Ok, thanks.

Thanks. I am curious to find out whether the size of OpenVPN can be significantly reduced by using CyaSSL rather than the default one. It would be helpful to see what VPN project CyaSSL has been used in.

It would also be great if it could be a straightforward plugin replacement for OpenSSL - just by changing the library that is used (with OpenSSL defaults enabled by a "#ifdef  OPENSSL_REPLACEMENT" or whatever when building the library itself) and without changing anything in the sources. That way, it would be straightforward to use one instead of the other, and to perform a comparison (size, speed, etc). Is this an unrealistic proposition?

By the way, ctaocrypt/src/rsa.c does not compile, because of this call: "buf = XCALLOC(1, len, heap)" (both on Ubuntu 9.04 and a mipsle cross-compiler). Presumably the configure script should be able to ascertain whether XCALLOC exists? What is the need to use that function anyway?

I had to work around the problem by doing this:

void * XCALLOC (int dummy, size_t num, size_t sz)
{
void *p;
    if (num == 0 || sz == 0)
             return (NULL);
    p = calloc (num, sz);
    if (p == NULL)
    {
      fprintf (stderr, "Unable to allocate %d block(s) of %d byte(s)\n", num, sz);
      exit (1);
    }
    bzero (p, num * sz);
    return (p);
}

Is this okay?

Thanks