revert changes to match 4.8.1 bundle

update docs for 4.8.1

.github/workflows/macos-check.yml

@@ -0,0 +1,28 @@
+name: macOS Build Test
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: brew
+      run: brew install automake libtool
+    - name: autogen
+      run: ./autogen.sh
+    - name: configure
+      run: ./configure
+    - name: make
+      run: make
+    - name: make check
+      run: make check
+    - name: make distcheck
+      run: make distcheck
+

.github/workflows/ubuntu-check.yml

@@ -0,0 +1,26 @@
+name: Ubuntu Build Test
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: autogen
+      run: ./autogen.sh
+    - name: configure
+      run: ./configure
+    - name: make
+      run: make
+    - name: make check
+      run: make check
+    - name: make distcheck
+      run: make distcheck
+

.github/workflows/windows-check.yml

@@ -0,0 +1,38 @@
+name: Windows Build Test
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+env:
+  # Path to the solution file relative to the root of the project.
+  SOLUTION_FILE_PATH: wolfssl64.sln
+
+  # Configuration type to build.
+  # You can convert this to a build matrix if you need coverage of multiple configuration types.
+  # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+  BUILD_CONFIGURATION: Release
+  BUILD_PLATFORM: x64
+
+jobs:
+  build:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Add MSBuild to PATH
+      uses: microsoft/setup-msbuild@v1
+
+    - name: Restore NuGet packages
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      run: nuget restore ${{env.SOLUTION_FILE_PATH}}
+
+    - name: Build
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      # Add additional options to the MSBuild command line here (like platform or verbosity level).
+      # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+

.gitignore

@@ -230,6 +230,7 @@ IDE/MDK-ARM/LPC43xx/LPC43xx/
 *.gcno
 *.gcda
 *.gcov
+*.dgcov
 !linuxkm/Makefile
 /Kbuild
 linuxkm/*.ko

CMakeLists.txt

@@ -28,7 +28,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 4.7.1 LANGUAGES C)
+project(wolfssl VERSION 4.8.1 LANGUAGES C)
 
 # shared library versioning
 # increment if interfaces have been added, removed or changed
@@ -180,6 +180,18 @@ find_package(Threads)
 #       - 32-bit mode
 #       - 16-bit mode
 
+# For reproducible build, gate out from the build anything that might
+# introduce semantically frivolous jitter, maximizing chance of
+# identical object files.
+set(WOLFSSL_REPRODUCIBLE_BUILD_HELP_STRING "Enable maximally reproducible build (default: disabled)")
+add_option("WOLFSSL_REPRODUCIBLE_BUILD" ${WOLFSSL_REPRODUCIBLE_BUILD_HELP_STRING} "no" "yes;no")
+
+if(WOLFSSL_REPRODUCIBLE_BUILD)
+    set(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Dqc <TARGET> <LINK_FLAGS> <OBJECTS>")
+    set(CMAKE_C_ARCHIVE_APPEND "<CMAKE_AR> Dq  <TARGET> <LINK_FLAGS> <OBJECTS>")
+    set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -D <TARGET>")
+endif()
+
 # Support for disabling all ASM
 set(WOLFSSL_ASM_HELP_STRING "Enables option for assembly (default: enabled)")
 add_option("WOLFSSL_ASM" ${WOLFSSL_ASM_HELP_STRING} "yes" "yes;no")

ChangeLog.md

@@ -1,3 +1,218 @@
+# wolfSSL Release 4.8.1 (July 16, 2021)
+Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
+
+### Vulnerabilities
+* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim for the report.
+
+
+# wolfSSL Release 4.8.0 (July 09, 2021)
+Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### Vulnerabilities
+* [Low] OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer, Roee, Barak, Hila and Shoshi (from Cymotive and CARIAD) for the report.
+* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. 
+
+### New Feature Additions
+###### New Product
+* Added wolfSentry build with --enable-wolfsentry and tie-ins to wolfSSL code for use with wolfSentry
+
+###### Ports
+* QNX CAAM driver added, supporting ECC black keys, CMAC, BLOBs, and TRNG use
+*  _WIN32_WCE wolfCrypt port added
+* INTIME_RTOS directory support added
+* Added support for STM32G0
+* Renesas RX: Added intrinsics for rot[rl], revl (thanks @rliebscher)
+* Added support for running wolfcrypt/test/testwolfcrypt on Dolphin emulator to test DEVKITPRO port
+* Zephyr project port updated to latest version 2.6.X
+
+###### ASN1 and PKCS
+* Storing policy constraint extension from certificate added
+* Added support for NID_favouriteDrink pilot
+* Added the API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key
+
+###### Compatibility Layer Additions
+* Open Source PORTS Added/Updated
+    - OpenVPN
+    - OpenLDAP
+    - socat-1.7.4.1
+    - Updated QT port for 5.15.2
+* Changes to extend set_cipher_list() compatibility layer API to have set_ciphersuites compatibility layer API capability
+* Added more support for SHA3 in the EVP layer
+* API Added
+    - MD5/MD5_Transform
+    - SHA/SHA_Transform/SHA1_Transform
+    - SHA224/SHA256_Transform/SHA512_Transform
+    - SSL_CTX_get0_param/SSL_CTX_set1_param
+    - X509_load_crl_file
+    - SSL_CTX_get_min_proto_version
+    - EVP_ENCODE_CTX_new
+    - EVP_ENCODE_CTX_free
+    - EVP_EncodeInit
+    - EVP_EncodeUpdate
+    - EVP_EncodeFinal
+    - EVP_DecodeInit
+    - EVP_DecodeUpdate
+    - EVP_DecodeFinal
+    - EVP_PKEY_print_public
+    - BIO_tell
+    - THREADID_current
+    - THREADID_hash
+    - SSL_CTX_set_ecdh_auto
+    - RAND_set_rand_method()
+    - X509_LOOKUP_ctrl()
+    - RSA_bits
+    - EC_curve_nist2nid
+    - EC_KEY_set_group
+    - SSL_SESSION_set_cipher
+    - SSL_set_psk_use_session_callback
+    - EVP_PKEY_param_check
+    - DH_get0_pqg
+    - CRYPTO_get_ex_new_index
+    - SSL_SESSION_is_resumable
+    - SSL_CONF_cmd
+    - SSL_CONF_CTX_finish
+    - SSL_CTX_keylog_cb_func
+    - SSL_CTX_set_keylog_callback
+    - SSL_CTX_get_keylog_callback
+
+###### Misc.
+* Added wolfSSL_CTX_get_TicketEncCtx getter function to return the ticket encryption ctx value
+* Added wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex APIs to accept an Aes object to use for the AES operations
+* Added implementation of AES-GCM streaming (--enable-aesgcm-stream)
+* Added deterministic generation of k with ECC following RFC6979 when the macro WOLFSL_ECDSA_DETERMINISTIC_K is defined and wc_ecc_set_deterministic function is called
+* Implemented wc_DsaParamsDecode and wc_DsaKeyToParamsDer
+* Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
+* Added crypto callback support for Ed/Curve25519 and SHA2-512/384
+* TLS 1.3 wolfSSL_key_update_response function added to see if a update response is needed
+
+### Fixes
+* Fix for detecting extra unused bytes that are in an ASN1 sequence appended to the end of a valid ECC signature
+* Fix for keyid with ktri CMS (breaks compatibility with previous keyid ASN1 syntax)
+* Fix for failed handshake if a client offers more than 150 cipher suites. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University
+* Fix for default order of deprecated elliptic curves SECP224R1, SECP192R1, SECP160R1. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University
+* Fix for corner TLS downgrade case where a TLS 1.3 setup that allows for downgrades but has TLS 1.3 set as the minimum version would still downgrade to TLS 1.2
+
+###### PKCS7 (Multiple fixes throughout regarding memory leaks with SMIME and heap buffer overflows due to streaming functionality)
+* Fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData
+* Fix for heap buffer overflow on compare with wc_PKCS7_DecryptKtri
+* Fix for heap buffer overflow with wc_PKCS7_VerifySignedData
+* Fix for heap buffer overflow with wc_PKCS7_DecodeEnvelopedData
+* Check size of public key used with certificate passed into wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow
+* Fix for heap buffer overflow fix for wolfSSL_SMIME_read_PKCS7
+* Fix to cleanly free memory in error state with wolfSSL_SMIME_read_PKCS7
+* SMIME error checking improvements and canonicalize multi-part messages before hashing
+
+###### DTLS Fixes
+* DTLS fix to correctly move the Tx sequence number forward
+* DTLS fix for sequence and epoch number with secure renegotiation cookie exchange
+* Fix for Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation
+
+###### PORT Fixes
+* Fix AES, aligned key for the HW module with DCP port
+* Fix ATECC608A TNGTLS certificate size issue (thanks @vppillai)
+* Fixes for mingw compile warnings
+* Fixes for NXP LTC ECC/RSA
+* Fix ESP32 RSA hw accelerator initialization issue
+* Fixes for STM32 PKA with ECC
+* Fixes for STM32 AES GCM for HAL's that support byte sized headers
+* Espressif ESP32 SHA_CTX macro conflict resolved
+
+###### Math Library Fixes
+* For platforms that support limits.h or windows make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set to avoid issues with CTC_SETTINGS
+* SP C 32/64: fix corner cases around subtraction affecting RSA PSS use
+* Fix to return the error code from sp_cond_swap_ct when malloc fails
+* Fix potential memory leak with small stack in the function fp_gcd
+* Static Analysis Fixes
+* Fixes made from Coverity analysis including:
+* Cleanups for some return values,
+* Fix for leak with wolfSSL_a2i_ASN1_INTEGER
+* Sanity check on length in wolfSSL_BN_rand
+* Sanity check size in TLSX_Parse catching a possible integer overflow
+* Fixes found with -fsanitize=undefined testing
+* Fix null dereferences or undefined memcpy calls
+* Fix alignment in myCryptoDevCb
+* Fix default DTLS context assignment
+* Added align configure option to force data alignment
+
+###### Misc.
+* Fix for wolfSSL_ASN1_TIME_adj set length
+* Fix for freeing structure on error case in the function AddTrustedPeer
+* Return value of SSL_read when called after bidirectional shutdown
+* Fix for build options ./configure --enable-dtls --disable-asn
+* FIx for detection of a salt length from an RSA PSS signature
+* Fix to free up globalRNGMutex mutex when cleaning up global RNG
+* Fix leak when multiple hardware names are in SAN
+* Fix nonblocking ret value from CRL I/O callbacks
+* Fix wolfSSL_BIO_free_all return type to better match for compatibility layer
+* Fix for make distcheck, maintainer-clean, to allow distribution builds
+* Fix for async with fragmented packets
+* Fix for the build or RSA verify or public only
+* Fix for return value of wolfSSL_BIO_set_ssl to better match expected compatibility layer return value
+* Fix for sanity checks on size of issuer hash and key along with better freeing on error cases with DecodeBasicOcspResponse
+* Fix for potential memory leak with wolfSSL_OCSP_cert_to_id
+
+### Improvements/Optimizations
+###### DTLS/TLS Code Base
+* Improved TLS v1.3 time rollover support
+* TLS 1.3 PSK: use the hash algorithm to choose cipher suite
+* TLS Extended Master Secret ext: TLS13 - send in second Client Hello if in first
+* TLS Encrypt then MAC: check all padding bytes are the same value
+* wolfSSL_GetMaxRecordSize updated to now take additional cipher data into account
+* Updated session export/import with DTLS to handle a new internal options flag
+* Refactored dtls_expected_peer_handshake_number handling
+* Added wolfSSL_CTX_get_ephemeral_key and wolfSSL_get_ephemeral_key for loading a constant key in place of an ephemeral one
+* Improved checking of XSNPRINTF return value in DecodePolicyOID
+
+###### Build Options and Warnings
+* Added wolfSSL_CTX_set_verify to the ABI list
+* Adjusted FP_ECC build to not allow SECP160R1, SECP160R2, SECP160K1 and SECP224K1. FP_ECC does not work with scalars that are the length of the order when the order is longer than the prime.
+* Added CMake support for CURVE25519, ED25519, CURVE448, and ED448
+* cmake addition to test paths when building
+* Added support for session tickets in CMake
+* Added support for reproducible builds with CMake
+* Turn on reproducible-build by default when enable-distro
+* Windows Project: Include the X448 and Ed448 files
+* GCC-11 compile time warning fixes
+* Fix for compiling build of ./configure '--disable-tlsv12' '-enable-pkcallbacks'
+* Added build error for insecure build combination of secure renegotiation enabled with extended master secret disabled when session resumption is enabled
+* Updated building and running with Apple M1
+* Apache httpd build without TLS 1.3 macro guard added
+* Enable SHA3 and SHAKE256 requirements automatically when ED448 is enabled
+* Added option for AES CBC cipher routines to return BAD_LENGTH_E when called with an input buffer length not a multiple of AES_BLOCK_SIZE
+* Macro WOLFSSL_SP_INT_DIGIT_ALIGN added for alignment on buffers with SP build. This was needed for compiler building on a Renesas board.
+* Build support with no hashes enabled an no RNG compiled in
+* Allow use of FREESCALE hardware RNG without a specific port
+* Resolved some warnings with Windows builds and PBKDF disabled
+* Updated the version of autoconf and automake along with fixes for some new GCC-10 warnings
+
+###### Math Libraries
+* SP: Thumb implementation that works with clang
+* SP math all: sp_cmp handling of negative values
+* SP C ECC: mont sub - always normalize after sub before check for add
+* TFM math library prime checking, added more error checks with small stack build
+* Sanity checks on 0 value with GCD math function
+* fp_exptmod_ct error checking and small stack variable free on error
+* Sanity check on supported digit size when calling mp_add_d in non fastmath builds
+* Support for mp_dump with SP Math ALL
+* WOLFSSL_SP_NO_MALLOC for both the normal SP build and small SP build now
+* WOLFSSL_SP_NO_DYN_STACK added for SP small code that is not small stack build to avoid dynamic stack
+
+###### PKCS 7/8
+* wc_PKCS7_DecodeCompressedData to optionally handle a packet without content wrapping
+* Added setting of content type parsed with PKCS7  wc_PKCS7_DecodeAuthEnvelopedData and wc_PKCS7_DecodeEnvelopedData
+* PKCS8 code improvements and refactoring
+
+###### Misc.
+* Sanity checks on null inputs to the functions wolfSSL_X509_get_serialNumber and wolfSSL_X509_NAME_print_ex
+* Added ARM CryptoCell support for importing public key with wc_ecc_import_x963_ex()
+* Improved checking for possible use of key->dp == NULL cases with ECC functions
+* Updated SHAKE256 to compile with NIST FIPS 202 standard and added support for OID values (thanks to strongX509)
+* Improved ECC operations when using WOLFSSL_NO_MALLOC
+* Added WOLFSSL_SNIFFER_FATAL_ERROR for an return value when sniffer is in a fatal state
+* Allow parsing spaces in Base64_SkipNewline
+* Issue callback when exceeding depth limit rather than error out with OPENSSL_EXTRA build
+* Added NXP LTC RSA key generation acceleration
+
 # wolfSSL Release 4.7.0 (February 16, 2021)
 Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
 

IDE/ECLIPSE/DEOS/README.md

@@ -1,71 +1,64 @@
-
-
 # Deos Port
+
 ## Overview
-You can enable the wolfSSL support for Deos RTOS available [here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using the `#define WOLFSSL_DEOS`.
-Deos is a time & space partitioned, multi-core enabled, DO-178C DAL A certifiable RTOS.
+
+You can enable the wolfSSL support for Deos RTOS available
+[here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using
+the `#define WOLFSSL_DEOS`.  Deos is a time & space partitioned,
+multi-core enabled, DO-178C DAL A certifiable RTOS.
+
 ## Usage
 
-You can start with your OpenArbor IDE-based example project for Deos with the network stack (lwip) to integrate wolfSSL source code.
+You can start with your OpenArbor IDE-based example project for Deos
+with the network stack (lwip) to integrate wolfSSL source code.
 
-wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/DEOS/user_settings.h` file.
+wolfSSL supports a compile-time user configurable options in the
+`IDE/ECLIPSE/DEOS/user_settings.h` file.
 
-The `tls_wolfssl.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. You can undefine any of these macro options to run a test.
-```
-       1. #undef NO_CRYPT_TEST
-       2. #undef NO_CRYPT_BENCHMARK
-       3. #undef NO_WOLFSSL_CLIENT
-       4. #undef NO_WOLFSSL_SERVER
-```
-Do one of the following steps for building and running wolfSSL with the Deos kernel examples, which are included in the DDS release:
-If you want to create a project from scratch, skip the Importing the project section and follow the steps in the other sections.
+### Importing the project
 
-If you want to use an pre-configured example project, go to the Importing the project section, skip the other sections and follow the Building and Running section.
-
-#### Importing the project
 In this section you will import a pre-configured example project.
+
+Note: To work wolfssl directory must not be under the workspace directory.
+
 1. Launch the OpenArbor IDE as an administrator
-2. In the Workspace Launcher dialog, in the Workspace field, enter your
-workspace
+2. In the Workspace Launcher dialog, in the Workspace field, enter
+   your workspace
 3. Right-click in the Project Explorer view and select Import
-4. In the Import dialog, select General > Existing Projects into Workspace, then click Next.
-5. In the Import Projects dialog, select Select archive file, then browse to `IDE/ECLIPSE/DEOS/` and double-click `deosWolfssl.zip` file
+4. In the Import dialog, select General > Existing Projects into
+   Workspace, then click Next.
+5. In the Import Projects dialog, select `Select root directory` and
+   browse to `IDE/ECLIPSE/DEOS/deos_wolfssl` and select the wolfssl
+   project
 6. In the Import Projects dialog, click Finish
 
+#### Dependencies
+
+* ansi
+* gnu-language
+* deos-time
+
+### Setting up a Deos project with wolfSSL
+
+The `tls_wolfssl.c` example application provides a simple function to
+run the selected examples at compile time through the following four
+`#defines` in `user_settings.h`. You can undefine any of these macro
+options to run a test.
 
-#### Setting up a Deos project with wolfSSL
- 1. Download the wolfSSL source code or a zip file from GitHub. You can remove all of the files except for these folders and its contents. The top folder for this example is wolfsslPort.
 ```
-wolfsslPort
-      |-- IDE
-          | -- ECLIPSE
-               | -- DEOS
-      |-- src
-      |-- wolfcrypt
-          | -- benchmark
-          | -- src
-          | -- test
-      |-- wolfssl
-          |-- openssl
-          |-- wolfcrypt
-              |-- port
+#undef NO_CRYPT_TEST
+#undef NO_CRYPT_BENCHMARK
+#undef NO_WOLFSSL_CLIENT
+#undef NO_WOLFSSL_SERVER
 ```
- 2. Remove these two platform specific assembly source files:
-    -   wolfsslPort/wolfcrypt/src/aes_asm.asm
-    -   wolfsslPort/wolfcrypt/src/aes_asm.S
 
- 3. Launch the OpenArbor IDE as an administrator
- 4. Create a DDC-I Deos example project. In the main menu, go to File >DDC-I Deos example project > socket > udp-vs-tcp
- 5. Import the `wolfSSLPort` source code into your project.
-    -   Right-click the ` udp-vs-tcp` project and choose File -> Import.
-    -   Expand the General folder and select File System, then click Next. You should now see the Import File system dialog.
-    -   Browse to the location containing the wolfSSL code and choose OK. Select the `wolfsslPort` folder and check the `Create top-level folder` button, then select Finish. You should see the folder hierarchy the same as wolfSSL folder structures.
-6. Review the configuration in $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h
+1. Launch the OpenArbor IDE
 
-7.  Review the custom malloc/realloc/free configuration $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/deos_malloc.c . Memory allocated with malloc() is never freed.
+2. Create a DDC-I Deos example project. In the main menu, go to File >
+   DDC-I Deos example project > socket > udp-vs-tcp
+
+3. Customize your config/udp-vs-tcp.pd.xml with the following changes:
 
-#### Configuring the Deos Project
- 1. Customize your config/udp-vs-tcp.pd.xml with the following changes:
 ```
 <processTemplate
      mutexQuota = "5"
@@ -90,35 +83,54 @@ wolfsslPort
 
 </processTemplate>
 ```
-Depending on your configuration, wolfSSL uses upto four mutexes. You also need to configure enough memory for the stack of each threads and the process logical memory pool.
 
+Depending on your configuration, wolfSSL uses upto four mutexes. You
+also need to configure enough memory for the stack of each threads and
+the process logical memory pool.
+
+4. Right click on the `udp-vs-tcp` project, select properties and add
+   the following macros in the DDC-I Options > C Compile >
+   Preprocessor
+
+  * WOLFSSL_USER_SETTINGS
+
+5.  Add the following directory paths in the DDC-I Options > C Compile >
+    Directories and in the DDC-I Options > C++ Compile > Directories
+
+  * $(PROJECT_DIR.wolfssl)/../../../..
+  * $(PROJECT_DIR.wolfssl)/..
+  * $(PROJECT_DIR.printx)/code
+
+6.  Add the following library dependencies in the
+    DDC-I Options > Deos > Dependencies
+
+  * math
+  * ansi
+  * deos-time
+
+  For benchmark and test code:
+
+    * printx - You must add printx into your workspace, File >DDC-I
+      Deos example project > training > printx
+
+7.  Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to
+    customize your configuration. For example, you can undef or define
+    these tests.
+
+ * `#undef NO_CRYPT_TEST`
+ * `#undef NO_CRYPT_BENCHMARK`
+ * `#undef NO_WOLFSSL_CLIENT`
+ * `#undef NO_WOLFSSL_SERVER`
+
+8.  Edit your application source file where main() thread is defined
+and add the following:
+
+  * #include "printx.h"
+  * #include "tls_wolfssl.h"
+  * and a call to `wolfsslRunTests()`
 
- 2. Right click on the `udp-vs-tcp` project, select properties and add the following macros in the DDC-I Options > C Compile > Preprocessor
-      -   DEOS_ALLOW_OBSOLETE_DEFINITIONS
-      -   WOLFSSL_USER_SETTINGS
- 3.  Add the following directory paths in the DDC-I Options > C Compile > Directories and in the DDC-I Options > C++ Compile > Directories
-      -   $(PROJECT_DIR)/wolfsslPort
-      -   $(PROJECT_DIR)/wolfsslPort/wolfssl
-      -   $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS
-      -   $(PROJECT_DIR.printx)/code
- 4.  Change the optimization level in the DDC-I Options > C Compile > Code Generation > Optimization level:g
-      -   g
- 5.  Add the following library dependencies in the DDC-I Options > Deos > Dependencies
-      -   math
-      -   dart
-      -   ansi
-      -   printx
-          - You must add printx into your workspace, File >DDC-I Deos example project > training > printx
- 6.  Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to customize your configuration. For example, you can undef or define these tests.
-      -   #undef NO_CRYPT_TEST
-      -   #undef NO_CRYPT_BENCHMARK
-      -   #undef NO_WOLFSSL_CLIENT
-      -   #undef NO_WOLFSSL_SERVER
- 7.  Edit your application source file where main() thread is defined and add the following:
-      -   #include "printx.h"
-      -   #include "tls_wolfssl.h"
-      -   and a call to `wolfsslRunTests()`
 Here's an example:
+
 ```
 #include <deos.h>
 #include <printx.h>
@@ -137,7 +149,10 @@ int main(void)
 }
 
 ```
- 8.  Review $(PROJECT_DIR)/udp-vs-tcp/mailbox-transport.config configuration.
+
+9.  Review `$(PROJECT_DIR)/udp-vs-tcp/mailbox-transport.config`
+    configuration.
+
 ```
 transportConfigurationId
 2                              # Client thread quota - for client and server TCP
@@ -166,45 +181,62 @@ userServiceThread              # Server thread template name
 /
 ```
 
-   #### Building and Running
- 1.  Build your project, then load and run your image on a target platform. Review the test results on the console output.
+#### Building and Running
+
+1.  Build your project, then load and run your image on a target
+    platform. Review the test results on the console output.
 
 
 ### `wolfcrypt_test()`
-wolfcrypt_test() prints a message on the target console similar to the following output:
+
+`wolfcrypt_test()` prints a message on similar to the following:
+
 ```
 error    test passed!
 base64   test passed!
 asn      test passed!
 ...
 ```
+
 This example doesn't show the whole output.
 
 ### `benchmark_test()`
-benchmark_test() prints a message on the target console similar to the following output.
+
+`benchmark_test()` prints a message on the similar to the following:
 
 ```
 ------------------------------------------------------------------------------
- wolfSSL version 3.15.5
+wolfSSL version 4.6.0
 ------------------------------------------------------------------------------
 wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
-RNG               225 KB tooks 1.026 seconds,  219.313 KB/s
-AES-128-CBC-enc    250 KB toks 1.105 seconds  226.210 KB/s
-AES-128-CBC-dec    225 KB tooks 1.005 seconds,  223.922 KB/s
+RNG                  2 MB took 1.000 seconds,    2.124 MB/s
+AES-128-CBC-enc      5 MB took 1.000 seconds,    5.127 MB/s
+AES-128-CBC-dec      5 MB took 1.000 seconds,    4.907 MB/s
+AES-192-CBC-enc      5 MB took 1.000 seconds,    4.736 MB/s
+AES-192-CBC-dec      5 MB took 1.000 seconds,    4.761 MB/s
 ...
 ```
+
 This example doesn't show the whole output.
 
 ### `wolfssl_client_test()`
 
-You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros in the `tls_wolfssl.c` file to configure the host address and port. You will also need to define the server certificate. The example client uses the GET request to get a web resource from the server at https://google.com.
+You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros
+in the `tls_wolfssl.c` file to configure the host address and
+port. You will also need to define the server certificate. The example
+client uses the GET request to get a web resource from the server at
+https://google.com.
 
 ### `wolfssl_server_test()`
 
-You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to configure the port number to listen on a local-host.
-Once you start the TLS server and `Listening for client connection` displays on the serial console, the server is ready to accept client connections.
+You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to
+configure the port number to listen on a local-host.  Once you start
+the TLS server and `Listening for client connection` displays on the
+serial console, the server is ready to accept client connections.
+
+You can connect to the server using the wolfssl TLS client example
+from your Linux or Windows host as follows:
 
-You can connect to the server using the wolfssl TLS client example from your Linux or Windows host as follows:
 ```
 $ ./examples/client/client.exe -h TLS_SERVER_IP_ADDRESS
 
@@ -218,8 +250,10 @@ I hear ya fa shizzle!
 
 ## References
 
-The test results were collected from the qemu-x86 reference platform target with the following software and tool chains:
-- OpenArbor, eclipse based IDE, toolVersion = "3.31.0"
+The following software and tool chains were used for testing:
+
+- OpenArbor 7.0.0
 - wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
 
-For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)
+For more information or questions, please email
+[support@wolfssl.com](mailto:support@wolfssl.com)

IDE/ECLIPSE/DEOS/deos_malloc.c

@@ -19,27 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 #include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/ssl.h>
-
-#define ROUND_UP(x, align)  (((int) (x) + (align - 1)) & ~(align - 1))
-#define SIZEOF_HEADER sizeof(size_t)  /* tracks size of allocated block */
-
-#define HEAP_SIZE_MAX   (1*1024*1024)
-
-static size_t allocatedMemory = 0;
-
-size_t getMemAllocatedSize_deos(size_t* size){
-
-    if (size)
-        *size = allocatedMemory;
-
-    return allocatedMemory;
-}
-
-/* Simply returns without freeing any memory. */
+#include <wolfssl/wolfcrypt/types.h>
+#include <deos.h>
 
 void free_deos(void *ptr) {
-    //printf("fake free_deos()\n");
+    free(ptr);
     return;
 }
 
@@ -51,10 +35,6 @@ void *realloc_deos(void *ptr, size_t size) {
     newptr = malloc_deos(size);
 
     if (ptr != NULL && newptr != NULL) {
-
-        if ( *((char *)ptr - SIZEOF_HEADER) < *((char *)newptr - SIZEOF_HEADER))
-            size = *((char *)ptr - SIZEOF_HEADER);
-
         XMEMCPY((char *) newptr, (const char *) ptr, size);
         free_deos(ptr);
     }
@@ -63,46 +43,5 @@ void *realloc_deos(void *ptr, size_t size) {
 }
 
 void *malloc_deos(size_t size) {
-    PDEOS_SYSTEM_INFO systemInfoPtr;
-    static VirtualAddressTYP heapAddr = NULL;
-    static VirtualAddressTYP freeAddr = NULL;
-    VirtualAddressTYP retAddr = NULL;
-    DWORD allocationSize = 0;
-    static int initialized = 0;
-
-    if (size <= 0)
-        return NULL;
-
-    if (!initialized) {
-        systemInfoPtr = (PDEOS_SYSTEM_INFO)getSystemInfoDEOS();
-        freeAddr = (VirtualAddressTYP)getNextLibraryStartAddress();
-        allocationSize = (((HEAP_SIZE_MAX - 1) / systemInfoPtr->dwPageSize) + 1) *
-                         systemInfoPtr->dwPageSize;
-
-        if (virtualAllocDEOS(freeAddr, allocationSize) != allocSuccess){
-            printf("ERROR: virtualAllocDEOS failed\n");
-            return NULL;
-        }
-
-        setNextLibraryStartAddress(freeAddr + allocationSize);
-        heapAddr = freeAddr;
-
-        initialized = 1;
-    }
-
-    size = ROUND_UP(size, sizeof(size_t));
-
-    if ((size + SIZEOF_HEADER) > (HEAP_SIZE_MAX - (freeAddr - heapAddr))){
-        printf("ERROR: malloc_deos cannot allocate from heap memory anymore\n");
-        return NULL;
-    }
-
-    *freeAddr = size;
-    freeAddr += SIZEOF_HEADER;
-    retAddr = freeAddr;
-    XMEMSET(retAddr, 0, size);
-    freeAddr += size;
-    allocatedMemory += size;
-
-    return retAddr;
+  return malloc(size);
 }

IDE/ECLIPSE/DEOS/deos_wolfssl/.cproject

@@ -0,0 +1,344 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
+	<storageModule moduleId="org.eclipse.cdt.core.settings">
+		<cconfiguration id="org.eclipse.cdt.core.default.config.472844465">
+			<storageModule buildSystemId="org.eclipse.cdt.core.defaultConfigDataProvider" id="org.eclipse.cdt.core.default.config.472844465" moduleId="org.eclipse.cdt.core.settings" name="Configuration">
+				<externalSettings/>
+				<extensions/>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
+	<storageModule moduleId="org.eclipse.cdt.core.pathentry">
+		<pathentry base-path="C:/DDC-I/desk/ppc/include" include="./" kind="inc" path="" system="true"/>
+		<pathentry base-path="C:/DDC-I/desk/include" include="./" kind="inc" path="" system="true"/>
+		<pathentry base-path="C:/" include="./" kind="inc" path="" system="true"/>
+		<pathentry kind="mac" name="DIAGNOSTIC" path="" value=""/>
+		<pathentry kind="mac" name="WOLFSSL_USER_SETTINGS" path="" value=""/>
+		<pathentry kind="mac" name="__OpenArbor_editor" path="" value=""/>
+		<pathentry kind="mac" name="__DBL_MIN_EXP__" path="" value="(-1021)"/>
+		<pathentry kind="mac" name="__FLT32X_MAX_EXP__" path="" value="1024"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmsubmsp" path="" value="__builtin_vsx_xvmsubsp"/>
+		<pathentry kind="mac" name="__UINT_LEAST16_MAX__" path="" value="0xffff"/>
+		<pathentry kind="mac" name="__ATOMIC_ACQUIRE" path="" value="2"/>
+		<pathentry kind="mac" name="__FLT_MIN__" path="" value="1.1754943508222875e-38F"/>
+		<pathentry kind="mac" name="__GCC_IEC_559_COMPLEX" path="" value="2"/>
+		<pathentry kind="mac" name="__UINT_LEAST8_TYPE__" path="" value="unsigned char"/>
+		<pathentry kind="mac" name="__INTMAX_C(c)" path="" value="c ## LL"/>
+		<pathentry kind="mac" name="__CHAR_BIT__" path="" value="8"/>
+		<pathentry kind="mac" name="__UINT8_MAX__" path="" value="0xff"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmaddadp" path="" value="__builtin_vsx_xvnmadddp"/>
+		<pathentry kind="mac" name="__WINT_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__FLT32_MIN_EXP__" path="" value="(-125)"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxlnor" path="" value="__builtin_vec_nor"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmsubmdp" path="" value="__builtin_vsx_xvnmsubdp"/>
+		<pathentry kind="mac" name="__ORDER_LITTLE_ENDIAN__" path="" value="1234"/>
+		<pathentry kind="mac" name="__SIZE_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__WCHAR_MAX__" path="" value="0x7fffffffL"/>
+		<pathentry kind="mac" name="__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1" path="" value="1"/>
+		<pathentry kind="mac" name="__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2" path="" value="1"/>
+		<pathentry kind="mac" name="__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4" path="" value="1"/>
+		<pathentry kind="mac" name="__DBL_DENORM_MIN__" path="" value="((double)4.9406564584124654e-324L)"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_CHAR_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__GCC_IEC_559" path="" value="2"/>
+		<pathentry kind="mac" name="__FLT32X_DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__FLT_EVAL_METHOD__" path="" value="0"/>
+		<pathentry kind="mac" name="__unix__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_CHAR32_T_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="pixel" path="" value="pixel"/>
+		<pathentry kind="mac" name="bool" path="" value="bool"/>
+		<pathentry kind="mac" name="__UINT_FAST64_MAX__" path="" value="0xffffffffffffffffULL"/>
+		<pathentry kind="mac" name="__SIG_ATOMIC_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__DBL_MIN_10_EXP__" path="" value="(-307)"/>
+		<pathentry kind="mac" name="__FINITE_MATH_ONLY__" path="" value="0"/>
+		<pathentry kind="mac" name="__GNUC_PATCHLEVEL__" path="" value="0"/>
+		<pathentry kind="mac" name="__FLT32_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmaddasp" path="" value="__builtin_vsx_xvnmaddsp"/>
+		<pathentry kind="mac" name="__UINT_FAST8_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__has_include(STR)" path="" value="__has_include__(STR)"/>
+		<pathentry kind="mac" name="__DEC64_MAX_EXP__" path="" value="385"/>
+		<pathentry kind="mac" name="__INT8_C(c)" path="" value="c"/>
+		<pathentry kind="mac" name="__INT_LEAST8_WIDTH__" path="" value="8"/>
+		<pathentry kind="mac" name="__UINT_LEAST64_MAX__" path="" value="0xffffffffffffffffULL"/>
+		<pathentry kind="mac" name="__SHRT_MAX__" path="" value="0x7fff"/>
+		<pathentry kind="mac" name="__LDBL_MAX__" path="" value="1.7976931348623157e+308L"/>
+		<pathentry kind="mac" name="__UINT_LEAST8_MAX__" path="" value="0xff"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_BOOL_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="_ARCH_PPC" path="" value="1"/>
+		<pathentry kind="mac" name="__UINTMAX_TYPE__" path="" value="long long unsigned int"/>
+		<pathentry kind="mac" name="__DEC32_EPSILON__" path="" value="1E-6DF"/>
+		<pathentry kind="mac" name="__FLT_EVAL_METHOD_TS_18661_3__" path="" value="0"/>
+		<pathentry kind="mac" name="__CHAR_UNSIGNED__" path="" value="1"/>
+		<pathentry kind="mac" name="__UINT32_MAX__" path="" value="0xffffffffUL"/>
+		<pathentry kind="mac" name="__LDBL_MAX_EXP__" path="" value="1024"/>
+		<pathentry kind="mac" name="__WINT_MIN__" path="" value="0U"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmaddmdp" path="" value="__builtin_vsx_xvmadddp"/>
+		<pathentry kind="mac" name="__builtin_vsx_vperm" path="" value="__builtin_vec_perm"/>
+		<pathentry kind="mac" name="__INT_LEAST16_WIDTH__" path="" value="16"/>
+		<pathentry kind="mac" name="__SCHAR_MAX__" path="" value="0x7f"/>
+		<pathentry kind="mac" name="__WCHAR_MIN__" path="" value="(-__WCHAR_MAX__ - 1)"/>
+		<pathentry kind="mac" name="vector" path="" value="vector"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmsubmsp" path="" value="__builtin_vsx_xvnmsubsp"/>
+		<pathentry kind="mac" name="__INT64_C(c)" path="" value="c ## LL"/>
+		<pathentry kind="mac" name="__DBL_DIG__" path="" value="15"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_POINTER_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__SIZEOF_INT__" path="" value="4"/>
+		<pathentry kind="mac" name="__SIZEOF_POINTER__" path="" value="4"/>
+		<pathentry kind="mac" name="__USER_LABEL_PREFIX__" path="" value=""/>
+		<pathentry kind="mac" name="__STDC_HOSTED__" path="" value="1"/>
+		<pathentry kind="mac" name="__LDBL_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmaddmsp" path="" value="__builtin_vsx_xvmaddsp"/>
+		<pathentry kind="mac" name="__FLT32_DIG__" path="" value="6"/>
+		<pathentry kind="mac" name="__FLT_EPSILON__" path="" value="1.1920928955078125e-7F"/>
+		<pathentry kind="mac" name="__SHRT_WIDTH__" path="" value="16"/>
+		<pathentry kind="mac" name="_CALL_SYSV" path="" value="1"/>
+		<pathentry kind="mac" name="__LDBL_MIN__" path="" value="2.2250738585072014e-308L"/>
+		<pathentry kind="mac" name="__STDC_UTF_16__" path="" value="1"/>
+		<pathentry kind="mac" name="__DEC32_MAX__" path="" value="9.999999E96DF"/>
+		<pathentry kind="mac" name="__FLT32X_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__INT32_MAX__" path="" value="0x7fffffffL"/>
+		<pathentry kind="mac" name="__INT_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__SIZEOF_LONG__" path="" value="4"/>
+		<pathentry kind="mac" name="__UINT16_C(c)" path="" value="c"/>
+		<pathentry kind="mac" name="__PTRDIFF_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__FLT64_EPSILON__" path="" value="2.2204460492503131e-16F64"/>
+		<pathentry kind="mac" name="__INTMAX_WIDTH__" path="" value="64"/>
+		<pathentry kind="mac" name="__has_include_next(STR)" path="" value="__has_include_next__(STR)"/>
+		<pathentry kind="mac" name="__LDBL_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_MANT_DIG__" path="" value="53"/>
+		<pathentry kind="mac" name="__GNUC__" path="" value="7"/>
+		<pathentry kind="mac" name="__FLT_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__SIZEOF_LONG_DOUBLE__" path="" value="8"/>
+		<pathentry kind="mac" name="__BIGGEST_ALIGNMENT__" path="" value="16"/>
+		<pathentry kind="mac" name="__FLT64_MAX_10_EXP__" path="" value="308"/>
+		<pathentry kind="mac" name="__DBL_MAX__" path="" value="((double)1.7976931348623157e+308L)"/>
+		<pathentry kind="mac" name="__INT_FAST32_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__DBL_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmaddmdp" path="" value="__builtin_vsx_xvnmadddp"/>
+		<pathentry kind="mac" name="__DEC32_MIN_EXP__" path="" value="(-94)"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxlandc" path="" value="__builtin_vec_andc"/>
+		<pathentry kind="mac" name="__INTPTR_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__FLT32X_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__INT_FAST16_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__LDBL_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__DEC128_MAX__" path="" value="9.999999999999999999999999999999999E6144DL"/>
+		<pathentry kind="mac" name="__INT_LEAST32_MAX__" path="" value="0x7fffffffL"/>
+		<pathentry kind="mac" name="__DEC32_MIN__" path="" value="1E-95DF"/>
+		<pathentry kind="mac" name="__DBL_MAX_EXP__" path="" value="1024"/>
+		<pathentry kind="mac" name="__WCHAR_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__FLT32_MAX__" path="" value="3.4028234663852886e+38F32"/>
+		<pathentry kind="mac" name="__DEC128_EPSILON__" path="" value="1E-33DL"/>
+		<pathentry kind="mac" name="__PTRDIFF_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__FLT32_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__LONG_LONG_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__SIZEOF_SIZE_T__" path="" value="4"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmaddmsp" path="" value="__builtin_vsx_xvnmaddsp"/>
+		<pathentry kind="mac" name="__PPC__" path="" value="1"/>
+		<pathentry kind="mac" name="__SIZEOF_WINT_T__" path="" value="4"/>
+		<pathentry kind="mac" name="__LONG_LONG_WIDTH__" path="" value="64"/>
+		<pathentry kind="mac" name="__FLT32_MAX_EXP__" path="" value="128"/>
+		<pathentry kind="mac" name="__GXX_ABI_VERSION" path="" value="1011"/>
+		<pathentry kind="mac" name="__FLT_MIN_EXP__" path="" value="(-125)"/>
+		<pathentry kind="mac" name="__INT_FAST64_TYPE__" path="" value="long long int"/>
+		<pathentry kind="mac" name="__FP_FAST_FMAF" path="" value="1"/>
+		<pathentry kind="mac" name="__FP_FAST_FMAL" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_DENORM_MIN__" path="" value="4.9406564584124654e-324F64"/>
+		<pathentry kind="mac" name="__DBL_MIN__" path="" value="((double)2.2250738585072014e-308L)"/>
+		<pathentry kind="mac" name="__FLT32X_EPSILON__" path="" value="2.2204460492503131e-16F32x"/>
+		<pathentry kind="mac" name="__FLT64_MIN_EXP__" path="" value="(-1021)"/>
+		<pathentry kind="mac" name="__FLT64_MIN_10_EXP__" path="" value="(-307)"/>
+		<pathentry kind="mac" name="__DEC128_MIN__" path="" value="1E-6143DL"/>
+		<pathentry kind="mac" name="__REGISTER_PREFIX__" path="" value=""/>
+		<pathentry kind="mac" name="__UINT16_MAX__" path="" value="0xffff"/>
+		<pathentry kind="mac" name="__DBL_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxland" path="" value="__builtin_vec_and"/>
+		<pathentry kind="mac" name="__FLT32_MIN__" path="" value="1.1754943508222875e-38F32"/>
+		<pathentry kind="mac" name="__UINT8_TYPE__" path="" value="unsigned char"/>
+		<pathentry kind="mac" name="__NO_INLINE__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT_MANT_DIG__" path="" value="24"/>
+		<pathentry kind="mac" name="__LDBL_DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__VERSION__" path="" value="&quot;7.3.0&quot;"/>
+		<pathentry kind="mac" name="__UINT64_C(c)" path="" value="c ## ULL"/>
+		<pathentry kind="mac" name="__BIG_ENDIAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_INT_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__pixel" path="" value="__attribute__((altivec(pixel__))) unsigned short"/>
+		<pathentry kind="mac" name="__FLT32_MANT_DIG__" path="" value="24"/>
+		<pathentry kind="mac" name="__FLOAT_WORD_ORDER__" path="" value="__ORDER_BIG_ENDIAN__"/>
+		<pathentry kind="mac" name="__SCHAR_WIDTH__" path="" value="8"/>
+		<pathentry kind="mac" name="__INT32_C(c)" path="" value="c ## L"/>
+		<pathentry kind="mac" name="__DEC64_EPSILON__" path="" value="1E-15DD"/>
+		<pathentry kind="mac" name="__ORDER_PDP_ENDIAN__" path="" value="3412"/>
+		<pathentry kind="mac" name="__DEC128_MIN_EXP__" path="" value="(-6142)"/>
+		<pathentry kind="mac" name="__FLT32_MAX_10_EXP__" path="" value="38"/>
+		<pathentry kind="mac" name="__INT_FAST32_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__UINT_LEAST16_TYPE__" path="" value="short unsigned int"/>
+		<pathentry kind="mac" name="unix" path="" value="1"/>
+		<pathentry kind="mac" name="__INT16_MAX__" path="" value="0x7fff"/>
+		<pathentry kind="mac" name="__SIZE_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__UINT64_MAX__" path="" value="0xffffffffffffffffULL"/>
+		<pathentry kind="mac" name="__INT8_TYPE__" path="" value="signed char"/>
+		<pathentry kind="mac" name="__ELF__" path="" value="1"/>
+		<pathentry kind="mac" name="__HAVE_BSWAP__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT_RADIX__" path="" value="2"/>
+		<pathentry kind="mac" name="__INT_LEAST16_TYPE__" path="" value="short int"/>
+		<pathentry kind="mac" name="__LDBL_EPSILON__" path="" value="2.2204460492503131e-16L"/>
+		<pathentry kind="mac" name="__UINTMAX_C(c)" path="" value="c ## ULL"/>
+		<pathentry kind="mac" name="__SIG_ATOMIC_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_WCHAR_T_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__SIZEOF_PTRDIFF_T__" path="" value="4"/>
+		<pathentry kind="mac" name="__FLT32X_MANT_DIG__" path="" value="53"/>
+		<pathentry kind="mac" name="__FLT32X_MIN_EXP__" path="" value="(-1021)"/>
+		<pathentry kind="mac" name="__DEC32_SUBNORMAL_MIN__" path="" value="0.000001E-95DF"/>
+		<pathentry kind="mac" name="__INT_FAST16_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__vector" path="" value="__attribute__((altivec(vector__)))"/>
+		<pathentry kind="mac" name="__FLT64_DIG__" path="" value="15"/>
+		<pathentry kind="mac" name="__UINT_FAST32_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__UINT_LEAST64_TYPE__" path="" value="long long unsigned int"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmsubadp" path="" value="__builtin_vsx_xvmsubdp"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxsel" path="" value="__builtin_vec_sel"/>
+		<pathentry kind="mac" name="__FLT_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__bool" path="" value="__attribute__((altivec(bool__))) unsigned"/>
+		<pathentry kind="mac" name="__FLT_MAX_10_EXP__" path="" value="38"/>
+		<pathentry kind="mac" name="__LONG_MAX__" path="" value="0x7fffffffL"/>
+		<pathentry kind="mac" name="__DEC128_SUBNORMAL_MIN__" path="" value="0.000000000000000000000000000000001E-6143DL"/>
+		<pathentry kind="mac" name="__FLT_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__unix" path="" value="1"/>
+		<pathentry kind="mac" name="__UINT_FAST16_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__DEC64_MAX__" path="" value="9.999999999999999E384DD"/>
+		<pathentry kind="mac" name="__INT_FAST32_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__CHAR16_TYPE__" path="" value="short unsigned int"/>
+		<pathentry kind="mac" name="__PRAGMA_REDEFINE_EXTNAME" path="" value="1"/>
+		<pathentry kind="mac" name="__SIZE_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__INT_LEAST16_MAX__" path="" value="0x7fff"/>
+		<pathentry kind="mac" name="__DEC64_MANT_DIG__" path="" value="16"/>
+		<pathentry kind="mac" name="__INT64_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__UINT_LEAST32_MAX__" path="" value="0xffffffffUL"/>
+		<pathentry kind="mac" name="__FLT32_DENORM_MIN__" path="" value="1.4012984643248171e-45F32"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_LONG_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__SIG_ATOMIC_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__INT_LEAST64_TYPE__" path="" value="long long int"/>
+		<pathentry kind="mac" name="__INT16_TYPE__" path="" value="short int"/>
+		<pathentry kind="mac" name="__INT_LEAST8_TYPE__" path="" value="signed char"/>
+		<pathentry kind="mac" name="__STDC_VERSION__" path="" value="201112L"/>
+		<pathentry kind="mac" name="__DEC32_MAX_EXP__" path="" value="97"/>
+		<pathentry kind="mac" name="_BIG_ENDIAN" path="" value="1"/>
+		<pathentry kind="mac" name="__INT_FAST8_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__INTPTR_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__FLT64_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__PPC" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT32_MIN_10_EXP__" path="" value="(-37)"/>
+		<pathentry kind="mac" name="__FLT32X_DIG__" path="" value="15"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmsubasp" path="" value="__builtin_vsx_xvmsubsp"/>
+		<pathentry kind="mac" name="__LDBL_MANT_DIG__" path="" value="53"/>
+		<pathentry kind="mac" name="__svr4__" path="" value="1"/>
+		<pathentry kind="mac" name="__DBL_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__SIG_ATOMIC_MIN__" path="" value="(-__SIG_ATOMIC_MAX__ - 1)"/>
+		<pathentry kind="mac" name="__INTPTR_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__UINT16_TYPE__" path="" value="short unsigned int"/>
+		<pathentry kind="mac" name="__WCHAR_TYPE__" path="" value="long int"/>
+		<pathentry kind="mac" name="__SIZEOF_FLOAT__" path="" value="4"/>
+		<pathentry kind="mac" name="__UINTPTR_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__INT_FAST64_WIDTH__" path="" value="64"/>
+		<pathentry kind="mac" name="__DEC64_MIN_EXP__" path="" value="(-382)"/>
+		<pathentry kind="mac" name="__FLT32_DECIMAL_DIG__" path="" value="9"/>
+		<pathentry kind="mac" name="__INT_FAST64_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_TEST_AND_SET_TRUEVAL" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT_DIG__" path="" value="6"/>
+		<pathentry kind="mac" name="__FLT32_HAS_INFINITY__" path="" value="1"/>
+		<pathentry kind="mac" name="__UINT_FAST64_TYPE__" path="" value="long long unsigned int"/>
+		<pathentry kind="mac" name="__INT_MAX__" path="" value="0x7fffffff"/>
+		<pathentry kind="mac" name="__INT64_TYPE__" path="" value="long long int"/>
+		<pathentry kind="mac" name="__FLT_MAX_EXP__" path="" value="128"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxlor" path="" value="__builtin_vec_or"/>
+		<pathentry kind="mac" name="__DBL_MANT_DIG__" path="" value="53"/>
+		<pathentry kind="mac" name="__INT_LEAST64_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_CHAR16_T_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__builtin_vsx_xxlxor" path="" value="__builtin_vec_xor"/>
+		<pathentry kind="mac" name="__DEC64_MIN__" path="" value="1E-383DD"/>
+		<pathentry kind="mac" name="__WINT_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__UINT_LEAST32_TYPE__" path="" value="long unsigned int"/>
+		<pathentry kind="mac" name="__SIZEOF_SHORT__" path="" value="2"/>
+		<pathentry kind="mac" name="__LDBL_MIN_EXP__" path="" value="(-1021)"/>
+		<pathentry kind="mac" name="__FLT64_MAX__" path="" value="1.7976931348623157e+308F64"/>
+		<pathentry kind="mac" name="__WINT_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__INT_LEAST8_MAX__" path="" value="0x7f"/>
+		<pathentry kind="mac" name="__FLT32X_MAX_10_EXP__" path="" value="308"/>
+		<pathentry kind="mac" name="__LDBL_MAX_10_EXP__" path="" value="308"/>
+		<pathentry kind="mac" name="__ATOMIC_RELAXED" path="" value="0"/>
+		<pathentry kind="mac" name="__DBL_EPSILON__" path="" value="((double)2.2204460492503131e-16L)"/>
+		<pathentry kind="mac" name="__UINT8_C(c)" path="" value="c"/>
+		<pathentry kind="mac" name="PPC" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_MAX_EXP__" path="" value="1024"/>
+		<pathentry kind="mac" name="__INT_LEAST32_TYPE__" path="" value="long int"/>
+		<pathentry kind="mac" name="__SIZEOF_WCHAR_T__" path="" value="4"/>
+		<pathentry kind="mac" name="__UINT64_TYPE__" path="" value="long long unsigned int"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmsubadp" path="" value="__builtin_vsx_xvnmsubdp"/>
+		<pathentry kind="mac" name="__INT_FAST8_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__GNUC_STDC_INLINE__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT64_HAS_DENORM__" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT32_EPSILON__" path="" value="1.1920928955078125e-7F32"/>
+		<pathentry kind="mac" name="__DBL_DECIMAL_DIG__" path="" value="17"/>
+		<pathentry kind="mac" name="__STDC_UTF_32__" path="" value="1"/>
+		<pathentry kind="mac" name="__INT_FAST8_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__DEC_EVAL_METHOD__" path="" value="2"/>
+		<pathentry kind="mac" name="__FLT32X_MAX__" path="" value="1.7976931348623157e+308F32x"/>
+		<pathentry kind="mac" name="__VEC_ELEMENT_REG_ORDER__" path="" value="__ORDER_BIG_ENDIAN__"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmaddadp" path="" value="__builtin_vsx_xvmadddp"/>
+		<pathentry kind="mac" name="__ORDER_BIG_ENDIAN__" path="" value="4321"/>
+		<pathentry kind="mac" name="__UINT32_C(c)" path="" value="c ## UL"/>
+		<pathentry kind="mac" name="__INTMAX_MAX__" path="" value="0x7fffffffffffffffLL"/>
+		<pathentry kind="mac" name="__BYTE_ORDER__" path="" value="__ORDER_BIG_ENDIAN__"/>
+		<pathentry kind="mac" name="__FLT_DENORM_MIN__" path="" value="1.4012984643248171e-45F"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvnmsubasp" path="" value="__builtin_vsx_xvnmsubsp"/>
+		<pathentry kind="mac" name="__INT8_MAX__" path="" value="0x7f"/>
+		<pathentry kind="mac" name="__LONG_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__UINT_FAST32_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__CHAR32_TYPE__" path="" value="long unsigned int"/>
+		<pathentry kind="mac" name="__FLT_MAX__" path="" value="3.4028234663852886e+38F"/>
+		<pathentry kind="mac" name="__FP_FAST_FMA" path="" value="1"/>
+		<pathentry kind="mac" name="__INT32_TYPE__" path="" value="long int"/>
+		<pathentry kind="mac" name="__SIZEOF_DOUBLE__" path="" value="8"/>
+		<pathentry kind="mac" name="__FLT_MIN_10_EXP__" path="" value="(-37)"/>
+		<pathentry kind="mac" name="__FLT64_MIN__" path="" value="2.2250738585072014e-308F64"/>
+		<pathentry kind="mac" name="__INT_LEAST32_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__INTMAX_TYPE__" path="" value="long long int"/>
+		<pathentry kind="mac" name="__DEC128_MAX_EXP__" path="" value="6145"/>
+		<pathentry kind="mac" name="__FLT32X_HAS_QUIET_NAN__" path="" value="1"/>
+		<pathentry kind="mac" name="__ATOMIC_CONSUME" path="" value="1"/>
+		<pathentry kind="mac" name="__GNUC_MINOR__" path="" value="3"/>
+		<pathentry kind="mac" name="__INT_FAST16_WIDTH__" path="" value="32"/>
+		<pathentry kind="mac" name="__UINTMAX_MAX__" path="" value="0xffffffffffffffffULL"/>
+		<pathentry kind="mac" name="__DEC32_MANT_DIG__" path="" value="7"/>
+		<pathentry kind="mac" name="__FLT32X_DENORM_MIN__" path="" value="4.9406564584124654e-324F32x"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmaddasp" path="" value="__builtin_vsx_xvmaddsp"/>
+		<pathentry kind="mac" name="__DBL_MAX_10_EXP__" path="" value="308"/>
+		<pathentry kind="mac" name="__LDBL_DENORM_MIN__" path="" value="4.9406564584124654e-324L"/>
+		<pathentry kind="mac" name="__INT16_C(c)" path="" value="c"/>
+		<pathentry kind="mac" name="__STDC__" path="" value="1"/>
+		<pathentry kind="mac" name="__builtin_vsx_xvmsubmdp" path="" value="__builtin_vsx_xvmsubdp"/>
+		<pathentry kind="mac" name="__PTRDIFF_TYPE__" path="" value="int"/>
+		<pathentry kind="mac" name="__ATOMIC_SEQ_CST" path="" value="5"/>
+		<pathentry kind="mac" name="__UINT32_TYPE__" path="" value="long unsigned int"/>
+		<pathentry kind="mac" name="__FLT32X_MIN_10_EXP__" path="" value="(-307)"/>
+		<pathentry kind="mac" name="__UINTPTR_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__DEC64_SUBNORMAL_MIN__" path="" value="0.000000000000001E-383DD"/>
+		<pathentry kind="mac" name="__DEC128_MANT_DIG__" path="" value="34"/>
+		<pathentry kind="mac" name="__LDBL_MIN_10_EXP__" path="" value="(-307)"/>
+		<pathentry kind="mac" name="__SIZEOF_LONG_LONG__" path="" value="8"/>
+		<pathentry kind="mac" name="_Bool" path="" value="_Bool"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_LLONG_LOCK_FREE" path="" value="1"/>
+		<pathentry kind="mac" name="__FLT32X_MIN__" path="" value="2.2250738585072014e-308F32x"/>
+		<pathentry kind="mac" name="__LDBL_DIG__" path="" value="15"/>
+		<pathentry kind="mac" name="__FLT_DECIMAL_DIG__" path="" value="9"/>
+		<pathentry kind="mac" name="__UINT_FAST16_MAX__" path="" value="0xffffffffU"/>
+		<pathentry kind="mac" name="__GCC_ATOMIC_SHORT_LOCK_FREE" path="" value="2"/>
+		<pathentry kind="mac" name="__INT_LEAST64_WIDTH__" path="" value="64"/>
+		<pathentry kind="mac" name="__UINT_FAST8_TYPE__" path="" value="unsigned int"/>
+		<pathentry kind="mac" name="__ATOMIC_ACQ_REL" path="" value="4"/>
+		<pathentry kind="mac" name="__ATOMIC_RELEASE" path="" value="3"/>
+	</storageModule>
+</cproject>

IDE/ECLIPSE/DEOS/deos_wolfssl/.options

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project xmlns="http://www.ddci.com/DEOS_SHARED_OBJECToptions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="ddci:/xsd/DEOS_SHARED_OBJECT.xsd http://www.ddci.com/DEOS_SHARED_OBJECToptions">
+  <version>26</version>
+  <targetArch>ppc</targetArch>
+  <variant>diagnostic</variant>
+  <depend>kernel</depend>
+  <depend variant="diagnostic">video</depend>
+  <depend>ansi</depend>
+  <depend>math</depend>
+  <depend>deos-time</depend>
+  <depend>sal</depend>
+  <depend>mtl</depend>
+  <depend>printx</depend>
+  <depend>gnu-language</depend>
+  <kernelFile kfs="hypstart">lib$(PROJECT_NAME).so</kernelFile>
+  <copyToAppbin>$(BINARY)</copyToAppbin>
+  <copyToAppbin>$(BINARY).dbg</copyToAppbin>
+  <gccCCompileDirectories targetArch="arm">$(DESK_DIR)/arm/include</gccCCompileDirectories>
+  <gccCCompileDirectories targetArch="ppc">$(DESK_DIR)/ppc/include</gccCCompileDirectories>
+  <gccCCompileDirectories targetArch="x86">$(DESK_DIR)/x86/include</gccCCompileDirectories>
+  <gccCCompileDirectories>$(DESK_DIR)/include</gccCCompileDirectories>
+  <gccCCompileDirectories>$(PROJECT_DIR)/../../../..</gccCCompileDirectories>
+  <gccCCompileDirectories>$(PROJECT_DIR)/../../../../fips</gccCCompileDirectories>
+  <gccCCompileDirectories>$(PROJECT_DIR)/..</gccCCompileDirectories>
+  <gccCCompileDirectories>$(PROJECT_DIR.printx)/code</gccCCompileDirectories>
+  <gccCCompileDefinedMacros>WOLFSSL_USER_SETTINGS</gccCCompileDefinedMacros>
+  <gccCppLinkDirectories targetArch="arm">$(DESK_DIR)/arm/appbin</gccCppLinkDirectories>
+  <gccCppLinkDirectories targetArch="ppc">$(DESK_DIR)/ppc/appbin</gccCppLinkDirectories>
+  <gccCppLinkDirectories targetArch="x86">$(DESK_DIR)/x86/appbin</gccCppLinkDirectories>
+  <gccCppLinkUseIntermediateArchive>true</gccCppLinkUseIntermediateArchive>
+  <gccCppLinkAdditionalOptions>-L $(PROJECT_DIR.printx)/output/powerpc-motorola-elf/diagnostic</gccCppLinkAdditionalOptions>
+  <fpuType>none</fpuType>
+  <ignore>fips.c</ignore>
+  <ignore>fips_test.c</ignore>
+  <ignore>selftest.c</ignore>
+</project>

IDE/ECLIPSE/DEOS/deos_wolfssl/.project

@@ -0,0 +1,629 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>wolfssl</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.ddci.common.ide.Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.ddci.common.ide.DdciNature</nature>
+		<nature>com.ddci.common.ide.ExecutableNature</nature>
+		<nature>com.ddci.deos.common.deosLoadListNature</nature>
+		<nature>com.ddci.common.ide.DEOS_SHARED_OBJECT</nature>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>deos_malloc.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/IDE/ECLIPSE/DEOS/deos_malloc.c</locationURI>
+		</link>
+		<link>
+			<name>fips.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/fips/fips.c</locationURI>
+		</link>
+		<link>
+			<name>fips_test.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/fips/fips_test.c</locationURI>
+		</link>
+		<link>
+			<name>selftest.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/fips/selftest.c</locationURI>
+		</link>
+		<link>
+			<name>user_settings.h</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/IDE/ECLIPSE/DEOS/user_settings.h</locationURI>
+		</link>
+		<link>
+			<name>wolfssl</name>
+			<type>2</type>
+			<locationURI>WOLFSSL_ROOT/wolfssl</locationURI>
+		</link>
+		<link>
+			<name>src/crl.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/crl.c</locationURI>
+		</link>
+		<link>
+			<name>src/internal.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/internal.c</locationURI>
+		</link>
+		<link>
+			<name>src/keys.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/keys.c</locationURI>
+		</link>
+		<link>
+			<name>src/ocsp.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/ocsp.c</locationURI>
+		</link>
+		<link>
+			<name>src/sniffer.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/sniffer.c</locationURI>
+		</link>
+		<link>
+			<name>src/ssl.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/ssl.c</locationURI>
+		</link>
+		<link>
+			<name>src/tls.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/tls.c</locationURI>
+		</link>
+		<link>
+			<name>src/tls13.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/tls13.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfio.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/src/wolfio.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/benchmark</name>
+			<type>2</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/benchmark</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/test</name>
+			<type>2</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/test</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/aes.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/aes.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/arc4.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/arc4.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/asm.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/asm.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/asn.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/asn.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/blake2b.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/blake2b.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/blake2s.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/blake2s.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/camellia.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/camellia.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/chacha.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/chacha.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/chacha20_poly1305.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/chacha20_poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/cmac.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/cmac.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/coding.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/coding.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/compress.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/compress.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/cpuid.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/cpuid.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/cryptocb.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/cryptocb.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/curve25519.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/curve25519.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/curve448.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/curve448.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/des3.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/des3.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/dh.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/dh.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/dsa.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/dsa.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ecc.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ecc.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ecc_fp.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ecc_fp.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ed25519.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ed25519.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ed448.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ed448.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/error.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/error.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fe_448.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_448.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fe_low_mem.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fe_operations.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_operations.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fe_x25519_128.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mont_small.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mont_small.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_12.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_12.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_17.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_17.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_20.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_20.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_24.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_24.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_28.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_28.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_3.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_3.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_32.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_32.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_4.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_4.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_48.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_48.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_6.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_6.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_64.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_64.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_7.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_7.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_8.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_8.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_9.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_9.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_mul_comba_small_set.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_mul_comba_small_set.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_12.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_12.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_17.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_17.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_20.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_20.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_24.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_24.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_28.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_28.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_3.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_3.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_32.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_32.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_4.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_4.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_48.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_48.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_6.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_6.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_64.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_64.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_7.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_7.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_8.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_8.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_9.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_9.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/fp_sqr_comba_small_set.i</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fp_sqr_comba_small_set.i</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ge_448.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ge_448.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ge_low_mem.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ge_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ge_operations.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ge_operations.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/hash.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/hash.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/hc128.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/hc128.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/hmac.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/hmac.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/idea.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/idea.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/integer.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/integer.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/logging.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/logging.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/md2.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/md2.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/md4.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/md4.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/md5.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/md5.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/memory.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/memory.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/pkcs12.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/pkcs12.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/pkcs7.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/pkcs7.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/poly1305.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/pwdbased.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/pwdbased.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/rabbit.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/rabbit.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/random.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/random.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/rc2.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/rc2.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/ripemd.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ripemd.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/rsa.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/rsa.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sha.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sha.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sha256.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sha256.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sha3.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sha3.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sha512.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sha512.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/signature.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/signature.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_arm32.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_arm32.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_arm64.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_arm64.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_armthumb.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_armthumb.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_c32.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_c32.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_c64.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_c64.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_cortexm.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_cortexm.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_dsp32.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_dsp32.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_int.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_int.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/sp_x86_64.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/sp_x86_64.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/srp.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/srp.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/tfm.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/tfm.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wc_dsp.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wc_dsp.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wc_encrypt.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wc_encrypt.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wc_pkcs11.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wc_pkcs11.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wc_port.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wc_port.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wolfevent.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wolfevent.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/src/wolfmath.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/wolfmath.c</locationURI>
+		</link>
+	</linkedResources>
+	<variableList>
+		<variable>
+			<name>WOLFSSL_ROOT</name>
+			<value>$%7BPARENT-4-PROJECT_LOC%7D</value>
+		</variable>
+	</variableList>
+</projectDescription>

IDE/ECLIPSE/DEOS/include.am

@@ -7,4 +7,7 @@ EXTRA_DIST += \
     IDE/ECLIPSE/DEOS/user_settings.h \
     IDE/ECLIPSE/DEOS/tls_wolfssl.h \
     IDE/ECLIPSE/DEOS/tls_wolfssl.c \
-    IDE/ECLIPSE/DEOS/deos_malloc.c
+    IDE/ECLIPSE/DEOS/deos_malloc.c \
+    IDE/ECLIPSE/DEOS/deos_wolfssl/.cproject \
+    IDE/ECLIPSE/DEOS/deos_wolfssl/.options \
+    IDE/ECLIPSE/DEOS/deos_wolfssl/.project

IDE/ECLIPSE/DEOS/user_settings.h

@@ -65,6 +65,8 @@ You can get the current time from https://www.unixtimestamp.com/
 #define HAVE_ED25519
 #define ED25519_SMALL
 
+#define WOLFSSL_DTLS
+
 /* TLS 1.3 */
 #if 0
     #define WOLFSSL_TLS13
@@ -103,8 +105,6 @@ You can get the current time from https://www.unixtimestamp.com/
 
 #endif
 
-#define printf printx
-
 #ifdef __cplusplus
     }   /* extern "C" */
 #endif

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c

@@ -118,7 +118,7 @@ int construct_argv()
 
     __argv[cnt] = malloc(10);
     sprintf(__argv[cnt], "benchmark");
-    __argv[9] = '\0';
+    __argv[cnt][9] = '\0';
     cnt = 1;
 
     while (*ch != '\0')

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c

@@ -51,10 +51,10 @@ static void set_time()
     time_t now;
     struct tm timeinfo;
     char strftime_buf[64];
-    /* please update the time if seeing unknown failure. */
-    /* this could cause TLS communication failure due to time expiration */
-    /* incleasing 31536000 seconds is close to spend 356 days.           */
-    utctime.tv_sec = 1598661910; /* dummy time: Fri Aug 29 09:45:00 2020 */
+    /* please update the time if seeing unknown failure when loading cert.  */
+    /* this could cause TLS communication failure due to time expiration    */
+    /* incleasing 31536000 seconds is close to spend 356 days.              */
+    utctime.tv_sec = 1619650800; /* dummy time: Wed April 28 23:00:00 2021 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c

@@ -48,10 +48,10 @@ static void set_time()
     time_t now;
     struct tm timeinfo;
     char strftime_buf[64];
-    /* please update the time if seeing unknown failure. */
-    /* this could cause TLS communication failure due to time expiration */
-    /* incleasing 31536000 seconds is close to spend 356 days.           */
-    utctime.tv_sec = 1598661910; /* dummy time: Fri Aug 29 09:45:00 2020 */
+    /* please update the time if seeing unknown failure when loading cert.  */
+    /* this could cause TLS communication failure due to time expiration    */
+    /* incleasing 31536000 seconds is close to spend 356 days.              */
+    utctime.tv_sec = 1619650800; /* dummy time: Wed April 28 23:00:00 2021 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;

IDE/Espressif/ESP-IDF/setup_win.bat

@@ -32,10 +32,10 @@ xcopy /Y/Q %BASEDIR%\src\*.c %WOLFSSLLIB_TRG_DIR%\src\
 xcopy /Y/Q %BASEDIR%\wolfcrypt\src\*.c %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src
 xcopy /Y/Q %BASEDIR%\wolfcrypt\src\*.i %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src
 xcopy /E/Y/Q %BASEDIR%\wolfcrypt\src\port %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src\port\
-xcopy /E/Y/Q %BASEDIR%\wolfcrypt\test\ %WOLFSSLLIB_TRG_DIR%\wolfcrypt\test\
-xcopy /E/Y/Q %BASEDIR%\wolfcrypt\benchmark\ %WOLFSSLLIB_TRG_DIR%\wolfcrypt\benchmark\
+xcopy /E/Y/Q %BASEDIR%\wolfcrypt\test %WOLFSSLLIB_TRG_DIR%\wolfcrypt\test\
+xcopy /E/Y/Q %BASEDIR%\wolfcrypt\benchmark %WOLFSSLLIB_TRG_DIR%\wolfcrypt\benchmark\
 xcopy /Y/Q %BASEDIR%\wolfssl\*.h %WOLFSSLLIB_TRG_DIR%\wolfssl\
-xcopy /E/Y/Q %BASEDIR%\wolfssl\wolfcrypt\ %WOLFSSLLIB_TRG_DIR%\wolfssl\wolfcrypt\
+xcopy /E/Y/Q %BASEDIR%\wolfssl\wolfcrypt %WOLFSSLLIB_TRG_DIR%\wolfssl\wolfcrypt\
 
 rem user_settings.h
 xcopy /F/Q %WOLFSSL_ESPIDFDIR%\user_settings.h %WOLFSSLLIB_TRG_DIR%\include\

IDE/Espressif/ESP-IDF/test/test_wolfssl.c

@@ -666,7 +666,7 @@ TEST_CASE("wolfssl sha crypt-test", "[wolfssl]")
     ESP_LOGI(TAG, "sha256_test()");
     TEST_ASSERT_EQUAL(0, sha256_test());
 #endif
-#ifdef WOLSSL_SHA384
+#ifdef WOLFSSL_SHA384
     ESP_LOGI(TAG, "sha384_test()");
     TEST_ASSERT_EQUAL(0, sha384_test());
 #endif

IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c

@@ -197,6 +197,7 @@ FILE * wolfSSL_fopen(const char *name, const char *openmode)
     #define PATHSIZE 100
     char path[PATHSIZE] ; char *p ;
 
+    if (name == NULL) return NULL;
     if(strlen(name) > PATHSIZE)return(NULL) ;
 
     for(i = 0; i<= strlen(name); i++) {

IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c

@@ -64,10 +64,10 @@
 
 // UART TX Port, Pin, Mux and Baud
 #ifdef FREESCALE_KSDK_BM
-    #define UART_PORT       LPUART0                     /* UART Port */
-    #define UART_TX_PORT    PORTA                       /* UART TX Port */
-    #define UART_TX_PIN     2U                          /* UART TX Pin */
-    #define UART_TX_MUX     kPORT_MuxAlt2               /* Kinetis UART pin mux */
+    #define UART_PORT       LPUART4                     /* UART Port */
+    #define UART_TX_PORT    PORTC                       /* UART TX Port */
+    #define UART_TX_PIN     15U                         /* UART TX Pin */
+    #define UART_TX_MUX     kPORT_MuxAlt3               /* Kinetis UART pin mux */
 #elif defined (WOLFSSL_FRDM_K64)
     #define UART_PORT       UART0                       /* UART Port */
     #define UART_TX_PORT    PORTB                       /* UART TX Port */
@@ -91,7 +91,7 @@
 /* Note: TWR-K60 is UART3, PTC17 */
 /* Note: FRDM-K64 is UART4, PTE24 or UART0 PTB17 for OpenOCD  (SIM_SCGC4_UART0_MASK)*/
 /* Note: TWR-K64 is UART5, PTE8 */
-/* Note: FRDM-K82F is LPUART0 A2, LPUART4 PTC15 */
+/* Note: FRDM-K82F is LPUART4 PTC15 Alt3 (OpenOCD UART) */
 
 /***********************************************/
 

IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp

@@ -159,7 +159,6 @@
                 <file file_name="drivers/fsl_edma.h" />
                 <file file_name="drivers/fsl_ewm.c" />
                 <file file_name="drivers/fsl_ewm.h" />
-                <file file_name="drivers/fsl_flash.c" />
                 <file file_name="drivers/fsl_flash.h" />
                 <file file_name="drivers/fsl_flexbus.c" />
                 <file file_name="drivers/fsl_flexbus.h" />
@@ -223,8 +222,6 @@
                 <file file_name="drivers/fsl_ltc.h" />
                 <file file_name="drivers/fsl_ltc_edma.c" />
                 <file file_name="drivers/fsl_ltc_edma.h" />
-                <file file_name="drivers/fsl_mpu.c" />
-                <file file_name="drivers/fsl_mpu.h" />
                 <file file_name="drivers/fsl_pdb.c" />
                 <file file_name="drivers/fsl_pdb.h" />
                 <file file_name="drivers/fsl_pit.c" />

IDE/STM32Cube/README.md

@@ -14,9 +14,18 @@ These examples use the Cube HAL for STM32.
 
 ## Configuration
 
-The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.I-CUBE-wolfSSL_conf.h` file. An example of this is located in `IDE/STM32Cube/wolfSSL_conf.h` (renamed to avoid possible conflicts with generated file).
+The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.I-CUBE-wolfSSL_conf.h` file. An example of a generated file can be found at `examples/configs/user_settings_stm32.h`.
+
+The template used for generation is `IDE/STM32Cube/default_conf.ftl`, which is stored in the pack here: `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
+
+If the default settings for the Cube GUI are insufficient you can customize the build using one of these methods to prevent the changes from being overwritten when generating the code:
+
+* Copy the `wolfSSL.I-CUBE-wolfSSL_conf.h` to `Core/Inc` and rename to `user_settings.h`. Then add the preprocessor macro `WOLFSSL_USER_SETTINGS` to your project. This will use the `user_settings.h` instead of the generated configuration.
+
+OR
+
+* Edit the source template file used for Cube pack generation here: `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
 
-The template used for generation is `IDE/STM32Cube/default_conf.ftl` which can be updated at `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
 
 The section for "Hardware platform" may need to be adjusted depending on your processor and board:
 

IDE/STM32Cube/default_conf.ftl

@@ -484,7 +484,13 @@ extern ${variable.value} ${variable.name};
 /* RNG */
 /* ------------------------------------------------------------------------- */
 #define NO_OLD_RNGNAME /* conflicts with STM RNG macro */
-#define HAVE_HASHDRBG
+#if !defined(WOLF_CONF_RNG) || WOLF_CONF_RNG == 1
+    /* default is enabled */
+    #define HAVE_HASHDRBG
+#else /* WOLF_CONF_RNG == 0 */
+    #define WC_NO_HASHDRBG
+    #define WC_NO_RNG
+#endif
 
 
 /* ------------------------------------------------------------------------- */

IDE/STM32Cube/include.am

@@ -5,7 +5,6 @@
 EXTRA_DIST+= IDE/STM32Cube/README.md
 EXTRA_DIST+= IDE/STM32Cube/main.c
 EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.c
-EXTRA_DIST+= IDE/STM32Cube/wolfSSL_conf.h
 EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.h
 EXTRA_DIST+= IDE/STM32Cube/STM32_Benchmarks.md
 EXTRA_DIST+= IDE/STM32Cube/default_conf.ftl

IDE/VisualDSP/user_settings.h

@@ -350,9 +350,6 @@ extern "C" {
 #undef WOLFSSL_SHA3
 #if 1
     #define WOLFSSL_SHA3
-    #ifdef HAVE_FIPS
-        #define WOLFSSL_NO_SHAKE256
-    #endif
 #endif
 
 /* MD5 */

IDE/WINCE/user_settings.h

@@ -289,7 +289,7 @@
 
     /* MD5 */
     #undef  NO_MD5
-    #if 1
+    #if 0
 
     #else
         #define NO_MD5
@@ -330,4 +330,12 @@
 
 //#define DEBUG_WOLFSSL
 #define NO_MAIN_DRIVER
+
+/* wolfEngine settings */
+#define WOLFSSL_PUBLIC_MP
+#define NO_WOLFSSL_DIR
+
+//#define WOLFENGINE_DEBUG
+/* TODO: Add WE_HAVE_* settings here */
+
 #endif /* _WIN_USER_SETTINGS_H_ */

IDE/include.am

@@ -38,7 +38,8 @@ include IDE/XilinxSDK/include.am
 include IDE/VisualDSP/include.am
 include IDE/QNX/include.am
 include IDE/WINCE/include.am
+include IDE/zephyr/include.am
 
-EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr
+EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
 EXTRA_DIST+= IDE/OPENSTM32/README.md
 EXTRA_DIST+= IDE/Espressif/ESP-IDF/setup_win.bat

IDE/zephyr/README.md

@@ -7,35 +7,35 @@ This port is for Zephyr Project available [here](https://www.zephyrproject.org/)
 
 It provides the following zephyr code.
 
-- zephyr/ext/lib/crypto/wolfssl
-    - wolfssl library
-- zephyr/samples/crypto/wolfssl_test
+- modules/crypto/wolfssl
+    - wolfssl library code
+- zephyr/modules/crypto/wolfssl
+    - Configuration and make files for wolfSSL
+- zephyr/samples/modules/wolfssl_test
     - wolfcrypt unit test application
-- zephyr/samples/crypto/wolfssl_tls_sock
+- zephyr/samples/modules/wolfssl_tls_sock
     - socket based sample of TLS
-- zephyr/samples/crypto/wolfssl_tls_thread
+- zephyr/samples/modules/wolfssl_tls_thread
     - socket based sample of TLS using threads
 
 ## How to setup
 
-### delopy wolfssl source to zephyr project
+### deploy wolfssl source to zephyr project
 Specify the path of the zephyr project and execute  `wolfssl/IDE/zephyr/setup.sh`.
 
 ```bash
 ./IDE/zephyr/setup.sh　/path/to/zephyrproject
 ```
 
-This script will deploy wolfssl's library code and samples as described in the Overview to the zephyr project.
+This script will deploy wolfssl's library code, configuration and samples as described in the Overview to the zephyr project.
 
 ## build & test
 
 build and execute wolfssl_test
 
 ```
-cd [zephyrproject]/zephyr/samples/crypto/wolfssl_test
-mkdir build && cd build
-cmake -GNinja -DBOARD=qemu_x86 ..
-ninja
-ninja run
+cd [zephyrproject]
+west build -p auto -b qemu_x86 zephyr/samples/modules/wolfssl_test
+west build -t run
 ```
 

IDE/zephyr/include.am

@@ -0,0 +1,33 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/zephyr/lib/settings/user_settings-tls-generic.h
+EXTRA_DIST+= IDE/zephyr/lib/zephyr/module.yml
+EXTRA_DIST+= IDE/zephyr/lib/install_lib.sh
+EXTRA_DIST+= IDE/zephyr/lib/README
+EXTRA_DIST+= IDE/zephyr/lib/user_settings.h
+EXTRA_DIST+= IDE/zephyr/module/CMakeLists.txt
+EXTRA_DIST+= IDE/zephyr/module/install_module.sh
+EXTRA_DIST+= IDE/zephyr/module/Kconfig
+EXTRA_DIST+= IDE/zephyr/module/Kconfig.tls-generic
+EXTRA_DIST+= IDE/zephyr/module/zephyr_init.c
+EXTRA_DIST+= IDE/zephyr/wolfssl_test/CMakeLists.txt
+EXTRA_DIST+= IDE/zephyr/wolfssl_test/install_test.sh
+EXTRA_DIST+= IDE/zephyr/wolfssl_test/prj.conf
+EXTRA_DIST+= IDE/zephyr/wolfssl_test/README
+EXTRA_DIST+= IDE/zephyr/wolfssl_test/sample.yaml
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/CMakeLists.txt
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/install_sample.sh
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/prj.conf
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/README
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/sample.yaml
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/src/tls_threaded.c
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/CMakeLists.txt
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/install_sample.sh
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/prj.conf
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/README
+EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/sample.yaml
+EXTRA_DIST+= IDE/zephyr/README.md
+EXTRA_DIST+= IDE/zephyr/setup.sh

IDE/zephyr/lib/CMakeLists.txt

@@ -1,122 +0,0 @@
-zephyr_interface_library_named(wolfSSL)
-
-if(CONFIG_WOLFSSL_BUILTIN)
-  target_compile_definitions(wolfSSL INTERFACE
-	WOLFSSL_OPTIONS_FILE="${CONFIG_WOLFSSL_OPTIONS_FILE}"
-	)
-
-  target_include_directories(wolfSSL INTERFACE
-	include
-	settings
-	)
-
-  zephyr_library()
-  zephyr_library_sources(zephyr_init.c)
-
-  zephyr_library_sources(library/src/crl.c)
-  zephyr_library_sources(library/src/internal.c)
-  zephyr_library_sources(library/src/keys.c)
-  zephyr_library_sources(library/src/ocsp.c)
-  zephyr_library_sources(library/src/sniffer.c)
-  zephyr_library_sources(library/src/ssl.c)
-  zephyr_library_sources(library/src/tls13.c)
-  zephyr_library_sources(library/src/tls.c)
-  zephyr_library_sources(library/src/wolfio.c)
-
-  zephyr_library_sources(library/wolfcrypt/src/aes.c)
-  zephyr_library_sources(library/wolfcrypt/src/arc4.c)
-  zephyr_library_sources(library/wolfcrypt/src/asm.c)
-  zephyr_library_sources(library/wolfcrypt/src/asn.c)
-  zephyr_library_sources(library/wolfcrypt/src/async.c)
-  zephyr_library_sources(library/wolfcrypt/src/blake2b.c)
-  zephyr_library_sources(library/wolfcrypt/src/camellia.c)
-  zephyr_library_sources(library/wolfcrypt/src/chacha20_poly1305.c)
-  zephyr_library_sources(library/wolfcrypt/src/chacha.c)
-  zephyr_library_sources(library/wolfcrypt/src/cmac.c)
-  zephyr_library_sources(library/wolfcrypt/src/coding.c)
-  zephyr_library_sources(library/wolfcrypt/src/compress.c)
-  zephyr_library_sources(library/wolfcrypt/src/cpuid.c)
-  zephyr_library_sources(library/wolfcrypt/src/cryptocb.c)
-  zephyr_library_sources(library/wolfcrypt/src/curve25519.c)
-  zephyr_library_sources(library/wolfcrypt/src/des3.c)
-  zephyr_library_sources(library/wolfcrypt/src/dh.c)
-  zephyr_library_sources(library/wolfcrypt/src/dsa.c)
-  zephyr_library_sources(library/wolfcrypt/src/ecc.c)
-  zephyr_library_sources(library/wolfcrypt/src/ecc_fp.c)
-  zephyr_library_sources(library/wolfcrypt/src/ed25519.c)
-  zephyr_library_sources(library/wolfcrypt/src/error.c)
-  zephyr_library_sources(library/wolfcrypt/src/fe_low_mem.c)
-  zephyr_library_sources(library/wolfcrypt/src/fe_operations.c)
-  #zephyr_library_sources(library/wolfcrypt/src/fips.c)
-  #zephyr_library_sources(library/wolfcrypt/src/fips_test.c)
-  zephyr_library_sources(library/wolfcrypt/src/ge_low_mem.c)
-  zephyr_library_sources(library/wolfcrypt/src/ge_operations.c)
-  zephyr_library_sources(library/wolfcrypt/src/hash.c)
-  zephyr_library_sources(library/wolfcrypt/src/hc128.c)
-  zephyr_library_sources(library/wolfcrypt/src/hmac.c)
-  zephyr_library_sources(library/wolfcrypt/src/idea.c)
-  zephyr_library_sources(library/wolfcrypt/src/integer.c)
-  zephyr_library_sources(library/wolfcrypt/src/logging.c)
-  zephyr_library_sources(library/wolfcrypt/src/md2.c)
-  zephyr_library_sources(library/wolfcrypt/src/md4.c)
-  zephyr_library_sources(library/wolfcrypt/src/md5.c)
-  zephyr_library_sources(library/wolfcrypt/src/memory.c)
-  #zephyr_library_sources(library/wolfcrypt/src/misc.c)
-  zephyr_library_sources(library/wolfcrypt/src/pkcs12.c)
-  zephyr_library_sources(library/wolfcrypt/src/pkcs7.c)
-  zephyr_library_sources(library/wolfcrypt/src/poly1305.c)
-  zephyr_library_sources(library/wolfcrypt/src/pwdbased.c)
-  zephyr_library_sources(library/wolfcrypt/src/rabbit.c)
-  zephyr_library_sources(library/wolfcrypt/src/random.c)
-  zephyr_library_sources(library/wolfcrypt/src/ripemd.c)
-  zephyr_library_sources(library/wolfcrypt/src/rsa.c)
-  #zephyr_library_sources(library/wolfcrypt/src/selftest.c)
-  zephyr_library_sources(library/wolfcrypt/src/sha256.c)
-  zephyr_library_sources(library/wolfcrypt/src/sha3.c)
-  zephyr_library_sources(library/wolfcrypt/src/sha512.c)
-  zephyr_library_sources(library/wolfcrypt/src/sha.c)
-  zephyr_library_sources(library/wolfcrypt/src/signature.c)
-  zephyr_library_sources(library/wolfcrypt/src/sp_arm32.c)
-  zephyr_library_sources(library/wolfcrypt/src/sp_arm64.c)
-  zephyr_library_sources(library/wolfcrypt/src/sp_armthumb.c)
-  zephyr_library_sources(library/wolfcrypt/src/sp_c32.c)
-  zephyr_library_sources(library/wolfcrypt/src/sp_c64.c)
-  zephyr_library_sources(library/wolfcrypt/src/sp_cortexm.c)
-  zephyr_library_sources(library/wolfcrypt/src/sp_int.c)
-  zephyr_library_sources(library/wolfcrypt/src/sp_x86_64.c)
-  zephyr_library_sources(library/wolfcrypt/src/srp.c)
-  zephyr_library_sources(library/wolfcrypt/src/tfm.c)
-  zephyr_library_sources(library/wolfcrypt/src/wc_encrypt.c)
-  zephyr_library_sources(library/wolfcrypt/src/wc_pkcs11.c)
-  zephyr_library_sources(library/wolfcrypt/src/wc_port.c)
-  #zephyr_library_sources(library/wolfcrypt/src/wolfcrypt_first.c)
-  #zephyr_library_sources(library/wolfcrypt/src/wolfcrypt_last.c)
-  zephyr_library_sources(library/wolfcrypt/src/wolfevent.c)
-  zephyr_library_sources(library/wolfcrypt/src/wolfmath.c)
-
-  zephyr_library_link_libraries(wolfSSL)
-
-  add_definitions(-DWOLFSSL_USER_SETTINGS)
-  add_definitions(-DWOLFSSL_ZEPHYR)
-  include_directories("library")
-else()
-  assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.")
-
-  # NB: CONFIG_WOLFSSL_LIBRARY is not regression tested and is
-  # therefore susceptible to bit rot
-
-  target_include_directories(wolfSSL INTERFACE
-	${CONFIG_WOLFSSL_INSTALL_PATH}
-	)
-
-  zephyr_link_libraries(
-    mbedtls_external
-    -L${CONFIG_WOLFSSL_INSTALL_PATH}
-    gcc
-    )
-  # Lib wolfssl depends on libgcc so to allow
-  # wolfssl to link with gcc we need to ensure it is placed
-  # after wolfssl_external on the linkers command line.
-endif()
-
-target_link_libraries(wolfSSL INTERFACE zephyr_interface)

IDE/zephyr/lib/install_lib.sh

@@ -22,42 +22,45 @@ if [ ! -d $ZEPHR_DIR ]; then
     echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
     exit 1
 fi
-ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/ext/lib/crypto
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/modules/crypto
 if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
     echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
     exit 1
 fi
 ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl
+ZEPHYR_WOLFSSL_LIB_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl/wolfssl
 
 echo "wolfSSL directory in Zephyr:"
 echo "  $ZEPHYR_WOLFSSL_DIR"
 rm -rf $ZEPHYR_WOLFSSL_DIR
 mkdir $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_LIB_DIR
 
 echo "Copy in Build files ..."
-cp -r * $ZEPHYR_WOLFSSL_DIR/
-rm $ZEPHYR_WOLFSSL_DIR/$0
+cp -r * $ZEPHYR_WOLFSSL_LIB_DIR/
+rm $ZEPHYR_WOLFSSL_LIB_DIR/$0
+mv $ZEPHYR_WOLFSSL_LIB_DIR/zephyr $ZEPHYR_WOLFSSL_DIR/zephyr
 
 echo "Copy Source Code ..."
-rm -rf $ZEPHYR_WOLFSSL_DIR/library
-mkdir $ZEPHYR_WOLFSSL_DIR/library
-mkdir $ZEPHYR_WOLFSSL_DIR/library/src
-mkdir -p $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src
+rm -rf $ZEPHYR_WOLFSSL_LIB_DIR/library
+mkdir $ZEPHYR_WOLFSSL_LIB_DIR/library
+mkdir $ZEPHYR_WOLFSSL_LIB_DIR/library/src
+mkdir -p $ZEPHYR_WOLFSSL_LIB_DIR/library/wolfcrypt/src
 
-cp -rf ${WOLFSSL_SRC_DIR}/src/*.c $ZEPHYR_WOLFSSL_DIR/library/src/
-cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.c $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
-cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.i $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
-cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.S $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
+cp -rf ${WOLFSSL_SRC_DIR}/src/*.c $ZEPHYR_WOLFSSL_LIB_DIR/library/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.c $ZEPHYR_WOLFSSL_LIB_DIR/library/wolfcrypt/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.i $ZEPHYR_WOLFSSL_LIB_DIR/library/wolfcrypt/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.S $ZEPHYR_WOLFSSL_LIB_DIR/library/wolfcrypt/src/
 
 echo "Copy Header Files ..."
-rm -rf $ZEPHYR_WOLFSSL_DIR/include
-mkdir $ZEPHYR_WOLFSSL_DIR/include
+rm -rf $ZEPHYR_WOLFSSL_LIB_DIR/include
+mkdir $ZEPHYR_WOLFSSL_LIB_DIR/include
 
-cp $ZEPHYR_WOLFSSL_DIR/user_settings.h $ZEPHYR_WOLFSSL_DIR/include/
-cp -rf ${WOLFSSL_SRC_DIR}/wolfssl $ZEPHYR_WOLFSSL_DIR/include/
-rm -f $ZEPHYR_WOLFSSL_DIR/include/wolfssl/options.h
-touch $ZEPHYR_WOLFSSL_DIR/include/wolfssl/options.h
-rm -rf $ZEPHYR_WOLFSSL_DIR/include/wolfssl/wolfcrypt/port
+cp $ZEPHYR_WOLFSSL_LIB_DIR/user_settings.h $ZEPHYR_WOLFSSL_LIB_DIR/include/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfssl $ZEPHYR_WOLFSSL_LIB_DIR/include/
+rm -f $ZEPHYR_WOLFSSL_LIB_DIR/include/wolfssl/options.h
+touch $ZEPHYR_WOLFSSL_LIB_DIR/include/wolfssl/options.h
+rm -rf $ZEPHYR_WOLFSSL_LIB_DIR/include/wolfssl/wolfcrypt/port
 
 
 echo "Done"

IDE/zephyr/lib/settings/user_settings-tls-generic.h

@@ -1,4 +1,4 @@
-/* wolfssl options.h
+/* user_settings-tls-generic.h
  * generated from configure options
  *
  * Copyright (C) 2006-2021 wolfSSL Inc.
@@ -146,7 +146,7 @@ extern "C" {
 #define WOLFSSL_HAVE_SP_ECC
 #endif
 
-#if 0
+#if defined(CONFIG_WOLFSSL_DEBUG)
 #undef  DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL
 #endif

IDE/zephyr/lib/user_settings.h

@@ -1,3 +1,23 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
 
 #ifndef USER_SETTINGS_H
 #define USER_SETTINGS_H
@@ -131,7 +151,7 @@ extern "C" {
 #define WOLFSSL_HAVE_SP_ECC
 #endif
 
-#if 0
+#if defined(CONFIG_WOLFSSL_DEBUG)
 #undef  DEBUG_WOLFSSL
 #define DEBUG_WOLFSSL
 #endif

IDE/zephyr/lib/zephyr/module.yml

@@ -0,0 +1,3 @@
+build:
+  cmake-ext: True
+  kconfig-ext: True

IDE/zephyr/lib/zephyr_init.c

@@ -1,19 +0,0 @@
-/** @file
- * @brief wolfSSL initialization
- *
- * Initialize the wolfSSL library.
- */
-
-#include <init.h>
-
-#include "user_settings.h"
-#include "wolfssl/ssl.h"
-
-static int _wolfssl_init(struct device *device)
-{
-    ARG_UNUSED(device);
-
-    return 0;
-}
-
-SYS_INIT(_wolfssl_init, POST_KERNEL, 0);

IDE/zephyr/module/CMakeLists.txt

@@ -0,0 +1,122 @@
+zephyr_interface_library_named(wolfSSL)
+
+if(CONFIG_WOLFSSL_BUILTIN)
+  target_compile_definitions(wolfSSL INTERFACE
+	WOLFSSL_OPTIONS_FILE="${CONFIG_WOLFSSL_OPTIONS_FILE}"
+	)
+
+  target_include_directories(wolfSSL INTERFACE
+	${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/include
+	${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/settings
+	)
+
+  zephyr_library()
+  zephyr_library_sources(zephyr_init.c)
+
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/crl.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/internal.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/keys.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/ocsp.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/sniffer.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/ssl.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/tls13.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/tls.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/src/wolfio.c)
+
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/aes.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/arc4.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/asm.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/asn.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/async.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/blake2b.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/camellia.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/chacha20_poly1305.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/chacha.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/cmac.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/coding.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/compress.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/cpuid.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/cryptocb.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/curve25519.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/des3.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/dh.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/dsa.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/ecc.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/ecc_fp.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/ed25519.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/error.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/fe_low_mem.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/fe_operations.c)
+  #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/fips.c)
+  #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/fips_test.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/ge_low_mem.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/ge_operations.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/hash.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/hc128.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/hmac.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/idea.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/integer.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/logging.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/md2.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/md4.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/md5.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/memory.c)
+  #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/misc.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/pkcs12.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/pkcs7.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/poly1305.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/pwdbased.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/rabbit.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/random.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/ripemd.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/rsa.c)
+  #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/selftest.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sha256.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sha3.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sha512.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sha.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/signature.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sp_arm32.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sp_arm64.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sp_armthumb.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sp_c32.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sp_c64.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sp_cortexm.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sp_int.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/sp_x86_64.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/srp.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/tfm.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/wc_encrypt.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/wc_pkcs11.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/wc_port.c)
+  #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/wolfcrypt_first.c)
+  #zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/wolfcrypt_last.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/wolfevent.c)
+  zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library/wolfcrypt/src/wolfmath.c)
+
+  zephyr_library_link_libraries(wolfSSL)
+
+  add_definitions(-DWOLFSSL_USER_SETTINGS)
+  add_definitions(-DWOLFSSL_ZEPHYR)
+  include_directories("${ZEPHYR_CURRENT_MODULE_DIR}/wolfssl/library")
+else()
+  assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.")
+
+  # NB: CONFIG_WOLFSSL_LIBRARY is not regression tested and is
+  # therefore susceptible to bit rot
+
+  target_include_directories(wolfSSL INTERFACE
+	${CONFIG_WOLFSSL_INSTALL_PATH}
+	)
+
+  zephyr_link_libraries(
+    wolfssl_external
+    -L${CONFIG_WOLFSSL_INSTALL_PATH}
+    gcc
+    )
+  # Lib wolfssl depends on libgcc so to allow
+  # wolfssl to link with gcc we need to ensure it is placed
+  # after wolfssl_external on the linkers command line.
+endif()
+
+target_link_libraries(wolfSSL INTERFACE zephyr_interface)

IDE/zephyr/module/Kconfig

@@ -16,15 +16,25 @@
 # limitations under the License.
 #
 
+config ZEPHYR_WOLFSSL_MODULE
+        bool
+config WOLFSSL_PROMPTLESS
+        bool
+        help
+          Symbol to disable the prompt for WOLFSSL selection.
+          This symbol may be used internally in a Kconfig tree to hide the
+          wolfSSL menu prompt and instead handle the selection of WOLFSSL from
+          dependent sub-configurations and thus preven stuck symbol behavior.
+
 
 menuconfig WOLFSSL
-	bool "wolfSSL Support"
+	bool "wolfSSL Support" if !WOLFSSL_PROMPTLESS
 	help
 	  This option enables the wolfSSL cryptography library.
 
 if WOLFSSL
 
-choice
+choice WOLFSSL_IMPLEMENTATION
 	prompt "Select implementation"
 	default WOLFSSL_BUILTIN
 
@@ -52,9 +62,7 @@ config WOLFSSL_SETTINGS_FILE
 	  special TLS usage, use available Kconfig settings, or select an
 	  alternative config.
 
-if WOLFSSL_BUILTIN && WOLFSSL_SETTINGS_FILE = "user_settings-tls-generic.h"
-source "ext/lib/crypto/wolfssl/Kconfig.tls-generic"
-endif
+rsource "Kconfig.tls-generic"
 
 config WOLFSSL_DEBUG
 	bool "wolfSSL debug activation"
@@ -75,7 +83,6 @@ config WOLFSSL_INSTALL_PATH
 config APP_LINK_WITH_WOLFSSL
 	bool "Link 'app' with WOLFSSL"
 	default y
-	depends on WOLFSSL
 	help
 	  Add WOLFSSL header files to the 'app' include path. It may be
 	  disabled if the include paths for WOLFSSL are causing aliasing

IDE/zephyr/module/install_module.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+WOLFSSL_SRC_DIR=../../..
+
+if [ ! -d $WOLFSSL_SRC_DIR ]; then
+    echo "Directory does not exist: $WOLFSSL_SRC_DIR"
+    exit 1
+fi
+if [ ! -f $WOLFSSL_SRC_DIR/wolfssl/ssl.h ]; then
+    echo "Missing header file: $WOLFSSL_SRC_DIR/wolfssl/ssl.h"
+    exit 1
+fi
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_MODULES_DIR=$ZEPHYR_DIR/zephyr/modules
+if [ ! -d $ZEPHYR_MODULES_DIR ]; then
+    echo "Zephyr modules directory does not exist: $ZEPHYR_MODULES_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_MODULES_DIR/wolfssl
+
+echo "wolfSSL directory in Zephyr:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Build files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Done"
+

IDE/zephyr/module/zephyr_init.c

@@ -0,0 +1,40 @@
+/* zephyr_init.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/** @file
+ * @brief wolfSSL initialization
+ *
+ * Initialize the wolfSSL library.
+ */
+
+#include <init.h>
+
+#include "user_settings.h"
+#include "wolfssl/ssl.h"
+
+static int _wolfssl_init(const struct device *device)
+{
+    ARG_UNUSED(device);
+
+    return 0;
+}
+
+SYS_INIT(_wolfssl_init, POST_KERNEL, 0);

IDE/zephyr/setup.sh

@@ -16,6 +16,7 @@ fi
 cd `dirname $0`
 
 (cd lib; ./install_lib.sh $ZEPHYR_DIR)
+(cd module; ./install_module.sh $ZEPHYR_DIR)
 (cd wolfssl_test; ./install_test.sh $ZEPHYR_DIR)
 (cd wolfssl_tls_sock; ./install_sample.sh $ZEPHYR_DIR)
 (cd wolfssl_tls_thread; ./install_sample.sh $ZEPHYR_DIR)

IDE/zephyr/wolfssl_test/install_test.sh

@@ -22,12 +22,12 @@ if [ ! -d $ZEPHR_DIR ]; then
     echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
     exit 1
 fi
-ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
-if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
-    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+ZEPHYR_SAMPLES_DIR=$ZEPHYR_DIR/zephyr/samples/modules
+if [ ! -d $ZEPHYR_SAMPLES_DIR ]; then
+    echo "Zephyr samples/modules directory does not exist: $ZEPHYR_SAMPLES_DIR"
     exit 1
 fi
-ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_test
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_SAMPLES_DIR/wolfssl_test
 
 echo "wolfSSL directory:"
 echo "  $ZEPHYR_WOLFSSL_DIR"

IDE/zephyr/wolfssl_test/prj.conf

@@ -1,25 +1,16 @@
-# Kernel options
+
 CONFIG_MAIN_STACK_SIZE=32768
-CONFIG_ENTROPY_GENERATOR=y
-CONFIG_POSIX_API=y
-CONFIG_INIT_STACKS=y
-#CONFIG_FLOAT=y
-CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
-
-# Networking
-CONFIG_NETWORKING=y
-CONFIG_NET_TEST=y
-CONFIG_NET_LOOPBACK=y
-CONFIG_NET_IPV4=y
-CONFIG_NET_IPV6=y
-CONFIG_NET_SOCKETS=y
-CONFIG_DNS_RESOLVER=y
-
-# Logging
-CONFIG_PRINTK=y
-CONFIG_WOLFSSL_DEBUG=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384
 
 # TLS configuration
 CONFIG_WOLFSSL=y
 CONFIG_WOLFSSL_BUILTIN=y
 
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# Entropy
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y
+

IDE/zephyr/wolfssl_test/sample.yaml

@@ -1,9 +1,7 @@
 common:
-  harness: crypto
-  tags: crypto
-sample:
-  description: wolfSSL test application
-  name: wolfSSL Test
+  min_flash: 65
+  min_ram: 36
+  tags: crypto wolfssl userspace random
 tests:
-  test:
+  crypto.wolfssl_test:
     platform_whitelist: qemu_x86

IDE/zephyr/wolfssl_tls_sock/install_sample.sh

@@ -11,12 +11,12 @@ if [ ! -d $ZEPHR_DIR ]; then
     echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
     exit 1
 fi
-ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
-if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
-    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+ZEPHYR_SAMPLES_DIR=$ZEPHYR_DIR/zephyr/samples/modules
+if [ ! -d $ZEPHYR_SAMPLES_DIR ]; then
+    echo "Zephyr samples/module directory does not exist: $ZEPHYR_SAMPLES_DIR"
     exit 1
 fi
-ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_tls_sock
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_SAMPLES_DIR/wolfssl_tls_sock
 
 echo "wolfSSL directory:"
 echo "  $ZEPHYR_WOLFSSL_DIR"

IDE/zephyr/wolfssl_tls_sock/prj.conf

@@ -1,7 +1,6 @@
 # Kernel options
-CONFIG_MAIN_STACK_SIZE=12288
+CONFIG_MAIN_STACK_SIZE=16384
 CONFIG_ENTROPY_GENERATOR=y
-CONFIG_POSIX_API=y
 CONFIG_INIT_STACKS=y
 CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
 
@@ -40,7 +39,7 @@ CONFIG_NET_PKT_TX_COUNT=10
 
 # Logging
 CONFIG_PRINTK=y
-CONFIG_WOLFSSL_DEBUG=y
+#CONFIG_WOLFSSL_DEBUG=y
 
 # TLS configuration
 CONFIG_WOLFSSL=y

IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c

@@ -98,9 +98,6 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
     }
 
     if (ret == 0) {
-        /* make wolfSSL object nonblocking */
-        wolfSSL_set_using_nonblock(client_ssl, 1);
-
         /* Return newly created wolfSSL context and object */
         *ctx = client_ctx;
         *ssl = client_ssl;
@@ -174,9 +171,6 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
     }
 
     if (ret == 0) {
-        /* make wolfSSL object nonblocking */
-        wolfSSL_set_using_nonblock(server_ssl, 1);
-
         /* Return newly created wolfSSL context and object */
         *ctx = server_ctx;
         *ssl = server_ssl;
@@ -323,9 +317,7 @@ int wolfssl_server_accept_tcp(WOLFSSL* ssl, SOCKET_T* fd, SOCKET_T* acceptfd)
     if (ret == 0) {
         *acceptfd = clientfd;
         tcp_set_nonblocking(&clientfd);
-    }
 
-    if (ret == 0) {
         printf("Server has client\n");
         if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS)
             ret = -1;
@@ -360,7 +352,7 @@ void server_thread(void* arg1, void* arg2, void* arg3)
         ret = wolfssl_server_accept_tcp(server_ssl, &sockfd, &clientfd);
 
     while (ret == 0) {
-        k_sleep(100);
+        k_sleep(Z_TIMEOUT_TICKS(100));
         ret = wolfssl_server_accept(server_ssl);
         if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
             break;
@@ -453,7 +445,7 @@ void client_thread()
         ret = wolfssl_client_connect_tcp(client_ssl, &sockfd);
 
     while (ret == 0) {
-        k_sleep(10);
+        k_sleep(Z_TIMEOUT_TICKS(10));
         ret = wolfssl_client_connect(client_ssl);
         if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
             break;
@@ -467,7 +459,7 @@ void client_thread()
     }
     /* Receive HTTP response */
     while (ret == 0) {
-        k_sleep(10);
+        k_sleep(Z_TIMEOUT_TICKS(10));
         ret = wolfssl_recv(client_ssl);
     }
     if (ret == 1)
@@ -486,15 +478,17 @@ void client_thread()
 
 int main()
 {
-    int          ret = 0;
     THREAD_TYPE  serverThread;
 
     wolfSSL_Init();
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_ON();
+#endif
 
     /* Start server */
     start_thread(server_thread, NULL, &serverThread);
 
-    k_sleep(100);
+    k_sleep(Z_TIMEOUT_TICKS(100));
     client_thread();
 
     join_thread(serverThread);

IDE/zephyr/wolfssl_tls_thread/install_sample.sh

@@ -11,12 +11,12 @@ if [ ! -d $ZEPHR_DIR ]; then
     echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
     exit 1
 fi
-ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
-if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
-    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+ZEPHYR_SAMPLES_DIR=$ZEPHYR_DIR/zephyr/samples/modules
+if [ ! -d $ZEPHYR_SAMPLES_DIR ]; then
+    echo "Zephyr samples/modules directory does not exist: $ZEPHYR_SAMPLES_DIR"
     exit 1
 fi
-ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_tls_thread
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_SAMPLES_DIR/wolfssl_tls_thread
 
 echo "wolfSSL directory:"
 echo "  $ZEPHYR_WOLFSSL_DIR"

IDE/zephyr/wolfssl_tls_thread/prj.conf

@@ -1,7 +1,6 @@
 # Kernel options
-CONFIG_MAIN_STACK_SIZE=12288
+CONFIG_MAIN_STACK_SIZE=16384
 CONFIG_ENTROPY_GENERATOR=y
-CONFIG_POSIX_API=y
 CONFIG_INIT_STACKS=y
 CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
 
@@ -16,7 +15,7 @@ CONFIG_DNS_RESOLVER=y
 
 # Logging
 CONFIG_PRINTK=y
-CONFIG_WOLFSSL_DEBUG=y
+#CONFIG_WOLFSSL_DEBUG=y
 
 # TLS configuration
 CONFIG_WOLFSSL=y

IDE/zephyr/wolfssl_tls_thread/src/tls_threaded.c

@@ -436,6 +436,9 @@ int main()
     THREAD_TYPE serverThread;
 
     wolfSSL_Init();
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_ON();
+#endif
 
     wc_InitMutex(&client_mutex);
     wc_InitMutex(&server_mutex);
@@ -462,7 +465,7 @@ int main()
         ret = wolfssl_client_connect(client_ssl);
         if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
             break;
-        k_sleep(10);
+        k_sleep(Z_TIMEOUT_TICKS(10));
     }
 
     if (ret == 0) {
@@ -473,7 +476,7 @@ int main()
     }
     /* Receive HTTP response */
     while (ret == 0) {
-        k_sleep(10);
+        k_sleep(Z_TIMEOUT_TICKS(10));
         ret = wolfssl_recv(client_ssl);
     }
     if (ret == 1)

Makefile.am

@@ -3,6 +3,7 @@ SUFFIXES =
 TESTS =
 CLEANFILES =
 DISTCLEANFILES =
+MAINTAINERCLEANFILES =
 bin_PROGRAMS =
 noinst_HEADERS =
 lib_LTLIBRARIES =
@@ -124,7 +125,8 @@ CLEANFILES+= ecc-key.der \
              pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der \
              pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der \
              pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der \
-             tests/test-log-dump-to-file.txt
+             tests/test-log-dump-to-file.txt \
+             MyKeyLog.txt
 
 exampledir = $(docdir)/example
 dist_example_DATA=
@@ -238,6 +240,12 @@ scripts/unit.log: testsuite/testsuite.log
 DISTCLEANFILES+= cyassl-config
 DISTCLEANFILES+= wolfssl-config
 
+MAINTAINERCLEANFILES+= wolfssl/wolfcrypt/async.h
+MAINTAINERCLEANFILES+= wolfssl/wolfcrypt/fips.h
+MAINTAINERCLEANFILES+= wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
+MAINTAINERCLEANFILES+= wolfssl/wolfcrypt/port/intel/quickassist.h
+MAINTAINERCLEANFILES+= wolfssl/wolfcrypt/port/intel/quickassist_mem.h
+
 SUBDIRS=$(SUBDIRS_OPT)
 DIST_SUBDIRS=$(DIST_SUBDIRS_OPT)
 

README

@@ -72,59 +72,221 @@ should be used for the enum name.
 
 *** end Notes ***
 
-
-# wolfSSL Release 4.7.0 (February 16, 2021)
-Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
-
-### New Feature Additions
-* Compatibility Layer expansion SSL_get_verify_mode, X509_VERIFY_PARAM API, X509_STORE_CTX API added
-* WOLFSSL_PSK_IDENTITY_ALERT macro added for enabling a subset of TLS alerts
-* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
-* Implement RFC 5705: Keying Material Exporters for TLS
-* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
-* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
-
-### Fixes
-* Fix to free mutex when cert manager is free’d
-* Compatibility layer EVP function to return the correct block size and type
-* DTLS secure renegotiation fixes including resetting timeout and retransmit on duplicate HelloRequest
-* Fix for edge case with shrink buffer and secure renegotiation
-* Compile fix for type used with curve448 and PPC64
-* Fixes for SP math all with PPC64 and other embedded compilers
-* SP math all fix when performing montgomery reduction on one word modulus
-* Fixes to SP math all to better support digit size of 8-bit
-* Fix for results of edge case with SP integer square operation
-* Stop non-ct mod inv from using register x29 with SP ARM64 build
-* Fix edge case when generating z value of ECC with SP code
-* Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
-* Fix for compiling builds with RSA verify and public only
-* Fix for PKCS11 not properly exporting the public key due to a missing key type field
-* Call certificate callback with certificate depth issues
-* Fix for out-of-bounds read in TLSX_CSR_Parse()
-* Fix incorrect AES-GCM tag generation in the EVP layer
-* Fix for out of bounds write with SP math all enabled and an edge case of calling sp_tohex on the result of sp_mont_norm
-* Fix for parameter check in sp_rand_prime to handle 0 length values
-* Fix for edge case of failing malloc resulting in an out of bounds write with SHA256/SHA512 when small stack is enabled
-
-
-### Improvements/Optimizations
-* Added --enable-wolftpm option for easily building wolfSSL to be used with wolfTPM
-* DTLS macro WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT added for resending flight only after a timeout
-* Update linux kernel module to use kvmalloc and kvfree
-* Add user settings option to cmake build
-* Added support for AES GCM session ticket encryption
-* Thread protection for global RNG used by wolfSSL_RAND_bytes function calls
-* Sanity check on FIPs configure flag used against the version of FIPs bundle
-* --enable-aesgcm=table now is compatible with --enable-linuxkm
-* Increase output buffer size that wolfSSL_RAND_bytes can handle
-* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
+# wolfSSL Release 4.8.1 (July 16, 2021)
+Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
 
 ### Vulnerabilities
-* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
-* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
-* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
+* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim for the report.
 
 
+# wolfSSL Release 4.8.0 (July 09, 2021)
+Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### Vulnerabilities
+* [Low] OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer, Roee, Barak, Hila and Shoshi (from Cymotive and CARIAD) for the report.
+* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. 
+
+### New Feature Additions
+###### New Product
+* Added wolfSentry build with --enable-wolfsentry and tie-ins to wolfSSL code for use with wolfSentry
+
+###### Ports
+* QNX CAAM driver added, supporting ECC black keys, CMAC, BLOBs, and TRNG use
+*  _WIN32_WCE wolfCrypt port added
+* INTIME_RTOS directory support added
+* Added support for STM32G0
+* Renesas RX: Added intrinsics for rot[rl], revl (thanks @rliebscher)
+* Added support for running wolfcrypt/test/testwolfcrypt on Dolphin emulator to test DEVKITPRO port
+* Zephyr project port updated to latest version 2.6.X
+
+###### ASN1 and PKCS
+* Storing policy constraint extension from certificate added
+* Added support for NID_favouriteDrink pilot
+* Added the API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key
+
+###### Compatibility Layer Additions
+* Open Source PORTS Added/Updated
+    - OpenVPN
+    - OpenLDAP
+    - socat-1.7.4.1
+    - Updated QT port for 5.15.2
+* Changes to extend set_cipher_list() compatibility layer API to have set_ciphersuites compatibility layer API capability
+* Added more support for SHA3 in the EVP layer
+* API Added
+	- MD5/MD5_Transform
+	- SHA/SHA_Transform/SHA1_Transform
+	- SHA224/SHA256_Transform/SHA512_Transform
+	- SSL_CTX_get0_param/SSL_CTX_set1_param
+	- X509_load_crl_file
+	- SSL_CTX_get_min_proto_version
+	- EVP_ENCODE_CTX_new
+	- EVP_ENCODE_CTX_free
+	- EVP_EncodeInit
+	- EVP_EncodeUpdate
+	- EVP_EncodeFinal
+	- EVP_DecodeInit
+	- EVP_DecodeUpdate
+	- EVP_DecodeFinal
+	- EVP_PKEY_print_public
+	- BIO_tell
+	- THREADID_current
+	- THREADID_hash
+	- SSL_CTX_set_ecdh_auto
+	- RAND_set_rand_method()
+	- X509_LOOKUP_ctrl()
+	- RSA_bits
+	- EC_curve_nist2nid
+	- EC_KEY_set_group
+	- SSL_SESSION_set_cipher
+	- SSL_set_psk_use_session_callback
+	- EVP_PKEY_param_check
+	- DH_get0_pqg
+	- CRYPTO_get_ex_new_index
+	- SSL_SESSION_is_resumable
+	- SSL_CONF_cmd
+	- SSL_CONF_CTX_finish
+	- SSL_CTX_keylog_cb_func
+	- SSL_CTX_set_keylog_callback
+	- SSL_CTX_get_keylog_callback
+
+###### Misc.
+* Added wolfSSL_CTX_get_TicketEncCtx getter function to return the ticket encryption ctx value
+* Added wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex APIs to accept an Aes object to use for the AES operations
+* Added implementation of AES-GCM streaming (--enable-aesgcm-stream)
+* Added deterministic generation of k with ECC following RFC6979 when the macro WOLFSL_ECDSA_DETERMINISTIC_K is defined and wc_ecc_set_deterministic function is called
+* Implemented wc_DsaParamsDecode and wc_DsaKeyToParamsDer
+* Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
+* Added crypto callback support for Ed/Curve25519 and SHA2-512/384
+* TLS 1.3 wolfSSL_key_update_response function added to see if a update response is needed
+
+### Fixes
+* Fix for detecting extra unused bytes that are in an ASN1 sequence appended to the end of a valid ECC signature
+* Fix for keyid with ktri CMS (breaks compatibility with previous keyid ASN1 syntax)
+* Fix for failed handshake if a client offers more than 150 cipher suites. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University
+* Fix for default order of deprecated elliptic curves SECP224R1, SECP192R1, SECP160R1. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University
+* Fix for corner TLS downgrade case where a TLS 1.3 setup that allows for downgrades but has TLS 1.3 set as the minimum version would still downgrade to TLS 1.2
+
+###### PKCS7 (Multiple fixes throughout regarding memory leaks with SMIME and heap buffer overflows due to streaming functionality)
+* Fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData
+* Fix for heap buffer overflow on compare with wc_PKCS7_DecryptKtri
+* Fix for heap buffer overflow with wc_PKCS7_VerifySignedData
+* Fix for heap buffer overflow with wc_PKCS7_DecodeEnvelopedData
+* Check size of public key used with certificate passed into wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow
+* Fix for heap buffer overflow fix for wolfSSL_SMIME_read_PKCS7
+* Fix to cleanly free memory in error state with wolfSSL_SMIME_read_PKCS7
+* SMIME error checking improvements and canonicalize multi-part messages before hashing
+
+###### DTLS Fixes
+* DTLS fix to correctly move the Tx sequence number forward
+* DTLS fix for sequence and epoch number with secure renegotiation cookie exchange
+* Fix for Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation
+
+###### PORT Fixes
+* Fix AES, aligned key for the HW module with DCP port
+* Fix ATECC608A TNGTLS certificate size issue (thanks @vppillai)
+* Fixes for mingw compile warnings
+* Fixes for NXP LTC ECC/RSA
+* Fix ESP32 RSA hw accelerator initialization issue
+* Fixes for STM32 PKA with ECC
+* Fixes for STM32 AES GCM for HAL's that support byte sized headers
+* Espressif ESP32 SHA_CTX macro conflict resolved
+
+###### Math Library Fixes
+* For platforms that support limits.h or windows make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set to avoid issues with CTC_SETTINGS
+* SP C 32/64: fix corner cases around subtraction affecting RSA PSS use
+* Fix to return the error code from sp_cond_swap_ct when malloc fails
+* Fix potential memory leak with small stack in the function fp_gcd
+* Static Analysis Fixes
+* Fixes made from Coverity analysis including:
+* Cleanups for some return values,
+* Fix for leak with wolfSSL_a2i_ASN1_INTEGER
+* Sanity check on length in wolfSSL_BN_rand
+* Sanity check size in TLSX_Parse catching a possible integer overflow
+* Fixes found with -fsanitize=undefined testing
+* Fix null dereferences or undefined memcpy calls
+* Fix alignment in myCryptoDevCb
+* Fix default DTLS context assignment
+* Added align configure option to force data alignment
+
+###### Misc.
+* Fix for wolfSSL_ASN1_TIME_adj set length
+* Fix for freeing structure on error case in the function AddTrustedPeer
+* Return value of SSL_read when called after bidirectional shutdown
+* Fix for build options ./configure --enable-dtls --disable-asn
+* FIx for detection of a salt length from an RSA PSS signature
+* Fix to free up globalRNGMutex mutex when cleaning up global RNG
+* Fix leak when multiple hardware names are in SAN
+* Fix nonblocking ret value from CRL I/O callbacks
+* Fix wolfSSL_BIO_free_all return type to better match for compatibility layer
+* Fix for make distcheck, maintainer-clean, to allow distribution builds
+* Fix for async with fragmented packets
+* Fix for the build or RSA verify or public only
+* Fix for return value of wolfSSL_BIO_set_ssl to better match expected compatibility layer return value
+* Fix for sanity checks on size of issuer hash and key along with better freeing on error cases with DecodeBasicOcspResponse
+* Fix for potential memory leak with wolfSSL_OCSP_cert_to_id
+
+### Improvements/Optimizations
+###### DTLS/TLS Code Base
+* Improved TLS v1.3 time rollover support
+* TLS 1.3 PSK: use the hash algorithm to choose cipher suite
+* TLS Extended Master Secret ext: TLS13 - send in second Client Hello if in first
+* TLS Encrypt then MAC: check all padding bytes are the same value
+* wolfSSL_GetMaxRecordSize updated to now take additional cipher data into account
+* Updated session export/import with DTLS to handle a new internal options flag
+* Refactored dtls_expected_peer_handshake_number handling
+* Added wolfSSL_CTX_get_ephemeral_key and wolfSSL_get_ephemeral_key for loading a constant key in place of an ephemeral one
+* Improved checking of XSNPRINTF return value in DecodePolicyOID
+
+###### Build Options and Warnings
+* Added wolfSSL_CTX_set_verify to the ABI list
+* Adjusted FP_ECC build to not allow SECP160R1, SECP160R2, SECP160K1 and SECP224K1. FP_ECC does not work with scalars that are the length of the order when the order is longer than the prime.
+* Added CMake support for CURVE25519, ED25519, CURVE448, and ED448
+* cmake addition to test paths when building
+* Added support for session tickets in CMake
+* Added support for reproducible builds with CMake
+* Turn on reproducible-build by default when enable-distro
+* Windows Project: Include the X448 and Ed448 files
+* GCC-11 compile time warning fixes
+* Fix for compiling build of ./configure '--disable-tlsv12' '-enable-pkcallbacks'
+* Added build error for insecure build combination of secure renegotiation enabled with extended master secret disabled when session resumption is enabled
+* Updated building and running with Apple M1
+* Apache httpd build without TLS 1.3 macro guard added
+* Enable SHA3 and SHAKE256 requirements automatically when ED448 is enabled
+* Added option for AES CBC cipher routines to return BAD_LENGTH_E when called with an input buffer length not a multiple of AES_BLOCK_SIZE
+* Macro WOLFSSL_SP_INT_DIGIT_ALIGN added for alignment on buffers with SP build. This was needed for compiler building on a Renesas board.
+* Build support with no hashes enabled an no RNG compiled in
+* Allow use of FREESCALE hardware RNG without a specific port
+* Resolved some warnings with Windows builds and PBKDF disabled
+* Updated the version of autoconf and automake along with fixes for some new GCC-10 warnings
+
+###### Math Libraries
+* SP: Thumb implementation that works with clang
+* SP math all: sp_cmp handling of negative values
+* SP C ECC: mont sub - always normalize after sub before check for add
+* TFM math library prime checking, added more error checks with small stack build
+* Sanity checks on 0 value with GCD math function
+* fp_exptmod_ct error checking and small stack variable free on error
+* Sanity check on supported digit size when calling mp_add_d in non fastmath builds
+* Support for mp_dump with SP Math ALL
+* WOLFSSL_SP_NO_MALLOC for both the normal SP build and small SP build now
+* WOLFSSL_SP_NO_DYN_STACK added for SP small code that is not small stack build to avoid dynamic stack
+
+###### PKCS 7/8
+* wc_PKCS7_DecodeCompressedData to optionally handle a packet without content wrapping
+* Added setting of content type parsed with PKCS7  wc_PKCS7_DecodeAuthEnvelopedData and wc_PKCS7_DecodeEnvelopedData
+* PKCS8 code improvements and refactoring
+
+###### Misc.
+* Sanity checks on null inputs to the functions wolfSSL_X509_get_serialNumber and wolfSSL_X509_NAME_print_ex
+* Added ARM CryptoCell support for importing public key with wc_ecc_import_x963_ex()
+* Improved checking for possible use of key->dp == NULL cases with ECC functions
+* Updated SHAKE256 to compile with NIST FIPS 202 standard and added support for OID values (thanks to strongX509)
+* Improved ECC operations when using WOLFSSL_NO_MALLOC
+* Added WOLFSSL_SNIFFER_FATAL_ERROR for an return value when sniffer is in a fatal state
+* Allow parsing spaces in Base64_SkipNewline
+* Issue callback when exceeding depth limit rather than error out with OPENSSL_EXTRA build
+* Added NXP LTC RSA key generation acceleration
+
 For additional vulnerability information visit the vulnerability page at
 https://www.wolfssl.com/docs/security-vulnerabilities/
 

README.md

@@ -76,56 +76,219 @@ macro ```NO_OLD_SHA_NAMES```. These names get mapped to the OpenSSL API for a
 single call hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and
 WC_SHA512 should be used for the enum name.
 
-# wolfSSL Release 4.7.0 (February 16, 2021)
-Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
-
-### New Feature Additions
-* Compatibility Layer expansion SSL_get_verify_mode, X509_VERIFY_PARAM API, X509_STORE_CTX API added
-* WOLFSSL_PSK_IDENTITY_ALERT macro added for enabling a subset of TLS alerts
-* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
-* Implement RFC 5705: Keying Material Exporters for TLS
-* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
-* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
-
-### Fixes
-* Fix to free mutex when cert manager is free’d
-* Compatibility layer EVP function to return the correct block size and type
-* DTLS secure renegotiation fixes including resetting timeout and retransmit on duplicate HelloRequest
-* Fix for edge case with shrink buffer and secure renegotiation
-* Compile fix for type used with curve448 and PPC64
-* Fixes for SP math all with PPC64 and other embedded compilers
-* SP math all fix when performing montgomery reduction on one word modulus
-* Fixes to SP math all to better support digit size of 8-bit
-* Fix for results of edge case with SP integer square operation
-* Stop non-ct mod inv from using register x29 with SP ARM64 build
-* Fix edge case when generating z value of ECC with SP code
-* Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
-* Fix for compiling builds with RSA verify and public only
-* Fix for PKCS11 not properly exporting the public key due to a missing key type field
-* Call certificate callback with certificate depth issues
-* Fix for out-of-bounds read in TLSX_CSR_Parse()
-* Fix incorrect AES-GCM tag generation in the EVP layer
-* Fix for out of bounds write with SP math all enabled and an edge case of calling sp_tohex on the result of sp_mont_norm
-* Fix for parameter check in sp_rand_prime to handle 0 length values
-* Fix for edge case of failing malloc resulting in an out of bounds write with SHA256/SHA512 when small stack is enabled
-
-
-### Improvements/Optimizations
-* Added --enable-wolftpm option for easily building wolfSSL to be used with wolfTPM
-* DTLS macro WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT added for resending flight only after a timeout
-* Update linux kernel module to use kvmalloc and kvfree
-* Add user settings option to cmake build
-* Added support for AES GCM session ticket encryption
-* Thread protection for global RNG used by wolfSSL_RAND_bytes function calls
-* Sanity check on FIPs configure flag used against the version of FIPs bundle
-* --enable-aesgcm=table now is compatible with --enable-linuxkm
-* Increase output buffer size that wolfSSL_RAND_bytes can handle
-* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
+# wolfSSL Release 4.8.1 (July 16, 2021)
+Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
 
 ### Vulnerabilities
-* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
-* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
-* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
+* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim for the report.
+
+# wolfSSL Release 4.8.0 (July 09, 2021)
+Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### Vulnerabilities
+* [Low] OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer, Roee, Barak, Hila and Shoshi (from Cymotive and CARIAD) for the report.
+* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
+
+### New Feature Additions
+###### New Product
+* Added wolfSentry build with --enable-wolfsentry and tie-ins to wolfSSL code for use with wolfSentry
+
+###### Ports
+* QNX CAAM driver added, supporting ECC black keys, CMAC, BLOBs, and TRNG use
+*  _WIN32_WCE wolfCrypt port added
+* INTIME_RTOS directory support added
+* Added support for STM32G0
+* Renesas RX: Added intrinsics for rot[rl], revl (thanks @rliebscher)
+* Added support for running wolfcrypt/test/testwolfcrypt on Dolphin emulator to test DEVKITPRO port
+* Zephyr project port updated to latest version 2.6.X
+
+###### ASN1 and PKCS
+* Storing policy constraint extension from certificate added
+* Added support for NID_favouriteDrink pilot
+* Added the API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key
+
+###### Compatibility Layer Additions
+* Open Source PORTS Added/Updated
+    - OpenVPN
+    - OpenLDAP
+    - socat-1.7.4.1
+    - Updated QT port for 5.15.2
+* Changes to extend set_cipher_list() compatibility layer API to have set_ciphersuites compatibility layer API capability
+* Added more support for SHA3 in the EVP layer
+* API Added
+    - MD5/MD5_Transform
+    - SHA/SHA_Transform/SHA1_Transform
+    - SHA224/SHA256_Transform/SHA512_Transform
+    - SSL_CTX_get0_param/SSL_CTX_set1_param
+    - X509_load_crl_file
+    - SSL_CTX_get_min_proto_version
+    - EVP_ENCODE_CTX_new
+    - EVP_ENCODE_CTX_free
+    - EVP_EncodeInit
+    - EVP_EncodeUpdate
+    - EVP_EncodeFinal
+    - EVP_DecodeInit
+    - EVP_DecodeUpdate
+    - EVP_DecodeFinal
+    - EVP_PKEY_print_public
+    - BIO_tell
+    - THREADID_current
+    - THREADID_hash
+    - SSL_CTX_set_ecdh_auto
+    - RAND_set_rand_method()
+    - X509_LOOKUP_ctrl()
+    - RSA_bits
+    - EC_curve_nist2nid
+    - EC_KEY_set_group
+    - SSL_SESSION_set_cipher
+    - SSL_set_psk_use_session_callback
+    - EVP_PKEY_param_check
+    - DH_get0_pqg
+    - CRYPTO_get_ex_new_index
+    - SSL_SESSION_is_resumable
+    - SSL_CONF_cmd
+    - SSL_CONF_CTX_finish
+    - SSL_CTX_keylog_cb_func
+    - SSL_CTX_set_keylog_callback
+    - SSL_CTX_get_keylog_callback
+
+###### Misc.
+* Added wolfSSL_CTX_get_TicketEncCtx getter function to return the ticket encryption ctx value
+* Added wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex APIs to accept an Aes object to use for the AES operations
+* Added implementation of AES-GCM streaming (--enable-aesgcm-stream)
+* Added deterministic generation of k with ECC following RFC6979 when the macro WOLFSL_ECDSA_DETERMINISTIC_K is defined and wc_ecc_set_deterministic function is called
+* Implemented wc_DsaParamsDecode and wc_DsaKeyToParamsDer
+* Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
+* Added crypto callback support for Ed/Curve25519 and SHA2-512/384
+* TLS 1.3 wolfSSL_key_update_response function added to see if a update response is needed
+
+### Fixes
+* Fix for detecting extra unused bytes that are in an ASN1 sequence appended to the end of a valid ECC signature
+* Fix for keyid with ktri CMS (breaks compatibility with previous keyid ASN1 syntax)
+* Fix for failed handshake if a client offers more than 150 cipher suites. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University
+* Fix for default order of deprecated elliptic curves SECP224R1, SECP192R1, SECP160R1. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University
+* Fix for corner TLS downgrade case where a TLS 1.3 setup that allows for downgrades but has TLS 1.3 set as the minimum version would still downgrade to TLS 1.2
+
+###### PKCS7 (Multiple fixes throughout regarding memory leaks with SMIME and heap buffer overflows due to streaming functionality)
+* Fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData
+* Fix for heap buffer overflow on compare with wc_PKCS7_DecryptKtri
+* Fix for heap buffer overflow with wc_PKCS7_VerifySignedData
+* Fix for heap buffer overflow with wc_PKCS7_DecodeEnvelopedData
+* Check size of public key used with certificate passed into wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow
+* Fix for heap buffer overflow fix for wolfSSL_SMIME_read_PKCS7
+* Fix to cleanly free memory in error state with wolfSSL_SMIME_read_PKCS7
+* SMIME error checking improvements and canonicalize multi-part messages before hashing
+
+###### DTLS Fixes
+* DTLS fix to correctly move the Tx sequence number forward
+* DTLS fix for sequence and epoch number with secure renegotiation cookie exchange
+* Fix for Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation
+
+###### PORT Fixes
+* Fix AES, aligned key for the HW module with DCP port
+* Fix ATECC608A TNGTLS certificate size issue (thanks @vppillai)
+* Fixes for mingw compile warnings
+* Fixes for NXP LTC ECC/RSA
+* Fix ESP32 RSA hw accelerator initialization issue
+* Fixes for STM32 PKA with ECC
+* Fixes for STM32 AES GCM for HAL's that support byte sized headers
+* Espressif ESP32 SHA_CTX macro conflict resolved
+
+###### Math Library Fixes
+* For platforms that support limits.h or windows make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set to avoid issues with CTC_SETTINGS
+* SP C 32/64: fix corner cases around subtraction affecting RSA PSS use
+* Fix to return the error code from sp_cond_swap_ct when malloc fails
+* Fix potential memory leak with small stack in the function fp_gcd
+* Static Analysis Fixes
+* Fixes made from Coverity analysis including:
+* Cleanups for some return values,
+* Fix for leak with wolfSSL_a2i_ASN1_INTEGER
+* Sanity check on length in wolfSSL_BN_rand
+* Sanity check size in TLSX_Parse catching a possible integer overflow
+* Fixes found with -fsanitize=undefined testing
+* Fix null dereferences or undefined memcpy calls
+* Fix alignment in myCryptoDevCb
+* Fix default DTLS context assignment
+* Added align configure option to force data alignment
+
+###### Misc.
+* Fix for wolfSSL_ASN1_TIME_adj set length
+* Fix for freeing structure on error case in the function AddTrustedPeer
+* Return value of SSL_read when called after bidirectional shutdown
+* Fix for build options ./configure --enable-dtls --disable-asn
+* FIx for detection of a salt length from an RSA PSS signature
+* Fix to free up globalRNGMutex mutex when cleaning up global RNG
+* Fix leak when multiple hardware names are in SAN
+* Fix nonblocking ret value from CRL I/O callbacks
+* Fix wolfSSL_BIO_free_all return type to better match for compatibility layer
+* Fix for make distcheck, maintainer-clean, to allow distribution builds
+* Fix for async with fragmented packets
+* Fix for the build or RSA verify or public only
+* Fix for return value of wolfSSL_BIO_set_ssl to better match expected compatibility layer return value
+* Fix for sanity checks on size of issuer hash and key along with better freeing on error cases with DecodeBasicOcspResponse
+* Fix for potential memory leak with wolfSSL_OCSP_cert_to_id
+
+### Improvements/Optimizations
+###### DTLS/TLS Code Base
+* Improved TLS v1.3 time rollover support
+* TLS 1.3 PSK: use the hash algorithm to choose cipher suite
+* TLS Extended Master Secret ext: TLS13 - send in second Client Hello if in first
+* TLS Encrypt then MAC: check all padding bytes are the same value
+* wolfSSL_GetMaxRecordSize updated to now take additional cipher data into account
+* Updated session export/import with DTLS to handle a new internal options flag
+* Refactored dtls_expected_peer_handshake_number handling
+* Added wolfSSL_CTX_get_ephemeral_key and wolfSSL_get_ephemeral_key for loading a constant key in place of an ephemeral one
+* Improved checking of XSNPRINTF return value in DecodePolicyOID
+
+###### Build Options and Warnings
+* Added wolfSSL_CTX_set_verify to the ABI list
+* Adjusted FP_ECC build to not allow SECP160R1, SECP160R2, SECP160K1 and SECP224K1. FP_ECC does not work with scalars that are the length of the order when the order is longer than the prime.
+* Added CMake support for CURVE25519, ED25519, CURVE448, and ED448
+* cmake addition to test paths when building
+* Added support for session tickets in CMake
+* Added support for reproducible builds with CMake
+* Turn on reproducible-build by default when enable-distro
+* Windows Project: Include the X448 and Ed448 files
+* GCC-11 compile time warning fixes
+* Fix for compiling build of ./configure '--disable-tlsv12' '-enable-pkcallbacks'
+* Added build error for insecure build combination of secure renegotiation enabled with extended master secret disabled when session resumption is enabled
+* Updated building and running with Apple M1
+* Apache httpd build without TLS 1.3 macro guard added
+* Enable SHA3 and SHAKE256 requirements automatically when ED448 is enabled
+* Added option for AES CBC cipher routines to return BAD_LENGTH_E when called with an input buffer length not a multiple of AES_BLOCK_SIZE
+* Macro WOLFSSL_SP_INT_DIGIT_ALIGN added for alignment on buffers with SP build. This was needed for compiler building on a Renesas board.
+* Build support with no hashes enabled an no RNG compiled in
+* Allow use of FREESCALE hardware RNG without a specific port
+* Resolved some warnings with Windows builds and PBKDF disabled
+* Updated the version of autoconf and automake along with fixes for some new GCC-10 warnings
+
+###### Math Libraries
+* SP: Thumb implementation that works with clang
+* SP math all: sp_cmp handling of negative values
+* SP C ECC: mont sub - always normalize after sub before check for add
+* TFM math library prime checking, added more error checks with small stack build
+* Sanity checks on 0 value with GCD math function
+* fp_exptmod_ct error checking and small stack variable free on error
+* Sanity check on supported digit size when calling mp_add_d in non fastmath builds
+* Support for mp_dump with SP Math ALL
+* WOLFSSL_SP_NO_MALLOC for both the normal SP build and small SP build now
+* WOLFSSL_SP_NO_DYN_STACK added for SP small code that is not small stack build to avoid dynamic stack
+
+###### PKCS 7/8
+* wc_PKCS7_DecodeCompressedData to optionally handle a packet without content wrapping
+* Added setting of content type parsed with PKCS7  wc_PKCS7_DecodeAuthEnvelopedData and wc_PKCS7_DecodeEnvelopedData
+* PKCS8 code improvements and refactoring
+
+###### Misc.
+* Sanity checks on null inputs to the functions wolfSSL_X509_get_serialNumber and wolfSSL_X509_NAME_print_ex
+* Added ARM CryptoCell support for importing public key with wc_ecc_import_x963_ex()
+* Improved checking for possible use of key->dp == NULL cases with ECC functions
+* Updated SHAKE256 to compile with NIST FIPS 202 standard and added support for OID values (thanks to strongX509)
+* Improved ECC operations when using WOLFSSL_NO_MALLOC
+* Added WOLFSSL_SNIFFER_FATAL_ERROR for an return value when sniffer is in a fatal state
+* Allow parsing spaces in Base64_SkipNewline
+* Issue callback when exceeding depth limit rather than error out with OPENSSL_EXTRA build
+* Added NXP LTC RSA key generation acceleration
 
 
 For additional vulnerability information visit the vulnerability page at

certs/crl/server-goodaltCrl.pem

@@ -1,38 +1,38 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com
-        Last Update: Sep 19 21:21:24 2018 GMT
-        Next Update: Jun 15 21:21:24 2021 GMT
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
+        Last Update: Jun 15 22:02:33 2021 GMT
+        Next Update: Mar 11 22:02:33 2024 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         01:b3:58:8d:bf:27:46:70:f1:cc:29:71:24:0b:ba:e3:fc:d4:
-         c8:30:09:3a:5e:e5:61:c7:d2:02:61:63:ba:e1:06:25:eb:4e:
-         04:77:dc:31:4d:59:84:63:ee:09:5d:41:dd:07:8f:07:15:71:
-         79:cb:6c:67:a9:e5:53:01:7d:98:b0:d0:a2:36:7a:8c:bf:51:
-         84:78:0e:b3:d8:ef:7c:b7:9e:de:c0:09:46:3d:43:e0:9d:a1:
-         d7:77:d2:a6:28:f7:9e:92:82:ba:a9:cc:a8:d0:2b:f8:09:9b:
-         fd:e4:2d:e6:d4:d5:60:2e:31:48:e8:55:3f:54:e9:f4:c4:78:
-         4d:0a:43:9d:3a:2e:44:9a:e7:63:25:73:e7:c4:fb:71:2b:0d:
-         3e:ad:e6:95:7d:60:95:4f:f6:cf:a7:52:59:e0:4b:f2:51:46:
-         0a:0c:9c:2e:2d:55:ae:57:76:a7:4b:8e:48:53:87:f7:e3:3c:
-         44:9b:70:17:96:c4:dc:f0:d1:43:a8:5e:59:5c:2d:4d:88:e6:
-         07:20:e4:75:09:dd:c4:9a:46:5c:c5:1f:20:f8:8a:dc:07:3d:
-         f2:31:11:cd:43:d8:72:c7:8b:83:78:c1:e3:a5:bc:8e:87:2b:
-         be:fd:66:0f:ab:4b:82:df:9e:71:e8:de:69:4c:c0:93:e6:9f:
-         9c:78:b0:05
+         8a:53:b8:29:0e:37:13:d7:8a:f8:3e:d3:c9:20:3b:fa:6c:8a:
+         1c:59:3a:54:4d:93:ca:68:e2:b0:08:b3:23:d1:98:a5:0e:44:
+         4c:19:e7:de:a1:e4:56:6e:c5:d2:9a:05:d4:d5:c7:07:8d:65:
+         ca:df:cf:5e:89:74:d3:9d:3f:1f:c4:1e:f2:cf:5c:e0:c7:a8:
+         23:cc:c3:db:cb:f6:9d:55:3a:9d:7a:7a:4b:c7:b8:7e:d1:6f:
+         17:d2:a3:03:2d:9f:97:12:12:e8:75:a0:2e:64:3e:f5:ae:72:
+         a6:52:4a:9d:fe:39:f5:82:fc:d7:cf:34:4d:c2:23:eb:64:95:
+         44:e6:1d:4b:2b:26:87:6e:3a:d0:e9:93:26:f7:a5:fd:45:66:
+         79:1f:14:93:1e:5d:92:07:f0:a1:53:ae:c3:32:b7:17:be:85:
+         57:cb:4d:a3:1f:26:71:be:ae:21:10:4f:df:6d:3e:ca:0a:84:
+         4c:b7:d2:29:b2:34:3e:5d:aa:0b:16:e1:c4:92:cc:aa:2d:13:
+         f0:7d:1d:cf:52:ff:15:4e:12:b3:ff:d9:b6:72:06:be:26:f7:
+         78:85:2d:ba:65:4a:55:85:85:71:47:8d:fd:23:68:c8:cd:8b:
+         de:d3:8b:33:56:77:03:72:41:d6:29:81:d9:bf:ae:bb:55:3b:
+         da:b0:bc:b8
 -----BEGIN X509 CRL-----
 MIIB3DCBxQIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20XDTE4MDkxOTIxMjEyNFoXDTIxMDYxNTIxMjEyNFqgDjAM
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQABs1iNvydGcPHMKXEkC7rj
-/NTIMAk6XuVhx9ICYWO64QYl604Ed9wxTVmEY+4JXUHdB48HFXF5y2xnqeVTAX2Y
-sNCiNnqMv1GEeA6z2O98t57ewAlGPUPgnaHXd9KmKPeekoK6qcyo0Cv4CZv95C3m
-1NVgLjFI6FU/VOn0xHhNCkOdOi5EmudjJXPnxPtxKw0+reaVfWCVT/bPp1JZ4Evy
-UUYKDJwuLVWuV3anS45IU4f34zxEm3AXlsTc8NFDqF5ZXC1NiOYHIOR1Cd3EmkZc
-xR8g+IrcBz3yMRHNQ9hyx4uDeMHjpbyOhyu+/WYPq0uC355x6N5pTMCT5p+ceLAF
+Zm9Ad29sZnNzbC5jb20XDTIxMDYxNTIyMDIzM1oXDTI0MDMxMTIyMDIzM1qgDjAM
+MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCKU7gpDjcT14r4PtPJIDv6
+bIocWTpUTZPKaOKwCLMj0ZilDkRMGefeoeRWbsXSmgXU1ccHjWXK389eiXTTnT8f
+xB7yz1zgx6gjzMPby/adVTqdenpLx7h+0W8X0qMDLZ+XEhLodaAuZD71rnKmUkqd
+/jn1gvzXzzRNwiPrZJVE5h1LKyaHbjrQ6ZMm96X9RWZ5HxSTHl2SB/ChU67DMrcX
+voVXy02jHyZxvq4hEE/fbT7KCoRMt9IpsjQ+XaoLFuHEksyqLRPwfR3PUv8VThKz
+/9m2cga+Jvd4hS26ZUpVhYVxR439I2jIzYve04szVncDckHWKYHZv667VTvasLy4
 -----END X509 CRL-----

certs/crl/server-goodaltwildCrl.pem

@@ -1,38 +1,38 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com
-        Last Update: Sep 19 21:21:24 2018 GMT
-        Next Update: Jun 15 21:21:24 2021 GMT
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = www.nomatch.com, emailAddress = info@wolfssl.com
+        Last Update: Jun 15 22:02:33 2021 GMT
+        Next Update: Mar 11 22:02:33 2024 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         01:b3:58:8d:bf:27:46:70:f1:cc:29:71:24:0b:ba:e3:fc:d4:
-         c8:30:09:3a:5e:e5:61:c7:d2:02:61:63:ba:e1:06:25:eb:4e:
-         04:77:dc:31:4d:59:84:63:ee:09:5d:41:dd:07:8f:07:15:71:
-         79:cb:6c:67:a9:e5:53:01:7d:98:b0:d0:a2:36:7a:8c:bf:51:
-         84:78:0e:b3:d8:ef:7c:b7:9e:de:c0:09:46:3d:43:e0:9d:a1:
-         d7:77:d2:a6:28:f7:9e:92:82:ba:a9:cc:a8:d0:2b:f8:09:9b:
-         fd:e4:2d:e6:d4:d5:60:2e:31:48:e8:55:3f:54:e9:f4:c4:78:
-         4d:0a:43:9d:3a:2e:44:9a:e7:63:25:73:e7:c4:fb:71:2b:0d:
-         3e:ad:e6:95:7d:60:95:4f:f6:cf:a7:52:59:e0:4b:f2:51:46:
-         0a:0c:9c:2e:2d:55:ae:57:76:a7:4b:8e:48:53:87:f7:e3:3c:
-         44:9b:70:17:96:c4:dc:f0:d1:43:a8:5e:59:5c:2d:4d:88:e6:
-         07:20:e4:75:09:dd:c4:9a:46:5c:c5:1f:20:f8:8a:dc:07:3d:
-         f2:31:11:cd:43:d8:72:c7:8b:83:78:c1:e3:a5:bc:8e:87:2b:
-         be:fd:66:0f:ab:4b:82:df:9e:71:e8:de:69:4c:c0:93:e6:9f:
-         9c:78:b0:05
+         8a:53:b8:29:0e:37:13:d7:8a:f8:3e:d3:c9:20:3b:fa:6c:8a:
+         1c:59:3a:54:4d:93:ca:68:e2:b0:08:b3:23:d1:98:a5:0e:44:
+         4c:19:e7:de:a1:e4:56:6e:c5:d2:9a:05:d4:d5:c7:07:8d:65:
+         ca:df:cf:5e:89:74:d3:9d:3f:1f:c4:1e:f2:cf:5c:e0:c7:a8:
+         23:cc:c3:db:cb:f6:9d:55:3a:9d:7a:7a:4b:c7:b8:7e:d1:6f:
+         17:d2:a3:03:2d:9f:97:12:12:e8:75:a0:2e:64:3e:f5:ae:72:
+         a6:52:4a:9d:fe:39:f5:82:fc:d7:cf:34:4d:c2:23:eb:64:95:
+         44:e6:1d:4b:2b:26:87:6e:3a:d0:e9:93:26:f7:a5:fd:45:66:
+         79:1f:14:93:1e:5d:92:07:f0:a1:53:ae:c3:32:b7:17:be:85:
+         57:cb:4d:a3:1f:26:71:be:ae:21:10:4f:df:6d:3e:ca:0a:84:
+         4c:b7:d2:29:b2:34:3e:5d:aa:0b:16:e1:c4:92:cc:aa:2d:13:
+         f0:7d:1d:cf:52:ff:15:4e:12:b3:ff:d9:b6:72:06:be:26:f7:
+         78:85:2d:ba:65:4a:55:85:85:71:47:8d:fd:23:68:c8:cd:8b:
+         de:d3:8b:33:56:77:03:72:41:d6:29:81:d9:bf:ae:bb:55:3b:
+         da:b0:bc:b8
 -----BEGIN X509 CRL-----
 MIIB3DCBxQIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy
 aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20XDTE4MDkxOTIxMjEyNFoXDTIxMDYxNTIxMjEyNFqgDjAM
-MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQABs1iNvydGcPHMKXEkC7rj
-/NTIMAk6XuVhx9ICYWO64QYl604Ed9wxTVmEY+4JXUHdB48HFXF5y2xnqeVTAX2Y
-sNCiNnqMv1GEeA6z2O98t57ewAlGPUPgnaHXd9KmKPeekoK6qcyo0Cv4CZv95C3m
-1NVgLjFI6FU/VOn0xHhNCkOdOi5EmudjJXPnxPtxKw0+reaVfWCVT/bPp1JZ4Evy
-UUYKDJwuLVWuV3anS45IU4f34zxEm3AXlsTc8NFDqF5ZXC1NiOYHIOR1Cd3EmkZc
-xR8g+IrcBz3yMRHNQ9hyx4uDeMHjpbyOhyu+/WYPq0uC355x6N5pTMCT5p+ceLAF
+Zm9Ad29sZnNzbC5jb20XDTIxMDYxNTIyMDIzM1oXDTI0MDMxMTIyMDIzM1qgDjAM
+MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCKU7gpDjcT14r4PtPJIDv6
+bIocWTpUTZPKaOKwCLMj0ZilDkRMGefeoeRWbsXSmgXU1ccHjWXK389eiXTTnT8f
+xB7yz1zgx6gjzMPby/adVTqdenpLx7h+0W8X0qMDLZ+XEhLodaAuZD71rnKmUkqd
+/jn1gvzXzzRNwiPrZJVE5h1LKyaHbjrQ6ZMm96X9RWZ5HxSTHl2SB/ChU67DMrcX
+voVXy02jHyZxvq4hEE/fbT7KCoRMt9IpsjQ+XaoLFuHEksyqLRPwfR3PUv8VThKz
+/9m2cga+Jvd4hS26ZUpVhYVxR439I2jIzYve04szVncDckHWKYHZv667VTvasLy4
 -----END X509 CRL-----

certs/crl/server-goodcnCrl.pem

@@ -1,38 +1,38 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=localhost/emailAddress=info@wolfssl.com
-        Last Update: Sep 19 21:21:24 2018 GMT
-        Next Update: Jun 15 21:21:24 2021 GMT
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = localhost, emailAddress = info@wolfssl.com
+        Last Update: Jun 15 22:02:33 2021 GMT
+        Next Update: Mar 11 22:02:33 2024 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         2c:f5:7a:4f:67:06:9b:f2:56:8c:e1:00:05:70:60:5b:60:51:
-         ad:65:7e:10:69:c9:84:98:b6:66:33:18:ba:f8:86:f9:23:e3:
-         ac:42:53:1d:27:5d:28:6a:d7:1c:a2:28:4d:02:01:c4:23:c1:
-         b8:ac:d3:ba:e1:75:d0:2e:ad:98:78:39:f2:c1:6b:7b:4b:78:
-         f2:f6:49:6f:92:2e:59:91:e9:de:7f:ef:62:5e:77:df:1c:a9:
-         1a:d5:b8:63:1f:53:0e:b7:28:f8:5e:61:11:1b:b4:dd:9c:85:
-         77:45:7d:31:fc:61:ab:55:f9:8d:50:ce:56:a0:ff:c0:a8:60:
-         b5:7a:ec:f1:6a:c8:94:be:89:41:47:a2:22:d9:9d:8e:f7:36:
-         d2:6f:bc:ce:04:3d:b7:9d:5c:82:37:59:9f:67:15:78:a0:a7:
-         c1:2f:01:d5:f0:ac:0f:34:21:d7:16:c8:dc:b1:af:60:e0:b1:
-         de:88:6f:d9:e5:32:c2:63:01:79:e6:10:ef:30:ef:c2:c6:08:
-         89:cc:21:76:b8:ee:18:bc:88:66:7a:88:89:b4:ba:d9:02:00:
-         92:73:6a:b5:84:ec:0c:9c:fc:d1:c1:0f:f2:e2:18:30:a6:be:
-         1d:99:8b:16:26:65:fd:fe:15:48:16:1d:68:0b:1e:b4:a0:0d:
-         ec:93:cb:a2
+         00:64:45:a0:7a:db:6a:39:fb:5b:ac:38:18:9c:dd:62:a9:8d:
+         8f:76:64:1f:42:07:81:81:57:e3:58:14:cd:5c:49:53:cb:30:
+         fc:4e:28:0d:29:8e:12:96:f7:d3:59:87:27:cf:b9:70:95:79:
+         dc:2a:08:ce:0c:e8:96:fc:95:b3:d0:89:18:8d:7a:80:45:dc:
+         66:32:3b:e7:65:93:ed:87:59:f5:4b:4d:c9:88:f2:54:e3:b0:
+         d5:3d:29:1f:ff:01:7f:13:88:5b:1a:0c:bd:84:c0:ab:ea:7a:
+         cb:ea:bb:80:35:fa:e5:5d:72:8c:2b:5a:48:2d:b6:c7:90:fa:
+         32:71:e4:f5:ec:59:a0:b5:38:7e:0a:68:d7:f3:ab:c8:a1:33:
+         b6:1f:54:11:d1:a4:87:d7:a6:99:2f:c1:08:0a:a6:e8:91:12:
+         a9:e7:fe:46:84:a2:a8:6a:40:c8:b5:6c:28:f5:ad:80:34:98:
+         69:ae:a5:16:ca:e9:85:07:21:39:11:be:82:f0:9d:dc:6c:af:
+         24:8a:05:e9:26:14:c2:d5:f0:12:ba:73:dc:73:b9:31:24:5f:
+         a1:d5:cc:a5:f2:f3:85:33:b2:2b:50:8f:33:c9:85:b1:b9:20:
+         37:a8:92:55:66:45:06:da:3c:7b:85:c0:70:6d:fd:ae:e6:17:
+         5b:78:40:ae
 -----BEGIN X509 CRL-----
 MIIB1TCBvgIBATANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE
 CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
-c3NsLmNvbRcNMTgwOTE5MjEyMTI0WhcNMjEwNjE1MjEyMTI0WqAOMAwwCgYDVR0U
-BAMCAQEwDQYJKoZIhvcNAQELBQADggEBACz1ek9nBpvyVozhAAVwYFtgUa1lfhBp
-yYSYtmYzGLr4hvkj46xCUx0nXShq1xyiKE0CAcQjwbis07rhddAurZh4OfLBa3tL
-ePL2SW+SLlmR6d5/72Jed98cqRrVuGMfUw63KPheYREbtN2chXdFfTH8YatV+Y1Q
-zlag/8CoYLV67PFqyJS+iUFHoiLZnY73NtJvvM4EPbedXII3WZ9nFXigp8EvAdXw
-rA80IdcWyNyxr2Dgsd6Ib9nlMsJjAXnmEO8w78LGCInMIXa47hi8iGZ6iIm0utkC
-AJJzarWE7Ayc/NHBD/LiGDCmvh2ZixYmZf3+FUgWHWgLHrSgDeyTy6I=
+c3NsLmNvbRcNMjEwNjE1MjIwMjMzWhcNMjQwMzExMjIwMjMzWqAOMAwwCgYDVR0U
+BAMCAQEwDQYJKoZIhvcNAQELBQADggEBAABkRaB622o5+1usOBic3WKpjY92ZB9C
+B4GBV+NYFM1cSVPLMPxOKA0pjhKW99NZhyfPuXCVedwqCM4M6Jb8lbPQiRiNeoBF
+3GYyO+dlk+2HWfVLTcmI8lTjsNU9KR//AX8TiFsaDL2EwKvqesvqu4A1+uVdcowr
+WkgttseQ+jJx5PXsWaC1OH4KaNfzq8ihM7YfVBHRpIfXppkvwQgKpuiREqnn/kaE
+oqhqQMi1bCj1rYA0mGmupRbK6YUHITkRvoLwndxsrySKBekmFMLV8BK6c9xzuTEk
+X6HVzKXy84UzsitQjzPJhbG5IDeoklVmRQbaPHuFwHBt/a7mF1t4QK4=
 -----END X509 CRL-----

certs/crl/server-goodcnwildCrl.pem

@@ -1,38 +1,38 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=*localhost/emailAddress=info@wolfssl.com
-        Last Update: Sep 19 21:21:24 2018 GMT
-        Next Update: Jun 15 21:21:24 2021 GMT
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, OU = Engineering, CN = *localhost, emailAddress = info@wolfssl.com
+        Last Update: Jun 15 22:02:33 2021 GMT
+        Next Update: Mar 11 22:02:33 2024 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         0f:0e:30:ee:50:7a:50:b0:8d:06:74:9a:67:0b:3f:44:c1:13:
-         58:4e:87:0c:0c:8d:89:44:6e:29:f2:14:0c:5e:57:65:88:fb:
-         b9:56:a7:99:71:3d:12:16:25:d1:38:19:9d:76:41:e6:e0:37:
-         0e:0a:52:93:26:19:c3:9d:27:10:29:d4:30:5f:1a:9f:9f:0a:
-         2e:c0:3a:7c:07:f0:fe:c4:ad:7b:84:a8:2e:e5:06:a9:8d:dd:
-         b2:2b:bf:e8:ac:e8:d8:30:2b:eb:5f:67:ca:4a:b8:d5:be:7b:
-         37:0d:04:ef:ad:9d:5d:9c:a3:02:5c:cd:97:4a:78:7c:16:2b:
-         7d:90:b5:8a:ef:3d:68:53:72:5b:21:92:8b:a3:48:72:f8:f3:
-         6a:c0:10:93:0f:de:43:d0:7a:b0:f6:13:e9:96:64:5d:d9:a7:
-         11:e5:ea:72:09:5e:be:a0:6b:54:e8:fb:23:b7:58:a4:a0:88:
-         d9:cc:22:25:9a:1a:1a:83:40:99:97:05:0f:7f:e6:a9:ee:1a:
-         a2:6a:4d:f2:60:f3:46:5d:95:3a:03:a6:8a:a0:79:16:f7:3c:
-         1f:16:29:02:7b:c8:bb:98:d9:ed:b0:a3:fb:4a:2a:9e:00:0a:
-         cf:42:94:fa:14:73:4f:26:ed:a2:97:8d:a5:86:0f:72:e9:7b:
-         06:da:35:08
+         70:25:b0:87:e0:58:78:55:a7:8f:4a:53:b8:46:39:2f:5f:fe:
+         7a:29:a9:e6:78:f4:3f:e4:ce:95:3f:fe:08:d2:7e:30:2e:7c:
+         2f:a2:9d:1d:30:36:35:6e:e6:20:89:58:d4:d8:23:42:dd:ae:
+         8a:63:3f:4c:20:14:40:24:0f:cd:a4:5e:da:1e:32:c1:08:fe:
+         b9:48:87:d4:07:dc:1e:0f:a5:5c:a7:5c:fe:20:96:54:60:69:
+         6c:dd:e2:55:77:e5:d1:b0:6e:b1:fb:a1:2b:89:59:55:ba:f1:
+         fd:23:bc:05:33:29:7c:5f:63:f3:ed:47:8a:db:46:f2:df:cd:
+         b4:57:55:28:25:0f:be:41:97:c7:69:cf:b7:36:e2:d4:13:8d:
+         53:dc:a6:3e:fb:e0:0a:98:bc:6d:3a:86:4b:13:3f:a2:a0:06:
+         97:d0:c9:2b:48:9f:a2:66:39:cb:64:07:cc:32:64:51:11:fb:
+         76:1d:28:af:89:8f:ba:f3:7f:1a:6b:b6:b7:1e:0d:6e:70:55:
+         ae:12:0b:af:8d:1c:46:f7:33:b3:36:8b:28:cb:9d:da:95:9e:
+         93:c6:8d:d3:c6:81:bf:93:01:99:dd:90:8e:20:89:6d:1f:cd:
+         e8:f2:0e:e3:26:a6:e8:ec:04:4c:4d:43:3f:d2:28:bd:e2:03:
+         c5:dc:e6:96
 -----BEGIN X509 CRL-----
 MIIB1jCBvwIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE
 CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp
 bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
-ZnNzbC5jb20XDTE4MDkxOTIxMjEyNFoXDTIxMDYxNTIxMjEyNFqgDjAMMAoGA1Ud
-FAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAPDjDuUHpQsI0GdJpnCz9EwRNYTocM
-DI2JRG4p8hQMXldliPu5VqeZcT0SFiXROBmddkHm4DcOClKTJhnDnScQKdQwXxqf
-nwouwDp8B/D+xK17hKgu5Qapjd2yK7/orOjYMCvrX2fKSrjVvns3DQTvrZ1dnKMC
-XM2XSnh8Fit9kLWK7z1oU3JbIZKLo0hy+PNqwBCTD95D0Hqw9hPplmRd2acR5epy
-CV6+oGtU6Psjt1ikoIjZzCIlmhoag0CZlwUPf+ap7hqiak3yYPNGXZU6A6aKoHkW
-9zwfFikCe8i7mNntsKP7SiqeAArPQpT6FHNPJu2il42lhg9y6XsG2jUI
+ZnNzbC5jb20XDTIxMDYxNTIyMDIzM1oXDTI0MDMxMTIyMDIzM1qgDjAMMAoGA1Ud
+FAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBwJbCH4Fh4VaePSlO4RjkvX/56Kanm
+ePQ/5M6VP/4I0n4wLnwvop0dMDY1buYgiVjU2CNC3a6KYz9MIBRAJA/NpF7aHjLB
+CP65SIfUB9weD6Vcp1z+IJZUYGls3eJVd+XRsG6x+6EriVlVuvH9I7wFMyl8X2Pz
+7UeK20by3820V1UoJQ++QZfHac+3NuLUE41T3KY+++AKmLxtOoZLEz+ioAaX0Mkr
+SJ+iZjnLZAfMMmRREft2HSiviY+6838aa7a3Hg1ucFWuEguvjRxG9zOzNosoy53a
+lZ6Txo3TxoG/kwGZ3ZCOIIltH83o8g7jJqbo7ARMTUM/0ii94gPF3OaW
 -----END X509 CRL-----

certs/ed25519/ca-ed25519-key.pem

@@ -1,4 +1,3 @@
------BEGIN EDDSA PRIVATE KEY-----
-MFICAQAwBQYDK2VwBCIEIAw37caag1d0w0pY63b7oe9Frg8SA0rLDtnWWDl7MafZ
-oSIEIKqWfWdx1/6tqF8UGL4C0BV+gGS5IXuyP3x0bv/1hOKB
------END EDDSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAQjt6+YLP+d8Z3fPwMilt+v12T2jCwuBsR67CVWisDU0=
+-----END PUBLIC KEY-----

certs/ed25519/ca-ed25519-priv.pem

@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIAw37caag1d0w0pY63b7oe9Frg8SA0rLDtnWWDl7MafZ
+MC4CAQAwBQYDK2VwBCIEIPhVt7ZJP5mciOPFQmqkR0rkldrbv/inQp0O59BXjxZp
 -----END PRIVATE KEY-----

certs/ed25519/ca-ed25519.pem

@@ -1,15 +1,47 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    42:3b:7a:f9:82:cf:f9:df:19:dd:f3:f0:32:29:6d:
+                    fa:fd:76:4f:68:c2:c2:e0:6c:47:ae:c2:55:68:ac:
+                    0d:4d
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
+            X509v3 Authority Key Identifier: 
+                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ED25519
+         da:fe:58:53:89:43:85:98:35:dc:13:1c:a3:f1:1f:8d:26:be:
+         b6:a2:fc:b7:fe:9c:b9:35:69:31:7e:d4:b9:11:45:16:a2:29:
+         35:a9:74:a7:97:da:7e:71:4f:b1:72:5d:75:17:ac:e3:f6:b8:
+         ce:1e:e4:8a:95:ba:cd:1d:ce:0d
 -----BEGIN CERTIFICATE-----
-MIICVDCCAgagAwIBAgIQQAiKTYWESER1OSfza785ITAFBgMrZXAwgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAqpZ9Z3HX/q2oXxQYvgLQFX6AZLkhe7I/fHRu//WE4oGjYDBe
-MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG6LDcksWUNgr6UyhWz1dPO6VJvMMB8G
-A1UdIwQYMBaAFBl6CabmJl9fBlLOYyRaj1xxPbt3MA4GA1UdDwEB/wQEAwIBxjAF
-BgMrZXADQQC7w3pxbsKWWTZl1BQDkNAauSRVUoKYgLK67OcsHMYTpbjNLan5jeT+
-3z62i4fbzNBLDJD89XUSjtqQt1LRoE0F
+MIICTDCCAf6gAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk
+MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDMx
+MDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
+MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAqMAUGAytlcAMh
+AEI7evmCz/nfGd3z8DIpbfr9dk9owsLgbEeuwlVorA1No2MwYTAdBgNVHQ4EFgQU
+dNU4GV6DuQP4AYo1NbuJTEm0I+kwHwYDVR0jBBgwFoAU+rpbdh3xHR1NdEjYmDtW
+77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VwA0EA
+2v5YU4lDhZg13BMco/EfjSa+tqL8t/6cuTVpMX7UuRFFFqIpNal0p5fafnFPsXJd
+dRes4/a4zh7kipW6zR3ODQ==
 -----END CERTIFICATE-----

certs/ed25519/client-ed25519-key.pem

@@ -1,4 +1,3 @@
------BEGIN EDDSA PRIVATE KEY-----
-MFICAQAwBQYDK2VwBCIEICkn2+pW4KyBhuv1IuoymGLEqp9hTFcALhcvKrmHgkhs
-oSIEIE6fglljSpes+m6VbFo7Uuuj2ef2J7uJ+3e046zCCGrA
------END EDDSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEA5ldbExvHURRr7Tv10fqrnmy26wIJo5n1br+dPP5UOeY=
+-----END PUBLIC KEY-----

certs/ed25519/client-ed25519-priv.pem

@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEICkn2+pW4KyBhuv1IuoymGLEqp9hTFcALhcvKrmHgkhs
+MC4CAQAwBQYDK2VwBCIEIJK1TOyvgca7AdbV3r03l1rSxvbDhbU75uTsMunHylLr
 -----END PRIVATE KEY-----

certs/ed25519/client-ed25519.pem

@@ -1,15 +1,57 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            40:66:c6:11:bc:00:f8:51:f9:e4:4b:bb:0b:ad:c1:09:38:b0:4a:e4
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Client-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    e6:57:5b:13:1b:c7:51:14:6b:ed:3b:f5:d1:fa:ab:
+                    9e:6c:b6:eb:02:09:a3:99:f5:6e:bf:9d:3c:fe:54:
+                    39:e6
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                FE:41:5E:3E:81:E2:2E:46:B3:3E:47:89:90:D4:C2:B4:8E:11:D6:8A
+            X509v3 Authority Key Identifier: 
+                keyid:FE:41:5E:3E:81:E2:2E:46:B3:3E:47:89:90:D4:C2:B4:8E:11:D6:8A
+                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_ed25519/OU=Client-ed25519/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:40:66:C6:11:BC:00:F8:51:F9:E4:4B:BB:0B:AD:C1:09:38:B0:4A:E4
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Alternative Name: 
+                DNS:example.com, IP Address:127.0.0.1
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+    Signature Algorithm: ED25519
+         e0:87:e2:ce:d3:87:77:9d:f7:44:c0:73:00:ff:07:6d:2e:90:
+         90:5c:bf:30:46:9c:75:a9:48:50:8a:da:09:0f:a8:a8:04:b4:
+         33:c8:f4:28:61:9e:c2:a5:19:b7:70:1e:69:cd:49:5c:9a:f3:
+         81:e0:de:38:b3:37:ff:33:bb:07
 -----BEGIN CERTIFICATE-----
-MIICTDCCAf6gAwIBAgIQFcHfya6OWie0wxPOBaz6TDAFBgMrZXAwgZsxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ8wDQYD
-VQQEDAZjbGllbnQxEDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB0VEMjU1MTkx
-GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEZMBcGA1UEBQAQaW5mb0B3b2xmc3Ns
-LmNvbTAiGA8yMDIxMDIwOTE5NTAwNFoYDzIwMjMwMjEwMTk1MDA0WjCBmzELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xDzAN
-BgNVBAQMBmNsaWVudDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUx
-OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZz
-c2wuY29tMCowBQYDK2VwAyEATp+CWWNKl6z6bpVsWjtS66PZ5/Ynu4n7d7TjrMII
-asCjUjBQMB0GA1UdDgQWBBQxmyle67rNf5gcL3e47pgvKH2Z+DAfBgNVHSMEGDAW
-gBQxmyle67rNf5gcL3e47pgvKH2Z+DAOBgNVHQ8BAf8EBAMCBsAwBQYDK2VwA0EA
-2DDJOFXo02UBBQyoCvcK5n21/GJmFQiwlQQICFMzq//6xYm8eYtNN/RkCnBDysvj
-p6jnAwZw6/MMujoxC3PtCg==
+MIIDVDCCAwagAwIBAgIUQGbGEbwA+FH55Eu7C63BCTiwSuQwBQYDK2VwMIGfMQsw
+CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
+MBYGA1UECgwPd29sZlNTTF9lZDI1NTE5MRcwFQYDVQQLDA5DbGllbnQtZWQyNTUx
+OTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
+QHdvbGZzc2wuY29tMB4XDTIxMDMxMDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZ8x
+CzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFu
+MRgwFgYDVQQKDA93b2xmU1NMX2VkMjU1MTkxFzAVBgNVBAsMDkNsaWVudC1lZDI1
+NTE5MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb20wKjAFBgMrZXADIQDmV1sTG8dRFGvtO/XR+quebLbrAgmj
+mfVuv508/lQ55qOCAVAwggFMMB0GA1UdDgQWBBT+QV4+geIuRrM+R4mQ1MK0jhHW
+ijCB3wYDVR0jBIHXMIHUgBT+QV4+geIuRrM+R4mQ1MK0jhHWiqGBpaSBojCBnzEL
+MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
+GDAWBgNVBAoMD3dvbGZTU0xfZWQyNTUxOTEXMBUGA1UECwwOQ2xpZW50LWVkMjU1
+MTkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5m
+b0B3b2xmc3NsLmNvbYIUQGbGEbwA+FH55Eu7C63BCTiwSuQwDAYDVR0TBAUwAwEB
+/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEF
+BQcDAQYIKwYBBQUHAwIwBQYDK2VwA0EA4IfiztOHd533RMBzAP8HbS6QkFy/MEac
+dalIUIraCQ+oqAS0M8j0KGGewqUZt3Aeac1JXJrzgeDeOLM3/zO7Bw==
 -----END CERTIFICATE-----

certs/ed25519/gen-ed25519-certs.sh

@@ -0,0 +1,105 @@
+#!/bin/bash
+
+check_result(){
+    if [ $1 -ne 0 ]; then
+        echo "Failed at \"$2\", Abort"
+        exit 1
+    else
+        echo "Step Succeeded!"
+    fi
+}
+
+openssl pkey -in root-ed25519-priv.pem -noout >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    echo "OpenSSL does not support Ed25519"
+    echo "Skipping Ed25519 certificate renewal"
+    exit 0
+fi
+
+############################################################
+###### update the self-signed root-ed25519.pem #############
+############################################################
+echo "Updating root-ed25519.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\\nMontana\\nBozeman\\nwolfSSL_Ed25519\\nRoot-Ed25519\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
+openssl req -new -key root-ed25519-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-ed25519.csr
+check_result $? "Generate request"
+
+openssl x509 -req -in root-ed25519.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-ed25519-priv.pem -out root-ed25519.pem
+check_result $? "Generate certificate"
+rm root-ed25519.csr
+
+openssl x509 -in root-ed25519.pem -outform DER > root-ed25519.der
+check_result $? "Convert to DER"
+openssl x509 -in root-ed25519.pem -text > tmp.pem
+check_result $? "Add text"
+mv tmp.pem root-ed25519.pem
+echo "End of section"
+echo "---------------------------------------------------------------------"
+
+############################################################
+###### update ca-ed25519.pem signed by root ################
+############################################################
+echo "Updating ca-ed25519.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\\nMontana\\nBozeman\\nwolfSSL_ed25519\\nCA-ed25519\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-ed25519-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-ed25519.csr
+check_result $? "Generate request"
+
+openssl x509 -req -in ca-ed25519.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-ed25519.pem -CAkey root-ed25519-priv.pem -set_serial 01 -out ca-ed25519.pem
+check_result $? "Generate certificate"
+rm ca-ed25519.csr
+
+openssl x509 -in ca-ed25519.pem -outform DER > ca-ed25519.der
+check_result $? "Convert to DER"
+openssl x509 -in ca-ed25519.pem -text > tmp.pem
+check_result $? "Add text"
+mv tmp.pem ca-ed25519.pem
+echo "End of section"
+echo "---------------------------------------------------------------------"
+
+############################################################
+###### update server-ed25519.pem signed by ca ##############
+############################################################
+echo "Updating server-ed25519.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\\nMontana\\nBozeman\\nwolfSSL_ed25519\\nServer-ed25519\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-ed25519-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-ed25519.csr
+check_result $? "Generate request"
+
+openssl x509 -req -in server-ed25519.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-ed25519.pem -CAkey ca-ed25519-priv.pem -set_serial 01 -out server-ed25519-cert.pem
+check_result $? "Generate certificate"
+rm server-ed25519.csr
+
+openssl x509 -in server-ed25519-cert.pem -outform DER > server-ed25519.der
+check_result $? "Convert to DER"
+openssl x509 -in server-ed25519-cert.pem -text > tmp.pem
+check_result $? "Add text"
+mv tmp.pem server-ed25519-cert.pem
+cat server-ed25519-cert.pem ca-ed25519.pem > server-ed25519.pem
+check_result $? "Add CA into server cert"
+echo "End of section"
+echo "---------------------------------------------------------------------"
+
+############################################################
+###### update the self-signed client-ed25519.pem ###########
+############################################################
+echo "Updating client-ed25519.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\\nMontana\\nBozeman\\nwolfSSL_ed25519\\nClient-ed25519\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-ed25519-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-ed25519.csr
+check_result $? "Generate request"
+
+openssl x509 -req -in client-ed25519.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions client_ecc -signkey client-ed25519-priv.pem -out client-ed25519.pem
+check_result $? "Generate certificate"
+rm client-ed25519.csr
+
+openssl x509 -in client-ed25519.pem -outform DER > client-ed25519.der
+check_result $? "Convert to DER"
+openssl x509 -in client-ed25519.pem -text > tmp.pem
+check_result $? "Add text"
+mv tmp.pem client-ed25519.pem
+echo "End of section"
+echo "---------------------------------------------------------------------"
+

certs/ed25519/gen-ed25519-keys.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+for key in root ca server client
+do
+
+  openssl genpkey -algorithm ED25519 > ${key}-ed25519-priv.pem
+
+  openssl pkey -in ${key}-ed25519-priv.pem -outform DER -out ${key}-ed25519-priv.der
+
+  openssl pkey -in ${key}-ed25519-priv.pem -outform PEM -pubout -out ${key}-ed25519-key.pem
+
+  openssl pkey -in ${key}-ed25519-priv.pem -outform DER -pubout -out ${key}-ed25519-key.der
+
+done
+
+

certs/ed25519/include.am

@@ -28,3 +28,8 @@ EXTRA_DIST += \
          certs/ed25519/server-ed25519-key.pem \
          certs/ed25519/server-ed25519-priv.der \
          certs/ed25519/server-ed25519-priv.pem
+
+EXTRA_DIST += \
+         certs/ed25519/gen-ed25519.sh \
+         certs/ed25519/gen-ed25519-certs.sh \
+         certs/ed25519/gen-ed25519-keys.sh

certs/ed25519/root-ed25519-key.pem

@@ -1,4 +1,3 @@
------BEGIN EDDSA PRIVATE KEY-----
-MFICAQAwBQYDK2VwBCIEIPUBUd1CTNITOelSbDQlzuGA30xv42CVcvpe92sq7N+o
-oSIEIIgura+qJ+c7nKcbmd2OK5+dL++bfwkNtP5Cs9JL+nwO
------END EDDSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEA6bNvfHCKq8pUIE5kdjwaT/f6Xkr/89u5ZC0QpQxaP9o=
+-----END PUBLIC KEY-----

certs/ed25519/root-ed25519-priv.pem

@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIPUBUd1CTNITOelSbDQlzuGA30xv42CVcvpe92sq7N+o
+MC4CAQAwBQYDK2VwBCIEIFcyr6XNVwsNpxIoY6ENIWmuvF/LJs2xkuvuxmoPrf1w
 -----END PRIVATE KEY-----

certs/ed25519/root-ed25519.pem

@@ -1,15 +1,48 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3c:8f:b8:f9:5c:f1:81:97:76:e0:cc:04:c6:f6:77:7b:4f:92:4c:c6
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    e9:b3:6f:7c:70:8a:ab:ca:54:20:4e:64:76:3c:1a:
+                    4f:f7:fa:5e:4a:ff:f3:db:b9:64:2d:10:a5:0c:5a:
+                    3f:da
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
+            X509v3 Authority Key Identifier: 
+                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ED25519
+         44:f7:5d:ad:c0:68:5e:0c:af:c5:dd:da:a4:f9:34:4f:33:4f:
+         b3:db:bb:b6:36:67:f4:4d:63:a5:61:e8:b8:98:b7:e7:d3:52:
+         8b:fb:ca:61:97:db:34:55:63:a8:27:e8:22:16:b6:a9:f1:8d:
+         0e:f8:d1:56:08:45:b6:40:d9:09
 -----BEGIN CERTIFICATE-----
-MIICVjCCAgigAwIBAgIQYlI7cNFaPvFoHcYXLFMPzTAFBgMrZXAwgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wKjAFBgMrZXADIQCILq2vqifnO5ynG5ndjiufnS/vm38JDbT+QrPSS/p8DqNg
-MF4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUGXoJpuYmX18GUs5jJFqPXHE9u3cw
-HwYDVR0jBBgwFoAUGXoJpuYmX18GUs5jJFqPXHE9u3cwDgYDVR0PAQH/BAQDAgHG
-MAUGAytlcANBAOzVbL+V/Ik567gy9xUG5NwC1PE/SXEl6pNWTewxHAj8wU1IkDLT
-FLYfC9ezVkWy9aOYaLH79T63Hl/tIahybgc=
+MIICYTCCAhOgAwIBAgIUPI+4+VzxgZd24MwExvZ3e0+STMYwBQYDK2VwMIGdMQsw
+CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
+MBYGA1UECgwPd29sZlNTTF9FZDI1NTE5MRUwEwYDVQQLDAxSb290LUVkMjU1MTkx
+GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
+b2xmc3NsLmNvbTAeFw0yMTAzMTAwNjQ5MDNaFw0yMzEyMDUwNjQ5MDNaMIGdMQsw
+CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEY
+MBYGA1UECgwPd29sZlNTTF9FZDI1NTE5MRUwEwYDVQQLDAxSb290LUVkMjU1MTkx
+GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
+b2xmc3NsLmNvbTAqMAUGAytlcAMhAOmzb3xwiqvKVCBOZHY8Gk/3+l5K//PbuWQt
+EKUMWj/ao2MwYTAdBgNVHQ4EFgQU+rpbdh3xHR1NdEjYmDtW77MU894wHwYDVR0j
+BBgwFoAU+rpbdh3xHR1NdEjYmDtW77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAYYwBQYDK2VwA0EARPddrcBoXgyvxd3apPk0TzNPs9u7tjZn9E1j
+pWHouJi359NSi/vKYZfbNFVjqCfoIha2qfGNDvjRVghFtkDZCQ==
 -----END CERTIFICATE-----

certs/ed25519/server-ed25519-cert.pem

@@ -1,30 +1,52 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    23:aa:4d:60:50:e0:13:d3:3a:ed:ab:f6:a9:cc:4a:
+                    fe:d7:4d:2f:d2:5b:1a:10:05:ef:5a:41:25:ce:1b:
+                    53:78
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA
+            X509v3 Authority Key Identifier: 
+                keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
+
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            Netscape Cert Type: 
+                SSL Server
+    Signature Algorithm: ED25519
+         f3:c2:ef:8b:55:65:4f:bc:e3:df:fc:d8:a1:ad:8e:43:07:73:
+         c8:58:c3:46:0a:c1:f1:4d:3f:fb:3d:78:e6:76:58:26:ce:d7:
+         59:55:ec:c5:b5:b4:05:ed:f9:d4:97:69:66:d6:2c:1b:43:5a:
+         51:5c:be:10:28:95:c4:96:af:00
 -----BEGIN CERTIFICATE-----
-MIICRjCCAfigAwIBAgIQQyBFY/XbM3h5GPnWdnTeajAFBgMrZXAwgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCIYDzIwMjEwMjA5MTk1MDA0WhgPMjAyMzAyMTAxOTUwMDRaMIGZMQswCQYDVQQG
-EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UE
-BAwETGVhZjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAi/OP+P/p9GU5NF71Iny3X/19LSd1vDHlmtPu8us3ryijUjBQ
-MB0GA1UdDgQWBBQp8hOvwv+m0cj7fJgvDhEuOGSijjAfBgNVHSMEGDAWgBRuiw3J
-LFlDYK+lMoVs9XTzulSbzDAOBgNVHQ8BAf8EBAMCBsAwBQYDK2VwA0EAo/sGXBKn
-xIvogGi7VbdCmq1KbS04WEC2Kiu6DI22jOpQecqeUQ+iJ+Ua7tIlSsv0NPqqraq8
-KKxhcSh1nWQbDQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICVDCCAgagAwIBAgIQQAiKTYWESER1OSfza785ITAFBgMrZXAwgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAqpZ9Z3HX/q2oXxQYvgLQFX6AZLkhe7I/fHRu//WE4oGjYDBe
-MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG6LDcksWUNgr6UyhWz1dPO6VJvMMB8G
-A1UdIwQYMBaAFBl6CabmJl9fBlLOYyRaj1xxPbt3MA4GA1UdDwEB/wQEAwIBxjAF
-BgMrZXADQQC7w3pxbsKWWTZl1BQDkNAauSRVUoKYgLK67OcsHMYTpbjNLan5jeT+
-3z62i4fbzNBLDJD89XUSjtqQt1LRoE0F
+MIICdTCCAiegAwIBAgIBATAFBgMrZXAwgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
+MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMTAzMTAw
+NjQ5MDNaFw0yMzEyMDUwNjQ5MDNaMIGfMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
+TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9lZDI1
+NTE5MRcwFQYDVQQLDA5TZXJ2ZXItZWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCowBQYDK2Vw
+AyEAI6pNYFDgE9M67av2qcxK/tdNL9JbGhAF71pBJc4bU3ijgYkwgYYwHQYDVR0O
+BBYEFKMpgeeQb7lg+K/MFXqu16H0tIa6MB8GA1UdIwQYMBaAFHTVOBleg7kD+AGK
+NTW7iUxJtCPpMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAFBgMrZXADQQDzwu+LVWVP
+vOPf/NihrY5DB3PIWMNGCsHxTT/7PXjmdlgmztdZVezFtbQF7fnUl2lm1iwbQ1pR
+XL4QKJXElq8A
 -----END CERTIFICATE-----

certs/ed25519/server-ed25519-key.pem

@@ -1,4 +1,3 @@
------BEGIN EDDSA PRIVATE KEY-----
-MFICAQAwBQYDK2VwBCIEIHyd6hRAi4voY3m+UTepnRnoKo50DlIF3i9js6EkbTEG
-oSIEIIvzj/j/6fRlOTRe9SJ8t1/9fS0ndbwx5ZrT7vLrN68o
------END EDDSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAI6pNYFDgE9M67av2qcxK/tdNL9JbGhAF71pBJc4bU3g=
+-----END PUBLIC KEY-----

certs/ed25519/server-ed25519-priv.pem

@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIHyd6hRAi4voY3m+UTepnRnoKo50DlIF3i9js6EkbTEG
+MC4CAQAwBQYDK2VwBCIEII6YRLBUgcY6R9j7wza/GXBhCSN24xxvgziuSVXFnoci
 -----END PRIVATE KEY-----

certs/ed25519/server-ed25519.pem

@@ -1,30 +1,99 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = Server-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    23:aa:4d:60:50:e0:13:d3:3a:ed:ab:f6:a9:cc:4a:
+                    fe:d7:4d:2f:d2:5b:1a:10:05:ef:5a:41:25:ce:1b:
+                    53:78
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A3:29:81:E7:90:6F:B9:60:F8:AF:CC:15:7A:AE:D7:A1:F4:B4:86:BA
+            X509v3 Authority Key Identifier: 
+                keyid:74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
+
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            Netscape Cert Type: 
+                SSL Server
+    Signature Algorithm: ED25519
+         f3:c2:ef:8b:55:65:4f:bc:e3:df:fc:d8:a1:ad:8e:43:07:73:
+         c8:58:c3:46:0a:c1:f1:4d:3f:fb:3d:78:e6:76:58:26:ce:d7:
+         59:55:ec:c5:b5:b4:05:ed:f9:d4:97:69:66:d6:2c:1b:43:5a:
+         51:5c:be:10:28:95:c4:96:af:00
 -----BEGIN CERTIFICATE-----
-MIICRjCCAfigAwIBAgIQQyBFY/XbM3h5GPnWdnTeajAFBgMrZXAwgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCIYDzIwMjEwMjA5MTk1MDA0WhgPMjAyMzAyMTAxOTUwMDRaMIGZMQswCQYDVQQG
-EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjENMAsGA1UE
-BAwETGVhZjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAi/OP+P/p9GU5NF71Iny3X/19LSd1vDHlmtPu8us3ryijUjBQ
-MB0GA1UdDgQWBBQp8hOvwv+m0cj7fJgvDhEuOGSijjAfBgNVHSMEGDAWgBRuiw3J
-LFlDYK+lMoVs9XTzulSbzDAOBgNVHQ8BAf8EBAMCBsAwBQYDK2VwA0EAo/sGXBKn
-xIvogGi7VbdCmq1KbS04WEC2Kiu6DI22jOpQecqeUQ+iJ+Ua7tIlSsv0NPqqraq8
-KKxhcSh1nWQbDQ==
+MIICdTCCAiegAwIBAgIBATAFBgMrZXAwgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
+MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMTAzMTAw
+NjQ5MDNaFw0yMzEyMDUwNjQ5MDNaMIGfMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
+TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9lZDI1
+NTE5MRcwFQYDVQQLDA5TZXJ2ZXItZWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCowBQYDK2Vw
+AyEAI6pNYFDgE9M67av2qcxK/tdNL9JbGhAF71pBJc4bU3ijgYkwgYYwHQYDVR0O
+BBYEFKMpgeeQb7lg+K/MFXqu16H0tIa6MB8GA1UdIwQYMBaAFHTVOBleg7kD+AGK
+NTW7iUxJtCPpMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAFBgMrZXADQQDzwu+LVWVP
+vOPf/NihrY5DB3PIWMNGCsHxTT/7PXjmdlgmztdZVezFtbQF7fnUl2lm1iwbQ1pR
+XL4QKJXElq8A
 -----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: ED25519
+        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_Ed25519, OU = Root-Ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Mar 10 06:49:03 2021 GMT
+            Not After : Dec  5 06:49:03 2023 GMT
+        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_ed25519, OU = CA-ed25519, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: ED25519
+                ED25519 Public-Key:
+                pub:
+                    42:3b:7a:f9:82:cf:f9:df:19:dd:f3:f0:32:29:6d:
+                    fa:fd:76:4f:68:c2:c2:e0:6c:47:ae:c2:55:68:ac:
+                    0d:4d
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                74:D5:38:19:5E:83:B9:03:F8:01:8A:35:35:BB:89:4C:49:B4:23:E9
+            X509v3 Authority Key Identifier: 
+                keyid:FA:BA:5B:76:1D:F1:1D:1D:4D:74:48:D8:98:3B:56:EF:B3:14:F3:DE
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ED25519
+         da:fe:58:53:89:43:85:98:35:dc:13:1c:a3:f1:1f:8d:26:be:
+         b6:a2:fc:b7:fe:9c:b9:35:69:31:7e:d4:b9:11:45:16:a2:29:
+         35:a9:74:a7:97:da:7e:71:4f:b1:72:5d:75:17:ac:e3:f6:b8:
+         ce:1e:e4:8a:95:ba:cd:1d:ce:0d
 -----BEGIN CERTIFICATE-----
-MIICVDCCAgagAwIBAgIQQAiKTYWESER1OSfza785ITAFBgMrZXAwgZkxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQ0wCwYD
-VQQEDARSb290MRAwDgYDVQQKDAd3b2xmU1NMMRAwDgYDVQQLDAdFRDI1NTE5MRgw
-FgYDVQQDDA93d3cud29sZnNzbC5jb20xGTAXBgNVBAUAEGluZm9Ad29sZnNzbC5j
-b20wIhgPMjAyMTAyMDkxOTUwMDRaGA8yMDIzMDIxMDE5NTAwNFowgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMQswCQYD
-VQQEDAJDQTEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHRUQyNTUxOTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMRkwFwYDVQQFABBpbmZvQHdvbGZzc2wuY29t
-MCowBQYDK2VwAyEAqpZ9Z3HX/q2oXxQYvgLQFX6AZLkhe7I/fHRu//WE4oGjYDBe
-MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFG6LDcksWUNgr6UyhWz1dPO6VJvMMB8G
-A1UdIwQYMBaAFBl6CabmJl9fBlLOYyRaj1xxPbt3MA4GA1UdDwEB/wQEAwIBxjAF
-BgMrZXADQQC7w3pxbsKWWTZl1BQDkNAauSRVUoKYgLK67OcsHMYTpbjNLan5jeT+
-3z62i4fbzNBLDJD89XUSjtqQt1LRoE0F
+MIICTDCCAf6gAwIBAgIBATAFBgMrZXAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX0Vk
+MjU1MTkxFTATBgNVBAsMDFJvb3QtRWQyNTUxOTEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDMx
+MDA2NDkwM1oXDTIzMTIwNTA2NDkwM1owgZsxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
+DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX2Vk
+MjU1MTkxEzARBgNVBAsMCkNBLWVkMjU1MTkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAqMAUGAytlcAMh
+AEI7evmCz/nfGd3z8DIpbfr9dk9owsLgbEeuwlVorA1No2MwYTAdBgNVHQ4EFgQU
+dNU4GV6DuQP4AYo1NbuJTEm0I+kwHwYDVR0jBBgwFoAU+rpbdh3xHR1NdEjYmDtW
+77MU894wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwBQYDK2VwA0EA
+2v5YU4lDhZg13BMco/EfjSa+tqL8t/6cuTVpMX7UuRFFFqIpNal0p5fafnFPsXJd
+dRes4/a4zh7kipW6zR3ODQ==
 -----END CERTIFICATE-----

certs/external/ca-google-root.pem

@@ -1,22 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
-MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
-v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
-eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
-tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
-C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
-zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
-mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
-V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
-bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
-3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
-291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
-ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
-AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
-TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
 -----END CERTIFICATE-----

certs/include.am

@@ -68,11 +68,13 @@ EXTRA_DIST += \
 	     certs/dh2048.der \
 	     certs/dh3072.der \
 	     certs/dh4096.der \
+	     certs/dh-pubkey-2048.der \
 	     certs/rsa2048.der \
 	     certs/rsa-pub-2048.pem \
 	     certs/rsa3072.der \
 	     certs/dsa2048.der \
 	     certs/dsa3072.der \
+	     certs/dsa-pubkey-2048.der \
 	     certs/ecc-client-key.der \
 	     certs/ecc-client-keyPub.der \
 	     certs/ecc-key.der \

certs/renewcerts.sh

@@ -66,6 +66,7 @@ check_result(){
 run_renewcerts(){
     cd certs/ || { echo "Couldn't cd to certs directory"; exit 1; }
     echo ""
+
     #move the custom cnf into our working directory
     cp renewcerts/wolfssl.cnf wolfssl.cnf || exit 1
 
@@ -587,6 +588,28 @@ run_renewcerts(){
     echo "End of section"
     echo "---------------------------------------------------------------------"
     ############################################################
+    ###### calling gen-testcerts.sh           ##################
+    ############################################################
+    echo "Calling gen-testcerts.sh"
+    echo ""
+    cd ./test || { echo "Failed to switch to dir ./test"; exit 1; }
+    ./gen-testcerts.sh
+    check_result $? "gen-testcerts.sh"
+    cd ../ || exit 1
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
+    ############################################################
+    ###### generate cms bundles in test directory ##############
+    ############################################################
+    echo "Generating CMS bundle"
+    echo ""
+    cd ./test || { echo "Failed to switch to dir ./test"; exit 1; }
+    echo "test" | openssl cms -encrypt -binary -keyid -out ktri-keyid-cms.msg -outform der -recip ../client-cert.pem -nocerts
+    check_result $? "generate ktri-keyid-cms.msg"
+    cd ../ || exit 1
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
+    ############################################################
     ########## generate ocsp certs        ######################
     ############################################################
     echo "Changing directory to ocsp..."

certs/renewcerts/wolfssl.cnf

@@ -271,6 +271,14 @@ keyUsage=critical, digitalSignature, keyEncipherment, keyAgreement
 extendedKeyUsage=serverAuth
 nsCertType=server
 
+# server-ecc extensions
+[ client_ecc ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always
+basicConstraints=critical, CA:FALSE
+keyUsage=critical, digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage=clientAuth
+
 # test parsing URI
 [ uri ]
 subjectKeyIdentifier=hash

certs/statickeys/dh-ffdhe2048-pub.pem

@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICJDCCARcGCSqGSIb3DQEDATCCAQgCggEBAP//////////rfhUWKK7Spqv3FYg
+Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V
+1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih
+Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n
+Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb
+TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQID
+ggEFAAKCAQBNP0zkbEZx/2ECcwtlT0bnLg+eQQRVQVGJqV6EvHoKNTQVvrHDHs3H
+WheYX/+WPRub+swfHqcii5XuK9R04mPi/ZyqT75kaYMxXpBchV2ymeAFtfK2Gc0G
+zaizWY2HhH+PCe69YW/FzbicpxWX0EQuLS4yIMU731BvjRe4hKNnJH6j7IwIeGwl
+iALToGjOGiVGLptMgvTrs8kdFwySlFQPtd8/cUUzl02HGktACnG0Gb4zvc/zFWMG
+N1yhncDnp4vToms/8ULINmsKQ4vp0IzNDzHNIuc5yI3rXZGLBm4fB9urK0+F+LtV
+471wUVxzZl3RtvhEEODyCRxtAl38egiC
+-----END PUBLIC KEY-----

certs/statickeys/gen-static.sh

@@ -10,3 +10,6 @@ openssl ec -inform pem -in certs/statickeys/ecc-secp256r1.pem -outform der -out
 # Using one generated and capture with wolfSSL using wc_DhGenerateKeyPair (openssl generates DH keys with 2048-bits... based on the DH "p" prime size)
 #openssl genpkey -paramfile certs/statickeys/dh-ffdhe2048-params.pem -out certs/statickeys/dh-ffdhe2048.der
 openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform pem -out certs/statickeys/dh-ffdhe2048.pem
+# Export DH public key as DER and convert to PEM
+openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform der -out certs/statickeys/dh-ffdhe2048-pub.der -pubout
+openssl pkey -inform der -in certs/statickeys/dh-ffdhe2048.der -outform pem -out certs/statickeys/dh-ffdhe2048-pub.pem -pubout

certs/statickeys/include.am

@@ -14,4 +14,6 @@ EXTRA_DIST += \
 EXTRA_DIST += \
 		certs/statickeys/dh-ffdhe2048-params.pem \
 		certs/statickeys/dh-ffdhe2048.der \
-		certs/statickeys/dh-ffdhe2048.pem
+		certs/statickeys/dh-ffdhe2048.pem \
+		certs/statickeys/dh-ffdhe2048-pub.der \
+		certs/statickeys/dh-ffdhe2048-pub.pem

certs/test/cert-ext-joi.cfg

@@ -0,0 +1,21 @@
+[ req ]
+distinguished_name = req_distinguished_name
+prompt             = no
+x509_extensions    = constraints
+
+[ req_distinguished_name ]
+C             = US
+ST            = Montana
+L             = Bozeman
+O             = Sawtooth
+OU            = Consulting
+CN            = www.wolfssl.com
+emailAddress  = info@wolfsssl.com
+jurisdictionC = US
+jurisdictionST = California
+
+[constraints]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:TRUE
+

certs/test/cert-ext-joi.pem

@@ -1,76 +0,0 @@
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 13085343280838917500 (0xb5987a628272bd7c)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: O=Example Ltd/businessCategory=Private/serialNumber=5157550/jurisdictionC=US/jurisdictionST=California, C=US/street=123 My Street, ST=California, CN=example.com/subjectAltName=DNS.1=example.com, DNS.2=www.example.com, DNS.3=billing.example.com
-        Validity
-            Not Before: Aug 10 15:20:25 2018 GMT
-            Not After : May  6 15:20:25 2021 GMT
-        Subject: O=Example Ltd/businessCategory=Private/serialNumber=5157550/jurisdictionC=US/jurisdictionST=California, C=US/street=123 My Street, ST=California, CN=example.com/subjectAltName=DNS.1=example.com, DNS.2=www.example.com, DNS.3=billing.example.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
-                Modulus:
-                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
-                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
-                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
-                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
-                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
-                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
-                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
-                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
-                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
-                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
-                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
-                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
-                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
-                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
-                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
-                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
-                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
-                    ad:d7
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha256WithRSAEncryption
-         ac:5a:d1:a9:e8:ed:75:8e:87:13:38:39:c5:d7:43:fd:72:31:
-         34:4d:c3:41:f4:6a:d8:64:a2:ce:cf:d8:ab:81:9f:2c:26:4d:
-         69:35:42:63:f8:53:c4:c5:f6:00:15:29:4d:3b:5e:bf:2c:8b:
-         a8:ad:54:22:c0:93:78:34:9c:e7:79:c1:d0:fe:7c:bf:87:b9:
-         21:dd:d6:f9:35:ae:17:94:90:55:99:48:c8:d3:47:b1:be:1b:
-         1f:62:31:0c:3a:e5:8e:b3:93:e6:93:02:36:e9:97:1e:7f:6c:
-         55:6a:b8:9a:d1:d1:36:52:cb:3f:9f:5e:95:c4:0f:03:d5:a1:
-         4c:d1:7e:8a:dd:58:ec:a1:17:c7:68:fe:91:b6:e7:66:8b:f7:
-         b3:a8:25:ad:2d:e9:c9:55:02:a2:39:16:cc:b0:aa:65:bf:21:
-         b5:dc:0a:d3:92:36:ae:84:d8:a3:d3:35:ba:b9:bc:b8:7d:2e:
-         64:58:db:d7:ec:86:51:a2:44:7d:ba:98:30:c2:c5:4f:3c:ea:
-         9f:1d:b0:1e:87:dc:49:4f:bf:42:70:c8:a3:3e:ad:6c:47:e3:
-         d3:ff:17:1c:37:c1:fa:34:b5:7b:e7:07:b6:c2:66:3a:89:57:
-         44:1a:f5:6e:e0:cd:93:c0:c2:13:2e:e2:67:e7:8b:27:57:c1:
-         16:f3:ad:eb
------BEGIN CERTIFICATE-----
-MIIElDCCA3wCCQC1mHpignK9fDANBgkqhkiG9w0BAQsFADCCAQoxFDASBgNVBAoM
-C0V4YW1wbGUgTHRkMRAwDgYDVQQPDAdQcml2YXRlMRAwDgYDVQQFEwc1MTU3NTUw
-MRMwEQYLKwYBBAGCNzwCAQMMAlVTMRswGQYLKwYBBAGCNzwCAQIMCkNhbGlmb3Ju
-aWExCzAJBgNVBAYTAlVTMRYwFAYDVQQJDA0xMjMgTXkgU3RyZWV0MRMwEQYDVQQI
-DApDYWxpZm9ybmlhMRQwEgYDVQQDDAtleGFtcGxlLmNvbTFMMEoGA1UdEQxDRE5T
-LjE9ZXhhbXBsZS5jb20sIEROUy4yPXd3dy5leGFtcGxlLmNvbSwgRE5TLjM9Ymls
-bGluZy5leGFtcGxlLmNvbTAeFw0xODA4MTAxNTIwMjVaFw0yMTA1MDYxNTIwMjVa
-MIIBCjEUMBIGA1UECgwLRXhhbXBsZSBMdGQxEDAOBgNVBA8MB1ByaXZhdGUxEDAO
-BgNVBAUTBzUxNTc1NTAxEzARBgsrBgEEAYI3PAIBAwwCVVMxGzAZBgsrBgEEAYI3
-PAIBAgwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFjAUBgNVBAkMDTEyMyBNeSBT
-dHJlZXQxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAMMC2V4YW1wbGUuY29t
-MUwwSgYDVR0RDENETlMuMT1leGFtcGxlLmNvbSwgRE5TLjI9d3d3LmV4YW1wbGUu
-Y29tLCBETlMuMz1iaWxsaW5nLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8
-fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwb
-U7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEu
-uBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTS
-ELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0
-sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABMA0GCSqGSIb3DQEB
-CwUAA4IBAQCsWtGp6O11jocTODnF10P9cjE0TcNB9GrYZKLOz9irgZ8sJk1pNUJj
-+FPExfYAFSlNO16/LIuorVQiwJN4NJznecHQ/ny/h7kh3db5Na4XlJBVmUjI00ex
-vhsfYjEMOuWOs5PmkwI26Zcef2xVaria0dE2Uss/n16VxA8D1aFM0X6K3VjsoRfH
-aP6Rtudmi/ezqCWtLenJVQKiORbMsKplvyG13ArTkjauhNij0zW6uby4fS5kWNvX
-7IZRokR9upgwwsVPPOqfHbAeh9xJT79CcMijPq1sR+PT/xccN8H6NLV75we2wmY6
-iVdEGvVu4M2TwMITLuJn54snV8EW863r
------END CERTIFICATE-----

certs/test/expired/expired-ca.pem

@@ -2,7 +2,7 @@ Certificate:
     Data:
         Version: 1 (0x0)
         Serial Number: 4096 (0x1000)
-    Signature Algorithm: sha256WithRSAEncryption
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer: CN = www.wolfssl.com, ST = Montana, C = US, emailAddress = info@wolfssl.com, OU = Engineering
         Validity
             Not Before: Jul 31 00:00:00 2018 GMT
@@ -10,7 +10,7 @@ Certificate:
         Subject: CN = www.wolfssl.com, ST = Montana, C = US, emailAddress = info@wolfssl.com, OU = Engineering
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -32,26 +32,26 @@ Certificate:
                     36:79
                 Exponent: 65537 (0x10001)
     Signature Algorithm: sha256WithRSAEncryption
-         52:af:84:10:08:83:9a:39:c2:05:5c:33:fc:a6:a0:7c:ce:68:
-         34:fa:cc:05:9f:8a:33:79:64:07:da:6c:17:85:91:ab:1d:be:
-         32:45:c6:7f:54:b6:10:cf:ea:17:74:d4:d9:06:6e:71:5d:0d:
-         40:72:21:07:79:20:63:b3:15:d5:b7:e6:1a:d6:d0:11:1a:60:
-         7f:81:e9:9b:69:b4:67:4e:e2:22:1a:2f:9d:6a:3c:da:95:34:
-         a9:bf:2b:14:fa:fe:21:73:e7:c9:19:7d:2c:14:9f:9f:33:c1:
-         83:35:9c:94:95:0e:e4:3e:29:17:95:a2:85:e3:ad:70:5f:6a:
-         ff:2d:8a:92:fb:58:f6:fe:46:2b:d0:e4:9d:9b:0d:d9:e4:39:
-         0a:c5:e2:3d:17:de:95:cc:a4:1c:33:a1:75:02:ec:98:66:47:
-         b9:ce:e4:8f:7e:32:cd:38:ff:6f:3d:be:7a:44:bf:47:61:7a:
-         b7:5a:09:fa:1e:bf:3d:63:68:b3:15:00:87:fd:8d:b8:f6:b8:
-         83:13:ff:f8:56:ed:14:05:4f:49:07:f9:33:6b:3f:fd:c6:7d:
-         ff:6b:04:d5:46:80:c1:6b:74:fd:e6:18:14:1d:3b:c6:12:67:
-         0e:1e:8d:81:c4:a9:9c:59:ee:29:cd:cf:55:a6:bc:53:13:f4:
-         51:bc:b7:b3
+         ab:8a:ab:ae:77:a2:61:62:01:54:51:95:7c:d5:6c:76:cb:fe:
+         ac:b8:cd:bc:ec:c4:75:71:16:62:59:67:02:ab:e2:fb:9c:74:
+         46:be:d9:08:8c:30:d1:0d:5c:c8:48:ff:6d:77:29:6d:c1:4c:
+         bc:90:44:e6:d9:aa:e8:c1:ae:b1:81:b2:58:50:b3:23:59:35:
+         c0:c3:e1:34:98:ef:68:86:fb:e9:9a:a1:63:41:54:cb:ab:73:
+         03:c3:1a:e9:5f:50:81:b8:a8:b8:05:14:7d:1e:fa:a2:2b:b8:
+         68:eb:c8:b0:b6:50:df:2b:96:c7:26:b9:ca:c9:41:e1:83:c5:
+         3e:06:11:56:a3:54:f5:e2:26:65:b9:7f:e4:5f:fb:49:ef:82:
+         7d:15:24:72:02:5b:2b:d7:c9:d4:dc:26:08:78:f2:c3:73:c6:
+         25:56:d1:30:99:39:09:43:5d:e6:e3:ca:f2:3f:68:13:13:d6:
+         d2:df:5f:05:5b:09:48:27:87:5a:60:eb:c2:ff:93:7d:5c:e0:
+         45:c4:85:21:d3:43:1d:c2:78:0d:e5:ff:2b:27:f0:e9:d4:a4:
+         40:02:5f:27:19:94:4b:ea:64:cc:e2:d6:04:e5:70:7a:01:a5:
+         6f:3f:3c:ce:3d:84:cf:fb:d9:80:c3:df:fb:44:2f:1e:2f:32:
+         e9:56:6b:5b
 -----BEGIN CERTIFICATE-----
 MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
 c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
-9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFDASBgNVBAsMC0VuZ2luZWVyaW5nMB4Y
-DTIwMTgwNzMxMDAwMFoYDTIwMTgwODMwMDAwMFowcDEYMBYGA1UEAwwPd3d3Lndv
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFDASBgNVBAsMC0VuZ2luZWVyaW5nMB4X
+DTE4MDczMTAwMDAwMFoXDTE4MDgzMDAwMDAwMFowcDEYMBYGA1UEAwwPd3d3Lndv
 bGZzc2wuY29tMRAwDgYDVQQIDAdNb250YW5hMQswCQYDVQQGEwJVUzEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEUMBIGA1UECwwLRW5naW5lZXJpbmcw
 ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJN
@@ -60,10 +60,10 @@ aVIQAy+o85XF8YtiVhvvZ2+kEEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRys
 x+3yfJWwlYJ9SVw4zXcl772AdVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pA
 b9gh3HMbQi1TnP4a/H2rejY/mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm
 0rdvsVoX1ziZCP6TWG/+wxNJCBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5
-AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFKvhBAIg5o5wgVcM/ymoHzOaDT6zAWf
-ijN5ZAfabBeFkasdvjJFxn9UthDP6hd01NkGbnFdDUByIQd5IGOzFdW35hrW0BEa
-YH+B6ZtptGdO4iIaL51qPNqVNKm/KxT6/iFz58kZfSwUn58zwYM1nJSVDuQ+KReV
-ooXjrXBfav8tipL7WPb+RivQ5J2bDdnkOQrF4j0X3pXMpBwzoXUC7JhmR7nO5I9+
-Ms04/289vnpEv0dherdaCfoevz1jaLMVAIf9jbj2uIMT//hW7RQFT0kH+TNrP/3G
-ff9rBNVGgMFrdP3mGBQdO8YSZw4ejYHEqZxZ7inNz1WmvFMT9FG8t7M=
+AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKuKq653omFiAVRRlXzVbHbL/qy4zbzs
+xHVxFmJZZwKr4vucdEa+2QiMMNENXMhI/213KW3BTLyQRObZqujBrrGBslhQsyNZ
+NcDD4TSY72iG++maoWNBVMurcwPDGulfUIG4qLgFFH0e+qIruGjryLC2UN8rlscm
+ucrJQeGDxT4GEVajVPXiJmW5f+Rf+0nvgn0VJHICWyvXydTcJgh48sNzxiVW0TCZ
+OQlDXebjyvI/aBMT1tLfXwVbCUgnh1pg68L/k31c4EXEhSHTQx3CeA3l/ysn8OnU
+pEACXycZlEvqZMzi1gTlcHoBpW8/PM49hM/72YDD3/tELx4vMulWa1s=
 -----END CERTIFICATE-----