- Doxygen documentation updated

- Some minor issues stumbled upon fixed - WIN1250 >> UTF-8
2016-11-02 01:25:38 +01:00 · 2016-11-02 01:25:38 +01:00 · d234e55ae4
commit d234e55ae4
parent 0387d7d593
61 changed files with 1840 additions and 1600 deletions
--- a/11
+++ b/11
@ -51,7 +51,7 @@ PROJECT_BRIEF          = "EAP Supplicant for Windows"
 # and the maximum width should not exceed 200 pixels. Doxygen will copy the logo
 # to the output directory.
-PROJECT_LOGO           =
+PROJECT_LOGO           = include\icon_ui.ico
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
 # into which the generated documentation will be written. If a relative path is
@ -694,7 +694,7 @@ CITE_BIB_FILES         =
 # messages are off.
 # The default value is: NO.
-QUIET                  = NO
+QUIET                  = YES
 # The WARNINGS tag can be used to turn on/off the warning messages that are
 # generated to standard error ( stderr) by doxygen. If WARNINGS is set to YES
@ -718,7 +718,7 @@ WARN_IF_UNDOCUMENTED   = YES
 # markup commands wrongly.
 # The default value is: YES.
-WARN_IF_DOC_ERROR      = NO
+WARN_IF_DOC_ERROR      = YES
 # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that
 # are documented, but have no documentation for their parameters or return
@ -790,13 +790,16 @@ RECURSIVE              = YES
 # run.
 EXCLUDE                = \
 	CredWrite\README.md \
 	EventMonitor\res \
 	lib\EAPBase_UI\res \
 	lib\EapHost_UI\res \
 	lib\TLS_UI\res \
 	lib\TTLS_UI\res \
 	lib\WinStd \
-	lib\wxExtend
+	lib\wxExtend \
 	MsiUseFeature\README.md \
 	WLANManager\README.md
 # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
 # directories that are symbolic links (a Unix file system feature) are excluded
--- a/EventMonitor/App.cpp
+++ b/EventMonitor/App.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
--- a/EventMonitor/App.h
+++ b/EventMonitor/App.h
@ -1,26 +1,23 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 ///
 /// EventMonitor application
 ///
 class wxEventMonitorApp;
 #pragma once
@ -32,6 +29,9 @@ class wxEventMonitorApp;
 #include <wx/intl.h>
 ///
 /// EventMonitor application
 ///
 class wxEventMonitorApp : public wxApp
 {
 public:
--- a/EventMonitor/ETWLog.cpp
+++ b/EventMonitor/ETWLog.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
@ -561,7 +561,7 @@ wxString wxETWListCtrl::OnGetItemText(long item, long column) const
 }
-wxString wxETWListCtrl::OnGetItemText(const event_rec &rec, long column) const
+wxString wxETWListCtrl::OnGetItemText(const winstd::event_rec &rec, long column) const
 {
    switch (column) {
    case 0: {
--- a/EventMonitor/ETWLog.h
+++ b/EventMonitor/ETWLog.h
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include <wx/event.h>
@ -25,27 +25,13 @@
 ///
 #define wxETWEVENT_RECORDS_MAX  1000000
 ///
 /// ETW event
 ///
 class wxETWEvent;
 wxDECLARE_EVENT(wxEVT_ETW_EVENT, wxETWEvent);
 #define wxETWEventHandler(func) wxEVENT_HANDLER_CAST(wxETWEventFunction, func)
 #define EVT_ETW_EVENT(func) wx__DECLARE_EVT0(wxEVT_ETW_EVENT, wxETWEventHandler(func))
 ///
 /// Event trace processor
 ///
 class wxEventTraceProcessorThread;
 ///
 /// Event list control
 ///
 class wxETWListCtrl;
 ///
 /// Supports saving/restoring wxETWListCtrl state
 ///
 class wxPersistentETWListCtrl;
 #pragma once
@ -61,6 +47,9 @@ class wxPersistentETWListCtrl;
 #include <set>
 ///
 /// ETW event
 ///
 class wxETWEvent : public wxEvent
 {
 public:
@ -89,6 +78,9 @@ protected:
 typedef void (wxEvtHandler::*wxETWEventFunction)(wxETWEvent&);
 ///
 /// Event trace processor
 ///
 class wxEventTraceProcessorThread : public wxThread
 {
 public:
@ -109,6 +101,9 @@ protected:
 };
 ///
 /// Event list control
 ///
 class wxETWListCtrl : public wxListCtrl
 {
 protected:
@ -209,6 +204,9 @@ protected:
 };
 ///
 /// Supports saving/restoring wxETWListCtrl state
 ///
 class wxPersistentETWListCtrl : public wxPersistentWindow<wxETWListCtrl>
 {
 public:
--- a/EventMonitor/Frame.cpp
+++ b/EventMonitor/Frame.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
--- a/EventMonitor/Frame.h
+++ b/EventMonitor/Frame.h
@ -1,31 +1,24 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 ///
 /// EventMonitor main frame
 ///
 class wxEventMonitorFrame;
 ///
 /// Supports saving/restoring wxEventMonitorFrame GUI state
 ///
 class wxPersistentEventMonitorFrame;
 #pragma once;
@ -42,6 +35,9 @@ class wxPersistentEventMonitorFrame;
 #include <WinStd/Win.h>
 ///
 /// EventMonitor main frame
 ///
 class wxEventMonitorFrame : public wxFrame
 {
 protected:
@ -117,6 +113,9 @@ protected:
 };
 ///
 /// Supports saving/restoring wxEventMonitorFrame GUI state
 ///
 class wxPersistentEventMonitorFrame : public wxPersistentTLW
 {
 public:
--- a/EventMonitor/LogPanel.cpp
+++ b/EventMonitor/LogPanel.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
--- a/EventMonitor/LogPanel.h
+++ b/EventMonitor/LogPanel.h
@ -1,31 +1,24 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 ///
 /// EventMonitor trace log panel
 ///
 class wxEventMonitorLogPanel;
 ///
 /// Supports saving/restoring wxEventMonitorLogPanel state
 ///
 class wxPersistentEventMonitorLogPanel;
 #pragma once
@ -34,6 +27,9 @@ class wxPersistentEventMonitorLogPanel;
 #include <wx/persist/window.h>
 ///
 /// EventMonitor trace log panel
 ///
 class wxEventMonitorLogPanel : public wxEventMonitorLogPanelBase
 {
 public:
@ -43,6 +39,9 @@ public:
 };
 ///
 /// Supports saving/restoring wxEventMonitorLogPanel state
 ///
 class wxPersistentEventMonitorLogPanel : public wxPersistentWindow<wxEventMonitorLogPanel>
 {
 public:
--- a/README.md
+++ b/README.md
@ -8,22 +8,22 @@ Suite of EAP supplicants for Windows - IEEE 802.1X plug-ins for enterprise netwo
 - Microsoft Windows Vista or later
 - Microsoft Visual Studio 2010 SP1
 - _msgfmt.exe_ from [gettext](https://www.gnu.org/software/gettext/);
-  Hint: [Poedit](https://poedit.net/) contains up-to-date binary Win32 compiled gettext-utilities. Install it and add _GettextTools\bin_ folder to path.
+  Hint: [Poedit](https://poedit.net/) contains up-to-date binary Win32 compiled gettext-utilities. Install it and add `GettextTools\bin` folder to path.
 - _sed.exe_ and _grep.exe_
- _MsiDb.Exe_ and other command line utilities for MSI packaging distributed as a part of Microsoft Windows SDK (installed with Visual Studio). Add SDK's _Bin_ folder to path.
+- _MsiDb.Exe_ and other command line utilities for MSI packaging distributed as a part of Microsoft Windows SDK (installed with Visual Studio). Add SDK's `Bin` folder to path.
 ### wxWidgets
 GÉANTLink is using wxWidgets v3.0.2 static libraries. Unfortunately, only dynamic libraries (DLL) variant is available as a binary download. Therefore static libraries needs to be compiled from [source](https://github.com/wxWidgets/wxWidgets).
 #### Compiling wxWidgets Win32 static libraries
 1. Start _Visual Studio Command Prompt (2010)_
-2. Change working directory to _build\msw_
+2. Change working folder to `build\msw`
 3. Run: `nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0`
 4. Run: `nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 BUILD=release`
 #### Compiling wxWidgets x64 static libraries
 1. Start _Visual Studio x64 Cross Tools Command Prompt (2010)_
-2. Change working directory to _build\msw_
+2. Change working folder to `build\msw`
 3. Run: `nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 TARGET_CPU=X64`
 4. Run: `nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 TARGET_CPU=X64 BUILD=release`
@ -75,7 +75,7 @@ Command            | Explanation
 `nmake Clean`      | Deletes all intermediate and output files.
 `nmake Register`   | Builds a debug version of project, registers DLLs, and adds Start Menu shortcuts. For testing and development purposes only! Requires elevated command prompt.
 `nmake Unregister` | Removes Start Menu shortcuts, unregisters DLLs. For testing development purposes only! Requires elevated command prompt.
-`nmake Setup`      | Builds a release version of project and release MSI setup files. The resulting files can be found in _output\Setup_ folder.
+`nmake Setup`      | Builds a release version of project and release MSI setup files. The resulting files can be found in `output\Setup` folder.
-`nmake SetupDebug` | Builds a debug version of project and debug MSI setup files. The resulting files can be found in _output\Setup_ folder.
+`nmake SetupDebug` | Builds a debug version of project and debug MSI setup files. The resulting files can be found in `output\Setup` folder.
 The `/ls` flag can be appended to the commands above to reduce NMAKE’s verbosity. You can combine multiple targets (i.e. nmake Unregister Clean). Please, see NMAKE reference for further reading.
--- a/lib/EAPBase/include/Config.h
+++ b/lib/EAPBase/include/Config.h
@ -24,32 +24,16 @@
 namespace eap
 {
    ///
    /// Base class for configuration storage
    ///
    class config;
    ///
    /// Base class for method configuration storage
    ///
    class config_method;
    ///
    /// Base class for method with credentials
    ///
    class config_method_with_cred;
    ///
    /// Provider configuration storage
    ///
    class config_provider;
    ///
    /// Connection configuration storage
    ///
    class config_connection;
 }
 /// \addtogroup EAPBaseStream
 /// @{
 ///
 /// Packs a configuration
 ///
@ -65,7 +49,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config &
 ///
 /// \returns Size of data when packed (in bytes)
 ///
-inline size_t pksizeof(const eap::config &val);
+inline size_t pksizeof(_In_ const eap::config &val);
 ///
 /// Unpacks a configuration
@ -75,6 +59,8 @@ inline size_t pksizeof(const eap::config &val);
 ///
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
 /// @}
 #pragma once
 #include "Module.h"
@ -96,6 +82,15 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
 namespace eap
 {
    ///
    /// \defgroup EAPBaseConfig  Configuration
    /// Configuration management
    ///
    /// @{
    ///
    /// Base class for configuration storage
    ///
    class config
    {
    public:
@ -139,17 +134,17 @@ namespace eap
        config& operator=(_Inout_ config &&other);
        ///
-        /// Clones this configuration
+        /// Clones this object
        ///
-        /// \returns Pointer to cloned configuration
+        /// \returns Pointer to cloned object with identical data
        ///
        virtual config* clone() const = 0;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
-        /// Save to XML document
+        /// Save data to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
@ -169,21 +164,21 @@ namespace eap
        /// @{
        ///
-        /// Packs a configuration
+        /// Packs this object
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
-        /// Returns packed size of a configuration
+        /// Returns packed size of this object
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
-        /// Unpacks a configuration
+        /// Unpacks this object
        ///
        /// \param[inout] cursor  Memory cursor
        ///
@ -202,6 +197,9 @@ namespace eap
    class credentials;
    ///
    /// Base class for method configuration storage
    ///
    class config_method : public config
    {
    public:
@ -264,50 +262,17 @@ namespace eap
        ///
        config_method& operator=(_Inout_ config_method &&other);
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        ///
@ -335,6 +300,9 @@ namespace eap
    };
    ///
    /// Base class for method with credentials
    ///
    class config_method_with_cred : public config_method
    {
    public:
@ -378,50 +346,17 @@ namespace eap
        ///
        config_method_with_cred& operator=(_Inout_ config_method_with_cred &&other);
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
    public:
@ -430,6 +365,9 @@ namespace eap
    };
    ///
    /// Provider configuration storage
    ///
    class config_provider : public config
    {
    public:
@ -472,57 +410,19 @@ namespace eap
        ///
        config_provider& operator=(_Inout_ config_provider &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        ///
@ -555,6 +455,9 @@ namespace eap
    };
    ///
    /// Connection configuration storage
    ///
    class config_connection : public config
    {
    public:
@ -603,62 +506,26 @@ namespace eap
        ///
        config_connection& operator=(_Inout_ config_connection &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
    public:
        std::list<eap::config_provider> m_providers;    ///< Provider configurations
    };
    /// @}
 }
@ -668,7 +535,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config &
 }
-inline size_t pksizeof(const eap::config &val)
+inline size_t pksizeof(_In_ const eap::config &val)
 {
    return val.get_pk_size();
 }
@ -680,19 +547,43 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val)
 }
 /// \addtogroup EAPBaseStream
 /// @{
 ///
 /// Packs a method status
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[in]    val     Method status to pack
 ///
 inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::config_method::status_t &val)
 {
    cursor << (unsigned char)val;
 }
 ///
 /// Returns packed size of a method status
 ///
 /// \param[in] val  Method status to pack
 ///
 /// \returns Size of data when packed (in bytes)
 ///
 inline size_t pksizeof(_In_ const eap::config_method::status_t &val)
 {
    return pksizeof((unsigned char)val);
 }
 ///
 /// Unpacks a method status
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[out]   val     Method status to unpack to
 ///
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config_method::status_t &val)
 {
    cursor >> (unsigned char&)val;
 }
 /// @}
--- a/lib/EAPBase/include/Credentials.h
+++ b/lib/EAPBase/include/Credentials.h
@ -22,19 +22,8 @@
 namespace eap
 {
    ///
    /// Base class for method credential storage
    ///
    class credentials;
    ///
    /// Password based method credentials
    ///
    class credentials_pass;
    ///
    /// Connection credentials
    ///
    class credentials_connection;
 }
@ -58,6 +47,15 @@ namespace eap
 namespace eap
 {
    ///
    /// \defgroup EAPBaseCred  Credentials
    /// Credential management
    ///
    /// @{
    ///
    /// Base class for method credential storage
    ///
    class credentials : public config
    {
    public:
@ -127,50 +125,17 @@ namespace eap
        ///
        virtual bool empty() const;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        /// \name Storage
@ -240,7 +205,7 @@ namespace eap
        /// Combine credentials in the following order:
        ///
        /// 1. Cached credentials
-        /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
+        /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
        /// 3. Stored credentials
        ///
        /// \param[in] dwFlags                A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
@ -266,6 +231,9 @@ namespace eap
    };
    ///
    /// Password based method credentials
    ///
    class credentials_pass : public credentials
    {
    public:
@ -319,110 +287,46 @@ namespace eap
        ///
        credentials_pass& operator=(_Inout_ credentials_pass &&other);
        ///
        /// Clones credentials
        ///
        /// \returns Pointer to cloned credentials
        ///
        virtual config* clone() const;
        ///
        /// Resets credentials
        ///
        virtual void clear();
        ///
        /// Test credentials if blank
        ///
        /// \returns
        /// - \c true if blank
        /// - \c false otherwise
        ///
        virtual bool empty() const;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        /// \name Storage
        /// @{
        ///
        /// Save credentials to Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
        virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
        ///
        /// Retrieve credentials from Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
        virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
        ///
-        /// Return target suffix for Windows Credential Manager credential name
+        /// @copydoc eap::credentials::target_suffix()
        /// \returns This implementation always returns `_T("pass")`
        ///
        virtual LPCTSTR target_suffix() const;
        /// @}
        ///
        /// Combine credentials in the following order:
        ///
        /// 1. Cached credentials
-        /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
+        /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
        /// 3. Stored credentials
        ///
        /// \param[in] dwFlags                A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
        /// \param[in] hTokenImpersonateUser  Impersonation token for a logged-on user to collect user-related information
-        /// \param[in] cred_cached            Cached credentials (optional, can be \c NULL, must be credentials_eaphost* type)
+        /// \param[in] cred_cached            Cached credentials (optional, can be \c NULL, must be `credentials_eaphost*` type)
-        /// \param[in] cfg                    Method configuration (unused, as must be as config_method_eaphost is not derived from config_method_with_cred)
+        /// \param[in] cfg                    Method configuration (unused, as must be as config_method_eaphost is not derived from `config_method_with_cred`)
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
@ -448,6 +352,9 @@ namespace eap
    };
    ///
    /// Connection credentials
    ///
    class credentials_connection : public config
    {
    public:
@ -491,57 +398,19 @@ namespace eap
        ///
        credentials_connection& operator=(_Inout_ credentials_connection &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        ///
@ -575,22 +444,47 @@ namespace eap
        std::wstring m_id;                      ///< Provider ID
        std::unique_ptr<credentials> m_cred;    ///< Credentials
    };
    /// @}
 }
 /// \addtogroup EAPBaseStream
 /// @{
 ///
 /// Packs a credential encryption algorithm ID
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[in]    val     Credential encryption algorithm ID to pack
 ///
 inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::credentials_pass::enc_alg_t &val)
 {
    cursor << (unsigned char)val;
 }
 ///
 /// Returns packed size of a credential encryption algorithm ID
 ///
 /// \param[in] val  Credential encryption algorithm ID to pack
 ///
 /// \returns Size of data when packed (in bytes)
 ///
 inline size_t pksizeof(_In_ const eap::credentials_pass::enc_alg_t &val)
 {
    return pksizeof((unsigned char)val);
 }
 ///
 /// Unpacks a credential encryption algorithm ID
 ///
 /// \param[inout] cursor  Memory cursor
 /// \param[out]   val     Credential encryption algorithm ID to unpack to
 ///
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::credentials_pass::enc_alg_t &val)
 {
    cursor >> (unsigned char&)val;
 }
 /// @}
--- a/lib/EAPBase/include/EAP.h
+++ b/lib/EAPBase/include/EAP.h
@ -21,9 +21,18 @@
 #define IDR_EAP_KEY_PUBLIC  1
 #define IDR_EAP_KEY_PRIVATE 2
 ///
 /// \defgroup EAPBaseStream  Memory Packaging
 /// Simple serialization/deserialization of data to/from memory opaque BLOBs
 ///
 /// @{
 #ifndef EAP_ENCRYPT_BLOBS
 ///
 /// Compiler variable to control whether BLOBs leaving our module get encrypted
 ///
 #define EAP_ENCRYPT_BLOBS 1
 #endif
 /// @}
 #define _HOST_LOW_ENDIAN
@ -42,15 +51,17 @@
 namespace eap
 {
    ///
    /// Output BLOB cursor
    ///
    struct cursor_out;
    struct cursor_in;
    template<size_t N> struct WINSTD_NOVTABLE sanitizing_blob_f;
    template<size_t N> struct WINSTD_NOVTABLE sanitizing_blob_zf;
    ///
-    /// Input BLOB cursor
+    /// \defgroup EAPBaseSanitizing  Sanitizing memory
    /// Secure memory erasing after use
    ///
-    struct cursor_in;
+    /// @{
    ///
    /// Sanitizing dynamically allocated BLOB
@ -58,17 +69,7 @@ namespace eap
    typedef std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > sanitizing_blob;
    ///
-    /// Sanitizing BLOB of fixed size
+    /// Sanitizing BLOB of fixed size (zero initialized in _DEBUG version, non-initialized in release version)
    ///
    template<size_t N> struct sanitizing_blob_f;
    ///
    /// Sanitizing BLOB of fixed size (zero initialized)
    ///
    template<size_t N> struct sanitizing_blob_zf;
    ///
    /// Sanitizing BLOB of fixed size (zero initialized in _DEBUG version)
    ///
 #ifdef _DEBUG
    #define sanitizing_blob_xf sanitizing_blob_zf
@ -76,19 +77,13 @@ namespace eap
    #define sanitizing_blob_xf sanitizing_blob_f
 #endif
-    ///
+    /// @}
-    /// Diameter AVP flags
+
-    ///
+    /// \addtogroup EAPBaseDiameter
    /// @{
    enum diameter_avp_flags_t;
    ///
    /// Diameter AVP header
    ///
    struct diameter_avp_header;
    ///
    /// Diameter AVP header with Vendor-ID
    ///
    struct diameter_avp_header_ven;
    ///
@ -124,8 +119,13 @@ namespace eap
        _In_bytecount_(size) const void            *data,
        _In_                       unsigned int    size,
        _Inout_                    sanitizing_blob &packet);
    /// @}
 }
 /// \addtogroup EAPBaseStream
 /// @{
 ///
 /// Packs a boolean
 ///
@ -243,7 +243,7 @@ template<class _Elem, class _Traits, class _Ax> inline void operator<<(_Inout_ e
 ///
 /// \returns Size of data when packed (in bytes)
 ///
-template<class _Elem, class _Traits, class _Ax> inline size_t pksizeof(const std::basic_string<_Elem, _Traits, _Ax> &val);
+template<class _Elem, class _Traits, class _Ax> inline size_t pksizeof(_In_ const std::basic_string<_Elem, _Traits, _Ax> &val);
 ///
 /// Unpacks a string
@ -268,7 +268,7 @@ template<class _Traits, class _Ax> inline void operator<<(_Inout_ eap::cursor_ou
 ///
 /// \returns Size of data when packed (in bytes)
 ///
-template<class _Traits, class _Ax> inline size_t pksizeof(const std::basic_string<wchar_t, _Traits, _Ax> &val);
+template<class _Traits, class _Ax> inline size_t pksizeof(_In_ const std::basic_string<wchar_t, _Traits, _Ax> &val);
 ///
 /// Unpacks a wide string
@ -293,7 +293,7 @@ template<class _Ty, class _Ax> inline void operator<<(_Inout_ eap::cursor_out &c
 ///
 /// \returns Size of data when packed (in bytes)
 ///
-template<class _Ty, class _Ax> inline size_t pksizeof(const std::vector<_Ty, _Ax> &val);
+template<class _Ty, class _Ax> inline size_t pksizeof(_In_ const std::vector<_Ty, _Ax> &val);
 ///
 /// Unpacks a vector
@ -318,7 +318,7 @@ template<class _Ty, class _Ax> inline void operator<<(_Inout_ eap::cursor_out &c
 ///
 /// \returns Size of data when packed (in bytes)
 ///
-template<class _Ty, class _Ax> inline size_t pksizeof(const std::list<_Ty, _Ax> &val);
+template<class _Ty, class _Ax> inline size_t pksizeof(_In_ const std::list<_Ty, _Ax> &val);
 ///
 /// Unpacks a list
@ -343,16 +343,9 @@ template<class _Ty, class _Dx> inline void operator<<(_Inout_ eap::cursor_out &c
 ///
 /// \returns Size of data when packed (in bytes)
 ///
-template<class _Ty, class _Dx> inline size_t pksizeof(const std::unique_ptr<_Ty, _Dx> &val);
+template<class _Ty, class _Dx> inline size_t pksizeof(_In_ const std::unique_ptr<_Ty, _Dx> &val);
-/////
+// std::unique_ptr<> is generally not unpackable, since we do not know, how to create a new instance of unique_ptr.
 ///// Unpacks a std::unique_ptr
 /////
 ///// \note Not generally unpackable, since we do not know, how to create a new instance of unique_ptr.
 /////
 ///// \param[inout] cursor  Memory cursor
 ///// \param[out]   val     std::unique_ptr to unpack to
 /////
 //template<class _Ty, class _Dx> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ std::unique_ptr<_Ty, _Dx> &val);
 ///
@ -370,7 +363,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const winstd::cert_
 ///
 /// \returns Size of data when packed (in bytes)
 ///
-inline size_t pksizeof(const winstd::cert_context &val);
+inline size_t pksizeof(_In_ const winstd::cert_context &val);
 ///
 /// Unpacks a certificate context
@ -395,7 +388,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const winstd::eap_t
 ///
 /// \returns Size of data when packed (in bytes)
 ///
-inline size_t pksizeof(const winstd::eap_type_t &val);
+inline size_t pksizeof(_In_ const winstd::eap_type_t &val);
 ///
 /// Unpacks an EAP method type
@ -480,6 +473,14 @@ inline size_t pksizeof(_In_ const EAP_METHOD_TYPE &val);
 ///
 inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ EAP_METHOD_TYPE &val);
 /// @}
 ///
 /// \defgroup EAPBaseConversion  Data conversion
 /// Data conversion
 ///
 /// @{
 #ifndef htonll
 ///
 /// Converts an unsigned __int64 from host to TCP/IP network byte order.
@ -492,7 +493,7 @@ inline unsigned __int64 htonll(unsigned __int64 val);
 #endif
 ///
-/// Converts an 24-bit integer from host to TCP/IP network byte order.
+/// Converts a 24-bit integer from host to TCP/IP network byte order.
 ///
 /// \param[in ] val  A 24-bit unsigned number in host byte order
 /// \param[out] out  A 24-bit unsigned number in network byte order
@ -500,7 +501,7 @@ inline unsigned __int64 htonll(unsigned __int64 val);
 inline void hton24(_In_ unsigned int val, _Out_ unsigned char out[3]);
 ///
-/// Converts an 24-bit integer from TCP/IP network to host byte order.
+/// Converts a 24-bit integer from TCP/IP network to host byte order.
 ///
 /// \param[in] val  A 24-bit unsigned number in network byte order
 ///
@ -508,11 +509,19 @@ inline void hton24(_In_ unsigned int val, _Out_ unsigned char out[3]);
 ///
 inline unsigned int ntoh24(_In_ const unsigned char val[3]);
 /// @}
 #pragma once
 namespace eap
 {
    /// \addtogroup EAPBaseStream
    /// @{
    ///
    /// Output BLOB cursor
    ///
    struct cursor_out
    {
        ///
@ -525,6 +534,9 @@ namespace eap
    };
    ///
    /// Input BLOB cursor
    ///
    struct cursor_in
    {
        ///
@ -536,12 +548,18 @@ namespace eap
        ptr_type ptr_end;   ///< Pointer to the end of BLOB
    };
    /// @}
    /// \addtogroup EAPBaseSanitizing
    /// @{
 #pragma pack(push)
 #pragma pack(1)
-    template<size_t N>
+    ///
-    struct __declspec(novtable) sanitizing_blob_f<N>
+    /// Sanitizing BLOB of fixed size
    ///
    template<size_t N> struct WINSTD_NOVTABLE sanitizing_blob_f<N>
    {
        unsigned char data[N]; ///< BLOB data
@ -664,8 +682,11 @@ namespace eap
        }
    };
-    template<size_t N>
+
-    struct __declspec(novtable) sanitizing_blob_zf<N> : sanitizing_blob_f<N>
+    ///
    /// Sanitizing BLOB of fixed size (zero initialized)
    ///
    template<size_t N> struct WINSTD_NOVTABLE sanitizing_blob_zf<N> : sanitizing_blob_f<N>
    {
        ///
        /// Constructor
@ -697,7 +718,17 @@ namespace eap
    };
 #pragma pack(pop)
    /// @}
    ///
    /// \defgroup EAPBaseDiameter  Diameter
    /// Diameter authentication protocol
    ///
    /// @{
    ///
    /// Diameter AVP flags
    ///
    #pragma warning(suppress: 4480)
    enum diameter_avp_flags_t : unsigned char {
        diameter_avp_flag_vendor    = 0x80, ///< Vendor-ID present
@ -709,6 +740,9 @@ namespace eap
 #pragma pack(push)
 #pragma pack(1)
    ///
    /// Diameter AVP header
    ///
    struct diameter_avp_header
    {
        unsigned char code[4];      ///< AVP Code
@ -717,12 +751,17 @@ namespace eap
    };
    ///
    /// Diameter AVP header with Vendor-ID
    ///
    struct diameter_avp_header_ven : public diameter_avp_header
    {
        unsigned char vendor[4];    ///< Vendor-ID
    };
 #pragma pack(pop)
    /// @}
 }
@ -842,7 +881,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::basic_st
 template<class _Elem, class _Traits, class _Ax>
-inline size_t pksizeof(const std::basic_string<_Elem, _Traits, _Ax> &val)
+inline size_t pksizeof(_In_ const std::basic_string<_Elem, _Traits, _Ax> &val)
 {
    return sizeof(_Elem)*(val.length() + 1);
 }
@ -869,7 +908,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::basic_st
 template<class _Traits, class _Ax>
-inline size_t pksizeof(const std::basic_string<wchar_t, _Traits, _Ax> &val)
+inline size_t pksizeof(_In_ const std::basic_string<wchar_t, _Traits, _Ax> &val)
 {
    return sizeof(char)*(WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), NULL, 0, NULL, NULL) + 1);
 }
@ -898,7 +937,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::vector<_
 template<class _Ty, class _Ax>
-inline size_t pksizeof(const std::vector<_Ty, _Ax> &val)
+inline size_t pksizeof(_In_ const std::vector<_Ty, _Ax> &val)
 {
    // Since we do not know wheter vector elements are primitives or objects, iterate instead of sizeof().
    // For performance critical vectors of flat opaque data types write specialized template instantiation.
@ -942,7 +981,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::list<_Ty
 template<class _Ty, class _Ax>
-inline size_t pksizeof(const std::list<_Ty, _Ax> &val)
+inline size_t pksizeof(_In_ const std::list<_Ty, _Ax> &val)
 {
    // Since we do not know wheter list elements are primitives or objects, iterate instead of sizeof().
    // For performance critical vectors of flat opaque data types write specialized template instantiation.
@ -981,7 +1020,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const std::unique_p
 template<class _Ty, class _Dx>
-inline size_t pksizeof(const std::unique_ptr<_Ty, _Dx> &val)
+inline size_t pksizeof(_In_ const std::unique_ptr<_Ty, _Dx> &val)
 {
    return
        val ?
@ -1007,7 +1046,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const winstd::cert_
 }
-inline size_t pksizeof(const winstd::cert_context &val)
+inline size_t pksizeof(_In_ const winstd::cert_context &val)
 {
    return
        val ?
--- a/lib/EAPBase/include/EAPXML.h
+++ b/lib/EAPBase/include/EAPXML.h
@ -29,39 +29,531 @@
 namespace eapxml
 {
    ///
    /// \defgroup EAPBaseXML  XML DOM
    /// Easy interaction with MSXML
    ///
    /// @{
    ///
    /// Returns owner document object for a given node
    ///
    /// \param[in ] pXmlNode  XML node
    /// \param[out] ppXmlDoc  XML document
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT get_document(_In_ IXMLDOMNode *pXmlNode, _Out_ winstd::com_obj<IXMLDOMDocument2> &ppXmlDoc);
    ///
    /// Selects single child node by name
    ///
    /// \param[in ] pXmlParent    Parent XML node
    /// \param[in ] bstrNodeName  XML node selection name
    /// \param[out] ppXmlNode     Child XML node found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT select_node(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ winstd::com_obj<IXMLDOMNode> &ppXmlNode);
    ///
    /// Selects child nodes by name
    ///
    /// \param[in ] pXmlParent    Parent XML node
    /// \param[in ] bstrNodeName  XML node selection name
    /// \param[out] ppXmlNodes    List of child XML nodes found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT select_nodes(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ winstd::com_obj<IXMLDOMNodeList> &ppXmlNodes);
    ///
    /// Selects single child element by name
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT select_element(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ winstd::com_obj<IXMLDOMElement> &ppXmlElement);
    ///
    /// Creates a new element
    ///
    /// \param[in ] pDoc             Owner XML document
    /// \param[in ] bstrElementName  XML element name
    /// \param[in ] bstrNamespace    XML element namespace
    /// \param[out] ppXmlElement     XML element created
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT create_element(_In_ IXMLDOMDocument *pDoc, _In_z_ const BSTR bstrElementName, _In_z_ const BSTR bstrNamespace, _Out_ winstd::com_obj<IXMLDOMElement> &ppXmlElement);
    ///
    /// Creates a new child element if not already present
    ///
    /// \param[in ] pDoc                   Owner XML document
    /// \param[in ] pXmlParent             Parent XML node
    /// \param[in ] bstrElementNameSelect  XML element selection name
    /// \param[in ] bstrElementNameCreate  XML element name
    /// \param[in ] bstrNamespace          XML element namespace
    /// \param[out] ppXmlElement           XML element found or created
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT create_element(_In_ IXMLDOMDocument *pDoc, IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementNameSelect, _In_z_ const BSTR bstrElementNameCreate, _In_z_ const BSTR bstrNamespace, _Out_ winstd::com_obj<IXMLDOMElement> &ppXmlElement);
    ///
    /// Tests if node has a parent set
    ///
    /// \param[in] pXmlNode  XML node
    ///
    /// \returns
    /// - Non zero when \p pXmlNode has a parent set;
    /// - Zero otherwise.
    ///
    inline bool has_parent(_In_ IXMLDOMNode *pXmlNode);
    ///
    /// Returns child element text
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[out] pbstrValue       XML element text
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ winstd::bstr &pbstrValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Returns child element text
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[out] sValue           XML element text
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    template<class _Traits, class _Ax> inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Returns child element text converted to number
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[out] pdwValue         XML element text converted to number
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ DWORD &pdwValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Returns child element text converted to boolean
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[out] pbValue          XML element text converted to boolean
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ bool &pbValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Returns child element BLOB encoded as Base64 text
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[out] aValue           XML element BLOB
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    template<class _Ty, class _Ax> inline HRESULT get_element_base64(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Returns child element BLOB encoded as hexadecimal text
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[out] aValue           XML element BLOB
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    template<class _Ty, class _Ax> inline HRESULT get_element_hex(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Returns child element localizable text
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[in ] pszLang          Desired localization
    /// \param[out] pbstrValue       XML element text
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ winstd::bstr &pbstrValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Returns child element localizable text
    ///
    /// \param[in ] pXmlParent       Parent XML node
    /// \param[in ] bstrElementName  XML element selection name
    /// \param[in ] pszLang          Desired localization
    /// \param[out] sValue           XML element text
    /// \param[out] ppXmlElement     Child XML element found
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    template<class _Traits, class _Ax> inline HRESULT get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Creates a new child element
    ///
    /// \param[in ] pDoc             Owner XML document
    /// \param[in ] pCurrentDOMNode  Parent XML node
    /// \param[in ] bstrElementName  XML element name
    /// \param[in ] bstrNamespace    XML element namespace
    /// \param[out] ppXmlElement     XML element created
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_element(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _Out_ winstd::com_obj<IXMLDOMElement> &ppXmlElement);
    ///
    /// Creates a new child element with text
    ///
    /// \param[in ] pDoc             Owner XML document
    /// \param[in ] pCurrentDOMNode  Parent XML node
    /// \param[in ] bstrElementName  XML element name
    /// \param[in ] bstrNamespace    XML element namespace
    /// \param[in ] bstrValue        XML element text
    /// \param[out] ppXmlElement     XML element created
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_z_ const BSTR bstrValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Creates a new child element with text converted from number
    ///
    /// \param[in ] pDoc             Owner XML document
    /// \param[in ] pCurrentDOMNode  Parent XML node
    /// \param[in ] bstrElementName  XML element name
    /// \param[in ] bstrNamespace    XML element namespace
    /// \param[in ] dwValue          XML element number
    /// \param[out] ppXmlElement     XML element created
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ DWORD dwValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Creates a new child element with text converted from boolean
    ///
    /// \param[in ] pDoc             Owner XML document
    /// \param[in ] pCurrentDOMNode  Parent XML node
    /// \param[in ] bstrElementName  XML element name
    /// \param[in ] bstrNamespace    XML element namespace
    /// \param[in ] bValue           XML element boolean
    /// \param[out] ppXmlElement     XML element created
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ bool bValue, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Creates a new child element with Base64 encoded text from BLOB
    ///
    /// \param[in ] pDoc             Owner XML document
    /// \param[in ] pCurrentDOMNode  Parent XML node
    /// \param[in ] bstrElementName  XML element name
    /// \param[in ] bstrNamespace    XML element namespace
    /// \param[in ] pValue           Pointer to BLOB data
    /// \param[in ] nValueLen        Size of \p pValue in bytes
    /// \param[out] ppXmlElement     XML element created
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_element_base64(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Creates a new child element with hexadecimal encoded text from BLOB
    ///
    /// \param[in ] pDoc             Owner XML document
    /// \param[in ] pCurrentDOMNode  Parent XML node
    /// \param[in ] bstrElementName  XML element name
    /// \param[in ] bstrNamespace    XML element namespace
    /// \param[in ] pValue           Pointer to BLOB data
    /// \param[in ] nValueLen        Size of \p pValue in bytes
    /// \param[out] ppXmlElement     XML element created
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_element_hex(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen, _Out_opt_ winstd::com_obj<IXMLDOMElement> *ppXmlElement = NULL);
    ///
    /// Returns attribute text
    ///
    /// \param[in ] pXmlParent         Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute selection name
    /// \param[out] pbstrValue         XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT get_attrib_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ winstd::bstr &pbstrValue);
    ///
    /// Returns attribute text
    ///
    /// \param[in ] pXmlParent         Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute selection name
    /// \param[out] sValue             XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    template<class _Traits, class _Ax> inline HRESULT get_attrib_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue);
    ///
    /// Returns attribute text converted to number
    ///
    /// \param[in ] pXmlParent         Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute selection name
    /// \param[out] pdwValue           XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT get_attrib_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ DWORD &pdwValue);
    ///
    /// Returns attribute text converted to boolean
    ///
    /// \param[in ] pXmlParent         Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute selection name
    /// \param[out] pbValue            XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT get_attrib_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ bool &pbValue);
    ///
    /// Returns attribute BLOB converted from Base64 encoded text
    ///
    /// \param[in ] pXmlParent         Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute selection name
    /// \param[out] aValue             XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    template<class _Ty, class _Ax> inline HRESULT get_attrib_base64(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ std::vector<_Ty, _Ax> &aValue);
    ///
    /// Returns attribute BLOB converted from hexadecimal encoded text
    ///
    /// \param[in ] pXmlParent         Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute selection name
    /// \param[out] aValue             XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    template<class _Ty, class _Ax> inline HRESULT get_attrib_hex(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrAttributeName, _Out_ std::vector<_Ty, _Ax> &aValue);
    ///
    /// Sets node attribute
    ///
    /// \param[in ] pCurrentDOMNode    Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute name
    /// \param[out] bstrValue          XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_attrib_value(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_opt_z_ _In_z_ const BSTR bstrValue);
    ///
    /// Sets node attribute converted from number
    ///
    /// \param[in ] pCurrentDOMNode    Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute name
    /// \param[out] dwValue            XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_attrib_value(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_opt_z_ _In_ DWORD dwValue);
    ///
    /// Sets node attribute converted from boolean
    ///
    /// \param[in ] pCurrentDOMNode    Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute name
    /// \param[out] bValue             XML atribute value
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_attrib_value(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_opt_z_ _In_ bool bValue);
    ///
    /// Sets node attribute to Base64 encoded text from BLOB
    ///
    /// \param[in ] pCurrentDOMNode    Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute name
    /// \param[in ] pValue             Pointer to BLOB data
    /// \param[in ] nValueLen          Size of \p pValue in bytes
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_attrib_base64(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_opt_z_ _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen);
    ///
    /// Sets node attribute to hexadecimal encoded text from BLOB
    ///
    /// \param[in ] pCurrentDOMNode    Parent XML node
    /// \param[in ] bstrAttributeName  XML attribute name
    /// \param[in ] pValue             Pointer to BLOB data
    /// \param[in ] nValueLen          Size of \p pValue in bytes
    ///
    /// \returns
    /// - >0 if succeeded with warnings;
    /// - =0 (\c S_OK) if successful;
    /// - <0 if failed.
    /// Use `SUCCEEDED()` macro to test for first two cases (>=0) or `FAILED()` to test for failure.
    ///
    inline HRESULT put_attrib_hex(_In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrAttributeName, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen);
    ///
    /// Builds XPath for a given node
    ///
    /// \param[in] pXmlNode  XML node
    ///
    /// \returns String with XPath for a given node up to node terminal parent
    ///
    inline std::wstring get_xpath(_In_ IXMLDOMNode *pXmlNode);
    /// @}
 }
 #pragma once
--- a/lib/EAPBase/include/Method.h
+++ b/lib/EAPBase/include/Method.h
@ -20,23 +20,8 @@
 namespace eap
 {
    ///
    /// Method base class
    ///
    class method;
    ///
    /// Tunnel method base class
    ///
    /// This is a base class for all the methods that encapsulate inner methods to provide stacking framework.
    ///
    class method_tunnel;
    ///
    /// EAP tunnel method
    ///
    /// This method encapsulates inner data in EAP packets.
    ///
    class method_eap;
 }
@ -58,6 +43,15 @@ extern "C" {
 namespace eap
 {
    ///
    /// \defgroup EAPBaseMethod  Methods
    /// Methods
    ///
    /// @{
    ///
    /// Method base class
    ///
    class method
    {
        WINSTD_NONCOPYABLE(method)
@ -86,7 +80,7 @@ namespace eap
        ///
        method& operator=(_Inout_ method &&other);
-        /// \name Packet processing
+        /// \name Session management
        /// @{
        ///
@ -94,6 +88,11 @@ namespace eap
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        /// \param[in] dwFlags                A combination of EAP flags that describe the new EAP authentication session behavior.
        /// \param[in] pAttributeArray        A pointer to an array structure that specifies the EAP attributes of the entity to authenticate.
        /// \param[in] hTokenImpersonateUser  Specifies a handle to the user impersonation token to use in this session.
        /// \param[in] dwMaxSendPacketSize    Specifies the maximum size in bytes of an EAP packet sent during the session. If the method needs to send a packet larger than the maximum size, the method must accommodate fragmentation and reassembly.
        ///
        virtual void begin_session(
            _In_        DWORD         dwFlags,
            _In_  const EapAttributes *pAttributeArray,
@ -107,11 +106,21 @@ namespace eap
        ///
        virtual void end_session();
        /// @}
        /// \name Packet processing
        /// @{
        ///
        /// Processes a packet received by EapHost from a supplicant.
        ///
        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
        ///
        /// \param[in] pReceivedPacket       Received packet data
        /// \param[in] dwReceivedPacketSize  \p pReceivedPacket size in bytes
        ///
        /// \returns Action peer wants EapHost to do next.
        ///
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize) = 0;
@ -121,20 +130,26 @@ namespace eap
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        /// \param[out] packet    Response packet
        /// \param[in]  size_max  The maximum size in bytes \p packet must not exceed. If the method needs to send a packet larger than the maximum size, the method must accommodate fragmentation and reassembly.
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD) = 0;
        /// @}
        ///
        /// Obtains the result of an authentication session from the EAP method.
        ///
        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
        ///
        /// \param[in ] reason   The reason code for the authentication result returned in \p pResult.
        /// \param[out] pResult  A pointer to a structure that contains the authentication results.
        ///
        virtual void get_result(
            _In_  EapPeerMethodResultReason reason,
-            _Inout_ EapPeerMethodResult       *pResult);
+            _Out_ EapPeerMethodResult       *pResult);
        /// @}
        /// \name User Interaction
        /// @{
@ -146,9 +161,12 @@ namespace eap
        ///
        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
        ///
        /// \param[out] ppUIContextData       A pointer to an address that contains a byte buffer with the supplicant user interface context data from EAPHost.
        /// \param[out] pdwUIContextDataSize  A pointer to a value that specifies the size of the user interface context data byte buffer returned in \p ppUIContextData.
        ///
        virtual void get_ui_context(
-            _Inout_ BYTE  **ppUIContextData,
+            _Out_ BYTE  **ppUIContextData,
-            _Inout_ DWORD *pdwUIContextDataSize);
+            _Out_ DWORD *pdwUIContextDataSize);
        ///
        /// Provides a user interface context to the EAP method.
@ -157,6 +175,11 @@ namespace eap
        ///
        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
        ///
        /// \param[in] pUIContextData       A pointer to an address that contains a byte buffer with the new supplicant UI context data to set on EAPHost.
        /// \param[in] dwUIContextDataSize  \p pUIContextData size in bytes
        ///
        /// \returns Action peer wants EapHost to do next.
        ///
        virtual EapPeerMethodResponseAction set_ui_context(
            _In_count_(dwUIContextDataSize) const BYTE  *pUIContextData,
            _In_                                  DWORD dwUIContextDataSize);
@ -171,13 +194,19 @@ namespace eap
        ///
        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
        ///
-        virtual void get_response_attributes(_Inout_ EapAttributes *pAttribs);
+        /// \param[out] pAttribs  A pointer to a structure that contains an array of EAP authentication response attributes for the supplicant.
        ///
        virtual void get_response_attributes(_Out_ EapAttributes *pAttribs);
        ///
        /// Provides an updated array of EAP response attributes to the EAP method.
        ///
        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
        ///
        /// \param[in] pAttribs  A pointer to a structure that contains an array of new EAP authentication response attributes to set for the supplicant on EAPHost.
        ///
        /// \returns Action peer wants EapHost to do next.
        ///
        virtual EapPeerMethodResponseAction set_response_attributes(_In_ const EapAttributes *pAttribs);
        /// @}
@ -187,6 +216,11 @@ namespace eap
    };
    ///
    /// Tunnel method base class
    ///
    /// This is a base class for all the methods that encapsulate inner methods to provide stacking framework.
    ///
    class method_tunnel : public method
    {
        WINSTD_NONCOPYABLE(method_tunnel)
@ -216,77 +250,43 @@ namespace eap
        ///
        method_tunnel& operator=(_Inout_ method_tunnel &&other);
-        /// \name Packet processing
+        /// \name Session management
        /// @{
        ///
        /// Starts an EAP authentication session on the peer EapHost using the EAP method.
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        virtual void begin_session(
            _In_        DWORD         dwFlags,
            _In_  const EapAttributes *pAttributeArray,
            _In_        HANDLE        hTokenImpersonateUser,
            _In_opt_    DWORD         dwMaxSendPacketSize = MAXDWORD);
        ///
        /// Ends an EAP authentication session for the EAP method.
        ///
        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
        ///
        virtual void end_session();
-        ///
+        /// @}
-        /// Processes a packet received by EapHost from a supplicant.
+
-        ///
+        /// \name Packet processing
-        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        /// @{
-        ///
+
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD);
-        ///
+        /// @}
-        /// Obtains the result of an authentication session from the EAP method.
+
        ///
        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
        ///
        virtual void get_result(
            _In_  EapPeerMethodResultReason reason,
-            _Inout_ EapPeerMethodResult       *pResult);
+            _Out_ EapPeerMethodResult       *pResult);
        /// @}
        /// \name User Interaction
        /// @{
        ///
        /// Obtains the user interface context from the EAP method.
        ///
        /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
        ///
        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
        ///
        virtual void get_ui_context(
-            _Inout_ BYTE  **ppUIContextData,
+            _Out_ BYTE  **ppUIContextData,
-            _Inout_ DWORD *pdwUIContextDataSize);
+            _Out_ DWORD *pdwUIContextDataSize);
        ///
        /// Provides a user interface context to the EAP method.
        ///
        /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
        ///
        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
        ///
        virtual EapPeerMethodResponseAction set_ui_context(
            _In_count_(dwUIContextDataSize) const BYTE  *pUIContextData,
            _In_                                  DWORD dwUIContextDataSize);
@ -296,18 +296,8 @@ namespace eap
        /// \name EAP Response Attributes
        /// @{
-        ///
+        virtual void get_response_attributes(_Out_ EapAttributes *pAttribs);
        /// Obtains an array of EAP response attributes from the EAP method.
        ///
        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
        ///
        virtual void get_response_attributes(_Inout_ EapAttributes *pAttribs);
        ///
        /// Provides an updated array of EAP response attributes to the EAP method.
        ///
        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
        ///
        virtual EapPeerMethodResponseAction set_response_attributes(_In_ const EapAttributes *pAttribs);
        /// @}
@ -317,6 +307,11 @@ namespace eap
    };
    ///
    /// EAP tunnel method
    ///
    /// This method encapsulates inner data in EAP packets.
    ///
    class method_eap : public method_tunnel
    {
        WINSTD_NONCOPYABLE(method_eap)
@ -350,26 +345,20 @@ namespace eap
        /// \name Packet processing
        /// @{
        ///
        /// Processes a packet received by EapHost from a supplicant.
        ///
        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
        ///
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD);
        /// @}
    protected:
        const winstd::eap_type_t m_eap_method;  ///< EAP method type
        unsigned char m_id;                     ///< Request packet ID
    };
    /// @}
 }
--- a/lib/EAPBase/include/Module.h
+++ b/lib/EAPBase/include/Module.h
@ -20,18 +20,7 @@
 namespace eap
 {
    ///
    /// EAP module base class
    ///
    /// Provides basic services to EAP methods.
    ///
    class module;
    ///
    /// EAP peer base class
    ///
    /// A group of methods all EAP peers must or should implement.
    ///
    class peer;
 }
@ -58,6 +47,17 @@ extern "C" {
 namespace eap
 {
    ///
    /// \defgroup EAPBaseModule  Modules
    /// Modules
    ///
    /// @{
    ///
    /// EAP module base class
    ///
    /// Provides basic services to EAP methods.
    ///
    class module
    {
        WINSTD_NONCOPYABLE(module)
@ -109,7 +109,9 @@ namespace eap
        void free_error_memory(_In_ EAP_ERROR *err);
        ///
-        /// Makes a new method config
+        /// Makes a new method configuration
        ///
        /// \returns New method configuration
        ///
        virtual config_method* make_config_method();
@ -134,6 +136,7 @@ namespace eap
        /// Writes EAPMETHOD_TRACE_EVT_FN_CALL and returns auto event writer class
        ///
        /// \param[in] pszFnName  Function name
        /// \param[in] result     Reference to function return variable
        ///
        /// \returns A new auto event writer that writes EAPMETHOD_TRACE_EVT_FN_RETURN_DWORD event on destruction
        ///
@ -228,6 +231,9 @@ namespace eap
        ///
        /// If \c _DEBUG is set the value is masked.
        ///
        /// \param[in] name   Variable name
        /// \param[in] value  Variable value
        ///
        inline void log_config_discrete(_In_z_ LPCWSTR name, _In_z_ LPCWSTR value) const
        {
 #ifdef _DEBUG
@ -242,6 +248,10 @@ namespace eap
        ///
        /// If \c _DEBUG is set the value is masked.
        ///
        /// \param[in] name  Variable name
        /// \param[in] data  Variable data
        /// \param[in] size  \p data size in bytes
        ///
        inline void log_config_discrete(_In_z_ LPCWSTR name, _In_bytecount_(size) const void *data, _In_ ULONG size) const
        {
 #ifdef _DEBUG
@ -254,6 +264,8 @@ namespace eap
        ///
        /// Logs event
        ///
        /// \param[in] EventDescriptor  Event descriptor
        ///
        inline void log_event(_In_ PCEVENT_DESCRIPTOR EventDescriptor, ...) const
        {
            va_list arg;
@ -273,7 +285,6 @@ namespace eap
        /// \param[in ] hProv  Handle of cryptographics provider
        /// \param[in ] data   Pointer to data to encrypt
        /// \param[in ] size   Size of \p data in bytes
        /// \param[out] enc    Encrypted data
        /// \param[out] hHash  Handle of hashing object
        ///
        /// \returns Encrypted data
@ -522,11 +533,6 @@ namespace eap
        /// \param[inout] record        Object to unpack to
        /// \param[in   ] pDataIn       Pointer to encrypted BLOB
        /// \param[in   ] dwDataInSize  Size of \p pDataIn
        /// \param[out  ] ppEapError    Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
        ///
        /// \returns
        /// - \c true if succeeded
        /// - \c false otherwise. See \p ppEapError for details.
        ///
        template<class T>
        void unpack(
@ -615,6 +621,11 @@ namespace eap
    };
    ///
    /// EAP peer base class
    ///
    /// A group of methods all EAP peers must or should implement.
    ///
    class peer : public module
    {
        WINSTD_NONCOPYABLE(peer)
@ -646,23 +657,43 @@ namespace eap
        ///
        /// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx)
        ///
        /// \param[in ] dwFlags                  A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] pConnectionData          Connection data used for the EAP method. If set to \c NULL, the static property of the method, as configured in the registry, is returned.
        /// \param[in ] dwConnectionDataSize     The size, in bytes, of the connection data buffer provided in \p pConnectionData.
        /// \param[in ] pUserData                A pointer to a byte buffer that contains the opaque user data BLOB. This parameter can be \c NULL.
        /// \param[in ] dwUserDataSize           The size, in bytes, of the user data buffer provided in \p pUserData.
        /// \param[out] ppUserDataOut            A pointer to a pointer to the returned user data. The data is passed to \p EapPeerBeginSession() as input \p pUserData.
        /// \param[out] pdwUserDataOutSize       Specifies the size, in bytes, of the \p ppUserDataOut buffer.
        /// \param[in ] hTokenImpersonateUser    A handle to the user impersonation token to use in this session.
        /// \param[out] pfInvokeUI               Returns \c TRUE if the user identity and user data blob aren't returned successfully, and the method seeks to collect the information from the user through the user interface dialog.
        /// \param[out] ppwszIdentity            A pointer to the returned user identity. The pointer will be included in the identity response packet and returned to the server.
        ///
        virtual void get_identity(
            _In_                                   DWORD  dwFlags,
            _In_count_(dwConnectionDataSize) const BYTE   *pConnectionData,
            _In_                                   DWORD  dwConnectionDataSize,
            _In_count_(dwUserDataSize)       const BYTE   *pUserData,
            _In_                                   DWORD  dwUserDataSize,
-            _Inout_                                BYTE   **ppUserDataOut,
+            _Out_                                  BYTE   **ppUserDataOut,
-            _Inout_                                DWORD  *pdwUserDataOutSize,
+            _Out_                                  DWORD  *pdwUserDataOutSize,
            _In_                                   HANDLE hTokenImpersonateUser,
-            _Inout_                                BOOL   *pfInvokeUI,
+            _Out_                                  BOOL   *pfInvokeUI,
-            _Inout_                                WCHAR  **ppwszIdentity) = 0;
+            _Out_                                  WCHAR  **ppwszIdentity) = 0;
        ///
        /// Defines the implementation of an EAP method-specific function that retrieves the properties of an EAP method given the connection and user data.
        ///
        /// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx)
        ///
        /// \param[in ] dwVersion                The version number of the API.
        /// \param[in ] dwFlags                  A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] hUserImpersonationToken  A handle to the user impersonation token to use in this session.
        /// \param[in ] pConnectionData          Connection data used for the EAP method. If set to \c NULL, the static property of the method, as configured in the registry, is returned.
        /// \param[in ] dwConnectionDataSize     The size, in bytes, of the connection data buffer provided in \p pConnectionData.
        /// \param[in ] pUserData                A pointer to a byte buffer that contains the opaque user data BLOB. This parameter can be \c NULL.
        /// \param[in ] dwUserDataSize           The size, in bytes, of the user data buffer provided in \p pUserData.
        /// \param[out] pMethodPropertyArray     A pointer to the method properties array. Caller should free the inner pointers using `EapHostPeerFreeMemory()` starting at the innermost pointer. The caller should free an \c empvtString value only when the type is \c empvtString.
        ///
        virtual void get_method_properties(
            _In_                                   DWORD                     dwVersion,
            _In_                                   DWORD                     dwFlags,
@ -671,72 +702,107 @@ namespace eap
            _In_                                   DWORD                     dwConnectionDataSize,
            _In_count_(dwUserDataSize)       const BYTE                      *pUserData,
            _In_                                   DWORD                     dwUserDataSize,
-            _Inout_                                EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray) = 0;
+            _Out_                                  EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray) = 0;
        ///
        /// Converts XML into the configuration BLOB. The XML based credentials can come from group policy or from a system administrator.
        ///
        /// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx)
        ///
        /// \param[in ] dwFlags                A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] pConfigRoot            A pointer to an XML node that contains credentials, which are either user or machine credentials depending on the configuration passed in. The XML document is created with the EapHostUserCredentials Schema.
        /// \param[in ] dwConnectionDataSize   The size of the EAP SSO configuration data pointed to by \p pConnectionData, in bytes.
        /// \param[in ] pConnectionData        A pointer to an opaque byte buffer that contains the EAP SSO configuration data BLOB.
        /// \param[out] ppCredentialsOut       A pointer to the byte buffer that receives the credentials BLOB buffer generated by the input XML. The buffer can is of size \p pdwCredentialsOutSize. After consuming the data, this memory must be freed by calling `EapPeerFreeMemory()`.
        /// \param[out] pdwCredentialsOutSize  The size, in bytes, of the buffer pointed to by \p ppCredentialsOut.
        ///
        virtual void credentials_xml2blob(
            _In_                                   DWORD       dwFlags,
            _In_                                   IXMLDOMNode *pConfigRoot,
            _In_count_(dwConnectionDataSize) const BYTE        *pConnectionData,
            _In_                                   DWORD       dwConnectionDataSize,
-            _Inout_                                BYTE        **ppCredentialsOut,
+            _Out_                                  BYTE        **ppCredentialsOut,
-            _Inout_                                DWORD       *pdwCredentialsOutSize) = 0;
+            _Out_                                  DWORD       *pdwCredentialsOutSize) = 0;
        ///
        /// Defines the implementation of an EAP method-specific function that obtains the EAP Single-Sign-On (SSO) credential input fields for an EAP method.
        ///
        /// \sa [EapPeerQueryCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363622.aspx)
        ///
        /// \param[in ] hUserImpersonationToken     An impersonation token for the user whose credentials are to be requested and obtained.
        /// \param[in ] dwFlags                     A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] dwConnectionDataSize        The size of the EAP SSO configuration data pointed to by \p pConnectionData, in bytes.
        /// \param[in ] pConnectionData             A pointer to an opaque byte buffer that contains the EAP SSO configuration data BLOB.
        /// \param[out] pEapConfigInputFieldsArray  A Pointer to a structure that contains the input fields to display to the supplicant user. The `pwszData` fields in the individual `EAP_CONFIG_INPUT_FIELD_DATA` elements are initialized to \c NULL.
        ///
        virtual void query_credential_input_fields(
            _In_                                   HANDLE                       hUserImpersonationToken,
            _In_                                   DWORD                        dwFlags,
            _In_                                   DWORD                        dwConnectionDataSize,
            _In_count_(dwConnectionDataSize) const BYTE                         *pConnectionData,
-            _Inout_                                EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const;
+            _Out_                                  EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const;
        ///
        /// Defines the implementation of an EAP method function that obtains the user BLOB data provided in an interactive Single-Sign-On (SSO) UI raised on the supplicant.
        ///
        /// \sa [EapPeerQueryUserBlobFromCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204697.aspx)
        ///
        /// \param[in ] hUserImpersonationToken    An impersonation token for the user whose credentials are to be requested and obtained.
        /// \param[in ] dwFlags                    A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] dwConnectionDataSize       The size of the EAP SSO configuration data pointed to by \p pConnectionData, in bytes.
        /// \param[in ] pConnectionData            A pointer to an opaque byte buffer that contains the EAP SSO configuration data BLOB.
        /// \param[in ] pEapConfigInputFieldArray  A pointer to a structure that contains the input fields to display to the supplicant user. The `pwszData` fields in the individual `EAP_CONFIG_INPUT_FIELD_DATA` elements are initialized to \c NULL.
        /// \param[out] pdwUsersBlobSize           A pointer to a buffer that contains the size, in bytes, of the opaque user configuration data BLOB in \p ppUserBlob.
        /// \param[out] ppUserBlob                 A pointer that contains the opaque user data BLOB.
        ///
        virtual void query_user_blob_from_credential_input_fields(
            _In_                                   HANDLE                       hUserImpersonationToken,
            _In_                                   DWORD                        dwFlags,
            _In_                                   DWORD                        dwConnectionDataSize,
            _In_count_(dwConnectionDataSize) const BYTE                         *pConnectionData,
            _In_                             const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
-            _Inout_                                DWORD                        *pdwUsersBlobSize,
+            _Out_                                  DWORD                        *pdwUsersBlobSize,
-            _Inout_                                BYTE                         **ppUserBlob) const;
+            _Out_                                  BYTE                         **ppUserBlob) const;
        ///
        /// Defines the implementation of an EAP method API that provides the input fields for interactive UI components to be raised on the supplicant.
        ///
        /// \sa [EapPeerQueryInteractiveUIInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204695.aspx)
        ///
        /// \param[in ] dwVersion              The version number of the API.
        /// \param[in ] dwFlags                A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] dwUIContextDataSize    The size of the context data in \p pUIContextData, in bytes.
        /// \param[in ] pUIContextData         A pointer to a BLOB that contains UI context data, represented as inner pointers to field data. The supplicant obtained these inner pointers from EAPHost run-time APIs.
        /// \param[out] pEapInteractiveUIData  Pointer that receives a structure that contains configuration information for interactive UI components raised on an EAP supplicant.
        ///
        virtual void query_interactive_ui_input_fields(
            _In_                                  DWORD                   dwVersion,
            _In_                                  DWORD                   dwFlags,
            _In_                                  DWORD                   dwUIContextDataSize,
            _In_count_(dwUIContextDataSize) const BYTE                    *pUIContextData,
-            _Inout_                               EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const;
+            _Out_                                 EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const;
        ///
        /// Converts user information into a user BLOB that can be consumed by EapHost run-time functions.
        ///
        /// \sa [EapPeerQueryUIBlobFromInteractiveUIInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204696.aspx)
        ///
        /// \param[in ] dwVersion                     The version number of the API.
        /// \param[in ] dwFlags                       A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] dwUIContextDataSize           The size of the context data in \p pUIContextData, in bytes.
        /// \param[in ] pUIContextData                A pointer to a BLOB that contains UI context data, represented as inner pointers to field data. The supplicant obtained these inner pointers from EAPHost run-time APIs.
        /// \param[in ] pEapInteractiveUIData         Pointer with a structure that contains configuration information for interactive user interface components raised on an EAP supplicant.
        /// \param[out] pdwDataFromInteractiveUISize  A pointer to a `DWORD` that specifies the size of the buffer pointed to by the \p ppDataFromInteractiveUI parameter, in bytes. If this value is not set to \c 0, then a pointer to a buffer of the size specified in this parameter must be supplied in the \p ppDataFromInteractiveUI parameter.
        /// \param[out] ppDataFromInteractiveUI       A pointer that receives a credentials BLOB that can be used in authentication. The caller should free the inner pointers using the function \p EapPeerFreeMemory(), starting at the innermost pointer. If a non-NULL value is supplied for this parameter, meaning that an existing data BLOB is passed to it, the supplied data BLOB will be updated and returned in this parameter.
        ///
        virtual void query_ui_blob_from_interactive_ui_input_fields(
            _In_                                  DWORD                   dwVersion,
            _In_                                  DWORD                   dwFlags,
            _In_                                  DWORD                   dwUIContextDataSize,
            _In_count_(dwUIContextDataSize) const BYTE                    *pUIContextData,
            _In_                            const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
-            _Inout_                               DWORD                   *pdwDataFromInteractiveUISize,
+            _Out_                                 DWORD                   *pdwDataFromInteractiveUISize,
-            _Inout_                               BYTE                    **ppDataFromInteractiveUI) const;
+            _Out_                                 BYTE                    **ppDataFromInteractiveUI) const;
        /// \name Session management
        /// @{
@ -746,6 +812,15 @@ namespace eap
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        /// \param[in] dwFlags                A combination of EAP flags that describe the new EAP authentication session behavior.
        /// \param[in] pAttributeArray        A pointer to an array structure that specifies the EAP attributes of the entity to authenticate.
        /// \param[in] hTokenImpersonateUser  Specifies a handle to the user impersonation token to use in this session.
        /// \param[in] pConnectionData        Connection data specific to this method used to decide the user data returned from this API, where the user data depends on certain connection data configuration. When this parameter is NULL the method implementation should use default values for connection.
        /// \param[in] dwConnectionDataSize   Specifies the size, in bytes, of the connection data buffer provided in \p pConnectionData.
        /// \param[in] pUserData              A pointer to a byte buffer that contains the opaque user data BLOB.
        /// \param[in] dwUserDataSize         Specifies the size in bytes of the user data buffer provided in \p pUserData.
        /// \param[in] dwMaxSendPacketSize    Specifies the maximum size in bytes of an EAP packet sent during the session. If the method needs to send a packet larger than the maximum size, the method must accommodate fragmentation and reassembly.
        ///
        /// \returns Session handle
        ///
        virtual EAP_SESSION_HANDLE begin_session(
@ -763,13 +838,25 @@ namespace eap
        ///
        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
        ///
        /// \param[in] hSession  A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
        ///
        virtual void end_session(_In_ EAP_SESSION_HANDLE hSession) = 0;
        /// @}
        /// \name Packet processing
        /// @{
        ///
        /// Processes a packet received by EapHost from a supplicant.
        ///
        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
        ///
        /// \param[in] hSession              A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
        /// \param[in] pReceivedPacket       Received packet data
        /// \param[in] dwReceivedPacketSize  \p pReceivedPacket size in bytes
        /// \param[in] pEapOutput            A pointer to a structure that contains the output of the packet process operation.
        ///
        virtual void process_request_packet(
            _In_                                       EAP_SESSION_HANDLE  hSession,
            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
@ -781,20 +868,33 @@ namespace eap
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        /// \param[in   ] hSession           A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
        /// \param[inout] pSendPacket        A pointer to a structure that contains the response packet.
        /// \param[inout] pdwSendPacketSize  A pointer to a value that contains the size in bytes of the buffer allocated for the response packet. On return, this parameter receives a pointer to the actual size in bytes of \p pSendPacket.
        ///
        virtual void get_response_packet(
            _In_                               EAP_SESSION_HANDLE hSession,
            _Inout_bytecap_(*dwSendPacketSize) EapPacket          *pSendPacket,
            _Inout_                            DWORD              *pdwSendPacketSize) = 0;
        /// @}
        ///
        /// Obtains the result of an authentication session from the EAP method.
        ///
        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
        ///
        /// \param[in ] hSession  A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
        /// \param[in ] reason    The reason code for the authentication result returned in \p pResult.
        /// \param[out] pResult   A pointer to a structure that contains the authentication results.
        ///
        virtual void get_result(
            _In_  EAP_SESSION_HANDLE        hSession,
            _In_  EapPeerMethodResultReason reason,
-            _Inout_ EapPeerMethodResult       *pResult) = 0;
+            _Out_ EapPeerMethodResult       *pResult) = 0;
        /// \name User Interaction
        /// @{
        ///
        /// Obtains the user interface context from the EAP method.
@ -803,10 +903,14 @@ namespace eap
        ///
        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
        ///
        /// \param[in ] hSession              A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
        /// \param[out] ppUIContextData       A pointer to an address that contains a byte buffer with the supplicant user interface context data from EAPHost.
        /// \param[out] pdwUIContextDataSize  A pointer to a value that specifies the size of the user interface context data byte buffer returned in \p ppUIContextData.
        ///
        virtual void get_ui_context(
            _In_  EAP_SESSION_HANDLE hSession,
-            _Inout_ BYTE               **ppUIContextData,
+            _Out_ BYTE               **ppUIContextData,
-            _Inout_ DWORD              *pdwUIContextDataSize) = 0;
+            _Out_ DWORD              *pdwUIContextDataSize) = 0;
        ///
        /// Provides a user interface context to the EAP method.
@ -815,26 +919,43 @@ namespace eap
        ///
        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
        ///
        /// \param[in] hSession             A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
        /// \param[in] pUIContextData       A pointer to an address that contains a byte buffer with the new supplicant UI context data to set on EAPHost.
        /// \param[in] dwUIContextDataSize  \p pUIContextData size in bytes
        /// \param[in] pEapOutput           A pointer to a structure that contains the output of the packet process operation.
        ///
        virtual void set_ui_context(
            _In_                                  EAP_SESSION_HANDLE  hSession,
            _In_count_(dwUIContextDataSize) const BYTE                *pUIContextData,
            _In_                                  DWORD               dwUIContextDataSize,
            _Out_                                 EapPeerMethodOutput *pEapOutput) = 0;
        /// @}
        /// \name EAP Response Attributes
        /// @{
        ///
        /// Obtains an array of EAP response attributes from the EAP method.
        ///
        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
        ///
        /// \param[in ] hSession  A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
        /// \param[out] pAttribs  A pointer to a structure that contains an array of EAP authentication response attributes for the supplicant.
        ///
        virtual void get_response_attributes(
            _In_  EAP_SESSION_HANDLE hSession,
-            _Inout_ EapAttributes      *pAttribs) = 0;
+            _Out_ EapAttributes      *pAttribs) = 0;
        ///
        /// Provides an updated array of EAP response attributes to the EAP method.
        ///
        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
        ///
        /// \param[in] hSession    A unique handle for this EAP authentication session on the EAPHost server. This handle is returned in the \p pSessionHandle parameter in a previous call to `EapPeerBeginSession()`.
        /// \param[in] pAttribs    A pointer to a structure that contains an array of new EAP authentication response attributes to set for the supplicant on EAPHost.
        /// \param[in] pEapOutput  A pointer to a structure that contains the output of the packet process operation.
        ///
        virtual void set_response_attributes(
            _In_       EAP_SESSION_HANDLE  hSession,
            _In_ const EapAttributes       *pAttribs,
@ -842,4 +963,6 @@ namespace eap
        /// @}
    };
    /// @}
 }
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@ -469,6 +469,7 @@ eap::credentials::source_t eap::credentials_pass::combine(
 }
 /// \cond internal
 const unsigned char eap::credentials_pass::s_entropy[1024] = {
    0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
    0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,
@ -535,6 +536,7 @@ const unsigned char eap::credentials_pass::s_entropy[1024] = {
    0x30, 0x29, 0x39, 0x9a, 0xd6, 0xab, 0x2e, 0xc6, 0x42, 0x47, 0x5e, 0x54, 0xbb, 0x90, 0xe6, 0x98,
    0xe6, 0x52, 0x58, 0x58, 0x1e, 0xd0, 0x00, 0x9c, 0x8f, 0x4a, 0x17, 0x7e, 0x8a, 0x5a, 0xef, 0x3e,
 };
 /// \endcond
 //////////////////////////////////////////////////////////////////////
--- a/lib/EAPBase/src/EAP.cpp
+++ b/lib/EAPBase/src/EAP.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
--- a/lib/EAPBase/src/Method.cpp
+++ b/lib/EAPBase/src/Method.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
@ -78,8 +78,8 @@ void eap::method::get_result(
 void eap::method::get_ui_context(
-    _Inout_ BYTE  **ppUIContextData,
+    _Out_ BYTE  **ppUIContextData,
-    _Inout_ DWORD *pdwUIContextDataSize)
+    _Out_ DWORD *pdwUIContextDataSize)
 {
    assert(ppUIContextData);
    assert(pdwUIContextDataSize);
@ -200,8 +200,8 @@ void eap::method_tunnel::get_result(
 void eap::method_tunnel::get_ui_context(
-    _Inout_ BYTE  **ppUIContextData,
+    _Out_ BYTE  **ppUIContextData,
-    _Inout_ DWORD *pdwUIContextDataSize)
+    _Out_ DWORD *pdwUIContextDataSize)
 {
    assert(m_inner);
    m_inner->get_ui_context(ppUIContextData, pdwUIContextDataSize);
@ -235,7 +235,7 @@ EapPeerMethodResponseAction eap::method_tunnel::set_response_attributes(_In_ con
 // eap::method_eap
 //////////////////////////////////////////////////////////////////////
-eap::method_eap::method_eap(_In_ module &mod, _In_ eap_type_t eap_method, _In_ method *inner) :
+eap::method_eap::method_eap(_In_ module &mod, _In_ winstd::eap_type_t eap_method, _In_ method *inner) :
    m_eap_method(eap_method),
    m_id(0),
    method_tunnel(mod, inner)
--- a/lib/EAPBase/src/Module.cpp
+++ b/lib/EAPBase/src/Module.cpp
@ -270,7 +270,7 @@ void eap::peer::query_credential_input_fields(
    _In_                                   DWORD                        dwFlags,
    _In_                                   DWORD                        dwConnectionDataSize,
    _In_count_(dwConnectionDataSize) const BYTE                         *pConnectionData,
-    _Inout_                                EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const
+    _Out_                                  EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const
 {
    UNREFERENCED_PARAMETER(hUserImpersonationToken);
    UNREFERENCED_PARAMETER(dwFlags);
@ -288,8 +288,8 @@ void eap::peer::query_user_blob_from_credential_input_fields(
    _In_                                   DWORD                        dwConnectionDataSize,
    _In_count_(dwConnectionDataSize) const BYTE                         *pConnectionData,
    _In_                             const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
-    _Inout_                                DWORD                        *pdwUsersBlobSize,
+    _Out_                                  DWORD                        *pdwUsersBlobSize,
-    _Inout_                                BYTE                         **ppUserBlob) const
+    _Out_                                  BYTE                         **ppUserBlob) const
 {
    UNREFERENCED_PARAMETER(hUserImpersonationToken);
    UNREFERENCED_PARAMETER(dwFlags);
@ -308,7 +308,7 @@ void eap::peer::query_interactive_ui_input_fields(
    _In_                                  DWORD                   dwFlags,
    _In_                                  DWORD                   dwUIContextDataSize,
    _In_count_(dwUIContextDataSize) const BYTE                    *pUIContextData,
-    _Inout_                               EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const
+    _Out_                                 EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const
 {
    UNREFERENCED_PARAMETER(dwVersion);
    UNREFERENCED_PARAMETER(dwFlags);
@ -326,8 +326,8 @@ void eap::peer::query_ui_blob_from_interactive_ui_input_fields(
    _In_                                  DWORD                   dwUIContextDataSize,
    _In_count_(dwUIContextDataSize) const BYTE                    *pUIContextData,
    _In_                            const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
-    _Inout_                               DWORD                   *pdwDataFromInteractiveUISize,
+    _Out_                                 DWORD                   *pdwDataFromInteractiveUISize,
-    _Inout_                               BYTE                    **ppDataFromInteractiveUI) const
+    _Out_                                 BYTE                    **ppDataFromInteractiveUI) const
 {
    UNREFERENCED_PARAMETER(dwVersion);
    UNREFERENCED_PARAMETER(dwFlags);
--- a/lib/EAPBase_UI/include/EAP_UI.h
+++ b/lib/EAPBase_UI/include/EAP_UI.h
@ -27,94 +27,72 @@
 #include <Windows.h>
 ///
 /// Reusable EAP dialog banner for `wxEAPConfigDialog` and `wxEAPCredentialsDialog`
 ///
 class wxEAPBannerPanel;
 ///
 /// EAP top-most configuration dialog template
 ///
 template <class _wxT> class wxEAPConfigDialog;
 ///
 /// EAP general-use dialog
 ///
 class wxEAPGeneralDialog;
 ///
 /// EAP method credential dialog
 ///
 class wxEAPCredentialsDialog;
 ///
 /// EAP general note
 ///
 class wxEAPNotePanel;
 ///
 /// EAP provider-locked congifuration note
 ///
 class wxEAPProviderLockedPanel;
 ///
 /// EAP credential warning note
 ///
 class wxEAPCredentialWarningPanel;
 ///
 /// EAP Configuration window
 ///
 class wxEAPConfigWindow;
 ///
 /// EAP provider contact info config panel
 ///
 class wxEAPProviderContactInfoPanel;
 ///
 /// EAP provider identity config panel
 ///
 class wxEAPProviderIDPanel;
 ///
 /// EAP provider configuration dialog
 ///
 class wxEAPConfigProvider;
 ///
 /// Base template for credential configuration panel
 ///
 template <class _Tcred, class _wxT> class wxEAPCredentialsConfigPanel;
 ///
 /// Helper template for all credential entry panels
 ///
 template <class _Tcred, class _Tbase> class wxEAPCredentialsPanel;
 ///
 /// Generic password credential entry panel
 ///
 template <class _Tcred, class _Tbase> class wxPasswordCredentialsPanel;
 ///
 /// EAP provider select dialog
 ///
 class wxEAPProviderSelectDialog;
 ///
 /// \defgroup EAPBaseGUI  GUI
 /// Graphical User Interface
 ///
 /// @{
 ///
 /// Loads icon from resource
 ///
 /// When icon of desired \p cx × \p cy dimensions is not found, the most appropriate variant (larger if available) is loaded and scaled to \p cx × \p cy.
 ///
 /// \sa [LoadIconWithScaleDown function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb775703.aspx)
 ///
 /// \param[in] hinst    Resource module instance handle
 /// \param[in] pszName  Resource name (`MAKEINTRESOURCE()` macro can be used for numerical resources)
 /// \param[in] cx       Desired width of the icon
 /// \param[in] cy       Desired height of the icon
 ///
 /// \returns
 /// - Loaded icon when successful;
 /// - \c wxNullIcon otherwise.
 ///
 inline wxIcon wxLoadIconFromResource(HINSTANCE hinst, PCWSTR pszName, int cx = GetSystemMetrics(SM_CXICON), int cy = GetSystemMetrics(SM_CYICON));
 ///
 /// Loads icon from resource
 ///
 /// When icon of desired \p size dimensions is not found, the most appropriate variant (larger if available) is loaded and scaled to \p size.
 ///
 /// \sa [LoadIconWithScaleDown function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb775703.aspx)
 ///
 /// \param[in] hinst    Resource module instance handle
 /// \param[in] pszName  Resource name (`MAKEINTRESOURCE()` macro can be used for numerical resources)
 /// \param[in] size     Desired width and height of the icon
 ///
 /// \returns
 /// - Loaded icon when successful;
 /// - \c wxNullIcon otherwise.
 ///
 inline wxIcon wxLoadIconFromResource(HINSTANCE hinst, PCWSTR pszName, const wxSize &size);
 ///
 /// Returns GUI displayable provider name
 ///
 /// \param[in] id  Provider name
 ///
 /// \returns
 /// - \p id when \p id is not blank;
 /// - localized "<Your Organization>" otherwise.
 ///
 inline wxString wxEAPGetProviderName(const std::wstring &id);
 ///
@ -122,12 +100,10 @@ inline wxString wxEAPGetProviderName(const std::wstring &id);
 ///
 inline void wxInitializeConfig();
 /// @}
 namespace eap
 {
    ///
    /// Base class to prevent multiple instances of the same dialog
    ///
    class monitor_ui;
 }
@ -151,13 +127,20 @@ namespace eap
 #include <list>
 #include <memory>
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// Reusable EAP dialog banner for `wxEAPConfigDialog` and `wxEAPCredentialsDialog`
 ///
 class wxEAPBannerPanel : public wxEAPBannerPanelBase
 {
 public:
    ///
    /// Constructs a banner pannel and set the title text to product name
    ///
    /// \param[in] parent  Parent window
    ///
    wxEAPBannerPanel(wxWindow* parent);
 protected:
@ -167,6 +150,9 @@ protected:
 };
 ///
 /// EAP top-most configuration dialog template
 ///
 template <class _wxT>
 class wxEAPConfigDialog : public wxEAPConfigDialogBase
 {
@ -326,12 +312,22 @@ protected:
 };
 ///
 /// EAP general-use dialog
 ///
 class wxEAPGeneralDialog : public wxEAPGeneralDialogBase
 {
 public:
    ///
    /// Constructs a dialog
    ///
    /// \param[in] parent  Parent window
    /// \param[in] id      An identifier for the dialog. A value of \c wxID_ANY is taken to mean a default.
    /// \param[in] title   The title of the dialog
    /// \param[in] pos     The dialog position. The value \c wxDefaultPosition indicates a default position, chosen by either the windowing system or wxWidgets, depending on platform.
    /// \param[in] size    The dialog size. The value \c wxDefaultSize indicates a default size, chosen by either the windowing system or wxWidgets, depending on platform.
    /// \param[in] style   The window style.
    ///
    wxEAPGeneralDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = wxEmptyString, const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
    ///
@ -351,6 +347,9 @@ protected:
 };
 ///
 /// EAP method credential dialog
 ///
 class wxEAPCredentialsDialog : public wxEAPGeneralDialog
 {
 public:
@ -361,6 +360,9 @@ public:
 };
 ///
 /// EAP provider select dialog
 ///
 class wxEAPProviderSelectDialog : public wxEAPProviderSelectDialogBase
 {
 public:
@ -390,6 +392,9 @@ protected:
 };
 ///
 /// EAP general note
 ///
 class wxEAPNotePanel : public wxEAPNotePanelBase
 {
 public:
@ -439,6 +444,9 @@ protected:
 };
 ///
 /// EAP provider-locked congifuration note
 ///
 class wxEAPProviderLockedPanel : public wxEAPNotePanel
 {
 public:
@ -449,6 +457,9 @@ public:
 };
 ///
 /// EAP credential warning note
 ///
 class wxEAPCredentialWarningPanel : public wxEAPNotePanel
 {
 public:
@ -459,6 +470,9 @@ public:
 };
 ///
 /// EAP Configuration window
 ///
 class wxEAPConfigWindow : public wxScrolledWindow
 {
 public:
@ -504,6 +518,9 @@ protected:
 };
 ///
 /// EAP provider contact info config panel
 ///
 class wxEAPProviderContactInfoPanel : public wxEAPProviderContactInfoPanelBase
 {
 public:
@ -528,6 +545,9 @@ protected:
 };
 ///
 /// EAP provider identity config panel
 ///
 class wxEAPProviderIDPanel : public wxEAPProviderIDPanelBase
 {
 public:
@ -550,6 +570,9 @@ protected:
 };
 ///
 /// EAP provider lock config panel
 ///
 class wxEAPProviderLockPanel : public wxEAPProviderLockPanelBase
 {
 public:
@ -572,6 +595,9 @@ protected:
 };
 ///
 /// EAP provider configuration dialog
 ///
 class wxEAPConfigProvider : public wxEAPGeneralDialog
 {
 public:
@ -580,6 +606,11 @@ public:
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    /// \param[in]    id      An identifier for the dialog. A value of \c wxID_ANY is taken to mean a default.
    /// \param[in]    title   The title of the dialog
    /// \param[in]    pos     The dialog position. The value \c wxDefaultPosition indicates a default position, chosen by either the windowing system or wxWidgets, depending on platform.
    /// \param[in]    size    The dialog size. The value \c wxDefaultSize indicates a default size, chosen by either the windowing system or wxWidgets, depending on platform.
    /// \param[in]    style   The window style.
    ///
    wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("Provider Settings"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
@ -591,6 +622,9 @@ protected:
 };
 ///
 /// Base template for credential configuration panel
 ///
 template <class _Tcred, class _wxT>
 class wxEAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanelBase
 {
@ -601,6 +635,7 @@ public:
    /// \param[in]    prov    Provider configuration data
    /// \param[inout] cfg     Configuration data
    /// \param[in]    parent  Parent window
    /// \param[in]    method  Method name to display
    ///
    wxEAPCredentialsConfigPanel(const eap::config_provider &prov, eap::config_method_with_cred &cfg, wxWindow *parent, const wxString &method = wxEmptyString) :
        m_prov(prov),
@ -833,6 +868,9 @@ private:
 };
 ///
 /// Helper template for all credential entry panels
 ///
 template <class _Tcred, class _Tbase>
 class wxEAPCredentialsPanel : public _Tbase
 {
@ -891,6 +929,9 @@ protected:
 };
 ///
 /// Generic password credential entry panel
 ///
 template <class _Tcred, class _Tbase>
 class wxPasswordCredentialsPanel : public wxEAPCredentialsPanel<_Tcred, _Tbase>
 {
@ -980,6 +1021,8 @@ private:
    bool m_password_set;
 };
 /// @}
 inline wxIcon wxLoadIconFromResource(HINSTANCE hinst, PCWSTR pszName, int cx, int cy)
 {
@ -1021,6 +1064,12 @@ inline void wxInitializeConfig()
 namespace eap
 {
    /// \addtogroup EAPBaseGUI
    /// @{
    ///
    /// Base class to enable single instance of the same dialog (master) return result to multiple threads (slaves)
    ///
    class monitor_ui
    {
    public:
@ -1100,4 +1149,6 @@ namespace eap
        static const UINT s_msg_attach;     ///< Slave sends this message to attach to master
        static const UINT s_msg_finish;     ///< Master sends this message to slaves to notify them it has finished (wparam has size, lparam has data)
    };
    /// @}
 }
--- a/lib/EAPBase_UI/include/Module.h
+++ b/lib/EAPBase_UI/include/Module.h
@ -20,11 +20,6 @@
 namespace eap
 {
    ///
    /// EAP UI peer base abstract class
    ///
    /// A group of methods all EAP UI peers must or should implement.
    ///
    class peer_ui;
 }
@ -35,6 +30,14 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseModule
    /// @{
    ///
    /// EAP UI peer base abstract class
    ///
    /// A group of methods all EAP UI peers must or should implement.
    ///
    class peer_ui : public module
    {
    public:
@ -50,11 +53,16 @@ namespace eap
        ///
        /// \sa [EapPeerConfigXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363602.aspx)
        ///
        /// \param[in ] dwFlags                   A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] pConfigRoot               Pointer to the XML configuration to be converted.
        /// \param[out] pConnectionDataOut        A pointer to a pointer to a byte buffer that contains the configuration data converted from XML. The configuration data is created inside the EapHostConfig Schema element. The buffer is of size \p pdwConnectionDataOutSize. After consuming the data, this memory must be freed by calling \p EapPeerFreeMemory().
        /// \param[out] pdwConnectionDataOutSize  A pointer to the size, in bytes, of the configuration BLOB in \p pConnectionDataOut.
        ///
        virtual void config_xml2blob(
            _In_  DWORD       dwFlags,
            _In_  IXMLDOMNode *pConfigRoot,
-            _Inout_ BYTE        **pConnectionDataOut,
+            _Out_ BYTE        **pConnectionDataOut,
-            _Inout_ DWORD       *pdwConnectionDataOutSize) = 0;
+            _Out_ DWORD       *pdwConnectionDataOutSize) = 0;
        ///
        /// Converts the configuration BLOB to XML.
@ -63,6 +71,12 @@ namespace eap
        ///
        /// \sa [EapPeerConfigBlob2Xml function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363601.aspx)
        ///
        /// \param[in] dwFlags               A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in] pConnectionData       A pointer to a buffer that contains the configuration BLOB to convert. The buffer is of size \p dwConnectionDataSize.
        /// \param[in] dwConnectionDataSize  The size, in bytes, of the configuration BLOB in \p pConnectionData.
        /// \param[in] pDoc                  A pointer to a pointer to an XML document that contains the converted configuration. If the EAP method does not support the \p EapPeerConfigBlob2Xml() function, the XML document will contain the \p ConfigBlob node with the BLOB in string form. The EAP method should create configuration inside the EapHostConfig Schema configuration element.
        /// \param[in] pConfigRoot           Configuration root XML node
        ///
        virtual void config_blob2xml(
            _In_                                   DWORD           dwFlags,
            _In_count_(dwConnectionDataSize) const BYTE            *pConnectionData,
@ -75,18 +89,34 @@ namespace eap
        ///
        /// \sa [EapPeerInvokeConfigUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363614.aspx)
        ///
        /// \param[in ] hwndParent                A handle to the parent window which will spawn the connection configuration user interface dialog.
        /// \param[in ] pConnectionDataIn         A pointer to a buffer that contains the configuration BLOB to convert. The buffer is of size \p dwConnectionDataInSize.
        /// \param[in ] dwConnectionDataInSize    The size, in bytes, of the configuration BLOB in \p pConnectionDataIn.
        /// \param[out] ppConnectionDataOut       Receives a pointer to a pointer that contains a byte buffer with the user-configured connection data.
        /// \param[out] pdwConnectionDataOutSize  Receives a pointer to the size, in bytes, of the \p ppConnectionDataOut parameter.
        ///
        virtual void invoke_config_ui(
            _In_                                     HWND  hwndParent,
            _In_count_(dwConnectionDataInSize) const BYTE  *pConnectionDataIn,
            _In_                                     DWORD dwConnectionDataInSize,
-            _Inout_                                  BYTE  **ppConnectionDataOut,
+            _Out_                                    BYTE  **ppConnectionDataOut,
-            _Inout_                                  DWORD *pdwConnectionDataOutSize) = 0;
+            _Out_                                    DWORD *pdwConnectionDataOutSize) = 0;
        ///
        /// Raises a custom interactive user interface dialog to obtain user identity information for the EAP method on the client.
        ///
        /// \sa [EapPeerInvokeIdentityUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363615.aspx)
        ///
        /// \param[in ] hwndParent            A handle to the parent window which will spawn the interactive user interface dialog to obtain the identity data. Can be \c NULL.
        /// \param[in ] dwFlags               A combination of EAP flags that describe the EAP authentication session behavior.
        /// \param[in ] pConnectionData       A pointer to a buffer that contains the configuration BLOB to convert. The buffer is of size \p dwConnectionDataSize.
        /// \param[in ] dwConnectionDataSize  The size, in bytes, of the configuration BLOB in \p pConnectionData.
        /// \param[in ] pUserData             A pointer to the user data specific to this authentication used to pre-populate the user data. When this API is called for the first time, or when a new authentication session starts, this parameter is \c NULL. Otherwise, set this parameter to the `pUserData` member of the structure pointed to by the \p pResult parameter received by `EapPeerGetResult()`.
        /// \param[in ] dwUserDataSize        Specifies the size, in bytes, of the user identity data returned in \p pUserData.
        /// \param[out] ppUserDataOut         A pointer to the pointer of the returned user data. The data is passed to `EapPeerBeginSession()` as input \p pUserData.
        /// \param[out] pdwUserDataOutSize    Specifies the size, in bytes, of the \p ppUserDataOut buffer.
        /// \param[out] ppwszIdentity         A pointer to the returned user identity. The pointer will be included in the identity response packet and returned to the server.
        ///
        virtual void invoke_identity_ui(
            _In_                                   HWND   hwndParent,
            _In_                                   DWORD  dwFlags,
@ -94,15 +124,21 @@ namespace eap
            _In_                                   DWORD  dwConnectionDataSize,
            _In_count_(dwUserDataSize)       const BYTE   *pUserData,
            _In_                                   DWORD  dwUserDataSize,
-            _Inout_                                BYTE   **ppUserDataOut,
+            _Out_                                  BYTE   **ppUserDataOut,
-            _Inout_                                DWORD  *pdwUserDataOutSize,
+            _Out_                                  DWORD  *pdwUserDataOutSize,
-            _Inout_                                LPWSTR *ppwszIdentity) = 0;
+            _Out_                                  LPWSTR *ppwszIdentity) = 0;
        ///
        /// Raises a custom interactive user interface dialog for the EAP method on the client.
        ///
        /// \sa [EapPeerInvokeInteractiveUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363616.aspx)
        ///
        /// \param[in ] hwndParent                    A handle to the parent window which will spawn the interactive user interface dialog.
        /// \param[in ] pUIContextData                A pointer to an opaque byte buffer that contains the context data used to create the user interface dialog.
        /// \param[in ] dwUIContextDataSize           The size, in bytes, of the user interface context data specified by \p pUIContextData.
        /// \param[out] ppDataFromInteractiveUI       A pointer to the address of an opaque byte buffer that contains data obtained from the interactive user interface dialog.
        /// \param[out] pdwDataFromInteractiveUISize  A pointer to the size, in bytes, of the data returned in \p ppDataFromInteractiveUI.
        ///
        virtual void invoke_interactive_ui(
            _In_                                  HWND  hwndParent,
            _In_count_(dwUIContextDataSize) const BYTE  *pUIContextData,
@ -110,4 +146,6 @@ namespace eap
            _Inout_                               BYTE  **ppDataFromInteractiveUI,
            _Inout_                               DWORD *pdwDataFromInteractiveUISize) = 0;
    };
    /// @}
 }
--- a/lib/EAPBase_UI/include/wxEAP_UIBase.h
+++ b/lib/EAPBase_UI/include/wxEAP_UIBase.h
@ -1,26 +1,23 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 ///
 /// Base class for all credential entry panel that must provide "Remember" credentials checkbox
 ///
 class wxEAPCredentialsPanelBase;
 #pragma once
@ -28,12 +25,28 @@ class wxEAPCredentialsPanelBase;
 #include <wx/panel.h>
 ///
 /// \defgroup EAPBaseGUI  GUI
 /// Graphical User Interface
 ///
 /// @{
 ///
 /// Base class for all credential entry panel that must provide "Remember" credentials checkbox
 ///
 class wxEAPCredentialsPanelBase : public wxPanel
 {
 public:
    ///
    /// Constructs a wxPanel with "Remember" credentials checkbox
    ///
    /// \param[in] parent  The parent window
    /// \param[in] winid   An identifier for the panel. \c wxID_ANY is taken to mean a default.
    /// \param[in] pos     The panel position. The value \c wxDefaultPosition indicates a default position, chosen by either the windowing system or wxWidgets, depending on platform.
    /// \param[in] size    The panel size. The value \c wxDefaultSize indicates a default size, chosen by either the windowing system or wxWidgets, depending on platform.
    /// \param[in] style   The window style. See `wxPanel`.
    /// \param[in] name    Window name
    ///
    wxEAPCredentialsPanelBase(wxWindow *parent,
            wxWindowID winid = wxID_ANY,
            const wxPoint& pos = wxDefaultPosition,
@ -55,3 +68,5 @@ public:
    ///
    virtual bool GetRemember() const = 0;
 };
 /// @}
--- a/lib/EAPBase_UI/src/EAP_UI.cpp
+++ b/lib/EAPBase_UI/src/EAP_UI.cpp
@ -30,10 +30,12 @@ wxEAPBannerPanel::wxEAPBannerPanel(wxWindow* parent) : wxEAPBannerPanelBase(pare
 }
 /// \cond internal
 bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
 {
    return false;
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
@ -79,6 +81,7 @@ void wxEAPGeneralDialog::AddContent(wxPanel *content)
 }
 /// \cond internal
 void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
 {
    wxEAPGeneralDialogBase::OnInitDialog(event);
@ -86,6 +89,7 @@ void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
    for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext())
        panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event);
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
@ -117,6 +121,8 @@ wxEAPNotePanel::wxEAPNotePanel(wxWindow* parent) :
 }
 /// \cond internal
 bool wxEAPNotePanel::AcceptsFocusFromKeyboard() const
 {
    return m_help_web_value || m_help_email_value || m_help_phone_label;
@ -176,6 +182,8 @@ void wxEAPNotePanel::CreateContactFields(const eap::config_provider &prov)
    }
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderLockedPanel
@ -246,6 +254,7 @@ wxEAPConfigWindow::~wxEAPConfigWindow()
 }
 /// \cond internal
 void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
 {
    // Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
@ -253,6 +262,7 @@ void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
    event.Skip();
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
@ -270,6 +280,8 @@ wxEAPProviderContactInfoPanel::wxEAPProviderContactInfoPanel(eap::config_provide
 }
 /// \cond internal
 bool wxEAPProviderContactInfoPanel::TransferDataToWindow()
 {
    m_provider_name ->SetValue(m_prov.m_name      );
@ -293,6 +305,8 @@ bool wxEAPProviderContactInfoPanel::TransferDataFromWindow()
    return true;
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderIDPanel
@ -309,6 +323,8 @@ wxEAPProviderIDPanel::wxEAPProviderIDPanel(eap::config_provider &prov, wxWindow*
 }
 /// \cond internal
 bool wxEAPProviderIDPanel::TransferDataToWindow()
 {
    m_provider_namespace->SetStringSelection(m_prov.m_namespace);
@ -328,6 +344,8 @@ bool wxEAPProviderIDPanel::TransferDataFromWindow()
    return true;
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderLockPanel
@ -344,6 +362,8 @@ wxEAPProviderLockPanel::wxEAPProviderLockPanel(eap::config_provider &prov, wxWin
 }
 /// \cond internal
 bool wxEAPProviderLockPanel::TransferDataToWindow()
 {
    m_provider_lock->SetValue(m_prov.m_read_only);
@ -361,6 +381,8 @@ bool wxEAPProviderLockPanel::TransferDataFromWindow()
    return true;
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
 // wxEAPConfigProvider
@ -410,6 +432,7 @@ wxEAPProviderSelectDialog::wxEAPProviderSelectDialog(eap::config_connection &cfg
 }
 /// \cond internal
 void wxEAPProviderSelectDialog::OnProvSelect(wxCommandEvent& event)
 {
    // Set selected provider and dismiss dialog.
@ -417,6 +440,7 @@ void wxEAPProviderSelectDialog::OnProvSelect(wxCommandEvent& event)
    this->EndModal(wxID_OK);
    event.Skip();
 }
 /// \endcond
 using namespace std;
@ -544,6 +568,8 @@ void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_
 }
 /// \cond internal
 LRESULT eap::monitor_ui::winproc(
    _In_ UINT   msg,
    _In_ WPARAM wparam,
@ -607,6 +633,8 @@ LRESULT CALLBACK eap::monitor_ui::winproc(
    }
 }
 /// \endcond
 const UINT eap::monitor_ui::s_msg_attach  = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Attach"));
 const UINT eap::monitor_ui::s_msg_finish  = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Finish"));
--- a/lib/EAPBase_UI/src/Module.cpp
+++ b/lib/EAPBase_UI/src/Module.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
--- a/lib/EapHost/include/Config.h
+++ b/lib/EapHost/include/Config.h
@ -22,9 +22,6 @@
 namespace eap
 {
    ///
    /// EapHost peer method configuration
    ///
    class config_method_eaphost;
 }
@ -39,6 +36,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseConfig
    /// @{
    ///
    /// EapHost peer method configuration
    ///
    class config_method_eaphost : public config_method
    {
    public:
@ -82,71 +85,27 @@ namespace eap
        ///
        config_method_eaphost& operator=(_Inout_ config_method_eaphost &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        ///
        /// Returns EAP method type of this configuration
        ///
        virtual winstd::eap_type_t get_method_id() const;
        ///
        /// Returns EAP method type as a string
        ///
        virtual const wchar_t* get_method_str() const;
        ///
-        /// Creates a blank set of credentials suitable for this method
+        /// @copydoc eap::config_method::make_credentials()
        /// \returns This implementation always returns `eap::credentials_eaphost` type of credentials
        ///
        virtual credentials* make_credentials() const;
@ -179,4 +138,6 @@ namespace eap
    public:
        sanitizing_blob m_cfg_blob; ///< Method configuration BLOB
    };
    /// @}
 }
--- a/lib/EapHost/include/Credentials.h
+++ b/lib/EapHost/include/Credentials.h
@ -22,9 +22,6 @@
 namespace eap
 {
    ///
    /// EapHost peer method credentials
    ///
    class credentials_eaphost;
 }
@ -42,6 +39,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseCred
    /// @{
    ///
    /// EapHost peer method credentials
    ///
    class credentials_eaphost : public credentials
    {
    public:
@ -84,110 +87,46 @@ namespace eap
        ///
        credentials_eaphost& operator=(_Inout_ credentials_eaphost &&other);
        ///
        /// Clones credentials
        ///
        /// \returns Pointer to cloned credentials
        ///
        virtual config* clone() const;
        ///
        /// Resets credentials
        ///
        virtual void clear();
        ///
        /// Test credentials if blank
        ///
        /// \returns
        /// - \c true if blank
        /// - \c false otherwise
        ///
        virtual bool empty() const;
-        /// \name XML credentials management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        /// \name Storage
        /// @{
        ///
        /// Save credentials to Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
        virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
        ///
        /// Retrieve credentials from Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
        virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
        ///
-        /// Return target suffix for Windows Credential Manager credential name
+        /// @copydoc eap::credentials::target_suffix()
        /// \returns This implementation always returns `_T("BLOB")`
        ///
        virtual LPCTSTR target_suffix() const;
        /// @}
        ///
        /// Combine credentials in the following order:
        ///
        /// 1. Cached credentials
-        /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
+        /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
        /// 3. Stored credentials
        ///
        /// \param[in] dwFlags                A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
        /// \param[in] hTokenImpersonateUser  Impersonation token for a logged-on user to collect user-related information
-        /// \param[in] cred_cached            Cached credentials (optional, can be \c NULL, must be credentials_eaphost* type)
+        /// \param[in] cred_cached            Cached credentials (optional, can be \c NULL, must be `credentials_eaphost*` type)
-        /// \param[in] cfg                    Method configuration (unused, as must be as config_method_eaphost is not derived from config_method_with_cred)
+        /// \param[in] cfg                    Method configuration (unused, as must be as config_method_eaphost is not derived from `config_method_with_cred`)
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
@ -210,4 +149,6 @@ namespace eap
        static const unsigned char s_entropy[1024];
        /// \endcond
    };
    /// @}
 }
--- a/lib/EapHost/include/Method.h
+++ b/lib/EapHost/include/Method.h
@ -1,30 +1,25 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 namespace eap
 {
    ///
    /// EapHost peer method
    ///
    /// A wrapper class to provide system installed 3rd party EAP methods integration.
    ///
    class method_eaphost;
 }
@ -39,6 +34,14 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseMethod
    /// @{
    ///
    /// EapHost peer method
    ///
    /// A wrapper class to provide system installed 3rd party EAP methods integration.
    ///
    class method_eaphost : public method
    {
        WINSTD_NONCOPYABLE(method_eaphost)
@ -69,77 +72,43 @@ namespace eap
        ///
        method_eaphost& operator=(_Inout_ method_eaphost &&other);
-        /// \name Packet processing
+        /// \name Session management
        /// @{
        ///
        /// Starts an EAP authentication session on the peer EapHost using the EAP method.
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        virtual void begin_session(
            _In_        DWORD         dwFlags,
            _In_  const EapAttributes *pAttributeArray,
            _In_        HANDLE        hTokenImpersonateUser,
            _In_opt_    DWORD         dwMaxSendPacketSize = MAXDWORD);
        ///
        /// Ends an EAP authentication session for the EAP method.
        ///
        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
        ///
        virtual void end_session();
-        ///
+        /// @}
-        /// Processes a packet received by EapHost from a supplicant.
+
-        ///
+        /// \name Packet processing
-        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        /// @{
-        ///
+
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD);
-        ///
+        /// @}
-        /// Obtains the result of an authentication session from the EAP method.
+
        ///
        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
        ///
        virtual void get_result(
            _In_   EapPeerMethodResultReason reason,
-            _Inout_ EapPeerMethodResult       *pResult);
+            _Out_ EapPeerMethodResult       *pResult);
        /// @}
        /// \name User Interaction
        /// @{
        ///
        /// Obtains the user interface context from the EAP method.
        ///
        /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
        ///
        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
        ///
        virtual void get_ui_context(
-            _Inout_ BYTE  **ppUIContextData,
+            _Out_ BYTE  **ppUIContextData,
-            _Inout_ DWORD *pdwUIContextDataSize);
+            _Out_ DWORD *pdwUIContextDataSize);
        ///
        /// Provides a user interface context to the EAP method.
        ///
        /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
        ///
        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
        ///
        virtual EapPeerMethodResponseAction set_ui_context(
            _In_count_(dwUIContextDataSize) const BYTE  *pUIContextData,
            _In_                                  DWORD dwUIContextDataSize);
@ -149,18 +118,8 @@ namespace eap
        /// \name EAP Response Attributes
        /// @{
-        ///
+        virtual void get_response_attributes(_Out_ EapAttributes *pAttribs);
        /// Obtains an array of EAP response attributes from the EAP method.
        ///
        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
        ///
        virtual void get_response_attributes(_Inout_ EapAttributes *pAttribs);
        ///
        /// Provides an updated array of EAP response attributes to the EAP method.
        ///
        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
        ///
        virtual EapPeerMethodResponseAction set_response_attributes(_In_ const EapAttributes *pAttribs);
        /// @}
@ -193,4 +152,6 @@ namespace eap
        EAP_SESSIONID m_session_id;     ///< EAP session ID
    };
    /// @}
 }
--- a/lib/EapHost/src/Config.cpp
+++ b/lib/EapHost/src/Config.cpp
@ -183,6 +183,7 @@ eap::credentials* eap::config_method_eaphost::make_credentials() const
 }
 /// \cond internal
 void eap::config_method_eaphost::update_type()
 {
    // Query registry for EAP method name and save it to m_type_str.
@ -207,3 +208,4 @@ void eap::config_method_eaphost::update_type()
    else if (m_type.eapType.type == 254) sprintf(m_type_str, L"EapHost-%u-%u-%u-%u", m_type.dwAuthorId, m_type.eapType.type, m_type.eapType.dwVendorId, m_type.eapType.dwVendorType);
    else                                 sprintf(m_type_str, L"EapHost-%u-%u"      , m_type.dwAuthorId, m_type.eapType.type                                                        );
 }
 /// \endcond
--- a/lib/EapHost/src/Credentials.cpp
+++ b/lib/EapHost/src/Credentials.cpp
@ -293,6 +293,7 @@ eap::credentials::source_t eap::credentials_eaphost::combine(
 }
 /// \cond internal
 const unsigned char eap::credentials_eaphost::s_entropy[1024] = {
    0xe6, 0x01, 0x7b, 0x5f, 0xe5, 0x32, 0xee, 0x8c, 0x57, 0x41, 0x52, 0x95, 0xab, 0xe5, 0x65, 0xdd,
    0xb3, 0x12, 0x7c, 0xcb, 0xdb, 0x37, 0x03, 0x76, 0xfc, 0x53, 0x4a, 0xf9, 0x3f, 0xf1, 0xd8, 0x7e,
@ -359,3 +360,4 @@ const unsigned char eap::credentials_eaphost::s_entropy[1024] = {
    0x25, 0x25, 0x10, 0xa2, 0x85, 0x6f, 0x88, 0xe1, 0x22, 0x9d, 0xd2, 0xbe, 0x59, 0x88, 0x86, 0x20,
    0x93, 0x6a, 0x44, 0xed, 0xc8, 0xee, 0x73, 0xe7, 0x1a, 0xc3, 0x16, 0x23, 0xff, 0x69, 0x8c, 0xd0,
 };
 /// \endcond
--- a/lib/EapHost/src/Method.cpp
+++ b/lib/EapHost/src/Method.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
@ -210,8 +210,8 @@ void eap::method_eaphost::get_result(
 void eap::method_eaphost::get_ui_context(
-    _Inout_ BYTE  **ppUIContextData,
+    _Out_ BYTE  **ppUIContextData,
-    _Inout_ DWORD *pdwUIContextDataSize)
+    _Out_ DWORD *pdwUIContextDataSize)
 {
    // Get EapHost peer UI context data.
    eap_error_runtime error;
--- a/lib/EapHost_UI/include/EapHost_UI.h
+++ b/lib/EapHost_UI/include/EapHost_UI.h
@ -21,25 +21,19 @@
 #include "../../EAPBase_UI/include/EAP_UI.h"
 #include "../../EapHost/include/Config.h"
 ///
 /// Helper class for auto-destroyable EAP_METHOD_TYPE used in wxWidget's item containers
 ///
 class wxEAPMethodTypeClientData;
 ///
 /// Inner EAP method config panel
 ///
 class wxEapHostMethodConfigPanel;
 class wxEapHostConfigPanel;
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// EapHost peer method credential configuration panel
 ///
 typedef wxEAPCredentialsConfigPanel<eap::credentials_pass, wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> > wxEapHostCredentialsConfigPanel;
-///
+/// @}
 /// EapHost peer method configuration panel
 ///
 class wxEapHostConfigPanel;
 #pragma once
@ -51,6 +45,12 @@ class wxEapHostConfigPanel;
 #include <Windows.h>
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// Helper class for auto-destroyable EAP_METHOD_TYPE used in wxWidget's item containers
 ///
 class wxEAPMethodTypeClientData : public wxClientData
 {
 public:
@ -66,6 +66,9 @@ public:
 };
 ///
 /// Inner EAP method config panel
 ///
 class wxEapHostMethodConfigPanel : public wxEapHostMethodConfigPanelBase
 {
 public:
@ -91,6 +94,9 @@ protected:
 };
 ///
 /// EapHost peer method configuration panel
 ///
 class wxEapHostConfigPanel : public wxPanel
 {
 public:
@ -116,3 +122,5 @@ protected:
 protected:
    wxEapHostMethodConfigPanel *m_method; ///< Method configuration panel
 };
 /// @}
--- a/lib/EapHost_UI/src/EapHost_UI.cpp
+++ b/lib/EapHost_UI/src/EapHost_UI.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
@ -62,6 +62,8 @@ wxEapHostMethodConfigPanel::wxEapHostMethodConfigPanel(const eap::config_provide
 }
 /// \cond internal
 bool wxEapHostMethodConfigPanel::TransferDataToWindow()
 {
    if (m_method->HasClientObjectData()) {
@ -137,6 +139,8 @@ void wxEapHostMethodConfigPanel::OnSettings(wxCommandEvent& event)
    }
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
 // wxEapHostConfigPanel
@ -165,9 +169,11 @@ wxEapHostConfigPanel::~wxEapHostConfigPanel()
 }
 /// \cond internal
 void wxEapHostConfigPanel::OnInitDialog(wxInitDialogEvent& event)
 {
    // Forward the event to child panels.
    if (m_method)
        m_method->GetEventHandler()->ProcessEvent(event);
 }
 /// \endcond
--- a/lib/MSCHAPv2/include/Config.h
+++ b/lib/MSCHAPv2/include/Config.h
@ -22,9 +22,6 @@
 namespace eap
 {
    ///
    /// MSCHAPv2 configuration
    ///
    class config_method_mschapv2;
 }
@ -39,6 +36,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseConfig
    /// @{
    ///
    /// MSCHAPv2 configuration
    ///
    class config_method_mschapv2 : public config_method_with_cred
    {
    public:
@ -82,28 +85,26 @@ namespace eap
        ///
        config_method_mschapv2& operator=(_Inout_ config_method_mschapv2 &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
        ///
-        /// Returns EAP method type of this configuration
+        /// @copydoc eap::config_method::get_method_id()
-        ///
+        /// \returns This implementation always returns `eap::type_mschapv2`
        /// \returns `eap::type_mschapv2`
        ///
        virtual winstd::eap_type_t get_method_id() const;
        ///
-        /// Returns a string \c L"MSCHAPv2"
+        /// @copydoc eap::config_method::get_method_str()
        /// \returns This implementation always returns `L"MSCHAPv2"`
        ///
        virtual const wchar_t* get_method_str() const;
        ///
-        /// Creates a blank set of credentials suitable for this method
+        /// @copydoc eap::config_method::make_credentials()
        /// \returns This implementation always returns `eap::credentials_pass` type of credentials
        ///
        virtual credentials* make_credentials() const;
    };
    /// @}
 }
--- a/lib/MSCHAPv2/include/MSCHAPv2.h
+++ b/lib/MSCHAPv2/include/MSCHAPv2.h
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include <WinStd/Crypt.h>
@ -23,30 +23,17 @@
 namespace eap
 {
-    ///
+    struct WINSTD_NOVTABLE challenge_mschapv2;
-    /// MSCHAPv2 Challenge
+    struct WINSTD_NOVTABLE challenge_hash;
-    ///
+    struct WINSTD_NOVTABLE nt_password_hash;
-    struct challenge_mschapv2;
+    struct WINSTD_NOVTABLE nt_response;
    struct WINSTD_NOVTABLE authenticator_response;
    ///
-    /// MSCHAPv2 Challenge Hash
+    /// \defgroup MSCHAPv2  MSCHAPv2
    /// Microsoft Challenge-Handshake Authentication Protocol (version 2)
    ///
-    struct challenge_hash;
+    /// @{
    ///
    /// NT-Password Hash
    ///
    struct nt_password_hash;
    ///
    /// NT-Response
    ///
    struct nt_response;
    ///
    /// Authenticator Response
    ///
    struct authenticator_response;
    ///
    /// Creates DES encryption key with given plaintext key
@ -55,7 +42,11 @@ namespace eap
    /// \param[in] key   The key (without parity bits)
    /// \param[in] size  Size of \p key (maximum 7B)
    ///
    /// \returns DES encryption key
    ///
    winstd::crypt_key create_des_key(_In_ HCRYPTPROV cp, _In_count_(size) const unsigned char *key, _In_ size_t size);
    /// @}
 }
 #pragma once
@ -65,10 +56,16 @@ namespace eap
 namespace eap
 {
    /// \addtogroup MSCHAPv2
    /// @{
 #pragma pack(push)
 #pragma pack(1)
-    struct __declspec(novtable) challenge_mschapv2 : public sanitizing_blob_xf<16>
+    ///
    /// MSCHAPv2 Challenge
    ///
    struct WINSTD_NOVTABLE challenge_mschapv2 : public sanitizing_blob_xf<16>
    {
        ///
        /// Generates random challenge
@ -79,7 +76,10 @@ namespace eap
    };
-    struct __declspec(novtable) challenge_hash : public sanitizing_blob_xf<8>
+    ///
    /// MSCHAPv2 Challenge Hash
    ///
    struct WINSTD_NOVTABLE challenge_hash : public sanitizing_blob_xf<8>
    {
        ///
        /// Constructor
@ -120,7 +120,10 @@ namespace eap
    };
-    struct __declspec(novtable) nt_password_hash : public sanitizing_blob_xf<16>
+    ///
    /// NT-Password Hash
    ///
    struct WINSTD_NOVTABLE nt_password_hash : public sanitizing_blob_xf<16>
    {
        ///
        /// Constructor
@ -169,7 +172,10 @@ namespace eap
    };
-    struct __declspec(novtable) nt_response : public sanitizing_blob_xf<24>
+    ///
    /// NT-Response
    ///
    struct WINSTD_NOVTABLE nt_response : public sanitizing_blob_xf<24>
    {
        ///
        /// Constructor
@ -212,7 +218,10 @@ namespace eap
    };
-    struct __declspec(novtable) authenticator_response : public sanitizing_blob_xf<20>
+    ///
    /// Authenticator Response
    ///
    struct WINSTD_NOVTABLE authenticator_response : public sanitizing_blob_xf<20>
    {
        ///
        /// Constructor
@ -257,4 +266,6 @@ namespace eap
    };
 #pragma pack(pop)
    /// @}
 }
--- a/lib/MSCHAPv2/include/Method.h
+++ b/lib/MSCHAPv2/include/Method.h
@ -1,28 +1,25 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 namespace eap
 {
    ///
    /// MSCHAPv2 method
    ///
    class method_mschapv2;
 }
@ -38,6 +35,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseMethod
    /// @{
    ///
    /// MSCHAPv2 method
    ///
    class method_mschapv2 : public method
    {
        WINSTD_NONCOPYABLE(method_mschapv2)
@ -68,48 +71,33 @@ namespace eap
        ///
        method_mschapv2& operator=(_Inout_ method_mschapv2 &&other);
-        /// \name Packet processing
+        /// \name Session management
        /// @{
        ///
        /// Starts an EAP authentication session on the peer EapHost using the EAP method.
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        virtual void begin_session(
            _In_        DWORD         dwFlags,
            _In_  const EapAttributes *pAttributeArray,
            _In_        HANDLE        hTokenImpersonateUser,
            _In_opt_    DWORD         dwMaxSendPacketSize = MAXDWORD);
-        ///
+        /// @}
-        /// Processes a packet received by EapHost from a supplicant.
+
-        ///
+        /// \name Packet processing
-        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        /// @{
-        ///
+
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD);
-        ///
+        /// @}
-        /// Obtains the result of an authentication session from the EAP method.
+
        ///
        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
        ///
        virtual void get_result(
            _In_  EapPeerMethodResultReason reason,
-            _Inout_ EapPeerMethodResult       *pResult);
+            _Out_ EapPeerMethodResult       *pResult);
        /// @}
        friend class method_ttls;               // Setting of initial challenge derived from TLS PRF
@ -161,6 +149,9 @@ namespace eap
        nt_response m_nt_resp;                  ///< NT-Response
        bool m_success;                         ///< Did we receive MS-CHAP2-Success?
        ///
        /// Communication phase
        ///
        enum {
            phase_unknown = -1,                 ///< Unknown phase
            phase_init = 0,                     ///< Send client challenge
@ -170,4 +161,6 @@ namespace eap
        sanitizing_blob m_packet_res;           ///< Response packet
    };
    /// @}
 }
--- a/lib/MSCHAPv2/src/MSCHAPv2.cpp
+++ b/lib/MSCHAPv2/src/MSCHAPv2.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
--- a/lib/MSCHAPv2/src/Method.cpp
+++ b/lib/MSCHAPv2/src/Method.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
--- a/lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h
+++ b/lib/MSCHAPv2_UI/include/MSCHAPv2_UI.h
@ -21,21 +21,23 @@
 #include "../../EAPBase_UI/include/EAP_UI.h"
 #include "../../MSCHAPv2/include/Config.h"
 class wxMSCHAPv2ConfigPanel;
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// MSCHAPv2 credential configuration panel
 ///
 typedef wxEAPCredentialsConfigPanel<eap::credentials_pass, wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> > wxMSCHAPv2CredentialsConfigPanel;
 ///
 /// MSCHAPv2 configuration panel
 ///
 class wxMSCHAPv2ConfigPanel;
 ///
 /// MSCHAPv2 credential entry panel
 ///
 typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> wxMSCHAPv2CredentialsPanel;
 /// @}
 #pragma once
 #include <wx/panel.h>
@ -44,6 +46,12 @@ typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsP
 #include <Windows.h>
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// MSCHAPv2 configuration panel
 ///
 class wxMSCHAPv2ConfigPanel : public wxPanel
 {
 public:
@ -65,3 +73,5 @@ protected:
 protected:
    wxMSCHAPv2CredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
 };
 /// @}
--- a/lib/MSCHAPv2_UI/src/MSCHAPv2_UI.cpp
+++ b/lib/MSCHAPv2_UI/src/MSCHAPv2_UI.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
@ -48,9 +48,11 @@ wxMSCHAPv2ConfigPanel::~wxMSCHAPv2ConfigPanel()
 }
 /// \cond internal
 void wxMSCHAPv2ConfigPanel::OnInitDialog(wxInitDialogEvent& event)
 {
    // Forward the event to child panels.
    if (m_credentials)
        m_credentials->GetEventHandler()->ProcessEvent(event);
 }
 /// \endcond
--- a/lib/PAP/include/Config.h
+++ b/lib/PAP/include/Config.h
@ -22,9 +22,6 @@
 namespace eap
 {
    ///
    /// PAP configuration
    ///
    class config_method_pap;
 }
@ -39,6 +36,12 @@ namespace eap
 namespace eap
 {
    /// \\addtogroup EAPBaseConfig
    /// @{
    ///
    /// PAP configuration
    ///
    class config_method_pap : public config_method_with_cred
    {
    public:
@ -82,28 +85,26 @@ namespace eap
        ///
        config_method_pap& operator=(_Inout_ config_method_pap &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
        ///
-        /// Returns EAP method type of this configuration
+        /// @copydoc eap::config_method::get_method_id()
-        ///
+        /// \returns This implementation always returns `eap::type_pap`
        /// \returns `eap::type_pap`
        ///
        virtual winstd::eap_type_t get_method_id() const;
        ///
-        /// Returns a string \c L"PAP"
+        /// @copydoc eap::config_method::get_method_str()
        /// \returns This implementation always returns `L"PAP"`
        ///
        virtual const wchar_t* get_method_str() const;
        ///
-        /// Creates a blank set of credentials suitable for this method
+        /// @copydoc eap::config_method::make_credentials()
        /// \returns This implementation always returns `eap::credentials_pass` type of credentials
        ///
        virtual credentials* make_credentials() const;
    };
    /// @}
 }
--- a/lib/PAP/include/Method.h
+++ b/lib/PAP/include/Method.h
@ -1,28 +1,25 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 namespace eap
 {
    ///
    /// PAP method
    ///
    class method_pap;
 }
@ -36,6 +33,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseMethod
    /// @{
    ///
    /// PAP method
    ///
    class method_pap : public method
    {
        WINSTD_NONCOPYABLE(method_pap)
@ -66,53 +69,41 @@ namespace eap
        ///
        method_pap& operator=(_Inout_ method_pap &&other);
-        /// \name Packet processing
+        /// \name Session management
        /// @{
        ///
        /// Starts an EAP authentication session on the peer EapHost using the EAP method.
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        virtual void begin_session(
            _In_        DWORD         dwFlags,
            _In_  const EapAttributes *pAttributeArray,
            _In_        HANDLE        hTokenImpersonateUser,
            _In_opt_    DWORD         dwMaxSendPacketSize = MAXDWORD);
-        ///
+        /// @}
-        /// Processes a packet received by EapHost from a supplicant.
+
-        ///
+        /// \name Packet processing
-        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        /// @{
-        ///
+
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD);
-        ///
+        /// @}
-        /// Obtains the result of an authentication session from the EAP method.
+
        ///
        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
        ///
        virtual void get_result(
            _In_  EapPeerMethodResultReason reason,
-            _Inout_ EapPeerMethodResult       *pResult);
+            _Out_ EapPeerMethodResult       *pResult);
        /// @}
    protected:
        config_method_pap &m_cfg;       ///< Method configuration
        credentials_pass &m_cred;       ///< Method user credentials
        ///
        /// Communication phase
        ///
        enum {
            phase_unknown = -1,         ///< Unknown phase
            phase_init = 0,             ///< Handshake initialize
@ -121,4 +112,6 @@ namespace eap
        sanitizing_blob m_packet_res;   ///< Response packet
    };
    /// @}
 }
--- a/lib/PAP/src/Method.cpp
+++ b/lib/PAP/src/Method.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
--- a/lib/PAP_UI/include/PAP_UI.h
+++ b/lib/PAP_UI/include/PAP_UI.h
@ -21,21 +21,23 @@
 #include "../../EAPBase_UI/include/EAP_UI.h"
 #include "../../PAP/include/Config.h"
 class wxPAPConfigPanel;
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// PAP credential configuration panel
 ///
 typedef wxEAPCredentialsConfigPanel<eap::credentials_pass, wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> > wxPAPCredentialsConfigPanel;
 ///
 /// PAP configuration panel
 ///
 class wxPAPConfigPanel;
 ///
 /// PAP credential entry panel
 ///
 typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsPanelBase> wxPAPCredentialsPanel;
 /// @}
 #pragma once
 #include <wx/panel.h>
@ -44,6 +46,12 @@ typedef wxPasswordCredentialsPanel<eap::credentials_pass, wxPasswordCredentialsP
 #include <Windows.h>
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// PAP configuration panel
 ///
 class wxPAPConfigPanel : public wxPanel
 {
 public:
@ -65,3 +73,5 @@ protected:
 protected:
    wxPAPCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
 };
 /// @}
--- a/lib/PAP_UI/src/PAP_UI.cpp
+++ b/lib/PAP_UI/src/PAP_UI.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
@ -48,9 +48,11 @@ wxPAPConfigPanel::~wxPAPConfigPanel()
 }
 /// \cond internal
 void wxPAPConfigPanel::OnInitDialog(wxInitDialogEvent& event)
 {
    // Forward the event to child panels.
    if (m_credentials)
        m_credentials->GetEventHandler()->ProcessEvent(event);
 }
 /// \endcond
--- a/lib/TLS/include/Config.h
+++ b/lib/TLS/include/Config.h
@ -31,15 +31,17 @@
 namespace eap
 {
    ///
    /// TLS configuration
    ///
    class config_method_tls;
    /// \addtogroup EAPBaseMethod
    /// @{
    ///
    /// Helper function to compile human-readable certificate name for UI display
    ///
    winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
    /// @}
 }
 #pragma once
@ -58,6 +60,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseMethod
    /// @{
    ///
    /// TLS configuration
    ///
    class config_method_tls : public config_method_with_cred
    {
    public:
@ -101,80 +109,51 @@ namespace eap
        ///
        config_method_tls& operator=(_Inout_ config_method_tls &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        ///
-        /// Returns EAP method type of this configuration
+        /// @copydoc eap::config_method::get_method_id()
-        ///
+        /// \returns This implementation always returns `eap::type_tls`
        /// \returns `eap::type_tls`
        ///
        virtual winstd::eap_type_t get_method_id() const;
        ///
-        /// Returns a string \c L"EAP-TLS"
+        /// @copydoc eap::config_method::get_method_str()
        /// \returns This implementation always returns `L"EAP-TLS"`
        ///
        virtual const wchar_t* get_method_str() const;
        ///
-        /// Creates a blank set of credentials suitable for this method
+        /// @copydoc eap::config_method::make_credentials()
        /// \returns This implementation always returns `eap::credentials_tls` type of credentials
        ///
        virtual credentials* make_credentials() const;
        ///
        /// Adds CA to the list of trusted root CA's
        ///
-        /// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
+        /// \note If the CA is already on the list, function fails returning \c false.
        ///
        /// \param[in] dwCertEncodingType  Any bitwise OR combination of \c X509_ASN_ENCODING and \c PKCS_7_ASN_ENCODING flags
        /// \param[in] pbCertEncoded       Certificate data
        /// \param[in] cbCertEncoded       Size of \p pbCertEncoded in bytes
        ///
        /// \returns
        /// - \c true when adding succeeds;
        /// - \c false otherwise.
        ///
        bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
@ -182,4 +161,6 @@ namespace eap
        std::list<winstd::cert_context> m_trusted_root_ca;  ///< Trusted root CAs
        std::list<std::wstring> m_server_names;             ///< Acceptable authenticating server names
    };
    /// @}
 }
--- a/lib/TLS/include/Credentials.h
+++ b/lib/TLS/include/Credentials.h
@ -22,9 +22,6 @@
 namespace eap
 {
    ///
    /// TLS credentials
    ///
    class credentials_tls;
 }
@ -42,6 +39,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseCred
    /// @{
    ///
    /// TLS credentials
    ///
    class credentials_tls : public credentials
    {
    public:
@ -84,115 +87,48 @@ namespace eap
        ///
        credentials_tls& operator=(_Inout_ credentials_tls &&other);
        ///
        /// Clones credentials
        ///
        /// \returns Pointer to cloned credentials
        ///
        virtual config* clone() const;
        ///
        /// Resets credentials
        ///
        virtual void clear();
        ///
        /// Test credentials if blank
        ///
        /// \returns
        /// - \c true if blank
        /// - \c false otherwise
        ///
        virtual bool empty() const;
-        /// \name XML credentials management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        /// \name Storage
        /// @{
        ///
        /// Save credentials to Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
        virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
        ///
        /// Retrieve credentials from Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
        virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
        ///
-        /// Return target suffix for Windows Credential Manager credential name
+        /// @copydoc eap::credentials::target_suffix()
        /// \returns This implementation always returns `_T("cert")`
        ///
        virtual LPCTSTR target_suffix() const;
        /// @}
        ///
        /// Returns credential identity.
        ///
        virtual std::wstring get_identity() const;
        ///
        /// Combine credentials in the following order:
        ///
        /// 1. Cached credentials
-        /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
+        /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
        /// 3. Stored credentials
        ///
        /// \param[in] dwFlags                A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
        /// \param[in] hTokenImpersonateUser  Impersonation token for a logged-on user to collect user-related information
-        /// \param[in] cred_cached            Cached credentials (optional, can be \c NULL, must be credentials_tls* type)
+        /// \param[in] cred_cached            Cached credentials (optional, can be \c NULL, must be `credentials_tls*` type)
-        /// \param[in] cfg                    Method configuration (unused, as must be as config_method_tls is not derived from config_method_with_cred)
+        /// \param[in] cfg                    Method configuration (unused, as must be as config_method_tls is not derived from `config_method_with_cred`)
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
@ -215,4 +151,6 @@ namespace eap
        static const unsigned char s_entropy[1024];
        /// \endcond
    };
    /// @}
 }
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@ -247,7 +247,7 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned
 LPCTSTR eap::credentials_tls::target_suffix() const
 {
-    return _T("Cert");
+    return _T("cert");
 }
@ -343,6 +343,7 @@ eap::credentials::source_t eap::credentials_tls::combine(
 }
 /// \cond internal
 const unsigned char eap::credentials_tls::s_entropy[1024] = {
    0xb9, 0xd1, 0x62, 0xd4, 0x1c, 0xe6, 0x8c, 0x25, 0x98, 0x9b, 0x1d, 0xbc, 0x40, 0x46, 0x9e, 0x6d,
    0x63, 0xba, 0xda, 0x78, 0x65, 0x56, 0x97, 0x4f, 0xa0, 0x89, 0xf4, 0xc5, 0x1b, 0xf5, 0x8d, 0x69,
@ -409,3 +410,4 @@ const unsigned char eap::credentials_tls::s_entropy[1024] = {
    0x0d, 0xd0, 0x84, 0x17, 0x97, 0x56, 0x2e, 0xff, 0x82, 0x76, 0x61, 0x75, 0x9f, 0x15, 0xd2, 0x08,
    0xbb, 0x24, 0xb5, 0xba, 0xaa, 0x5e, 0x20, 0xdd, 0x03, 0x4c, 0x3c, 0x54, 0xd8, 0x8f, 0x87, 0x49,
 };
 /// \endcond
--- a/lib/TLS_UI/include/TLS_UI.h
+++ b/lib/TLS_UI/include/TLS_UI.h
@ -35,31 +35,20 @@
 #include <list>
 #include <string>
 ///
 /// Helper class for auto-destroyable certificates used in wxWidget's item containers
 ///
 class wxCertificateClientData;
 ///
 /// TLS credential panel
 ///
 class wxTLSCredentialsPanel;
 ///
 /// TLS server trust configuration panel
 ///
 class wxTLSServerTrustPanel;
 class wxTLSConfigPanel;
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// TLS credentials configuration panel
 ///
 typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
-///
+/// @}
 /// TLS configuration panel
 ///
 class wxTLSConfigPanel;
 #pragma once
@ -78,12 +67,20 @@ class wxTLSConfigPanel;
 #include <vector>
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// Helper class for auto-destroyable certificates used in wxWidget's item containers
 ///
 class wxCertificateClientData : public wxClientData
 {
 public:
    ///
    /// Constructs client data object with existing handle
    ///
    /// \param[in] cert  Certificate handle
    ///
    wxCertificateClientData(PCCERT_CONTEXT cert);
    ///
@ -96,6 +93,9 @@ public:
 };
 ///
 /// TLS credential panel
 ///
 class wxTLSCredentialsPanel : public wxEAPCredentialsPanel<eap::credentials_tls, wxTLSCredentialsPanelBase>
 {
 public:
@ -119,12 +119,19 @@ protected:
 };
 ///
 /// TLS server trust configuration panel
 ///
 class wxTLSServerTrustPanel : public wxTLSServerTrustPanelBase
 {
 public:
    ///
    /// Constructs a configuration panel
    ///
    /// \param[in   ] prov    Provider configuration data
    /// \param[inout] cfg     Configuration data
    /// \param[in   ] parent  Parent window
    ///
    wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
 protected:
@ -156,12 +163,19 @@ protected:
 };
 ///
 /// TLS configuration panel
 ///
 class wxTLSConfigPanel : public wxPanel
 {
 public:
    ///
    /// Constructs a configuration panel
    ///
    /// \param[in   ] prov    Provider configuration data
    /// \param[inout] cfg     Configuration data
    /// \param[in   ] parent  Parent window
    ///
    wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
    ///
@ -180,3 +194,5 @@ protected:
    wxTLSServerTrustPanel *m_server_trust;      ///< Server trust configuration panel
    wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
 };
 /// @}
--- a/lib/TLS_UI/src/TLS_UI.cpp
+++ b/lib/TLS_UI/src/TLS_UI.cpp
@ -53,6 +53,8 @@ wxTLSCredentialsPanel::wxTLSCredentialsPanel(const eap::config_provider &prov, c
 }
 /// \cond internal
 bool wxTLSCredentialsPanel::TransferDataToWindow()
 {
    // Populate certificate list.
@ -129,6 +131,8 @@ void wxTLSCredentialsPanel::OnUpdateUI(wxUpdateUIEvent& event)
    }
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
 // wxTLSServerTrustPanel
@ -150,6 +154,8 @@ wxTLSServerTrustPanel::wxTLSServerTrustPanel(const eap::config_provider &prov, e
 }
 /// \cond internal
 bool wxTLSServerTrustPanel::TransferDataToWindow()
 {
    // Populate trusted CA list.
@ -275,6 +281,8 @@ void wxTLSServerTrustPanel::OnRootCARemove(wxCommandEvent& event)
        m_root_ca->Delete(selections[i]);
 }
 /// \endcond
 bool wxTLSServerTrustPanel::AddRootCA(PCCERT_CONTEXT cert)
 {
@ -332,6 +340,7 @@ wxTLSConfigPanel::~wxTLSConfigPanel()
 }
 /// \cond internal
 void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
 {
    // Forward the event to child panels.
@ -339,3 +348,4 @@ void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
    if (m_credentials)
        m_credentials->GetEventHandler()->ProcessEvent(event);
 }
 /// \endcond
--- a/lib/TTLS/include/Config.h
+++ b/lib/TTLS/include/Config.h
@ -22,9 +22,6 @@
 namespace eap
 {
    ///
    /// TTLS configuration
    ///
    class config_method_ttls;
 }
@ -40,7 +37,14 @@ namespace eap
 #include <memory>
-namespace eap {
+namespace eap
 {
    /// \addtogroup EAPBaseMethod
    /// @{
    ///
    /// TTLS configuration
    ///
    class config_method_ttls : public config_method_tls
    {
    public:
@ -84,71 +88,36 @@ namespace eap {
        ///
        config_method_ttls& operator=(_Inout_ config_method_ttls &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
-        /// \name XML configuration management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        ///
-        /// Returns EAP method type of this configuration
+        /// @copydoc eap::config_method::get_method_id()
-        ///
+        /// \returns This implementation always returns `eap::type_ttls`
        /// \returns `eap::type_ttls`
        ///
        virtual winstd::eap_type_t get_method_id() const;
        ///
-        /// Returns a string \c L"EAP-TTLS"
+        /// @copydoc eap::config_method::get_method_str()
        /// \returns This implementation always returns `L"EAP-TTLS"`
        ///
        virtual const wchar_t* get_method_str() const;
        ///
-        /// Creates a blank set of credentials suitable for this method
+        /// @copydoc eap::config_method::make_credentials()
        /// \returns This implementation always returns `eap::credentials_ttls` type of credentials
        ///
        virtual credentials* make_credentials() const;
@ -157,6 +126,8 @@ namespace eap {
        ///
        /// \param[in] eap_type  EAP type
        ///
        /// \returns A new inner method config of given type
        ///
        config_method* make_config_method(_In_ winstd::eap_type_t eap_type) const;
        ///
@ -164,6 +135,8 @@ namespace eap {
        ///
        /// \param[in] eap_type  EAP type
        ///
        /// \returns A new inner method config of given type
        ///
        config_method* make_config_method(_In_ const wchar_t *eap_type) const;
        ///
@ -175,4 +148,6 @@ namespace eap {
        std::unique_ptr<config_method> m_inner; ///< Inner authentication configuration
        std::wstring m_anonymous_identity;      ///< Anonymous identity
    };
    /// @}
 }
--- a/lib/TTLS/include/Credentials.h
+++ b/lib/TTLS/include/Credentials.h
@ -20,9 +20,6 @@
 namespace eap
 {
    ///
    /// TTLS credentials
    ///
    class credentials_ttls;
 }
@ -35,6 +32,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseCred
    /// @{
    ///
    /// TTLS credentials
    ///
    class credentials_ttls : public credentials_tls
    {
    public:
@ -77,108 +80,42 @@ namespace eap
        ///
        credentials_ttls& operator=(_Inout_ credentials_ttls &&other);
        ///
        /// Clones credentials
        ///
        /// \returns Pointer to cloned credentials
        ///
        virtual config* clone() const;
        ///
        /// Resets credentials
        ///
        virtual void clear();
        ///
        /// Test credentials if blank
        ///
        /// \returns
        /// - \c true if blank
        /// - \c false otherwise
        ///
        virtual bool empty() const;
-        /// \name XML credentials management
+        /// \name XML management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
        /// \name Storage
        /// @{
        ///
        /// Save credentials to Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
        virtual void store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level) const;
        ///
        /// Retrieve credentials from Windows Credential Manager
        ///
        /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
        /// \param[in]  level          Credential level (0=outer, 1=inner, 2=inner-inner...)
        ///
        virtual void retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int level);
        ///
        /// Returns credential identity.
        ///
        virtual std::wstring get_identity() const;
        /// @}
        virtual std::wstring get_identity() const;
        ///
        /// Combine credentials in the following order:
        ///
        /// 1. Cached credentials
-        /// 2. Configured credentials (if \p cfg is derived from config_method_with_cred)
+        /// 2. Configured credentials (if \p cfg is derived from `config_method_with_cred`)
        /// 3. Stored credentials
        ///
        /// \param[in] dwFlags                A combination of [EAP flags](https://msdn.microsoft.com/en-us/library/windows/desktop/bb891975.aspx) that describe the EAP authentication session behavior
        /// \param[in] hTokenImpersonateUser  Impersonation token for a logged-on user to collect user-related information
-        /// \param[in] cred_cached            Cached credentials (optional, can be \c NULL, must be credentials_ttls* type)
+        /// \param[in] cred_cached            Cached credentials (optional, can be \c NULL, must be `credentials_ttls*` type)
-        /// \param[in] cfg                    Method configuration (unused, as must be as config_method_ttls is not derived from config_method_with_cred)
+        /// \param[in] cfg                    Method configuration (unused, as must be as config_method_ttls is not derived from `config_method_with_cred`)
        /// \param[in] pszTargetName          The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
        ///
        /// \returns
@ -196,4 +133,6 @@ namespace eap
    public:
        std::unique_ptr<credentials> m_inner;   ///< Inner credentials
    };
    /// @}
 }
--- a/lib/TTLS/include/Method.h
+++ b/lib/TTLS/include/Method.h
@ -20,19 +20,8 @@
 namespace eap
 {
    ///
    /// EAP-(T)TLS class defragging method tunnel
    ///
    class method_defrag;
    ///
    /// Diameter EAP-Message tunnel method
    ///
    class method_eapmsg;
    ///
    /// TTLS method
    ///
    class method_ttls;
 }
@ -48,6 +37,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseMethod
    /// @{
    ///
    /// EAP-(T)TLS class defragging method tunnel
    ///
    class method_defrag : public method_tunnel
    {
        WINSTD_NONCOPYABLE(method_defrag)
@ -111,24 +106,16 @@ namespace eap
        /// \name Packet processing
        /// @{
        ///
        /// Processes a packet received by EapHost from a supplicant.
        ///
        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
        ///
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD);
        /// @}
    protected:
        DWORD m_size_frag_max;      ///< Maximum size of a fragment
        sanitizing_blob m_data_req; ///< Data in request
@ -137,6 +124,9 @@ namespace eap
    };
    ///
    /// Diameter EAP-Message tunnel method
    ///
    class method_eapmsg : public method_tunnel
    {
    public:
@ -165,34 +155,24 @@ namespace eap
        ///
        method_eapmsg& operator=(_Inout_ method_eapmsg &&other);
-        /// \name Packet processing
+        /// \name Session management
        /// @{
        ///
        /// Starts an EAP authentication session on the peer EapHost using the EAP method.
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        virtual void begin_session(
            _In_        DWORD         dwFlags,
            _In_  const EapAttributes *pAttributeArray,
            _In_        HANDLE        hTokenImpersonateUser,
            _In_opt_    DWORD         dwMaxSendPacketSize = MAXDWORD);
-        ///
+        /// @}
-        /// Processes a packet received by EapHost from a supplicant.
+
-        ///
+        /// \name Packet processing
-        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        /// @{
-        ///
+
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD);
@ -202,6 +182,9 @@ namespace eap
    protected:
        std::wstring m_identity;        ///< User identity
        ///
        /// Communication phase
        ///
        enum {
            phase_unknown = -1,         ///< Unknown phase
            phase_identity = 0,         ///< Send identity
@ -212,6 +195,9 @@ namespace eap
    };
    ///
    /// TTLS method
    ///
    class method_ttls : public method_tunnel
    {
        WINSTD_NONCOPYABLE(method_ttls)
@ -243,48 +229,33 @@ namespace eap
        ///
        method_ttls& operator=(_Inout_ method_ttls &&other);
-        /// \name Packet processing
+        /// \name Session management
        /// @{
        ///
        /// Starts an EAP authentication session on the peer EapHost using the EAP method.
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        virtual void begin_session(
            _In_        DWORD         dwFlags,
            _In_  const EapAttributes *pAttributeArray,
            _In_        HANDLE        hTokenImpersonateUser,
            _In_opt_    DWORD         dwMaxSendPacketSize = MAXDWORD);
-        ///
+        /// @}
-        /// Processes a packet received by EapHost from a supplicant.
+
-        ///
+        /// \name Packet processing
-        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        /// @{
-        ///
+
        virtual EapPeerMethodResponseAction process_request_packet(
            _In_bytecount_(dwReceivedPacketSize) const void  *pReceivedPacket,
            _In_                                       DWORD dwReceivedPacketSize);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _Out_    sanitizing_blob &packet,
            _In_opt_ DWORD           size_max = MAXDWORD);
-        ///
+        /// @}
-        /// Obtains the result of an authentication session from the EAP method.
+
        ///
        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
        ///
        virtual void get_result(
            _In_  EapPeerMethodResultReason reason,
-            _Inout_ EapPeerMethodResult       *pResult);
+            _Out_ EapPeerMethodResult       *pResult);
        /// @}
    protected:
 #if EAP_TLS < EAP_TLS_SCHANNEL_FULL
@ -303,6 +274,9 @@ namespace eap
        std::vector<unsigned char> m_sc_queue;      ///< TLS data queue
        winstd::sec_context m_sc_ctx;               ///< Schannel context
        ///
        /// Communication phase
        ///
        enum {
            phase_unknown = -1,                     ///< Unknown phase
            phase_handshake_init = 0,               ///< Handshake initialize
@ -316,4 +290,6 @@ namespace eap
        std::vector<winstd::eap_attr> m_eap_attr;   ///< EAP attributes returned by get_result() method
        EAP_ATTRIBUTES m_eap_attr_desc;             ///< EAP attributes descriptor (required to avoid memory leakage in get_result())
    };
    /// @}
 }
--- a/lib/TTLS/include/Module.h
+++ b/lib/TTLS/include/Module.h
@ -20,9 +20,6 @@
 namespace eap
 {
    ///
    /// TTLS peer
    ///
    class peer_ttls;
 }
@ -35,6 +32,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseModule
    /// @{
    ///
    /// EAP-TTLS peer
    ///
    class peer_ttls : public peer
    {
        WINSTD_NONCOPYABLE(peer_ttls)
@ -46,46 +49,26 @@ namespace eap
        peer_ttls();
        ///
-        /// Makes a new method config
+        /// @copydoc eap::method::make_config_method()
        /// \returns This implementation always returns `eap::config_method_ttls` type of configuration
        ///
        virtual config_method* make_config_method();
        ///
        /// Initializes an EAP peer method for EapHost.
        ///
        /// \sa [EapPeerGetInfo function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363613.aspx)
        ///
        virtual void initialize();
        ///
        /// Shuts down the EAP method and prepares to unload its corresponding DLL.
        ///
        /// \sa [EapPeerShutdown function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363627.aspx)
        ///
        virtual void shutdown();
        ///
        /// Returns the user data and user identity after being called by EapHost.
        ///
        /// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx)
        ///
        virtual void get_identity(
            _In_                                   DWORD  dwFlags,
            _In_count_(dwConnectionDataSize) const BYTE   *pConnectionData,
            _In_                                   DWORD  dwConnectionDataSize,
            _In_count_(dwUserDataSize)       const BYTE   *pUserData,
            _In_                                   DWORD  dwUserDataSize,
-            _Inout_                                BYTE   **ppUserDataOut,
+            _Out_                                  BYTE   **ppUserDataOut,
-            _Inout_                                DWORD  *pdwUserDataOutSize,
+            _Out_                                  DWORD  *pdwUserDataOutSize,
            _In_                                   HANDLE hTokenImpersonateUser,
-            _Inout_                                BOOL   *pfInvokeUI,
+            _Out_                                  BOOL   *pfInvokeUI,
-            _Inout_                                WCHAR  **ppwszIdentity);
+            _Out_                                  WCHAR  **ppwszIdentity);
        ///
        /// Defines the implementation of an EAP method-specific function that retrieves the properties of an EAP method given the connection and user data.
        ///
        /// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx)
        ///
        virtual void get_method_properties(
            _In_                                   DWORD                     dwVersion,
            _In_                                   DWORD                     dwFlags,
@ -94,31 +77,19 @@ namespace eap
            _In_                                   DWORD                     dwConnectionDataSize,
            _In_count_(dwUserDataSize)       const BYTE                      *pUserData,
            _In_                                   DWORD                     dwUserDataSize,
-            _Inout_                                EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray);
+            _Out_                                  EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray);
        ///
        /// Converts XML into the configuration BLOB. The XML based credentials can come from group policy or from a system administrator.
        ///
        /// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx)
        ///
        virtual void credentials_xml2blob(
            _In_                                   DWORD       dwFlags,
            _In_                                   IXMLDOMNode *pConfigRoot,
            _In_count_(dwConnectionDataSize) const BYTE        *pConnectionData,
            _In_                                   DWORD       dwConnectionDataSize,
-            _Inout_                                BYTE        **ppCredentialsOut,
+            _Out_                                  BYTE        **ppCredentialsOut,
-            _Inout_                                DWORD       *pdwCredentialsOutSize);
+            _Out_                                  DWORD       *pdwCredentialsOutSize);
        /// \name Session management
        /// @{
        ///
        /// Starts an EAP authentication session on the peer EapHost using the EAP method.
        ///
        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
        ///
        /// \returns Session handle
        ///
        virtual EAP_SESSION_HANDLE begin_session(
            _In_                                   DWORD              dwFlags,
            _In_                           const   EapAttributes      *pAttributeArray,
@ -129,83 +100,54 @@ namespace eap
            _In_                                   DWORD              dwUserDataSize,
            _In_                                   DWORD              dwMaxSendPacketSize);
        ///
        /// Ends an EAP authentication session for the EAP method.
        ///
        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
        ///
        virtual void end_session(_In_ EAP_SESSION_HANDLE hSession);
-        ///
+        /// @}
-        /// Processes a packet received by EapHost from a supplicant.
+
-        ///
+        /// \name Packet processing
-        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        /// @{
-        ///
+
        virtual void process_request_packet(
            _In_                                       EAP_SESSION_HANDLE  hSession,
            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
            _In_                                       DWORD               dwReceivedPacketSize,
            _Out_                                      EapPeerMethodOutput *pEapOutput);
        ///
        /// Obtains a response packet from the EAP method.
        ///
        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
        ///
        virtual void get_response_packet(
            _In_                               EAP_SESSION_HANDLE hSession,
            _Inout_bytecap_(*dwSendPacketSize) EapPacket          *pSendPacket,
            _Inout_                            DWORD              *pdwSendPacketSize);
-        ///
+        /// @}
-        /// Obtains the result of an authentication session from the EAP method.
+
        ///
        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
        ///
        virtual void get_result(
            _In_  EAP_SESSION_HANDLE        hSession,
            _In_  EapPeerMethodResultReason reason,
-            _Inout_ EapPeerMethodResult       *pResult);
+            _Out_ EapPeerMethodResult       *pResult);
        /// \name User Interaction
        /// @{
        ///
        /// Obtains the user interface context from the EAP method.
        ///
        /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
        ///
        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
        ///
        virtual void get_ui_context(
            _In_  EAP_SESSION_HANDLE hSession,
-            _Inout_ BYTE               **ppUIContextData,
+            _Out_ BYTE               **ppUIContextData,
-            _Inout_ DWORD              *pdwUIContextDataSize);
+            _Out_ DWORD              *pdwUIContextDataSize);
        ///
        /// Provides a user interface context to the EAP method.
        ///
        /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
        ///
        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
        ///
        virtual void set_ui_context(
            _In_                                  EAP_SESSION_HANDLE  hSession,
            _In_count_(dwUIContextDataSize) const BYTE                *pUIContextData,
            _In_                                  DWORD               dwUIContextDataSize,
            _Out_                                 EapPeerMethodOutput *pEapOutput);
-        ///
+        /// @}
-        /// Obtains an array of EAP response attributes from the EAP method.
+
-        ///
+        /// \name EAP Response Attributes
-        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
+        /// @{
-        ///
+
        virtual void get_response_attributes(
            _In_  EAP_SESSION_HANDLE hSession,
-            _Inout_ EapAttributes      *pAttribs);
+            _Out_ EapAttributes      *pAttribs);
        ///
        /// Provides an updated array of EAP response attributes to the EAP method.
        ///
        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
        ///
        virtual void set_response_attributes(
            _In_       EAP_SESSION_HANDLE  hSession,
            _In_ const EapAttributes       *pAttribs,
@ -226,6 +168,9 @@ namespace eap
            _In_                             HANDLE                  hTokenImpersonateUser);
    protected:
        ///
        /// EAP-TTLS session
        ///
        class session {
        public:
            ///
@ -251,4 +196,6 @@ namespace eap
 #endif
        };
    };
    /// @}
 }
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@ -73,11 +73,11 @@ void eap::peer_ttls::get_identity(
    _In_                                   DWORD  dwConnectionDataSize,
    _In_count_(dwUserDataSize)       const BYTE   *pUserData,
    _In_                                   DWORD  dwUserDataSize,
-    _Inout_                                BYTE   **ppUserDataOut,
+    _Out_                                  BYTE   **ppUserDataOut,
-    _Inout_                                DWORD  *pdwUserDataOutSize,
+    _Out_                                  DWORD  *pdwUserDataOutSize,
    _In_                                   HANDLE hTokenImpersonateUser,
-    _Inout_                                BOOL   *pfInvokeUI,
+    _Out_                                  BOOL   *pfInvokeUI,
-    _Inout_                                WCHAR  **ppwszIdentity)
+    _Out_                                  WCHAR  **ppwszIdentity)
 {
    assert(pfInvokeUI);
    assert(ppwszIdentity);
@ -126,7 +126,7 @@ void eap::peer_ttls::get_method_properties(
    _In_                                   DWORD                     dwConnectionDataSize,
    _In_count_(dwUserDataSize)       const BYTE                      *pUserData,
    _In_                                   DWORD                     dwUserDataSize,
-    _Inout_                                EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray)
+    _Out_                                  EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray)
 {
    UNREFERENCED_PARAMETER(dwVersion);
    UNREFERENCED_PARAMETER(dwFlags);
@ -176,8 +176,8 @@ void eap::peer_ttls::credentials_xml2blob(
    _In_                                   IXMLDOMNode *pConfigRoot,
    _In_count_(dwConnectionDataSize) const BYTE        *pConnectionData,
    _In_                                   DWORD       dwConnectionDataSize,
-    _Inout_                                BYTE        **ppCredentialsOut,
+    _Out_                                  BYTE        **ppCredentialsOut,
-    _Inout_                                DWORD       *pdwCredentialsOutSize)
+    _Out_                                  DWORD       *pdwCredentialsOutSize)
 {
    UNREFERENCED_PARAMETER(dwFlags);
    UNREFERENCED_PARAMETER(pConnectionData);
@ -331,8 +331,8 @@ void eap::peer_ttls::get_result(
 void eap::peer_ttls::get_ui_context(
    _In_  EAP_SESSION_HANDLE hSession,
-    _Inout_ BYTE               **ppUIContextData,
+    _Out_ BYTE               **ppUIContextData,
-    _Inout_ DWORD              *pdwUIContextDataSize)
+    _Out_ DWORD              *pdwUIContextDataSize)
 {
    static_cast<session*>(hSession)->m_method->get_ui_context(ppUIContextData, pdwUIContextDataSize);
 }
--- a/lib/TTLS_UI/include/Module.h
+++ b/lib/TTLS_UI/include/Module.h
@ -20,9 +20,6 @@
 namespace eap
 {
    ///
    /// TTLS UI peer
    ///
    class peer_ttls_ui;
 }
@ -35,6 +32,12 @@ namespace eap
 namespace eap
 {
    /// \addtogroup EAPBaseModule
    /// @{
    ///
    /// TTLS UI peer
    ///
    class peer_ttls_ui : public peer_ui
    {
    public:
@ -44,28 +47,17 @@ namespace eap
        peer_ttls_ui();
        ///
-        /// Makes a new method config
+        /// @copydoc eap::method::make_config_method()
        /// \returns This implementation always returns `eap::config_method_ttls` type of configuration
        ///
        virtual config_method* make_config_method();
        ///
        /// Converts XML into the configuration BLOB.
        ///
        /// \sa [EapPeerConfigXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363602.aspx)
        ///
        virtual void config_xml2blob(
            _In_  DWORD       dwFlags,
            _In_  IXMLDOMNode *pConfigRoot,
-            _Inout_ BYTE        **pConnectionDataOut,
+            _Out_ BYTE        **pConnectionDataOut,
-            _Inout_ DWORD       *pdwConnectionDataOutSize);
+            _Out_ DWORD       *pdwConnectionDataOutSize);
        ///
        /// Converts the configuration BLOB to XML.
        ///
        /// The configuration BLOB is returned in the `ppConnectionDataOut` parameter of the `EapPeerInvokeConfigUI` function.
        ///
        /// \sa [EapPeerConfigBlob2Xml function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363601.aspx)
        ///
        virtual void config_blob2xml(
            _In_                                   DWORD           dwFlags,
            _In_count_(dwConnectionDataSize) const BYTE            *pConnectionData,
@ -73,23 +65,13 @@ namespace eap
            _In_                                   IXMLDOMDocument *pDoc,
            _In_                                   IXMLDOMNode     *pConfigRoot);
        ///
        /// Raises the EAP method's specific connection configuration user interface dialog on the client.
        ///
        /// \sa [EapPeerInvokeConfigUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363614.aspx)
        ///
        virtual void invoke_config_ui(
            _In_                                     HWND  hwndParent,
            _In_count_(dwConnectionDataInSize) const BYTE  *pConnectionDataIn,
            _In_                                     DWORD dwConnectionDataInSize,
-            _Inout_                                  BYTE  **ppConnectionDataOut,
+            _Out_                                    BYTE  **ppConnectionDataOut,
-            _Inout_                                  DWORD *pdwConnectionDataOutSize);
+            _Out_                                    DWORD *pdwConnectionDataOutSize);
        ///
        /// Raises a custom interactive user interface dialog to obtain user identity information for the EAP method on the client.
        ///
        /// \sa [EapPeerInvokeIdentityUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363615.aspx)
        ///
        virtual void invoke_identity_ui(
            _In_                                   HWND   hwndParent,
            _In_                                   DWORD  dwFlags,
@ -97,15 +79,10 @@ namespace eap
            _In_                                   DWORD  dwConnectionDataSize,
            _In_count_(dwUserDataSize)       const BYTE   *pUserData,
            _In_                                   DWORD  dwUserDataSize,
-            _Inout_                                BYTE   **ppUserDataOut,
+            _Out_                                  BYTE   **ppUserDataOut,
-            _Inout_                                DWORD  *pdwUserDataOutSize,
+            _Out_                                  DWORD  *pdwUserDataOutSize,
-            _Inout_                                LPWSTR *ppwszIdentity);
+            _Out_                                  LPWSTR *ppwszIdentity);
        ///
        /// Raises a custom interactive user interface dialog for the EAP method on the client.
        ///
        /// \sa [EapPeerInvokeInteractiveUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363616.aspx)
        ///
        virtual void invoke_interactive_ui(
            _In_                                  HWND  hwndParent,
            _In_count_(dwUIContextDataSize) const BYTE  *pUIContextData,
@ -113,4 +90,6 @@ namespace eap
            _Inout_                               BYTE  **ppDataFromInteractiveUI,
            _Inout_                               DWORD *pdwDataFromInteractiveUISize);
    };
    /// @}
 }
--- a/lib/TTLS_UI/include/TTLS_UI.h
+++ b/lib/TTLS_UI/include/TTLS_UI.h
@ -18,14 +18,7 @@
    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 ///
 /// TTLS configuration panel
 ///
 class wxTTLSConfigPanel;
 ///
 /// TTLS configuration scrollable window
 ///
 class wxTTLSConfigWindow;
 #pragma once
@ -48,6 +41,12 @@ class wxTTLSConfigWindow;
 #include <Windows.h>
 /// \addtogroup EAPBaseGUI
 /// @{
 ///
 /// TTLS configuration panel
 ///
 class wxTTLSConfigPanel : public wxTTLSConfigPanelBase
 {
 public:
@ -69,6 +68,9 @@ protected:
 };
 ///
 /// TTLS configuration scrollable window
 ///
 class wxTTLSConfigWindow : public wxEAPConfigWindow
 {
 public:
@ -106,3 +108,5 @@ protected:
    eap::config_method_mschapv2 m_cfg_mschapv2;  ///< MSCHAPv2 configuration
    eap::config_method_eaphost  m_cfg_eaphost;   ///< Inner EAP configuration
 };
 /// @}
--- a/lib/TTLS_UI/src/Module.cpp
+++ b/lib/TTLS_UI/src/Module.cpp
@ -65,8 +65,8 @@ eap::config_method* eap::peer_ttls_ui::make_config_method()
 void eap::peer_ttls_ui::config_xml2blob(
    _In_  DWORD       dwFlags,
    _In_  IXMLDOMNode *pConfigRoot,
-    _Inout_ BYTE        **pConnectionDataOut,
+    _Out_ BYTE        **pConnectionDataOut,
-    _Inout_ DWORD       *pdwConnectionDataOutSize)
+    _Out_ DWORD       *pdwConnectionDataOutSize)
 {
    UNREFERENCED_PARAMETER(dwFlags);
@ -101,8 +101,8 @@ void eap::peer_ttls_ui::invoke_config_ui(
    _In_                                     HWND  hwndParent,
    _In_count_(dwConnectionDataInSize) const BYTE  *pConnectionDataIn,
    _In_                                     DWORD dwConnectionDataInSize,
-    _Inout_                                  BYTE  **ppConnectionDataOut,
+    _Out_                                    BYTE  **ppConnectionDataOut,
-    _Inout_                                  DWORD *pdwConnectionDataOutSize)
+    _Out_                                    DWORD *pdwConnectionDataOutSize)
 {
    // Unpack configuration.
    config_connection cfg(*this);
@ -149,9 +149,9 @@ void eap::peer_ttls_ui::invoke_identity_ui(
    _In_                                   DWORD  dwConnectionDataSize,
    _In_count_(dwUserDataSize)       const BYTE   *pUserData,
    _In_                                   DWORD  dwUserDataSize,
-    _Inout_                                BYTE   **ppUserDataOut,
+    _Out_                                  BYTE   **ppUserDataOut,
-    _Inout_                                DWORD  *pdwUserDataOutSize,
+    _Out_                                  DWORD  *pdwUserDataOutSize,
-    _Inout_                                LPWSTR *ppwszIdentity)
+    _Out_                                  LPWSTR *ppwszIdentity)
 {
    assert(ppwszIdentity);
--- a/lib/TTLS_UI/src/TTLS_UI.cpp
+++ b/lib/TTLS_UI/src/TTLS_UI.cpp
@ -1,21 +1,21 @@
-/*
+/*
    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
+    Copyright 2016 GÉANT
-    This file is part of GÉANTLink.
+    This file is part of GÉANTLink.
-    GÉANTLink is free software: you can redistribute it and/or modify it
+    GÉANTLink is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    GÉANTLink is distributed in the hope that it will be useful, but
+    GÉANTLink is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "StdAfx.h"
@ -37,6 +37,8 @@ wxTTLSConfigPanel::wxTTLSConfigPanel(const eap::config_provider &prov, eap::conf
 }
 /// \cond internal
 bool wxTTLSConfigPanel::TransferDataToWindow()
 {
    // Populate identity controls.
@ -90,6 +92,8 @@ void wxTTLSConfigPanel::OnUpdateUI(wxUpdateUIEvent& event)
    }
 }
 /// \endcond
 //////////////////////////////////////////////////////////////////////
 // wxTTLSConfigWindow
@ -159,6 +163,8 @@ wxTTLSConfigWindow::~wxTTLSConfigWindow()
 }
 /// \cond internal
 bool wxTTLSConfigWindow::TransferDataToWindow()
 {
    auto &cfg_ttls = dynamic_cast<eap::config_method_ttls&>(m_cfg);
@ -240,3 +246,5 @@ void wxTTLSConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
    event.Skip();
 }
 /// \endcond
--- a/lib/WinStd
+++ b/lib/WinStd
@ -1 +1 @@
-Subproject commit 64d0ae5e6951ec973f46b5eae6a5f7f41c001881
+Subproject commit 85ad07ece55cbfa40ab7538e89c7adf079443f53
--- a/lib/wxExtend
+++ b/lib/wxExtend
@ -1 +1 @@
-Subproject commit a7ea95bc9bf10ef6bd53796ebff89f33dc30fb85
+Subproject commit a6b34f122d140319ff70ac1185f3dace4f6b39d8
		`@ -1 +1 @@`
			`Subproject commit 64d0ae5e6951ec973f46b5eae6a5f7f41c001881`				`Subproject commit 85ad07ece55cbfa40ab7538e89c7adf079443f53`
		`@ -1 +1 @@`
			`Subproject commit a7ea95bc9bf10ef6bd53796ebff89f33dc30fb85`				`Subproject commit a6b34f122d140319ff70ac1185f3dace4f6b39d8`