mbedtls_ssl_key_cert *new;
+
+    new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
+    if( new == NULL )
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+    new->cert = cert;
+    new->key  = key;
+    new->next = NULL;
+
+    /* Update head is the list was null, else add to the end */
+    if( *head == NULL )
+    {
+        *head = new;
+    }
+    else
+    {
+        mbedtls_ssl_key_cert *cur = *head;
+        while( cur->next != NULL )
+            cur = cur->next;
+        cur->next = new;
+    }
+
+    return( 0 );
+}
+
+int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+                              mbedtls_x509_crt *own_cert,
+                              mbedtls_pk_context *pk_key )
+{
+    return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) );
+}
+
+void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+                               mbedtls_x509_crt *ca_chain,
+                               mbedtls_x509_crl *ca_crl )
+{
+    conf->ca_chain   = ca_chain;
+    conf->ca_crl     = ca_crl;
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
+                                 mbedtls_x509_crt *own_cert,
+                                 mbedtls_pk_context *pk_key )
+{
+    return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
+                                 own_cert, pk_key ) );
+}
+
+void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
+                                  mbedtls_x509_crt *ca_chain,
+                                  mbedtls_x509_crl *ca_crl )
+{
+    ssl->handshake->sni_ca_chain   = ca_chain;
+    ssl->handshake->sni_ca_crl     = ca_crl;
+}
+
+void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
+                                  int authmode )
+{
+    ssl->handshake->sni_authmode = authmode;
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+/*
+ * Set EC J-PAKE password for current handshake
+ */
+int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
+                                         const unsigned char *pw,
+                                         size_t pw_len )
+{
+    mbedtls_ecjpake_role role;
+
+    if( ssl->handshake == NULL && ssl->conf == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+        role = MBEDTLS_ECJPAKE_SERVER;
+    else
+        role = MBEDTLS_ECJPAKE_CLIENT;
+
+    return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
+                                   role,
+                                   MBEDTLS_MD_SHA256,
+                                   MBEDTLS_ECP_DP_SECP256R1,
+                                   pw, pw_len ) );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
+                const unsigned char *psk, size_t psk_len,
+                const unsigned char *psk_identity, size_t psk_identity_len )
+{
+    if( psk == NULL || psk_identity == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( psk_len > MBEDTLS_PSK_MAX_LEN )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    /* Identity len will be encoded on two bytes */
+    if( ( psk_identity_len >> 16 ) != 0 ||
+        psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    if( conf->psk != NULL || conf->psk_identity != NULL )
+    {
+        mbedtls_free( conf->psk );
+        mbedtls_free( conf->psk_identity );
+        conf->psk = NULL;
+        conf->psk_identity = NULL;
+    }
+
+    if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||
+        ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL )
+    {
+        mbedtls_free( conf->psk );
+        mbedtls_free( conf->psk_identity );
+        conf->psk = NULL;
+        conf->psk_identity = NULL;
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    conf->psk_len = psk_len;
+    conf->psk_identity_len = psk_identity_len;
+
+    memcpy( conf->psk, psk, conf->psk_len );
+    memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
+
+    return( 0 );
+}
+
+int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
+                            const unsigned char *psk, size_t psk_len )
+{
+    if( psk == NULL || ssl->handshake == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( psk_len > MBEDTLS_PSK_MAX_LEN )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( ssl->handshake->psk != NULL )
+        mbedtls_free( ssl->handshake->psk );
+
+    if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+    ssl->handshake->psk_len = psk_len;
+    memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
+
+    return( 0 );
+}
+
+void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
+                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
+                     size_t),
+                     void *p_psk )
+{
+    conf->f_psk = f_psk;
+    conf->p_psk = p_psk;
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
+{
+    int ret;
+
+    if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 ||
+        ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
+    {
+        mbedtls_mpi_free( &conf->dhm_P );
+        mbedtls_mpi_free( &conf->dhm_G );
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
+{
+    int ret;
+
+    if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
+        ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
+    {
+        mbedtls_mpi_free( &conf->dhm_P );
+        mbedtls_mpi_free( &conf->dhm_G );
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+/*
+ * Set the minimum length for Diffie-Hellman parameters
+ */
+void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
+                                      unsigned int bitlen )
+{
+    conf->dhm_min_bitlen = bitlen;
+}
+#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+/*
+ * Set allowed/preferred hashes for handshake signatures
+ */
+void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
+                                  const int *hashes )
+{
+    conf->sig_hashes = hashes;
+}
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * Set the allowed elliptic curves
+ */
+void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
+                             const mbedtls_ecp_group_id *curve_list )
+{
+    conf->curve_list = curve_list;
+}
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
+{
+    size_t hostname_len;
+
+    if( hostname == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    hostname_len = strlen( hostname );
+
+    if( hostname_len + 1 == 0 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
+
+    if( ssl->hostname == NULL )
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+    memcpy( ssl->hostname, hostname, hostname_len );
+
+    ssl->hostname[hostname_len] = '\0';
+
+    return( 0 );
+}
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
+                  int (*f_sni)(void *, mbedtls_ssl_context *,
+                                const unsigned char *, size_t),
+                  void *p_sni )
+{
+    conf->f_sni = f_sni;
+    conf->p_sni = p_sni;
+}
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_ALPN)
+int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
+{
+    size_t cur_len, tot_len;
+    const char **p;
+
+    /*
+     * "Empty strings MUST NOT be included and byte strings MUST NOT be
+     * truncated". Check lengths now rather than later.
+     */
+    tot_len = 0;
+    for( p = protos; *p != NULL; p++ )
+    {
+        cur_len = strlen( *p );
+        tot_len += cur_len;
+
+        if( cur_len == 0 || cur_len > 255 || tot_len > 65535 )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    conf->alpn_list = protos;
+
+    return( 0 );
+}
+
+const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
+{
+    return( ssl->alpn_chosen );
+}
+#endif /* MBEDTLS_SSL_ALPN */
+
+void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
+{
+    conf->max_major_ver = major;
+    conf->max_minor_ver = minor;
+}
+
+void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
+{
+    conf->min_major_ver = major;
+    conf->min_minor_ver = minor;
+}
+
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
+void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback )
+{
+    conf->fallback = fallback;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
+{
+    conf->encrypt_then_mac = etm;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
+{
+    conf->extended_ms = ems;
+}
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
+{
+    conf->arc4_disabled = arc4;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
+{
+    if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
+        mfl_code_to_length[mfl_code] > MBEDTLS_SSL_MAX_CONTENT_LEN )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    conf->mfl_code = mfl_code;
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
+{
+    conf->trunc_hmac = truncate;
+}
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split )
+{
+    conf->cbc_record_splitting = split;
+}
+#endif
+
+void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
+{
+    conf->allow_legacy_renegotiation = allow_legacy;
+}
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
+{
+    conf->disable_renegotiation = renegotiation;
+}
+
+void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
+{
+    conf->renego_max_records = max_records;
+}
+
+void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
+                                   const unsigned char period[8] )
+{
+    memcpy( conf->renego_period, period, 8 );
+}
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_CLI_C)
+void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
+{
+    conf->session_tickets = use_tickets;
+}
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C)
+void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
+        mbedtls_ssl_ticket_write_t *f_ticket_write,
+        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+        void *p_ticket )
+{
+    conf->f_ticket_write = f_ticket_write;
+    conf->f_ticket_parse = f_ticket_parse;
+    conf->p_ticket       = p_ticket;
+}
+#endif
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
+        mbedtls_ssl_export_keys_t *f_export_keys,
+        void *p_export_keys )
+{
+    conf->f_export_keys = f_export_keys;
+    conf->p_export_keys = p_export_keys;
+}
+#endif
+
+/*
+ * SSL get accessors
+ */
+size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
+{
+    return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
+}
+
+uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
+{
+    if( ssl->session != NULL )
+        return( ssl->session->verify_result );
+
+    if( ssl->session_negotiate != NULL )
+        return( ssl->session_negotiate->verify_result );
+
+    return( 0xFFFFFFFF );
+}
+
+const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
+{
+    if( ssl == NULL || ssl->session == NULL )
+        return( NULL );
+
+    return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
+}
+
+const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        switch( ssl->minor_ver )
+        {
+            case MBEDTLS_SSL_MINOR_VERSION_2:
+                return( "DTLSv1.0" );
+
+            case MBEDTLS_SSL_MINOR_VERSION_3:
+                return( "DTLSv1.2" );
+
+            default:
+                return( "unknown (DTLS)" );
+        }
+    }
+#endif
+
+    switch( ssl->minor_ver )
+    {
+        case MBEDTLS_SSL_MINOR_VERSION_0:
+            return( "SSLv3.0" );
+
+        case MBEDTLS_SSL_MINOR_VERSION_1:
+            return( "TLSv1.0" );
+
+        case MBEDTLS_SSL_MINOR_VERSION_2:
+            return( "TLSv1.1" );
+
+        case MBEDTLS_SSL_MINOR_VERSION_3:
+            return( "TLSv1.2" );
+
+        default:
+            return( "unknown" );
+    }
+}
+
+int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
+{
+    size_t transform_expansion;
+    const mbedtls_ssl_transform *transform = ssl->transform_out;
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
+        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+#endif
+
+    if( transform == NULL )
+        return( (int) mbedtls_ssl_hdr_len( ssl ) );
+
+    switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
+    {
+        case MBEDTLS_MODE_GCM:
+        case MBEDTLS_MODE_CCM:
+        case MBEDTLS_MODE_STREAM:
+            transform_expansion = transform->minlen;
+            break;
+
+        case MBEDTLS_MODE_CBC:
+            transform_expansion = transform->maclen
+                      + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc );
+            break;
+
+        default:
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
+}
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
+{
+    size_t max_len;
+
+    /*
+     * Assume mfl_code is correct since it was checked when set
+     */
+    max_len = mfl_code_to_length[ssl->conf->mfl_code];
+
+    /*
+     * Check if a smaller max length was negotiated
+     */
+    if( ssl->session_out != NULL &&
+        mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
+    {
+        max_len = mfl_code_to_length[ssl->session_out->mfl_code];
+    }
+
+    return max_len;
+}
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
+{
+    if( ssl == NULL || ssl->session == NULL )
+        return( NULL );
+
+    return( ssl->session->peer_cert );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst )
+{
+    if( ssl == NULL ||
+        dst == NULL ||
+        ssl->session == NULL ||
+        ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
+    {
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
+
+    return( ssl_session_copy( dst, ssl->session ) );
+}
+#endif /* MBEDTLS_SSL_CLI_C */
+
+/*
+ * Perform a single step of the SSL handshake
+ */
+int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+
+    if( ssl == NULL || ssl->conf == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+        ret = mbedtls_ssl_handshake_client_step( ssl );
+#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+        ret = mbedtls_ssl_handshake_server_step( ssl );
+#endif
+
+    return( ret );
+}
+
+/*
+ * Perform the SSL handshake
+ */
+int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+    if( ssl == NULL || ssl->conf == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
+
+    while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
+        ret = mbedtls_ssl_handshake_step( ssl );
+
+        if( ret != 0 )
+            break;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
+
+    return( ret );
+}
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+#if defined(MBEDTLS_SSL_SRV_C)
+/*
+ * Write HelloRequest to request renegotiation on server
+ */
+static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
+
+    ssl->out_msglen  = 4;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = MBEDTLS_SSL_HS_HELLO_REQUEST;
+
+    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_SRV_C */
+
+/*
+ * Actually renegotiate current connection, triggered by either:
+ * - any side: calling mbedtls_ssl_renegotiate(),
+ * - client: receiving a HelloRequest during mbedtls_ssl_read(),
+ * - server: receiving any handshake message on server during mbedtls_ssl_read() after
+ *   the initial handshake is completed.
+ * If the handshake doesn't complete due to waiting for I/O, it will continue
+ * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively.
+ */
+static int ssl_start_renegotiation( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
+
+    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
+        return( ret );
+
+    /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
+     * the ServerHello will have message_seq = 1" */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
+    {
+        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+            ssl->handshake->out_msg_seq = 1;
+        else
+            ssl->handshake->in_msg_seq = 1;
+    }
+#endif
+
+    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
+    ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
+
+    if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
+        return( ret );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
+
+    return( 0 );
+}
+
+/*
+ * Renegotiate current connection on client,
+ * or request renegotiation on server
+ */
+int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
+{
+    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+
+    if( ssl == NULL || ssl->conf == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_SSL_SRV_C)
+    /* On server, just send the request */
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+        if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+        ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
+
+        /* Did we already try/start sending HelloRequest? */
+        if( ssl->out_left != 0 )
+            return( mbedtls_ssl_flush_output( ssl ) );
+
+        return( ssl_write_hello_request( ssl ) );
+    }
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+    /*
+     * On client, either start the renegotiation process or,
+     * if already in progress, continue the handshake
+     */
+    if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
+    {
+        if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+        if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
+            return( ret );
+        }
+    }
+    else
+    {
+        if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
+            return( ret );
+        }
+    }
+#endif /* MBEDTLS_SSL_CLI_C */
+
+    return( ret );
+}
+
+/*
+ * Check record counters and renegotiate if they're above the limit.
+ */
+static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
+{
+    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
+        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
+        ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
+    {
+        return( 0 );
+    }
+
+    if( memcmp( ssl->in_ctr,  ssl->conf->renego_period, 8 ) <= 0 &&
+        memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 )
+    {
+        return( 0 );
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) );
+    return( mbedtls_ssl_renegotiate( ssl ) );
+}
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+/*
+ * Receive application data decrypted from the SSL layer
+ */
+int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
+{
+    int ret, record_read = 0;
+    size_t n;
+
+    if( ssl == NULL || ssl->conf == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+            return( ret );
+
+        if( ssl->handshake != NULL &&
+            ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
+        {
+            if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+                return( ret );
+        }
+    }
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
+        return( ret );
+    }
+#endif
+
+    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
+        ret = mbedtls_ssl_handshake( ssl );
+        if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
+        {
+            record_read = 1;
+        }
+        else if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
+            return( ret );
+        }
+    }
+
+    if( ssl->in_offt == NULL )
+    {
+        /* Start timer if not already running */
+        if( ssl->f_get_timer != NULL &&
+            ssl->f_get_timer( ssl->p_timer ) == -1 )
+        {
+            ssl_set_timer( ssl, ssl->conf->read_timeout );
+        }
+
+        if( ! record_read )
+        {
+            if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+            {
+                if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
+                    return( 0 );
+
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+                return( ret );
+            }
+        }
+
+        if( ssl->in_msglen  == 0 &&
+            ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA )
+        {
+            /*
+             * OpenSSL sends empty messages to randomize the IV
+             */
+            if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+            {
+                if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
+                    return( 0 );
+
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
+                return( ret );
+            }
+        }
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
+
+#if defined(MBEDTLS_SSL_CLI_C)
+            if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+                ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
+                  ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
+
+                /* With DTLS, drop the packet (probably from last handshake) */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+                if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+                    return( MBEDTLS_ERR_SSL_WANT_READ );
+#endif
+                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            }
+
+            if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+                ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
+
+                /* With DTLS, drop the packet (probably from last handshake) */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+                if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+                    return( MBEDTLS_ERR_SSL_WANT_READ );
+#endif
+                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+            }
+#endif
+
+            if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
+                ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
+                  ssl->conf->allow_legacy_renegotiation ==
+                                                MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+                if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+                {
+                    /*
+                     * SSLv3 does not have a "no_renegotiation" alert
+                     */
+                    if( ( ret = mbedtls_ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
+                        return( ret );
+                }
+                else
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+                if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
+                {
+                    if( ( ret = mbedtls_ssl_send_alert_message( ssl,
+                                    MBEDTLS_SSL_ALERT_LEVEL_WARNING,
+                                    MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
+                    {
+                        return( ret );
+                    }
+                }
+                else
+#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 ||
+          MBEDTLS_SSL_PROTO_TLS1_2 */
+                {
+                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+                    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+                }
+            }
+            else
+            {
+                /* DTLS clients need to know renego is server-initiated */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+                if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+                    ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+                {
+                    ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
+                }
+#endif
+                ret = ssl_start_renegotiation( ssl );
+                if( ret == MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO )
+                {
+                    record_read = 1;
+                }
+                else if( ret != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
+                    return( ret );
+                }
+            }
+
+            /* If a non-handshake record was read during renego, fallthrough,
+             * else tell the user they should call mbedtls_ssl_read() again */
+            if( ! record_read )
+                return( MBEDTLS_ERR_SSL_WANT_READ );
+        }
+        else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
+        {
+
+            if( ssl->conf->renego_max_records >= 0 )
+            {
+                if( ++ssl->renego_records_seen > ssl->conf->renego_max_records )
+                {
+                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
+                                        "but not honored by client" ) );
+                    return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+                }
+            }
+        }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+        /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */
+        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
+            return( MBEDTLS_ERR_SSL_WANT_READ );
+        }
+
+        if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
+            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        }
+
+        ssl->in_offt = ssl->in_msg;
+
+        /* We're going to return something now, cancel timer,
+         * except if handshake (renegotiation) is in progress */
+        if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+            ssl_set_timer( ssl, 0 );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        /* If we requested renego but received AppData, resend HelloRequest.
+         * Do it now, after setting in_offt, to avoid taking this branch
+         * again if ssl_write_hello_request() returns WANT_WRITE */
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
+        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+            ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
+        {
+            if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
+                return( ret );
+            }
+        }
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
+#endif
+    }
+
+    n = ( len < ssl->in_msglen )
+        ? len : ssl->in_msglen;
+
+    memcpy( buf, ssl->in_offt, n );
+    ssl->in_msglen -= n;
+
+    if( ssl->in_msglen == 0 )
+        /* all bytes consumed  */
+        ssl->in_offt = NULL;
+    else
+        /* more data available */
+        ssl->in_offt += n;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
+
+    return( (int) n );
+}
+
+/*
+ * Send application data to be encrypted by the SSL layer,
+ * taking care of max fragment length and buffer size
+ */
+static int ssl_write_real( mbedtls_ssl_context *ssl,
+                           const unsigned char *buf, size_t len )
+{
+    int ret;
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
+
+    if( len > max_len )
+    {
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
+                                "maximum fragment length: %d > %d",
+                                len, max_len ) );
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        }
+        else
+#endif
+            len = max_len;
+    }
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+    if( ssl->out_left != 0 )
+    {
+        if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
+            return( ret );
+        }
+    }
+    else
+    {
+        ssl->out_msglen  = len;
+        ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
+        memcpy( ssl->out_msg, buf, len );
+
+        if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+            return( ret );
+        }
+    }
+
+    return( (int) len );
+}
+
+/*
+ * Write application data, doing 1/n-1 splitting if necessary.
+ *
+ * With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
+ * then the caller will call us again with the same arguments, so
+ * remember wether we already did the split or not.
+ */
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+static int ssl_write_split( mbedtls_ssl_context *ssl,
+                            const unsigned char *buf, size_t len )
+{
+    int ret;
+
+    if( ssl->conf->cbc_record_splitting ==
+            MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ||
+        len <= 1 ||
+        ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 ||
+        mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
+                                != MBEDTLS_MODE_CBC )
+    {
+        return( ssl_write_real( ssl, buf, len ) );
+    }
+
+    if( ssl->split_done == 0 )
+    {
+        if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
+            return( ret );
+        ssl->split_done = 1;
+    }
+
+    if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
+        return( ret );
+    ssl->split_done = 0;
+
+    return( ret + 1 );
+}
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
+
+/*
+ * Write application data (public-facing wrapper)
+ */
+int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
+{
+    int ret;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
+
+    if( ssl == NULL || ssl->conf == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
+        return( ret );
+    }
+#endif
+
+    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
+        if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
+            return( ret );
+        }
+    }
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    ret = ssl_write_split( ssl, buf, len );
+#else
+    ret = ssl_write_real( ssl, buf, len );
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
+
+    return( ret );
+}
+
+/*
+ * Notify the peer that the connection is being closed
+ */
+int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    if( ssl == NULL || ssl->conf == NULL )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
+
+    if( ssl->out_left != 0 )
+        return( mbedtls_ssl_flush_output( ssl ) );
+
+    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
+        if( ( ret = mbedtls_ssl_send_alert_message( ssl,
+                        MBEDTLS_SSL_ALERT_LEVEL_WARNING,
+                        MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret );
+            return( ret );
+        }
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
+
+    return( 0 );
+}
+
+void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
+{
+    if( transform == NULL )
+        return;
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    deflateEnd( &transform->ctx_deflate );
+    inflateEnd( &transform->ctx_inflate );
+#endif
+
+    mbedtls_cipher_free( &transform->cipher_ctx_enc );
+    mbedtls_cipher_free( &transform->cipher_ctx_dec );
+
+    mbedtls_md_free( &transform->md_ctx_enc );
+    mbedtls_md_free( &transform->md_ctx_dec );
+
+    mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
+{
+    mbedtls_ssl_key_cert *cur = key_cert, *next;
+
+    while( cur != NULL )
+    {
+        next = cur->next;
+        mbedtls_free( cur );
+        cur = next;
+    }
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
+{
+    if( handshake == NULL )
+        return;
+
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1)
+    mbedtls_md5_free(    &handshake->fin_md5  );
+    mbedtls_sha1_free(   &handshake->fin_sha1 );
+#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SHA256_C)
+    mbedtls_sha256_free(   &handshake->fin_sha256    );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+    mbedtls_sha512_free(   &handshake->fin_sha512    );
+#endif
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_dhm_free( &handshake->dhm_ctx );
+#endif
+#if defined(MBEDTLS_ECDH_C)
+    mbedtls_ecdh_free( &handshake->ecdh_ctx );
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
+#if defined(MBEDTLS_SSL_CLI_C)
+    mbedtls_free( handshake->ecjpake_cache );
+    handshake->ecjpake_cache = NULL;
+    handshake->ecjpake_cache_len = 0;
+#endif
+#endif
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+    /* explicit void pointer cast for buggy MS compiler */
+    mbedtls_free( (void *) handshake->curves );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    if( handshake->psk != NULL )
+    {
+        mbedtls_zeroize( handshake->psk, handshake->psk_len );
+        mbedtls_free( handshake->psk );
+    }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    /*
+     * Free only the linked list wrapper, not the keys themselves
+     * since the belong to the SNI callback
+     */
+    if( handshake->sni_key_cert != NULL )
+    {
+        mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next;
+
+        while( cur != NULL )
+        {
+            next = cur->next;
+            mbedtls_free( cur );
+            cur = next;
+        }
+    }
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    mbedtls_free( handshake->verify_cookie );
+    mbedtls_free( handshake->hs_msg );
+    ssl_flight_free( handshake->flight );
+#endif
+
+    mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) );
+}
+
+void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
+{
+    if( session == NULL )
+        return;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if( session->peer_cert != NULL )
+    {
+        mbedtls_x509_crt_free( session->peer_cert );
+        mbedtls_free( session->peer_cert );
+    }
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    mbedtls_free( session->ticket );
+#endif
+
+    mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) );
+}
+
+/*
+ * Free an SSL context
+ */
+void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
+{
+    if( ssl == NULL )
+        return;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) );
+
+    if( ssl->out_buf != NULL )
+    {
+        mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
+        mbedtls_free( ssl->out_buf );
+    }
+
+    if( ssl->in_buf != NULL )
+    {
+        mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
+        mbedtls_free( ssl->in_buf );
+    }
+
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    if( ssl->compress_buf != NULL )
+    {
+        mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
+        mbedtls_free( ssl->compress_buf );
+    }
+#endif
+
+    if( ssl->transform )
+    {
+        mbedtls_ssl_transform_free( ssl->transform );
+        mbedtls_free( ssl->transform );
+    }
+
+    if( ssl->handshake )
+    {
+        mbedtls_ssl_handshake_free( ssl->handshake );
+        mbedtls_ssl_transform_free( ssl->transform_negotiate );
+        mbedtls_ssl_session_free( ssl->session_negotiate );
+
+        mbedtls_free( ssl->handshake );
+        mbedtls_free( ssl->transform_negotiate );
+        mbedtls_free( ssl->session_negotiate );
+    }
+
+    if( ssl->session )
+    {
+        mbedtls_ssl_session_free( ssl->session );
+        mbedtls_free( ssl->session );
+    }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    if( ssl->hostname != NULL )
+    {
+        mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
+        mbedtls_free( ssl->hostname );
+    }
+#endif
+
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    if( mbedtls_ssl_hw_record_finish != NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) );
+        mbedtls_ssl_hw_record_finish( ssl );
+    }
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    mbedtls_free( ssl->cli_id );
+#endif
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
+
+    /* Actually clear after last debug message */
+    mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
+}
+
+/*
+ * Initialze mbedtls_ssl_config
+ */
+void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
+{
+    memset( conf, 0, sizeof( mbedtls_ssl_config ) );
+}
+
+static int ssl_preset_suiteb_ciphersuites[] = {
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    0
+};
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+static int ssl_preset_suiteb_hashes[] = {
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_NONE
+};
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
+    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_ECP_DP_SECP384R1,
+    MBEDTLS_ECP_DP_NONE
+};
+#endif
+
+/*
+ * Load default in mbedtls_ssl_config
+ */
+int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
+                                 int endpoint, int transport, int preset )
+{
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+    int ret;
+#endif
+
+    /* Use the functions here so that they are covered in tests,
+     * but otherwise access member directly for efficiency */
+    mbedtls_ssl_conf_endpoint( conf, endpoint );
+    mbedtls_ssl_conf_transport( conf, transport );
+
+    /*
+     * Things that are common to all presets
+     */
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+        conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+        conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
+#endif
+    }
+#endif
+
+#if defined(MBEDTLS_ARC4_C)
+    conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED;
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+#endif
+
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+    conf->f_cookie_write = ssl_cookie_write_dummy;
+    conf->f_cookie_check = ssl_cookie_check_dummy;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
+    conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
+#endif
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
+    memset( conf->renego_period, 0xFF, 7 );
+    conf->renego_period[7] = 0x00;
+#endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
+            if( endpoint == MBEDTLS_SSL_IS_SERVER )
+            {
+                if( ( ret = mbedtls_ssl_conf_dh_param( conf,
+                                MBEDTLS_DHM_RFC5114_MODP_2048_P,
+                                MBEDTLS_DHM_RFC5114_MODP_2048_G ) ) != 0 )
+                {
+                    return( ret );
+                }
+            }
+#endif
+
+    /*
+     * Preset-specific defaults
+     */
+    switch( preset )
+    {
+        /*
+         * NSA Suite B
+         */
+        case MBEDTLS_SSL_PRESET_SUITEB:
+            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
+            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
+            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
+            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
+
+            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
+            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
+            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
+            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
+                                   ssl_preset_suiteb_ciphersuites;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+            conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+            conf->sig_hashes = ssl_preset_suiteb_hashes;
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+            conf->curve_list = ssl_preset_suiteb_curves;
+#endif
+            break;
+
+        /*
+         * Default
+         */
+        default:
+            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
+            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
+            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
+            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+            if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+                conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
+#endif
+
+            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
+            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
+            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
+            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
+                                   mbedtls_ssl_list_ciphersuites();
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+            conf->cert_profile = &mbedtls_x509_crt_profile_default;
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+            conf->sig_hashes = mbedtls_md_list();
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+            conf->curve_list = mbedtls_ecp_grp_id_list();
+#endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
+            conf->dhm_min_bitlen = 1024;
+#endif
+    }
+
+    return( 0 );
+}
+
+/*
+ * Free mbedtls_ssl_config
+ */
+void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
+{
+#if defined(MBEDTLS_DHM_C)
+    mbedtls_mpi_free( &conf->dhm_P );
+    mbedtls_mpi_free( &conf->dhm_G );
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+    if( conf->psk != NULL )
+    {
+        mbedtls_zeroize( conf->psk, conf->psk_len );
+        mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
+        mbedtls_free( conf->psk );
+        mbedtls_free( conf->psk_identity );
+        conf->psk_len = 0;
+        conf->psk_identity_len = 0;
+    }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    ssl_key_cert_free( conf->key_cert );
+#endif
+
+    mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) );
+}
+
+#if defined(MBEDTLS_PK_C) && \
+    ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
+/*
+ * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
+ */
+unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
+{
+#if defined(MBEDTLS_RSA_C)
+    if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
+        return( MBEDTLS_SSL_SIG_RSA );
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+    if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
+        return( MBEDTLS_SSL_SIG_ECDSA );
+#endif
+    return( MBEDTLS_SSL_SIG_ANON );
+}
+
+mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
+{
+    switch( sig )
+    {
+#if defined(MBEDTLS_RSA_C)
+        case MBEDTLS_SSL_SIG_RSA:
+            return( MBEDTLS_PK_RSA );
+#endif
+#if defined(MBEDTLS_ECDSA_C)
+        case MBEDTLS_SSL_SIG_ECDSA:
+            return( MBEDTLS_PK_ECDSA );
+#endif
+        default:
+            return( MBEDTLS_PK_NONE );
+    }
+}
+#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
+
+/*
+ * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
+ */
+mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
+{
+    switch( hash )
+    {
+#if defined(MBEDTLS_MD5_C)
+        case MBEDTLS_SSL_HASH_MD5:
+            return( MBEDTLS_MD_MD5 );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+        case MBEDTLS_SSL_HASH_SHA1:
+            return( MBEDTLS_MD_SHA1 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+        case MBEDTLS_SSL_HASH_SHA224:
+            return( MBEDTLS_MD_SHA224 );
+        case MBEDTLS_SSL_HASH_SHA256:
+            return( MBEDTLS_MD_SHA256 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+        case MBEDTLS_SSL_HASH_SHA384:
+            return( MBEDTLS_MD_SHA384 );
+        case MBEDTLS_SSL_HASH_SHA512:
+            return( MBEDTLS_MD_SHA512 );
+#endif
+        default:
+            return( MBEDTLS_MD_NONE );
+    }
+}
+
+/*
+ * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX
+ */
+unsigned char mbedtls_ssl_hash_from_md_alg( int md )
+{
+    switch( md )
+    {
+#if defined(MBEDTLS_MD5_C)
+        case MBEDTLS_MD_MD5:
+            return( MBEDTLS_SSL_HASH_MD5 );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+        case MBEDTLS_MD_SHA1:
+            return( MBEDTLS_SSL_HASH_SHA1 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+        case MBEDTLS_MD_SHA224:
+            return( MBEDTLS_SSL_HASH_SHA224 );
+        case MBEDTLS_MD_SHA256:
+            return( MBEDTLS_SSL_HASH_SHA256 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+        case MBEDTLS_MD_SHA384:
+            return( MBEDTLS_SSL_HASH_SHA384 );
+        case MBEDTLS_MD_SHA512:
+            return( MBEDTLS_SSL_HASH_SHA512 );
+#endif
+        default:
+            return( MBEDTLS_SSL_HASH_NONE );
+    }
+}
+
+#if defined(MBEDTLS_ECP_C)
+/*
+ * Check if a curve proposed by the peer is in our list.
+ * Return 0 if we're willing to use it, -1 otherwise.
+ */
+int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
+{
+    const mbedtls_ecp_group_id *gid;
+
+    if( ssl->conf->curve_list == NULL )
+        return( -1 );
+
+    for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
+        if( *gid == grp_id )
+            return( 0 );
+
+    return( -1 );
+}
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+/*
+ * Check if a hash proposed by the peer is in our list.
+ * Return 0 if we're willing to use it, -1 otherwise.
+ */
+int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
+                                mbedtls_md_type_t md )
+{
+    const int *cur;
+
+    if( ssl->conf->sig_hashes == NULL )
+        return( -1 );
+
+    for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
+        if( *cur == (int) md )
+            return( 0 );
+
+    return( -1 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
+                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
+                          int cert_endpoint,
+                          uint32_t *flags )
+{
+    int ret = 0;
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+    int usage = 0;
+#endif
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+    const char *ext_oid;
+    size_t ext_len;
+#endif
+
+#if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) &&          \
+    !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+    ((void) cert);
+    ((void) cert_endpoint);
+    ((void) flags);
+#endif
+
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+    if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+        /* Server part of the key exchange */
+        switch( ciphersuite->key_exchange )
+        {
+            case MBEDTLS_KEY_EXCHANGE_RSA:
+            case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+                usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
+                break;
+
+            case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+            case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+            case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+                usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
+                break;
+
+            case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+            case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+                usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
+                break;
+
+            /* Don't use default: we want warnings when adding new values */
+            case MBEDTLS_KEY_EXCHANGE_NONE:
+            case MBEDTLS_KEY_EXCHANGE_PSK:
+            case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+            case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+            case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
+                usage = 0;
+        }
+    }
+    else
+    {
+        /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
+        usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
+    }
+
+    if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
+    {
+        *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
+        ret = -1;
+    }
+#else
+    ((void) ciphersuite);
+#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
+
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+    if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
+    {
+        ext_oid = MBEDTLS_OID_SERVER_AUTH;
+        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
+    }
+    else
+    {
+        ext_oid = MBEDTLS_OID_CLIENT_AUTH;
+        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
+    }
+
+    if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
+    {
+        *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
+        ret = -1;
+    }
+#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
+
+    return( ret );
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+/*
+ * Convert version numbers to/from wire format
+ * and, for DTLS, to/from TLS equivalent.
+ *
+ * For TLS this is the identity.
+ * For DTLS, use one complement (v -> 255 - v, and then map as follows:
+ * 1.0 <-> 3.2      (DTLS 1.0 is based on TLS 1.1)
+ * 1.x <-> 3.x+1    for x != 0 (DTLS 1.2 based on TLS 1.2)
+ */
+void mbedtls_ssl_write_version( int major, int minor, int transport,
+                        unsigned char ver[2] )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
+            --minor; /* DTLS 1.0 stored as TLS 1.1 internally */
+
+        ver[0] = (unsigned char)( 255 - ( major - 2 ) );
+        ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
+    }
+    else
+#else
+    ((void) transport);
+#endif
+    {
+        ver[0] = (unsigned char) major;
+        ver[1] = (unsigned char) minor;
+    }
+}
+
+void mbedtls_ssl_read_version( int *major, int *minor, int transport,
+                       const unsigned char ver[2] )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        *major = 255 - ver[0] + 2;
+        *minor = 255 - ver[1] + 1;
+
+        if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
+            ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
+    }
+    else
+#else
+    ((void) transport);
+#endif
+    {
+        *major = ver[0];
+        *minor = ver[1];
+    }
+}
+
+#endif /* MBEDTLS_SSL_TLS_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/threading.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,136 @@
+/*
+ *  Threading abstraction layer
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_THREADING_C)
+
+#include "mbedtls/threading.h"
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
+{
+    if( mutex == NULL )
+        return;
+
+    mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
+}
+
+static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex )
+{
+    if( mutex == NULL )
+        return;
+
+    (void) pthread_mutex_destroy( &mutex->mutex );
+}
+
+static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex )
+{
+    if( mutex == NULL || ! mutex->is_valid )
+        return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+
+    if( pthread_mutex_lock( &mutex->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+    return( 0 );
+}
+
+static int threading_mutex_unlock_pthread( mbedtls_threading_mutex_t *mutex )
+{
+    if( mutex == NULL || ! mutex->is_valid )
+        return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+
+    if( pthread_mutex_unlock( &mutex->mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+    return( 0 );
+}
+
+void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_init_pthread;
+void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_free_pthread;
+int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_pthread;
+int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread;
+
+/*
+ * With phtreads we can statically initialize mutexes
+ */
+#define MUTEX_INIT  = { PTHREAD_MUTEX_INITIALIZER, 1 }
+
+#endif /* MBEDTLS_THREADING_PTHREAD */
+
+#if defined(MBEDTLS_THREADING_ALT)
+static int threading_mutex_fail( mbedtls_threading_mutex_t *mutex )
+{
+    ((void) mutex );
+    return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
+}
+static void threading_mutex_dummy( mbedtls_threading_mutex_t *mutex )
+{
+    ((void) mutex );
+    return;
+}
+
+void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy;
+void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy;
+int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail;
+int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail;
+
+/*
+ * Set functions pointers and initialize global mutexes
+ */
+void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
+                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
+                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
+                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) )
+{
+    mbedtls_mutex_init = mutex_init;
+    mbedtls_mutex_free = mutex_free;
+    mbedtls_mutex_lock = mutex_lock;
+    mbedtls_mutex_unlock = mutex_unlock;
+
+    mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
+    mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
+}
+
+/*
+ * Free global mutexes
+ */
+void mbedtls_threading_free_alt( void )
+{
+    mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
+    mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
+}
+#endif /* MBEDTLS_THREADING_ALT */
+
+/*
+ * Define global mutexes
+ */
+#ifndef MUTEX_INIT
+#define MUTEX_INIT
+#endif
+mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
+mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
+
+#endif /* MBEDTLS_THREADING_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/timing.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,520 @@
+/*
+ *  Portable interface to the CPU cycle counter
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf     printf
+#endif
+
+#if defined(MBEDTLS_TIMING_C)
+
+#include "mbedtls/timing.h"
+
+#if !defined(MBEDTLS_TIMING_ALT)
+
+#ifndef asm
+#define asm __asm
+#endif
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+
+#include <windows.h>
+#include <winbase.h>
+
+struct _hr_time
+{
+    LARGE_INTEGER start;
+};
+
+#else
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <signal.h>
+#include <time.h>
+
+struct _hr_time
+{
+    struct timeval start;
+};
+
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
+    ( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__)
+
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    unsigned long tsc;
+    __asm   rdtsc
+    __asm   mov  [tsc], eax
+    return( tsc );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+          ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */
+
+/* some versions of mingw-64 have 32-bit longs even on x84_64 */
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
+    defined(__GNUC__) && ( defined(__i386__) || (                       \
+    ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) )
+
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    unsigned long lo, hi;
+    asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
+    return( lo );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+          __GNUC__ && __i386__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
+    defined(__GNUC__) && ( defined(__amd64__) || defined(__x86_64__) )
+
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    unsigned long lo, hi;
+    asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
+    return( lo | ( hi << 32 ) );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+          __GNUC__ && ( __amd64__ || __x86_64__ ) */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
+    defined(__GNUC__) && ( defined(__powerpc__) || defined(__ppc__) )
+
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    unsigned long tbl, tbu0, tbu1;
+
+    do
+    {
+        asm volatile( "mftbu %0" : "=r" (tbu0) );
+        asm volatile( "mftb  %0" : "=r" (tbl ) );
+        asm volatile( "mftbu %0" : "=r" (tbu1) );
+    }
+    while( tbu0 != tbu1 );
+
+    return( tbl );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+          __GNUC__ && ( __powerpc__ || __ppc__ ) */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
+    defined(__GNUC__) && defined(__sparc64__)
+
+#if defined(__OpenBSD__)
+#warning OpenBSD does not allow access to tick register using software version instead
+#else
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    unsigned long tick;
+    asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) );
+    return( tick );
+}
+#endif /* __OpenBSD__ */
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+          __GNUC__ && __sparc64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
+    defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__)
+
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    unsigned long tick;
+    asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" );
+    asm volatile( "mov   %%g1, %0" : "=r" (tick) );
+    return( tick );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+          __GNUC__ && __sparc__ && !__sparc64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&      \
+    defined(__GNUC__) && defined(__alpha__)
+
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    unsigned long cc;
+    asm volatile( "rpcc %0" : "=r" (cc) );
+    return( cc & 0xFFFFFFFF );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+          __GNUC__ && __alpha__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&      \
+    defined(__GNUC__) && defined(__ia64__)
+
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    unsigned long itc;
+    asm volatile( "mov %0 = ar.itc" : "=r" (itc) );
+    return( itc );
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+          __GNUC__ && __ia64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(_MSC_VER) && \
+    !defined(EFIX64) && !defined(EFI32)
+
+#define HAVE_HARDCLOCK
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    LARGE_INTEGER offset;
+
+    QueryPerformanceCounter( &offset );
+
+    return( (unsigned long)( offset.QuadPart ) );
+}
+#endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */
+
+#if !defined(HAVE_HARDCLOCK)
+
+#define HAVE_HARDCLOCK
+
+static int hardclock_init = 0;
+static struct timeval tv_init;
+
+unsigned long mbedtls_timing_hardclock( void )
+{
+    struct timeval tv_cur;
+
+    if( hardclock_init == 0 )
+    {
+        gettimeofday( &tv_init, NULL );
+        hardclock_init = 1;
+    }
+
+    gettimeofday( &tv_cur, NULL );
+    return( ( tv_cur.tv_sec  - tv_init.tv_sec  ) * 1000000
+          + ( tv_cur.tv_usec - tv_init.tv_usec ) );
+}
+#endif /* !HAVE_HARDCLOCK */
+
+volatile int mbedtls_timing_alarmed = 0;
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+
+unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
+{
+    unsigned long delta;
+    LARGE_INTEGER offset, hfreq;
+    struct _hr_time *t = (struct _hr_time *) val;
+
+    QueryPerformanceCounter(  &offset );
+    QueryPerformanceFrequency( &hfreq );
+
+    delta = (unsigned long)( ( 1000 *
+        ( offset.QuadPart - t->start.QuadPart ) ) /
+           hfreq.QuadPart );
+
+    if( reset )
+        QueryPerformanceCounter( &t->start );
+
+    return( delta );
+}
+
+/* It's OK to use a global because alarm() is supposed to be global anyway */
+static DWORD alarmMs;
+
+static DWORD WINAPI TimerProc( LPVOID TimerContext )
+{
+    ((void) TimerContext);
+    Sleep( alarmMs );
+    mbedtls_timing_alarmed = 1;
+    return( TRUE );
+}
+
+void mbedtls_set_alarm( int seconds )
+{
+    DWORD ThreadId;
+
+    mbedtls_timing_alarmed = 0;
+    alarmMs = seconds * 1000;
+    CloseHandle( CreateThread( NULL, 0, TimerProc, NULL, 0, &ThreadId ) );
+}
+
+#else /* _WIN32 && !EFIX64 && !EFI32 */
+
+unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
+{
+    unsigned long delta;
+    struct timeval offset;
+    struct _hr_time *t = (struct _hr_time *) val;
+
+    gettimeofday( &offset, NULL );
+
+    if( reset )
+    {
+        t->start.tv_sec  = offset.tv_sec;
+        t->start.tv_usec = offset.tv_usec;
+        return( 0 );
+    }
+
+    delta = ( offset.tv_sec  - t->start.tv_sec  ) * 1000
+          + ( offset.tv_usec - t->start.tv_usec ) / 1000;
+
+    return( delta );
+}
+
+static void sighandler( int signum )
+{
+    mbedtls_timing_alarmed = 1;
+    signal( signum, sighandler );
+}
+
+void mbedtls_set_alarm( int seconds )
+{
+    mbedtls_timing_alarmed = 0;
+    signal( SIGALRM, sighandler );
+    alarm( seconds );
+}
+
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+
+/*
+ * Set delays to watch
+ */
+void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
+{
+    mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
+
+    ctx->int_ms = int_ms;
+    ctx->fin_ms = fin_ms;
+
+    if( fin_ms != 0 )
+        (void) mbedtls_timing_get_timer( &ctx->timer, 1 );
+}
+
+/*
+ * Get number of delays expired
+ */
+int mbedtls_timing_get_delay( void *data )
+{
+    mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
+    unsigned long elapsed_ms;
+
+    if( ctx->fin_ms == 0 )
+        return( -1 );
+
+    elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 );
+
+    if( elapsed_ms >= ctx->fin_ms )
+        return( 2 );
+
+    if( elapsed_ms >= ctx->int_ms )
+        return( 1 );
+
+    return( 0 );
+}
+
+#endif /* !MBEDTLS_TIMING_ALT */
+
+#if defined(MBEDTLS_SELF_TEST)
+
+/*
+ * Busy-waits for the given number of milliseconds.
+ * Used for testing mbedtls_timing_hardclock.
+ */
+static void busy_msleep( unsigned long msec )
+{
+    struct mbedtls_timing_hr_time hires;
+    unsigned long i = 0; /* for busy-waiting */
+    volatile unsigned long j; /* to prevent optimisation */
+
+    (void) mbedtls_timing_get_timer( &hires, 1 );
+
+    while( mbedtls_timing_get_timer( &hires, 0 ) < msec )
+        i++;
+
+    j = i;
+    (void) j;
+}
+
+#define FAIL    do                      \
+{                                       \
+    if( verbose != 0 )                  \
+        mbedtls_printf( "failed\n" );   \
+                                        \
+    return( 1 );                        \
+} while( 0 )
+
+/*
+ * Checkup routine
+ *
+ * Warning: this is work in progress, some tests may not be reliable enough
+ * yet! False positives may happen.
+ */
+int mbedtls_timing_self_test( int verbose )
+{
+    unsigned long cycles, ratio;
+    unsigned long millisecs, secs;
+    int hardfail;
+    struct mbedtls_timing_hr_time hires;
+    uint32_t a, b;
+    mbedtls_timing_delay_context ctx;
+
+    if( verbose != 0 )
+        mbedtls_printf( "  TIMING tests note: will take some time!\n" );
+
+
+    if( verbose != 0 )
+        mbedtls_printf( "  TIMING test #1 (set_alarm / get_timer): " );
+
+    for( secs = 1; secs <= 3; secs++ )
+    {
+        (void) mbedtls_timing_get_timer( &hires, 1 );
+
+        mbedtls_set_alarm( (int) secs );
+        while( !mbedtls_timing_alarmed )
+            ;
+
+        millisecs = mbedtls_timing_get_timer( &hires, 0 );
+
+        /* For some reason on Windows it looks like alarm has an extra delay
+         * (maybe related to creating a new thread). Allow some room here. */
+        if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            return( 1 );
+        }
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  TIMING test #2 (set/get_delay        ): " );
+
+    for( a = 200; a <= 400; a += 200 )
+    {
+        for( b = 200; b <= 400; b += 200 )
+        {
+            mbedtls_timing_set_delay( &ctx, a, a + b );
+
+            busy_msleep( a - a / 8 );
+            if( mbedtls_timing_get_delay( &ctx ) != 0 )
+                FAIL;
+
+            busy_msleep( a / 4 );
+            if( mbedtls_timing_get_delay( &ctx ) != 1 )
+                FAIL;
+
+            busy_msleep( b - a / 8 - b / 8 );
+            if( mbedtls_timing_get_delay( &ctx ) != 1 )
+                FAIL;
+
+            busy_msleep( b / 4 );
+            if( mbedtls_timing_get_delay( &ctx ) != 2 )
+                FAIL;
+        }
+    }
+
+    mbedtls_timing_set_delay( &ctx, 0, 0 );
+    busy_msleep( 200 );
+    if( mbedtls_timing_get_delay( &ctx ) != -1 )
+        FAIL;
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+    if( verbose != 0 )
+        mbedtls_printf( "  TIMING test #3 (hardclock / get_timer): " );
+
+    /*
+     * Allow one failure for possible counter wrapping.
+     * On a 4Ghz 32-bit machine the cycle counter wraps about once per second;
+     * since the whole test is about 10ms, it shouldn't happen twice in a row.
+     */
+    hardfail = 0;
+
+hard_test:
+    if( hardfail > 1 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed (ignored)\n" );
+
+        goto hard_test_done;
+    }
+
+    /* Get a reference ratio cycles/ms */
+    millisecs = 1;
+    cycles = mbedtls_timing_hardclock();
+    busy_msleep( millisecs );
+    cycles = mbedtls_timing_hardclock() - cycles;
+    ratio = cycles / millisecs;
+
+    /* Check that the ratio is mostly constant */
+    for( millisecs = 2; millisecs <= 4; millisecs++ )
+    {
+        cycles = mbedtls_timing_hardclock();
+        busy_msleep( millisecs );
+        cycles = mbedtls_timing_hardclock() - cycles;
+
+        /* Allow variation up to 20% */
+        if( cycles / millisecs < ratio - ratio / 5 ||
+            cycles / millisecs > ratio + ratio / 5 )
+        {
+            hardfail++;
+            goto hard_test;
+        }
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n" );
+
+hard_test_done:
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_TIMING_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/version.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,50 @@
+/*
+ *  Version information
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_VERSION_C)
+
+#include "mbedtls/version.h"
+#include <string.h>
+
+unsigned int mbedtls_version_get_number()
+{
+    return( MBEDTLS_VERSION_NUMBER );
+}
+
+void mbedtls_version_get_string( char *string )
+{
+    memcpy( string, MBEDTLS_VERSION_STRING,
+            sizeof( MBEDTLS_VERSION_STRING ) );
+}
+
+void mbedtls_version_get_string_full( char *string )
+{
+    memcpy( string, MBEDTLS_VERSION_STRING_FULL,
+            sizeof( MBEDTLS_VERSION_STRING_FULL ) );
+}
+
+#endif /* MBEDTLS_VERSION_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/version_features.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,635 @@
+/*
+ *  Version feature information
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_VERSION_C)
+
+#include "mbedtls/version.h"
+
+#include <string.h>
+
+static const char *features[] = {
+#if defined(MBEDTLS_VERSION_FEATURES)
+#if defined(MBEDTLS_HAVE_ASM)
+    "MBEDTLS_HAVE_ASM",
+#endif /* MBEDTLS_HAVE_ASM */
+#if defined(MBEDTLS_HAVE_SSE2)
+    "MBEDTLS_HAVE_SSE2",
+#endif /* MBEDTLS_HAVE_SSE2 */
+#if defined(MBEDTLS_HAVE_TIME)
+    "MBEDTLS_HAVE_TIME",
+#endif /* MBEDTLS_HAVE_TIME */
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+    "MBEDTLS_HAVE_TIME_DATE",
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+    "MBEDTLS_PLATFORM_MEMORY",
+#endif /* MBEDTLS_PLATFORM_MEMORY */
+#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+    "MBEDTLS_PLATFORM_NO_STD_FUNCTIONS",
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+    "MBEDTLS_PLATFORM_EXIT_ALT",
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+    "MBEDTLS_PLATFORM_FPRINTF_ALT",
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+    "MBEDTLS_PLATFORM_PRINTF_ALT",
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+    "MBEDTLS_PLATFORM_SNPRINTF_ALT",
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+    "MBEDTLS_DEPRECATED_WARNING",
+#endif /* MBEDTLS_DEPRECATED_WARNING */
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+    "MBEDTLS_DEPRECATED_REMOVED",
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MBEDTLS_TIMING_ALT)
+    "MBEDTLS_TIMING_ALT",
+#endif /* MBEDTLS_TIMING_ALT */
+#if defined(MBEDTLS_AES_ALT)
+    "MBEDTLS_AES_ALT",
+#endif /* MBEDTLS_AES_ALT */
+#if defined(MBEDTLS_ARC4_ALT)
+    "MBEDTLS_ARC4_ALT",
+#endif /* MBEDTLS_ARC4_ALT */
+#if defined(MBEDTLS_BLOWFISH_ALT)
+    "MBEDTLS_BLOWFISH_ALT",
+#endif /* MBEDTLS_BLOWFISH_ALT */
+#if defined(MBEDTLS_CAMELLIA_ALT)
+    "MBEDTLS_CAMELLIA_ALT",
+#endif /* MBEDTLS_CAMELLIA_ALT */
+#if defined(MBEDTLS_DES_ALT)
+    "MBEDTLS_DES_ALT",
+#endif /* MBEDTLS_DES_ALT */
+#if defined(MBEDTLS_XTEA_ALT)
+    "MBEDTLS_XTEA_ALT",
+#endif /* MBEDTLS_XTEA_ALT */
+#if defined(MBEDTLS_MD2_ALT)
+    "MBEDTLS_MD2_ALT",
+#endif /* MBEDTLS_MD2_ALT */
+#if defined(MBEDTLS_MD4_ALT)
+    "MBEDTLS_MD4_ALT",
+#endif /* MBEDTLS_MD4_ALT */
+#if defined(MBEDTLS_MD5_ALT)
+    "MBEDTLS_MD5_ALT",
+#endif /* MBEDTLS_MD5_ALT */
+#if defined(MBEDTLS_RIPEMD160_ALT)
+    "MBEDTLS_RIPEMD160_ALT",
+#endif /* MBEDTLS_RIPEMD160_ALT */
+#if defined(MBEDTLS_SHA1_ALT)
+    "MBEDTLS_SHA1_ALT",
+#endif /* MBEDTLS_SHA1_ALT */
+#if defined(MBEDTLS_SHA256_ALT)
+    "MBEDTLS_SHA256_ALT",
+#endif /* MBEDTLS_SHA256_ALT */
+#if defined(MBEDTLS_SHA512_ALT)
+    "MBEDTLS_SHA512_ALT",
+#endif /* MBEDTLS_SHA512_ALT */
+#if defined(MBEDTLS_MD2_PROCESS_ALT)
+    "MBEDTLS_MD2_PROCESS_ALT",
+#endif /* MBEDTLS_MD2_PROCESS_ALT */
+#if defined(MBEDTLS_MD4_PROCESS_ALT)
+    "MBEDTLS_MD4_PROCESS_ALT",
+#endif /* MBEDTLS_MD4_PROCESS_ALT */
+#if defined(MBEDTLS_MD5_PROCESS_ALT)
+    "MBEDTLS_MD5_PROCESS_ALT",
+#endif /* MBEDTLS_MD5_PROCESS_ALT */
+#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
+    "MBEDTLS_RIPEMD160_PROCESS_ALT",
+#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */
+#if defined(MBEDTLS_SHA1_PROCESS_ALT)
+    "MBEDTLS_SHA1_PROCESS_ALT",
+#endif /* MBEDTLS_SHA1_PROCESS_ALT */
+#if defined(MBEDTLS_SHA256_PROCESS_ALT)
+    "MBEDTLS_SHA256_PROCESS_ALT",
+#endif /* MBEDTLS_SHA256_PROCESS_ALT */
+#if defined(MBEDTLS_SHA512_PROCESS_ALT)
+    "MBEDTLS_SHA512_PROCESS_ALT",
+#endif /* MBEDTLS_SHA512_PROCESS_ALT */
+#if defined(MBEDTLS_DES_SETKEY_ALT)
+    "MBEDTLS_DES_SETKEY_ALT",
+#endif /* MBEDTLS_DES_SETKEY_ALT */
+#if defined(MBEDTLS_DES_CRYPT_ECB_ALT)
+    "MBEDTLS_DES_CRYPT_ECB_ALT",
+#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */
+#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
+    "MBEDTLS_DES3_CRYPT_ECB_ALT",
+#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */
+#if defined(MBEDTLS_AES_SETKEY_ENC_ALT)
+    "MBEDTLS_AES_SETKEY_ENC_ALT",
+#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */
+#if defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+    "MBEDTLS_AES_SETKEY_DEC_ALT",
+#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */
+#if defined(MBEDTLS_AES_ENCRYPT_ALT)
+    "MBEDTLS_AES_ENCRYPT_ALT",
+#endif /* MBEDTLS_AES_ENCRYPT_ALT */
+#if defined(MBEDTLS_AES_DECRYPT_ALT)
+    "MBEDTLS_AES_DECRYPT_ALT",
+#endif /* MBEDTLS_AES_DECRYPT_ALT */
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+    "MBEDTLS_ENTROPY_HARDWARE_ALT",
+#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
+#if defined(MBEDTLS_AES_ROM_TABLES)
+    "MBEDTLS_AES_ROM_TABLES",
+#endif /* MBEDTLS_AES_ROM_TABLES */
+#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
+    "MBEDTLS_CAMELLIA_SMALL_MEMORY",
+#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    "MBEDTLS_CIPHER_MODE_CBC",
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    "MBEDTLS_CIPHER_MODE_CFB",
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    "MBEDTLS_CIPHER_MODE_CTR",
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+    "MBEDTLS_CIPHER_NULL_CIPHER",
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+    "MBEDTLS_CIPHER_PADDING_PKCS7",
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
+#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
+    "MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS",
+#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
+    "MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN",
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
+    "MBEDTLS_CIPHER_PADDING_ZEROS",
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
+#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
+    "MBEDTLS_ENABLE_WEAK_CIPHERSUITES",
+#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
+#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
+    "MBEDTLS_REMOVE_ARC4_CIPHERSUITES",
+#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+    "MBEDTLS_ECP_DP_SECP192R1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+    "MBEDTLS_ECP_DP_SECP224R1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+    "MBEDTLS_ECP_DP_SECP256R1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+    "MBEDTLS_ECP_DP_SECP384R1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+    "MBEDTLS_ECP_DP_SECP521R1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+    "MBEDTLS_ECP_DP_SECP192K1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+    "MBEDTLS_ECP_DP_SECP224K1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+    "MBEDTLS_ECP_DP_SECP256K1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+    "MBEDTLS_ECP_DP_BP256R1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+    "MBEDTLS_ECP_DP_BP384R1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+    "MBEDTLS_ECP_DP_BP512R1_ENABLED",
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+    "MBEDTLS_ECP_DP_CURVE25519_ENABLED",
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+    "MBEDTLS_ECP_NIST_OPTIM",
+#endif /* MBEDTLS_ECP_NIST_OPTIM */
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+    "MBEDTLS_ECDSA_DETERMINISTIC",
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED",
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+    "MBEDTLS_PK_PARSE_EC_EXTENDED",
+#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
+#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+    "MBEDTLS_ERROR_STRERROR_DUMMY",
+#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
+#if defined(MBEDTLS_GENPRIME)
+    "MBEDTLS_GENPRIME",
+#endif /* MBEDTLS_GENPRIME */
+#if defined(MBEDTLS_FS_IO)
+    "MBEDTLS_FS_IO",
+#endif /* MBEDTLS_FS_IO */
+#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+    "MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES",
+#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
+#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+    "MBEDTLS_NO_PLATFORM_ENTROPY",
+#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */
+#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+    "MBEDTLS_ENTROPY_FORCE_SHA256",
+#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
+#if defined(MBEDTLS_MEMORY_DEBUG)
+    "MBEDTLS_MEMORY_DEBUG",
+#endif /* MBEDTLS_MEMORY_DEBUG */
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+    "MBEDTLS_MEMORY_BACKTRACE",
+#endif /* MBEDTLS_MEMORY_BACKTRACE */
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+    "MBEDTLS_PK_RSA_ALT_SUPPORT",
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+#if defined(MBEDTLS_PKCS1_V15)
+    "MBEDTLS_PKCS1_V15",
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+    "MBEDTLS_PKCS1_V21",
+#endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_RSA_NO_CRT)
+    "MBEDTLS_RSA_NO_CRT",
+#endif /* MBEDTLS_RSA_NO_CRT */
+#if defined(MBEDTLS_SELF_TEST)
+    "MBEDTLS_SELF_TEST",
+#endif /* MBEDTLS_SELF_TEST */
+#if defined(MBEDTLS_SHA256_SMALLER)
+    "MBEDTLS_SHA256_SMALLER",
+#endif /* MBEDTLS_SHA256_SMALLER */
+#if defined(MBEDTLS_SSL_AEAD_RANDOM_IV)
+    "MBEDTLS_SSL_AEAD_RANDOM_IV",
+#endif /* MBEDTLS_SSL_AEAD_RANDOM_IV */
+#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
+    "MBEDTLS_SSL_ALL_ALERT_MESSAGES",
+#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+    "MBEDTLS_SSL_DEBUG_ALL",
+#endif /* MBEDTLS_SSL_DEBUG_ALL */
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+    "MBEDTLS_SSL_ENCRYPT_THEN_MAC",
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+    "MBEDTLS_SSL_EXTENDED_MASTER_SECRET",
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
+    "MBEDTLS_SSL_FALLBACK_SCSV",
+#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
+#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
+    "MBEDTLS_SSL_HW_RECORD_ACCEL",
+#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+    "MBEDTLS_SSL_CBC_RECORD_SPLITTING",
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+    "MBEDTLS_SSL_RENEGOTIATION",
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+    "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO",
+#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
+#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
+    "MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE",
+#endif /* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE */
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH",
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+    "MBEDTLS_SSL_PROTO_SSL3",
+#endif /* MBEDTLS_SSL_PROTO_SSL3 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1)
+    "MBEDTLS_SSL_PROTO_TLS1",
+#endif /* MBEDTLS_SSL_PROTO_TLS1 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
+    "MBEDTLS_SSL_PROTO_TLS1_1",
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+    "MBEDTLS_SSL_PROTO_TLS1_2",
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    "MBEDTLS_SSL_PROTO_DTLS",
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_ALPN)
+    "MBEDTLS_SSL_ALPN",
+#endif /* MBEDTLS_SSL_ALPN */
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+    "MBEDTLS_SSL_DTLS_ANTI_REPLAY",
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+    "MBEDTLS_SSL_DTLS_HELLO_VERIFY",
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
+    "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE",
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
+    "MBEDTLS_SSL_DTLS_BADMAC_LIMIT",
+#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+    "MBEDTLS_SSL_SESSION_TICKETS",
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#if defined(MBEDTLS_SSL_EXPORT_KEYS)
+    "MBEDTLS_SSL_EXPORT_KEYS",
+#endif /* MBEDTLS_SSL_EXPORT_KEYS */
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+    "MBEDTLS_SSL_SERVER_NAME_INDICATION",
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+    "MBEDTLS_SSL_TRUNCATED_HMAC",
+#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
+#if defined(MBEDTLS_THREADING_ALT)
+    "MBEDTLS_THREADING_ALT",
+#endif /* MBEDTLS_THREADING_ALT */
+#if defined(MBEDTLS_THREADING_PTHREAD)
+    "MBEDTLS_THREADING_PTHREAD",
+#endif /* MBEDTLS_THREADING_PTHREAD */
+#if defined(MBEDTLS_VERSION_FEATURES)
+    "MBEDTLS_VERSION_FEATURES",
+#endif /* MBEDTLS_VERSION_FEATURES */
+#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
+    "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3",
+#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */
+#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
+    "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION",
+#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+    "MBEDTLS_X509_CHECK_KEY_USAGE",
+#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+    "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE",
+#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    "MBEDTLS_X509_RSASSA_PSS_SUPPORT",
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+#if defined(MBEDTLS_ZLIB_SUPPORT)
+    "MBEDTLS_ZLIB_SUPPORT",
+#endif /* MBEDTLS_ZLIB_SUPPORT */
+#if defined(MBEDTLS_AESNI_C)
+    "MBEDTLS_AESNI_C",
+#endif /* MBEDTLS_AESNI_C */
+#if defined(MBEDTLS_AES_C)
+    "MBEDTLS_AES_C",
+#endif /* MBEDTLS_AES_C */
+#if defined(MBEDTLS_ARC4_C)
+    "MBEDTLS_ARC4_C",
+#endif /* MBEDTLS_ARC4_C */
+#if defined(MBEDTLS_ASN1_PARSE_C)
+    "MBEDTLS_ASN1_PARSE_C",
+#endif /* MBEDTLS_ASN1_PARSE_C */
+#if defined(MBEDTLS_ASN1_WRITE_C)
+    "MBEDTLS_ASN1_WRITE_C",
+#endif /* MBEDTLS_ASN1_WRITE_C */
+#if defined(MBEDTLS_BASE64_C)
+    "MBEDTLS_BASE64_C",
+#endif /* MBEDTLS_BASE64_C */
+#if defined(MBEDTLS_BIGNUM_C)
+    "MBEDTLS_BIGNUM_C",
+#endif /* MBEDTLS_BIGNUM_C */
+#if defined(MBEDTLS_BLOWFISH_C)
+    "MBEDTLS_BLOWFISH_C",
+#endif /* MBEDTLS_BLOWFISH_C */
+#if defined(MBEDTLS_CAMELLIA_C)
+    "MBEDTLS_CAMELLIA_C",
+#endif /* MBEDTLS_CAMELLIA_C */
+#if defined(MBEDTLS_CCM_C)
+    "MBEDTLS_CCM_C",
+#endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_CERTS_C)
+    "MBEDTLS_CERTS_C",
+#endif /* MBEDTLS_CERTS_C */
+#if defined(MBEDTLS_CIPHER_C)
+    "MBEDTLS_CIPHER_C",
+#endif /* MBEDTLS_CIPHER_C */
+#if defined(MBEDTLS_CTR_DRBG_C)
+    "MBEDTLS_CTR_DRBG_C",
+#endif /* MBEDTLS_CTR_DRBG_C */
+#if defined(MBEDTLS_DEBUG_C)
+    "MBEDTLS_DEBUG_C",
+#endif /* MBEDTLS_DEBUG_C */
+#if defined(MBEDTLS_DES_C)
+    "MBEDTLS_DES_C",
+#endif /* MBEDTLS_DES_C */
+#if defined(MBEDTLS_DHM_C)
+    "MBEDTLS_DHM_C",
+#endif /* MBEDTLS_DHM_C */
+#if defined(MBEDTLS_ECDH_C)
+    "MBEDTLS_ECDH_C",
+#endif /* MBEDTLS_ECDH_C */
+#if defined(MBEDTLS_ECDSA_C)
+    "MBEDTLS_ECDSA_C",
+#endif /* MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_ECJPAKE_C)
+    "MBEDTLS_ECJPAKE_C",
+#endif /* MBEDTLS_ECJPAKE_C */
+#if defined(MBEDTLS_ECP_C)
+    "MBEDTLS_ECP_C",
+#endif /* MBEDTLS_ECP_C */
+#if defined(MBEDTLS_ENTROPY_C)
+    "MBEDTLS_ENTROPY_C",
+#endif /* MBEDTLS_ENTROPY_C */
+#if defined(MBEDTLS_ERROR_C)
+    "MBEDTLS_ERROR_C",
+#endif /* MBEDTLS_ERROR_C */
+#if defined(MBEDTLS_GCM_C)
+    "MBEDTLS_GCM_C",
+#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_HAVEGE_C)
+    "MBEDTLS_HAVEGE_C",
+#endif /* MBEDTLS_HAVEGE_C */
+#if defined(MBEDTLS_HMAC_DRBG_C)
+    "MBEDTLS_HMAC_DRBG_C",
+#endif /* MBEDTLS_HMAC_DRBG_C */
+#if defined(MBEDTLS_MD_C)
+    "MBEDTLS_MD_C",
+#endif /* MBEDTLS_MD_C */
+#if defined(MBEDTLS_MD2_C)
+    "MBEDTLS_MD2_C",
+#endif /* MBEDTLS_MD2_C */
+#if defined(MBEDTLS_MD4_C)
+    "MBEDTLS_MD4_C",
+#endif /* MBEDTLS_MD4_C */
+#if defined(MBEDTLS_MD5_C)
+    "MBEDTLS_MD5_C",
+#endif /* MBEDTLS_MD5_C */
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+    "MBEDTLS_MEMORY_BUFFER_ALLOC_C",
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
+#if defined(MBEDTLS_NET_C)
+    "MBEDTLS_NET_C",
+#endif /* MBEDTLS_NET_C */
+#if defined(MBEDTLS_OID_C)
+    "MBEDTLS_OID_C",
+#endif /* MBEDTLS_OID_C */
+#if defined(MBEDTLS_PADLOCK_C)
+    "MBEDTLS_PADLOCK_C",
+#endif /* MBEDTLS_PADLOCK_C */
+#if defined(MBEDTLS_PEM_PARSE_C)
+    "MBEDTLS_PEM_PARSE_C",
+#endif /* MBEDTLS_PEM_PARSE_C */
+#if defined(MBEDTLS_PEM_WRITE_C)
+    "MBEDTLS_PEM_WRITE_C",
+#endif /* MBEDTLS_PEM_WRITE_C */
+#if defined(MBEDTLS_PK_C)
+    "MBEDTLS_PK_C",
+#endif /* MBEDTLS_PK_C */
+#if defined(MBEDTLS_PK_PARSE_C)
+    "MBEDTLS_PK_PARSE_C",
+#endif /* MBEDTLS_PK_PARSE_C */
+#if defined(MBEDTLS_PK_WRITE_C)
+    "MBEDTLS_PK_WRITE_C",
+#endif /* MBEDTLS_PK_WRITE_C */
+#if defined(MBEDTLS_PKCS5_C)
+    "MBEDTLS_PKCS5_C",
+#endif /* MBEDTLS_PKCS5_C */
+#if defined(MBEDTLS_PKCS11_C)
+    "MBEDTLS_PKCS11_C",
+#endif /* MBEDTLS_PKCS11_C */
+#if defined(MBEDTLS_PKCS12_C)
+    "MBEDTLS_PKCS12_C",
+#endif /* MBEDTLS_PKCS12_C */
+#if defined(MBEDTLS_PLATFORM_C)
+    "MBEDTLS_PLATFORM_C",
+#endif /* MBEDTLS_PLATFORM_C */
+#if defined(MBEDTLS_RIPEMD160_C)
+    "MBEDTLS_RIPEMD160_C",
+#endif /* MBEDTLS_RIPEMD160_C */
+#if defined(MBEDTLS_RSA_C)
+    "MBEDTLS_RSA_C",
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_SHA1_C)
+    "MBEDTLS_SHA1_C",
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA256_C)
+    "MBEDTLS_SHA256_C",
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    "MBEDTLS_SHA512_C",
+#endif /* MBEDTLS_SHA512_C */
+#if defined(MBEDTLS_SSL_CACHE_C)
+    "MBEDTLS_SSL_CACHE_C",
+#endif /* MBEDTLS_SSL_CACHE_C */
+#if defined(MBEDTLS_SSL_COOKIE_C)
+    "MBEDTLS_SSL_COOKIE_C",
+#endif /* MBEDTLS_SSL_COOKIE_C */
+#if defined(MBEDTLS_SSL_TICKET_C)
+    "MBEDTLS_SSL_TICKET_C",
+#endif /* MBEDTLS_SSL_TICKET_C */
+#if defined(MBEDTLS_SSL_CLI_C)
+    "MBEDTLS_SSL_CLI_C",
+#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_SRV_C)
+    "MBEDTLS_SSL_SRV_C",
+#endif /* MBEDTLS_SSL_SRV_C */
+#if defined(MBEDTLS_SSL_TLS_C)
+    "MBEDTLS_SSL_TLS_C",
+#endif /* MBEDTLS_SSL_TLS_C */
+#if defined(MBEDTLS_THREADING_C)
+    "MBEDTLS_THREADING_C",
+#endif /* MBEDTLS_THREADING_C */
+#if defined(MBEDTLS_TIMING_C)
+    "MBEDTLS_TIMING_C",
+#endif /* MBEDTLS_TIMING_C */
+#if defined(MBEDTLS_VERSION_C)
+    "MBEDTLS_VERSION_C",
+#endif /* MBEDTLS_VERSION_C */
+#if defined(MBEDTLS_X509_USE_C)
+    "MBEDTLS_X509_USE_C",
+#endif /* MBEDTLS_X509_USE_C */
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    "MBEDTLS_X509_CRT_PARSE_C",
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+    "MBEDTLS_X509_CRL_PARSE_C",
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+    "MBEDTLS_X509_CSR_PARSE_C",
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+#if defined(MBEDTLS_X509_CREATE_C)
+    "MBEDTLS_X509_CREATE_C",
+#endif /* MBEDTLS_X509_CREATE_C */
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+    "MBEDTLS_X509_CRT_WRITE_C",
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+    "MBEDTLS_X509_CSR_WRITE_C",
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
+#if defined(MBEDTLS_XTEA_C)
+    "MBEDTLS_XTEA_C",
+#endif /* MBEDTLS_XTEA_C */
+#endif /* MBEDTLS_VERSION_FEATURES */
+    NULL
+};
+
+int mbedtls_version_check_feature( const char *feature )
+{
+    const char **idx = features;
+
+    if( *idx == NULL )
+        return( -2 );
+
+    if( feature == NULL )
+        return( -1 );
+
+    while( *idx != NULL )
+    {
+        if( !strcmp( *idx, feature ) )
+            return( 0 );
+        idx++;
+    }
+    return( -1 );
+}
+
+#endif /* MBEDTLS_VERSION_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/x509.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1024 @@
+/*
+ *  X.509 common functions for parsing and verification
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The ITU-T X.509 standard defines a certificate format for PKI.
+ *
+ *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
+ *
+ *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_X509_USE_C)
+
+#include "mbedtls/x509.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/oid.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+#include "mbedtls/pem.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_free       free
+#define mbedtls_calloc    calloc
+#define mbedtls_printf     printf
+#define mbedtls_snprintf   snprintf
+#endif
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#include <windows.h>
+#else
+#include <time.h>
+#endif
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#if !defined(_WIN32)
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#endif
+#endif
+
+#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
+
+/*
+ *  CertificateSerialNumber  ::=  INTEGER
+ */
+int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
+                     mbedtls_x509_buf *serial )
+{
+    int ret;
+
+    if( ( end - *p ) < 1 )
+        return( MBEDTLS_ERR_X509_INVALID_SERIAL +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
+        **p !=   MBEDTLS_ASN1_INTEGER )
+        return( MBEDTLS_ERR_X509_INVALID_SERIAL +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+    serial->tag = *(*p)++;
+
+    if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret );
+
+    serial->p = *p;
+    *p += serial->len;
+
+    return( 0 );
+}
+
+/* Get an algorithm identifier without parameters (eg for signatures)
+ *
+ *  AlgorithmIdentifier  ::=  SEQUENCE  {
+ *       algorithm               OBJECT IDENTIFIER,
+ *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
+ */
+int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
+                       mbedtls_x509_buf *alg )
+{
+    int ret;
+
+    if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    return( 0 );
+}
+
+/*
+ * Parse an algorithm identifier with (optional) paramaters
+ */
+int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
+{
+    int ret;
+
+    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+/*
+ * HashAlgorithm ::= AlgorithmIdentifier
+ *
+ * AlgorithmIdentifier  ::=  SEQUENCE  {
+ *      algorithm               OBJECT IDENTIFIER,
+ *      parameters              ANY DEFINED BY algorithm OPTIONAL  }
+ *
+ * For HashAlgorithm, parameters MUST be NULL or absent.
+ */
+static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
+{
+    int ret;
+    unsigned char *p;
+    const unsigned char *end;
+    mbedtls_x509_buf md_oid;
+    size_t len;
+
+    /* Make sure we got a SEQUENCE and setup bounds */
+    if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+    p = (unsigned char *) alg->p;
+    end = p + alg->len;
+
+    if( p >= end )
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    /* Parse md_oid */
+    md_oid.tag = *p;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    md_oid.p = p;
+    p += md_oid.len;
+
+    /* Get md_alg from md_oid */
+    if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    /* Make sure params is absent of NULL */
+    if( p == end )
+        return( 0 );
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    if( p != end )
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ *    RSASSA-PSS-params  ::=  SEQUENCE  {
+ *       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
+ *       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
+ *       saltLength        [2] INTEGER DEFAULT 20,
+ *       trailerField      [3] INTEGER DEFAULT 1  }
+ *    -- Note that the tags in this Sequence are explicit.
+ *
+ * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
+ * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
+ * option. Enfore this at parsing time.
+ */
+int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
+                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+                                int *salt_len )
+{
+    int ret;
+    unsigned char *p;
+    const unsigned char *end, *end2;
+    size_t len;
+    mbedtls_x509_buf alg_id, alg_params;
+
+    /* First set everything to defaults */
+    *md_alg = MBEDTLS_MD_SHA1;
+    *mgf_md = MBEDTLS_MD_SHA1;
+    *salt_len = 20;
+
+    /* Make sure params is a SEQUENCE and setup bounds */
+    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+    p = (unsigned char *) params->p;
+    end = p + params->len;
+
+    if( p == end )
+        return( 0 );
+
+    /*
+     * HashAlgorithm
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
+    {
+        end2 = p + len;
+
+        /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
+        if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
+            return( ret );
+
+        if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+        if( p != end2 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    if( p == end )
+        return( 0 );
+
+    /*
+     * MaskGenAlgorithm
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
+    {
+        end2 = p + len;
+
+        /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
+        if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
+            return( ret );
+
+        /* Only MFG1 is recognised for now */
+        if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
+            return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +
+                    MBEDTLS_ERR_OID_NOT_FOUND );
+
+        /* Parse HashAlgorithm */
+        if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
+            return( ret );
+
+        if( p != end2 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    if( p == end )
+        return( 0 );
+
+    /*
+     * salt_len
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
+    {
+        end2 = p + len;
+
+        if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+        if( p != end2 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    if( p == end )
+        return( 0 );
+
+    /*
+     * trailer_field (if present, must be 1)
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
+    {
+        int trailer_field;
+
+        end2 = p + len;
+
+        if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+        if( p != end2 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+        if( trailer_field != 1 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG );
+    }
+    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
+
+    if( p != end )
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+/*
+ *  AttributeTypeAndValue ::= SEQUENCE {
+ *    type     AttributeType,
+ *    value    AttributeValue }
+ *
+ *  AttributeType ::= OBJECT IDENTIFIER
+ *
+ *  AttributeValue ::= ANY DEFINED BY AttributeType
+ */
+static int x509_get_attr_type_value( unsigned char **p,
+                                     const unsigned char *end,
+                                     mbedtls_x509_name *cur )
+{
+    int ret;
+    size_t len;
+    mbedtls_x509_buf *oid;
+    mbedtls_x509_buf *val;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
+
+    if( ( end - *p ) < 1 )
+        return( MBEDTLS_ERR_X509_INVALID_NAME +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    oid = &cur->oid;
+    oid->tag = **p;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
+
+    oid->p = *p;
+    *p += oid->len;
+
+    if( ( end - *p ) < 1 )
+        return( MBEDTLS_ERR_X509_INVALID_NAME +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING      &&
+        **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
+        **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
+        **p != MBEDTLS_ASN1_BIT_STRING )
+        return( MBEDTLS_ERR_X509_INVALID_NAME +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+    val = &cur->val;
+    val->tag = *(*p)++;
+
+    if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
+
+    val->p = *p;
+    *p += val->len;
+
+    cur->next = NULL;
+
+    return( 0 );
+}
+
+/*
+ *  Name ::= CHOICE { -- only one possibility for now --
+ *       rdnSequence  RDNSequence }
+ *
+ *  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ *
+ *  RelativeDistinguishedName ::=
+ *    SET OF AttributeTypeAndValue
+ *
+ *  AttributeTypeAndValue ::= SEQUENCE {
+ *    type     AttributeType,
+ *    value    AttributeValue }
+ *
+ *  AttributeType ::= OBJECT IDENTIFIER
+ *
+ *  AttributeValue ::= ANY DEFINED BY AttributeType
+ *
+ * The data structure is optimized for the common case where each RDN has only
+ * one element, which is represented as a list of AttributeTypeAndValue.
+ * For the general case we still use a flat list, but we mark elements of the
+ * same set so that they are "merged" together in the functions that consume
+ * this list, eg mbedtls_x509_dn_gets().
+ */
+int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_name *cur )
+{
+    int ret;
+    size_t set_len;
+    const unsigned char *end_set;
+
+    /* don't use recursion, we'd risk stack overflow if not optimized */
+    while( 1 )
+    {
+        /*
+         * parse SET
+         */
+        if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
+                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
+
+        end_set  = *p + set_len;
+
+        while( 1 )
+        {
+            if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
+                return( ret );
+
+            if( *p == end_set )
+                break;
+
+            /* Mark this item as being no the only one in a set */
+            cur->next_merged = 1;
+
+            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
+
+            if( cur->next == NULL )
+                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+            cur = cur->next;
+        }
+
+        /*
+         * continue until end of SEQUENCE is reached
+         */
+        if( *p == end )
+            return( 0 );
+
+        cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
+
+        if( cur->next == NULL )
+            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+        cur = cur->next;
+    }
+}
+
+static int x509_parse_int(unsigned char **p, unsigned n, int *res){
+    *res = 0;
+    for( ; n > 0; --n ){
+        if( ( **p < '0') || ( **p > '9' ) ) return MBEDTLS_ERR_X509_INVALID_DATE;
+        *res *= 10;
+        *res += (*(*p)++ - '0');
+    }
+    return 0;
+}
+
+/*
+ *  Time ::= CHOICE {
+ *       utcTime        UTCTime,
+ *       generalTime    GeneralizedTime }
+ */
+int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_time *time )
+{
+    int ret;
+    size_t len;
+    unsigned char tag;
+
+    if( ( end - *p ) < 1 )
+        return( MBEDTLS_ERR_X509_INVALID_DATE +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    tag = **p;
+
+    if( tag == MBEDTLS_ASN1_UTC_TIME )
+    {
+        (*p)++;
+        ret = mbedtls_asn1_get_len( p, end, &len );
+
+        if( ret != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
+
+        CHECK( x509_parse_int( p, 2, &time->year ) );
+        CHECK( x509_parse_int( p, 2, &time->mon ) );
+        CHECK( x509_parse_int( p, 2, &time->day ) );
+        CHECK( x509_parse_int( p, 2, &time->hour ) );
+        CHECK( x509_parse_int( p, 2, &time->min ) );
+        if( len > 10 )
+            CHECK( x509_parse_int( p, 2, &time->sec ) );
+        if( len > 12 && *(*p)++ != 'Z' )
+            return( MBEDTLS_ERR_X509_INVALID_DATE );
+
+        time->year +=  100 * ( time->year < 50 );
+        time->year += 1900;
+
+        return( 0 );
+    }
+    else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
+    {
+        (*p)++;
+        ret = mbedtls_asn1_get_len( p, end, &len );
+
+        if( ret != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
+
+        CHECK( x509_parse_int( p, 4, &time->year ) );
+        CHECK( x509_parse_int( p, 2, &time->mon ) );
+        CHECK( x509_parse_int( p, 2, &time->day ) );
+        CHECK( x509_parse_int( p, 2, &time->hour ) );
+        CHECK( x509_parse_int( p, 2, &time->min ) );
+        if( len > 12 )
+            CHECK( x509_parse_int( p, 2, &time->sec ) );
+        if( len > 14 && *(*p)++ != 'Z' )
+            return( MBEDTLS_ERR_X509_INVALID_DATE );
+
+        return( 0 );
+    }
+    else
+        return( MBEDTLS_ERR_X509_INVALID_DATE +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+}
+
+int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
+{
+    int ret;
+    size_t len;
+
+    if( ( end - *p ) < 1 )
+        return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+    sig->tag = **p;
+
+    if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
+
+    sig->len = len;
+    sig->p = *p;
+
+    *p += len;
+
+    return( 0 );
+}
+
+/*
+ * Get signature algorithm from alg OID and optional parameters
+ */
+int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+                      void **sig_opts )
+{
+    int ret;
+
+    if( *sig_opts != NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
+        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
+    {
+        mbedtls_pk_rsassa_pss_options *pss_opts;
+
+        pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
+        if( pss_opts == NULL )
+            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+        ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
+                                          md_alg,
+                                          &pss_opts->mgf1_hash_id,
+                                          &pss_opts->expected_salt_len );
+        if( ret != 0 )
+        {
+            mbedtls_free( pss_opts );
+            return( ret );
+        }
+
+        *sig_opts = (void *) pss_opts;
+    }
+    else
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+    {
+        /* Make sure parameters are absent or NULL */
+        if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
+              sig_params->len != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG );
+    }
+
+    return( 0 );
+}
+
+/*
+ * X.509 Extensions (No parsing of extensions, pointer should
+ * be either manually updated or extensions should be parsed!
+ */
+int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *ext, int tag )
+{
+    int ret;
+    size_t len;
+
+    if( *p == end )
+        return( 0 );
+
+    ext->tag = **p;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
+            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ) ) != 0 )
+        return( ret );
+
+    ext->p = *p;
+    end = *p + ext->len;
+
+    /*
+     * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+     *
+     * Extension  ::=  SEQUENCE  {
+     *      extnID      OBJECT IDENTIFIER,
+     *      critical    BOOLEAN DEFAULT FALSE,
+     *      extnValue   OCTET STRING  }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+    if( end != *p + len )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ * Store the name in printable form into buf; no more
+ * than size characters will be written
+ */
+int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
+{
+    int ret;
+    size_t i, n;
+    unsigned char c, merge = 0;
+    const mbedtls_x509_name *name;
+    const char *short_name = NULL;
+    char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
+
+    memset( s, 0, sizeof( s ) );
+
+    name = dn;
+    p = buf;
+    n = size;
+
+    while( name != NULL )
+    {
+        if( !name->oid.p )
+        {
+            name = name->next;
+            continue;
+        }
+
+        if( name != dn )
+        {
+            ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
+            MBEDTLS_X509_SAFE_SNPRINTF;
+        }
+
+        ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
+
+        if( ret == 0 )
+            ret = mbedtls_snprintf( p, n, "%s=", short_name );
+        else
+            ret = mbedtls_snprintf( p, n, "\?\?=" );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        for( i = 0; i < name->val.len; i++ )
+        {
+            if( i >= sizeof( s ) - 1 )
+                break;
+
+            c = name->val.p[i];
+            if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
+                 s[i] = '?';
+            else s[i] = c;
+        }
+        s[i] = '\0';
+        ret = mbedtls_snprintf( p, n, "%s", s );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        merge = name->next_merged;
+        name = name->next;
+    }
+
+    return( (int) ( size - n ) );
+}
+
+/*
+ * Store the serial in printable form into buf; no more
+ * than size characters will be written
+ */
+int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
+{
+    int ret;
+    size_t i, n, nr;
+    char *p;
+
+    p = buf;
+    n = size;
+
+    nr = ( serial->len <= 32 )
+        ? serial->len  : 28;
+
+    for( i = 0; i < nr; i++ )
+    {
+        if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
+            continue;
+
+        ret = mbedtls_snprintf( p, n, "%02X%s",
+                serial->p[i], ( i < nr - 1 ) ? ":" : "" );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+    }
+
+    if( nr != serial->len )
+    {
+        ret = mbedtls_snprintf( p, n, "...." );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+    }
+
+    return( (int) ( size - n ) );
+}
+
+/*
+ * Helper for writing signature algorithms
+ */
+int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                       const void *sig_opts )
+{
+    int ret;
+    char *p = buf;
+    size_t n = size;
+    const char *desc = NULL;
+
+    ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
+    if( ret != 0 )
+        ret = mbedtls_snprintf( p, n, "???"  );
+    else
+        ret = mbedtls_snprintf( p, n, "%s", desc );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
+    {
+        const mbedtls_pk_rsassa_pss_options *pss_opts;
+        const mbedtls_md_info_t *md_info, *mgf_md_info;
+
+        pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
+
+        md_info = mbedtls_md_info_from_type( md_alg );
+        mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
+
+        ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
+                              md_info ? mbedtls_md_get_name( md_info ) : "???",
+                              mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
+                              pss_opts->expected_salt_len );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+    }
+#else
+    ((void) pk_alg);
+    ((void) md_alg);
+    ((void) sig_opts);
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+    return( (int)( size - n ) );
+}
+
+/*
+ * Helper for writing "RSA key size", "EC key size", etc
+ */
+int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
+{
+    char *p = buf;
+    size_t n = buf_size;
+    int ret;
+
+    ret = mbedtls_snprintf( p, n, "%s key size", name );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+/*
+ * Set the time structure to the current time.
+ * Return 0 on success, non-zero on failure.
+ */
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+static int x509_get_current_time( mbedtls_x509_time *now )
+{
+    SYSTEMTIME st;
+
+    GetSystemTime( &st );
+
+    now->year = st.wYear;
+    now->mon  = st.wMonth;
+    now->day  = st.wDay;
+    now->hour = st.wHour;
+    now->min  = st.wMinute;
+    now->sec  = st.wSecond;
+
+    return( 0 );
+}
+#else
+static int x509_get_current_time( mbedtls_x509_time *now )
+{
+    struct tm *lt;
+    time_t tt;
+    int ret = 0;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    tt = time( NULL );
+    lt = gmtime( &tt );
+
+    if( lt == NULL )
+        ret = -1;
+    else
+    {
+        now->year = lt->tm_year + 1900;
+        now->mon  = lt->tm_mon  + 1;
+        now->day  = lt->tm_mday;
+        now->hour = lt->tm_hour;
+        now->min  = lt->tm_min;
+        now->sec  = lt->tm_sec;
+    }
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif
+
+    return( ret );
+}
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+
+/*
+ * Return 0 if before <= after, 1 otherwise
+ */
+static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
+{
+    if( before->year  > after->year )
+        return( 1 );
+
+    if( before->year == after->year &&
+        before->mon   > after->mon )
+        return( 1 );
+
+    if( before->year == after->year &&
+        before->mon  == after->mon  &&
+        before->day   > after->day )
+        return( 1 );
+
+    if( before->year == after->year &&
+        before->mon  == after->mon  &&
+        before->day  == after->day  &&
+        before->hour  > after->hour )
+        return( 1 );
+
+    if( before->year == after->year &&
+        before->mon  == after->mon  &&
+        before->day  == after->day  &&
+        before->hour == after->hour &&
+        before->min   > after->min  )
+        return( 1 );
+
+    if( before->year == after->year &&
+        before->mon  == after->mon  &&
+        before->day  == after->day  &&
+        before->hour == after->hour &&
+        before->min  == after->min  &&
+        before->sec   > after->sec  )
+        return( 1 );
+
+    return( 0 );
+}
+
+int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
+{
+    mbedtls_x509_time now;
+
+    if( x509_get_current_time( &now ) != 0 )
+        return( 1 );
+
+    return( x509_check_time( &now, to ) );
+}
+
+int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
+{
+    mbedtls_x509_time now;
+
+    if( x509_get_current_time( &now ) != 0 )
+        return( 1 );
+
+    return( x509_check_time( from, &now ) );
+}
+
+#else  /* MBEDTLS_HAVE_TIME_DATE */
+
+int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
+{
+    ((void) to);
+    return( 0 );
+}
+
+int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
+{
+    ((void) from);
+    return( 0 );
+}
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
+#if defined(MBEDTLS_SELF_TEST)
+
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/certs.h"
+
+/*
+ * Checkup routine
+ */
+int mbedtls_x509_self_test( int verbose )
+{
+#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA1_C)
+    int ret;
+    uint32_t flags;
+    mbedtls_x509_crt cacert;
+    mbedtls_x509_crt clicert;
+
+    if( verbose != 0 )
+        mbedtls_printf( "  X.509 certificate load: " );
+
+    mbedtls_x509_crt_init( &clicert );
+
+    ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
+                           mbedtls_test_cli_crt_len );
+    if( ret != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( ret );
+    }
+
+    mbedtls_x509_crt_init( &cacert );
+
+    ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
+                          mbedtls_test_ca_crt_len );
+    if( ret != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( ret );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n  X.509 signature verify: ");
+
+    ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
+    if( ret != 0 )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "failed\n" );
+
+        return( ret );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "passed\n\n");
+
+    mbedtls_x509_crt_free( &cacert  );
+    mbedtls_x509_crt_free( &clicert );
+
+    return( 0 );
+#else
+    ((void) verbose);
+    return( 0 );
+#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_X509_USE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/x509_create.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,340 @@
+/*
+ *  X.509 base functions for creating certificates / CSRs
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_X509_CREATE_C)
+
+#include "mbedtls/x509.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/oid.h"
+
+#include <string.h>
+
+typedef struct {
+    const char *name;
+    size_t name_len;
+    const char*oid;
+} x509_attr_descriptor_t;
+
+#define ADD_STRLEN( s )     s, sizeof( s ) - 1
+
+static const x509_attr_descriptor_t x509_attrs[] =
+{
+    { ADD_STRLEN( "CN" ),                       MBEDTLS_OID_AT_CN },
+    { ADD_STRLEN( "commonName" ),               MBEDTLS_OID_AT_CN },
+    { ADD_STRLEN( "C" ),                        MBEDTLS_OID_AT_COUNTRY },
+    { ADD_STRLEN( "countryName" ),              MBEDTLS_OID_AT_COUNTRY },
+    { ADD_STRLEN( "O" ),                        MBEDTLS_OID_AT_ORGANIZATION },
+    { ADD_STRLEN( "organizationName" ),         MBEDTLS_OID_AT_ORGANIZATION },
+    { ADD_STRLEN( "L" ),                        MBEDTLS_OID_AT_LOCALITY },
+    { ADD_STRLEN( "locality" ),                 MBEDTLS_OID_AT_LOCALITY },
+    { ADD_STRLEN( "R" ),                        MBEDTLS_OID_PKCS9_EMAIL },
+    { ADD_STRLEN( "OU" ),                       MBEDTLS_OID_AT_ORG_UNIT },
+    { ADD_STRLEN( "organizationalUnitName" ),   MBEDTLS_OID_AT_ORG_UNIT },
+    { ADD_STRLEN( "ST" ),                       MBEDTLS_OID_AT_STATE },
+    { ADD_STRLEN( "stateOrProvinceName" ),      MBEDTLS_OID_AT_STATE },
+    { ADD_STRLEN( "emailAddress" ),             MBEDTLS_OID_PKCS9_EMAIL },
+    { ADD_STRLEN( "serialNumber" ),             MBEDTLS_OID_AT_SERIAL_NUMBER },
+    { ADD_STRLEN( "postalAddress" ),            MBEDTLS_OID_AT_POSTAL_ADDRESS },
+    { ADD_STRLEN( "postalCode" ),               MBEDTLS_OID_AT_POSTAL_CODE },
+    { ADD_STRLEN( "dnQualifier" ),              MBEDTLS_OID_AT_DN_QUALIFIER },
+    { ADD_STRLEN( "title" ),                    MBEDTLS_OID_AT_TITLE },
+    { ADD_STRLEN( "surName" ),                  MBEDTLS_OID_AT_SUR_NAME },
+    { ADD_STRLEN( "SN" ),                       MBEDTLS_OID_AT_SUR_NAME },
+    { ADD_STRLEN( "givenName" ),                MBEDTLS_OID_AT_GIVEN_NAME },
+    { ADD_STRLEN( "GN" ),                       MBEDTLS_OID_AT_GIVEN_NAME },
+    { ADD_STRLEN( "initials" ),                 MBEDTLS_OID_AT_INITIALS },
+    { ADD_STRLEN( "pseudonym" ),                MBEDTLS_OID_AT_PSEUDONYM },
+    { ADD_STRLEN( "generationQualifier" ),      MBEDTLS_OID_AT_GENERATION_QUALIFIER },
+    { ADD_STRLEN( "domainComponent" ),          MBEDTLS_OID_DOMAIN_COMPONENT },
+    { ADD_STRLEN( "DC" ),                       MBEDTLS_OID_DOMAIN_COMPONENT },
+    { NULL, 0, NULL }
+};
+
+static const char *x509_at_oid_from_name( const char *name, size_t name_len )
+{
+    const x509_attr_descriptor_t *cur;
+
+    for( cur = x509_attrs; cur->name != NULL; cur++ )
+        if( cur->name_len == name_len &&
+            strncmp( cur->name, name, name_len ) == 0 )
+            break;
+
+    return( cur->oid );
+}
+
+int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name )
+{
+    int ret = 0;
+    const char *s = name, *c = s;
+    const char *end = s + strlen( s );
+    const char *oid = NULL;
+    int in_tag = 1;
+    char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
+    char *d = data;
+
+    /* Clear existing chain if present */
+    mbedtls_asn1_free_named_data_list( head );
+
+    while( c <= end )
+    {
+        if( in_tag && *c == '=' )
+        {
+            if( ( oid = x509_at_oid_from_name( s, c - s ) ) == NULL )
+            {
+                ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
+                goto exit;
+            }
+
+            s = c + 1;
+            in_tag = 0;
+            d = data;
+        }
+
+        if( !in_tag && *c == '\\' && c != end )
+        {
+            c++;
+
+            /* Check for valid escaped characters */
+            if( c == end || *c != ',' )
+            {
+                ret = MBEDTLS_ERR_X509_INVALID_NAME;
+                goto exit;
+            }
+        }
+        else if( !in_tag && ( *c == ',' || c == end ) )
+        {
+            if( mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
+                                       (unsigned char *) data,
+                                       d - data ) == NULL )
+            {
+                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+            }
+
+            while( c < end && *(c + 1) == ' ' )
+                c++;
+
+            s = c + 1;
+            in_tag = 1;
+        }
+
+        if( !in_tag && s != c + 1 )
+        {
+            *(d++) = *c;
+
+            if( d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE )
+            {
+                ret = MBEDTLS_ERR_X509_INVALID_NAME;
+                goto exit;
+            }
+        }
+
+        c++;
+    }
+
+exit:
+
+    return( ret );
+}
+
+/* The first byte of the value in the mbedtls_asn1_named_data structure is reserved
+ * to store the critical boolean for us
+ */
+int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+                        int critical, const unsigned char *val, size_t val_len )
+{
+    mbedtls_asn1_named_data *cur;
+
+    if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len,
+                                       NULL, val_len + 1 ) ) == NULL )
+    {
+        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+    }
+
+    cur->val.p[0] = critical;
+    memcpy( cur->val.p + 1, val, val_len );
+
+    return( 0 );
+}
+
+/*
+ *  RelativeDistinguishedName ::=
+ *    SET OF AttributeTypeAndValue
+ *
+ *  AttributeTypeAndValue ::= SEQUENCE {
+ *    type     AttributeType,
+ *    value    AttributeValue }
+ *
+ *  AttributeType ::= OBJECT IDENTIFIER
+ *
+ *  AttributeValue ::= ANY DEFINED BY AttributeType
+ */
+static int x509_write_name( unsigned char **p, unsigned char *start,
+                            const char *oid, size_t oid_len,
+                            const unsigned char *name, size_t name_len )
+{
+    int ret;
+    size_t len = 0;
+
+    // Write PrintableString for all except MBEDTLS_OID_PKCS9_EMAIL
+    //
+    if( MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_EMAIL ) == oid_len &&
+        memcmp( oid, MBEDTLS_OID_PKCS9_EMAIL, oid_len ) == 0 )
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_ia5_string( p, start,
+                                                  (const char *) name,
+                                                  name_len ) );
+    }
+    else
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_printable_string( p, start,
+                                                        (const char *) name,
+                                                        name_len ) );
+    }
+
+    // Write OID
+    //
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                 MBEDTLS_ASN1_SEQUENCE ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                 MBEDTLS_ASN1_SET ) );
+
+    return( (int) len );
+}
+
+int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
+                      mbedtls_asn1_named_data *first )
+{
+    int ret;
+    size_t len = 0;
+    mbedtls_asn1_named_data *cur = first;
+
+    while( cur != NULL )
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, (char *) cur->oid.p,
+                                            cur->oid.len,
+                                            cur->val.p, cur->val.len ) );
+        cur = cur->next;
+    }
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                 MBEDTLS_ASN1_SEQUENCE ) );
+
+    return( (int) len );
+}
+
+int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
+                    const char *oid, size_t oid_len,
+                    unsigned char *sig, size_t size )
+{
+    int ret;
+    size_t len = 0;
+
+    if( *p < start || (size_t)( *p - start ) < size )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    len = size;
+    (*p) -= len;
+    memcpy( *p, sig, len );
+
+    if( *p - start < 1 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    *--(*p) = 0;
+    len += 1;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
+
+    // Write OID
+    //
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( p, start, oid,
+                                                        oid_len, 0 ) );
+
+    return( (int) len );
+}
+
+static int x509_write_extension( unsigned char **p, unsigned char *start,
+                                 mbedtls_asn1_named_data *ext )
+{
+    int ret;
+    size_t len = 0;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1,
+                                              ext->val.len - 1 ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->val.len - 1 ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
+
+    if( ext->val.p[0] != 0 )
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( p, start, 1 ) );
+    }
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->oid.p,
+                                              ext->oid.len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->oid.len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                 MBEDTLS_ASN1_SEQUENCE ) );
+
+    return( (int) len );
+}
+
+/*
+ * Extension  ::=  SEQUENCE  {
+ *     extnID      OBJECT IDENTIFIER,
+ *     critical    BOOLEAN DEFAULT FALSE,
+ *     extnValue   OCTET STRING
+ *                 -- contains the DER encoding of an ASN.1 value
+ *                 -- corresponding to the extension type identified
+ *                 -- by extnID
+ *     }
+ */
+int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
+                           mbedtls_asn1_named_data *first )
+{
+    int ret;
+    size_t len = 0;
+    mbedtls_asn1_named_data *cur_ext = first;
+
+    while( cur_ext != NULL )
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) );
+        cur_ext = cur_ext->next;
+    }
+
+    return( (int) len );
+}
+
+#endif /* MBEDTLS_X509_CREATE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/x509_crl.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,721 @@
+/*
+ *  X.509 Certidicate Revocation List (CRL) parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The ITU-T X.509 standard defines a certificate format for PKI.
+ *
+ *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
+ *
+ *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/oid.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+#include "mbedtls/pem.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#include <stdio.h>
+#define mbedtls_free       free
+#define mbedtls_calloc    calloc
+#define mbedtls_snprintf   snprintf
+#endif
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#include <windows.h>
+#else
+#include <time.h>
+#endif
+
+#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
+#include <stdio.h>
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ *  Version  ::=  INTEGER  {  v1(0), v2(1)  }
+ */
+static int x509_crl_get_version( unsigned char **p,
+                             const unsigned char *end,
+                             int *ver )
+{
+    int ret;
+
+    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        {
+            *ver = 0;
+            return( 0 );
+        }
+
+        return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
+    }
+
+    return( 0 );
+}
+
+/*
+ * X.509 CRL v2 extensions (no extensions parsed yet.)
+ */
+static int x509_get_crl_ext( unsigned char **p,
+                             const unsigned char *end,
+                             mbedtls_x509_buf *ext )
+{
+    int ret;
+    size_t len = 0;
+
+    /* Get explicit tag */
+    if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+            return( 0 );
+
+        return( ret );
+    }
+
+    while( *p < end )
+    {
+        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        *p += len;
+    }
+
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ * X.509 CRL v2 entry extensions (no extensions parsed yet.)
+ */
+static int x509_get_crl_entry_ext( unsigned char **p,
+                             const unsigned char *end,
+                             mbedtls_x509_buf *ext )
+{
+    int ret;
+    size_t len = 0;
+
+    /* OPTIONAL */
+    if( end <= *p )
+        return( 0 );
+
+    ext->tag = **p;
+    ext->p = *p;
+
+    /*
+     * Get CRL-entry extension sequence header
+     * crlEntryExtensions      Extensions OPTIONAL  -- if present, MUST be v2
+     */
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        {
+            ext->p = NULL;
+            return( 0 );
+        }
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+    }
+
+    end = *p + ext->len;
+
+    if( end != *p + ext->len )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    while( *p < end )
+    {
+        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        *p += len;
+    }
+
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ * X.509 CRL Entries
+ */
+static int x509_get_entries( unsigned char **p,
+                             const unsigned char *end,
+                             mbedtls_x509_crl_entry *entry )
+{
+    int ret;
+    size_t entry_len;
+    mbedtls_x509_crl_entry *cur_entry = entry;
+
+    if( *p == end )
+        return( 0 );
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len,
+            MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+            return( 0 );
+
+        return( ret );
+    }
+
+    end = *p + entry_len;
+
+    while( *p < end )
+    {
+        size_t len2;
+        const unsigned char *end2;
+
+        if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
+                MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
+        {
+            return( ret );
+        }
+
+        cur_entry->raw.tag = **p;
+        cur_entry->raw.p = *p;
+        cur_entry->raw.len = len2;
+        end2 = *p + len2;
+
+        if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
+            return( ret );
+
+        if( ( ret = mbedtls_x509_get_time( p, end2,
+                                   &cur_entry->revocation_date ) ) != 0 )
+            return( ret );
+
+        if( ( ret = x509_get_crl_entry_ext( p, end2,
+                                            &cur_entry->entry_ext ) ) != 0 )
+            return( ret );
+
+        if( *p < end )
+        {
+            cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) );
+
+            if( cur_entry->next == NULL )
+                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+            cur_entry = cur_entry->next;
+        }
+    }
+
+    return( 0 );
+}
+
+/*
+ * Parse one  CRLs in DER format and append it to the chained list
+ */
+int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
+                        const unsigned char *buf, size_t buflen )
+{
+    int ret;
+    size_t len;
+    unsigned char *p, *end;
+    mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
+    mbedtls_x509_crl *crl = chain;
+
+    /*
+     * Check for valid input
+     */
+    if( crl == NULL || buf == NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
+    memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
+    memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
+
+    /*
+     * Add new CRL on the end of the chain if needed.
+     */
+    while( crl->version != 0 && crl->next != NULL )
+        crl = crl->next;
+
+    if( crl->version != 0 && crl->next == NULL )
+    {
+        crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) );
+
+        if( crl->next == NULL )
+        {
+            mbedtls_x509_crl_free( crl );
+            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+        }
+
+        mbedtls_x509_crl_init( crl->next );
+        crl = crl->next;
+    }
+
+    /*
+     * Copy raw DER-encoded CRL
+     */
+    if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
+        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+    memcpy( p, buf, buflen );
+
+    crl->raw.p = p;
+    crl->raw.len = buflen;
+
+    end = p + buflen;
+
+    /*
+     * CertificateList  ::=  SEQUENCE  {
+     *      tbsCertList          TBSCertList,
+     *      signatureAlgorithm   AlgorithmIdentifier,
+     *      signatureValue       BIT STRING  }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    }
+
+    if( len != (size_t) ( end - p ) )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
+    /*
+     * TBSCertList  ::=  SEQUENCE  {
+     */
+    crl->tbs.p = p;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+
+    end = p + len;
+    crl->tbs.len = end - crl->tbs.p;
+
+    /*
+     * Version  ::=  INTEGER  OPTIONAL {  v1(0), v2(1)  }
+     *               -- if present, MUST be v2
+     *
+     * signature            AlgorithmIdentifier
+     */
+    if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
+        ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( ret );
+    }
+
+    crl->version++;
+
+    if( crl->version > 2 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+    }
+
+    if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1,
+                                  &crl->sig_md, &crl->sig_pk,
+                                  &crl->sig_opts ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
+    }
+
+    /*
+     * issuer               Name
+     */
+    crl->issuer_raw.p = p;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+
+    if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( ret );
+    }
+
+    crl->issuer_raw.len = p - crl->issuer_raw.p;
+
+    /*
+     * thisUpdate          Time
+     * nextUpdate          Time OPTIONAL
+     */
+    if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 )
+    {
+        if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE +
+                        MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) &&
+            ret != ( MBEDTLS_ERR_X509_INVALID_DATE +
+                        MBEDTLS_ERR_ASN1_OUT_OF_DATA ) )
+        {
+            mbedtls_x509_crl_free( crl );
+            return( ret );
+        }
+    }
+
+    /*
+     * revokedCertificates    SEQUENCE OF SEQUENCE   {
+     *      userCertificate        CertificateSerialNumber,
+     *      revocationDate         Time,
+     *      crlEntryExtensions     Extensions OPTIONAL
+     *                                   -- if present, MUST be v2
+     *                        } OPTIONAL
+     */
+    if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( ret );
+    }
+
+    /*
+     * crlExtensions          EXPLICIT Extensions OPTIONAL
+     *                              -- if present, MUST be v2
+     */
+    if( crl->version == 2 )
+    {
+        ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
+
+        if( ret != 0 )
+        {
+            mbedtls_x509_crl_free( crl );
+            return( ret );
+        }
+    }
+
+    if( p != end )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
+    end = crl->raw.p + crl->raw.len;
+
+    /*
+     *  signatureAlgorithm   AlgorithmIdentifier,
+     *  signatureValue       BIT STRING
+     */
+    if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( ret );
+    }
+
+    if( crl->sig_oid.len != sig_oid2.len ||
+        memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
+        sig_params1.len != sig_params2.len ||
+        ( sig_params1.len != 0 &&
+          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
+    }
+
+    if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( ret );
+    }
+
+    if( p != end )
+    {
+        mbedtls_x509_crl_free( crl );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Parse one or more CRLs and add them to the chained list
+ */
+int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen )
+{
+#if defined(MBEDTLS_PEM_PARSE_C)
+    int ret;
+    size_t use_len;
+    mbedtls_pem_context pem;
+    int is_pem = 0;
+
+    if( chain == NULL || buf == NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    do
+    {
+        mbedtls_pem_init( &pem );
+
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( buflen == 0 || buf[buflen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                               "-----BEGIN X509 CRL-----",
+                               "-----END X509 CRL-----",
+                               buf, NULL, 0, &use_len );
+
+        if( ret == 0 )
+        {
+            /*
+             * Was PEM encoded
+             */
+            is_pem = 1;
+
+            buflen -= use_len;
+            buf += use_len;
+
+            if( ( ret = mbedtls_x509_crl_parse_der( chain,
+                                            pem.buf, pem.buflen ) ) != 0 )
+            {
+                return( ret );
+            }
+
+            mbedtls_pem_free( &pem );
+        }
+        else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+        {
+            mbedtls_pem_free( &pem );
+            return( ret );
+        }
+    }
+    /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
+     * And a valid CRL cannot be less than 1 byte anyway. */
+    while( is_pem && buflen > 1 );
+
+    if( is_pem )
+        return( 0 );
+    else
+#endif /* MBEDTLS_PEM_PARSE_C */
+        return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) );
+}
+
+#if defined(MBEDTLS_FS_IO)
+/*
+ * Load one or more CRLs and add them to the chained list
+ */
+int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
+{
+    int ret;
+    size_t n;
+    unsigned char *buf;
+
+    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
+
+    ret = mbedtls_x509_crl_parse( chain, buf, n );
+
+    mbedtls_zeroize( buf, n );
+    mbedtls_free( buf );
+
+    return( ret );
+}
+#endif /* MBEDTLS_FS_IO */
+
+/*
+ * Return an informational string about the certificate.
+ */
+#define BEFORE_COLON    14
+#define BC              "14"
+/*
+ * Return an informational string about the CRL.
+ */
+int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_crl *crl )
+{
+    int ret;
+    size_t n;
+    char *p;
+    const mbedtls_x509_crl_entry *entry;
+
+    p = buf;
+    n = size;
+
+    ret = mbedtls_snprintf( p, n, "%sCRL version   : %d",
+                               prefix, crl->version );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%sissuer name   : ", prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+    ret = mbedtls_x509_dn_gets( p, n, &crl->issuer );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%sthis update   : " \
+                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+                   crl->this_update.year, crl->this_update.mon,
+                   crl->this_update.day,  crl->this_update.hour,
+                   crl->this_update.min,  crl->this_update.sec );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%snext update   : " \
+                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+                   crl->next_update.year, crl->next_update.mon,
+                   crl->next_update.day,  crl->next_update.hour,
+                   crl->next_update.min,  crl->next_update.sec );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    entry = &crl->entry;
+
+    ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:",
+                               prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    while( entry != NULL && entry->raw.len != 0 )
+    {
+        ret = mbedtls_snprintf( p, n, "\n%sserial number: ",
+                               prefix );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        ret = mbedtls_x509_serial_gets( p, n, &entry->serial );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        ret = mbedtls_snprintf( p, n, " revocation date: " \
+                   "%04d-%02d-%02d %02d:%02d:%02d",
+                   entry->revocation_date.year, entry->revocation_date.mon,
+                   entry->revocation_date.day,  entry->revocation_date.hour,
+                   entry->revocation_date.min,  entry->revocation_date.sec );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        entry = entry->next;
+    }
+
+    ret = mbedtls_snprintf( p, n, "\n%ssigned using  : ", prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
+                             crl->sig_opts );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n" );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    return( (int) ( size - n ) );
+}
+
+/*
+ * Initialize a CRL chain
+ */
+void mbedtls_x509_crl_init( mbedtls_x509_crl *crl )
+{
+    memset( crl, 0, sizeof(mbedtls_x509_crl) );
+}
+
+/*
+ * Unallocate all CRL data
+ */
+void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
+{
+    mbedtls_x509_crl *crl_cur = crl;
+    mbedtls_x509_crl *crl_prv;
+    mbedtls_x509_name *name_cur;
+    mbedtls_x509_name *name_prv;
+    mbedtls_x509_crl_entry *entry_cur;
+    mbedtls_x509_crl_entry *entry_prv;
+
+    if( crl == NULL )
+        return;
+
+    do
+    {
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+        mbedtls_free( crl_cur->sig_opts );
+#endif
+
+        name_cur = crl_cur->issuer.next;
+        while( name_cur != NULL )
+        {
+            name_prv = name_cur;
+            name_cur = name_cur->next;
+            mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
+            mbedtls_free( name_prv );
+        }
+
+        entry_cur = crl_cur->entry.next;
+        while( entry_cur != NULL )
+        {
+            entry_prv = entry_cur;
+            entry_cur = entry_cur->next;
+            mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) );
+            mbedtls_free( entry_prv );
+        }
+
+        if( crl_cur->raw.p != NULL )
+        {
+            mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len );
+            mbedtls_free( crl_cur->raw.p );
+        }
+
+        crl_cur = crl_cur->next;
+    }
+    while( crl_cur != NULL );
+
+    crl_cur = crl;
+    do
+    {
+        crl_prv = crl_cur;
+        crl_cur = crl_cur->next;
+
+        mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
+        if( crl_prv != crl )
+            mbedtls_free( crl_prv );
+    }
+    while( crl_cur != NULL );
+}
+
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/x509_crt.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2382 @@
+/*
+ *  X.509 certificate parsing and verification
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The ITU-T X.509 standard defines a certificate format for PKI.
+ *
+ *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
+ *
+ *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/oid.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+#include "mbedtls/pem.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_free       free
+#define mbedtls_calloc    calloc
+#define mbedtls_snprintf   snprintf
+#endif
+
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#include <windows.h>
+#else
+#include <time.h>
+#endif
+
+#if defined(MBEDTLS_FS_IO)
+#include <stdio.h>
+#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#endif /* !_WIN32 || EFIX64 || EFI32 */
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * Default profile
+ */
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
+{
+    /* Hashes from SHA-1 and above */
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+    0xFFFFFFF, /* Any PK alg    */
+    0xFFFFFFF, /* Any curve     */
+    2048,
+};
+
+/*
+ * Next-default profile
+ */
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
+{
+    /* Hashes from SHA-256 and above */
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
+    0xFFFFFFF, /* Any PK alg    */
+#if defined(MBEDTLS_ECP_C)
+    /* Curves at or above 128-bit security level */
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
+#else
+    0,
+#endif
+    2048,
+};
+
+/*
+ * NSA Suite B Profile
+ */
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
+{
+    /* Only SHA-256 and 384 */
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
+    /* Only ECDSA */
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ),
+#if defined(MBEDTLS_ECP_C)
+    /* Only NIST P-256 and P-384 */
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
+#else
+    0,
+#endif
+    0,
+};
+
+/*
+ * Check md_alg against profile
+ * Return 0 if md_alg acceptable for this profile, -1 otherwise
+ */
+static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
+                                      mbedtls_md_type_t md_alg )
+{
+    if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
+        return( 0 );
+
+    return( -1 );
+}
+
+/*
+ * Check pk_alg against profile
+ * Return 0 if pk_alg acceptable for this profile, -1 otherwise
+ */
+static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
+                                      mbedtls_pk_type_t pk_alg )
+{
+    if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
+        return( 0 );
+
+    return( -1 );
+}
+
+/*
+ * Check key against profile
+ * Return 0 if pk_alg acceptable for this profile, -1 otherwise
+ */
+static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
+                                   mbedtls_pk_type_t pk_alg,
+                                   const mbedtls_pk_context *pk )
+{
+#if defined(MBEDTLS_RSA_C)
+    if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
+    {
+        if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
+            return( 0 );
+
+        return( -1 );
+    }
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+    if( pk_alg == MBEDTLS_PK_ECDSA ||
+        pk_alg == MBEDTLS_PK_ECKEY ||
+        pk_alg == MBEDTLS_PK_ECKEY_DH )
+    {
+        mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
+
+        if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
+            return( 0 );
+
+        return( -1 );
+    }
+#endif
+
+    return( -1 );
+}
+
+/*
+ *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+ */
+static int x509_get_version( unsigned char **p,
+                             const unsigned char *end,
+                             int *ver )
+{
+    int ret;
+    size_t len;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        {
+            *ver = 0;
+            return( 0 );
+        }
+
+        return( ret );
+    }
+
+    end = *p + len;
+
+    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
+
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_VERSION +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ *  Validity ::= SEQUENCE {
+ *       notBefore      Time,
+ *       notAfter       Time }
+ */
+static int x509_get_dates( unsigned char **p,
+                           const unsigned char *end,
+                           mbedtls_x509_time *from,
+                           mbedtls_x509_time *to )
+{
+    int ret;
+    size_t len;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
+
+    end = *p + len;
+
+    if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
+        return( ret );
+
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_DATE +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ * X.509 v2/v3 unique identifier (not parsed)
+ */
+static int x509_get_uid( unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_x509_buf *uid, int n )
+{
+    int ret;
+
+    if( *p == end )
+        return( 0 );
+
+    uid->tag = **p;
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
+            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+            return( 0 );
+
+        return( ret );
+    }
+
+    uid->p = *p;
+    *p += uid->len;
+
+    return( 0 );
+}
+
+static int x509_get_basic_constraints( unsigned char **p,
+                                       const unsigned char *end,
+                                       int *ca_istrue,
+                                       int *max_pathlen )
+{
+    int ret;
+    size_t len;
+
+    /*
+     * BasicConstraints ::= SEQUENCE {
+     *      cA                      BOOLEAN DEFAULT FALSE,
+     *      pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+     */
+    *ca_istrue = 0; /* DEFAULT FALSE */
+    *max_pathlen = 0; /* endless */
+
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+    if( *p == end )
+        return( 0 );
+
+    if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+            ret = mbedtls_asn1_get_int( p, end, ca_istrue );
+
+        if( ret != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        if( *ca_istrue != 0 )
+            *ca_istrue = 1;
+    }
+
+    if( *p == end )
+        return( 0 );
+
+    if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    (*max_pathlen)++;
+
+    return( 0 );
+}
+
+static int x509_get_ns_cert_type( unsigned char **p,
+                                       const unsigned char *end,
+                                       unsigned char *ns_cert_type)
+{
+    int ret;
+    mbedtls_x509_bitstring bs = { 0, 0, NULL };
+
+    if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+    if( bs.len != 1 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
+    /* Get actual bitstring */
+    *ns_cert_type = *bs.p;
+    return( 0 );
+}
+
+static int x509_get_key_usage( unsigned char **p,
+                               const unsigned char *end,
+                               unsigned int *key_usage)
+{
+    int ret;
+    size_t i;
+    mbedtls_x509_bitstring bs = { 0, 0, NULL };
+
+    if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+    if( bs.len < 1 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
+    /* Get actual bitstring */
+    *key_usage = 0;
+    for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
+    {
+        *key_usage |= (unsigned int) bs.p[i] << (8*i);
+    }
+
+    return( 0 );
+}
+
+/*
+ * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ */
+static int x509_get_ext_key_usage( unsigned char **p,
+                               const unsigned char *end,
+                               mbedtls_x509_sequence *ext_key_usage)
+{
+    int ret;
+
+    if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+    /* Sequence length must be >= 1 */
+    if( ext_key_usage->buf.p == NULL )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+
+    return( 0 );
+}
+
+/*
+ * SubjectAltName ::= GeneralNames
+ *
+ * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+ *
+ * GeneralName ::= CHOICE {
+ *      otherName                       [0]     OtherName,
+ *      rfc822Name                      [1]     IA5String,
+ *      dNSName                         [2]     IA5String,
+ *      x400Address                     [3]     ORAddress,
+ *      directoryName                   [4]     Name,
+ *      ediPartyName                    [5]     EDIPartyName,
+ *      uniformResourceIdentifier       [6]     IA5String,
+ *      iPAddress                       [7]     OCTET STRING,
+ *      registeredID                    [8]     OBJECT IDENTIFIER }
+ *
+ * OtherName ::= SEQUENCE {
+ *      type-id    OBJECT IDENTIFIER,
+ *      value      [0] EXPLICIT ANY DEFINED BY type-id }
+ *
+ * EDIPartyName ::= SEQUENCE {
+ *      nameAssigner            [0]     DirectoryString OPTIONAL,
+ *      partyName               [1]     DirectoryString }
+ *
+ * NOTE: we only parse and use dNSName at this point.
+ */
+static int x509_get_subject_alt_name( unsigned char **p,
+                                      const unsigned char *end,
+                                      mbedtls_x509_sequence *subject_alt_name )
+{
+    int ret;
+    size_t len, tag_len;
+    mbedtls_asn1_buf *buf;
+    unsigned char tag;
+    mbedtls_asn1_sequence *cur = subject_alt_name;
+
+    /* Get main sequence tag */
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+    if( *p + len != end )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    while( *p < end )
+    {
+        if( ( end - *p ) < 1 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+        tag = **p;
+        (*p)++;
+        if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                    MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+
+        /* Skip everything but DNS name */
+        if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
+        {
+            *p += tag_len;
+            continue;
+        }
+
+        /* Allocate and assign next pointer */
+        if( cur->buf.p != NULL )
+        {
+            if( cur->next != NULL )
+                return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+
+            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
+
+            if( cur->next == NULL )
+                return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                        MBEDTLS_ERR_ASN1_ALLOC_FAILED );
+
+            cur = cur->next;
+        }
+
+        buf = &(cur->buf);
+        buf->tag = tag;
+        buf->p = *p;
+        buf->len = tag_len;
+        *p += buf->len;
+    }
+
+    /* Set final sequence entry's next pointer to NULL */
+    cur->next = NULL;
+
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ * X.509 v3 extensions
+ *
+ * TODO: Perform all of the basic constraints tests required by the RFC
+ * TODO: Set values for undetected extensions to a sane default?
+ *
+ */
+static int x509_get_crt_ext( unsigned char **p,
+                             const unsigned char *end,
+                             mbedtls_x509_crt *crt )
+{
+    int ret;
+    size_t len;
+    unsigned char *end_ext_data, *end_ext_octet;
+
+    if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+            return( 0 );
+
+        return( ret );
+    }
+
+    while( *p < end )
+    {
+        /*
+         * Extension  ::=  SEQUENCE  {
+         *      extnID      OBJECT IDENTIFIER,
+         *      critical    BOOLEAN DEFAULT FALSE,
+         *      extnValue   OCTET STRING  }
+         */
+        mbedtls_x509_buf extn_oid = {0, 0, NULL};
+        int is_critical = 0; /* DEFAULT FALSE */
+        int ext_type = 0;
+
+        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        end_ext_data = *p + len;
+
+        /* Get extension ID */
+        extn_oid.tag = **p;
+
+        if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        extn_oid.p = *p;
+        *p += extn_oid.len;
+
+        if( ( end - *p ) < 1 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
+        /* Get optional critical */
+        if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
+            ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        /* Data should be octet string type */
+        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
+                MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        end_ext_octet = *p + len;
+
+        if( end_ext_octet != end_ext_data )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+        /*
+         * Detect supported extensions
+         */
+        ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
+
+        if( ret != 0 )
+        {
+            /* No parser found, skip extension */
+            *p = end_ext_octet;
+
+#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
+            if( is_critical )
+            {
+                /* Data is marked as critical: fail */
+                return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                        MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+            }
+#endif
+            continue;
+        }
+
+        /* Forbid repeated extensions */
+        if( ( crt->ext_types & ext_type ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
+
+        crt->ext_types |= ext_type;
+
+        switch( ext_type )
+        {
+        case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
+            /* Parse basic constraints */
+            if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
+                    &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
+                return( ret );
+            break;
+
+        case MBEDTLS_X509_EXT_KEY_USAGE:
+            /* Parse key usage */
+            if( ( ret = x509_get_key_usage( p, end_ext_octet,
+                    &crt->key_usage ) ) != 0 )
+                return( ret );
+            break;
+
+        case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
+            /* Parse extended key usage */
+            if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
+                    &crt->ext_key_usage ) ) != 0 )
+                return( ret );
+            break;
+
+        case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
+            /* Parse subject alt name */
+            if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
+                    &crt->subject_alt_names ) ) != 0 )
+                return( ret );
+            break;
+
+        case MBEDTLS_X509_EXT_NS_CERT_TYPE:
+            /* Parse netscape certificate type */
+            if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
+                    &crt->ns_cert_type ) ) != 0 )
+                return( ret );
+            break;
+
+        default:
+            return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+        }
+    }
+
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    return( 0 );
+}
+
+/*
+ * Parse and fill a single X.509 certificate in DER format
+ */
+static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
+                                    size_t buflen )
+{
+    int ret;
+    size_t len;
+    unsigned char *p, *end, *crt_end;
+    mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
+
+    memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
+    memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
+    memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
+
+    /*
+     * Check for valid input
+     */
+    if( crt == NULL || buf == NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    p = mbedtls_calloc( 1, len = buflen );
+    if( p == NULL )
+        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+    memcpy( p, buf, buflen );
+
+    crt->raw.p = p;
+    crt->raw.len = len;
+    end = p + len;
+
+    /*
+     * Certificate  ::=  SEQUENCE  {
+     *      tbsCertificate       TBSCertificate,
+     *      signatureAlgorithm   AlgorithmIdentifier,
+     *      signatureValue       BIT STRING  }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    }
+
+    if( len > (size_t) ( end - p ) )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+    crt_end = p + len;
+
+    /*
+     * TBSCertificate  ::=  SEQUENCE  {
+     */
+    crt->tbs.p = p;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+
+    end = p + len;
+    crt->tbs.len = end - crt->tbs.p;
+
+    /*
+     * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+     *
+     * CertificateSerialNumber  ::=  INTEGER
+     *
+     * signature            AlgorithmIdentifier
+     */
+    if( ( ret = x509_get_version(  &p, end, &crt->version  ) ) != 0 ||
+        ( ret = mbedtls_x509_get_serial(   &p, end, &crt->serial   ) ) != 0 ||
+        ( ret = mbedtls_x509_get_alg(      &p, end, &crt->sig_oid,
+                                            &sig_params1 ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( ret );
+    }
+
+    crt->version++;
+
+    if( crt->version > 3 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+    }
+
+    if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
+                                  &crt->sig_md, &crt->sig_pk,
+                                  &crt->sig_opts ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( ret );
+    }
+
+    /*
+     * issuer               Name
+     */
+    crt->issuer_raw.p = p;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+
+    if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( ret );
+    }
+
+    crt->issuer_raw.len = p - crt->issuer_raw.p;
+
+    /*
+     * Validity ::= SEQUENCE {
+     *      notBefore      Time,
+     *      notAfter       Time }
+     *
+     */
+    if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
+                                         &crt->valid_to ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( ret );
+    }
+
+    /*
+     * subject              Name
+     */
+    crt->subject_raw.p = p;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+
+    if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( ret );
+    }
+
+    crt->subject_raw.len = p - crt->subject_raw.p;
+
+    /*
+     * SubjectPublicKeyInfo
+     */
+    if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( ret );
+    }
+
+    /*
+     *  issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+     *                       -- If present, version shall be v2 or v3
+     *  subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+     *                       -- If present, version shall be v2 or v3
+     *  extensions      [3]  EXPLICIT Extensions OPTIONAL
+     *                       -- If present, version shall be v3
+     */
+    if( crt->version == 2 || crt->version == 3 )
+    {
+        ret = x509_get_uid( &p, end, &crt->issuer_id,  1 );
+        if( ret != 0 )
+        {
+            mbedtls_x509_crt_free( crt );
+            return( ret );
+        }
+    }
+
+    if( crt->version == 2 || crt->version == 3 )
+    {
+        ret = x509_get_uid( &p, end, &crt->subject_id,  2 );
+        if( ret != 0 )
+        {
+            mbedtls_x509_crt_free( crt );
+            return( ret );
+        }
+    }
+
+#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
+    if( crt->version == 3 )
+#endif
+    {
+        ret = x509_get_crt_ext( &p, end, crt );
+        if( ret != 0 )
+        {
+            mbedtls_x509_crt_free( crt );
+            return( ret );
+        }
+    }
+
+    if( p != end )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
+    end = crt_end;
+
+    /*
+     *  }
+     *  -- end of TBSCertificate
+     *
+     *  signatureAlgorithm   AlgorithmIdentifier,
+     *  signatureValue       BIT STRING
+     */
+    if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( ret );
+    }
+
+    if( crt->sig_oid.len != sig_oid2.len ||
+        memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
+        sig_params1.len != sig_params2.len ||
+        ( sig_params1.len != 0 &&
+          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
+    }
+
+    if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( ret );
+    }
+
+    if( p != end )
+    {
+        mbedtls_x509_crt_free( crt );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Parse one X.509 certificate in DER format from a buffer and add them to a
+ * chained list
+ */
+int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
+                        size_t buflen )
+{
+    int ret;
+    mbedtls_x509_crt *crt = chain, *prev = NULL;
+
+    /*
+     * Check for valid input
+     */
+    if( crt == NULL || buf == NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    while( crt->version != 0 && crt->next != NULL )
+    {
+        prev = crt;
+        crt = crt->next;
+    }
+
+    /*
+     * Add new certificate on the end of the chain if needed.
+     */
+    if( crt->version != 0 && crt->next == NULL )
+    {
+        crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
+
+        if( crt->next == NULL )
+            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+        prev = crt;
+        mbedtls_x509_crt_init( crt->next );
+        crt = crt->next;
+    }
+
+    if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
+    {
+        if( prev )
+            prev->next = NULL;
+
+        if( crt != chain )
+            mbedtls_free( crt );
+
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Parse one or more PEM certificates from a buffer and add them to the chained
+ * list
+ */
+int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
+{
+    int success = 0, first_error = 0, total_failed = 0;
+    int buf_format = MBEDTLS_X509_FORMAT_DER;
+
+    /*
+     * Check for valid input
+     */
+    if( chain == NULL || buf == NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    /*
+     * Determine buffer content. Buffer contains either one DER certificate or
+     * one or more PEM certificates.
+     */
+#if defined(MBEDTLS_PEM_PARSE_C)
+    if( buflen != 0 && buf[buflen - 1] == '\0' &&
+        strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
+    {
+        buf_format = MBEDTLS_X509_FORMAT_PEM;
+    }
+#endif
+
+    if( buf_format == MBEDTLS_X509_FORMAT_DER )
+        return mbedtls_x509_crt_parse_der( chain, buf, buflen );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+    if( buf_format == MBEDTLS_X509_FORMAT_PEM )
+    {
+        int ret;
+        mbedtls_pem_context pem;
+
+        /* 1 rather than 0 since the terminating NULL byte is counted in */
+        while( buflen > 1 )
+        {
+            size_t use_len;
+            mbedtls_pem_init( &pem );
+
+            /* If we get there, we know the string is null-terminated */
+            ret = mbedtls_pem_read_buffer( &pem,
+                           "-----BEGIN CERTIFICATE-----",
+                           "-----END CERTIFICATE-----",
+                           buf, NULL, 0, &use_len );
+
+            if( ret == 0 )
+            {
+                /*
+                 * Was PEM encoded
+                 */
+                buflen -= use_len;
+                buf += use_len;
+            }
+            else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
+            {
+                return( ret );
+            }
+            else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+            {
+                mbedtls_pem_free( &pem );
+
+                /*
+                 * PEM header and footer were found
+                 */
+                buflen -= use_len;
+                buf += use_len;
+
+                if( first_error == 0 )
+                    first_error = ret;
+
+                total_failed++;
+                continue;
+            }
+            else
+                break;
+
+            ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
+
+            mbedtls_pem_free( &pem );
+
+            if( ret != 0 )
+            {
+                /*
+                 * Quit parsing on a memory error
+                 */
+                if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
+                    return( ret );
+
+                if( first_error == 0 )
+                    first_error = ret;
+
+                total_failed++;
+                continue;
+            }
+
+            success = 1;
+        }
+    }
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+    if( success )
+        return( total_failed );
+    else if( first_error )
+        return( first_error );
+    else
+        return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
+}
+
+#if defined(MBEDTLS_FS_IO)
+/*
+ * Load one or more certificates and add them to the chained list
+ */
+int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
+{
+    int ret;
+    size_t n;
+    unsigned char *buf;
+
+    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
+
+    ret = mbedtls_x509_crt_parse( chain, buf, n );
+
+    mbedtls_zeroize( buf, n );
+    mbedtls_free( buf );
+
+    return( ret );
+}
+
+int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
+{
+    int ret = 0;
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+    int w_ret;
+    WCHAR szDir[MAX_PATH];
+    char filename[MAX_PATH];
+    char *p;
+    size_t len = strlen( path );
+
+    WIN32_FIND_DATAW file_data;
+    HANDLE hFind;
+
+    if( len > MAX_PATH - 3 )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    memset( szDir, 0, sizeof(szDir) );
+    memset( filename, 0, MAX_PATH );
+    memcpy( filename, path, len );
+    filename[len++] = '\\';
+    p = filename + len;
+    filename[len++] = '*';
+
+    w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir,
+                                 MAX_PATH - 3 );
+    if( w_ret == 0 )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    hFind = FindFirstFileW( szDir, &file_data );
+    if( hFind == INVALID_HANDLE_VALUE )
+        return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+
+    len = MAX_PATH - len;
+    do
+    {
+        memset( p, 0, len );
+
+        if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
+            continue;
+
+        w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
+                                     lstrlenW( file_data.cFileName ),
+                                     p, (int) len - 1,
+                                     NULL, NULL );
+        if( w_ret == 0 )
+            return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+
+        w_ret = mbedtls_x509_crt_parse_file( chain, filename );
+        if( w_ret < 0 )
+            ret++;
+        else
+            ret += w_ret;
+    }
+    while( FindNextFileW( hFind, &file_data ) != 0 );
+
+    if( GetLastError() != ERROR_NO_MORE_FILES )
+        ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+
+    FindClose( hFind );
+#else /* _WIN32 */
+    int t_ret;
+    struct stat sb;
+    struct dirent *entry;
+    char entry_name[255];
+    DIR *dir = opendir( path );
+
+    if( dir == NULL )
+        return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+    if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
+    {
+        closedir( dir );
+        return( ret );
+    }
+#endif
+
+    while( ( entry = readdir( dir ) ) != NULL )
+    {
+        mbedtls_snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
+
+        if( stat( entry_name, &sb ) == -1 )
+        {
+            closedir( dir );
+            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+            goto cleanup;
+        }
+
+        if( !S_ISREG( sb.st_mode ) )
+            continue;
+
+        // Ignore parse errors
+        //
+        t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
+        if( t_ret < 0 )
+            ret++;
+        else
+            ret += t_ret;
+    }
+    closedir( dir );
+
+cleanup:
+#if defined(MBEDTLS_THREADING_PTHREAD)
+    if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
+        ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+#endif
+
+#endif /* _WIN32 */
+
+    return( ret );
+}
+#endif /* MBEDTLS_FS_IO */
+
+static int x509_info_subject_alt_name( char **buf, size_t *size,
+                                       const mbedtls_x509_sequence *subject_alt_name )
+{
+    size_t i;
+    size_t n = *size;
+    char *p = *buf;
+    const mbedtls_x509_sequence *cur = subject_alt_name;
+    const char *sep = "";
+    size_t sep_len = 0;
+
+    while( cur != NULL )
+    {
+        if( cur->buf.len + sep_len >= n )
+        {
+            *p = '\0';
+            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+        }
+
+        n -= cur->buf.len + sep_len;
+        for( i = 0; i < sep_len; i++ )
+            *p++ = sep[i];
+        for( i = 0; i < cur->buf.len; i++ )
+            *p++ = cur->buf.p[i];
+
+        sep = ", ";
+        sep_len = 2;
+
+        cur = cur->next;
+    }
+
+    *p = '\0';
+
+    *size = n;
+    *buf = p;
+
+    return( 0 );
+}
+
+#define PRINT_ITEM(i)                           \
+    {                                           \
+        ret = mbedtls_snprintf( p, n, "%s" i, sep );    \
+        MBEDTLS_X509_SAFE_SNPRINTF;                        \
+        sep = ", ";                             \
+    }
+
+#define CERT_TYPE(type,name)                    \
+    if( ns_cert_type & type )                   \
+        PRINT_ITEM( name );
+
+static int x509_info_cert_type( char **buf, size_t *size,
+                                unsigned char ns_cert_type )
+{
+    int ret;
+    size_t n = *size;
+    char *p = *buf;
+    const char *sep = "";
+
+    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT,         "SSL Client" );
+    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER,         "SSL Server" );
+    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL,              "Email" );
+    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING,     "Object Signing" );
+    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED,           "Reserved" );
+    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA,             "SSL CA" );
+    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA,           "Email CA" );
+    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA,  "Object Signing CA" );
+
+    *size = n;
+    *buf = p;
+
+    return( 0 );
+}
+
+#define KEY_USAGE(code,name)    \
+    if( key_usage & code )      \
+        PRINT_ITEM( name );
+
+static int x509_info_key_usage( char **buf, size_t *size,
+                                unsigned int key_usage )
+{
+    int ret;
+    size_t n = *size;
+    char *p = *buf;
+    const char *sep = "";
+
+    KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE,    "Digital Signature" );
+    KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION,      "Non Repudiation" );
+    KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT,     "Key Encipherment" );
+    KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT,    "Data Encipherment" );
+    KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT,        "Key Agreement" );
+    KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN,        "Key Cert Sign" );
+    KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN,             "CRL Sign" );
+    KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY,        "Encipher Only" );
+    KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY,        "Decipher Only" );
+
+    *size = n;
+    *buf = p;
+
+    return( 0 );
+}
+
+static int x509_info_ext_key_usage( char **buf, size_t *size,
+                                    const mbedtls_x509_sequence *extended_key_usage )
+{
+    int ret;
+    const char *desc;
+    size_t n = *size;
+    char *p = *buf;
+    const mbedtls_x509_sequence *cur = extended_key_usage;
+    const char *sep = "";
+
+    while( cur != NULL )
+    {
+        if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
+            desc = "???";
+
+        ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        sep = ", ";
+
+        cur = cur->next;
+    }
+
+    *size = n;
+    *buf = p;
+
+    return( 0 );
+}
+
+/*
+ * Return an informational string about the certificate.
+ */
+#define BEFORE_COLON    18
+#define BC              "18"
+int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_crt *crt )
+{
+    int ret;
+    size_t n;
+    char *p;
+    char key_size_str[BEFORE_COLON];
+
+    p = buf;
+    n = size;
+
+    ret = mbedtls_snprintf( p, n, "%scert. version     : %d\n",
+                               prefix, crt->version );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+    ret = mbedtls_snprintf( p, n, "%sserial number     : ",
+                               prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%sissuer name       : ", prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+    ret = mbedtls_x509_dn_gets( p, n, &crt->issuer  );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%ssubject name      : ", prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+    ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%sissued  on        : " \
+                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+                   crt->valid_from.year, crt->valid_from.mon,
+                   crt->valid_from.day,  crt->valid_from.hour,
+                   crt->valid_from.min,  crt->valid_from.sec );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%sexpires on        : " \
+                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
+                   crt->valid_to.year, crt->valid_to.mon,
+                   crt->valid_to.day,  crt->valid_to.hour,
+                   crt->valid_to.min,  crt->valid_to.sec );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%ssigned using      : ", prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
+                             crt->sig_md, crt->sig_opts );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    /* Key size */
+    if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
+                                      mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
+                          (int) mbedtls_pk_get_bitlen( &crt->pk ) );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    /*
+     * Optional extensions
+     */
+
+    if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
+    {
+        ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
+                        crt->ca_istrue ? "true" : "false" );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        if( crt->max_pathlen > 0 )
+        {
+            ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
+            MBEDTLS_X509_SAFE_SNPRINTF;
+        }
+    }
+
+    if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
+    {
+        ret = mbedtls_snprintf( p, n, "\n%ssubject alt name  : ", prefix );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        if( ( ret = x509_info_subject_alt_name( &p, &n,
+                                            &crt->subject_alt_names ) ) != 0 )
+            return( ret );
+    }
+
+    if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
+    {
+        ret = mbedtls_snprintf( p, n, "\n%scert. type        : ", prefix );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
+            return( ret );
+    }
+
+    if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
+    {
+        ret = mbedtls_snprintf( p, n, "\n%skey usage         : ", prefix );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
+            return( ret );
+    }
+
+    if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
+    {
+        ret = mbedtls_snprintf( p, n, "\n%sext key usage     : ", prefix );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+
+        if( ( ret = x509_info_ext_key_usage( &p, &n,
+                                             &crt->ext_key_usage ) ) != 0 )
+            return( ret );
+    }
+
+    ret = mbedtls_snprintf( p, n, "\n" );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    return( (int) ( size - n ) );
+}
+
+struct x509_crt_verify_string {
+    int code;
+    const char *string;
+};
+
+static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
+    { MBEDTLS_X509_BADCERT_EXPIRED,       "The certificate validity has expired" },
+    { MBEDTLS_X509_BADCERT_REVOKED,       "The certificate has been revoked (is on a CRL)" },
+    { MBEDTLS_X509_BADCERT_CN_MISMATCH,   "The certificate Common Name (CN) does not match with the expected CN" },
+    { MBEDTLS_X509_BADCERT_NOT_TRUSTED,   "The certificate is not correctly signed by the trusted CA" },
+    { MBEDTLS_X509_BADCRL_NOT_TRUSTED,    "The CRL is not correctly signed by the trusted CA" },
+    { MBEDTLS_X509_BADCRL_EXPIRED,        "The CRL is expired" },
+    { MBEDTLS_X509_BADCERT_MISSING,       "Certificate was missing" },
+    { MBEDTLS_X509_BADCERT_SKIP_VERIFY,   "Certificate verification was skipped" },
+    { MBEDTLS_X509_BADCERT_OTHER,         "Other reason (can be used by verify callback)" },
+    { MBEDTLS_X509_BADCERT_FUTURE,        "The certificate validity starts in the future" },
+    { MBEDTLS_X509_BADCRL_FUTURE,         "The CRL is from the future" },
+    { MBEDTLS_X509_BADCERT_KEY_USAGE,     "Usage does not match the keyUsage extension" },
+    { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
+    { MBEDTLS_X509_BADCERT_NS_CERT_TYPE,  "Usage does not match the nsCertType extension" },
+    { MBEDTLS_X509_BADCERT_BAD_MD,        "The certificate is signed with an unacceptable hash." },
+    { MBEDTLS_X509_BADCERT_BAD_PK,        "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
+    { MBEDTLS_X509_BADCERT_BAD_KEY,       "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
+    { MBEDTLS_X509_BADCRL_BAD_MD,         "The CRL is signed with an unacceptable hash." },
+    { MBEDTLS_X509_BADCRL_BAD_PK,         "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
+    { MBEDTLS_X509_BADCRL_BAD_KEY,        "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
+    { 0, NULL }
+};
+
+int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
+                          uint32_t flags )
+{
+    int ret;
+    const struct x509_crt_verify_string *cur;
+    char *p = buf;
+    size_t n = size;
+
+    for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
+    {
+        if( ( flags & cur->code ) == 0 )
+            continue;
+
+        ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+        flags ^= cur->code;
+    }
+
+    if( flags != 0 )
+    {
+        ret = mbedtls_snprintf( p, n, "%sUnknown reason "
+                                       "(this should not happen)\n", prefix );
+        MBEDTLS_X509_SAFE_SNPRINTF;
+    }
+
+    return( (int) ( size - n ) );
+}
+
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
+                                      unsigned int usage )
+{
+    unsigned int usage_must, usage_may;
+    unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
+                          | MBEDTLS_X509_KU_DECIPHER_ONLY;
+
+    if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
+        return( 0 );
+
+    usage_must = usage & ~may_mask;
+
+    if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    usage_may = usage & may_mask;
+
+    if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    return( 0 );
+}
+#endif
+
+#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
+int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
+                                       const char *usage_oid,
+                                       size_t usage_len )
+{
+    const mbedtls_x509_sequence *cur;
+
+    /* Extension is not mandatory, absent means no restriction */
+    if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
+        return( 0 );
+
+    /*
+     * Look for the requested usage (or wildcard ANY) in our list
+     */
+    for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
+    {
+        const mbedtls_x509_buf *cur_oid = &cur->buf;
+
+        if( cur_oid->len == usage_len &&
+            memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
+        {
+            return( 0 );
+        }
+
+        if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
+            return( 0 );
+    }
+
+    return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+}
+#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+/*
+ * Return 1 if the certificate is revoked, or 0 otherwise.
+ */
+int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl )
+{
+    const mbedtls_x509_crl_entry *cur = &crl->entry;
+
+    while( cur != NULL && cur->serial.len != 0 )
+    {
+        if( crt->serial.len == cur->serial.len &&
+            memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
+        {
+            if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
+                return( 1 );
+        }
+
+        cur = cur->next;
+    }
+
+    return( 0 );
+}
+
+/*
+ * Check that the given certificate is valid according to the CRL.
+ */
+static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
+                               mbedtls_x509_crl *crl_list,
+                               const mbedtls_x509_crt_profile *profile )
+{
+    int flags = 0;
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+    const mbedtls_md_info_t *md_info;
+
+    if( ca == NULL )
+        return( flags );
+
+    /*
+     * TODO: What happens if no CRL is present?
+     * Suggestion: Revocation state should be unknown if no CRL is present.
+     * For backwards compatibility this is not yet implemented.
+     */
+
+    while( crl_list != NULL )
+    {
+        if( crl_list->version == 0 ||
+            crl_list->issuer_raw.len != ca->subject_raw.len ||
+            memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
+                    crl_list->issuer_raw.len ) != 0 )
+        {
+            crl_list = crl_list->next;
+            continue;
+        }
+
+        /*
+         * Check if the CA is configured to sign CRLs
+         */
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+        if( mbedtls_x509_crt_check_key_usage( ca, MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
+        {
+            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
+            break;
+        }
+#endif
+
+        /*
+         * Check if CRL is correctly signed by the trusted CA
+         */
+        if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
+            flags |= MBEDTLS_X509_BADCRL_BAD_MD;
+
+        if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
+            flags |= MBEDTLS_X509_BADCRL_BAD_PK;
+
+        md_info = mbedtls_md_info_from_type( crl_list->sig_md );
+        if( md_info == NULL )
+        {
+            /*
+             * Cannot check 'unknown' hash
+             */
+            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
+            break;
+        }
+
+        mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
+
+        if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 )
+            flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+
+        if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
+                           crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
+                           crl_list->sig.p, crl_list->sig.len ) != 0 )
+        {
+            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
+            break;
+        }
+
+        /*
+         * Check for validity of CRL (Do not drop out)
+         */
+        if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
+            flags |= MBEDTLS_X509_BADCRL_EXPIRED;
+
+        if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
+            flags |= MBEDTLS_X509_BADCRL_FUTURE;
+
+        /*
+         * Check if certificate is revoked
+         */
+        if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
+        {
+            flags |= MBEDTLS_X509_BADCERT_REVOKED;
+            break;
+        }
+
+        crl_list = crl_list->next;
+    }
+
+    return( flags );
+}
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+/*
+ * Like memcmp, but case-insensitive and always returns -1 if different
+ */
+static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
+{
+    size_t i;
+    unsigned char diff;
+    const unsigned char *n1 = s1, *n2 = s2;
+
+    for( i = 0; i < len; i++ )
+    {
+        diff = n1[i] ^ n2[i];
+
+        if( diff == 0 )
+            continue;
+
+        if( diff == 32 &&
+            ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
+              ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
+        {
+            continue;
+        }
+
+        return( -1 );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Return 0 if name matches wildcard, -1 otherwise
+ */
+static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name )
+{
+    size_t i;
+    size_t cn_idx = 0, cn_len = strlen( cn );
+
+    if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
+        return( 0 );
+
+    for( i = 0; i < cn_len; ++i )
+    {
+        if( cn[i] == '.' )
+        {
+            cn_idx = i;
+            break;
+        }
+    }
+
+    if( cn_idx == 0 )
+        return( -1 );
+
+    if( cn_len - cn_idx == name->len - 1 &&
+        x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
+    {
+        return( 0 );
+    }
+
+    return( -1 );
+}
+
+/*
+ * Compare two X.509 strings, case-insensitive, and allowing for some encoding
+ * variations (but not all).
+ *
+ * Return 0 if equal, -1 otherwise.
+ */
+static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
+{
+    if( a->tag == b->tag &&
+        a->len == b->len &&
+        memcmp( a->p, b->p, b->len ) == 0 )
+    {
+        return( 0 );
+    }
+
+    if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
+        ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
+        a->len == b->len &&
+        x509_memcasecmp( a->p, b->p, b->len ) == 0 )
+    {
+        return( 0 );
+    }
+
+    return( -1 );
+}
+
+/*
+ * Compare two X.509 Names (aka rdnSequence).
+ *
+ * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
+ * we sometimes return unequal when the full algorithm would return equal,
+ * but never the other way. (In particular, we don't do Unicode normalisation
+ * or space folding.)
+ *
+ * Return 0 if equal, -1 otherwise.
+ */
+static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
+{
+    /* Avoid recursion, it might not be optimised by the compiler */
+    while( a != NULL || b != NULL )
+    {
+        if( a == NULL || b == NULL )
+            return( -1 );
+
+        /* type */
+        if( a->oid.tag != b->oid.tag ||
+            a->oid.len != b->oid.len ||
+            memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
+        {
+            return( -1 );
+        }
+
+        /* value */
+        if( x509_string_cmp( &a->val, &b->val ) != 0 )
+            return( -1 );
+
+        /* structure of the list of sets */
+        if( a->next_merged != b->next_merged )
+            return( -1 );
+
+        a = a->next;
+        b = b->next;
+    }
+
+    /* a == NULL == b */
+    return( 0 );
+}
+
+/*
+ * Check if 'parent' is a suitable parent (signing CA) for 'child'.
+ * Return 0 if yes, -1 if not.
+ *
+ * top means parent is a locally-trusted certificate
+ * bottom means child is the end entity cert
+ */
+static int x509_crt_check_parent( const mbedtls_x509_crt *child,
+                                  const mbedtls_x509_crt *parent,
+                                  int top, int bottom )
+{
+    int need_ca_bit;
+
+    /* Parent must be the issuer */
+    if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
+        return( -1 );
+
+    /* Parent must have the basicConstraints CA bit set as a general rule */
+    need_ca_bit = 1;
+
+    /* Exception: v1/v2 certificates that are locally trusted. */
+    if( top && parent->version < 3 )
+        need_ca_bit = 0;
+
+    /* Exception: self-signed end-entity certs that are locally trusted. */
+    if( top && bottom &&
+        child->raw.len == parent->raw.len &&
+        memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 )
+    {
+        need_ca_bit = 0;
+    }
+
+    if( need_ca_bit && ! parent->ca_istrue )
+        return( -1 );
+
+#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
+    if( need_ca_bit &&
+        mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
+    {
+        return( -1 );
+    }
+#endif
+
+    return( 0 );
+}
+
+static int x509_crt_verify_top(
+                mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca,
+                mbedtls_x509_crl *ca_crl,
+                const mbedtls_x509_crt_profile *profile,
+                int path_cnt, int self_cnt, uint32_t *flags,
+                int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                void *p_vrfy )
+{
+    int ret;
+    uint32_t ca_flags = 0;
+    int check_path_cnt;
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+    const mbedtls_md_info_t *md_info;
+
+    if( mbedtls_x509_time_is_past( &child->valid_to ) )
+        *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+
+    if( mbedtls_x509_time_is_future( &child->valid_from ) )
+        *flags |= MBEDTLS_X509_BADCERT_FUTURE;
+
+    if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
+        *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
+
+    if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
+        *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+
+    /*
+     * Child is the top of the chain. Check against the trust_ca list.
+     */
+    *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+
+    md_info = mbedtls_md_info_from_type( child->sig_md );
+    if( md_info == NULL )
+    {
+        /*
+         * Cannot check 'unknown', no need to try any CA
+         */
+        trust_ca = NULL;
+    }
+    else
+        mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
+
+    for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next )
+    {
+        if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
+            continue;
+
+        check_path_cnt = path_cnt + 1;
+
+        /*
+         * Reduce check_path_cnt to check against if top of the chain is
+         * the same as the trusted CA
+         */
+        if( child->subject_raw.len == trust_ca->subject_raw.len &&
+            memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
+                            child->issuer_raw.len ) == 0 )
+        {
+            check_path_cnt--;
+        }
+
+        /* Self signed certificates do not count towards the limit */
+        if( trust_ca->max_pathlen > 0 &&
+            trust_ca->max_pathlen < check_path_cnt - self_cnt )
+        {
+            continue;
+        }
+
+        if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
+                           child->sig_md, hash, mbedtls_md_get_size( md_info ),
+                           child->sig.p, child->sig.len ) != 0 )
+        {
+            continue;
+        }
+
+        /*
+         * Top of chain is signed by a trusted CA
+         */
+        *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+
+        if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
+            *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+
+        break;
+    }
+
+    /*
+     * If top of chain is not the same as the trusted CA send a verify request
+     * to the callback for any issues with validity and CRL presence for the
+     * trusted CA certificate.
+     */
+    if( trust_ca != NULL &&
+        ( child->subject_raw.len != trust_ca->subject_raw.len ||
+          memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
+                            child->issuer_raw.len ) != 0 ) )
+    {
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+        /* Check trusted CA's CRL for the chain's top crt */
+        *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile );
+#else
+        ((void) ca_crl);
+#endif
+
+        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
+            ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+
+        if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
+            ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
+
+        if( NULL != f_vrfy )
+        {
+            if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
+                                &ca_flags ) ) != 0 )
+            {
+                return( ret );
+            }
+        }
+    }
+
+    /* Call callback on top cert */
+    if( NULL != f_vrfy )
+    {
+        if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
+            return( ret );
+    }
+
+    *flags |= ca_flags;
+
+    return( 0 );
+}
+
+static int x509_crt_verify_child(
+                mbedtls_x509_crt *child, mbedtls_x509_crt *parent,
+                mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl,
+                const mbedtls_x509_crt_profile *profile,
+                int path_cnt, int self_cnt, uint32_t *flags,
+                int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                void *p_vrfy )
+{
+    int ret;
+    uint32_t parent_flags = 0;
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+    mbedtls_x509_crt *grandparent;
+    const mbedtls_md_info_t *md_info;
+
+    /* Counting intermediate self signed certificates */
+    if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 )
+        self_cnt++;
+
+    /* path_cnt is 0 for the first intermediate CA */
+    if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
+    {
+        *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+        return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+    }
+
+    if( mbedtls_x509_time_is_past( &child->valid_to ) )
+        *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+
+    if( mbedtls_x509_time_is_future( &child->valid_from ) )
+        *flags |= MBEDTLS_X509_BADCERT_FUTURE;
+
+    if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
+        *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
+
+    if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
+        *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+
+    md_info = mbedtls_md_info_from_type( child->sig_md );
+    if( md_info == NULL )
+    {
+        /*
+         * Cannot check 'unknown' hash
+         */
+        *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+    }
+    else
+    {
+        mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
+
+        if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 )
+            *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+
+        if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
+                           child->sig_md, hash, mbedtls_md_get_size( md_info ),
+                           child->sig.p, child->sig.len ) != 0 )
+        {
+            *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+        }
+    }
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+    /* Check trusted CA's CRL for the given crt */
+    *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile );
+#endif
+
+    /* Look for a grandparent in trusted CAs */
+    for( grandparent = trust_ca;
+         grandparent != NULL;
+         grandparent = grandparent->next )
+    {
+        if( x509_crt_check_parent( parent, grandparent,
+                                   0, path_cnt == 0 ) == 0 )
+            break;
+    }
+
+    if( grandparent != NULL )
+    {
+        ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile,
+                                path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy );
+        if( ret != 0 )
+            return( ret );
+    }
+    else
+    {
+        /* Look for a grandparent upwards the chain */
+        for( grandparent = parent->next;
+             grandparent != NULL;
+             grandparent = grandparent->next )
+        {
+            /* +2 because the current step is not yet accounted for
+             * and because max_pathlen is one higher than it should be.
+             * Also self signed certificates do not count to the limit. */
+            if( grandparent->max_pathlen > 0 &&
+                grandparent->max_pathlen < 2 + path_cnt - self_cnt )
+            {
+                continue;
+            }
+
+            if( x509_crt_check_parent( parent, grandparent,
+                                       0, path_cnt == 0 ) == 0 )
+                break;
+        }
+
+        /* Is our parent part of the chain or at the top? */
+        if( grandparent != NULL )
+        {
+            ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
+                                         profile, path_cnt + 1, self_cnt, &parent_flags,
+                                         f_vrfy, p_vrfy );
+            if( ret != 0 )
+                return( ret );
+        }
+        else
+        {
+            ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
+                                       path_cnt + 1, self_cnt, &parent_flags,
+                                       f_vrfy, p_vrfy );
+            if( ret != 0 )
+                return( ret );
+        }
+    }
+
+    /* child is verified to be a child of the parent, call verify callback */
+    if( NULL != f_vrfy )
+        if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
+            return( ret );
+
+    *flags |= parent_flags;
+
+    return( 0 );
+}
+
+/*
+ * Verify the certificate validity
+ */
+int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
+                     mbedtls_x509_crt *trust_ca,
+                     mbedtls_x509_crl *ca_crl,
+                     const char *cn, uint32_t *flags,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy )
+{
+    return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
+                &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
+}
+
+
+/*
+ * Verify the certificate validity, with profile
+ */
+int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
+                     mbedtls_x509_crt *trust_ca,
+                     mbedtls_x509_crl *ca_crl,
+                     const mbedtls_x509_crt_profile *profile,
+                     const char *cn, uint32_t *flags,
+                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+                     void *p_vrfy )
+{
+    size_t cn_len;
+    int ret;
+    int pathlen = 0, selfsigned = 0;
+    mbedtls_x509_crt *parent;
+    mbedtls_x509_name *name;
+    mbedtls_x509_sequence *cur = NULL;
+    mbedtls_pk_type_t pk_type;
+
+    if( profile == NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    *flags = 0;
+
+    if( cn != NULL )
+    {
+        name = &crt->subject;
+        cn_len = strlen( cn );
+
+        if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
+        {
+            cur = &crt->subject_alt_names;
+
+            while( cur != NULL )
+            {
+                if( cur->buf.len == cn_len &&
+                    x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
+                    break;
+
+                if( cur->buf.len > 2 &&
+                    memcmp( cur->buf.p, "*.", 2 ) == 0 &&
+                    x509_check_wildcard( cn, &cur->buf ) == 0 )
+                {
+                    break;
+                }
+
+                cur = cur->next;
+            }
+
+            if( cur == NULL )
+                *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+        }
+        else
+        {
+            while( name != NULL )
+            {
+                if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
+                {
+                    if( name->val.len == cn_len &&
+                        x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
+                        break;
+
+                    if( name->val.len > 2 &&
+                        memcmp( name->val.p, "*.", 2 ) == 0 &&
+                        x509_check_wildcard( cn, &name->val ) == 0 )
+                        break;
+                }
+
+                name = name->next;
+            }
+
+            if( name == NULL )
+                *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+        }
+    }
+
+    /* Check the type and size of the key */
+    pk_type = mbedtls_pk_get_type( &crt->pk );
+
+    if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
+        *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+
+    if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 )
+        *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+
+    /* Look for a parent in trusted CAs */
+    for( parent = trust_ca; parent != NULL; parent = parent->next )
+    {
+        if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
+            break;
+    }
+
+    if( parent != NULL )
+    {
+        ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
+                                   pathlen, selfsigned, flags, f_vrfy, p_vrfy );
+        if( ret != 0 )
+            return( ret );
+    }
+    else
+    {
+        /* Look for a parent upwards the chain */
+        for( parent = crt->next; parent != NULL; parent = parent->next )
+        {
+            /* +2 because the current step is not yet accounted for
+             * and because max_pathlen is one higher than it should be */
+            if( parent->max_pathlen > 0 &&
+                parent->max_pathlen < 2 + pathlen )
+            {
+                continue;
+            }
+
+            if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
+                break;
+        }
+
+        /* Are we part of the chain or at the top? */
+        if( parent != NULL )
+        {
+            ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
+                                         pathlen, selfsigned, flags, f_vrfy, p_vrfy );
+            if( ret != 0 )
+                return( ret );
+        }
+        else
+        {
+            ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
+                                       pathlen, selfsigned, flags, f_vrfy, p_vrfy );
+            if( ret != 0 )
+                return( ret );
+        }
+    }
+
+    if( *flags != 0 )
+        return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+
+    return( 0 );
+}
+
+/*
+ * Initialize a certificate chain
+ */
+void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
+{
+    memset( crt, 0, sizeof(mbedtls_x509_crt) );
+}
+
+/*
+ * Unallocate all certificate data
+ */
+void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
+{
+    mbedtls_x509_crt *cert_cur = crt;
+    mbedtls_x509_crt *cert_prv;
+    mbedtls_x509_name *name_cur;
+    mbedtls_x509_name *name_prv;
+    mbedtls_x509_sequence *seq_cur;
+    mbedtls_x509_sequence *seq_prv;
+
+    if( crt == NULL )
+        return;
+
+    do
+    {
+        mbedtls_pk_free( &cert_cur->pk );
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+        mbedtls_free( cert_cur->sig_opts );
+#endif
+
+        name_cur = cert_cur->issuer.next;
+        while( name_cur != NULL )
+        {
+            name_prv = name_cur;
+            name_cur = name_cur->next;
+            mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
+            mbedtls_free( name_prv );
+        }
+
+        name_cur = cert_cur->subject.next;
+        while( name_cur != NULL )
+        {
+            name_prv = name_cur;
+            name_cur = name_cur->next;
+            mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
+            mbedtls_free( name_prv );
+        }
+
+        seq_cur = cert_cur->ext_key_usage.next;
+        while( seq_cur != NULL )
+        {
+            seq_prv = seq_cur;
+            seq_cur = seq_cur->next;
+            mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
+            mbedtls_free( seq_prv );
+        }
+
+        seq_cur = cert_cur->subject_alt_names.next;
+        while( seq_cur != NULL )
+        {
+            seq_prv = seq_cur;
+            seq_cur = seq_cur->next;
+            mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
+            mbedtls_free( seq_prv );
+        }
+
+        if( cert_cur->raw.p != NULL )
+        {
+            mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len );
+            mbedtls_free( cert_cur->raw.p );
+        }
+
+        cert_cur = cert_cur->next;
+    }
+    while( cert_cur != NULL );
+
+    cert_cur = crt;
+    do
+    {
+        cert_prv = cert_cur;
+        cert_cur = cert_cur->next;
+
+        mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
+        if( cert_prv != crt )
+            mbedtls_free( cert_prv );
+    }
+    while( cert_cur != NULL );
+}
+
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/x509_csr.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,417 @@
+/*
+ *  X.509 Certificate Signing Request (CSR) parsing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ *  The ITU-T X.509 standard defines a certificate format for PKI.
+ *
+ *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
+ *
+ *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/oid.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+#include "mbedtls/pem.h"
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#include <stdio.h>
+#define mbedtls_free       free
+#define mbedtls_calloc    calloc
+#define mbedtls_snprintf   snprintf
+#endif
+
+#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
+#include <stdio.h>
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ *  Version  ::=  INTEGER  {  v1(0)  }
+ */
+static int x509_csr_get_version( unsigned char **p,
+                             const unsigned char *end,
+                             int *ver )
+{
+    int ret;
+
+    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
+    {
+        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        {
+            *ver = 0;
+            return( 0 );
+        }
+
+        return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Parse a CSR in DER format
+ */
+int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
+                        const unsigned char *buf, size_t buflen )
+{
+    int ret;
+    size_t len;
+    unsigned char *p, *end;
+    mbedtls_x509_buf sig_params;
+
+    memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) );
+
+    /*
+     * Check for valid input
+     */
+    if( csr == NULL || buf == NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    mbedtls_x509_csr_init( csr );
+
+    /*
+     * first copy the raw DER data
+     */
+    p = mbedtls_calloc( 1, len = buflen );
+
+    if( p == NULL )
+        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
+
+    memcpy( p, buf, buflen );
+
+    csr->raw.p = p;
+    csr->raw.len = len;
+    end = p + len;
+
+    /*
+     *  CertificationRequest ::= SEQUENCE {
+     *       certificationRequestInfo CertificationRequestInfo,
+     *       signatureAlgorithm AlgorithmIdentifier,
+     *       signature          BIT STRING
+     *  }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    }
+
+    if( len != (size_t) ( end - p ) )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
+    /*
+     *  CertificationRequestInfo ::= SEQUENCE {
+     */
+    csr->cri.p = p;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+
+    end = p + len;
+    csr->cri.len = end - csr->cri.p;
+
+    /*
+     *  Version  ::=  INTEGER {  v1(0) }
+     */
+    if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( ret );
+    }
+
+    csr->version++;
+
+    if( csr->version != 1 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
+    }
+
+    /*
+     *  subject               Name
+     */
+    csr->subject_raw.p = p;
+
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+
+    if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( ret );
+    }
+
+    csr->subject_raw.len = p - csr->subject_raw.p;
+
+    /*
+     *  subjectPKInfo SubjectPublicKeyInfo
+     */
+    if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( ret );
+    }
+
+    /*
+     *  attributes    [0] Attributes
+     */
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+    // TODO Parse Attributes / extension requests
+
+    p += len;
+
+    end = csr->raw.p + csr->raw.len;
+
+    /*
+     *  signatureAlgorithm   AlgorithmIdentifier,
+     *  signature            BIT STRING
+     */
+    if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params,
+                                  &csr->sig_md, &csr->sig_pk,
+                                  &csr->sig_opts ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
+    }
+
+    if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( ret );
+    }
+
+    if( p != end )
+    {
+        mbedtls_x509_csr_free( csr );
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Parse a CSR, allowing for PEM or raw DER encoding
+ */
+int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
+{
+    int ret;
+#if defined(MBEDTLS_PEM_PARSE_C)
+    size_t use_len;
+    mbedtls_pem_context pem;
+#endif
+
+    /*
+     * Check for valid input
+     */
+    if( csr == NULL || buf == NULL )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+    mbedtls_pem_init( &pem );
+
+    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
+    if( buflen == 0 || buf[buflen - 1] != '\0' )
+        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
+    else
+        ret = mbedtls_pem_read_buffer( &pem,
+                               "-----BEGIN CERTIFICATE REQUEST-----",
+                               "-----END CERTIFICATE REQUEST-----",
+                               buf, NULL, 0, &use_len );
+
+    if( ret == 0 )
+    {
+        /*
+         * Was PEM encoded, parse the result
+         */
+        if( ( ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ) ) != 0 )
+            return( ret );
+
+        mbedtls_pem_free( &pem );
+        return( 0 );
+    }
+    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+    {
+        mbedtls_pem_free( &pem );
+        return( ret );
+    }
+    else
+#endif /* MBEDTLS_PEM_PARSE_C */
+    return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
+}
+
+#if defined(MBEDTLS_FS_IO)
+/*
+ * Load a CSR into the structure
+ */
+int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
+{
+    int ret;
+    size_t n;
+    unsigned char *buf;
+
+    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
+
+    ret = mbedtls_x509_csr_parse( csr, buf, n );
+
+    mbedtls_zeroize( buf, n );
+    mbedtls_free( buf );
+
+    return( ret );
+}
+#endif /* MBEDTLS_FS_IO */
+
+#define BEFORE_COLON    14
+#define BC              "14"
+/*
+ * Return an informational string about the CSR.
+ */
+int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
+                   const mbedtls_x509_csr *csr )
+{
+    int ret;
+    size_t n;
+    char *p;
+    char key_size_str[BEFORE_COLON];
+
+    p = buf;
+    n = size;
+
+    ret = mbedtls_snprintf( p, n, "%sCSR version   : %d",
+                               prefix, csr->version );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%ssubject name  : ", prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+    ret = mbedtls_x509_dn_gets( p, n, &csr->subject );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_snprintf( p, n, "\n%ssigned using  : ", prefix );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
+                             csr->sig_opts );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
+                                      mbedtls_pk_get_name( &csr->pk ) ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
+                          (int) mbedtls_pk_get_bitlen( &csr->pk ) );
+    MBEDTLS_X509_SAFE_SNPRINTF;
+
+    return( (int) ( size - n ) );
+}
+
+/*
+ * Initialize a CSR
+ */
+void mbedtls_x509_csr_init( mbedtls_x509_csr *csr )
+{
+    memset( csr, 0, sizeof(mbedtls_x509_csr) );
+}
+
+/*
+ * Unallocate all CSR data
+ */
+void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
+{
+    mbedtls_x509_name *name_cur;
+    mbedtls_x509_name *name_prv;
+
+    if( csr == NULL )
+        return;
+
+    mbedtls_pk_free( &csr->pk );
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    mbedtls_free( csr->sig_opts );
+#endif
+
+    name_cur = csr->subject.next;
+    while( name_cur != NULL )
+    {
+        name_prv = name_cur;
+        name_cur = name_cur->next;
+        mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
+        mbedtls_free( name_prv );
+    }
+
+    if( csr->raw.p != NULL )
+    {
+        mbedtls_zeroize( csr->raw.p, csr->raw.len );
+        mbedtls_free( csr->raw.p );
+    }
+
+    mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) );
+}
+
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/x509write_crt.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,456 @@
+/*
+ *  X.509 certificate writing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * References:
+ * - certificates: RFC 5280, updated by RFC 6818
+ * - CSRs: PKCS#10 v1.7 aka RFC 2986
+ * - attributes: PKCS#9 v2.0 aka RFC 2985
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/sha1.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#include "mbedtls/pem.h"
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
+{
+    memset( ctx, 0, sizeof(mbedtls_x509write_cert) );
+
+    mbedtls_mpi_init( &ctx->serial );
+    ctx->version = MBEDTLS_X509_CRT_VERSION_3;
+}
+
+void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx )
+{
+    mbedtls_mpi_free( &ctx->serial );
+
+    mbedtls_asn1_free_named_data_list( &ctx->subject );
+    mbedtls_asn1_free_named_data_list( &ctx->issuer );
+    mbedtls_asn1_free_named_data_list( &ctx->extensions );
+
+    mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_cert) );
+}
+
+void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
+{
+    ctx->version = version;
+}
+
+void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg )
+{
+    ctx->md_alg = md_alg;
+}
+
+void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key )
+{
+    ctx->subject_key = key;
+}
+
+void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key )
+{
+    ctx->issuer_key = key;
+}
+
+int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
+                                    const char *subject_name )
+{
+    return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
+}
+
+int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
+                                   const char *issuer_name )
+{
+    return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name );
+}
+
+int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial )
+{
+    int ret;
+
+    if( ( ret = mbedtls_mpi_copy( &ctx->serial, serial ) ) != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
+                                const char *not_after )
+{
+    if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
+        strlen( not_after )  != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
+    {
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+    }
+    strncpy( ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
+    strncpy( ctx->not_after , not_after , MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
+    ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
+    ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
+
+    return( 0 );
+}
+
+int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
+                                 const char *oid, size_t oid_len,
+                                 int critical,
+                                 const unsigned char *val, size_t val_len )
+{
+    return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
+                               critical, val, val_len );
+}
+
+int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
+                                         int is_ca, int max_pathlen )
+{
+    int ret;
+    unsigned char buf[9];
+    unsigned char *c = buf + sizeof(buf);
+    size_t len = 0;
+
+    memset( buf, 0, sizeof(buf) );
+
+    if( is_ca && max_pathlen > 127 )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    if( is_ca )
+    {
+        if( max_pathlen >= 0 )
+        {
+            MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, max_pathlen ) );
+        }
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) );
+    }
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                MBEDTLS_ASN1_SEQUENCE ) );
+
+    return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
+                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
+                                        0, buf + sizeof(buf) - len, len );
+}
+
+#if defined(MBEDTLS_SHA1_C)
+int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )
+{
+    int ret;
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
+    unsigned char *c = buf + sizeof(buf);
+    size_t len = 0;
+
+    memset( buf, 0, sizeof(buf) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
+
+    mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
+    c = buf + sizeof(buf) - 20;
+    len = 20;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
+
+    return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
+                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
+                                        0, buf + sizeof(buf) - len, len );
+}
+
+int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
+{
+    int ret;
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
+    unsigned char *c = buf + sizeof(buf);
+    size_t len = 0;
+
+    memset( buf, 0, sizeof(buf) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
+
+    mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
+    c = buf + sizeof(buf) - 20;
+    len = 20;
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                MBEDTLS_ASN1_SEQUENCE ) );
+
+    return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
+                                   MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
+                                   0, buf + sizeof(buf) - len, len );
+}
+#endif /* MBEDTLS_SHA1_C */
+
+int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
+                                         unsigned int key_usage )
+{
+    unsigned char buf[4], ku;
+    unsigned char *c;
+    int ret;
+
+    /* We currently only support 7 bits, from 0x80 to 0x02 */
+    if( ( key_usage & ~0xfe ) != 0 )
+        return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+
+    c = buf + 4;
+    ku = (unsigned char) key_usage;
+
+    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
+        return( ret );
+
+    ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
+                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
+                                       1, buf, 4 );
+    if( ret != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
+                                    unsigned char ns_cert_type )
+{
+    unsigned char buf[4];
+    unsigned char *c;
+    int ret;
+
+    c = buf + 4;
+
+    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+        return( ret );
+
+    ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
+                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
+                                       0, buf, 4 );
+    if( ret != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+static int x509_write_time( unsigned char **p, unsigned char *start,
+                            const char *time, size_t size )
+{
+    int ret;
+    size_t len = 0;
+
+    /*
+     * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
+     */
+    if( time[0] == '2' && time[1] == '0' && time [2] < '5' )
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
+                                             (const unsigned char *) time + 2,
+                                             size - 2 ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) );
+    }
+    else
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
+                                                  (const unsigned char *) time,
+                                                  size ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) );
+    }
+
+    return( (int) len );
+}
+
+int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng )
+{
+    int ret;
+    const char *sig_oid;
+    size_t sig_oid_len = 0;
+    unsigned char *c, *c2;
+    unsigned char hash[64];
+    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char tmp_buf[2048];
+    size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
+    size_t len = 0;
+    mbedtls_pk_type_t pk_alg;
+
+    /*
+     * Prepare data to be signed in tmp_buf
+     */
+    c = tmp_buf + sizeof( tmp_buf );
+
+    /* Signature algorithm needed in TBS, and later for actual signature */
+    pk_alg = mbedtls_pk_get_type( ctx->issuer_key );
+    if( pk_alg == MBEDTLS_PK_ECKEY )
+        pk_alg = MBEDTLS_PK_ECDSA;
+
+    if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
+                                        &sig_oid, &sig_oid_len ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    /*
+     *  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+     */
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_SEQUENCE ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+                                                    MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
+
+    /*
+     *  SubjectPublicKeyInfo
+     */
+    MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->subject_key,
+                                                tmp_buf, c - tmp_buf ) );
+    c -= pub_len;
+    len += pub_len;
+
+    /*
+     *  Subject  ::=  Name
+     */
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
+
+    /*
+     *  Validity ::= SEQUENCE {
+     *       notBefore      Time,
+     *       notAfter       Time }
+     */
+    sub_len = 0;
+
+    MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after,
+                                            MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+
+    MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before,
+                                            MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
+
+    len += sub_len;
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_SEQUENCE ) );
+
+    /*
+     *  Issuer  ::=  Name
+     */
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->issuer ) );
+
+    /*
+     *  Signature   ::=  AlgorithmIdentifier
+     */
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, tmp_buf,
+                       sig_oid, strlen( sig_oid ), 0 ) );
+
+    /*
+     *  Serial   ::=  INTEGER
+     */
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, tmp_buf, &ctx->serial ) );
+
+    /*
+     *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+     */
+    sub_len = 0;
+    MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
+    len += sub_len;
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+                                                    MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_SEQUENCE ) );
+
+    /*
+     * Make signature
+     */
+    mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
+
+    if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len,
+                         f_rng, p_rng ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    /*
+     * Write data to output buffer
+     */
+    c2 = buf + size;
+    MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
+                                        sig_oid, sig_oid_len, sig, sig_len ) );
+
+    c2 -= len;
+    memcpy( c2, c, len );
+
+    len += sig_and_oid_len;
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                 MBEDTLS_ASN1_SEQUENCE ) );
+
+    return( (int) len );
+}
+
+#define PEM_BEGIN_CRT           "-----BEGIN CERTIFICATE-----\n"
+#define PEM_END_CRT             "-----END CERTIFICATE-----\n"
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng )
+{
+    int ret;
+    unsigned char output_buf[4096];
+    size_t olen = 0;
+
+    if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf),
+                                   f_rng, p_rng ) ) < 0 )
+    {
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
+                                  output_buf + sizeof(output_buf) - ret,
+                                  ret, buf, size, &olen ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/x509write_csr.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,256 @@
+/*
+ *  X.509 Certificate Signing Request writing
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * References:
+ * - CSRs: PKCS#10 v1.7 aka RFC 2986
+ * - attributes: PKCS#9 v2.0 aka RFC 2985
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1write.h"
+
+#include <string.h>
+#include <stdlib.h>
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#include "mbedtls/pem.h"
+#endif
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
+{
+    memset( ctx, 0, sizeof(mbedtls_x509write_csr) );
+}
+
+void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
+{
+    mbedtls_asn1_free_named_data_list( &ctx->subject );
+    mbedtls_asn1_free_named_data_list( &ctx->extensions );
+
+    mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_csr) );
+}
+
+void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
+{
+    ctx->md_alg = md_alg;
+}
+
+void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key )
+{
+    ctx->key = key;
+}
+
+int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
+                                    const char *subject_name )
+{
+    return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
+}
+
+int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
+                                 const char *oid, size_t oid_len,
+                                 const unsigned char *val, size_t val_len )
+{
+    return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
+                               0, val, val_len );
+}
+
+int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
+{
+    unsigned char buf[4];
+    unsigned char *c;
+    int ret;
+
+    c = buf + 4;
+
+    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
+        return( ret );
+
+    ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
+                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
+                                       buf, 4 );
+    if( ret != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
+                                    unsigned char ns_cert_type )
+{
+    unsigned char buf[4];
+    unsigned char *c;
+    int ret;
+
+    c = buf + 4;
+
+    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
+        return( ret );
+
+    ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
+                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
+                                       buf, 4 );
+    if( ret != 0 )
+        return( ret );
+
+    return( 0 );
+}
+
+int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng )
+{
+    int ret;
+    const char *sig_oid;
+    size_t sig_oid_len = 0;
+    unsigned char *c, *c2;
+    unsigned char hash[64];
+    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char tmp_buf[2048];
+    size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
+    size_t len = 0;
+    mbedtls_pk_type_t pk_alg;
+
+    /*
+     * Prepare data to be signed in tmp_buf
+     */
+    c = tmp_buf + sizeof( tmp_buf );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
+
+    if( len )
+    {
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                        MBEDTLS_ASN1_SEQUENCE ) );
+
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                        MBEDTLS_ASN1_SET ) );
+
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
+                                          MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
+
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                        MBEDTLS_ASN1_SEQUENCE ) );
+    }
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
+
+    MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
+                                                tmp_buf, c - tmp_buf ) );
+    c -= pub_len;
+    len += pub_len;
+
+    /*
+     *  Subject  ::=  Name
+     */
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
+
+    /*
+     *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+     */
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) );
+
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                    MBEDTLS_ASN1_SEQUENCE ) );
+
+    /*
+     * Prepare signature
+     */
+    mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
+
+    pk_alg = mbedtls_pk_get_type( ctx->key );
+    if( pk_alg == MBEDTLS_PK_ECKEY )
+        pk_alg = MBEDTLS_PK_ECDSA;
+
+    if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
+                         f_rng, p_rng ) ) != 0 ||
+        ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
+                                        &sig_oid, &sig_oid_len ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    /*
+     * Write data to output buffer
+     */
+    c2 = buf + size;
+    MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
+                                        sig_oid, sig_oid_len, sig, sig_len ) );
+
+    c2 -= len;
+    memcpy( c2, c, len );
+
+    len += sig_and_oid_len;
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
+    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
+                                                 MBEDTLS_ASN1_SEQUENCE ) );
+
+    return( (int) len );
+}
+
+#define PEM_BEGIN_CSR           "-----BEGIN CERTIFICATE REQUEST-----\n"
+#define PEM_END_CSR             "-----END CERTIFICATE REQUEST-----\n"
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng )
+{
+    int ret;
+    unsigned char output_buf[4096];
+    size_t olen = 0;
+
+    if( ( ret = mbedtls_x509write_csr_der( ctx, output_buf, sizeof(output_buf),
+                                   f_rng, p_rng ) ) < 0 )
+    {
+        return( ret );
+    }
+
+    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR,
+                                  output_buf + sizeof(output_buf) - ret,
+                                  ret, buf, size, &olen ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/mbedtls/source/xtea.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,281 @@
+/*
+ *  An 32-bit implementation of the XTEA algorithm
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_XTEA_C)
+
+#include "mbedtls/xtea.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_XTEA_ALT)
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+{                                                       \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+}
+#endif
+
+void mbedtls_xtea_init( mbedtls_xtea_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_xtea_context ) );
+}
+
+void mbedtls_xtea_free( mbedtls_xtea_context *ctx )
+{
+    if( ctx == NULL )
+        return;
+
+    mbedtls_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
+}
+
+/*
+ * XTEA key schedule
+ */
+void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] )
+{
+    int i;
+
+    memset( ctx, 0, sizeof(mbedtls_xtea_context) );
+
+    for( i = 0; i < 4; i++ )
+    {
+        GET_UINT32_BE( ctx->k[i], key, i << 2 );
+    }
+}
+
+/*
+ * XTEA encrypt function
+ */
+int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode,
+                    const unsigned char input[8], unsigned char output[8])
+{
+    uint32_t *k, v0, v1, i;
+
+    k = ctx->k;
+
+    GET_UINT32_BE( v0, input, 0 );
+    GET_UINT32_BE( v1, input, 4 );
+
+    if( mode == MBEDTLS_XTEA_ENCRYPT )
+    {
+        uint32_t sum = 0, delta = 0x9E3779B9;
+
+        for( i = 0; i < 32; i++ )
+        {
+            v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
+            sum += delta;
+            v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
+        }
+    }
+    else /* MBEDTLS_XTEA_DECRYPT */
+    {
+        uint32_t delta = 0x9E3779B9, sum = delta * 32;
+
+        for( i = 0; i < 32; i++ )
+        {
+            v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
+            sum -= delta;
+            v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
+        }
+    }
+
+    PUT_UINT32_BE( v0, output, 0 );
+    PUT_UINT32_BE( v1, output, 4 );
+
+    return( 0 );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+/*
+ * XTEA-CBC buffer encryption/decryption
+ */
+int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length,
+                    unsigned char iv[8], const unsigned char *input,
+                    unsigned char *output)
+{
+    int i;
+    unsigned char temp[8];
+
+    if( length % 8 )
+        return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH );
+
+    if( mode == MBEDTLS_XTEA_DECRYPT )
+    {
+        while( length > 0 )
+        {
+            memcpy( temp, input, 8 );
+            mbedtls_xtea_crypt_ecb( ctx, mode, input, output );
+
+            for( i = 0; i < 8; i++ )
+                output[i] = (unsigned char)( output[i] ^ iv[i] );
+
+            memcpy( iv, temp, 8 );
+
+            input  += 8;
+            output += 8;
+            length -= 8;
+        }
+    }
+    else
+    {
+        while( length > 0 )
+        {
+            for( i = 0; i < 8; i++ )
+                output[i] = (unsigned char)( input[i] ^ iv[i] );
+
+            mbedtls_xtea_crypt_ecb( ctx, mode, output, output );
+            memcpy( iv, output, 8 );
+
+            input  += 8;
+            output += 8;
+            length -= 8;
+        }
+    }
+
+    return( 0 );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#endif /* !MBEDTLS_XTEA_ALT */
+
+#if defined(MBEDTLS_SELF_TEST)
+
+/*
+ * XTEA tests vectors (non-official)
+ */
+
+static const unsigned char xtea_test_key[6][16] =
+{
+   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+     0x0c, 0x0d, 0x0e, 0x0f },
+   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+     0x0c, 0x0d, 0x0e, 0x0f },
+   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+     0x0c, 0x0d, 0x0e, 0x0f },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 },
+   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00 }
+};
+
+static const unsigned char xtea_test_pt[6][8] =
+{
+    { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
+    { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
+    { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
+    { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
+    { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
+    { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
+};
+
+static const unsigned char xtea_test_ct[6][8] =
+{
+    { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
+    { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
+    { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
+    { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
+    { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
+    { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
+};
+
+/*
+ * Checkup routine
+ */
+int mbedtls_xtea_self_test( int verbose )
+{
+    int i, ret = 0;
+    unsigned char buf[8];
+    mbedtls_xtea_context ctx;
+
+    mbedtls_xtea_init( &ctx );
+    for( i = 0; i < 6; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  XTEA test #%d: ", i + 1 );
+
+        memcpy( buf, xtea_test_pt[i], 8 );
+
+        mbedtls_xtea_setup( &ctx, xtea_test_key[i] );
+        mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf );
+
+        if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto exit;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( "passed\n" );
+    }
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+exit:
+    mbedtls_xtea_free( &ctx );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_XTEA_C */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/LICENSE	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,2 @@
+Unless specifically indicated otherwise in a file, files are licensed
+under the Apache 2.0 license, as can be found in: apache-2.0.txt
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/README.md	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,3 @@
+# mbed-client-libservice module
+
+Collection of helper libraries for mbed-client and 6LowPAN/IPv6/RPL/MLE/Thread stack.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/apache-2.0.txt	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,56 @@
+
+
+Apache License
+
+Version 2.0, January 2004
+
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+    You must give any other recipients of the Work or Derivative Works a copy of this License; and
+    You must cause any modified files to carry prominent notices stating that You changed the files; and
+    You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+    If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
+
+    You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/mbed-client-libservice/common_functions.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,479 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef COMMON_FUNCTIONS_H_
+#define COMMON_FUNCTIONS_H_
+
+#include "ns_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Common write 64-bit variable to 8-bit pointer.
+ *
+ * Write 64 bits in big-endian (network) byte order.
+ *
+ * \param value 64-bit variable
+ * \param ptr pointer where data to be written
+ *
+ * \return updated pointer
+ */
+NS_INLINE uint8_t *common_write_64_bit(uint64_t value, uint8_t ptr[__static 8]);
+
+/*
+ * Common read 64-bit variable from 8-bit pointer.
+ *
+ * Read 64 bits in big-endian (network) byte order.
+ *
+ * \param data_buf pointer where data to be read
+ *
+ * \return 64-bit variable
+ */
+NS_INLINE uint64_t common_read_64_bit(const uint8_t data_buf[__static 8]);
+
+/*
+ * Common write 32-bit variable to 8-bit pointer.
+ *
+ * Write 32 bits in big-endian (network) byte order.
+ *
+ * \param value 32-bit variable
+ * \param ptr pointer where data to be written
+ *
+ * \return updated pointer
+ */
+NS_INLINE uint8_t *common_write_32_bit(uint32_t value, uint8_t ptr[__static 4]);
+
+/*
+ * Common read 32-bit variable from 8-bit pointer.
+ *
+ * Read 32 bits in big-endian (network) byte order.
+ *
+ * \param data_buf pointer where data to be read
+ *
+ * \return 32-bit variable
+ */
+NS_INLINE uint32_t common_read_32_bit(const uint8_t data_buf[__static 4]);
+
+/*
+ * Common write 32-bit variable to 8-bit pointer.
+ *
+ * Write 32 bits in little-endian byte order.
+ *
+ * \param value 32-bit variable
+ * \param ptr pointer where data to be written
+ *
+ * \return updated pointer
+ */
+NS_INLINE uint8_t *common_write_32_bit_inverse(uint32_t value, uint8_t ptr[__static 4]);
+
+/*
+ * Common read 32-bit variable from 8-bit pointer.
+ *
+ * Read 32 bits in little-endian byte order.
+ *
+ * \param data_buf pointer where data to be read
+ *
+ * \return 32-bit variable
+ */
+NS_INLINE uint32_t common_read_32_bit_inverse(const uint8_t data_buf[__static 4]);
+
+/*
+ * Common write 24-bit variable to 8-bit pointer.
+ *
+ * Write 24 bits in big-endian (network) byte order.
+ *
+ * \param value 24-bit variable
+ * \param ptr pointer where data to be written
+ *
+ * \return updated pointer
+ */
+NS_INLINE uint8_t *common_write_24_bit(uint_fast24_t value, uint8_t ptr[__static 3]);
+
+/*
+ * Common read 24-bit variable from 8-bit pointer.
+ *
+ * Read 24 bits in big-endian (network) byte order.
+ *
+ * \param data_buf pointer where data to be read
+ *
+ * \return 24-bit variable
+ */
+NS_INLINE uint_fast24_t common_read_24_bit(const uint8_t data_buf[__static 3]);
+
+/*
+ * Common write 16-bit variable to 8-bit pointer.
+ *
+ * Write 16 bits in big-endian (network) byte order.
+ *
+ * \param value 16-bit variable
+ * \param ptr pointer where data to be written
+ *
+ * \return updated pointer
+ */
+NS_INLINE uint8_t *common_write_16_bit(uint16_t value, uint8_t ptr[__static 2]);
+
+/*
+ * Common read 16-bit variable from 8-bit pointer.
+ *
+ * Read 16 bits in big-endian (network) byte order.
+ *
+ * \param data_buf pointer where data to be read
+ *
+ * \return 16-bit variable
+ */
+NS_INLINE uint16_t common_read_16_bit(const uint8_t data_buf[__static 2]);
+
+/*
+ * Common write 16-bit variable to 8-bit pointer.
+ *
+ * Write 16 bits in little-endian byte order.
+ *
+ * \param value 16-bit variable
+ * \param ptr pointer where data to be written
+ *
+ * \return updated pointer
+ */
+NS_INLINE uint8_t *common_write_16_bit_inverse(uint16_t value, uint8_t ptr[__static 2]);
+
+/*
+ * Count bits in a byte
+ *
+ * \param byte byte to inspect
+ *
+ * \return number of 1-bits in byte
+ */
+NS_INLINE uint_fast8_t common_count_bits(uint8_t byte);
+
+/*
+ * Count leading zeros in a byte
+ *
+ * \param byte byte to inspect
+ *
+ * \return number of leading zeros in byte (0-8)
+ */
+NS_INLINE uint_fast8_t common_count_leading_zeros(uint8_t byte);
+
+/*
+ * Compare 8-bit serial numbers
+ *
+ * Compare two 8-bit serial numbers, according to RFC 1982 Serial Number
+ * Arithmetic.
+ *
+ * \param s1 first serial number
+ * \param s2 second serial number
+ *
+ * \return true if s1 > s2
+ * \return false if s1 <= s2, or the comparison is undefined
+ */
+NS_INLINE bool common_serial_number_greater_8(uint8_t s1, uint8_t s2);
+
+/*
+ * Compare 16-bit serial numbers
+ *
+ * Compare two 16-bit serial numbers, according to RFC 1982 Serial Number
+ * Arithmetic.
+ *
+ * \param s1 first serial number
+ * \param s2 second serial number
+ *
+ * \return true if s1 > s2
+ * \return false if s1 <= s2, or the comparison is undefined
+ */
+NS_INLINE bool common_serial_number_greater_16(uint16_t s1, uint16_t s2);
+
+/*
+ * Compare 32-bit serial numbers
+ *
+ * Compare two 32-bit serial numbers, according to RFC 1982 Serial Number
+ * Arithmetic.
+ *
+ * \param s1 first serial number
+ * \param s2 second serial number
+ *
+ * \return true if s1 > s2
+ * \return false if s1 <= s2, or the comparison is undefined
+ */
+NS_INLINE bool common_serial_number_greater_32(uint32_t s1, uint32_t s2);
+
+/*
+ * Test a bit in an bit array.
+ *
+ * Check whether a particular bit is set in a bit string. The bit array
+ * is in big-endian (network) bit order.
+ *
+ * \param bitset pointer to bit array
+ * \param bit index of bit - 0 is the most significant bit of the first byte
+ *
+ * \return true if the bit is set
+ */
+NS_INLINE bool bit_test(const uint8_t *bitset, uint_fast8_t bit);
+
+/*
+ * Set a bit in an bit array.
+ *
+ * Set a bit in a bit array. The array is in big-endian (network) bit order.
+ *
+ * \param bitset pointer to bit array
+ * \param bit index of bit - 0 is the most significant bit of the first byte
+ */
+NS_INLINE void bit_set(uint8_t *bitset, uint_fast8_t bit);
+
+/*
+ * Clear a bit in an bit array.
+ *
+ * Clear a bit in a bit array. The bit array is in big-endian (network) bit order.
+ *
+ * \param bitset pointer to bit array
+ * \param bit index of bit - 0 is the most significant bit of the first byte
+ */
+NS_INLINE void bit_clear(uint8_t *bitset, uint_fast8_t bit);
+
+/*
+ * Compare two bitstrings.
+ *
+ * Compare two bitstrings of specified length. The bit strings are in
+ * big-endian (network) bit order.
+ *
+ * \param a pointer to first string
+ * \param b pointer to second string
+ * \param bits number of bits to compare
+ *
+ * \return true if the strings compare equal
+ */
+bool bitsequal(const uint8_t *a, const uint8_t *b, uint_fast8_t bits);
+
+/*
+ * Copy a bitstring
+ *
+ * Copy a bitstring of specified length. The bit string is in big-endian
+ * (network) bit order. Bits beyond the bitlength at the destination are not
+ * modified.
+ *
+ * For example, copying 4 bits sets the first 4 bits of dst[0] from src[0],
+ * the lower 4 bits of dst[0] are unmodified.
+ *
+ * \param dst destination pointer
+ * \param src source pointer
+ * \param bits number of bits to copy
+ *
+ * \return the value of dst
+ */
+uint8_t *bitcopy(uint8_t *restrict dst, const uint8_t *restrict src, uint_fast8_t bits);
+
+/*
+ * Copy a bitstring and pad last byte with zeros
+ *
+ * Copy a bitstring of specified length. The bit string is in big-endian
+ * (network) bit order. Bits beyond the bitlength in the last destination byte are
+ * zeroed.
+ *
+ * For example, copying 4 bits sets the first 4 bits of dst[0] from src[0], and
+ * the lower 4 bits of dst[0] are set to 0.
+ *
+ * \param dst destination pointer
+ * \param src source pointer
+ * \param bits number of bits to copy
+ *
+ * \return the value of dst
+ */
+uint8_t *bitcopy0(uint8_t *restrict dst, const uint8_t *restrict src, uint_fast8_t bits);
+
+/* Provide definitions, either for inlining, or for common_functions.c */
+#if defined NS_ALLOW_INLINING || defined COMMON_FUNCTIONS_FN
+#ifndef COMMON_FUNCTIONS_FN
+#define COMMON_FUNCTIONS_FN NS_INLINE
+#endif
+
+COMMON_FUNCTIONS_FN uint8_t *common_write_64_bit(uint64_t value, uint8_t ptr[__static 8])
+{
+    *ptr++ = value >> 56;
+    *ptr++ = value >> 48;
+    *ptr++ = value >> 40;
+    *ptr++ = value >> 32;
+    *ptr++ = value >> 24;
+    *ptr++ = value >> 16;
+    *ptr++ = value >> 8;
+    *ptr++ = value;
+    return ptr;
+}
+
+COMMON_FUNCTIONS_FN uint64_t common_read_64_bit(const uint8_t data_buf[__static 8])
+{
+    uint64_t temp_64;
+    temp_64 = (uint64_t)(*data_buf++) << 56;
+    temp_64 += (uint64_t)(*data_buf++) << 48;
+    temp_64 += (uint64_t)(*data_buf++) << 40;
+    temp_64 += (uint64_t)(*data_buf++) << 32;
+    temp_64 += (uint64_t)(*data_buf++) << 24;
+    temp_64 += (uint64_t)(*data_buf++) << 16;
+    temp_64 += (uint64_t)(*data_buf++) << 8;
+    temp_64 += *data_buf++;
+    return temp_64;
+}
+
+COMMON_FUNCTIONS_FN uint8_t *common_write_32_bit(uint32_t value, uint8_t ptr[__static 4])
+{
+    *ptr++ = value >> 24;
+    *ptr++ = value >> 16;
+    *ptr++ = value >> 8;
+    *ptr++ = value;
+    return ptr;
+}
+
+COMMON_FUNCTIONS_FN uint32_t common_read_32_bit(const uint8_t data_buf[__static 4])
+{
+    uint32_t temp_32;
+    temp_32 = (uint32_t)(*data_buf++) << 24;
+    temp_32 += (uint32_t)(*data_buf++) << 16;
+    temp_32 += (uint32_t)(*data_buf++) << 8;
+    temp_32 += *data_buf++;
+    return temp_32;
+}
+
+COMMON_FUNCTIONS_FN uint8_t *common_write_32_bit_inverse(uint32_t value, uint8_t ptr[__static 4])
+{
+    *ptr++ = value;
+    *ptr++ = value >> 8;
+    *ptr++ = value >> 16;
+    *ptr++ = value >> 24;
+    return ptr;
+}
+
+COMMON_FUNCTIONS_FN uint32_t common_read_32_bit_inverse(const uint8_t data_buf[__static 4])
+{
+    uint32_t temp_32;
+    temp_32 =  *data_buf++;
+    temp_32 += (uint32_t)(*data_buf++) << 8;
+    temp_32 += (uint32_t)(*data_buf++) << 16;
+    temp_32 += (uint32_t)(*data_buf++) << 24;
+    return temp_32;
+}
+
+COMMON_FUNCTIONS_FN uint8_t *common_write_24_bit(uint_fast24_t value, uint8_t ptr[__static 3])
+{
+    *ptr++ = value >> 16;
+    *ptr++ = value >> 8;
+    *ptr++ = value;
+    return ptr;
+}
+
+COMMON_FUNCTIONS_FN uint_fast24_t common_read_24_bit(const uint8_t data_buf[__static 3])
+{
+    uint_fast24_t temp_24;
+    temp_24 = (uint_fast24_t)(*data_buf++) << 16;
+    temp_24 += (uint_fast24_t)(*data_buf++) << 8;
+    temp_24 += *data_buf++;
+    return temp_24;
+}
+
+COMMON_FUNCTIONS_FN uint8_t *common_write_16_bit(uint16_t value, uint8_t ptr[__static 2])
+{
+    *ptr++ = value >> 8;
+    *ptr++ = value;
+    return ptr;
+}
+
+COMMON_FUNCTIONS_FN uint16_t common_read_16_bit(const uint8_t data_buf[__static 2])
+{
+    uint16_t temp_16;
+    temp_16 = (uint16_t)(*data_buf++) << 8;
+    temp_16 += *data_buf++;
+    return temp_16;
+}
+
+COMMON_FUNCTIONS_FN uint8_t *common_write_16_bit_inverse(uint16_t value, uint8_t ptr[__static 2])
+{
+    *ptr++ = value;
+    *ptr++ = value >> 8;
+    return ptr;
+}
+
+COMMON_FUNCTIONS_FN uint_fast8_t common_count_bits(uint8_t byte)
+{
+    /* First step sets each bit pair to be count of bits (00,01,10) */
+    /* [00-00 = 00, 01-00 = 01, 10-01 = 01, 11-01 = 10] */
+    uint_fast8_t count = byte - ((byte >> 1) & 0x55);
+    /* Add bit pairs to make each nibble contain count of bits (0-4) */
+    count = (count & 0x33) + ((count >> 2) & 0x33);
+    /* Final result is sum of nibbles (0-8) */
+    count = (count >> 4) + (count & 0x0F);
+    return count;
+}
+
+COMMON_FUNCTIONS_FN uint_fast8_t common_count_leading_zeros(uint8_t byte)
+{
+#ifdef  __CC_ARM
+    return byte ? __clz((unsigned int) byte << 24) : 8;
+#elif defined __GNUC__
+    return byte ? __builtin_clz((unsigned int) byte << 24) : 8;
+#else
+    uint_fast8_t cnt = 0;
+    if (byte == 0) {
+        return 8;
+    }
+    if ((byte & 0xF0) == 0) {
+        byte <<= 4;
+        cnt += 4;
+    }
+    if ((byte & 0xC0) == 0) {
+        byte <<= 2;
+        cnt += 2;
+    }
+    if ((byte & 0x80) == 0) {
+        cnt += 1;
+    }
+
+    return cnt;
+#endif
+}
+
+COMMON_FUNCTIONS_FN bool common_serial_number_greater_8(uint8_t s1, uint8_t s2)
+{
+    return (s1 > s2 && s1 - s2 < UINT8_C(0x80)) || (s1 < s2 && s2 - s1 > UINT8_C(0x80));
+}
+
+COMMON_FUNCTIONS_FN bool common_serial_number_greater_16(uint16_t s1, uint16_t s2)
+{
+    return (s1 > s2 && s1 - s2 < UINT16_C(0x8000)) || (s1 < s2 && s2 - s1 > UINT16_C(0x8000));
+}
+
+COMMON_FUNCTIONS_FN bool common_serial_number_greater_32(uint32_t s1, uint32_t s2)
+{
+    return (s1 > s2 && s1 - s2 < UINT32_C(0x80000000)) || (s1 < s2 && s2 - s1 > UINT32_C(0x80000000));
+}
+
+COMMON_FUNCTIONS_FN bool bit_test(const uint8_t *bitset, uint_fast8_t bit)
+{
+    return bitset[bit >> 3] & (0x80 >> (bit & 7));
+}
+
+COMMON_FUNCTIONS_FN void bit_set(uint8_t *bitset, uint_fast8_t bit)
+{
+    bitset[bit >> 3] |= (0x80 >> (bit & 7));
+}
+
+COMMON_FUNCTIONS_FN void bit_clear(uint8_t *bitset, uint_fast8_t bit)
+{
+    bitset[bit >> 3] &= ~(0x80 >> (bit & 7));
+}
+
+#endif /* defined NS_ALLOW_INLINING || defined COMMON_FUNCTIONS_FN */
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*__COMMON_FUNCTIONS_H_*/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/mbed-client-libservice/ip6string.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef IP6STRING_H
+#define IP6STRING_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+/**
+ * Print binary IPv6 address to a string.
+ * String must contain enough room for full address, 40 bytes exact.
+ * IPv4 tunneling addresses are not covered.
+ * \param ip6addr IPv6 address.
+ * \p buffer to write string to.
+ */
+void ip6tos(const void *ip6addr, char *p);
+
+/**
+ * Convert numeric IPv6 address string to a binary.
+ * IPv4 tunneling addresses are not covered.
+ * \param ip6addr IPv6 address in string format.
+ * \param len Lenght of ipv6 string, maximum of 41.
+ * \param dest buffer for address. MUST be 16 bytes.
+ */
+void stoip6(const char *ip6addr, size_t len, void *dest);
+/**
+ * Find out numeric IPv6 address prefix length
+ * \param ip6addr  IPv6 address in string format
+ * \return prefix length or 0 if it not given
+ */
+unsigned char sipv6_prefixlength(const char *ip6addr);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/mbed-client-libservice/ip_fsc.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _NS_FSC_H
+#define _NS_FSC_H
+
+#include "ns_types.h"
+
+#define NEXT_HEADER_TCP     0x06
+#define NEXT_HEADER_UDP     0x11
+#define NEXT_HEADER_ICMP6   0x3A
+
+extern uint16_t ip_fcf_v(uint_fast8_t count, const ns_iovec_t vec[static count]);
+extern uint16_t ipv6_fcf(const uint8_t src_address[static 16], const uint8_t dest_address[static 16],
+                         uint16_t data_length, const uint8_t data_ptr[static data_length],  uint8_t next_protocol);
+
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/mbed-client-libservice/ns_list.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,736 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NS_LIST_H_
+#define NS_LIST_H_
+
+#include "ns_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** \file
+ * \brief Linked list support library
+ *
+ * The ns_list.h file provides a doubly-linked list/queue, providing O(1)
+ * performance for all insertion/removal operations, and access to either
+ * end of the list.
+ *
+ * Memory footprint is two pointers for the list head, and two pointers in each
+ * list entry. It is similar in concept to BSD's TAILQ.
+ *
+ * Although the API is symmetrical and O(1) in both directions, due to internal
+ * pointer design, it is *slightly* more efficient to insert at the end when
+ * used as a queue, and to iterate forwards rather than backwards.
+ *
+ * Example of an entry type that can be stored to this list.
+ * ~~~
+ *     typedef struct example_entry
+ *     {
+ *         uint8_t        *data;
+ *         uint32_t       data_count;
+ *         ns_list_link_t link;
+ *     }
+ *     example_entry_t;
+ *
+ *     static NS_LIST_HEAD(example_entry_t, link) my_list;
+ *     ns_list_init(&my_list);
+ * ~~~
+ * OR
+ * ~~~
+ *     NS_LIST_HEAD(example_entry_t, link) my_list = NS_LIST_INIT(my_list);
+ * ~~~
+ * OR
+ * ~~~
+ *     static NS_LIST_DEFINE(my_list, example_entry_t, link);
+ * ~~~
+ * OR
+ * ~~~
+ *     typedef NS_LIST_HEAD(example_entry_t, link) example_list_t;
+ *     example_list_t NS_LIST_NAME_INIT(my_list);
+ * ~~~
+ * NOTE: the link field SHALL NOT be accessed by the user.
+ *
+ * An entry can exist on multiple lists by having multiple link fields.
+ *
+ * All the list operations are implemented as macros, most of which are backed
+ * by optionally-inline functions. The macros do not evaluate any arguments more
+ * than once, unless documented.
+ *
+ * In macro documentation, `list_t` refers to a list type defined using
+ * NS_LIST_HEAD(), and `entry_t` to the entry type that was passed to it.
+ */
+
+/** \brief Underlying generic linked list head.
+ *
+ * Users should not use this type directly, but use the NS_LIST_HEAD() macro.
+ */
+typedef struct ns_list {
+    void *first_entry;      ///< Pointer to first entry, or NULL if list is empty
+    void **last_nextptr;    ///< Pointer to last entry's `next` pointer, or
+                            ///< to head's `first_entry` pointer if list is empty
+} ns_list_t;
+
+/** \brief Declare a list head type
+ *
+ * This union stores the real list head, and also encodes as compile-time type
+ * information the offset of the link pointer, and the type of the entry.
+ *
+ * Note that type information is compiler-dependent; this means
+ * ns_list_get_first() could return either `void *`, or a pointer to the actual
+ * entry type. So `ns_list_get_first()->data` is not a portable construct -
+ * always assign returned entry pointers to a properly typed pointer variable.
+ * This assignment will be then type-checked where the compiler supports it, and
+ * will dereference correctly on compilers that don't support this extension.
+ * ~~~
+ *     NS_LIST_HEAD(example_entry_t, link) my_list;
+ *
+ *     example_entry_t *entry = ns_list_get_first(&my_list);
+ *     do_something(entry->data);
+ * ~~~
+ * Each use of this macro generates a new anonymous union, so these two lists
+ * have different types:
+ * ~~~
+ *     NS_LIST_HEAD(example_entry_t, link) my_list1;
+ *     NS_LIST_HEAD(example_entry_t, link) my_list2;
+ * ~~~
+ * If you need to use a list type in multiple places, eg as a function
+ * parameter, use typedef:
+ * ~~~
+ *     typedef NS_LIST_HEAD(example_entry_t, link) example_list_t;
+ *
+ *     void example_function(example_list_t *);
+ * ~~~
+ */
+#define NS_LIST_HEAD(entry_type, field) \
+    NS_LIST_HEAD_BY_OFFSET_(entry_type, offsetof(entry_type, field))
+
+/** \brief Declare a list head type for an incomplete entry type.
+ *
+ * This declares a list head, similarly to NS_LIST_HEAD(), but unlike that
+ * this can be used in contexts where the entry type may be incomplete.
+ *
+ * To use this, the link pointer must be the first member in the
+ * actual complete structure. This is NOT checked - the definition of the
+ * element should probably test NS_STATIC_ASSERT(offsetof(type, link) == 0)
+ * if outside users are known to be using NS_LIST_HEAD_INCOMPLETE().
+ * ~~~
+ *     struct opaque;
+ *     NS_LIST_HEAD_INCOMPLETE(struct opaque) opaque_list;
+ * ~~~
+ */
+#define NS_LIST_HEAD_INCOMPLETE(entry_type) \
+    NS_LIST_HEAD_BY_OFFSET_(entry_type, 0)
+
+/// \privatesection
+/** \brief Internal macro defining a list head, given the offset to the link pointer
+ * The +1 allows for link_offset being 0 - we can't declare a 0-size array
+ */
+#define NS_LIST_HEAD_BY_OFFSET_(entry_type, link_offset) \
+union \
+{ \
+    ns_list_t slist; \
+    NS_STATIC_ASSERT(link_offset <= UINT_FAST8_MAX, "link offset too large") \
+    char (*offset)[link_offset + 1]; \
+    entry_type *type; \
+}
+
+/** \brief Get offset of link field in entry.
+ * \return `(ns_list_offset_t)` The offset of the link field for entries on the specified list
+ */
+#define NS_LIST_OFFSET_(list) ((ns_list_offset_t) (sizeof *(list)->offset - 1))
+
+/** \brief Get the entry pointer type.
+ * \def NS_LIST_PTR_TYPE_
+ *
+ * \return An unqualified pointer type to an entry on the specified list.
+ *
+ * Only available if the compiler provides a "typeof" operator.
+ */
+#if defined __cplusplus && __cplusplus >= 201103L
+#define NS_LIST_PTR_TYPE_(list) decltype((list)->type)
+#elif defined __GNUC__
+#define NS_LIST_PTR_TYPE_(list) __typeof__((list)->type)
+#endif
+
+/** \brief Check for compatible pointer types
+ *
+ * This test will produce a diagnostic about a pointer mismatch on
+ * the == inside the sizeof operator. For example ARM/Norcroft C gives the error:
+ *
+ *     operand types are incompatible ("entry_t *" and "other_t *")
+ */
+#ifdef CPPCHECK
+#define NS_PTR_MATCH_(a, b, str) ((void) 0)
+#else
+#define NS_PTR_MATCH_(a, b, str) ((void) sizeof ((a) == (b)))
+#endif
+
+/** \brief Internal macro to cast returned entry pointers to correct type.
+ *
+ * Not portable in C, alas. With GCC or C++11, the "get entry" macros return
+ * correctly-typed pointers. Otherwise, the macros return `void *`.
+ *
+ * The attempt at a portable version would work if the C `?:` operator wasn't
+ * broken - `x ? (t *) : (void *)` should really have type `(t *)` in C, but
+ * it has type `(void *)`, which only makes sense for C++. The `?:` is left in,
+ * in case some day it works. Some compilers may still warn if this is
+ * assigned to a different type.
+ */
+#ifdef NS_LIST_PTR_TYPE_
+#define NS_LIST_TYPECAST_(list, val) ((NS_LIST_PTR_TYPE_(list)) (val))
+#else
+#define NS_LIST_TYPECAST_(list, val) (0 ? (list)->type : (val))
+#endif
+
+/** \brief Internal macro to check types of input entry pointer. */
+#define NS_LIST_TYPECHECK_(list, entry) \
+    (NS_PTR_MATCH_((list)->type, (entry), "incorrect entry type for list"), (entry))
+
+/** \brief Type used to pass link offset to underlying functions
+ *
+ * We could use size_t, but it would be unnecessarily large on 8-bit systems,
+ * where we can be (pretty) confident we won't have next pointers more than
+ * 256 bytes into a structure.
+ */
+typedef uint_fast8_t ns_list_offset_t;
+
+/// \publicsection
+/** \brief The type for the link member in the user's entry structure.
+ *
+ * Users should not access this member directly - just pass its name to the
+ * list head macros. The funny prev pointer simplifies common operations
+ * (eg insertion, removal), at the expense of complicating rare reverse iteration.
+ *
+ * NB - the list implementation relies on next being the first member.
+ */
+typedef struct ns_list_link {
+    void *next;     ///< Pointer to next entry, or NULL if none
+    void **prev;    ///< Pointer to previous entry's (or head's) next pointer
+} ns_list_link_t;
+
+/** \brief "Poison" value placed in unattached entries' link pointers.
+ * \internal What are good values for this? Platform dependent, maybe just NULL
+ */
+#define NS_LIST_POISON ((void *) 0xDEADBEEF)
+
+/** \brief Initialiser for an entry's link member
+ *
+ * This initialiser is not required by the library, but a user may want an
+ * initialiser to include in their own entry initialiser. See
+ * ns_list_link_init() for more discussion.
+ */
+#define NS_LIST_LINK_INIT(name) \
+    NS_FUNNY_INTPTR_OK \
+    { NS_LIST_POISON, NS_LIST_POISON } \
+    NS_FUNNY_INTPTR_RESTORE
+
+/** \hideinitializer \brief Initialise an entry's list link
+ *
+ * This "initialises" an unattached entry's link by filling the fields with
+ * poison. This is optional, as unattached entries field pointers are not
+ * meaningful, and it is not valid to call ns_list_get_next or similar on
+ * an unattached entry.
+ *
+ * \param entry Pointer to an entry
+ * \param field The name of the link member to initialise
+ */
+#define ns_list_link_init(entry, field) ns_list_link_init_(&(entry)->field)
+
+/** \hideinitializer \brief Initialise a list
+ *
+ * Initialise a list head before use. A list head must be initialised using this
+ * function or one of the NS_LIST_INIT()-type macros before use. A zero-initialised
+ * list head is *not* valid.
+ *
+ * If used on a list containing existing entries, those entries will
+ * become detached. (They are not modified, but their links are now effectively
+ * undefined).
+ *
+ * \param list Pointer to a NS_LIST_HEAD() structure.
+ */
+#define ns_list_init(list) ns_list_init_(&(list)->slist)
+
+/** \brief Initialiser for an empty list
+ *
+ * Usage in an enclosing initialiser:
+ * ~~~
+ *      static my_type_including_list_t x = {
+ *          "Something",
+ *          23,
+ *          NS_LIST_INIT(x),
+ *      };
+ * ~~~
+ * NS_LIST_DEFINE() or NS_LIST_NAME_INIT() may provide a shorter alternative
+ * in simpler cases.
+ */
+#define NS_LIST_INIT(name) { { NULL, &(name).slist.first_entry } }
+
+/** \brief Name and initialiser for an empty list
+ *
+ * Usage:
+ * ~~~
+ *      list_t NS_LIST_NAME_INIT(foo);
+ * ~~~
+ * acts as
+ * ~~~
+ *      list_t foo = { empty list };
+ * ~~~
+ * Also useful with designated initialisers:
+ * ~~~
+ *      .NS_LIST_NAME_INIT(foo),
+ * ~~~
+ * acts as
+ * ~~~
+ *      .foo = { empty list },
+ * ~~~
+ */
+#define NS_LIST_NAME_INIT(name) name = NS_LIST_INIT(name)
+
+/** \brief Define a list, and initialise to empty.
+ *
+ * Usage:
+ * ~~~
+ *     static NS_LIST_DEFINE(my_list, entry_t, link);
+ * ~~~
+ * acts as
+ * ~~~
+ *     static list_type my_list = { empty list };
+ * ~~~
+ */
+#define NS_LIST_DEFINE(name, type, field) \
+    NS_LIST_HEAD(type, field) NS_LIST_NAME_INIT(name)
+
+/** \hideinitializer \brief Add an entry to the start of the linked list.
+ *
+ * ns_list_add_to_end() is *slightly* more efficient than ns_list_add_to_start().
+ *
+ * \param list  `(list_t *)`           Pointer to list.
+ * \param entry `(entry_t * restrict)` Pointer to new entry to add.
+ */
+#define ns_list_add_to_start(list, entry) \
+    ns_list_add_to_start_(&(list)->slist, NS_LIST_OFFSET_(list), NS_LIST_TYPECHECK_(list, entry))
+
+/** \hideinitializer \brief Add an entry to the end of the linked list.
+ *
+ * \param list  `(list_t *)`           Pointer to list.
+ * \param entry `(entry_t * restrict)` Pointer to new entry to add.
+ */
+#define ns_list_add_to_end(list, entry) \
+    ns_list_add_to_end_(&(list)->slist, NS_LIST_OFFSET_(list), NS_LIST_TYPECHECK_(list, entry))
+
+/** \hideinitializer \brief Add an entry before a specified entry.
+ *
+ * \param list   `(list_t *)`           Pointer to list.
+ * \param before `(entry_t *)`          Existing entry before which to place the new entry.
+ * \param entry  `(entry_t * restrict)` Pointer to new entry to add.
+ */
+#define ns_list_add_before(list, before, entry) \
+    ns_list_add_before_(NS_LIST_OFFSET_(list), NS_LIST_TYPECHECK_(list, before), NS_LIST_TYPECHECK_(list, entry))
+
+/** \hideinitializer \brief Add an entry after a specified entry.
+ *
+ * ns_list_add_before() is *slightly* more efficient than ns_list_add_after().
+ *
+ * \param list  `(list_t *)`           Pointer to list.
+ * \param after `(entry_t *)`          Existing entry after which to place the new entry.
+ * \param entry `(entry_t * restrict)` Pointer to new entry to add.
+ */
+#define ns_list_add_after(list, after, entry) \
+    ns_list_add_after_(&(list)->slist, NS_LIST_OFFSET_(list), NS_LIST_TYPECHECK_(list, after), NS_LIST_TYPECHECK_(list, entry))
+
+/** \brief Check if a list is empty.
+ *
+ * \param list `(const list_t *)` Pointer to list.
+ *
+ * \return     `(bool)`           true if the list is empty.
+ */
+#define ns_list_is_empty(list) ((bool) ((list)->slist.first_entry == NULL))
+
+/** \brief Get the first entry.
+ *
+ * \param list `(const list_t *)` Pointer to list.
+ *
+ * \return     `(entry_t *)`      Pointer to first entry.
+ * \return                        NULL if list is empty.
+ */
+#define ns_list_get_first(list) NS_LIST_TYPECAST_(list, (list)->slist.first_entry)
+
+/** \hideinitializer \brief Get the previous entry.
+ *
+ * \param list    `(const list_t *)`  Pointer to list.
+ * \param current `(const entry_t *)` Pointer to current entry.
+ *
+ * \return        `(entry_t *)`       Pointer to previous entry.
+ * \return                            NULL if current entry is first.
+ */
+#define ns_list_get_previous(list, current) \
+    NS_LIST_TYPECAST_(list, ns_list_get_previous_(&(list)->slist, NS_LIST_OFFSET_(list), NS_LIST_TYPECHECK_(list, current)))
+
+/** \hideinitializer \brief Get the next entry.
+ *
+ * \param list    `(const list_t *)`  Pointer to list.
+ * \param current `(const entry_t *)` Pointer to current entry.
+ *
+ * \return        `(entry_t *)`       Pointer to next entry.
+ * \return                            NULL if current entry is last.
+ */
+#define ns_list_get_next(list, current) \
+    NS_LIST_TYPECAST_(list, ns_list_get_next_(NS_LIST_OFFSET_(list), NS_LIST_TYPECHECK_(list, current)))
+
+/** \hideinitializer \brief Get the last entry.
+ *
+ * \param list `(const list_t *)` Pointer to list.
+ *
+ * \return     `(entry_t *)`      Pointer to last entry.
+ * \return                        NULL if list is empty.
+ */
+#define ns_list_get_last(list) \
+    NS_LIST_TYPECAST_(list, ns_list_get_last_(&(list)->slist, NS_LIST_OFFSET_(list)))
+
+/** \hideinitializer \brief Remove an entry.
+ *
+ * \param list  `(list_t *)`  Pointer to list.
+ * \param entry `(entry_t *)` Entry on list to be removed.
+ */
+#define ns_list_remove(list, entry) \
+    ns_list_remove_(&(list)->slist, NS_LIST_OFFSET_(list), NS_LIST_TYPECHECK_(list, entry))
+
+/** \hideinitializer \brief Replace an entry.
+ *
+ * \param list        `(list_t *)`           Pointer to list.
+ * \param current     `(entry_t *)`          Existing entry on list to be replaced.
+ * \param replacement `(entry_t * restrict)` New entry to be the replacement.
+ */
+#define ns_list_replace(list, current, replacement) \
+    ns_list_replace_(&(list)->slist, NS_LIST_OFFSET_(list), NS_LIST_TYPECHECK_(list, current), NS_LIST_TYPECHECK_(list, replacement))
+
+/** \hideinitializer \brief Concatenate two lists.
+ *
+ * Attach the entries on the source list to the end of the destination
+ * list, leaving the source list empty.
+ *
+ * \param dst `(list_t *)` Pointer to destination list.
+ * \param src `(list_t *)` Pointer to source list.
+ *
+ */
+#define ns_list_concatenate(dst, src) \
+        (NS_PTR_MATCH_(dst, src, "concatenating different list types"), \
+        ns_list_concatenate_(&(dst)->slist, &(src)->slist, NS_LIST_OFFSET_(src)))
+
+/** \brief Iterate forwards over a list.
+ *
+ * Example:
+ * ~~~
+ *     ns_list_foreach(const my_entry_t, cur, &my_list)
+ *     {
+ *         printf("%s\n", cur->name);
+ *     }
+ * ~~~
+ * Deletion of the current entry is not permitted as its next is checked after
+ * running user code.
+ *
+ * The iteration pointer is declared inside the loop, using C99/C++, so it
+ * is not accessible after the loop.  This encourages good code style, and
+ * matches the semantics of C++11's "ranged for", which only provides the
+ * declaration form:
+ * ~~~
+ *     for (const my_entry_t cur : my_list)
+ * ~~~
+ * If you need to see the value of the iteration pointer after a `break`,
+ * you will need to assign it to a variable declared outside the loop before
+ * breaking:
+ * ~~~
+ *      my_entry_t *match = NULL;
+ *      ns_list_foreach(my_entry_t, cur, &my_list)
+ *      {
+ *          if (cur->id == id)
+ *          {
+ *              match = cur;
+ *              break;
+ *          }
+ *      }
+ * ~~~
+ *
+ * The user has to specify the entry type for the pointer definition, as type
+ * extraction from the list argument isn't portable. On the other hand, this
+ * also permits const qualifiers, as in the example above, and serves as
+ * documentation. The entry type will be checked against the list type where the
+ * compiler supports it.
+ *
+ * \param type                    Entry type `([const] entry_t)`.
+ * \param e                       Name for iteration pointer to be defined
+ *                                inside the loop.
+ * \param list `(const list_t *)` Pointer to list - evaluated multiple times.
+ */
+#define ns_list_foreach(type, e, list) \
+    for (type *e = ns_list_get_first(list); e; e = ns_list_get_next(list, e))
+
+/** \brief Iterate forwards over a list, where user may delete.
+ *
+ * As ns_list_foreach(), but deletion of current entry is permitted as its
+ * next pointer is recorded before running user code.
+ *
+ * Example:
+ * ~~~
+ *     ns_list_foreach_safe(my_entry_t, cur, &my_list)
+ *     {
+ *         ns_list_remove(cur);
+ *     }
+ * ~~~
+ * \param type               Entry type `(entry_t)`.
+ * \param e                  Name for iteration pointer to be defined
+ *                           inside the loop.
+ * \param list `(list_t *)`  Pointer to list - evaluated multiple times.
+ */
+#define ns_list_foreach_safe(type, e, list) \
+    for (type *e = ns_list_get_first(list), *_next; \
+        e && (_next = ns_list_get_next(list, e), true); e = _next)
+
+/** \brief Iterate backwards over a list.
+ *
+ * As ns_list_foreach(), but going backwards - see its documentation.
+ * Iterating forwards is *slightly* more efficient.
+ */
+#define ns_list_foreach_reverse(type, e, list) \
+    for (type *e = ns_list_get_last(list); e; e = ns_list_get_previous(list, e))
+
+/** \brief Iterate backwards over a list, where user may delete.
+ *
+ * As ns_list_foreach_safe(), but going backwards - see its documentation.
+ * Iterating forwards is *slightly* more efficient.
+ */
+#define ns_list_foreach_reverse_safe(type, e, list) \
+    for (type *e = ns_list_get_last(list), *_next; \
+        e && (_next = ns_list_get_previous(list, e), true); e = _next)
+
+/** \hideinitializer \brief Count entries on a list
+ *
+ * Unlike other operations, this is O(n). Note: if list might contain over
+ * 65535 entries, this function **must not** be used to get the entry count.
+ *
+ * \param list `(const list_t *)` Pointer to list.
+
+ * \return     `(uint_fast16_t)`  Number of entries that are stored in list.
+ */
+#define ns_list_count(list) ns_list_count_(&(list)->slist, NS_LIST_OFFSET_(list))
+
+/** \privatesection
+ *  Internal functions - designed to be accessed using corresponding macros above
+ */
+NS_INLINE void ns_list_init_(ns_list_t *list);
+NS_INLINE void ns_list_link_init_(ns_list_link_t *link);
+NS_INLINE void ns_list_add_to_start_(ns_list_t *list, ns_list_offset_t link_offset, void *restrict entry);
+NS_INLINE void ns_list_add_to_end_(ns_list_t *list, ns_list_offset_t link_offset, void *restrict entry);
+NS_INLINE void ns_list_add_before_(ns_list_offset_t link_offset, void *before, void *restrict entry);
+NS_INLINE void ns_list_add_after_(ns_list_t *list, ns_list_offset_t link_offset, void *after, void *restrict entry);
+NS_INLINE void *ns_list_get_next_(ns_list_offset_t link_offset, const void *current);
+NS_INLINE void *ns_list_get_previous_(const ns_list_t *list, ns_list_offset_t link_offset, const void *current);
+NS_INLINE void *ns_list_get_last_(const ns_list_t *list,  ns_list_offset_t offset);
+NS_INLINE void ns_list_remove_(ns_list_t *list, ns_list_offset_t link_offset, void *entry);
+NS_INLINE void ns_list_replace_(ns_list_t *list, ns_list_offset_t link_offset, void *current, void *restrict replacement);
+NS_INLINE void ns_list_concatenate_(ns_list_t *dst, ns_list_t *src, ns_list_offset_t offset);
+NS_INLINE uint_fast16_t ns_list_count_(const ns_list_t *list, ns_list_offset_t link_offset);
+
+/* Provide definitions, either for inlining, or for ns_list.c */
+#if defined NS_ALLOW_INLINING || defined NS_LIST_FN
+#ifndef NS_LIST_FN
+#define NS_LIST_FN NS_INLINE
+#endif
+
+/* Pointer to the link member in entry e */
+#define NS_LIST_LINK_(e, offset) ((ns_list_link_t *)((char *)(e) + offset))
+
+/* Lvalue of the next link pointer in entry e */
+#define NS_LIST_NEXT_(e, offset) (NS_LIST_LINK_(e, offset)->next)
+
+/* Lvalue of the prev link pointer in entry e */
+#define NS_LIST_PREV_(e, offset) (NS_LIST_LINK_(e, offset)->prev)
+
+/* Convert a pointer to a link member back to the entry;
+ * works for linkptr either being a ns_list_link_t pointer, or its next pointer,
+ * as the next pointer is first in the ns_list_link_t */
+#define NS_LIST_ENTRY_(linkptr, offset) ((void *)((char *)(linkptr) - offset))
+
+NS_LIST_FN void ns_list_init_(ns_list_t *list)
+{
+    list->first_entry = NULL;
+    list->last_nextptr = &list->first_entry;
+}
+
+NS_LIST_FN void ns_list_link_init_(ns_list_link_t *link)
+{
+    NS_FUNNY_INTPTR_OK
+    link->next = NS_LIST_POISON;
+    link->prev = NS_LIST_POISON;
+    NS_FUNNY_INTPTR_RESTORE
+}
+
+NS_LIST_FN void ns_list_add_to_start_(ns_list_t *list, ns_list_offset_t offset, void *restrict entry)
+{
+    void *next;
+
+    NS_LIST_PREV_(entry, offset) = &list->first_entry;
+    NS_LIST_NEXT_(entry, offset) = next = list->first_entry;
+
+    if (next) {
+        NS_LIST_PREV_(next, offset) = &NS_LIST_NEXT_(entry, offset);
+    } else {
+        list->last_nextptr = &NS_LIST_NEXT_(entry, offset);
+    }
+
+    list->first_entry = entry;
+}
+
+NS_LIST_FN void ns_list_add_after_(ns_list_t *list, ns_list_offset_t offset, void *current, void *restrict entry)
+{
+    void *next;
+
+    NS_LIST_PREV_(entry, offset) = &NS_LIST_NEXT_(current, offset);
+    NS_LIST_NEXT_(entry, offset) = next = NS_LIST_NEXT_(current, offset);
+
+    if (next) {
+        NS_LIST_PREV_(next, offset) = &NS_LIST_NEXT_(entry, offset);
+    } else {
+        list->last_nextptr = &NS_LIST_NEXT_(entry, offset);
+    }
+
+    NS_LIST_NEXT_(current, offset) = entry;
+}
+
+NS_LIST_FN void ns_list_add_before_(ns_list_offset_t offset, void *current, void *restrict entry)
+{
+    void **prev_nextptr;
+
+    NS_LIST_NEXT_(entry, offset) = current;
+    NS_LIST_PREV_(entry, offset) = prev_nextptr = NS_LIST_PREV_(current, offset);
+    *prev_nextptr = entry;
+    NS_LIST_PREV_(current, offset) = &NS_LIST_NEXT_(entry, offset);
+}
+
+NS_LIST_FN void ns_list_add_to_end_(ns_list_t *list, ns_list_offset_t offset, void *restrict entry)
+{
+    void **prev_nextptr;
+
+    NS_LIST_NEXT_(entry, offset) = NULL;
+    NS_LIST_PREV_(entry, offset) = prev_nextptr = list->last_nextptr;
+    *prev_nextptr = entry;
+    list->last_nextptr = &NS_LIST_NEXT_(entry, offset);
+}
+
+NS_LIST_FN void *ns_list_get_next_(ns_list_offset_t offset, const void *current)
+{
+    return NS_LIST_NEXT_(current, offset);
+}
+
+NS_LIST_FN void *ns_list_get_previous_(const ns_list_t *list, ns_list_offset_t offset, const void *current)
+{
+    if (current == list->first_entry) {
+        return NULL;
+    }
+
+    // Tricky. We don't have a direct previous pointer, but a pointer to the
+    // pointer that points to us - ie &head->first_entry OR &{prev}->next.
+    // This makes life easier on insertion and removal, but this is where we
+    // pay the price.
+
+    // We have to check manually for being the first entry above, so we know it's
+    // a real link's next pointer. Then next is the first field of
+    // ns_list_link_t, so we can use the normal offset value.
+
+    return NS_LIST_ENTRY_(NS_LIST_PREV_(current, offset), offset);
+}
+
+NS_LIST_FN void *ns_list_get_last_(const ns_list_t *list, ns_list_offset_t offset)
+{
+    if (!list->first_entry) {
+        return NULL;
+    }
+
+    // See comments in ns_list_get_previous_()
+    return NS_LIST_ENTRY_(list->last_nextptr, offset);
+}
+
+NS_LIST_FN void ns_list_remove_(ns_list_t *list, ns_list_offset_t offset, void *removed)
+{
+    void *next;
+    void **prev_nextptr;
+
+    next = NS_LIST_NEXT_(removed, offset);
+    prev_nextptr = NS_LIST_PREV_(removed, offset);
+    if (next) {
+        NS_LIST_PREV_(next, offset) = prev_nextptr;
+    } else {
+        list->last_nextptr = prev_nextptr;
+    }
+    *prev_nextptr = next;
+
+    ns_list_link_init_(NS_LIST_LINK_(removed, offset));
+}
+
+NS_LIST_FN void ns_list_replace_(ns_list_t *list, ns_list_offset_t offset, void *current, void *restrict replacement)
+{
+    void *next;
+    void **prev_nextptr;
+
+    NS_LIST_PREV_(replacement, offset) = prev_nextptr = NS_LIST_PREV_(current, offset);
+    NS_LIST_NEXT_(replacement, offset) = next = NS_LIST_NEXT_(current, offset);
+
+    if (next) {
+        NS_LIST_PREV_(next, offset) = &NS_LIST_NEXT_(replacement, offset);
+    } else {
+        list->last_nextptr = &NS_LIST_NEXT_(replacement, offset);
+    }
+    *prev_nextptr = replacement;
+
+    ns_list_link_init_(NS_LIST_LINK_(current, offset));
+}
+
+NS_LIST_FN void ns_list_concatenate_(ns_list_t *dst, ns_list_t *src, ns_list_offset_t offset)
+{
+    ns_list_link_t *src_first;
+
+    src_first = src->first_entry;
+    if (!src_first) {
+        return;
+    }
+
+    *dst->last_nextptr = src_first;
+    NS_LIST_PREV_(src_first, offset) = dst->last_nextptr;
+    dst->last_nextptr = src->last_nextptr;
+
+    ns_list_init_(src);
+}
+
+NS_LIST_FN uint_fast16_t ns_list_count_(const ns_list_t *list, ns_list_offset_t offset)
+{
+    uint_fast16_t count = 0;
+
+    for (void *p = list->first_entry; p; p = NS_LIST_NEXT_(p, offset)) {
+        count++;
+    }
+
+    return count;
+}
+#endif /* defined NS_ALLOW_INLINING || defined NS_LIST_FN */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NS_LIST_H_ */
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/mbed-client-libservice/ns_trace.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,320 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file ns_trace.h
+ * Trace interface for NanoStack library as well as application.
+ * This file provide simple but flexible way to handle software traces.
+ * Trace library are abstract layer, which use stdout (printf) by default, 
+ * but outputs can be easily redirect to custom function, for example to 
+ * store traces to memory or other interfaces.
+ *
+ *  usage example:
+ * \code(main.c:)
+ *      #include "ns_trace.h"
+ *      #define TRACE_GROUP  "main"
+ *
+ *      int main(void){
+ *          trace_init();   // initialize trace library
+ *          tr_debug("this is debug msg");  //print debug message to stdout: "[DBG]
+ *          tr_err("this is error msg");
+ *          tr_warn("this is warning msg");
+ *          tr_info("this is info msg");
+ *          return 0;
+ *      }
+ * \endcode
+ *
+ */
+#ifndef NS_TRACE_H_
+#define NS_TRACE_H_
+#include "ns_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** 3 upper bits are trace modes related,
+    and 5 lower bits are trace level configuration */
+
+/** Config mask */
+#define TRACE_MASK_CONFIG         0xE0
+/** Trace level mask */
+#define TRACE_MASK_LEVEL          0x1F
+
+/** plain trace data instead of "headers" */
+#define TRACE_MODE_PLAIN          0x80
+/** color mode */
+#define TRACE_MODE_COLOR          0x40
+/** Use print CR before trace line */
+#define TRACE_CARRIAGE_RETURN     0x20
+
+/** used to activate all trace levels */
+#define TRACE_ACTIVE_LEVEL_ALL    0x1F
+/** print all traces same as above */
+#define TRACE_ACTIVE_LEVEL_DEBUG  0x1f
+/** print info,warn and error traces */
+#define TRACE_ACTIVE_LEVEL_INFO   0x0f
+/** print warn and error traces */
+#define TRACE_ACTIVE_LEVEL_WARN   0x07
+/** print only error trace */
+#define TRACE_ACTIVE_LEVEL_ERROR  0x03
+/** print only cmd line data */
+#define TRACE_ACTIVE_LEVEL_CMD    0x01
+/** trace nothing  */
+#define TRACE_ACTIVE_LEVEL_NONE   0x00
+
+/** this print is some deep information for debug purpose */
+#define TRACE_LEVEL_DEBUG         0x10
+/** Info print, for general purpose prints */
+#define TRACE_LEVEL_INFO          0x08
+/** warning prints, which shouldn't causes any huge problems */
+#define TRACE_LEVEL_WARN          0x04
+/** Error prints, which causes probably problems, e.g. out of mem. */
+#define TRACE_LEVEL_ERROR         0x02
+/** special level for cmdline. Behaviours like "plain mode" */
+#define TRACE_LEVEL_CMD           0x01
+
+//usage macros:
+#define tr_info(...)            tracef(TRACE_LEVEL_INFO,    TRACE_GROUP, __VA_ARGS__)   //!< Print info message
+#define tr_debug(...)           tracef(TRACE_LEVEL_DEBUG,   TRACE_GROUP, __VA_ARGS__)   //!< Print debug message
+#define tr_warning(...)         tracef(TRACE_LEVEL_WARN,    TRACE_GROUP, __VA_ARGS__)   //!< Print warning message
+#define tr_warn(...)            tracef(TRACE_LEVEL_WARN,    TRACE_GROUP, __VA_ARGS__)   //!< Alternative warning message
+#define tr_error(...)           tracef(TRACE_LEVEL_ERROR,   TRACE_GROUP, __VA_ARGS__)   //!< Print Error Message
+#define tr_err(...)             tracef(TRACE_LEVEL_ERROR,   TRACE_GROUP, __VA_ARGS__)   //!< Alternative error message
+#define tr_cmdline(...)         tracef(TRACE_LEVEL_CMD,     TRACE_GROUP, __VA_ARGS__)   //!< Special print for cmdline. See more from TRACE_LEVEL_CMD -level
+
+/** Possible to skip all traces in compile time */
+#if defined(FEA_TRACE_SUPPORT) || defined(HAVE_DEBUG) || (defined(YOTTA_CFG) && !defined(NDEBUG)) /*backward compatible*/
+
+#if defined  __GNUC__ || defined __CC_ARM
+/**
+ * Initialize trace functionality. This method must be called from application process.
+ * @return 0 when all success, otherwise non zero
+ */
+int trace_init( void );
+/**
+ * Free trace memory. This method must be called from application process.
+ */
+void trace_free( void );
+/**
+ *  Set trace configurations
+ *  Possible parameters:
+ *
+ *   TRACE_MODE_COLOR
+ *   TRACE_MODE_PLAIN (this exclude color mode)
+ *   TRACE_CARRIAGE_RETURN (print CR before trace line)
+ *
+ *   TRACE_ACTIVE_LEVEL_ALL - to activate all trace levels
+ *   or TRACE_ACTIVE_LEVEL_DEBUG (alternative)
+ *   TRACE_ACTIVE_LEVEL_INFO
+ *   TRACE_ACTIVE_LEVEL_WARN
+ *   TRACE_ACTIVE_LEVEL_ERROR
+ *   TRACE_ACTIVE_LEVEL_CMD
+ *   TRACE_LEVEL_NONE - to deactivate all traces
+ *
+ * @param config  Byte size Bit-mask. Bits are descripted above.
+ * usage e.g.
+ * @code
+ *  set_trace_config( TRACE_ACTIVE_LEVEL_ALL|TRACE_MODE_COLOR );
+ * @endcode
+ */
+void set_trace_config(uint8_t config);
+/** get trace configurations 
+ * @return trace configuration byte
+ */
+uint8_t get_trace_config(void);
+/**
+ * Set trace prefix function
+ * pref_f -function return string with null terminated
+ * Can be used for e.g. time string
+ * e.g.
+ *   char* trace_time(){ return "rtc-time-in-string"; }
+ *   set_trace_prefix_function( &trace_time );
+ */
+void set_trace_prefix_function( char* (*pref_f)(size_t) );
+/**
+ * Set trace suffix function
+ * suffix -function return string with null terminated
+ * Can be used for e.g. time string
+ * e.g.
+ *   char* trace_suffix(){ return " END"; }
+ *   set_trace_suffix_function( &trace_suffix );
+ */
+void set_trace_suffix_function(char* (*suffix_f)(void) );
+/**
+ * Set trace print function
+ * By default, trace module print using printf() function,
+ * but with this you can write own print function,
+ * for e.g. to other IO device.
+ */
+void set_trace_print_function( void (*print_f)(const char*) );
+/**
+ * Set trace print function for tr_cmdline()
+ */
+void set_trace_cmdprint_function( void (*printf)(const char*) );
+/**
+ * When trace group contains text in filters,
+ * trace print will be ignored.
+ * e.g.: 
+ *  set_trace_exclude_filters("mygr");
+ *  tracef(TRACE_ACTIVE_LEVEL_DEBUG, "ougr", "This is not printed");
+ */
+void set_trace_exclude_filters(char* filters);
+/** get trace exclude filters
+ */
+const char* get_trace_exclude_filters(void);
+/**
+ * When trace group contains text in filter,
+ * trace will be printed.
+ * e.g.:
+ *  set_trace_include_filters("mygr");
+ *  tracef(TRACE_ACTIVE_LEVEL_DEBUG, "mygr", "Hi There");
+ *  tracef(TRACE_ACTIVE_LEVEL_DEBUG, "grp2", "This is not printed");
+ */
+void set_trace_include_filters(char* filters);
+/** get trace include filters
+ */
+const char* get_trace_include_filters(void);
+/**
+ * General trace function
+ * This should be used every time when user want to print out something important thing
+ * Usage e.g.
+ *   tracef( TRACE_LEVEL_INFO, "mygr", "Hello world!");
+ *
+ * @param dlevel debug level
+ * @param grp    trace group
+ * @param fmt    trace format (like printf)
+ * @param ...    variable arguments related to fmt
+ */
+void tracef(uint8_t dlevel, const char* grp, const char *fmt, ...) __attribute__ ((__format__(__printf__, 3, 4)));
+/**
+ *  Get last trace from buffer
+ */
+const char* trace_last(void);
+/**
+ * tracef helping function for convert ipv6
+ * table to human readable string.
+ * usage e.g.
+ * char ipv6[16] = {...}; // ! array length is 16 bytes !
+ * tracef(TRACE_LEVEL_INFO, "mygr", "ipv6 addr: %s", trace_ipv6(ipv6));
+ *
+ * @param add_ptr  IPv6 Address pointer
+ * @return temporary buffer where ipv6 is in string format
+ */
+char* trace_ipv6(const void *addr_ptr);
+/**
+ * tracef helping function for print ipv6 prefix
+ * usage e.g.
+ * char ipv6[16] = {...}; // ! array length is 16 bytes !
+ * tracef(TRACE_LEVEL_INFO, "mygr", "ipv6 addr: %s", trace_ipv6_prefix(ipv6, 4));
+ *
+ * @param prefix        IPv6 Address pointer
+ * @param prefix_len    prefix length
+ * @return temporary buffer where ipv6 is in string format
+ */
+char* trace_ipv6_prefix(const uint8_t *prefix, uint8_t prefix_len);
+/**
+ * tracef helping function for convert hex-array to string.
+ * usage e.g.
+ *  char myarr[] = {0x10, 0x20};
+ *  tracef(TRACE_LEVEL_INFO, "mygr", "arr: %s", trace_array(myarr, 2));
+ *
+ * @param buf  hex array pointer
+ * @param len  buffer length
+ * @return temporary buffer where string copied
+ */
+char* trace_array(const uint8_t* buf, uint16_t len);
+
+
+/*
+ * obsolete - only because of backward compatible reason
+ * As soon as all these functions are replaced by new tracef() function, these can be removed.
+ */
+
+/** obsolete function */
+void debugf(const char *fmt, ...) __attribute__ ((__format__(__printf__, 1, 2)));   //!< obsolete function
+void debug(const char *s);                                                          //!< obsolete function
+void debug_put(char c);                                                             //!< obsolete function
+void debug_hex(uint8_t x);                                                          //!< obsolete function
+void debug_int(int i);                                                              //!< obsolete function
+void printf_array(const void *buf, uint16_t len);                                   //!< obsolete function
+void printf_string(const void *buf, uint16_t len);                                  //!< obsolete function
+void printf_ipv6_address(const void *addr);                                         //!< obsolete function
+
+#else //__GNUC__ || __CC_ARM
+int trace_init( void );
+void trace_free( void );
+void set_trace_config(uint8_t config);
+void set_trace_prefix_function( char* (*pref_f)(size_t) );
+void set_trace_print_function( void (*print_f)(const char*) );
+void set_trace_cmdprint_function( void (*printf)(const char*) );
+void set_trace_exclude_filters(char* filters);
+const char* get_trace_exclude_filters(void);
+void set_trace_include_filters(char* filters);
+const char* get_trace_include_filters(void);
+void tracef(uint8_t dlevel, const char* grp, const char *fmt, ...);
+char* trace_ipv6(const void *addr_ptr);
+char* trace_array(const uint8_t* buf, uint16_t len);
+char* trace_ipv6_prefix(const uint8_t *prefix, uint8_t prefix_len);
+
+//obsolete functions:
+void debugf(const char *fmt, ...);
+void debug(const char *s);
+void debug_put(char c);
+void debug_hex(uint8_t x);
+void debug_int(int i);
+void printf_array(const void *buf, uint16_t len);
+void printf_string(const void *buf, uint16_t len);
+void printf_ipv6_address(const void *addr);
+
+#endif
+
+
+#else /*FEA_TRACE_SUPPORT*/
+
+// trace functionality not supported
+#define trace_init(...)                ((int) 0)
+#define trace_free(...)                ((void) 0)
+#define set_trace_config(...)          ((void) 0)
+#define set_trace_prefix_function(...) ((void) 0)
+#define set_trace_print_function(...)  ((void) 0)
+#define set_trace_cmdprint_function(...)  ((void) 0)
+#define set_trace_exclude_filters(...) ((void) 0)
+#define set_trace_include_filters(...) ((void) 0)
+#define get_trace_exclude_filters(...) ((const char*) 0)
+#define get_trace_include_filters(...) ((const char*) 0)
+
+#define tracef(...)                    ((void) 0)
+#define trace_ipv6(...)                ((char*) 0)
+#define trace_array(...)               ((char*) 0)
+#define trace_ipv6_prefix(...)         ((char*) 0)
+
+//obsolete
+#define debugf(...)                    ((void) 0)
+#define debug(s)                       ((void) 0)
+#define debug_put(c)                   ((void) 0)
+#define debug_hex(x)                   ((void) 0)
+#define debug_int(i)                   ((void) 0)
+#define printf_array(buf, len)         ((void) 0)
+#define printf_string(buf, len)        ((void) 0)
+#define printf_ipv6_address(addr)      ((void) 0)
+
+#endif /*FEA_TRACE_SUPPORT*/
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* NS_TRACE_H_ */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/mbed-client-libservice/ns_types.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,358 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * ns_types.h - Basic compiler and type setup for Nanostack libraries.
+ */
+#ifndef NS_TYPES_H_
+#define NS_TYPES_H_
+
+/** \file
+ * \brief Basic compiler and type setup
+ *
+ * We currently assume C99 or later.
+ *
+ * C99 features being relied on:
+ *
+ *   - <inttypes.h> and <stdbool.h>
+ *   - inline (with C99 semantics, not C++ as per default GCC);
+ *   - designated initialisers;
+ *   - compound literals;
+ *   - restrict;
+ *   - [static N] in array parameters;
+ *   - declarations in for statements;
+ *   - mixing declarations and statements
+ *
+ * Compilers should be set to C99 or later mode when building Nanomesh source.
+ * For GCC this means "-std=gnu99" (C99 with usual GNU extensions).
+ *
+ * Also, a little extra care is required for public header files that could be
+ * included from C++, especially as C++ lacks some C99 features.
+ *
+ * (TODO: as this is exposed to API users, do we need a predefine to distinguish
+ * internal and external use, for finer control? Not yet, but maybe...)
+ */
+
+/* Make sure <stdint.h> defines its macros if C++ */
+#ifndef __STDC_LIMIT_MACROS
+#define __STDC_LIMIT_MACROS
+#endif
+#ifndef __STDC_CONSTANT_MACROS
+#define __STDC_CONSTANT_MACROS
+#endif
+
+#include <stddef.h>
+#include <inttypes.h> // includes <stdint.h>; debugf() users need PRIu32 etc
+#include <stdbool.h>
+
+/*
+ * Create the optional <stdint.h> 24-bit types if they don't exist (worth trying
+ * to use them, as they could exist and be more efficient than 32-bit on 8-bit
+ * systems...)
+ */
+#ifndef UINT24_LEAST_MAX
+typedef uint_least32_t uint_least24_t;
+#define UINT_LEAST24_MAX UINT_LEAST32_MAX
+#define UINT24_C(x) UINT32_C(x)
+#define PRIoLEAST24 PRIoLEAST32
+#define PRIuLEAST24 PRIuLEAST32
+#define PRIxLEAST24 PRIxLEAST32
+#define PRIXLEAST24 PRIXLEAST32
+#endif
+
+#ifndef INT24_LEAST_MAX
+typedef int_least32_t int_least24_t;
+#define INT24_LEAST_MIN INT_LEAST32_MIN
+#define INT24_LEAST_MAX INT_LEAST32_MAX
+#define INT24_C(x) INT32_C(x)
+#define PRIdLEAST24 PRIdLEAST32
+#define PRIiLEAST24 PRIiLEAST32
+#endif
+
+#ifndef UINT24_FAST_MAX
+typedef uint_fast32_t uint_fast24_t;
+#define UINT_FAST24_MAX UINT_FAST32_MAX
+#define PRIoFAST24 PRIoFAST32
+#define PRIuFAST24 PRIuFAST32
+#define PRIxFAST24 PRIxFAST32
+#define PRIXFAST24 PRIXFAST32
+#endif
+
+#ifndef INT24_FAST_MAX
+typedef int_fast32_t int_fast24_t;
+#define INT_FAST24_MIN INT_FAST32_MIN
+#define INT_FAST24_MAX INT_FAST32_MAX
+#define PRIdFAST24 PRIdFAST32
+#define PRIiFAST24 PRIiFAST32
+#endif
+
+/* Function attribute - C11 "noreturn" or C++11 "[[noreturn]]" */
+#ifndef NS_NORETURN
+#if defined  __cplusplus && __cplusplus >= 201103L
+#define NS_NORETURN [[noreturn]]
+#elif !defined  __cplusplus && __STDC_VERSION__ >= 201112L
+#define NS_NORETURN _Noreturn
+#elif defined __GNUC__
+#define NS_NORETURN __attribute__((__noreturn__))
+#elif defined __CC_ARM
+#define NS_NORETURN __declspec(noreturn)
+#elif defined __IAR_SYSTEMS_ICC__
+#define NS_NORETURN __noreturn
+#else
+#define NS_NORETURN
+#endif
+#endif
+
+/* C11's "alignas" macro, emulated for integer expressions if necessary */
+#ifndef __alignas_is_defined
+#if __STDC_VERSION__ >= 201112L || (defined __cplusplus && __cplusplus >= 201103L)
+#include <stdalign.h>
+#elif defined __GNUC__
+#define alignas(n) __attribute__((__aligned__(n)))
+#define __alignas_is_defined 1
+#elif defined __CC_ARM || defined __TASKING__
+#define alignas(n) __align(n)
+#define __alignas_is_defined 1
+#elif defined __IAR_SYSTEMS_ICC__
+/* Does this really just apply to the next variable? */
+#define alignas(n) __Alignas(data_alignment=n)
+#define __Alignas(x) _Pragma(#x)
+#define __alignas_is_defined 1
+#endif
+#endif
+
+/**
+ * Marker for functions or objects that may be unused, suppressing warnings.
+ * Place after the identifier:
+ * ~~~
+ *    static int X MAYBE_UNUSED = 3;
+ *    static int foo(void) MAYBE_UNUSED;
+ * ~~~
+ */
+#if defined __CC_ARM || defined __GNUC__
+#define MAYBE_UNUSED __attribute__((unused))
+#else
+#define MAYBE_UNUSED
+#endif
+
+/*
+ * C++ (even C++11) doesn't provide restrict: define away or provide
+ * alternative.
+ */
+#ifdef __cplusplus
+#ifdef __GNUC__
+#define restrict __restrict
+#else
+#define restrict
+#endif
+#endif /* __cplusplus */
+
+
+/**
+ * C++ doesn't allow "static" in function parameter types: ie
+ * ~~~
+ *    entry_t *find_entry(const uint8_t address[static 16])
+ * ~~~
+ * If a header file may be included from C++, use this __static define instead.
+ *
+ * (Syntax introduced in C99 - `uint8_t address[16]` in a prototype was always
+ * equivalent to `uint8_t *address`, but the C99 addition of static tells the
+ * compiler that address is never NULL, and always points to at least 16
+ * elements. This adds no new type-checking, but the information could aid
+ * compiler optimisation, and it can serve as documentation).
+ */
+#ifdef __cplusplus
+#define __static
+#else
+#define __static static
+#endif
+
+#ifdef __GNUC__
+#define NS_GCC_VERSION (__GNUC__ * 10000 \
+                   + __GNUC_MINOR__ * 100 \
+                   + __GNUC_PATCHLEVEL__)
+#endif
+
+/** \brief Compile-time assertion
+ *
+ * C11 provides _Static_assert, as does GCC even in C99 mode (and
+ * as a freestanding implementation, we can't rely on <assert.h> to get
+ * the static_assert macro).
+ * C++11 provides static_assert as a keyword, as does G++ in C++0x mode.
+ *
+ * The assertion acts as a declaration that can be placed at file scope, in a
+ * code block (except after a label), or as a member of a struct/union. It
+ * produces a compiler error if "test" evaluates to 0.
+ *
+ * Note that this *includes* the required semicolon when defined, else it
+ * is totally empty, permitting use in structs. (If the user provided the `;`,
+ * it would leave an illegal stray `;` if unavailable).
+ */
+#ifdef __cplusplus
+# if __cplusplus >= 201103L || __cpp_static_assert >= 200410
+# define NS_STATIC_ASSERT(test, str) static_assert(test, str);
+# elif defined __GXX_EXPERIMENTAL_CXX0X__  && NS_GCC_VERSION >= 40300
+# define NS_STATIC_ASSERT(test, str) __extension__ static_assert(test, str);
+# else
+# define NS_STATIC_ASSERT(test, str)
+# endif
+#else /* C */
+# if __STDC_VERSION__ >= 201112L
+# define NS_STATIC_ASSERT(test, str) _Static_assert(test, str);
+# elif defined __GNUC__ && NS_GCC_VERSION >= 40600 && !defined __CC_ARM
+# define NS_STATIC_ASSERT(test, str) __extension__ _Static_assert(test, str);
+# else
+# define NS_STATIC_ASSERT(test, str)
+#endif
+#endif
+
+/** \brief Pragma to suppress warnings about unusual pointer values.
+ *
+ * Useful if using "poison" values.
+ */
+#ifdef __IAR_SYSTEMS_ICC__
+#define NS_FUNNY_INTPTR_OK      _Pragma("diag_suppress=Pe1053")
+#define NS_FUNNY_INTPTR_RESTORE _Pragma("diag_default=Pe1053")
+#else
+#define NS_FUNNY_INTPTR_OK
+#define NS_FUNNY_INTPTR_RESTORE
+#endif
+
+/** \brief Convert pointer to member to pointer to containing structure */
+#define NS_CONTAINER_OF(ptr, type, member) \
+    ((type *) ((char *) (ptr) - offsetof(type, member)))
+
+/*
+ * Inlining could cause problems when mixing with C++; provide a mechanism to
+ * disable it. This could also be turned off for other reasons (although
+ * this can usually be done through a compiler flag, eg -O0 on gcc).
+ */
+#ifndef __cplusplus
+#define NS_ALLOW_INLINING
+#endif
+
+/* There is inlining problem in GCC version 4.1.x and we know it works in 4.6.3 */
+#if defined __GNUC__ && NS_GCC_VERSION < 40600
+#undef NS_ALLOW_INLINING
+#endif
+
+/** \brief Mark a potentially-inlineable function.
+ *
+ * We follow C99 semantics, which requires precisely one external definition.
+ * To also allow inlining to be totally bypassed under control of
+ * NS_ALLOW_INLINING, code can be structured as per the example of ns_list:
+ *
+ * foo.h
+ * -----
+ * ~~~
+ *    NS_INLINE int my_func(int);
+ *
+ *    #if defined NS_ALLOW_INLINING || defined FOO_FN
+ *    #ifndef FOO_FN
+ *    #define FOO_FN NS_INLINE
+ *    #endif
+ *    FOO_FN int my_func(int a)
+ *    {
+ *        definition;
+ *    }
+ *    #endif
+ * ~~~
+ * foo.c
+ * -----
+ * ~~~
+ *    #define FOO_FN extern
+ *    #include "foo.h"
+ * ~~~
+ * Which generates:
+ * ~~~
+ *                 NS_ALLOW_INLINING set          NS_ALLOW_INLINING unset
+ *                 =====================          =======================
+ *                 Include foo.h                  Include foo.h
+ *                 -------------                  -------------
+ *                 inline int my_func(int);       int my_func(int);
+ *
+ *                 // inline definition
+ *                 inline int my_func(int a)
+ *                 {
+ *                     definition;
+ *                 }
+ *
+ *                 Compile foo.c                  Compile foo.c
+ *                 -------------                  -------------
+ *    (from .h)    inline int my_func(int);       int my_func(int);
+ *
+ *                 // external definition
+ *                 // because of no "inline"      // normal external definition
+ *                 extern int my_func(int a)      extern int my_func(int a)
+ *                 {                              {
+ *                     definition;                    definition;
+ *                 }                              }
+ * ~~~
+ *
+ * Note that even with inline keywords, whether the compiler inlines or not is
+ * up to it. For example, gcc at "-O0" will not inline at all, and will always
+ * call the real functions in foo.o, just as if NS_ALLOW_INLINING was unset.
+ * At "-O2", gcc could potentially inline everything, meaning that foo.o is not
+ * referenced at all.
+ *
+ * Alternatively, you could use "static inline", which gives every caller its
+ * own internal definition. This is compatible with C++ inlining (which expects
+ * the linker to eliminate duplicates), but in C it's less efficient if the code
+ * ends up non-inlined, and it's harder to breakpoint. I don't recommend it
+ * except for the most trivial functions (which could then probably be macros).
+ */
+#ifdef NS_ALLOW_INLINING
+#define NS_INLINE inline
+#else
+#define NS_INLINE
+#endif
+
+#if defined __SDCC_mcs51 || defined __ICC8051__ || defined __C51__
+
+/* The 8051 environments: SDCC (historic), IAR (current), Keil (future?) */
+
+#define NS_LARGE            __xdata
+#define NS_LARGE_PTR        __xdata
+#ifdef __ICC8051__
+#define NS_REENTRANT
+#define NS_REENTRANT_PREFIX __idata_reentrant
+#else
+#define NS_REENTRANT        __reentrant
+#define NS_REENTRANT_PREFIX
+#endif
+#define NS_NEAR_FUNC        __near_func
+
+#else
+
+/* "Normal" systems. Define it all away. */
+#define NS_LARGE
+#define NS_LARGE_PTR
+#define NS_REENTRANT
+#define NS_REENTRANT_PREFIX
+#define NS_NEAR_FUNC
+
+#endif
+
+/** \brief Scatter-gather descriptor
+ *
+ * Slightly optimised for small platforms - we assume we won't need any
+ * element bigger than 64K.
+ */
+typedef struct ns_iovec {
+    void *iov_base;
+    uint_fast16_t iov_len;
+} ns_iovec_t;
+
+#endif /* NS_TYPES_H */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/mbed-client-libservice/nsdynmemLIB.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+/**
+ * \file nsdynmemLIB.h
+ * \brief Dynamical Memory API for library model
+ *
+ */
+#ifndef NSDYNMEMLIB_H_
+#define NSDYNMEMLIB_H_
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "ns_types.h"
+
+/*!
+ * \enum heap_fail_t
+ * \brief Dynamically heap system failure call back event types.
+ */
+typedef enum {
+    NS_DYN_MEM_NULL_FREE,               /**< ns_dyn_mem_free(), NULL pointer free [obsolete - no longer faulted]  */
+    NS_DYN_MEM_DOUBLE_FREE,                     /**< ns_dyn_mem_free(), Possible double pointer free */
+    NS_DYN_MEM_ALLOCATE_SIZE_NOT_VALID, /**< Allocate size is 0 or smaller or size is bigger than max heap size  */
+    NS_DYN_MEM_POINTER_NOT_VALID,       /**< ns_dyn_mem_free(), try to free pointer which not at heap sector */
+    NS_DYN_MEM_HEAP_SECTOR_CORRUPTED,   /**< Heap system detect sector corruption */
+    NS_DYN_MEM_HEAP_SECTOR_UNITIALIZED /**< ns_dyn_mem_free(), ns_dyn_mem_temporary_alloc() or ns_dyn_mem_alloc() called before ns_dyn_mem_init() */
+} heap_fail_t;
+
+/**
+ * /struct mem_stat_t
+ * /brief Struct for Memory stats Buffer structure
+ */
+typedef struct mem_stat_t {
+    /*Heap stats*/
+    int16_t heap_sector_size;                   /**< Heap total Sector len. */
+    int16_t heap_sector_alloc_cnt;              /**< Reserved Heap sector cnt. */
+    int16_t heap_sector_allocated_bytes;        /**< Reserved Heap data in bytes. */
+    int16_t heap_sector_allocated_bytes_max;    /**< Reserved Heap data in bytes max value. */
+    uint32_t heap_alloc_total_bytes;            /**< Total Heap allocated bytes. */
+    uint32_t heap_alloc_fail_cnt;               /**< Counter for Heap allocation fail. */
+} mem_stat_t;
+
+/**
+  * \brief Init and set Dynamical heap pointer and length.
+  *
+  * \param heap_ptr Pointer to dynamically heap buffer
+  * \param heap_size size of the heap buffer
+  * \return None
+  */
+extern void ns_dyn_mem_init(uint8_t *heap, uint16_t h_size, void (*passed_fptr)(heap_fail_t), mem_stat_t *info_ptr);
+
+
+/**
+  * \brief Free allocated memory.
+  *
+  * \param heap_ptr Pointer to allocated memory
+  *
+  * \return 0, Free OK
+  * \return <0, Free Fail
+  */
+extern void ns_dyn_mem_free(void *heap_ptr);
+/**
+  * \brief Allocate temporary data.
+  *
+  * Space allocate started from beginning of the heap sector
+  *
+  * \param alloc_size Allocated data size
+  *
+  * \return 0, Allocate Fail
+  * \return >0, Pointer to allocated data sector.
+  */
+extern void *ns_dyn_mem_temporary_alloc(int16_t alloc_size);
+/**
+  * \brief Allocate long period data.
+  *
+  * Space allocate started from end of the heap sector
+  *
+  * \param alloc_size Allocated data size
+  *
+  * \return 0, Allocate Fail
+  * \return >0, Pointer to allocated data sector.
+  */
+extern void *ns_dyn_mem_alloc(int16_t alloc_size);
+#ifdef __cplusplus
+}
+#endif
+#endif /* NSDYNMEMLIB_H_ */
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/mbed-client-libservice/platform/arm_hal_interrupt.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ARM_HAL_API_H_
+#define ARM_HAL_API_H_
+#ifdef __cplusplus
+extern "C" {
+#endif
+#include <stdint.h>
+
+/**
+ * \brief This function disable global interrupts.
+ */
+extern void platform_enter_critical(void);
+/**
+ * \brief This function enable global interrupts.
+ */
+extern void platform_exit_critical(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ARM_HAL_API_H_ */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/source/IPv6_fcf_lib/ip_fsc.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "stdint.h"
+#include "ip_fsc.h"
+
+/** \brief Compute IP checksum for arbitary data
+ *
+ * Compute an IP checksum, given a arbitrary gather list.
+ *
+ * See ipv6_fcf for discussion of use.
+ *
+ * This will work for any arbitrary gather list - it can handle odd
+ * alignments. The one limitation is that the 32-bit accumulator limits
+ * it to basically 64K of total data.
+ */
+uint16_t ip_fcf_v(uint_fast8_t count, const ns_iovec_t vec[static count])
+{
+    uint_fast32_t acc32 = 0;
+    bool odd = false;
+    while (count) {
+        const uint8_t *data_ptr = vec->iov_base;
+        uint_fast16_t data_length = vec->iov_len;
+        if (odd && data_length > 0) {
+            acc32 += *data_ptr++;
+            data_length--;
+            odd = false;
+        }
+        while (data_length >= 2) {
+            acc32 += (uint_fast16_t) data_ptr[0] << 8 | data_ptr[1];
+            data_ptr += 2;
+            data_length -= 2;
+        }
+        if (data_length) {
+            acc32 += (uint_fast16_t) data_ptr[0] << 8;
+            odd = true;
+        }
+        vec++;
+        count--;
+    }
+
+    // Fold down up to 0xffff carries in the 32-bit accumulator
+    acc32 = (acc32 >> 16) + (acc32 & 0xffff);
+
+    // Could be one more carry from the previous addition (result <= 0x1fffe)
+    uint16_t sum16 = (uint16_t)((acc32 >> 16) + (acc32 & 0xffff));
+    return ~sum16;
+}
+
+/** \brief Compute IPv6 checksum
+ *
+ * Compute an IPv6 checksum, given fields of an IPv6 pseudoheader and payload.
+ *
+ * This returns the 1's-complement of the checksum, as required when
+ * generating the checksum for transmission. The result can be 0x0000;
+ * for UDP (only) this must be transformed to 0xFFFF to distinguish from
+ * a packet with no checksum.
+ *
+ * To check a packet, this function will return 0 when run on a
+ * packet with a valid checksum. Checksums should be checked like this rather
+ * than setting the checksum field to zero and comparing generated checksum with
+ * the original value - this would fail in the case the received packet had
+ * checksum 0xFFFF.
+ */
+uint16_t ipv6_fcf(const uint8_t src_address[static 16], const uint8_t dest_address[static 16],
+                  uint16_t data_length, const uint8_t data_ptr[static data_length],  uint8_t next_protocol)
+{
+    // Use gather vector to lay out IPv6 pseudo-header (RFC 2460) and data
+    uint8_t hdr_data[] = { data_length >> 8, data_length, 0, next_protocol };
+    ns_iovec_t vec[4] = {
+        { (void *) src_address, 16 },
+        { (void *) dest_address, 16 },
+        { hdr_data, 4 },
+        { (void *) data_ptr, data_length }
+    };
+
+    return ip_fcf_v(4, vec);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/source/libBits/common_functions.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Most functions can be inlined, and definitions are in common_functions.h.
+ * Define COMMON_FUNCTIONS_FN before including it to generate external definitions.
+ */
+#define COMMON_FUNCTIONS_FN extern
+
+#include "common_functions.h"
+
+#include <string.h>
+
+/* Returns mask for <split_value> (0-8) most-significant bits of a byte */
+static inline uint8_t context_split_mask(uint_fast8_t split_value)
+{
+    return (uint8_t) - (0x100u >> split_value);
+}
+
+bool bitsequal(const uint8_t *a, const uint8_t *b, uint_fast8_t bits)
+{
+    uint_fast8_t bytes = bits / 8;
+    bits %= 8;
+
+    if (memcmp(a, b, bytes)) {
+        return false;
+    }
+
+    if (bits) {
+        uint_fast8_t split_bit = context_split_mask(bits);
+        if ((a[bytes] & split_bit) != (b[bytes] & split_bit)) {
+            return false;
+        }
+    }
+
+    return true;
+}
+
+uint8_t *bitcopy(uint8_t *restrict dst, const uint8_t *restrict src, uint_fast8_t bits)
+{
+    uint_fast8_t bytes = bits / 8;
+    bits %= 8;
+
+    if (bytes) {
+        dst = (uint8_t *) memcpy(dst, src, bytes) + bytes;
+        src += bytes;
+    }
+
+    if (bits) {
+        uint_fast8_t split_bit = context_split_mask(bits);
+        *dst = (*src & split_bit) | (*dst & ~ split_bit);
+    }
+
+    return dst;
+}
+
+uint8_t *bitcopy0(uint8_t *restrict dst, const uint8_t *restrict src, uint_fast8_t bits)
+{
+    uint_fast8_t bytes = bits / 8;
+    bits %= 8;
+
+    if (bytes) {
+        dst = (uint8_t *) memcpy(dst, src, bytes) + bytes;
+        src += bytes;
+    }
+
+    if (bits) {
+        uint_fast8_t split_bit = context_split_mask(bits);
+        *dst = (*src & split_bit);
+    }
+
+    return dst;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/source/libList/ns_list.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * All functions can be inlined, and definitions are in ns_list.h.
+ * Define NS_LIST_FN before including it to generate external definitions.
+ */
+#define NS_LIST_FN extern
+
+#include "ns_list.h"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/source/libTrace/ns_trace.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,535 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+
+#define HAVE_DEBUG 1
+
+#include "ns_trace.h"
+#include "ip6string.h"
+#include "common_functions.h"
+
+#if defined(_WIN32) || defined(__unix__) || defined(__unix) || defined(unix) || (defined(YOTTA_CFG) && !defined(NDEBUG))
+//NOTE! It is not allowed to use this MEM_ALLOC/MEM_FREE from interrupt context.
+#ifndef MEM_ALLOC
+#define MEM_ALLOC malloc
+#endif
+#ifndef MEM_FREE
+#define MEM_FREE free
+#endif
+#else
+#include "nsdynmemLIB.h"
+#ifndef MEM_ALLOC
+#define MEM_ALLOC ns_dyn_mem_alloc
+#endif
+#ifndef MEM_FREE
+#define MEM_FREE ns_dyn_mem_free
+#endif
+#endif
+
+#define VT100_COLOR_ERROR "\x1b[31m"
+#define VT100_COLOR_WARN  "\x1b[33m"
+#define VT100_COLOR_INFO  "\x1b[39m"
+#define VT100_COLOR_DEBUG "\x1b[90m"
+
+/** default max trace line size in bytes */
+#define DEFAULT_TRACE_LINE_LENGTH     1024
+/** default max temporary buffer size in bytes, used in
+    trace_ipv6, trace_array and trace_strn */
+#define DEFAULT_TRACE_TMP_LINE_LEN        128
+/** default max filters (include/exclude) length in bytes */
+#define DEFAULT_TRACE_FILTER_LENGTH       24
+
+/** default print function, just redirect str to printf */
+static void default_print(const char *str);
+
+typedef struct {
+    /** trace configuration bits */
+    uint8_t trace_config;
+    /** exclude filters list, related group name */
+    char *filters_exclude;
+    /** include filters list, related group name */
+    char *filters_include;
+    /** Filters length */
+    int filters_length;
+    /** trace line */
+    char *line;
+    /** trace line length */
+    int line_length;
+    /** temporary data */
+    char *tmp_data;
+    /** temporary data array length */
+    int tmp_data_length;
+    /** temporary data pointer */
+    char *tmp_data_ptr;
+
+    /** prefix function, which can be used to put time to the trace line */
+    char *(*prefix_f)(size_t);
+    /** suffix function, which can be used to some string to the end of trace line */
+    char *(*suffix_f)(void);
+    /** print out function. Can be redirect to flash for example. */
+    void (*printf)(const char *);
+    /** print out function for TRACE_LEVEL_CMD */
+    void (*cmd_printf)(const char *);
+} trace_s;
+
+static trace_s m_trace = {
+    .filters_exclude = 0,
+    .filters_include = 0,
+    .line = 0,
+    .tmp_data = 0,
+    .prefix_f = 0,
+    .suffix_f = 0,
+    .printf  = 0,
+    .cmd_printf = 0
+};
+
+int trace_init(void)
+{
+    m_trace.trace_config = TRACE_MODE_COLOR | TRACE_ACTIVE_LEVEL_ALL | TRACE_CARRIAGE_RETURN;
+    m_trace.line_length = DEFAULT_TRACE_LINE_LENGTH;
+    if (m_trace.line == NULL) {
+        m_trace.line = MEM_ALLOC(m_trace.line_length);
+    }
+    m_trace.tmp_data_length = DEFAULT_TRACE_TMP_LINE_LEN;
+    if (m_trace.tmp_data == NULL) {
+        m_trace.tmp_data = MEM_ALLOC(m_trace.tmp_data_length);
+    }
+    m_trace.tmp_data_ptr = m_trace.tmp_data;
+    m_trace.filters_length = DEFAULT_TRACE_FILTER_LENGTH;
+    if (m_trace.filters_exclude == NULL) {
+        m_trace.filters_exclude = MEM_ALLOC(m_trace.filters_length);
+    }
+    if (m_trace.filters_include == NULL) {
+        m_trace.filters_include = MEM_ALLOC(m_trace.filters_length);
+    }
+
+    if (m_trace.line == NULL ||
+            m_trace.tmp_data == NULL ||
+            m_trace.filters_exclude == NULL  ||
+            m_trace.filters_include == NULL) {
+        //memory allocation fail
+        trace_free();
+        return -1;
+    }
+    memset(m_trace.tmp_data, 0, m_trace.tmp_data_length);
+    memset(m_trace.filters_exclude, 0, m_trace.filters_length);
+    memset(m_trace.filters_include, 0, m_trace.filters_length);
+    memset(m_trace.line, 0, m_trace.line_length);
+
+    m_trace.prefix_f = 0;
+    m_trace.suffix_f = 0;
+    m_trace.printf = default_print;
+    m_trace.cmd_printf = 0;
+
+    return 0;
+}
+void trace_free(void)
+{
+    MEM_FREE(m_trace.line);
+    m_trace.line_length = 0;
+    m_trace.line = 0;
+    MEM_FREE(m_trace.tmp_data);
+    m_trace.tmp_data = 0;
+    m_trace.tmp_data_ptr = 0;
+    MEM_FREE(m_trace.filters_exclude);
+    m_trace.filters_exclude = 0;
+    MEM_FREE(m_trace.filters_include);
+    m_trace.filters_include = 0;
+    m_trace.filters_length = 0;
+}
+/** @TODO do we need dynamically change trace buffer sizes ?
+// reconfigure trace buffer sizes
+void set_trace_buffer_sizes(int lineLength, int tmpLength)
+{
+  REALLOC( m_trace.line, dataLength );
+  REALLOC( m_trace.tmp_data, tmpLength);
+  m_trace.tmp_data_length = tmpLength;
+}
+*/
+void set_trace_config(uint8_t config)
+{
+    m_trace.trace_config = config;
+}
+uint8_t get_trace_config(void)
+{
+    return m_trace.trace_config;
+}
+void set_trace_prefix_function(char *(*pref_f)(size_t))
+{
+    m_trace.prefix_f = pref_f;
+}
+void set_trace_suffix_function(char *(*suffix_f)(void))
+{
+    m_trace.suffix_f = suffix_f;
+}
+void set_trace_print_function(void (*printf)(const char *))
+{
+    m_trace.printf = printf;
+}
+void set_trace_cmdprint_function(void (*printf)(const char *))
+{
+    m_trace.cmd_printf = printf;
+}
+void set_trace_exclude_filters(char *filters)
+{
+    if (filters) {
+        (void)strncpy(m_trace.filters_exclude, filters, m_trace.filters_length);
+    } else {
+        m_trace.filters_exclude[0] = 0;
+    }
+}
+const char *get_trace_exclude_filters(void)
+{
+    return m_trace.filters_exclude;
+}
+const char *get_trace_include_filters(void)
+{
+    return m_trace.filters_include;
+}
+void set_trace_include_filters(char *filters)
+{
+    if (filters) {
+        (void)strncpy(m_trace.filters_include, filters, m_trace.filters_length);
+    } else {
+        m_trace.filters_include[0] = 0;
+    }
+}
+static int8_t trace_skip(int8_t dlevel, const char *grp)
+{
+    if (dlevel >= 0 && grp != 0) {
+        // filter debug prints only when dlevel is >0 and grp is given
+
+        /// @TODO this could be much better..
+        if (m_trace.filters_exclude[0] != '\0' &&
+                strstr(m_trace.filters_exclude, grp) != 0) {
+            //grp was in exclude list
+            return 1;
+        }
+        if (m_trace.filters_include[0] != '\0' &&
+                strstr(m_trace.filters_include, grp) == 0) {
+            //grp was in include list
+            return 1;
+        }
+    }
+    return 0;
+}
+static void default_print(const char *str)
+{
+    puts(str);
+}
+void tracef(uint8_t dlevel, const char *grp, const char *fmt, ...)
+{
+    if (m_trace.line == NULL) {
+        // Quite likely the trace_init() has not been called yet,
+        // but it is better to just shut up instead of crashing with
+        // null pointer dereference. 
+        return;
+    }
+    
+    m_trace.line[0] = 0; //by default trace is empty
+    if (trace_skip(dlevel, grp) || fmt == 0 || grp == 0) {
+        return;
+    }
+    if ((m_trace.trace_config & TRACE_MASK_LEVEL) &  dlevel) {
+        bool color = (m_trace.trace_config & TRACE_MODE_COLOR) != 0;
+        bool plain = (m_trace.trace_config & TRACE_MODE_PLAIN) != 0;
+        bool cr    = (m_trace.trace_config & TRACE_CARRIAGE_RETURN) != 0;
+        //printf("CFG: 0x%02x, plain: %i, color: %i, cr: %i\n", m_trace.trace_config, plain, color, cr);
+
+        int retval = 0, bLeft = m_trace.line_length;
+        char *ptr = m_trace.line;
+        if (plain == true || dlevel == TRACE_LEVEL_CMD) {
+            va_list ap;
+            va_start(ap, fmt);
+            //add trace data
+            retval = vsnprintf(ptr, bLeft, fmt, ap);
+            va_end(ap);
+            if (dlevel == TRACE_LEVEL_CMD && m_trace.cmd_printf) {
+                m_trace.cmd_printf(m_trace.line);
+                m_trace.cmd_printf("\n");
+            } else {
+                //print out whole data
+                m_trace.printf(m_trace.line);
+            }
+        } else {
+            if (color) {
+                if (cr) {
+                    retval = snprintf(ptr, bLeft, "\r\x1b[2K");
+                    if (retval >= bLeft) {
+                        retval = 0;
+                    }
+                    if (retval > 0) {
+                        ptr += retval;
+                        bLeft -= retval;
+                    }
+                }
+                if (bLeft > 0) {
+                    //include color in ANSI/VT100 escape code
+                    switch (dlevel) {
+                        case (TRACE_LEVEL_ERROR):
+                            retval = snprintf(ptr, bLeft, "%s", VT100_COLOR_ERROR);
+                            break;
+                        case (TRACE_LEVEL_WARN):
+                            retval = snprintf(ptr, bLeft, "%s", VT100_COLOR_WARN);
+                            break;
+                        case (TRACE_LEVEL_INFO):
+                            retval = snprintf(ptr, bLeft, "%s", VT100_COLOR_INFO);
+                            break;
+                        case (TRACE_LEVEL_DEBUG):
+                            retval = snprintf(ptr, bLeft, "%s", VT100_COLOR_DEBUG);
+                            break;
+                        default:
+                            color = 0; //avoid unneeded color-terminate code
+                            retval = 0;
+                            break;
+                    }
+                    if (retval >= bLeft) {
+                        retval = 0;
+                    }
+                    if (retval > 0 && color) {
+                        ptr += retval;
+                        bLeft -= retval;
+                    }
+                }
+
+            }
+            if (bLeft > 0 && m_trace.prefix_f) {
+                va_list ap;
+                va_start(ap, fmt);
+                //find out length of body
+                size_t sz = 0;
+                sz = vsnprintf(NULL, 0, fmt, ap) + retval + (retval ? 4 : 0);
+                //add prefix string
+                retval = snprintf(ptr, bLeft, "%s", m_trace.prefix_f(sz));
+                if (retval >= bLeft) {
+                    retval = 0;
+                }
+                if (retval > 0) {
+                    ptr += retval;
+                    bLeft -= retval;
+                }
+                va_end(ap);
+            }
+            if (bLeft > 0) {
+                //add group tag
+                switch (dlevel) {
+                    case (TRACE_LEVEL_ERROR):
+                        retval = snprintf(ptr, bLeft, "[ERR ][%-4s]: ", grp);
+                        break;
+                    case (TRACE_LEVEL_WARN):
+                        retval = snprintf(ptr, bLeft, "[WARN][%-4s]: ", grp);
+                        break;
+                    case (TRACE_LEVEL_INFO):
+                        retval = snprintf(ptr, bLeft, "[INFO][%-4s]: ", grp);
+                        break;
+                    case (TRACE_LEVEL_DEBUG):
+                        retval = snprintf(ptr, bLeft, "[DBG ][%-4s]: ", grp);
+                        break;
+                    default:
+                        retval = snprintf(ptr, bLeft, "              ");
+                        break;
+                }
+                if (retval >= bLeft) {
+                    retval = 0;
+                }
+                if (retval > 0) {
+                    ptr += retval;
+                    bLeft -= retval;
+                }
+            }
+            if (retval > 0 && bLeft > 0) {
+                va_list ap;
+                va_start(ap, fmt);
+                //add trace text
+                retval = vsnprintf(ptr, bLeft, fmt, ap);
+                if (retval >= bLeft) {
+                    retval = 0;
+                }
+                if (retval > 0) {
+                    ptr += retval;
+                    bLeft -= retval;
+                }
+                va_end(ap);
+            }
+
+            if (retval > 0 && bLeft > 0  && m_trace.suffix_f) {
+                //add suffix string
+                retval = snprintf(ptr, bLeft, "%s", m_trace.suffix_f());
+                if (retval >= bLeft) {
+                    retval = 0;
+                }
+                if (retval > 0) {
+                    ptr += retval;
+                    bLeft -= retval;
+                }
+            }
+
+            if (retval > 0 && bLeft > 0  && color) {
+                //add zero color VT100 when color mode
+                retval = snprintf(ptr, bLeft, "\x1b[0m");
+                if (retval >= bLeft) {
+                    retval = 0;
+                }
+                if (retval > 0) {
+                    ptr += retval;
+                    bLeft -= retval;
+                }
+            }
+            //print out whole data
+            m_trace.printf(m_trace.line);
+        }
+        //return tmp data pointer back to the beginning
+        m_trace.tmp_data_ptr = m_trace.tmp_data;
+    }
+}
+const char *trace_last(void)
+{
+    return m_trace.line;
+}
+/* Helping functions */
+#define tmp_data_left()  m_trace.tmp_data_length-(m_trace.tmp_data_ptr-m_trace.tmp_data)
+char *trace_ipv6(const void *addr_ptr)
+{
+    char *str = m_trace.tmp_data_ptr;
+    if (str == NULL) {
+        return "";
+    }
+    if (tmp_data_left() < 41) {
+        return "";
+    }
+    if (addr_ptr == NULL) {
+        return "<null>";
+    }
+    str[0] = 0;
+    ip6tos(addr_ptr, str);
+    m_trace.tmp_data_ptr += strlen(str) + 1;
+    return str;
+}
+char *trace_ipv6_prefix(const uint8_t *prefix, uint8_t prefix_len)
+{
+    char *str = m_trace.tmp_data_ptr;
+    int retval, bLeft = tmp_data_left();
+    char tmp[40];
+    uint8_t addr[16] = {0};
+
+    if (str == NULL) {
+        return "";
+    }
+    if (bLeft < 43) {
+        return "";
+    }
+
+    if (prefix_len != 0) {
+        if (prefix == NULL || prefix_len > 128) {
+            return "<err>";
+        }
+        bitcopy(addr, prefix, prefix_len);
+    }
+
+    ip6tos(addr, tmp);
+    retval = snprintf(str, bLeft, "%s/%u", tmp, prefix_len);
+    if (retval <= 0 || retval > bLeft) {
+        return "";
+    }
+
+    m_trace.tmp_data_ptr += retval + 1;
+    return str;
+}
+char *trace_array(const uint8_t *buf, uint16_t len)
+{
+    int i, retval, bLeft = tmp_data_left();
+    char *str, *wptr;
+    str = m_trace.tmp_data_ptr;
+    if (str == NULL) {
+        return "";
+    }
+    if (buf == NULL) {
+        return "<null>";
+    }
+    wptr = str;
+    wptr[0] = 0;
+    const uint8_t *ptr = buf;
+    for (i = 0; i < len; i++) {
+        if (bLeft <= 0) {
+            break;
+        }
+        retval = snprintf(wptr, bLeft, "%02x:", *ptr++);
+        if (retval <= 0 || retval > bLeft) {
+            break;
+        }
+        bLeft -= retval;
+        wptr += retval;
+    }
+    if (wptr > str) {
+        *(wptr - 1) = 0;    //null to replace last ':' character
+    }
+    m_trace.tmp_data_ptr = wptr;
+    return str;
+}
+
+// rest of debug print functions will be obsolete and will be overridden with new trace interface..
+void debugf(const char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    vprintf(fmt, ap);
+    va_end(ap);
+}
+
+void debug(const char *s)
+{
+    fputs(s, stdout);
+}
+
+void debug_put(char c)
+{
+    putchar(c);
+}
+
+void debug_hex(uint8_t x)
+{
+    printf("%02x", x);
+}
+void debug_int(int i)
+{
+    printf("%d", i);
+}
+void printf_array(const void *buf , uint16_t len)
+{
+    int i;
+    const uint8_t *ptr = buf;
+    for (i = 0; i < len; i++) {
+        if (i && (0 == i % 16)) {
+            putchar('\n');
+        }
+        printf("%02x:", *ptr++);
+
+    }
+    putchar('\n');
+}
+void printf_ipv6_address(const void *addr_ptr)
+{
+    char buf[40] = {0};
+    ip6tos(addr_ptr, buf);
+    printf("%s\n", buf);
+}
+void printf_string(const void *ptr, uint16_t len)
+{
+    printf("%.*s\n", len, (const char *)ptr);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/source/libTrace/scripts/fetch_groups.sh	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+egrep -hr '^#define' ../../../../ |sed -n 's/\#define\s*TRACE_GROUP_[^\s]*\s*\"\([^\"]*\)\"/\1/p' > groups.txt
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/source/libip6string/ip6tos.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdio.h>
+#include <inttypes.h>
+#include "ip6string.h"
+
+/**
+ * Print binary IPv6 address to a string.
+ * String must contain enough room for full address, 40 bytes exact.
+ * IPv4 tunneling addresses are not covered.
+ * \param addr IPv6 address.
+ * \p buffer to write string to.
+ */
+void ip6tos(const void *ip6addr, char *p)
+{
+    uint_fast8_t zero_start = 255, zero_len = 1;
+    const uint8_t *addr = ip6addr;
+    uint_fast16_t part;
+
+    /* Follow RFC 5952 - pre-scan for longest run of zeros */
+    for (uint_fast8_t n = 0; n < 8; n++) {
+        part = *addr++;
+        part = (part << 8) | *addr++;
+        if (part != 0) {
+            continue;
+        }
+
+        /* We're at the start of a run of zeros - scan to non-zero (or end) */
+        uint_fast8_t n0 = n;
+        for (n = n0 + 1; n < 8; n++) {
+            part = *addr++;
+            part = (part << 8) | *addr++;
+            if (part != 0) {
+                break;
+            }
+        }
+
+        /* Now n0->initial zero of run, n->after final zero in run. Is this the
+         * longest run yet? If equal, we stick with the previous one - RFC 5952
+         * S4.2.3. Note that zero_len being initialised to 1 stops us
+         * shortening a 1-part run (S4.2.2.)
+         */
+        if (n - n0 > zero_len) {
+            zero_start = n0;
+            zero_len = n - n0;
+        }
+
+        /* Continue scan for initial zeros from part n+1 - we've already
+         * consumed part n, and know it's non-zero. */
+    }
+
+    /* Now go back and print, jumping over any zero run */
+    addr = ip6addr;
+    for (uint_fast8_t n = 0; n < 8;) {
+        if (n == zero_start) {
+            if (n == 0) {
+                *p++ = ':';
+            }
+            *p++ = ':';
+            addr += 2 * zero_len;
+            n += zero_len;
+            continue;
+        }
+
+        part = *addr++;
+        part = (part << 8) | *addr++;
+        n++;
+
+        p += sprintf(p, "%"PRIxFAST16, part);
+
+        /* One iteration writes "part:" rather than ":part", and has the
+         * explicit check for n == 8 below, to allow easy extension for
+         * IPv4-in-IPv6-type addresses ("xxxx::xxxx:a.b.c.d"): we'd just
+         * run the same loop for 6 parts, and output would then finish with the
+         * required : or ::, ready for "a.b.c.d" to be tacked on.
+         */
+        if (n != 8) {
+            *p++ = ':';
+        }
+    }
+    *p++ = '\0';
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed-client/nanostack-libservice/source/libip6string/stoip6.c	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2014-2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include "common_functions.h"
+#include "ip6string.h"
+
+static uint16_t hex(const char *p);
+
+/**
+ * Convert numeric IPv6 address string to a binary.
+ * IPv4 tunnelling addresses are not covered.
+ * \param ip6addr IPv6 address in string format.
+ * \param len Length of ipv6 string.
+ * \param dest buffer for address. MUST be 16 bytes.
+ */
+void stoip6(const char *ip6addr, size_t len, void *dest)
+{
+    uint8_t *addr;
+    const char *p, *q;
+    int_fast8_t field_no, coloncolon = -1;
+
+    addr = dest;
+
+    if (len > 39) { // Too long, not possible. We do not support IPv4-mapped IPv6 addresses
+        return;
+    }
+
+    // First go forward the string, until end, noting :: position if any
+    for (field_no = 0, p = ip6addr; (len > (p - ip6addr)) && *p && field_no < 8; p = q + 1) {
+        q = p;
+        // Seek for ':' or end
+        while (*q && (*q != ':')) {
+            q++;
+        }
+        //Convert and write this part, (high-endian AKA network byte order)
+        addr = common_write_16_bit(hex(p), addr);
+        field_no++;
+        //Check if we reached "::"
+        if ((len > (q - ip6addr)) && *q && (q[0] == ':') && (q[1] == ':')) {
+            coloncolon = field_no;
+            q++;
+        }
+    }
+
+    if (coloncolon != -1) {
+        /* Insert zeros in the appropriate place */
+        uint_fast8_t head_size = 2 * coloncolon;
+        uint_fast8_t inserted_size = 2 * (8 - field_no);
+        uint_fast8_t tail_size = 16 - head_size - inserted_size;
+        addr = dest;
+        memmove(addr + head_size + inserted_size, addr + head_size, tail_size);
+        memset(addr + head_size, 0, inserted_size);
+    } else if (field_no != 8) {
+        /* Should really report an error if we didn't get 8 fields */
+        memset(addr, 0, 16 - field_no * 2);
+    }
+}
+unsigned char  sipv6_prefixlength(const char *ip6addr)
+{
+    char *ptr = strchr(ip6addr, '/');
+    if (ptr) {
+        return (unsigned char)strtoul(ptr + 1, 0, 10);
+    }
+    return 0;
+}
+static uint16_t hex(const char *p)
+{
+    uint16_t val = 0;
+
+    for (;;) {
+        char c = *p++;
+        if ((c >= '0') && (c <= '9')) {
+            val = (val << 4) | (c - '0');
+        } else if ((c >= 'A') && (c <= 'F')) {
+            val = (val << 4) | (10 + (c - 'A'));
+        } else if ((c >= 'a') && (c <= 'f')) {
+            val = (val << 4) | (10 + (c - 'a'));
+        } else {
+            break; // Non hex character
+        }
+    }
+    return val;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mbed.bld	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1 @@
+http://mbed.org/users/mbed_official/code/mbed/builds/6f327212ef96
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/security.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,1 @@
+#error "No security.h file, go to https://connector.mbed.com/#credentials to get credentials. Then put it in 6_songs-from-the-cloud/security.h."
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/simpleclient.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,327 @@
+/*
+ * Copyright (c) 2015 ARM Limited. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __SIMPLECLIENT_H__
+#define __SIMPLECLIENT_H__
+
+//#include "sockets/UDPSocket.h"
+#include "EthernetInterface.h"
+//#include "mbed-drivers/test_env.h"
+#include "mbed-client/m2minterfacefactory.h"
+#include "mbed-client/m2mdevice.h"
+#include "mbed-client/m2minterfaceobserver.h"
+#include "mbed-client/m2minterface.h"
+#include "mbed-client/m2mobject.h"
+#include "mbed-client/m2mobjectinstance.h"
+#include "mbed-client/m2mresource.h"
+//#include "minar/minar.h"
+#include "security.h"
+
+DigitalOut green(LED_GREEN);
+
+//Select binding mode: UDP or TCP
+M2MInterface::BindingMode SOCKET_MODE = M2MInterface::UDP;
+
+// This is address to mbed Device Connector
+const String &MBED_SERVER_ADDRESS = "coap://api.connector.mbed.com:5684";
+
+// These come from the security.h file copied from connector.mbed.com
+const String &MBED_USER_NAME_DOMAIN = MBED_DOMAIN;
+const String &ENDPOINT_NAME = MBED_ENDPOINT_NAME;
+
+struct MbedClientDevice {
+    const char* Manufacturer;
+    const char* Type;
+    const char* ModelNumber;
+    const char* SerialNumber;
+};
+
+/*
+* Wrapper for mbed client stack that handles all callbacks, error handling, and
+* other schenanigans to make the mbed client stack easier to use.
+*
+* The end user should only have to care about configuring the parameters at the
+* top of this file and making sure they add the security.h file correctly.
+* To add resources you can copy the _TODO__ function and add as many instances as
+* you want.
+*
+*/
+class MbedClient: public M2MInterfaceObserver {
+public:
+
+    // constructor for MbedClient object, initialize private variables
+    MbedClient(struct MbedClientDevice device) {
+        _interface = NULL;
+        _bootstrapped = false;
+        _error = false;
+        _registered = false;
+        _unregistered = false;
+        _register_security = NULL;
+        _value = 0;
+        _object = NULL;
+        _device = device;
+    }
+
+    // de-constructor for MbedClient object, you can ignore this
+    ~MbedClient() {
+        if(_interface) {
+            delete _interface;
+        }
+        if(_register_security){
+            delete _register_security;
+        }
+    }
+
+    // debug printf function
+    void trace_printer(const char* str) {
+        printf("\r\n%s\r\n", str);
+    }
+
+    /*
+    *  Creates M2MInterface using which endpoint can
+    *  setup its name, resource type, life time, connection mode,
+    *  Currently only LwIPv4 is supported.
+    */
+    void create_interface() {
+    // Randomizing listening port for Certificate mode connectivity
+    srand(time(NULL));
+    uint16_t port = rand() % 65535 + 12345;
+
+    // create mDS interface object, this is the base object everything else attaches to
+    _interface = M2MInterfaceFactory::create_interface(*this,
+                                                      ENDPOINT_NAME,            // endpoint name string
+                                                      "instrument",                   // endpoint type string
+                                                      100,                      // lifetime
+                                                      port,                     // listen port
+                                                      MBED_USER_NAME_DOMAIN,    // domain string
+                                                      SOCKET_MODE,              // binding mode
+                                                      M2MInterface::LwIP_IPv4,  // network stack
+                                                      "");                      // context address string
+    String binding_mode;
+    (SOCKET_MODE == M2MInterface::UDP) ? binding_mode = "UDP" : binding_mode = "TCP";
+    printf("\r\nSOCKET_MODE : %s\r\n", binding_mode.c_str());
+    printf("Connecting to %s\r\n", MBED_SERVER_ADDRESS.c_str());
+    }
+
+    /*
+    *  check private variable to see if the registration was sucessful or not
+    */
+    bool register_successful() {
+        return _registered;
+    }
+
+    /*
+    *  check private variable to see if un-registration was sucessful or not
+    */
+    bool unregister_successful() {
+        return _unregistered;
+    }
+
+    /*
+    *  Creates register server object with mbed device server address and other parameters
+    *  required for client to connect to mbed device server.
+    */
+    M2MSecurity* create_register_object() {
+        // create security object using the interface factory.
+        // this will generate a security ObjectID and ObjectInstance
+        M2MSecurity *security = M2MInterfaceFactory::create_security(M2MSecurity::M2MServer);
+
+        // make sure security ObjectID/ObjectInstance was created successfully
+        if(security) {
+            // Add ResourceID's and values to the security ObjectID/ObjectInstance
+            security->set_resource_value(M2MSecurity::M2MServerUri, MBED_SERVER_ADDRESS);
+            security->set_resource_value(M2MSecurity::SecurityMode, M2MSecurity::Certificate);
+            security->set_resource_value(M2MSecurity::ServerPublicKey, SERVER_CERT, sizeof(SERVER_CERT));
+            security->set_resource_value(M2MSecurity::PublicKey, CERT, sizeof(CERT));
+            security->set_resource_value(M2MSecurity::Secretkey, KEY, sizeof(KEY));
+        }
+        return security;
+    }
+
+    /*
+    * Creates device object which contains mandatory resources linked with
+    * device endpoint.
+    */
+    M2MDevice* create_device_object() {
+        // create device objectID/ObjectInstance
+        M2MDevice *device = M2MInterfaceFactory::create_device();
+        // make sure device object was created successfully
+        if(device) {
+            // add resourceID's to device objectID/ObjectInstance
+            device->create_resource(M2MDevice::Manufacturer, _device.Manufacturer);
+            device->create_resource(M2MDevice::DeviceType, _device.Type);
+            device->create_resource(M2MDevice::ModelNumber, _device.ModelNumber);
+            device->create_resource(M2MDevice::SerialNumber, _device.SerialNumber);
+        }
+        return device;
+    }
+
+    /*
+    * register an object
+    */
+    void test_register(M2MSecurity *register_object, M2MObjectList object_list){
+        if(_interface) {
+            // Register function
+            _interface->register_object(register_object, object_list);
+        }
+    }
+
+    /*
+    * unregister all objects
+    */
+    void test_unregister() {
+        if(_interface) {
+            // Unregister function
+            _interface->unregister_object(NULL); // NULL will unregister all objects
+        }
+    }
+
+    //Callback from mbed client stack when the bootstrap
+    // is successful, it returns the mbed Device Server object
+    // which will be used for registering the resources to
+    // mbed Device server.
+    void bootstrap_done(M2MSecurity *server_object){
+        if(server_object) {
+            _bootstrapped = true;
+            _error = false;
+            trace_printer("Bootstrapped");
+        }
+    }
+
+    //Callback from mbed client stack when the registration
+    // is successful, it returns the mbed Device Server object
+    // to which the resources are registered and registered objects.
+    void object_registered(M2MSecurity */*security_object*/, const M2MServer &/*server_object*/){
+        _registered = true;
+        _unregistered = false;
+        green = 0; //turn led on
+        trace_printer("Registered object successfully!");
+    }
+
+    //Callback from mbed client stack when the unregistration
+    // is successful, it returns the mbed Device Server object
+    // to which the resources were unregistered.
+    void object_unregistered(M2MSecurity */*server_object*/){
+        trace_printer("Unregistered Object Successfully");
+        _unregistered = true;
+        _registered = false;
+        green = 1;  //turn led off
+     //   notify_completion(_unregistered);
+     trace_printer("\nUnregistered\n");
+    }
+
+    /*
+    * Callback from mbed client stack when registration is updated
+    */
+    void registration_updated(M2MSecurity */*security_object*/, const M2MServer & /*server_object*/){
+        /* The registration is updated automatically and frequently by the
+        *  mbed client stack. This print statement is turned off because it
+        *  tends to happen alot.
+        */
+        //trace_printer("\r\nRegistration Updated\r\n");
+    }
+
+    // Callback from mbed client stack if any error is encountered
+    // during any of the LWM2M operations. Error type is passed in
+    // the callback.
+    void error(M2MInterface::Error error){
+        _error = true;
+        switch(error){
+            case M2MInterface::AlreadyExists:
+                trace_printer("[ERROR:] M2MInterface::AlreadyExist");
+                break;
+            case M2MInterface::BootstrapFailed:
+                trace_printer("[ERROR:] M2MInterface::BootstrapFailed");
+                break;
+            case M2MInterface::InvalidParameters:
+                trace_printer("[ERROR:] M2MInterface::InvalidParameters");
+                break;
+            case M2MInterface::NotRegistered:
+                trace_printer("[ERROR:] M2MInterface::NotRegistered");
+                break;
+            case M2MInterface::Timeout:
+                trace_printer("[ERROR:] M2MInterface::Timeout");
+                break;
+            case M2MInterface::NetworkError:
+                trace_printer("[ERROR:] M2MInterface::NetworkError");
+                break;
+            case M2MInterface::ResponseParseFailed:
+                trace_printer("[ERROR:] M2MInterface::ResponseParseFailed");
+                break;
+            case M2MInterface::UnknownError:
+                trace_printer("[ERROR:] M2MInterface::UnknownError");
+                break;
+            case M2MInterface::MemoryFail:
+                trace_printer("[ERROR:] M2MInterface::MemoryFail");
+                break;
+            case M2MInterface::NotAllowed:
+                trace_printer("[ERROR:] M2MInterface::NotAllowed");
+                break;
+            default:
+                break;
+        }
+    }
+
+    /* Callback from mbed client stack if any value has changed
+    *  during PUT operation. Object and its type is passed in
+    *  the callback.
+    *  BaseType enum from m2mbase.h
+    *       Object = 0x0, Resource = 0x1, ObjectInstance = 0x2, ResourceInstance = 0x3
+    */
+    void value_updated(M2MBase *base, M2MBase::BaseType type) {
+        printf("\r\nPUT Request Received!");
+        printf("\r\nName :'%s', \r\nType : '%d' (0 for Object, 1 for Resource), \r\nType : '%s'\r\n",
+               base->name().c_str(),
+               type,
+               base->resource_type().c_str()
+               );
+    }
+
+    /*
+    * update the registration period
+    */
+    void test_update_register() {
+        if (_registered) {
+            _interface->update_registration(_register_security, 100);
+        }
+    }
+
+    /*
+    * manually configure the security object private variable
+    */
+   void set_register_object(M2MSecurity *register_object) {
+        if (_register_security == NULL) {
+            _register_security = register_object;
+        }
+    }
+
+private:
+
+    /*
+    *  Private variables used in class
+    */
+    M2MInterface             *_interface;
+    M2MSecurity              *_register_security;
+    M2MObject                *_object;
+    volatile bool            _bootstrapped;
+    volatile bool            _error;
+    volatile bool            _registered;
+    volatile bool            _unregistered;
+    int                      _value;
+    struct MbedClientDevice  _device;
+};
+
+#endif // __SIMPLECLIENT_H__
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tones.h	Wed May 18 19:06:32 2016 +0000
@@ -0,0 +1,94 @@
+#ifndef SXSW_TONES_H
+#define SXSW_TONES_H
+
+#define NOTE_B0 31
+#define NOTE_C1 33
+#define NOTE_CS1 35
+#define NOTE_D1 37
+#define NOTE_DS1 39
+#define NOTE_E1 41
+#define NOTE_F1 44
+#define NOTE_FS1 46
+#define NOTE_G1 49
+#define NOTE_GS1 52
+#define NOTE_A1 55
+#define NOTE_AS1 58
+#define NOTE_B1 62
+#define NOTE_C2 65
+#define NOTE_CS2 69
+#define NOTE_D2 73
+#define NOTE_DS2 78
+#define NOTE_E2 82
+#define NOTE_F2 87
+#define NOTE_FS2 93
+#define NOTE_G2 98
+#define NOTE_GS2 104
+#define NOTE_A2 110
+#define NOTE_AS2 117
+#define NOTE_B2 123
+#define NOTE_C3 131
+#define NOTE_CS3 139
+#define NOTE_D3 147
+#define NOTE_DS3 156
+#define NOTE_E3 165
+#define NOTE_F3 175
+#define NOTE_FS3 185
+#define NOTE_G3 196
+#define NOTE_GS3 208
+#define NOTE_A3 220
+#define NOTE_AS3 233
+#define NOTE_B3 247
+#define NOTE_C4 262
+#define NOTE_CS4 277
+#define NOTE_D4 294
+#define NOTE_DS4 311
+#define NOTE_E4 330
+#define NOTE_F4 349
+#define NOTE_FS4 370
+#define NOTE_G4 392
+#define NOTE_GS4 415
+#define NOTE_A4 440
+#define NOTE_AS4 466
+#define NOTE_B4 494
+#define NOTE_C5 523
+#define NOTE_CS5 554
+#define NOTE_D5 587
+#define NOTE_DS5 622
+#define NOTE_E5 659
+#define NOTE_F5 698
+#define NOTE_FS5 740
+#define NOTE_G5 784
+#define NOTE_GS5 831
+#define NOTE_A5 880
+#define NOTE_AS5 932
+#define NOTE_B5 988
+#define NOTE_C6 1047
+#define NOTE_CS6 1109
+#define NOTE_D6 1175
+#define NOTE_DS6 1245
+#define NOTE_E6 1319
+#define NOTE_F6 1397
+#define NOTE_FS6 1480
+#define NOTE_G6 1568
+#define NOTE_GS6 1661
+#define NOTE_A6 1760
+#define NOTE_AS6 1865
+#define NOTE_B6 1976
+#define NOTE_C7 2093
+#define NOTE_CS7 2217
+#define NOTE_D7 2349
+#define NOTE_DS7 2489
+#define NOTE_E7 2637
+#define NOTE_F7 2794
+#define NOTE_FS7 2960
+#define NOTE_G7 3136
+#define NOTE_GS7 3322
+#define NOTE_A7 3520
+#define NOTE_AS7 3729
+#define NOTE_B7 3951
+#define NOTE_C8 4186
+#define NOTE_CS8 4435
+#define NOTE_D8 4699
+#define NOTE_DS8 4978
+
+#endif