Fix for async wolfCrypt test with AES GCM.

PKCS #11 id RSA - TLS don't convert length a la ecc

ChangeLog.md

@@ -1,3 +1,41 @@
+# wolfSSL Release 3.15.7 (12/26/2018)
+
+Release 3.15.7 of wolfSSL embedded TLS has bug fixes and new features including:
+
+* Support for Espressif ESP-IDF development framework
+* Fix for XCode build with iPhone simulator on i386
+* PKCS7 support for generating and verify bundles using a detached signature
+* Fix for build disabling AES-CBC and enabling opensslextra compatibility layer
+* Updates to sniffer for showing session information and handling split messages across records
+* Port update for Micrium uC/OS-III
+* Feature to adjust max fragment size post handshake when compiled with the macro WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
+* Adding the macro NO_MULTIBYTE_PRINT for compiling out special characters that embedded devices may have problems with
+* Updates for Doxygen documentation, including PKCS #11 API and more
+* Adding Intel QuickAssist v1.7 driver support for asynchronous crypto
+* Adding Intel QuickAssist RSA key generation and SHA-3 support
+* RSA verify only (--enable-rsavfy) and RSA public only (--enable-rsapub) builds added
+* Enhancements to test cases for increased code coverage
+* Updates to VxWorks port for use with Mongoose, including updates to the OpenSSL compatibility layer
+* Yocto Project ease of use improvements along with many updates and build instructions added to the INSTALL file
+* Maximum ticket nonce size was increased to 8
+* Updating --enable-armasm build for ease of use with autotools
+* Updates to internal code checking TLS 1.3 version with a connection
+* Removing unnecessary extended master secret from ServerHello if using TLS 1.3
+* Fix for TLS v1.3 HelloRetryRequest to be sent immediately and not grouped
+
+
+
+This release of wolfSSL includes a fix for 1 security vulnerability.
+
+Medium level fix for potential cache attack with a variant of Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5 padding information during private key decryption that could lead to a potential padding oracle attack. It is recommended that users update to the latest version of wolfSSL if they have RSA cipher suites enabled and have the potential for malicious software to be ran on the same system that is performing RSA operations. Users that have only ECC cipher suites enabled and are not performing RSA PKCS #1 v1.5 Decryption operations are not vulnerable. Also users with TLS 1.3 only connections are not vulnerable to this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for the report.
+
+The paper for further reading on the attack details can be found at http://cat.eyalro.net/cat.pdf.
+
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 # wolfSSL Release 3.15.5 (11/07/2018)
 
 Release 3.15.5 of wolfSSL embedded TLS has bug fixes and new features including:

IDE/ARDUINO/README.md

@@ -16,11 +16,13 @@ wolfssl/IDE/ARDUINO directory:
 Step 2: Edit `<wolfssl-root>/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO`
 If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`.
 
-#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
+##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
 
 1. In the Arduino IDE:
     - In `Sketch -> Include Library -> Add .ZIP Library...` and choose the
         `IDE/ARDUNIO/wolfSSL` folder.
     - In `Sketch -> Include Library` choose wolfSSL.
 
-An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino`
+2. Open an example Arduino sketch for wolfSSL:
+	- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
+	- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`

IDE/ARDUINO/include.am

@@ -4,5 +4,5 @@
 
 EXTRA_DIST+= IDE/ARDUINO/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh
-

IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino

@@ -25,7 +25,7 @@
 #include <Ethernet.h>
 
 const char host[] = "192.168.1.148"; // server to connect to
-int port = 11111; // port on server to connect to
+const int port = 11111; // port on server to connect to
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
@@ -33,11 +33,12 @@ int reconnect = 10;
 
 EthernetClient client;
 
-WOLFSSL_CTX* ctx = 0;
-WOLFSSL* ssl = 0;
-WOLFSSL_METHOD* method = 0;
+WOLFSSL_CTX* ctx = NULL;
+WOLFSSL* ssl = NULL;
 
 void setup() {
+  WOLFSSL_METHOD* method;
+
   Serial.begin(9600);
 
   method = wolfTLSv1_2_client_method();
@@ -79,65 +80,76 @@ int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
 void loop() {
   int err            = 0;
   int input          = 0;
-  int sent           = 0;
   int total_input    = 0;
   char msg[32]       = "hello wolfssl!";
   int msgSz          = (int)strlen(msg);
   char errBuf[80];
   char reply[80];
-  WOLFSSL_CIPHER* cipher;
+  const char* cipherName;
     
   if (reconnect) {
     reconnect--;
+    
     if (client.connect(host, port)) {
 
       Serial.print("Connected to ");
       Serial.println(host);
+
       ssl = wolfSSL_new(ctx);
       if (ssl == NULL) {
+        Serial.println("Unable to allocate SSL object");
+        return;
+      }
+
+      err = wolfSSL_connect(ssl);
+      if (err != WOLFSSL_SUCCESS) {
         err = wolfSSL_get_error(ssl, 0);
         wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("Unable to get SSL object. Error = ");
+        Serial.print("TLS Connect Error: ");
         Serial.println(errBuf);
       }
-      
+
       Serial.print("SSL version is ");
       Serial.println(wolfSSL_get_version(ssl));
       
-
-      
-      if ((wolfSSL_write(ssl, msg, strlen(msg))) == msgSz) {
-      cipher = wolfSSL_get_current_cipher(ssl);
+      cipherName = wolfSSL_get_cipher(ssl);
       Serial.print("SSL cipher suite is ");
-      Serial.println(wolfSSL_CIPHER_get_name(cipher));                
+      Serial.println(cipherName);
+
+      if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
+        
         Serial.print("Server response: ");
         while (client.available() || wolfSSL_pending(ssl)) {
           input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
           total_input += input;
-          if ( input > 0 ) {
-            reply[input] = '\0';
-            Serial.print(reply);
-          } else if (input < 0) {
+          if (input < 0) {
             err = wolfSSL_get_error(ssl, 0);
             wolfSSL_ERR_error_string(err, errBuf);
-            Serial.print("wolfSSL_read failed. Error: ");
+            Serial.print("TLS Read Error: ");
             Serial.println(errBuf);
+            break;
+          } else if (input > 0) {
+            reply[input] = '\0';
+            Serial.print(reply);
           } else {
             Serial.println();
           }
         } 
       } else {
-        Serial.println("SSL_write failed");
+        err = wolfSSL_get_error(ssl, 0);
+        wolfSSL_ERR_error_string(err, errBuf);
+        Serial.print("TLS Write Error: ");
+        Serial.println(errBuf);
       }
       
-      if (ssl != NULL) 
-        wolfSSL_free(ssl);
+      wolfSSL_shutdown(ssl);
+      wolfSSL_free(ssl);
 
       client.stop();
       Serial.println("Connection complete.");
       reconnect = 0;
     } else {
-      Serial.println("Trying to reconnect...");       
+      Serial.println("Trying to reconnect...");
     }
   }
   delay(1000);

IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino

@@ -0,0 +1,176 @@
+/* wolfssl_server.ino
+ *
+ * Copyright (C) 2006-2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl.h>
+#include <wolfssl/ssl.h>
+#include <Ethernet.h>
+
+#define USE_CERT_BUFFERS_256
+#include <wolfssl/certs_test.h>
+
+#ifdef NO_WOLFSSL_SERVER
+  #error Please undefine NO_WOLFSSL_SERVER for this example
+#endif
+
+const int port = 11111; // port to listen on
+
+int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+
+EthernetServer server(port);
+EthernetClient client;
+
+WOLFSSL_CTX* ctx = NULL;
+WOLFSSL* ssl = NULL;
+
+void setup() {
+  int err;
+  WOLFSSL_METHOD* method;
+
+  Serial.begin(9600);
+
+  method = wolfTLSv1_2_server_method();
+  if (method == NULL) {
+    Serial.println("unable to get method");
+    return;
+  }
+  ctx = wolfSSL_CTX_new(method);
+  if (ctx == NULL) {
+    Serial.println("unable to get ctx");
+    return;
+  }
+
+  // initialize wolfSSL using callback functions
+  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+  wolfSSL_SetIOSend(ctx, EthernetSend);
+  wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+  // setup the private key and certificate
+  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, 
+    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+  if (err != WOLFSSL_SUCCESS) {
+    Serial.println("error setting key");
+    return;
+  }
+  err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256, 
+    sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+  if (err != WOLFSSL_SUCCESS) {
+    Serial.println("error setting certificate");
+    return;
+  }
+
+  // Start the server
+  server.begin();
+  
+  return;
+}
+
+int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
+  int sent = 0;
+
+  sent = client.write((byte*)msg, sz);
+
+  return sent;
+}
+
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
+  int ret = 0;
+
+  while (client.available() > 0 && ret < sz) {
+    reply[ret++] = client.read();
+  }
+
+  return ret;
+}
+
+void loop() {
+  int err = 0;
+  int input = 0;
+  char errBuf[80];
+  char reply[80];
+  int replySz = 0;
+  const char* cipherName;
+
+  // Listen for incoming client requests.
+  client = server.available();
+  if (!client) {
+    return;
+  }
+
+  if (client.connected()) {
+
+    Serial.println("Client connected");
+
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+      Serial.println("Unable to allocate SSL object");
+      return;
+    }
+
+    err = wolfSSL_accept(ssl);
+    if (err != WOLFSSL_SUCCESS) {
+      err = wolfSSL_get_error(ssl, 0);
+      wolfSSL_ERR_error_string(err, errBuf);
+      Serial.print("TLS Accept Error: ");
+      Serial.println(errBuf);
+    }
+
+    Serial.print("SSL version is ");
+    Serial.println(wolfSSL_get_version(ssl));
+    
+    cipherName = wolfSSL_get_cipher(ssl);
+    Serial.print("SSL cipher suite is ");
+    Serial.println(cipherName);
+
+    Serial.print("Server Read: ");
+    while (client.available() || wolfSSL_pending(ssl)) {
+      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+      if (input < 0) {
+        err = wolfSSL_get_error(ssl, 0);
+        wolfSSL_ERR_error_string(err, errBuf);
+        Serial.print("TLS Read Error: ");
+        Serial.println(errBuf);
+        break;
+      } else if (input > 0) {
+        replySz = input;
+        reply[input] = '\0';
+        Serial.print(reply);
+      } else {
+        Serial.println();
+      }
+    }
+
+    // echo data
+    if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
+      err = wolfSSL_get_error(ssl, 0);
+      wolfSSL_ERR_error_string(err, errBuf);
+      Serial.print("TLS Write Error: ");
+      Serial.println(errBuf);
+    }
+    
+    wolfSSL_shutdown(ssl);
+    wolfSSL_free(ssl);
+  }
+
+  client.stop();
+  Serial.println("Connection complete");
+}

IDE/ECLIPSE/DEOS/README.md

@@ -0,0 +1,225 @@
+
+
+# Deos Port
+## Overview
+You can enable the wolfSSL support for Deos RTOS available [here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using the `#define WOLFSSL_DEOS`.
+Deos is a time & space partitioned, multi-core enabled, DO-178C DAL A certifiable RTOS.
+## Usage
+
+You can start with your OpenArbor IDE-based example project for Deos with the network stack (lwip) to integrate wolfSSL source code.
+
+wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/DEOS/user_settings.h` file.
+
+The `tls_wolfssl.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. You can undefine any of these macro options to run a test.
+```
+       1. #undef NO_CRYPT_TEST
+       2. #undef NO_CRYPT_BENCHMARK
+       3. #undef NO_WOLFSSL_CLIENT
+       4. #undef NO_WOLFSSL_SERVER
+```
+Do one of the following steps for building and running wolfSSL with the Deos kernel examples, which are included in the DDS release:
+If you want to create a project from scratch, skip the Importing the project section and follow the steps in the other sections.
+
+If you want to use an pre-configured example project, go to the Importing the project section, skip the other sections and follow the Building and Running section.
+
+#### Importing the project
+In this section you will import a pre-configured example project.
+1. Launch the OpenArbor IDE as an administrator
+2. In the Workspace Launcher dialog, in the Workspace field, enter your
+workspace
+3. Right-click in the Project Explorer view and select Import
+4. In the Import dialog, select General > Existing Projects into Workspace, then click Next.
+5. In the Import Projects dialog, select Select archive file, then browse to `IDE/ECLIPSE/DEOS/` and double-click `deosWolfssl.zip` file
+6. In the Import Projects dialog, click Finish
+
+
+#### Setting up a Deos project with wolfSSL
+ 1. Download the wolfSSL source code or a zip file from GitHub. You can remove all of the files except for these folders and its contents. The top folder for this example is wolfsslPort.
+```
+wolfsslPort
+      |-- IDE
+          | -- ECLIPSE
+               | -- DEOS
+      |-- src
+      |-- wolfcrypt
+          | -- benchmark
+          | -- src
+          | -- test
+      |-- wolfssl
+          |-- openssl
+          |-- wolfcrypt
+              |-- port
+```
+ 2. Remove these two platform specific assembly source files:
+    -   wolfsslPort/wolfcrypt/src/aes_asm.asm
+    -   wolfsslPort/wolfcrypt/src/aes_asm.S
+
+ 3. Launch the OpenArbor IDE as an administrator
+ 4. Create a DDC-I Deos example project. In the main menu, go to File >DDC-I Deos example project > socket > udp-vs-tcp
+ 5. Import the `wolfSSLPort` source code into your project.
+    -   Right-click the ` udp-vs-tcp` project and choose File -> Import.
+    -   Expand the General folder and select File System, then click Next. You should now see the Import File system dialog.
+    -   Browse to the location containing the wolfSSL code and choose OK. Select the `wolfsslPort` folder and check the `Create top-level folder` button, then select Finish. You should see the folder hierarchy the same as wolfSSL folder structures.
+6. Review the configuration in $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h
+
+7.  Review the custom malloc/realloc/free configuration $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/deos_malloc.c . Memory allocated with malloc() is never freed.
+
+#### Configuring the Deos Project
+ 1. Customize your config/udp-vs-tcp.pd.xml with the following changes:
+```
+<processTemplate
+     mutexQuota = "5"
+   >
+
+   <logicalMemoryPools>
+           pagesNeeded = "500"
+      ></pool>
+   </logicalMemoryPools>
+
+   <threadTemplate
+      stackSizeInPages = "20"
+    ></threadTemplate>
+
+   <mutexTemplates>
+      <mutexTemplate
+           name = "protectWolfSSLTemp"
+           lockTimeInUsec = "40"
+           priority = "fastest"
+      ></mutexTemplate>
+   </mutexTemplates>
+
+</processTemplate>
+```
+Depending on your configuration, wolfSSL uses upto four mutexes. You also need to configure enough memory for the stack of each threads and the process logical memory pool.
+
+
+ 2. Right click on the `udp-vs-tcp` project, select properties and add the following macros in the DDC-I Options > C Compile > Preprocessor
+      -   DEOS_ALLOW_OBSOLETE_DEFINITIONS
+      -   WOLFSSL_USER_SETTINGS
+ 3.  Add the following directory paths in the DDC-I Options > C Compile > Directories and in the DDC-I Options > C++ Compile > Directories
+      -   $(PROJECT_DIR)/wolfsslPort
+      -   $(PROJECT_DIR)/wolfsslPort/wolfssl
+      -   $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS
+      -   $(PROJECT_DIR.printx)/code
+ 4.  Change the optimization level in the DDC-I Options > C Compile > Code Generation > Optimization level:g
+      -   g
+ 5.  Add the following library dependencies in the DDC-I Options > Deos > Dependencies
+      -   math
+      -   dart
+      -   ansi
+      -   printx
+          - You must add printx into your workspace, File >DDC-I Deos example project > training > printx
+ 6.  Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to customize your configuration. For example, you can undef or define these tests.
+      -   #undef NO_CRYPT_TEST
+      -   #undef NO_CRYPT_BENCHMARK
+      -   #undef NO_WOLFSSL_CLIENT
+      -   #undef NO_WOLFSSL_SERVER
+ 7.  Edit your application source file where main() thread is defined and add the following:
+      -   #include "printx.h"
+      -   #include "tls_wolfssl.h"
+      -   and a call to `wolfsslRunTests()`
+Here's an example:
+```
+#include <deos.h>
+#include <printx.h>
+#include <tls_wolfssl.h>
+#include <user_settings.h>
+
+int main(void)
+{
+  initPrintx("");
+  printf("TLS wolfssl example!\n");
+
+  (void) waitUntilNextPeriod();
+   wolfsslRunTests();
+
+  deleteThread(currentThreadHandle());
+}
+
+```
+ 8.  Review $(PROJECT_DIR)/udp-vs-tcp/mailbox-transport.config configuration.
+```
+transportConfigurationId
+2                              # Client thread quota - for client and server TCP
+2                              # Client connection quota - one for client and one for server
+0                              # Server startup quota
+0                              # Server connection quota
+transportMemoryObject          # Name of memory object used for managing connections
+/
+
+connectionId1                  # TCP client connection
+Network                        # Server process name
+defaultMailbox                 # Server connection request mailbox name
+0                              # Server connection mailbox queue size (unused by Network process)
+userServiceThread              # Server thread template name
+*                              # Error timeout
+1                              # Client connection mailbox queue size
+/
+
+connectionId2                  # TCP connection
+Network                        # Server process name
+defaultMailbox                 # Server connection request mailbox name
+0                              # Server connection mailbox queue size (unused by Network process)
+userServiceThread              # Server thread template name
+*                              # Error timeout
+1                              # Client connection mailbox queue size
+/
+```
+
+   #### Building and Running
+ 1.  Build your project, then load and run your image on a target platform. Review the test results on the console output.
+
+
+### `wolfcrypt_test()`
+wolfcrypt_test() prints a message on the target console similar to the following output:
+```
+error    test passed!
+base64   test passed!
+asn      test passed!
+...
+```
+This example doesn't show the whole output.
+
+### `benchmark_test()`
+benchmark_test() prints a message on the target console similar to the following output.
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 3.15.5
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG               225 KB tooks 1.026 seconds,  219.313 KB/s
+AES-128-CBC-enc    250 KB toks 1.105 seconds  226.210 KB/s
+AES-128-CBC-dec    225 KB tooks 1.005 seconds,  223.922 KB/s
+...
+```
+This example doesn't show the whole output.
+
+### `wolfssl_client_test()`
+
+You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros in the `tls_wolfssl.c` file to configure the host address and port. You will also need to define the server certificate. The example client uses the GET request to get a web resource from the server at https://google.com.
+
+### `wolfssl_server_test()`
+
+You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to configure the port number to listen on a local-host.
+Once you start the TLS server and `Listening for client connection` displays on the serial console, the server is ready to accept client connections.
+
+You can connect to the server using the wolfssl TLS client example from your Linux or Windows host as follows:
+```
+$ ./examples/client/client.exe -h TLS_SERVER_IP_ADDRESS
+
+The client outputs messages similar to the following:
+
+SSL version is TLSv1.2
+SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+SSL curve name is SECP256R1
+I hear ya fa shizzle!
+```
+
+## References
+
+The test results were collected from the qemu-x86 reference platform target with the following software and tool chains:
+- OpenArbor, eclipse based IDE, toolVersion = "3.31.0"
+- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
+
+For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)

IDE/ECLIPSE/DEOS/deos_malloc.c

@@ -0,0 +1,108 @@
+/* deos_malloc.c
+ *
+ * Copyright (C) 2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+#define ROUND_UP(x, align)  (((int) (x) + (align - 1)) & ~(align - 1))
+#define SIZEOF_HEADER sizeof(size_t)  /* tracks size of allocated block */
+
+#define HEAP_SIZE_MAX   (1*1024*1024)
+
+static size_t allocatedMemory = 0;
+
+size_t getMemAllocatedSize_deos(size_t* size){
+
+    if (size)
+        *size = allocatedMemory;
+
+    return allocatedMemory;
+}
+
+/* Simply returns without freeing any memory. */
+
+void free_deos(void *ptr) {
+    //printf("fake free_deos()\n");
+    return;
+}
+
+void *realloc_deos(void *ptr, size_t size) {
+    void *newptr;
+
+    if (size == 0)
+        return ptr;
+    newptr = malloc_deos(size);
+
+    if (ptr != NULL && newptr != NULL) {
+
+        if ( *((char *)ptr - SIZEOF_HEADER) < *((char *)newptr - SIZEOF_HEADER))
+            size = *((char *)ptr - SIZEOF_HEADER);
+
+        XMEMCPY((char *) newptr, (const char *) ptr, size);
+        free_deos(ptr);
+    }
+
+    return newptr;
+}
+
+void *malloc_deos(size_t size) {
+    PDEOS_SYSTEM_INFO systemInfoPtr;
+    static VirtualAddressTYP heapAddr = NULL;
+    static VirtualAddressTYP freeAddr = NULL;
+    VirtualAddressTYP retAddr = NULL;
+    DWORD allocationSize = 0;
+    static int initialized = 0;
+
+    if (size <= 0)
+        return NULL;
+
+    if (!initialized) {
+        systemInfoPtr = (PDEOS_SYSTEM_INFO)getSystemInfoDEOS();
+        freeAddr = (VirtualAddressTYP)getNextLibraryStartAddress();
+        allocationSize = (((HEAP_SIZE_MAX - 1) / systemInfoPtr->dwPageSize) + 1) *
+                         systemInfoPtr->dwPageSize;
+
+        if (virtualAllocDEOS(freeAddr, allocationSize) != allocSuccess){
+            printf("ERROR: virtualAllocDEOS failed\n");
+            return NULL;
+        }
+
+        setNextLibraryStartAddress(freeAddr + allocationSize);
+        heapAddr = freeAddr;
+
+        initialized = 1;
+    }
+
+    size = ROUND_UP(size, sizeof(size_t));
+
+    if ((size + SIZEOF_HEADER) > (HEAP_SIZE_MAX - (freeAddr - heapAddr))){
+        printf("ERROR: malloc_deos cannot allocate from heap memory anymore\n");
+        return NULL;
+    }
+
+    *freeAddr = size;
+    freeAddr += SIZEOF_HEADER;
+    retAddr = freeAddr;
+    XMEMSET(retAddr, 0, size);
+    freeAddr += size;
+    allocatedMemory += size;
+
+    return retAddr;
+}

IDE/ECLIPSE/DEOS/include.am

@@ -0,0 +1,10 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/ECLIPSE/DEOS/README.md \
+    IDE/ECLIPSE/DEOS/user_settings.h \
+    IDE/ECLIPSE/DEOS/tls_wolfssl.h \
+    IDE/ECLIPSE/DEOS/tls_wolfssl.c \
+    IDE/ECLIPSE/DEOS/deos_malloc.c

IDE/ECLIPSE/DEOS/tls_wolfssl.c

@@ -0,0 +1,599 @@
+/* tls_wolfssl.c
+ *
+ * Copyright (C) 2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfcrypt/test/test.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+#include <wolfssl/wolfcrypt/logging.h> /* to use WOLFSSL_MSG */
+#include <tls_wolfssl.h>
+
+
+int setupTransport(clientConnectionHandleType* connectionHandle,
+                   char* connectionId) {
+    int ret, error;
+    void * sendBuffer;
+    DWORD bufferSizeInBytes;
+
+    if ((ret = socketTransportInitialize("mailbox-transport.config",
+                                         "transportConfigurationId",
+                                         (DWORD)waitIndefinitely,&error)) != transportSuccess)
+        printf("Initialize 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportClientInitialize((DWORD)waitIndefinitely,
+                                                    &error)) != transportSuccess)
+        printf("ClientInitialize 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportCreateConnection(connectionId,
+                                                    (DWORD)waitIndefinitely,
+                                                    COMPATIBILITY_ID_2,
+                                                    connectionHandle,
+                                                    &sendBuffer,
+                                                    &bufferSizeInBytes,
+                                                    &error)) != transportSuccess)
+        printf("CreateConnection 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportSetConnectionForThread(currentThreadHandle(),
+                                                          *connectionHandle,
+                                                          (DWORD)waitIndefinitely,
+                                                          &error)) != transportSuccess)
+        printf("SetConnectionForThread 0x%x, error=%d\n", ret, error);
+
+    return ret;
+}
+
+#if !defined(NO_WOLFSSL_CLIENT )
+
+/* 172.217.3.174 is the IP address of https://www.google.com */
+#define TCP_SERVER_IP_ADDR "172.217.3.174"
+#define TCP_SERVER_DOMAIN_NAME "www.google.com"
+#define TCP_SERVER_PORT 443
+
+#define TX_BUF_SIZE 64
+#define RX_BUF_SIZE 1024
+
+#define TX_MSG "GET /index.html HTTP/1.0\n\n"
+#define TX_MSG_SIZE sizeof(TX_MSG)
+
+static const unsigned char google_certs_ca[]="\n\
+## Google Internet Authority G3 \n\
+-----BEGIN CERTIFICATE-----\n\
+MIIEXDCCA0SgAwIBAgINAeOpMBz8cgY4P5pTHTANBgkqhkiG9w0BAQsFADBMMSAw\n\
+HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\n\
+U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\n\
+MTUwMDAwNDJaMFQxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\n\
+U2VydmljZXMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzMw\n\
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUkvqHv/OJGuo2nIYaNVW\n\
+XQ5IWi01CXZaz6TIHLGp/lOJ+600/4hbn7vn6AAB3DVzdQOts7G5pH0rJnnOFUAK\n\
+71G4nzKMfHCGUksW/mona+Y2emJQ2N+aicwJKetPKRSIgAuPOB6Aahh8Hb2XO3h9\n\
+RUk2T0HNouB2VzxoMXlkyW7XUR5mw6JkLHnA52XDVoRTWkNty5oCINLvGmnRsJ1z\n\
+ouAqYGVQMc/7sy+/EYhALrVJEA8KbtyX+r8snwU5C1hUrwaW6MWOARa8qBpNQcWT\n\
+kaIeoYvy/sGIJEmjR0vFEwHdp1cSaWIr6/4g72n7OqXwfinu7ZYW97EfoOSQJeAz\n\
+AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH\n\
+AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHfCuFCa\n\
+Z3Z2sS3ChtCDoH6mfrpLMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYu\n\
+MDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdv\n\
+b2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dz\n\
+cjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYc\n\
+aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA\n\
+HLeJluRT7bvs26gyAZ8so81trUISd7O45skDUmAge1cnxhG1P2cNmSxbWsoiCt2e\n\
+ux9LSD+PAj2LIYRFHW31/6xoic1k4tbWXkDCjir37xTTNqRAMPUyFRWSdvt+nlPq\n\
+wnb8Oa2I/maSJukcxDjNSfpDh/Bd1lZNgdd/8cLdsE3+wypufJ9uXO1iQpnh9zbu\n\
+FIwsIONGl1p3A8CgxkqI/UAih3JaGOqcpcdaCIzkBaR9uYQ1X4k2Vg5APRLouzVy\n\
+7a8IVk6wuy6pm+T7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZV\n\
+c7o835DLAFshEWfC7TIe3g==\n\
+-----END CERTIFICATE-----\n\
+## Google Trust Services- GlobalSign Root CA-R2\n\
+-----BEGIN CERTIFICATE-----\n\
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\n\
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\n\
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\n\
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\n\
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n\
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\n\
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\n\
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\n\
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\n\
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\n\
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\n\
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\n\
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\n\
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n\
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\n\
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n\
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\n\
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\n\
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n\
+-----END CERTIFICATE-----\n\
+";
+
+void wolfssl_client_test(uintData_t statusPtr) {
+    int sock;
+    char rx_buf[RX_BUF_SIZE];
+    char tx_buf[TX_BUF_SIZE];
+    int ret = 0, error = 0;
+
+    sockaddr_in server_addr;
+    clientConnectionHandleType TCPclientHandle;
+
+    WOLFSSL* ssl;
+    WOLFSSL_CTX* ctx;
+
+    /* set up the mailbox transport */
+
+    if (setupTransport(&TCPclientHandle, (char*)"connectionId1") != transportSuccess){
+        printf("TCP transport set up failed \n");
+        return;
+      }
+
+    printf("Creating a network socket...\n");
+
+    sock = socket(AF_INET, SOCK_STREAM, 0);
+
+    if (sock == SOCKET_ERROR) {
+        printf("ERROR: Failed to create socket, err = %d\n", errno);
+        return;
+    }
+
+    printf("Clearing memory for server_addr struct\n");
+
+    XMEMSET((char *) &server_addr, 0u, sizeof(server_addr));
+
+    printf("Connecting to server IP address: %s, port: %d\n",
+                    TCP_SERVER_IP_ADDR, TCP_SERVER_PORT);
+
+    server_addr.sin_family = AF_INET;
+    server_addr.sin_addr = inet_addr(TCP_SERVER_IP_ADDR);
+    server_addr.sin_port = htons(TCP_SERVER_PORT);
+
+    printf("Calling connect on socket\n");
+    if (connect(sock, (sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
+        printf("ERROR: connect, err = %d\n", errno);
+        closesocket(sock);
+        return;
+    }
+
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* wolfSSL INIT and CTX SETUP */
+
+    wolfSSL_Init();
+
+    /* chooses the highest possible TLS version */
+
+    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+
+    /* SET UP NETWORK SOCKET */
+    if (ctx == 0) {
+        printf("ERROR: wolfSSL_CTX_new failed\n");
+        closesocket(sock);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_CTX_new done");
+
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+
+    ret = wolfSSL_CTX_load_verify_buffer(ctx,
+                                         google_certs_ca,
+                                         sizeof(google_certs_ca),
+                                         SSL_FILETYPE_PEM);
+
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_load_verify_buffer() failed\n");
+        closesocket(sock);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+        printf("ERROR: wolfSSL_new() failed\n");
+        closesocket(sock);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_new done");
+    ret = wolfSSL_set_fd(ssl, sock);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_set_fd() failed\n");
+        closesocket(sock);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    WOLFSSL_MSG("wolfSSL_set_fd done");
+    do {
+        error = 0; /* reset error */
+        ret = wolfSSL_connect(ssl);
+        if (ret != SSL_SUCCESS) {
+            error = wolfSSL_get_error(ssl, 0);
+            printf("ERROR: wolfSSL_connect() failed, err = %d\n", error);
+            if (error != SSL_ERROR_WANT_READ) {
+                closesocket(sock);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 1 sec*/
+        }
+    } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ));
+
+    printf("wolfSSL_connect() ok... sending GET\n");
+    XSTRNCPY(tx_buf, TX_MSG, TX_MSG_SIZE);
+    if (wolfSSL_write(ssl, tx_buf, TX_MSG_SIZE) != TX_MSG_SIZE) {
+        error = wolfSSL_get_error(ssl, 0);
+        printf("ERROR: wolfSSL_write() failed, err = %d\n", error);
+        closesocket(sock);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    do {
+        error = 0; /* reset error */
+        ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1);
+        if (ret < 0) {
+            error = wolfSSL_get_error(ssl, 0);
+            if (error != SSL_ERROR_WANT_READ) {
+                printf("wolfSSL_read failed, error = %d\n", error);
+                closesocket(sock);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 1 second*/
+        } else if (ret > 0) {
+            rx_buf[ret] = 0;
+            printf("%s\n", rx_buf);
+        }
+    } while (error == SSL_ERROR_WANT_READ);
+    wolfSSL_shutdown(ssl);
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+    wolfSSL_Cleanup();
+    closesocket(sock);
+    return;
+}
+
+#endif /* NO_WOLFSSL_CLIENT */
+
+#if !defined(NO_WOLFSSL_SERVER)
+
+#define TLS_SERVER_PORT 11111
+#define TX_BUF_SIZE 64
+#define RX_BUF_SIZE 1024
+#define TCP_SERVER_CONN_Q_SIZE 1
+
+/* derived from wolfSSL/certs/server-ecc.der */
+
+static const unsigned char server_ecc_der_256[] = { 0x30, 0x82, 0x03, 0x10,
+        0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
+        0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31,
+        0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
+        0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30,
+        0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74,
+        0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
+        0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30,
+        0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31,
+        0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
+        0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+        0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E,
+        0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, 0x37,
+        0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32,
+        0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30,
+        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
+        0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73,
+        0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06,
+        0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
+        0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07,
+        0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06,
+        0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30,
+        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
+        0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A,
+        0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB,
+        0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
+        0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB,
+        0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3,
+        0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18,
+        0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80,
+        0x34, 0x89, 0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06,
+        0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF,
+        0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
+        0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23,
+        0x04, 0x81, 0xBC, 0x30, 0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF,
+        0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
+        0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4, 0x81, 0x92, 0x30, 0x81,
+        0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+        0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
+        0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65,
+        0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31,
+        0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43,
+        0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
+        0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+        0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+        0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x82, 0x09, 0x00, 0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30,
+        0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+        0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03,
+        0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF1, 0xD0, 0xA6,
+        0x3E, 0x83, 0x33, 0x24, 0xD1, 0x7A, 0x05, 0x5F, 0x1E, 0x0E, 0xBD, 0x7D,
+        0x6B, 0x33, 0xE9, 0xF2, 0x86, 0xF3, 0xF3, 0x3D, 0xA9, 0xEF, 0x6A, 0x87,
+        0x31, 0xB3, 0xB7, 0x7E, 0x50, 0x02, 0x21, 0x00, 0xF0, 0x60, 0xDD, 0xCE,
+        0xA2, 0xDB, 0x56, 0xEC, 0xD9, 0xF4, 0xE4, 0xE3, 0x25, 0xD4, 0xB0, 0xC9,
+        0x25, 0x7D, 0xCA, 0x7A, 0x5D, 0xBA, 0xC4, 0xB2, 0xF6, 0x7D, 0x04, 0xC7,
+        0xBD, 0x62, 0xC9, 0x20 };
+
+/* derived from wolfSSL/certs/ecc-key.der */
+
+static const unsigned char ecc_key_der_256[] = { 0x30, 0x77, 0x02, 0x01, 0x01,
+        0x04, 0x20, 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38,
+        0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04,
+        0xFA, 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, 0x0A,
+        0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0xA1, 0x44,
+        0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6,
+        0x4A, 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE,
+        0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61,
+        0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92,
+        0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8,
+        0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, 0xD8 };
+
+
+void wolfssl_server_test(uintData_t statusPtr)
+{
+    int sock_listen;
+    int bindStatus;
+    int sock_req;
+    sockaddr_in socketAddr;
+    sockaddr_in server_addr;
+    int  socketAddrLen=sizeof(sockaddr);
+    char rx_buf[RX_BUF_SIZE];
+    char tx_buf[TX_BUF_SIZE];
+    unsigned  char attempt_conn;
+    clientConnectionHandleType TCPserverHandle;
+    void * sendBuffer;
+    DWORD bufferSizeInBytes;
+
+    WOLFSSL * ssl;
+    WOLFSSL_CTX * ctx;
+    int tx_buf_sz = 0, ret = 0, error = 0;
+
+    /* set up the mailbox transport */
+    /* connectionId2 is defined in the mailbox-transport.config*/
+    if (setupTransport(&TCPserverHandle, (char*)"connectionId2") != transportSuccess){
+        printf("TCP transport set up failed \n");
+        return;
+      }
+
+    /* SET UP NETWORK SOCKET */
+
+    printf("Opening network socket...\n");
+    sock_listen = socket(AF_INET, SOCK_STREAM, 0);
+    if (sock_listen == SOCKET_ERROR) {
+        printf("ERROR: socket, err = %d\n", errno);
+        return;
+    }
+
+    printf("Clearing memory for server_addr struct\n");
+    XMEMSET((char *) &server_addr, 0u, sizeof(server_addr));
+
+    printf("Setting up server_addr struct\n");
+    server_addr.sin_family = AF_INET;
+    server_addr.sin_addr = INADDR_ANY;
+    server_addr.sin_port = htons(TLS_SERVER_PORT);
+
+    bindStatus = bind(sock_listen, (sockaddr *) &server_addr, sizeof(server_addr));
+    if (bindStatus == SOCKET_ERROR) {
+       printf("ERROR: bind, err = %d\n", errno);
+       closesocket(sock_listen);
+       return;
+    }
+
+    /* wolfSSL INIT and CTX SETUP */
+
+    wolfSSL_Init();
+
+    /* chooses the highest possible TLS version */
+
+    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
+
+    if (ctx == 0) {
+        printf("ERROR: wolfSSL_CTX_new failed\n");
+        closesocket(sock_listen);
+        return;
+    }
+    WOLFSSL_MSG("wolfSSL_CTX_new done");
+
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             server_ecc_der_256,
+                                             sizeof(server_ecc_der_256),
+                                             SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_use_certificate_buffer() failed, \
+                err = %d\n", ret);
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            ecc_key_der_256,
+                                            sizeof(ecc_key_der_256),
+                                            SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_use_PrivateKey_buffer() failed\n");
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    /* accept client socket connections */
+    printf("Listening for client connection\n");
+    printf("E.g, you can use ./examples/client/client.exe -h 192.168.219.100\n");
+    printf("    \n");
+
+    listen(sock_listen, TCP_SERVER_CONN_Q_SIZE);
+
+    sock_req = accept(sock_listen,
+                     (sockaddr *) &socketAddr,
+                     &socketAddrLen);
+
+    if (sock_req == -1) {
+        printf("ERROR: accept, err = %d\n", errno);
+        closesocket(sock_listen);
+        return;
+    }
+
+    printf("Got client connection! Starting TLS negotiation\n");
+
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* set up wolfSSL session */
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+        printf("ERROR: wolfSSL_new() failed\n");
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_new done");
+    ret = wolfSSL_set_fd(ssl, sock_req);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_set_fd() failed\n");
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_set_fd done");
+    do {
+        error = 0; /* reset error */
+        if (ret != SSL_SUCCESS) {
+            error = wolfSSL_get_error(ssl, 0);
+            printf("ERROR: wolfSSL_accept() failed, err = %d\n", error);
+            if (error != SSL_ERROR_WANT_READ) {
+                closesocket(sock_req);
+                closesocket(sock_listen);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 500 milli sec*/
+        }
+    } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ));
+
+    printf("wolfSSL_accept() ok...\n");
+
+    /* read client data */
+
+    error = 0;
+    XMEMSET(rx_buf, 0u, RX_BUF_SIZE);
+    ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1);
+    if (ret < 0) {
+        error = wolfSSL_get_error(ssl, 0);
+        if (error != SSL_ERROR_WANT_READ) {
+            printf("wolfSSL_read failed, error = %d\n", error);
+            closesocket(sock_req);
+            closesocket(sock_listen);
+            wolfSSL_free(ssl);
+            wolfSSL_CTX_free(ctx);
+            return;
+        }
+    }
+
+    printf("AFTER wolfSSL_read() call, ret = %d\n", ret);
+    if (ret > 0) {
+        rx_buf[ret] = 0;
+        printf("Client sent: %s\n", rx_buf);
+    }
+    /* write response to client */
+    XMEMSET(tx_buf, 0u, TX_BUF_SIZE);
+    tx_buf_sz = 22;
+    XSTRNCPY(tx_buf, "I hear ya fa shizzle!\n", tx_buf_sz);
+    if (wolfSSL_write(ssl, tx_buf, tx_buf_sz) != tx_buf_sz) {
+        error = wolfSSL_get_error(ssl, 0);
+        printf("ERROR: wolfSSL_write() failed, err = %d\n", error);
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ret = wolfSSL_shutdown(ssl);
+    if (ret == SSL_SHUTDOWN_NOT_DONE)
+        wolfSSL_shutdown(ssl);
+
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        wolfSSL_Cleanup();
+        closesocket(sock_req);
+        closesocket(sock_listen);
+    return;
+}
+
+#endif /* NO_WOLFSSL_SERVER */
+
+int  wolfsslRunTests (void)
+{
+    thread_handle_t TCPhandle;
+    threadStatus ts;
+    int ret;
+
+    #if !defined(NO_CRYPT_TEST)
+        wolfcrypt_test(NULL);
+    #endif
+    #if !defined(NO_CRYPT_BENCHMARK)
+        benchmark_test(NULL);
+    #endif
+    #if !defined(NO_WOLFSSL_CLIENT)
+        ts = createThread("TCPclient", "TCPThreadTemplate", wolfssl_client_test,
+                          0, &TCPhandle );
+        if (ts != threadSuccess) {
+            printf("Unable to create TCP client thread, %i ", (DWORD)ts);
+        }
+    #endif
+    #if !defined(NO_WOLFSSL_SERVER)
+        ts = createThread("TCPserver", "TCPThreadTemplate", wolfssl_server_test,
+                          0, &TCPhandle );
+        if (ts != threadSuccess) {
+            printf("Unable to create TCP server thread, %i ", (DWORD)ts);
+        }
+    #endif
+
+    return 0;
+}

IDE/ECLIPSE/DEOS/tls_wolfssl.h

@@ -0,0 +1,37 @@
+/* tls_wolfssl.h
+ *
+ * Copyright (C) 2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef  __TLS_WOLFSSL_H__
+#define  __TLS_WOLFSSL_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int wolfsslRunTests(void);
+void wolfssl_client_test(uintData_t);
+void wolfssl_server_test(uintData_t);
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* TLS_WOLFSSL_H */

IDE/ECLIPSE/DEOS/user_settings.h

@@ -0,0 +1,112 @@
+/* user_setting.h
+ *
+ * Copyright (C) 2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef DEOS_USER_SETTINGS_H_
+#define DEOS_USER_SETTINGS_H_
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#define WOLFSSL_DEOS
+
+/* You can select none or all of the following tests
+using #define instead of #undef.
+By default, all four tests run*/
+
+#undef NO_CRYPT_TEST
+#undef NO_CRYPT_BENCHMARK
+#undef NO_WOLFSSL_CLIENT
+#undef NO_WOLFSSL_SERVER
+
+/* adjust CURRENT_UNIX_TIMESTAMP to seconds since Jan 01 1970. (UTC)
+You can get the current time from https://www.unixtimestamp.com/
+*/
+#define CURRENT_UNIX_TIMESTAMP 1545864916
+
+#define NO_FILESYSTEM
+#define SIZEOF_LONG_LONG 8
+
+/* prevents from including multiple definition of main() */
+#define NO_MAIN_DRIVER
+#define NO_TESTSUITE_MAIN_DRIVER
+
+/* includes certificate test buffers via header files */
+#define USE_CERT_BUFFERS_2048
+
+/*use kB instead of mB for embedded benchmarking*/
+#define BENCH_EMBEDDED
+
+#define NO_WRITE_TEMP_FILES
+
+#define HAVE_AESGCM
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519
+#define ED25519_SMALL
+
+/* TLS 1.3 */
+#if 0
+    #define WOLFSSL_TLS13
+    #define WC_RSA_PSS
+    #define HAVE_HKDF
+    #define HAVE_FFDHE_2048
+    #define HAVE_AEAD
+#endif
+
+#if 0
+
+/* You can use your own custom random generator function with
+   no input parameters and a `CUSTOM_RAND_TYPE` return type*/
+
+    #ifndef CUSTOM_RAND_GENERATE
+         #define CUSTOM_RAND_TYPE     int
+         #define CUSTOM_RAND_GENERATE yourRandGenFunc
+    #endif
+
+#endif
+
+#if 1
+    #undef  XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+    /* prototypes for user heap override functions */
+
+    #include <stddef.h>  /* for size_t */
+
+    extern void *malloc_deos(size_t size);
+    extern void  free_deos(void *ptr);
+    extern void *realloc_deos(void *ptr, size_t size);
+
+    #define XMALLOC(n, h, t)     malloc_deos(n)
+    #define XFREE(p, h, t)       free_deos(p)
+    #define XREALLOC(p, n, h, t) realloc_deos(p, n)
+
+#endif
+
+#define printf printx
+
+#ifdef __cplusplus
+    }   /* extern "C" */
+#endif
+
+#endif

IDE/Espressif/ESP-IDF/README.md

@@ -1,28 +1,30 @@
 # ESP-IDF port
 ## Overview
  ESP-IDF development framework with wolfSSL by setting *WOLFSSL_ESPIDF* definition
- 
- Including the following examples:
-  simple tls_client/server
-  crypt test
-  crypt benchmark
+
+Including the following examples:
+
+* simple tls_client/server
+* crypt test
+* crypt benchmark
 
  The *user_settings.h* file enables some of the hardened settings.
 
 ## Requirements
- 1. ESP-IDF development framework
+ 1. ESP-IDF development framework  
     [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/]
+
     Note: This expects to use Linux version.
-     
+
 ## Setup
  1. Run *setup.sh* to deploy files into ESP-IDF tree
  2. Find Wolfssl files at /path/to/esp-idf/components/wolfssl/
  3. Find Example programs under /path/to/esp-idf/examples/protocols/wolfssl_xxx
- 4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
+ 4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h  
     Uncomment out #define WOLFSSL_ESPWROOM32 in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
 
 ## Configuration
- 1. The *user_settings.h* for each example can be found in /path/to/examples/protocols/wolfssl_xxx/main/include/user_settings.h
+ 1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h
 
 ## Build examples
  1. See README in each example folder

IDE/Espressif/ESP-IDF/README_esp32.md

@@ -0,0 +1,42 @@
+# DEMO program with ATECC608A on ESP-WROOM-32SE
+## Overview
+ Running demo programs with ATECC608A on 32SE by setting *WOLFSSL_ESPWROOM32SE* definition
+
+Including the following examples:
+
+* simple tls_client/tls_server
+* crypt benchmark
+
+ The *user_settings.h* file enables some of the hardened settings. 
+ 
+## Requirements
+ 1. ESP-IDF development framework  
+    [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/]
+
+ 2. Microchip CryptoAuthentication Library  
+    [https://github.com/MicrochipTech/cryptoauthlib]
+    
+## Setup
+ 1. wolfSSL under ESP-IDF. Please see [README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md)
+ 2. CryptoAuthentication Library under ESP-IDF. Please see [README.md](https://github.com/miyazakh/cryptoauthlib_esp_idf/blob/master/README.md)
+ 
+ 3. Uncomment out #define WOLFSSL_ESPWROOM32SE in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
+ 
+    Note : Need to enable WOLFSSL_ESPIDF  
+    Note : crypt test will fail if enabled WOLFSSL_ESPWROOM32SE
+ 
+## Configuration
+ 1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h
+
+## Build examples
+ 1. See README in each example folder
+
+## Support
+ For question please email [support@wolfssl.com]
+
+ Note: This is tested with the following condition:
+ 
+- Model    : ESP32-WROOM-32SE  
+- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)  
+- CryptAuthLib: commit hash : c6b176e
+- OS       : Ubuntu 18.04.1 LTS (Bionic Beaver)

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md

@@ -2,12 +2,14 @@
 
 The Example contains of wolfSSL benchmark program.
 
-1. "make menuconfig" to configure the program.
- 1-1. Example Configuration ->
-     BENCH_ARG : argument that you want to use. Default is "-lng 0"
-                 The list of argument can be find in help.
+1. "make menuconfig" to configure the program.  
+    1-1. Example Configuration ->
+
+    BENCH_ARG : argument that you want to use. Default is "-lng 0"  
+    The list of argument can be find in help.
 
 When you want to run the benchmark program
+
 1. "make flash" to compile and load the firmware
 2. "make monitor" to see the message
 

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+#
+# wolfssl benchmark test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "benchmark.c" "helper.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+register_component()

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c

@@ -1,6 +1,6 @@
 /* helper.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,13 +21,98 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/benchmark/benchmark.h>
 
 #include "sdkconfig.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "esp_log.h"
+#include "nvs_flash.h"
 
-#define WOLFSSL_BENCH_ARGV              CONFIG_BENCH_ARGV
+#define WOLFSSL_BENCH_ARGV                 CONFIG_BENCH_ARGV
+#define WOLFSSLBENCHMARK_TASK_NAME         "wolfsslbenchmark_name"
+#define WOLFSSLBENCHMARK_TASK_WORDS        10240
+#define WOLFSSLBENCHMARK_TASK_PRIORITY     8
+
+/* proto-type */
+extern void wolf_benchmark_task();
+
+static const char* const TAG = "wolfbenchmark";
 
 char* __argv[22];
 
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you need to use a custom slot allocation, */
+/* enable the definition CUSTOM_SLOT_ALLOCAION.   */
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+
+    for(i=0;i<ATECC_MAX_SLOT; i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    ESP_LOGI(TAG, "Enter my_atmel_alloc");
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 2;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i=0;i<ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    ESP_LOGI(TAG, "Leave my_atmel_alloc\n");
+
+    return slot;
+}
+
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    ESP_LOGI(TAG, "Enter my_atmel_alloc");
+
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+
+    ESP_LOGI(TAG, "Leave my_atmel_alloc");
+
+}
+
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
+
 int construct_argv()
 {
     int cnt = 0;
@@ -78,3 +163,34 @@ int construct_argv()
 
     return (cnt);
 }
+
+/* entry point */
+void app_main(void)
+{
+    ESP_LOGI(TAG, "Start app_main...");
+    ESP_ERROR_CHECK(nvs_flash_init());
+
+#ifndef NO_CRYPT_BENCHMARK
+
+    /* when using atecc608a on esp32-wroom-32se */
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    ESP_LOGI(TAG, "register callback for slot allocation");
+    my_atmel_slotInit();
+    /* to register the callback, it needs to be initialized. */
+    benchmark_init();
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+
+    ESP_LOGI(TAG, "Start benchmark..");
+    wolf_benchmark_task();
+
+#else
+    ESP_LOGI(TAG, "no crypt benchmark");
+
+#endif /* NO_CRYPT_BENCHMARK */
+
+}
+

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults

@@ -2,3 +2,5 @@ CONFIG_BENCH_ARGV="-lng 0"
 CONFIG_MAIN_TASK_STACK_SIZE=5000
 CONFIG_FREERTOS_HZ=1000
 CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
+170 CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ=240

IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md

@@ -1,19 +1,22 @@
-#wolfssl Example
+#wolfSSL Example
 
 The Example contains of wolfSSL tls client demo.
 
-1. "make menuconfig" to config the project
- 1-1. Example Configuration ->
-      WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
-      WIFI Password: WIFI password, and default is "mypassword"
-      Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
+1. "make menuconfig" to config the project  
+    1-1. Example Configuration ->
+
+          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")  
+          WIFI Password: WIFI password, and default is "mypassword"  
+          Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
     
-    Note: the example program uses 11111 port. If you want to use different port
-         , you need to modifiy DEFAULT_PORT definition in the code.
+    Note: the example program uses 11111 port. If you want to use different port  
+        , you need to modifiy DEFAULT_PORT definition in the code.
 
 When you want to test the wolfSSL client
-1. "make falsh monitor" to load the firmware and see the context
-2. You can use <wolfssl>/examples/server/server program for test.
-   e.g. Launch ./examples/server/server -v 4 -b -i
+
+1. "make falsh monitor" to load the firmware and see the context  
+2. You can use <wolfssl>/examples/server/server program for test.  
+
+         e.g. Launch ./examples/server/server -v 4 -b -i
 
 See the README.md file in the upper level 'examples' directory for more information about examples.

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+#
+# wolfssl client test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "client-tls.c" "wifi_connect.c")
+set(COMPONENT_ADD_INCLUDEDIRS "." "./include")
+
+register_component()

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

@@ -1,6 +1,6 @@
 /* client-tls-callback.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL. (formerly known as CyaSSL)
  *
@@ -28,13 +28,11 @@
 #include "wifi_connect.h"
 
 /* socket includes */
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <unistd.h>
+#include "lwip/netdb.h"
+#include "lwip/sockets.h"
 
 /* wolfSSL */
-#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/certs_test.h>
 
@@ -42,25 +40,111 @@
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-const char *TAG = "tls_client";
+static const char* const TAG = "tls_client";
 
+#if defined(DEBUG_WOLFSSL)
+
+static void ShowCiphers(void)
+{
+    char ciphers[4096];
+
+    int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+
+    if (ret == WOLFSSL_SUCCESS)
+        printf("%s\n", ciphers);
+}
+
+#endif
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you want to use custome slot allocation */
+/* enable the definition CUSTOM_SLOT_ALLOCATION.*/
+
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
+                                                atmel_slot_dealloc_cb dealloc);
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+
+    for(i=0;i<ATECC_MAX_SLOT; i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 2;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i=0;i<ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    return slot;
+}
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+}
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
+
+/* client task */
 void tls_smp_client_task()
 {
     int ret;
     int sockfd;
+    int doPeerCheck;
+    int sendGet;
     struct sockaddr_in servAddr;
     char buff[256];
+    const char* ch = TLS_SMP_TARGET_HOST;
     size_t len;
+    struct hostent *hp;
+    struct ip4_addr *ip4_addr;
 
     /* declare wolfSSL objects */
     WOLFSSL_CTX *ctx;
     WOLFSSL *ssl;
 
-   WOLFSSL_ENTER("tls_smp_client_task");
+    WOLFSSL_ENTER("tls_smp_client_task");
+
+    doPeerCheck = 0;
+    sendGet = 0;
 
 #ifdef DEBUG_WOLFSSL
-   WOLFSSL_MSG("Debug ON");
-   wolfSSL_Debugging_ON();
+    WOLFSSL_MSG("Debug ON");
+    wolfSSL_Debugging_ON();
+    ShowCiphers();
 #endif
     /* Initialize wolfSSL */
     wolfSSL_Init();
@@ -69,17 +153,48 @@ void tls_smp_client_task()
      * Sets the socket to be stream based (TCP),
      * 0 means choose the default protocol. */
     if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
-        printf("ERROR: failed to create the socket\n");
+        ESP_LOGE(TAG,"ERROR: failed to create the socket\n");
+    }
+
+    ESP_LOGI(TAG, "get target IP address");
+
+    hp = gethostbyname(TLS_SMP_TARGET_HOST);
+    if (!hp) {
+         ESP_LOGE(TAG, "Failed to get host name.");
+         ip4_addr = NULL;
+    } else {
+
+         ip4_addr = (struct ip4_addr *)hp->h_addr;
+         ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
     }
     /* Create and initialize WOLFSSL_CTX */
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) {
-        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL_CTX\n");
     }
     WOLFSSL_MSG("Loading...cert");
     /* Load client certificates into WOLFSSL_CTX */
     if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
         sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load %d, please check the file.\n",ret);
+        ESP_LOGE(TAG,"ERROR: failed to load %d, please check the file.\n",ret);
+    }
+    /* not peer check */
+    if( doPeerCheck == 0 ){
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
+    } else {
+        WOLFSSL_MSG("Loading... our cert");
+        /* load our certificate */
+   	    if ((ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, client_cert_der_2048,
+            sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
+            ESP_LOGE(TAG,"ERROR: failed to load chain %d, please check the file.\n",ret);
+        }
+
+        if ((ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
+            sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1))  != SSL_SUCCESS) {
+            wolfSSL_CTX_free(ctx); ctx = NULL;
+            ESP_LOGE(TAG,"ERROR: failed to load key %d, please check the file.\n", ret);
+        }
+
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, 0);
     }
 
     /* Initialize the server address struct with zeros */
@@ -89,62 +204,86 @@ void tls_smp_client_task()
     servAddr.sin_family = AF_INET;           /* using IPv4      */
     servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
 
-    /* Get the server IPv4 address from the command line call */
-    WOLFSSL_MSG("inet_pton");
-    if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST,
-             &servAddr.sin_addr)) != 1) {
-        printf("ERROR: invalid address ret=%d\n", ret);
+    if(*ch >= '1' && *ch <= '9') {
+        /* Get the server IPv4 address from the command line call */
+        WOLFSSL_MSG("inet_pton");
+        if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST,
+                 &servAddr.sin_addr)) != 1) {
+            ESP_LOGE(TAG,"ERROR: invalid address ret=%d\n", ret);
+        }
+    } else {
+        servAddr.sin_addr.s_addr = ip4_addr->addr;
     }
 
     /* Connect to the server */
     sprintf(buff, "Connecting to server....%s(port:%d)", TLS_SMP_TARGET_HOST
                                                       , DEFAULT_PORT);
     WOLFSSL_MSG(buff);
+    printf("%s\n",buff);
     if ((ret = connect(sockfd, (struct sockaddr *)&servAddr,
                                     sizeof(servAddr))) == -1){
-        printf("ERROR: failed to connect ret=%d\n", ret);
+        ESP_LOGE(TAG,"ERROR: failed to connect ret=%d\n", ret);
     }
 
     WOLFSSL_MSG("Create a WOLFSSL object");
     /* Create a WOLFSSL object */
     if ((ssl = wolfSSL_new(ctx)) == NULL) {
-        printf("ERROR: failed to create WOLFSSL object\n");
+        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL object\n");
     }
 
+    /* when using atecc608a on esp32-wroom-32se */
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    atcatls_set_callbacks(ctx);
+    /* when using custome slot-allocation */
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    my_atmel_slotInit();
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+
     /* Attach wolfSSL to the socket */
     wolfSSL_set_fd(ssl, sockfd);
 
     WOLFSSL_MSG("Connect to wolfSSL on the server side");
     /* Connect to wolfSSL on the server side */
     if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
-        printf("ERROR: failed to connect to wolfSSL\n");
+        ESP_LOGE(TAG,"ERROR: failed to connect to wolfSSL\n");
     }
 
     /* Get a message for the server from stdin */
     WOLFSSL_MSG("Message for server: ");
     memset(buff, 0, sizeof(buff));
-    sprintf(buff, "message from client\n");
-    len = strnlen(buff, sizeof(buff));
+
+    if(sendGet){
+        printf("SSL connect ok, sending GET...\n");
+        len = 28;
+        strncpy(buff, "GET /index.html HTTP/1.0\r\n\r\n", 28);
+        buff[len] = '\0';
+    } else {
+        sprintf(buff, "message from esp32 tls client\n");
+        len = strnlen(buff, sizeof(buff));
+    }
     /* Send the message to the server */
     if (wolfSSL_write(ssl, buff, len) != len) {
-        printf("ERROR: failed to write\n");
+        ESP_LOGE(TAG,"ERROR: failed to write\n");
     }
 
     /* Read the server data into our buff array */
     memset(buff, 0, sizeof(buff));
     if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
-        printf("ERROR: failed to read\n");
+        ESP_LOGE(TAG,"ERROR: failed to read\n");
     }
 
     /* Print to stdout any data the server sends */
-    WOLFSSL_MSG("Server:");
-    WOLFSSL_MSG(buff);
+    printf("Server:");
+    printf("%s", buff);
     /* Cleanup and return */
     wolfSSL_free(ssl);     /* Free the wolfSSL object                  */
     wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
     wolfSSL_Cleanup();     /* Cleanup the wolfSSL environment          */
     close(sockfd);         /* Close the connection to the server       */
-    
+
     vTaskDelete(NULL);
 
     return;                /* Return reporting a success               */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/user_settings.h

@@ -1,51 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
-
-/* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_FFDHE_2048
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
-
-#define SINGLE_THREADED /* or define RTOS  option */
-#define NO_FILESYSTEM
-
-#define HAVE_AESGCM
-#define WOLFSSL_SHA512
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
-/* #define NO_ASN_TIME */
-/* #define XTIME time */

IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt

@@ -4,4 +4,4 @@ cmake_minimum_required(VERSION 3.5)
 
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-project(tls_server)
+project(wolfssl_server)

IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md

@@ -3,17 +3,20 @@
 The Example contains a wolfSSL simple server.
 
 1. "make menuconfigure" to configure the project
-  1-1. Example Configuration ->
-       WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
-       WIFI Password : WIFI password, and default is "mypassword"
+
+    1-1. Example Configuration ->
+           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")  
+           WIFI Password : WIFI password, and default is "mypassword"
 
 When you want to test the wolfSSL simple server demo
+
 1. "make flash" to compile the code and load the firmware
-2. "make monitor" to see the context. The assigned IP address can be found in output message. 
-3. Once the server connects to the wifi, it is waiting for client request.
-   ("Waiting for a connection..." message will be displayed.)
-4. You can use <wolfssl>/examples/client to test the server
-   e.g ./example/client/client -h xx.xx.xx
+2. "make monitor" to see the context. The assigned IP address can be found in output message.
+3. Once the server connects to the wifi, it is waiting for client request.  
+    ("Waiting for a connection..." message will be displayed.)
+   
+4. You can use <wolfssl>/examples/client to test the server  
+    e.g ./example/client/client -h xx.xx.xx
 
 See the README.md file in the upper level 'examples' directory for more information about examples.
 

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+#
+# wolfssl server test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "server-tls.c" "wifi_connect.c")
+set(COMPONENT_ADD_INCLUDEDIRS "." "./include")
+
+register_component()

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/user_settings.h

@@ -1,51 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
-
-/* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_FFDHE_2048
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
-
-#define SINGLE_THREADED /* or define RTOS  option */
-#define NO_FILESYSTEM
-
-#define HAVE_AESGCM
-#define WOLFSSL_SHA512
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
-/* #define NO_ASN_TIME */
-/* #define XTIME time */

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c

@@ -1,6 +1,6 @@
 /* server-tls-callback.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL. (formerly known as CyaSSL)
  *
@@ -31,7 +31,7 @@
 #include <unistd.h>
 
 /* wolfSSL */
-#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/certs_test.h>
 
@@ -42,7 +42,85 @@
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-const char *TAG = "tls_server";
+static const char* const TAG = "tls_server";
+
+#if defined(DEBUG_WOLFSSL)
+
+static void ShowCiphers(void)
+{
+    char ciphers[4096];
+
+    int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+
+    if (ret == WOLFSSL_SUCCESS)
+        printf("%s\n", ciphers);
+}
+
+#endif
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you want to use a custom slot allocation */
+/* enable the difinition CUSTOM_SLOT_ALLOCATION. */
+
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc);
+
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+
+    for(i=0;i<ATECC_MAX_SLOT; i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i=0;i<ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    return slot;
+}
+
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+}
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
 
 void tls_smp_server_task()
 {
@@ -65,7 +143,9 @@ void tls_smp_server_task()
 #ifdef DEBUG_WOLFSSL
     WOLFSSL_MSG("Debug ON");
     wolfSSL_Debugging_ON();
+    ShowCiphers();
 #endif
+
     /* Initialize wolfSSL */
     WOLFSSL_MSG("Start wolfSSL_Init()");
     wolfSSL_Init();
@@ -75,29 +155,34 @@ void tls_smp_server_task()
      * 0 means choose the default protocol. */
     WOLFSSL_MSG( "start socket())");
     if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
-        printf("ERROR: failed to create the socket");
+        ESP_LOGE(TAG, "ERROR: failed to create the socket");
     }
 
     /* Create and initialize WOLFSSL_CTX */
     WOLFSSL_MSG("Create and initialize WOLFSSL_CTX");
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
-        printf("ERROR: failed to create WOLFSSL_CTX");
+        ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
     }
     WOLFSSL_MSG("Loading certificate...");
     /* Load server certificates into WOLFSSL_CTX */
+
     if ((ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
                         sizeof_server_cert_der_2048,
                         WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load cert");
+        ESP_LOGE(TAG, "ERROR: failed to load cert");
     }
     WOLFSSL_MSG("Loading key info...");
     /* Load server key into WOLFSSL_CTX */
+
     if((ret=wolfSSL_CTX_use_PrivateKey_buffer(ctx,
                             server_key_der_2048, sizeof_server_key_der_2048,
                             WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load privatekey");
+        ESP_LOGE(TAG, "ERROR: failed to load privatekey");
     }
 
+    /* TO DO when using ECDSA, it loads the provisioned certificate and present it.*/
+    /* TO DO when using ECDSA, it uses the generated key instead of loading key    */
+
     /* Initialize the server address struct with zeros */
     memset(&servAddr, 0, sizeof(servAddr));
     /* Fill in the server address */
@@ -107,37 +192,48 @@ void tls_smp_server_task()
 
     /* Bind the server socket to our port */
     if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
-         printf("ERROR: failed to bind");
+         ESP_LOGE(TAG, "ERROR: failed to bind");
     }
 
     /* Listen for a new connection, allow 5 pending connections */
     if (listen(sockfd, 5) == -1) {
-         printf("ERROR: failed to listen");
+         ESP_LOGE(TAG, "ERROR: failed to listen");
     }
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    atcatls_set_callbacks(ctx);
+    /* when using a custom slot allocation */
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    my_atmel_slotInit();
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+
     /* Continue to accept clients until shutdown is issued */
     while (!shutdown) {
          WOLFSSL_MSG("Waiting for a connection...");
         /* Accept client connections */
         if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
             == -1) {
-             printf("ERROR: failed to accept the connection");
+             ESP_LOGE(TAG, "ERROR: failed to accept the connection");
         }
         /* Create a WOLFSSL object */
         if ((ssl = wolfSSL_new(ctx)) == NULL) {
-             printf("ERROR: failed to create WOLFSSL object");
+             ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
         }
         /* Attach wolfSSL to the socket */
         wolfSSL_set_fd(ssl, connd);
         /* Establish TLS connection */
         ret = wolfSSL_accept(ssl);
         if (ret != SSL_SUCCESS) {
-            printf("wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret));
+            ESP_LOGE(TAG, "wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret));
         }
         WOLFSSL_MSG("Client connected successfully");
         /* Read the client data into our buff array */
         memset(buff, 0, sizeof(buff));
         if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
-            printf("ERROR: failed to read");
+            ESP_LOGE(TAG, "ERROR: failed to read");
         }
         /* Print to stdout any data the client sends */
         WOLFSSL_MSG("Client sends:");
@@ -153,7 +249,7 @@ void tls_smp_server_task()
         len = strnlen(buff, sizeof(buff));
         /* Reply back to the client */
         if (wolfSSL_write(ssl, buff, len) != len) {
-            printf("ERROR: failed to write");
+            ESP_LOGE(TAG, "ERROR: failed to write");
         }
         /* Cleanup after this connection */
         wolfSSL_free(ssl);      /* Free the wolfSSL object              */

IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+#
+# wolfssl crypt test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "test.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+register_component()

IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/user_settings.h

@@ -1,51 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
-
-/* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_FFDHE_2048
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
-
-#define SINGLE_THREADED /* or define RTOS  option */
-#define NO_FILESYSTEM
-
-#define HAVE_AESGCM
-#define WOLFSSL_SHA512
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
-/* #define NO_ASN_TIME */
-/* #define XTIME time */

IDE/Espressif/ESP-IDF/libs/CMakeLists.txt

@@ -1,79 +1,37 @@
+#
+# cmake for wolfssl
+# 
 cmake_minimum_required(VERSION 3.5)
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 set(WOLFSSL_ROOT ${CMAKE_CURRENT_SOURCE_DIR})
 set(INCLUDE_PATH ${WOLFSSL_ROOT})
-set(COMPONENT_SRCS 
-    "src/keys.c"
-    "src/sniffer.c"
-    "src/tls.c"
-    "src/wolfio.c"
-    "src/crl.c"
-    "src/internal.c"
-    "src/ocsp.c"
-    "src/ssl.c"
-    "src/tls13.c"
-    "wolfcrypt/src/aes.c"
-    "wolfcrypt/src/arc4.c"
-    "wolfcrypt/src/asm.c"
-    "wolfcrypt/src/asn.c"
-    "wolfcrypt/src/blake2b.c"
-    "wolfcrypt/src/camellia.c"
-    "wolfcrypt/src/chacha.c"
-    "wolfcrypt/src/chacha20_poly1305.c"
-    "wolfcrypt/src/cmac.c"
-    "wolfcrypt/src/coding.c"
-    "wolfcrypt/src/compress.c"
-    "wolfcrypt/src/cpuid.c"
-    "wolfcrypt/src/cryptodev.c"
-    "wolfcrypt/src/curve25519.c"
-    "wolfcrypt/src/des3.c"
-    "wolfcrypt/src/dh.c"
-    "wolfcrypt/src/dsa.c"
-    "wolfcrypt/src/ecc.c"
-    "wolfcrypt/src/ecc_fp.c"
-    "wolfcrypt/src/ed25519.c"
-    "wolfcrypt/src/error.c"
-    "wolfcrypt/src/fe_low_mem.c"
-    "wolfcrypt/src/fe_operations.c"
-    "wolfcrypt/src/ge_low_mem.c"
-    "wolfcrypt/src/ge_operations.c"
-    "wolfcrypt/src/hash.c"
-    "wolfcrypt/src/hc128.c"
-    "wolfcrypt/src/hmac.c"
-    "wolfcrypt/src/idea.c"
-    "wolfcrypt/src/integer.c"
-    "wolfcrypt/src/logging.c"
-    "wolfcrypt/src/md2.c"
-    "wolfcrypt/src/md4.c"
-    "wolfcrypt/src/md5.c"
-    "wolfcrypt/src/memory.c"
-    "wolfcrypt/src/pkcs12.c"
-    "wolfcrypt/src/pkcs7.c"
-    "wolfcrypt/src/poly1305.c"
-    "wolfcrypt/src/pwdbased.c"
-    "wolfcrypt/src/rabbit.c"
-    "wolfcrypt/src/random.c"
-    "wolfcrypt/src/ripemd.c"
-    "wolfcrypt/src/rsa.c"
-    "wolfcrypt/src/sha.c"
-    "wolfcrypt/src/sha256.c"
-    "wolfcrypt/src/sha3.c"
-    "wolfcrypt/src/sha512.c"
-    "wolfcrypt/src/signature.c"
-    "wolfcrypt/src/sp_arm32.c"
-    "wolfcrypt/src/sp_arm64.c"
-    "wolfcrypt/src/sp_c32.c"
-    "wolfcrypt/src/sp_c64.c"
-    "wolfcrypt/src/sp_int.c"
-    "wolfcrypt/src/sp_x86_64.c"
-    "wolfcrypt/src/srp.c"
-    "wolfcrypt/src/tfm.c"
-    "wolfcrypt/src/wc_encrypt.c"
-    "wolfcrypt/src/wc_port.c"
-    "wolfcrypt/src/wolfevent.c"
-    "wolfcrypt/src/wolfmath.c"
-)
+
+set(COMPONENT_SRCDIRS "./src/"
+                      "./wolfcrypt/src/"
+                      "./wolfcrypt/src/port/Espressif/"
+                      "./wolfcrypt/src/port/atmel/"
+                      )
+
 set(COMPONENT_REQUIRES lwip)
-set(COMPONENT_ADD_INCLUDEDIRS ../freertos/include/freertos)
+
+set(COMPONENT_ADD_INCLUDEDIRS
+    "."
+    "./include"
+    "../freertos/include/freertos" 
+    "${WOLFSSL_ROOT}"
+    )
+
+if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
+endif()
+
+set(COMPONENT_SRCEXCLUDE
+    "wolfcrypt/src/aes_asm.S"
+    "wolfcrypt/src/evp.c"
+    "wolfcrypt/src/misc.c"
+    "src/bio.c"
+    )
+
 register_component()

IDE/Espressif/ESP-IDF/libs/component.mk

@@ -2,10 +2,14 @@
 # Component Makefile
 #
 
-COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS := . ./include
 COMPONENT_ADD_INCLUDEDIRS += ../freertos/include/freertos/
 
 COMPONENT_SRCDIRS := src wolfcrypt/src
+COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
+
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
 COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
 COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o

IDE/Espressif/ESP-IDF/setup.sh

@@ -37,7 +37,10 @@ ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/
 
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/src
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfssl
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/test
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/include
 
 popd > /dev/null             # $WOLFSSL_ESPIDFDIR
 pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
@@ -45,12 +48,19 @@ pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
 # copying ... files in src/ into $WOLFSSLLIB_TRG_DIR/src
 ${CPDCMD} ./src/*.c ${WOLFSSLLIB_TRG_DIR}/src/
 
-${CPDCMD} -r ./wolfcrypt/src/ ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/
+
+${CPDCMD} -r ./wolfcrypt/src/*.{c,i} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src/
+${CPDCMD} -r ./wolfcrypt/src/port  ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src/port/
 ${CPDCMD} -r ./wolfcrypt/test ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/
 ${CPDCMD} -r ./wolfcrypt/benchmark ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/
 
 ${CPDCMD} -r ./wolfssl/*.h ${WOLFSSLLIB_TRG_DIR}/wolfssl/
 ${CPDCMD} -r ./wolfssl/wolfcrypt ${WOLFSSLLIB_TRG_DIR}/wolfssl/
+# user_settings.h
+${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/user_settings.h ${WOLFSSLLIB_TRG_DIR}/include/
+
+# unit test app
+${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/test/* ${WOLFSSLLIB_TRG_DIR}/test/
 
 popd > /dev/null # 
 
@@ -63,23 +73,19 @@ pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
-${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/include
 
 ${CPDCMD} -r ./wolfcrypt/benchmark/benchmark.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
-${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/include/
 
 # Crypt Test program
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
-${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/include
 
 ${CPDCMD} -r ./wolfcrypt/test/test.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
-${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/include/
 
 # TLS Client program
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/

IDE/Espressif/ESP-IDF/test/CMakeLists.txt

@@ -0,0 +1,6 @@
+set(COMPONENT_SRCDIRS ".")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+set(COMPONENT_REQUIRES unity test_utils wolfssl)
+
+register_component()

IDE/Espressif/ESP-IDF/test/README.md

@@ -0,0 +1,11 @@
+# wolfSSL unit-test app
+
+The test contains of wolfSSL unit-test app on Unity.
+
+When you want to run the app  
+1. Copy *test.c* file at /path/to/esp-idf/components/wolfssl/wolfcrypt/test/ folder to the  wolfssl/test folder  
+2. Go to /esp-idf/tools/unit-test-app/ folder  
+3. "make menuconfig" to configure unit test app.  
+4. "make TEST_COMPONENTS=wolfssl" to build wolfssl unit test app.  
+
+See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.

IDE/Espressif/ESP-IDF/test/component.mk

@@ -0,0 +1,10 @@
+#
+#Component Makefile
+#
+
+#CFLAGS := -v
+CFLAGS += -DNO_MAIN_DRIVER
+CFLAGS += -DWOLFSSL_USER_SETTINGS
+#CFLAGS += -DWOLFSSL_ESP32WROOM32_CRYPT_DEBUG
+
+COMPONENT_ADD_LDFLAGS = -Wl,--whole-archive -l$(COMPONENT_NAME) -Wl,--no-whole-archive

IDE/Espressif/ESP-IDF/test/test_wolfssl.c

@@ -0,0 +1,524 @@
+/*
+* wolfssl sha tests
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+#include <esp_system.h>
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "unity.h"
+#include "sdkconfig.h"
+#include "esp_log.h"
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/wc_port.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+static const char* TAG = "wolfssl unit test";
+static xSemaphoreHandle exit_semaph;
+static volatile bool exit_loop=false;
+
+#define SHA_STACK_SIZE (20*1024)
+#define TIMES_SHA 500
+#define TIMES_AES 100
+
+#ifndef NO_SHA
+int sha_test();
+#endif
+#ifndef NO_SHA256
+int sha256_test();
+#endif
+#ifdef WOLFSSL_SHA384
+int sha384_test(void);
+#endif
+#ifdef WOLFSSL_SHA512
+int sha512_test(void);
+#endif
+
+#ifndef NO_AES
+int aes_test(void);
+static void tskAes_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskAes_Test");
+    int ret = 0;
+    while(exit_loop==false) {
+        ret = aes_test();
+        if(ret != 0) {
+            printf("result was not good(aes_test)(%d)\n",ret);
+            TEST_FAIL_MESSAGE("tskAes_Test\n");
+        }
+    }
+
+    ESP_LOGI(TAG, "leave tskAes_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+
+int aesgcm_test(void);
+
+static void tskAesGcm_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskAesGcm_Test");
+    int ret = 0;
+    while(exit_loop==false) {
+        ret = aesgcm_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). aesGcm_test\n",ret);
+            TEST_FAIL_MESSAGE("aesGcm_test\n");
+        }
+    }
+    ESP_LOGI(TAG, "leave tskAesGcm_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+
+#ifdef WOLFSSL_AES_192
+int aes192_test(void);
+static void tskAes192_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskAes192_Test");
+    int ret = 0;
+    while(exit_loop==false) {
+        ret = aes192_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). aes192_test\n",ret);
+            TEST_FAIL_MESSAGE("aes192_test\n");
+        }
+    }
+    ESP_LOGI(TAG, "leave tskAes192_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+#ifdef WOLFSSL_AES_256
+int aes256_test(void);
+static void tskAes256_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskAes256_Test");
+    int ret = 0;
+    while(exit_loop==false) {
+        ret = aes256_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). aes256_test\n", ret);
+            TEST_FAIL_MESSAGE("aes256_test\n");
+        }
+    }
+    ESP_LOGI(TAG, "leave tskAes256_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+
+TEST_CASE("wolfssl aes test"  , "[wolfssl]")
+{
+    ESP_LOGI(TAG, "aes test");
+    TEST_ASSERT_EQUAL(0, aes_test());
+#ifdef WOLFSSL_AES_192
+    ESP_LOGI(TAG, "aes_192 test");
+    TEST_ASSERT_EQUAL(0, aes192_test());
+#endif
+#ifdef WOLFSSL_AES_256
+    ESP_LOGI(TAG, "aes_256 test");
+    TEST_ASSERT_EQUAL(0, aes256_test());
+#endif
+    ESP_LOGI(TAG, "aes-gcm test");
+    TEST_ASSERT_EQUAL(0, aesgcm_test());
+}
+
+#endif
+
+TEST_CASE("wolfssl sha crypt-test", "[wolfssl]")
+{
+#ifndef NO_SHA
+    ESP_LOGI(TAG, "sha_test()");
+    TEST_ASSERT_EQUAL(0, sha_test());
+#endif
+#ifndef NO_SHA256
+    ESP_LOGI(TAG, "sha256_test()");
+    TEST_ASSERT_EQUAL(0, sha256_test());
+#endif
+#ifdef WOLSSL_SHA384
+    ESP_LOGI(TAG, "sha384_test()");
+    TEST_ASSERT_EQUAL(0, sha384_test());
+#endif
+#ifdef WOLFSSL_SHA512
+    ESP_LOGI(TAG, "sha512_test()");
+    TEST_ASSERT_EQUAL(0, sha512_test());
+#endif
+}
+
+
+#ifndef NO_SHA
+static void tskSha_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskSha_Test");
+
+    int ret = 0;
+
+    while(exit_loop==false) {
+        ret = sha_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). sha_test\n", ret);
+            TEST_FAIL_MESSAGE("tskSha_Test\n");
+        }
+    }
+
+    ESP_LOGI(TAG, "leave tskSha_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+
+#ifndef NO_SHA256
+static void tskSha256_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskSha256_Test");
+    int ret;
+
+    while(exit_loop==false) {
+        ret = sha256_test();
+        if(ret != 0) {
+            printf("results was not good(%d). sha256_test\n", ret);
+            TEST_FAIL_MESSAGE("sha256_test() failed");
+        }
+    }
+
+    ESP_LOGI(TAG, "leave tskSha256_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+
+#ifdef WOLFSSL_SHA384
+static void tskSha384_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskSha384_Test");
+    int ret = 0;
+
+    while(exit_loop==false) {
+        ret = sha384_test();
+        if(ret != 0) {
+            printf("results was not good(%d). sha384_test\n", ret);
+            TEST_FAIL_MESSAGE("sha384_test() failed\n");
+        }
+    }
+
+    ESP_LOGI(TAG, "leave tskSha384_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+
+#ifdef WOLFSSL_SHA512
+static void tskSha512_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskSha512_Test");
+
+    int ret = 0;
+
+    while(exit_loop==false) {
+        ret = sha512_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). sha512_test\n", ret);
+            TEST_FAIL_MESSAGE("tskSha512_Test() failed\n");
+        }
+    }
+    ESP_LOGI(TAG, "leave tskSha512_test()");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+
+
+}
+#endif
+
+TEST_CASE("wolfssl sha multi-thread test ", "[wolfssl]")
+{
+    int num = 0;
+#ifndef NO_SHA
+    num++;
+#endif
+#ifndef NO_SHA256
+    num++;
+#endif
+#ifdef WOLFSSL_SHA384
+    num++;
+#endif
+#ifdef WOLFSSL_SHA512
+    num++;
+#endif
+
+    exit_loop = false;
+
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_SHA
+    xTaskCreate(tskSha_Test, "sha_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA256
+    xTaskCreate(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_SHA384
+    xTaskCreate(tskSha384_Test, "sha384_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_SHA512
+    xTaskCreate(tskSha512_Test, "sha512_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+
+ ESP_LOGI(TAG, "Waiting for 10s ...");
+ vTaskDelay(10000/portTICK_PERIOD_MS);
+ exit_loop = true;
+
+ for(int i=0;i<num;i++){
+     if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) {
+         TEST_FAIL_MESSAGE("exit semaphore not released by test task");
+     }
+ }
+ vSemaphoreDelete(exit_semaph);
+}
+
+TEST_CASE("wolfssl aes multi-thread test ", "[wolfssl]")
+{
+    int num = 0;
+#ifndef NO_AES
+    num++;
+    num++;
+#ifdef WOLFSSL_AES_192
+    num++;
+#endif
+#ifdef WOLFSSL_AES_256
+    num++;
+#endif
+#endif
+
+    exit_loop = false;
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    xTaskCreate(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_192
+    xTaskCreate(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_256
+    xTaskCreate(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+
+ ESP_LOGI(TAG, "Waiting for 10s ...");
+ vTaskDelay(10000/portTICK_PERIOD_MS);
+ exit_loop = true;
+
+ for(int i=0;i<num;i++){
+    if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) {
+        TEST_FAIL_MESSAGE("exit semaphore not released by test task");
+    }
+ }
+ vSemaphoreDelete(exit_semaph);
+}
+
+TEST_CASE("wolfssl aes sha sha256 multi-thread test ", "[wolfssl]")
+{
+    int num = 0;
+
+#ifndef NO_AES
+    num++;
+    num++;
+#ifdef WOLFSSL_AES_192
+    num++;
+#endif
+#ifdef WOLFSSL_AES_256
+    num++;
+#endif
+#endif
+#ifndef NO_SHA
+    num++;
+#endif
+#ifndef NO_SHA256
+    num++;
+#endif
+
+    exit_loop = false;
+
+#ifndef CONFIG_FREERTOS_UNICORE
+    num *= 2;
+    printf("num=%d\n", num);
+
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    if(xTaskCreatePinnedToCore(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -1 \n");
+    if(xTaskCreatePinnedToCore(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -2 \n");
+    if(xTaskCreatePinnedToCore(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -3 \n");
+    if(xTaskCreatePinnedToCore(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -4 \n");
+#endif
+#ifdef WOLFSSL_AES_192
+    if(xTaskCreatePinnedToCore(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -5 \n");
+    if(xTaskCreatePinnedToCore(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -6 \n");
+#endif
+#ifdef WOLFSSL_AES_256
+    if(xTaskCreatePinnedToCore(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -7 \n");
+    if(xTaskCreatePinnedToCore(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -8 \n");
+#endif
+#ifndef NO_SHA
+    if(xTaskCreatePinnedToCore(tskSha_Test, "Sha_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -9 \n");
+    if(xTaskCreatePinnedToCore(tskSha_Test, "Sha_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -10 \n");
+#endif
+#ifndef NO_SHA256
+    if(xTaskCreatePinnedToCore(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -11 \n");
+    if(xTaskCreatePinnedToCore(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -12 \n");
+#endif
+
+#else
+
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    xTaskCreate(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_192
+    xTaskCreate(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_256
+    xTaskCreate(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA
+    xTaskCreate(tskSha_Test, "Sha_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA256
+    xTaskCreate(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+
+#endif /* CONFIG_FREERTOS_UNICORE */
+
+    ESP_LOGI(TAG, "Waiting for 15s ...");
+    vTaskDelay(15000/portTICK_PERIOD_MS);
+    exit_loop = true;
+
+    for(int i=0;i<num;i++){
+       if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) {
+           TEST_FAIL_MESSAGE("exit semaphore not released by test task");
+       }
+    }
+    vSemaphoreDelete(exit_semaph);
+}
+
+TEST_CASE("wolfssl aes sha384 sha512 multi-thread test ", "[wolfssl]")
+{
+    int num = 0;
+
+#ifndef NO_AES
+    num++;
+    num++;
+#ifdef WOLFSSL_AES_192
+    num++;
+#endif
+#ifdef WOLFSSL_AES_256
+    num++;
+#endif
+#endif
+#ifdef WOLFSSL_SHA384
+    num++;
+#endif
+#ifdef WOLFSSL_SHA512
+    num++;
+#endif
+
+
+    exit_loop = false;
+
+#ifndef CONFIG_FREERTOS_UNICORE
+    num *= 2;
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    if(xTaskCreatePinnedToCore(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -1 \n");
+    if(xTaskCreatePinnedToCore(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -2 \n");
+    if(xTaskCreatePinnedToCore(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -3 \n");
+    if(xTaskCreatePinnedToCore(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -4 \n");
+#endif
+#ifdef WOLFSSL_AES_192
+    if(xTaskCreatePinnedToCore(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -5 \n");
+    if(xTaskCreatePinnedToCore(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -6 \n");
+#endif
+#ifdef WOLFSSL_AES_256
+    if(xTaskCreatePinnedToCore(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -7 \n");
+    if(xTaskCreatePinnedToCore(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -8 \n");
+#endif
+#ifdef WOLFSSL_SHA384
+    if(xTaskCreatePinnedToCore(tskSha384_Test, "sha384_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -13 \n");
+    if(xTaskCreatePinnedToCore(tskSha384_Test, "sha384_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -14 \n");
+#endif
+#ifdef WOLFSSL_SHA512
+    printf("start sha512\n");
+    if(xTaskCreatePinnedToCore(tskSha512_Test, "Sha512_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -15 \n");
+    if(xTaskCreatePinnedToCore(tskSha512_Test, "Sha512_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -16 \n");
+
+#endif
+
+#else
+
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    xTaskCreate(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_192
+    xTaskCreate(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_256
+    xTaskCreate(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA
+    xTaskCreate(tskSha_Test, "Sha_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA256
+    xTaskCreate(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+
+#endif /* CONFIG_FREERTOS_UNICORE */
+
+    ESP_LOGI(TAG, "Waiting for 15s ...");
+    vTaskDelay(15000/portTICK_PERIOD_MS);
+    exit_loop = true;
+
+
+    for(int i=0;i<num;i++){
+       if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) {
+           TEST_FAIL_MESSAGE("exit semaphore not released by test task");
+       }
+    }
+    vSemaphoreDelete(exit_semaph);
+}

IDE/Espressif/ESP-IDF/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -31,21 +31,42 @@
 #define HAVE_AEAD
 #define HAVE_SUPPORTED_CURVES
 
-#define SINGLE_THREADED /* or define RTOS  option */
+/* when you want to use SINGLE THREAD */
+/* #define SINGLE_THREADED */
 #define NO_FILESYSTEM
 
 #define HAVE_AESGCM
+/* when you want to use SHA384 */
+/* #define WOLFSSL_SHA384 */
 #define WOLFSSL_SHA512
 #define HAVE_ECC
 #define HAVE_CURVE25519
 #define CURVE25519_SMALL
 #define HAVE_ED25519
 
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+
 /* debug options */
 /* #define DEBUG_WOLFSSL */
+/* #define WOLFSSL_ESP32WROOM32_CRYPT_DEBUG */
+/* #define WOLFSSL_ATECC508A_DEBUG          */
 
 /* date/time                               */
 /* if it cannot adjust time in the device, */
 /* enable macro below                      */
 /* #define NO_ASN_TIME */
 /* #define XTIME time */
+
+/* when you want not to use HW acceleration */
+/* #define NO_ESP32WROOM32_CRYPT */
+/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH*/
+/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_AES */

IDE/GCC-ARM/Header/user_settings.h

@@ -66,14 +66,15 @@ extern "C" {
 #undef WOLFSSL_SP
 #if 0
     #define WOLFSSL_SP
-    #define WOLFSSL_SP_SMALL
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
     #define WOLFSSL_HAVE_SP_RSA
     #define WOLFSSL_HAVE_SP_DH
     #define WOLFSSL_HAVE_SP_ECC
     #define WOLFSSL_SP_CACHE_RESISTANT
-    //#define WOLFSSL_SP_MATH
+    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
 
     /* 64 or 32 bit version */
+    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
     //#define WOLFSSL_SP_ARM32_ASM
     //#define WOLFSSL_SP_ARM64_ASM
 #endif

IDE/GCC-ARM/Makefile.common

@@ -110,7 +110,7 @@ SRC_C += ../../wolfcrypt/src/cmac.c
 SRC_C += ../../wolfcrypt/src/coding.c
 SRC_C += ../../wolfcrypt/src/compress.c
 SRC_C += ../../wolfcrypt/src/cpuid.c
-SRC_C += ../../wolfcrypt/src/cryptodev.c
+SRC_C += ../../wolfcrypt/src/cryptocb.c
 SRC_C += ../../wolfcrypt/src/curve25519.c
 SRC_C += ../../wolfcrypt/src/ed25519.c
 SRC_C += ../../wolfcrypt/src/error.c

IDE/Renesas/cs+/Projects/include.am

@@ -16,4 +16,5 @@ EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
 EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
 EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
 EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/wolf_demo.h
+EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/t4_demo.mtpj
 

IDE/Renesas/cs+/Projects/t4_demo/README_en.txt

@@ -42,6 +42,8 @@ Setup process:
 wolfssl\IDE\Renesas\cs+\Projects\wolfssl_lib\DefaultBuild\wolfssl_lib.lib
 wolfssl\IDE\Renesas\cs+\Projects\t4_demo\DefaultBuild\t4_demo.lib
 
+   - Set CC-RX(Build Tool)->Library Geberation->Library Configuration to"C99" and enable ctype.h.
+
    - Build the project and start execut. You see message on the console prompting command.
    
 ===

IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt

@@ -51,6 +51,9 @@ wolfSSL/AlphaProject
 　wolfssl\IDE\Renesas\cs+\Projects\wolfssl_lib\DefaultBuild\wolfssl_lib.lib
 　wolfssl\IDE\Renesas\cs+\Projects\t4_demo\DefaultBuild\t4_demo.lib
 
+- CC-RX(ビルドツール)->ライブラリージェネレーションタブ->ライブラリー構成を「C99」に、
+ctype.hを有効にするを「はい」に設定します。
+
 　- プロジェクトのビルド、ターゲットへのダウンロードをしたのち、表示->デバッグ・コンソール
 　からコンソールを表示させます。実行を開始するとコンソールに以下の表示が出力されます。
 　

IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c

@@ -34,29 +34,29 @@ static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
     int ret;
     ID  cepid;
-    
+
     if(ctx != NULL)cepid = *(ID *)ctx;
     else return WOLFSSL_CBIO_ERR_GENERAL;
-    
+
     ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR);
     if(ret > 0)return ret;
-    else         return WOLFSSL_CBIO_ERR_GENERAL;  
+    else         return WOLFSSL_CBIO_ERR_GENERAL;
 }
 
 static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
     int ret;
     ID  cepid;
-    
+
     if(ctx != NULL)cepid = *(ID *)ctx;
     else return WOLFSSL_CBIO_ERR_GENERAL;
-    
+
     ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR);
     if(ret == sz)return ret;
-    else         return WOLFSSL_CBIO_ERR_GENERAL;          
+    else         return WOLFSSL_CBIO_ERR_GENERAL;
 }
 
-static int getIPaddr(char *arg) 
+static int getIPaddr(char *arg)
 {
     int a1, a2, a3, a4;
     if(sscanf(arg, "%d.%d.%d.%d", &a1, &a2, &a3, &a4) == 4)
@@ -64,8 +64,8 @@ static int getIPaddr(char *arg)
     else return 0;
 }
 
-static int getPort(char *arg) 
-{   
+static int getPort(char *arg)
+{
     int port;
     if(sscanf(arg, "%d", &port) == 1)
          return port;
@@ -74,7 +74,7 @@ static int getPort(char *arg)
 
 WOLFSSL_CTX *wolfSSL_TLS_client_init()
 {
-    
+
     WOLFSSL_CTX* ctx;
     #ifndef NO_FILESYSTEM
         #ifdef USE_ECC_CERT
@@ -91,18 +91,18 @@ WOLFSSL_CTX *wolfSSL_TLS_client_init()
         #define  SIZEOF_CERT sizeof_ca_cert_der_2048
         #endif
     #endif
-    
+
     wolfSSL_Init();
     #ifdef DEBUG_WOLFSSL
         wolfSSL_Debugging_ON();
     #endif
-    
+
     /* Create and initialize WOLFSSL_CTX */
     if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) {
         printf("ERROR: failed to create WOLFSSL_CTX\n");
         return NULL;
     }
- 
+
     #if !defined(NO_FILESYSTEM)
     if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
         printf("ERROR: can't load \"%s\"\n", cert);
@@ -127,7 +127,7 @@ WOLFSSL_CTX *wolfSSL_TLS_client_init()
 void wolfSSL_TLS_client(void *v_ctx, func_args *args)
 {
     ID cepid = 1;
-    ER ercd; 
+    ER ercd;
     int ret;
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)v_ctx;
     WOLFSSL *ssl;
@@ -136,7 +136,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
     char    rcvBuff[BUFF_SIZE] = {0};
     static T_IPV4EP my_addr = { 0, 0 };
     T_IPV4EP dst_addr;
-    
+
     if(args->argc >= 2){
 	    if((dst_addr.ipaddr = getIPaddr(args->argv[1])) == 0){
 		printf("ERROR: IP address\n");
@@ -147,7 +147,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
 	        return;
 	    }
     }
-    
+
     if((ercd = tcp_con_cep(cepid, &my_addr, &dst_addr, TMO_FEVR)) != E_OK) {
         printf("ERROR TCP Connect: %d\n", ercd);
         return;
@@ -157,7 +157,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
         printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
         return;
     }
-    
+
     /* set callback context */
     wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
     wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
@@ -166,7 +166,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
         printf("ERROR SSL connect: %d\n",  wolfSSL_get_error(ssl, 0));
         return;
     }
-        
+
     if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
         printf("ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
         return;
@@ -176,9 +176,9 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
         printf("ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
         return;
     }
-    
+
     rcvBuff[ret] = '\0' ;
-    printf("Recieved: %s\n", rcvBuff);
+    printf("Received: %s\n", rcvBuff);
 
     /* frees all data before client termination */
     wolfSSL_free(ssl);

IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c

@@ -31,26 +31,26 @@ static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
     int ret;
     ID  cepid;
-    
+
     if(ctx != NULL)cepid = *(ID *)ctx;
     else return WOLFSSL_CBIO_ERR_GENERAL;
-    
+
     ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR);
     if(ret == sz)return ret;
-    else         return WOLFSSL_CBIO_ERR_GENERAL;  
+    else         return WOLFSSL_CBIO_ERR_GENERAL;
 }
 
 static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
     int ret;
     ID  cepid;
-    
+
     if(ctx != NULL)cepid = *(ID *)ctx;
     else return WOLFSSL_CBIO_ERR_GENERAL;
-    
+
     ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR);
     if(ret == sz)return ret;
-    else         return WOLFSSL_CBIO_ERR_GENERAL;          
+    else         return WOLFSSL_CBIO_ERR_GENERAL;
 }
 
 
@@ -59,7 +59,7 @@ WOLFSSL_CTX *wolfSSL_TLS_server_init()
 
 	int ret;
     WOLFSSL_CTX* ctx;
-    
+
     #ifndef NO_FILESYSTEM
         #ifdef USE_ECC_CERT
         char *cert       = "./certs/server-ecc-cert.pem";
@@ -81,15 +81,15 @@ WOLFSSL_CTX *wolfSSL_TLS_server_init()
         #define  sizeof_key sizeof_server_key_der_2048
         #endif
     #endif
-     
+
 
 	wolfSSL_Init();
         #ifdef DEBUG_WOLFSSL
 	    wolfSSL_Debugging_ON();
 	#endif
-	
+
 	/* Create and initialize WOLFSSL_CTX */
-	if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex((void *)NULL))) == NULL) {	
+	if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex((void *)NULL))) == NULL) {
 		printf("ERROR: failed to create WOLFSSL_CTX\n");
 		return NULL;
 	}
@@ -130,13 +130,13 @@ void wolfSSL_TLS_server(void *v_ctx, func_args *args)
     ER ercd;
     WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)v_ctx;
     (void) args;
-    
+
     WOLFSSL *ssl;
     int len;
     #define BUFF_SIZE 256
     char buff[BUFF_SIZE];
     T_IPV4EP dst_addr = {0, 0};
-        
+
     if((ercd = tcp_acp_cep(cepid, repid, &dst_addr, TMO_FEVR)) != E_OK) {
         printf("ERROR TCP Accept: %d\n", ercd);
         return;
@@ -146,7 +146,7 @@ void wolfSSL_TLS_server(void *v_ctx, func_args *args)
         printf("ERROR: failed wolfSSL_new\n");
         return;
     }
-   
+
     wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
     wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
 
@@ -154,20 +154,20 @@ void wolfSSL_TLS_server(void *v_ctx, func_args *args)
         printf("ERROR: SSL Accept(%d)\n", wolfSSL_get_error(ssl, 0));
         return;
     }
-      
+
     if ((len = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) {
         printf("ERROR: SSL Read(%d)\n", wolfSSL_get_error(ssl, 0));
         return;
     }
-        
+
     buff[len] = '\0';
-    printf("Recieved: %s\n", buff);
-	
+    printf("Received: %s\n", buff);
+
     if (wolfSSL_write(ssl, buff, len) != len) {
-        printf("ERROR: SSL Wirte(%d)\n", wolfSSL_get_error(ssl, 0));
+        printf("ERROR: SSL Write(%d)\n", wolfSSL_get_error(ssl, 0));
         return;
     }
-    
+
     wolfSSL_free(ssl);
     tcp_sht_cep(cepid);
 }

IDE/Renesas/e2studio/Projects/wolfssl/.project

@@ -130,9 +130,9 @@
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cpuid.c</locationURI>
 		</link>
 		<link>
-			<name>wolfcrypt/src/cryptodev.c</name>
+			<name>wolfcrypt/src/cryptocb.c</name>
 			<type>1</type>
-			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cryptodev.c</locationURI>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cryptocb.c</locationURI>
 		</link>
 		<link>
 			<name>wolfcrypt/src/curve25519.c</name>

IDE/include.am

@@ -16,8 +16,10 @@ include IDE/OPENSTM32/include.am
 include IDE/VS-ARM/include.am
 include IDE/GCC-ARM/include.am
 include IDE/CSBENCH/include.am
+include IDE/ECLIPSE/DEOS/include.am
+include IDE/ECLIPSE/MICRIUM/include.am
 include IDE/mynewt/include.am
 include IDE/Renesas/cs+/Projects/include.am
 include IDE/Renesas/e2studio/Projects/include.am
 
-EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
+EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr

IDE/zephyr/README.md

@@ -0,0 +1,41 @@
+Zephyr Project Port
+===================
+
+## Overview
+
+This port is for Zephyr Project available [here](https://www.zephyrproject.org/).
+
+It provides the following zephyr code.
+
+- zephyr/ext/lib/crypto/wolfssl
+    - wolfssl library
+- zephyr/samples/crypto/wolfssl_test
+    - wolfcrypt unit test application
+- zephyr/samples/crypto/wolfssl_tls_sock
+    - socket based sample of TLS
+- zephyr/samples/crypto/wolfssl_tls_thread
+    - socket based sample of TLS using threads
+
+## How to setup
+
+### delopy wolfssl source to mynewt project
+Specify the path of the mynewt project and execute  `wolfssl/IDE/mynewt/setup.sh`.
+
+```bash
+./IDE/zephyr/setup.sh　/path/to/zephyrproject
+```
+
+This script will deploy wolfssl's library code and samples as described in the Overview to the zephyr project.
+
+## build & test
+
+build and execute wolfssl_test
+
+```
+cd [zephyrproject]/zephyr/samples/crypto/wolfssl_test
+mkdir build && cd build
+cmake -GNinja -DBOARD=qemu_x86 ..
+ninja
+ninja run
+```
+

IDE/zephyr/lib/CMakeLists.txt

@@ -0,0 +1,122 @@
+zephyr_interface_library_named(wolfSSL)
+
+if(CONFIG_WOLFSSL_BUILTIN)
+  target_compile_definitions(wolfSSL INTERFACE
+	WOLFSSL_OPTIONS_FILE="${CONFIG_WOLFSSL_OPTIONS_FILE}"
+	)
+
+  target_include_directories(wolfSSL INTERFACE
+	include
+	settings
+	)
+
+  zephyr_library()
+  zephyr_library_sources(zephyr_init.c)
+
+  zephyr_library_sources(library/src/crl.c)
+  zephyr_library_sources(library/src/internal.c)
+  zephyr_library_sources(library/src/keys.c)
+  zephyr_library_sources(library/src/ocsp.c)
+  zephyr_library_sources(library/src/sniffer.c)
+  zephyr_library_sources(library/src/ssl.c)
+  zephyr_library_sources(library/src/tls13.c)
+  zephyr_library_sources(library/src/tls.c)
+  zephyr_library_sources(library/src/wolfio.c)
+
+  zephyr_library_sources(library/wolfcrypt/src/aes.c)
+  zephyr_library_sources(library/wolfcrypt/src/arc4.c)
+  zephyr_library_sources(library/wolfcrypt/src/asm.c)
+  zephyr_library_sources(library/wolfcrypt/src/asn.c)
+  zephyr_library_sources(library/wolfcrypt/src/async.c)
+  zephyr_library_sources(library/wolfcrypt/src/blake2b.c)
+  zephyr_library_sources(library/wolfcrypt/src/camellia.c)
+  zephyr_library_sources(library/wolfcrypt/src/chacha20_poly1305.c)
+  zephyr_library_sources(library/wolfcrypt/src/chacha.c)
+  zephyr_library_sources(library/wolfcrypt/src/cmac.c)
+  zephyr_library_sources(library/wolfcrypt/src/coding.c)
+  zephyr_library_sources(library/wolfcrypt/src/compress.c)
+  zephyr_library_sources(library/wolfcrypt/src/cpuid.c)
+  zephyr_library_sources(library/wolfcrypt/src/cryptocb.c)
+  zephyr_library_sources(library/wolfcrypt/src/curve25519.c)
+  zephyr_library_sources(library/wolfcrypt/src/des3.c)
+  zephyr_library_sources(library/wolfcrypt/src/dh.c)
+  zephyr_library_sources(library/wolfcrypt/src/dsa.c)
+  zephyr_library_sources(library/wolfcrypt/src/ecc.c)
+  zephyr_library_sources(library/wolfcrypt/src/ecc_fp.c)
+  zephyr_library_sources(library/wolfcrypt/src/ed25519.c)
+  zephyr_library_sources(library/wolfcrypt/src/error.c)
+  zephyr_library_sources(library/wolfcrypt/src/fe_low_mem.c)
+  zephyr_library_sources(library/wolfcrypt/src/fe_operations.c)
+  #zephyr_library_sources(library/wolfcrypt/src/fips.c)
+  #zephyr_library_sources(library/wolfcrypt/src/fips_test.c)
+  zephyr_library_sources(library/wolfcrypt/src/ge_low_mem.c)
+  zephyr_library_sources(library/wolfcrypt/src/ge_operations.c)
+  zephyr_library_sources(library/wolfcrypt/src/hash.c)
+  zephyr_library_sources(library/wolfcrypt/src/hc128.c)
+  zephyr_library_sources(library/wolfcrypt/src/hmac.c)
+  zephyr_library_sources(library/wolfcrypt/src/idea.c)
+  zephyr_library_sources(library/wolfcrypt/src/integer.c)
+  zephyr_library_sources(library/wolfcrypt/src/logging.c)
+  zephyr_library_sources(library/wolfcrypt/src/md2.c)
+  zephyr_library_sources(library/wolfcrypt/src/md4.c)
+  zephyr_library_sources(library/wolfcrypt/src/md5.c)
+  zephyr_library_sources(library/wolfcrypt/src/memory.c)
+  #zephyr_library_sources(library/wolfcrypt/src/misc.c)
+  zephyr_library_sources(library/wolfcrypt/src/pkcs12.c)
+  zephyr_library_sources(library/wolfcrypt/src/pkcs7.c)
+  zephyr_library_sources(library/wolfcrypt/src/poly1305.c)
+  zephyr_library_sources(library/wolfcrypt/src/pwdbased.c)
+  zephyr_library_sources(library/wolfcrypt/src/rabbit.c)
+  zephyr_library_sources(library/wolfcrypt/src/random.c)
+  zephyr_library_sources(library/wolfcrypt/src/ripemd.c)
+  zephyr_library_sources(library/wolfcrypt/src/rsa.c)
+  #zephyr_library_sources(library/wolfcrypt/src/selftest.c)
+  zephyr_library_sources(library/wolfcrypt/src/sha256.c)
+  zephyr_library_sources(library/wolfcrypt/src/sha3.c)
+  zephyr_library_sources(library/wolfcrypt/src/sha512.c)
+  zephyr_library_sources(library/wolfcrypt/src/sha.c)
+  zephyr_library_sources(library/wolfcrypt/src/signature.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_arm32.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_arm64.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_armthumb.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_c32.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_c64.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_cortexm.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_int.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_x86_64.c)
+  zephyr_library_sources(library/wolfcrypt/src/srp.c)
+  zephyr_library_sources(library/wolfcrypt/src/tfm.c)
+  zephyr_library_sources(library/wolfcrypt/src/wc_encrypt.c)
+  zephyr_library_sources(library/wolfcrypt/src/wc_pkcs11.c)
+  zephyr_library_sources(library/wolfcrypt/src/wc_port.c)
+  #zephyr_library_sources(library/wolfcrypt/src/wolfcrypt_first.c)
+  #zephyr_library_sources(library/wolfcrypt/src/wolfcrypt_last.c)
+  zephyr_library_sources(library/wolfcrypt/src/wolfevent.c)
+  zephyr_library_sources(library/wolfcrypt/src/wolfmath.c)
+
+  zephyr_library_link_libraries(wolfSSL)
+
+  add_definitions(-DWOLFSSL_USER_SETTINGS)
+  add_definitions(-DWOLFSSL_ZEPHYR)
+  include_directories("library")
+else()
+  assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.")
+
+  # NB: CONFIG_WOLFSSL_LIBRARY is not regression tested and is
+  # therefore susceptible to bit rot
+
+  target_include_directories(wolfSSL INTERFACE
+	${CONFIG_WOLFSSL_INSTALL_PATH}
+	)
+
+  zephyr_link_libraries(
+    mbedtls_external
+    -L${CONFIG_WOLFSSL_INSTALL_PATH}
+    gcc
+    )
+  # Lib wolfssl depends on libgcc so to allow
+  # wolfssl to link with gcc we need to ensure it is placed
+  # after wolfssl_external on the linkers command line.
+endif()
+
+target_link_libraries(wolfSSL INTERFACE zephyr_interface)

IDE/zephyr/lib/Kconfig

@@ -0,0 +1,85 @@
+# Kconfig - Cryptography primitive options for wolfSSL
+
+#
+# Copyright (c) 2016 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+menuconfig WOLFSSL
+	bool "wolfSSL Support"
+	help
+	  This option enables the wolfSSL cryptography library.
+
+if WOLFSSL
+
+choice
+	prompt "Select implementation"
+	default WOLFSSL_BUILTIN
+
+config WOLFSSL_BUILTIN
+	bool "Enable wolfSSL integrated sources"
+	help
+	  Link with local wolfSSL sources instead of external library.
+
+config WOLFSSL_LIBRARY
+	bool "Enable wolfSSL external library"
+	help
+	  This option enables wolfSSL library.
+
+endchoice
+
+config WOLFSSL_SETTINGS_FILE
+	string "wolfSSL settings file"
+	depends on WOLFSSL_BUILTIN
+	default "user_settings-tls-generic.h"
+	help
+	  Use a specific wolfSSL settings file. The default config file
+	  file can be tweaked with Kconfig. The default settings is
+	  suitable to communicate with majority of HTTPS servers on the Internet,
+	  but has relatively many features enabled. To optimize resources for
+	  special TLS usage, use available Kconfig settings, or select an
+	  alternative config.
+
+if WOLFSSL_BUILTIN && WOLFSSL_SETTINGS_FILE = "user_settings-tls-generic.h"
+source "ext/lib/crypto/wolfssl/Kconfig.tls-generic"
+endif
+
+config WOLFSSL_DEBUG
+	bool "wolfSSL debug activation"
+	depends on WOLFSSL_BUILTIN
+	help
+	  Enable debugging activation for wolfSSL configuration. If you use
+	  wolfSSL/Zephyr integration (e.g. net_app), this will activate debug
+	  logging (of the level configured by WOLFSSL_DEBUG_LEVEL).
+
+config WOLFSSL_INSTALL_PATH
+	string "wolfSSL install path"
+	depends on WOLFSSL_LIBRARY
+	help
+	  This option holds the path where the wolfSSL libraries and headers are
+	  installed. Make sure this option is properly set when WOLFSSL_LIBRARY
+	  is enabled otherwise the build will fail.
+
+config APP_LINK_WITH_WOLFSSL
+	bool "Link 'app' with WOLFSSL"
+	default y
+	depends on WOLFSSL
+	help
+	  Add WOLFSSL header files to the 'app' include path. It may be
+	  disabled if the include paths for WOLFSSL are causing aliasing
+	  issues for 'app'.
+
+endif
+

IDE/zephyr/lib/Kconfig.tls-generic

@@ -0,0 +1,272 @@
+# Kconfig.tls - TLS/DTLS related options
+
+#
+# Copyright (c) 2018 Intel Corporation
+# Copyright (c) 2018 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+menu "TLS configuration"
+
+menu "Supported TLS version"
+
+config WOLFSSL_TLS_VERSION_1_0
+	bool "Enable support for TLS 1.0"
+	select WOLFSSL_ALLOW_TLSV10_ENABLED
+
+config WOLFSSL_TLS_VERSION_1_1
+	bool "Enable support for TLS 1.1"
+	select WOLFSSL_NO_OLD_TLS_DISABLED
+
+config WOLFSSL_TLS_VERSION_1_2
+	bool "Enable support for TLS 1.2"
+	default y
+
+config WOLFSSL_TLS_VERSION_1_3
+	bool "Enable support for TLS 1.3"
+	select WOLFSSL_TLS13_ENABLED
+
+endmenu
+
+menu "Ciphersuite configuration"
+
+comment "Supported key exchange modes"
+
+config WOLFSSL_KEY_EXCHANGE_ALL_ENABLED
+	bool "Enable all available ciphersuite modes"
+	select WOLFSSL_KEY_EXCHANGE_PSK_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_RSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+config WOLFSSL_KEY_EXCHANGE_PSK_ENABLED
+	bool "Enable the PSK based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+	bool "Enable the DHE-PSK based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+	bool "Enable the ECDHE-PSK based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+	bool "Enable the RSA-PSK based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_RSA_ENABLED
+	bool "Enable the RSA-only based ciphersuite modes"
+	default y
+
+config WOLFSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+	bool "Enable the DHE-RSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+	bool "Enable the ECDHE-RSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+	bool "Enable the ECDHE-ECDSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+	bool "Enable the ECDH-ECDSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+	bool "Enable the ECDH-RSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
+	bool "Enable the ECJPAKE based ciphersuite modes"
+
+if WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+comment "Supported elliptic curves"
+
+config WOLFSSL_ECP_ALL_ENABLED
+	bool "Enable all available elliptic curves"
+	select WOLFSSL_ECP_DP_SECP192R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP192R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP224R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP256R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP384R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP521R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP192K1_ENABLED
+	select WOLFSSL_ECP_DP_SECP224K1_ENABLED
+	select WOLFSSL_ECP_DP_SECP256K1_ENABLED
+	select WOLFSSL_ECP_DP_BP256R1_ENABLED
+	select WOLFSSL_ECP_DP_BP384R1_ENABLED
+	select WOLFSSL_ECP_DP_BP512R1_ENABLED
+	select WOLFSSL_ECP_DP_CURVE25519_ENABLED
+	select WOLFSSL_ECP_DP_CURVE448_ENABLED
+	select WOLFSSL_ECP_NIST_OPTIM
+
+config WOLFSSL_ECP_DP_SECP192R1_ENABLED
+	bool "Enable SECP192R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP224R1_ENABLED
+	bool "Enable SECP224R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP256R1_ENABLED
+	bool "Enable SECP256R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP384R1_ENABLED
+	bool "Enable SECP384R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP521R1_ENABLED
+	bool "Enable SECP521R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP192K1_ENABLED
+	bool "Enable SECP192K1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP224K1_ENABLED
+	bool "Enable SECP224K1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP256K1_ENABLED
+	bool "Enable SECP256K1 elliptic curve"
+
+config WOLFSSL_ECP_DP_BP256R1_ENABLED
+	bool "Enable BP256R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_BP384R1_ENABLED
+	bool "Enable BP384R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_BP512R1_ENABLED
+	bool "Enable BP512R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_CURVE25519_ENABLED
+	bool "Enable CURVE25519 elliptic curve"
+
+config WOLFSSL_ECP_DP_CURVE448_ENABLED
+	bool "Enable CURVE448 elliptic curve"
+
+config WOLFSSL_ECP_NIST_OPTIM
+	bool "Enable NSIT curves optimization"
+
+endif
+
+comment "Supported cipher modes"
+
+config WOLFSSL_CIPHER_ALL_ENABLED
+	bool "Enable all available ciphers"
+	select WOLFSSL_CIPHER_AES_ENABLED
+	select WOLFSSL_CIPHER_CAMELLIA_ENABLED
+	select WOLFSSL_CIPHER_DES_ENABLED
+	select WOLFSSL_CIPHER_ARC4_ENABLED
+	select WOLFSSL_CIPHER_CHACHA20_ENABLED
+	select WOLFSSL_CIPHER_BLOWFISH_ENABLED
+	select WOLFSSL_CIPHER_CCM_ENABLED
+	select WOLFSSL_CIPHER_MODE_XTS_ENABLED
+	select WOLFSSL_CIPHER_MODE_GCM_ENABLED
+	select WOLFSSL_CIPHER_CBC_ENABLED
+	select WOLFSSL_CHACHAPOLY_AEAD_ENABLED
+
+config WOLFSSL_CIPHER_AES_ENABLED
+	bool "Enable the AES block cipher"
+	default y
+
+config WOLFSSL_AES_ROM_TABLES
+	depends on WOLFSSL_CIPHER_AES_ENABLED
+	bool "Use precomputed AES tables stored in ROM."
+	default y
+
+config WOLFSSL_CIPHER_CAMELLIA_ENABLED
+	bool "Enable the Camellia block cipher"
+
+config WOLFSSL_CIPHER_DES_ENABLED
+	bool "Enable the DES block cipher"
+	default y
+
+config WOLFSSL_CIPHER_ARC4_ENABLED
+	bool "Enable the ARC4 stream cipher"
+
+config WOLFSSL_CIPHER_CHACHA20_ENABLED
+	bool "Enable the ChaCha20 stream cipher"
+
+config WOLFSSL_CIPHER_BLOWFISH_ENABLED
+	bool "Enable the Blowfish block cipher"
+
+config WOLFSSL_CIPHER_CCM_ENABLED
+	bool "Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher"
+	depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
+
+config WOLFSSL_CIPHER_MODE_XTS_ENABLED
+	bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
+	depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
+
+config WOLFSSL_CIPHER_MODE_GCM_ENABLED
+	bool "Enable the Galois/Counter Mode (GCM) for AES"
+	depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
+
+config WOLFSSL_CIPHER_CBC_ENABLED
+	bool "Enable Cipher Block Chaining mode (CBC) for symmetric ciphers"
+	default y
+
+config WOLFSSL_CHACHAPOLY_AEAD_ENABLED
+	bool "Enable the ChaCha20-Poly1305 AEAD algorithm"
+	depends on WOLFSSL_CIPHER_CHACHA20_ENABLED || WOLFSSL_MAC_POLY1305_ENABLED
+
+comment "Supported message authentication methods"
+
+config WOLFSSL_MAC_ALL_ENABLED
+	bool "Enable all available MAC methods"
+	select WOLFSSL_MAC_MD4_ENABLED
+	select WOLFSSL_MAC_MD5_ENABLED
+	select WOLFSSL_MAC_SHA1_ENABLED
+	select WOLFSSL_MAC_SHA256_ENABLED
+	select WOLFSSL_MAC_SHA512_ENABLED
+	select WOLFSSL_MAC_POLY1305_ENABLED
+
+config WOLFSSL_MAC_MD4_ENABLED
+	bool "Enable the MD4 hash algorithm"
+
+config WOLFSSL_MAC_MD5_ENABLED
+	bool "Enable the MD5 hash algorithm"
+	default y
+
+config WOLFSSL_MAC_SHA1_ENABLED
+	bool "Enable the SHA1 hash algorithm"
+	default y
+
+config WOLFSSL_MAC_SHA256_ENABLED
+	bool "Enable the SHA-224 and SHA-256 hash algorithms"
+	default y
+
+config WOLFSSL_MAC_SHA512_ENABLED
+	bool "Enable the SHA-384 and SHA-512 hash algorithms"
+
+config WOLFSSL_MAC_POLY1305_ENABLED
+	bool "Enable the Poly1305 MAC algorithm"
+
+endmenu
+
+comment "Random number generators"
+
+config WOLFSSL_HMAC_DRBG_ENABLED
+	bool "Enable the HMAC_DRBG random generator"
+	default y
+
+comment "Other configurations"
+
+config WOLFSSL_HAVE_ASM
+	bool "Enable use of assembly code"
+	default y
+	help
+	  Enable use of assembly code in wolfSSL. This improves the performances
+	  of asymetric cryptography, however this might have an impact on the
+	  code size.
+
+config WOLFSSL_USER_SETTTINGS
+	string "User settings file for wolfSSL"
+	help
+	  User settings file that contains wolfSSL defines.
+
+endmenu

IDE/zephyr/lib/README

@@ -0,0 +1,12 @@
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
+Please contact wolfSSL Inc. directly at:
+
+Email: licensing@wolfssl.com
+Phone: +1 425 245-8247
+
+More information can be found on the wolfSSL website at www.wolfssl.com.
+
+

IDE/zephyr/lib/install_lib.sh

@@ -0,0 +1,64 @@
+#!/bin/sh
+
+WOLFSSL_SRC_DIR=../../..
+
+if [ ! -d $WOLFSSL_SRC_DIR ]; then
+    echo "Directory does not exist: $WOLFSSL_SRC_DIR"
+    exit 1
+fi
+if [ ! -f $WOLFSSL_SRC_DIR/wolfssl/ssl.h ]; then
+    echo "Missing header file: $WOLFSSL_SRC_DIR/wolfssl/ssl.h"
+    exit 1
+fi
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/ext/lib/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl
+
+echo "wolfSSL directory in Zephyr:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Build files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Copy Source Code ..."
+rm -rf $ZEPHYR_WOLFSSL_DIR/library
+mkdir $ZEPHYR_WOLFSSL_DIR/library
+mkdir $ZEPHYR_WOLFSSL_DIR/library/src
+mkdir -p $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src
+
+cp -rf ${WOLFSSL_SRC_DIR}/src/*.c $ZEPHYR_WOLFSSL_DIR/library/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.c $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.i $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.S $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
+
+echo "Copy Header Files ..."
+rm -rf $ZEPHYR_WOLFSSL_DIR/include
+mkdir $ZEPHYR_WOLFSSL_DIR/include
+
+cp $ZEPHYR_WOLFSSL_DIR/user_settings.h $ZEPHYR_WOLFSSL_DIR/include/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfssl $ZEPHYR_WOLFSSL_DIR/include/
+rm -f $ZEPHYR_WOLFSSL_DIR/include/wolfssl/options.h
+touch $ZEPHYR_WOLFSSL_DIR/include/wolfssl/options.h
+rm -rf $ZEPHYR_WOLFSSL_DIR/include/wolfssl/wolfcrypt/port
+
+
+echo "Done"
+

IDE/zephyr/lib/settings/user_settings-tls-generic.h

@@ -0,0 +1,147 @@
+/* wolfssl options.h
+ * generated from configure options
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ */
+
+#ifndef WOLFSSL_OPTIONS_H
+#define WOLFSSL_OPTIONS_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#undef  WOLFSSL_ZEPHYR
+#define WOLFSSL_ZEPHYR
+
+#if 0
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+#endif
+
+#undef  TFM_TIMING_RESISTANT
+#define TFM_TIMING_RESISTANT
+
+#undef  ECC_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+
+#undef  WC_RSA_BLINDING
+#define WC_RSA_BLINDING
+
+#undef  HAVE_AESGCM
+#define HAVE_AESGCM
+
+#undef  WOLFSSL_SHA512
+#define WOLFSSL_SHA512
+
+#undef  WOLFSSL_SHA384
+#define WOLFSSL_SHA384
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  HAVE_ECC
+#define HAVE_ECC
+
+#undef  TFM_ECC256
+#define TFM_ECC256
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  WOLFSSL_SHA224
+#define WOLFSSL_SHA224
+
+#undef  WOLFSSL_SHA3
+#define WOLFSSL_SHA3
+
+#undef  HAVE_POLY1305
+#define HAVE_POLY1305
+
+#undef  HAVE_ONE_TIME_AUTH
+#define HAVE_ONE_TIME_AUTH
+
+#undef  HAVE_CHACHA
+#define HAVE_CHACHA
+
+#undef  HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  USE_FAST_MATH
+#define USE_FAST_MATH
+
+#undef  WOLFSSL_NO_ASM
+#define WOLFSSL_NO_ASM
+
+#undef  WOLFSSL_X86_BUILD
+#define WOLFSSL_X86_BUILD
+
+#undef  WC_NO_ASYNC_THREADING
+#define WC_NO_ASYNC_THREADING
+
+#undef  NO_DES3
+#define NO_DES3
+
+#if 1
+#undef  NO_ASN_TIME
+#define NO_ASN_TIME
+#endif
+
+#undef  WOLFSSL_STATIC_MEMORY
+#define WOLFSSL_STATIC_MEMORY
+
+#if 0
+#undef  WOLFSSL_HAVE_SP_RSA
+#define WOLFSSL_HAVE_SP_RSA
+#undef  WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_DH
+#undef  WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_HAVE_SP_ECC
+#endif
+
+#if 0
+#undef  DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_OPTIONS_H */
+

IDE/zephyr/lib/user_settings.h

@@ -0,0 +1,147 @@
+
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#ifdef CONFIG_WOLFSSL
+#ifdef CONFIG_WOLFSSL_SETTINGS_FILE
+
+#include CONFIG_WOLFSSL_SETTINGS_FILE
+
+#else
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#undef  WOLFSSL_ZEPHYR
+#define WOLFSSL_ZEPHYR
+
+#if 0
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+#endif
+
+#undef  TFM_TIMING_RESISTANT
+#define TFM_TIMING_RESISTANT
+
+#undef  ECC_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+
+#undef  WC_RSA_BLINDING
+#define WC_RSA_BLINDING
+
+#undef  HAVE_AESGCM
+#define HAVE_AESGCM
+
+#undef  WOLFSSL_SHA512
+#define WOLFSSL_SHA512
+
+#undef  WOLFSSL_SHA384
+#define WOLFSSL_SHA384
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  HAVE_ECC
+#define HAVE_ECC
+
+#undef  TFM_ECC256
+#define TFM_ECC256
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  WOLFSSL_SHA224
+#define WOLFSSL_SHA224
+
+#undef  WOLFSSL_SHA3
+#define WOLFSSL_SHA3
+
+#undef  HAVE_POLY1305
+#define HAVE_POLY1305
+
+#undef  HAVE_ONE_TIME_AUTH
+#define HAVE_ONE_TIME_AUTH
+
+#undef  HAVE_CHACHA
+#define HAVE_CHACHA
+
+#undef  HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  USE_FAST_MATH
+#define USE_FAST_MATH
+
+#undef  WOLFSSL_NO_ASM
+#define WOLFSSL_NO_ASM
+
+#undef  WOLFSSL_X86_BUILD
+#define WOLFSSL_X86_BUILD
+
+#undef  WC_NO_ASYNC_THREADING
+#define WC_NO_ASYNC_THREADING
+
+#undef  NO_DES3
+#define NO_DES3
+
+#if 1
+#undef  NO_ASN_TIME
+#define NO_ASN_TIME
+#endif
+
+#undef  WOLFSSL_STATIC_MEMORY
+#define WOLFSSL_STATIC_MEMORY
+
+#if 0
+#undef  WOLFSSL_HAVE_SP_RSA
+#define WOLFSSL_HAVE_SP_RSA
+#undef  WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_DH
+#undef  WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_HAVE_SP_ECC
+#endif
+
+#if 0
+#undef  DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CONFIG_WOLFSSL_SETTINGS_FILE */
+#endif /* CONFIG_WOLFSSL */
+
+#endif /* USER_SETTINGS_H */
+

IDE/zephyr/lib/zephyr_init.c

@@ -0,0 +1,19 @@
+/** @file
+ * @brief wolfSSL initialization
+ *
+ * Initialize the wolfSSL library.
+ */
+
+#include <init.h>
+
+#include "user_settings.h"
+#include "wolfssl/ssl.h"
+
+static int _wolfssl_init(struct device *device)
+{
+    ARG_UNUSED(device);
+
+    return 0;
+}
+
+SYS_INIT(_wolfssl_init, POST_KERNEL, 0);

IDE/zephyr/setup.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Check for zephyr directory on command line
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 'zephyr project root directory path'" 1>&2
+    exit 1
+fi
+ZEPHYR_DIR=$1
+
+# Check zephyr directory exists
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+
+cd `dirname $0`
+
+(cd lib; ./install_lib.sh $ZEPHYR_DIR)
+(cd wolfssl_test; ./install_test.sh $ZEPHYR_DIR)
+(cd wolfssl_tls_sock; ./install_sample.sh $ZEPHYR_DIR)
+(cd wolfssl_tls_thread; ./install_sample.sh $ZEPHYR_DIR)
+

IDE/zephyr/wolfssl_test/CMakeLists.txt

@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.13.1)
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(wolfssl_test)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+

IDE/zephyr/wolfssl_test/README

@@ -0,0 +1,12 @@
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
+Please contact wolfSSL Inc. directly at:
+
+Email: licensing@wolfssl.com
+Phone: +1 425 245-8247
+
+More information can be found on the wolfSSL website at www.wolfssl.com.
+
+

IDE/zephyr/wolfssl_test/install_test.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+WOLFSSL_SRC_DIR=../../..
+
+if [ ! -d $WOLFSSL_SRC_DIR ]; then
+    echo "Directory does not exist: $WOLFSSL_SRC_DIR"
+    exit 1
+fi
+if [ ! -f $WOLFSSL_SRC_DIR/wolfcrypt/test/test.c ]; then
+    echo "Missing source file: $WOLFSSL_SRC_DIR/wolfcrypt/test/test.h"
+    exit 1
+fi
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_test
+
+echo "wolfSSL directory:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Build files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Copy Source Code ..."
+rm -rf $ZEPHYR_WOLFSSL_DIR/src
+mkdir $ZEPHYR_WOLFSSL_DIR/src
+
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/test/test.c $ZEPHYR_WOLFSSL_DIR/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/test/test.h $ZEPHYR_WOLFSSL_DIR/src/
+
+echo "Done"
+

IDE/zephyr/wolfssl_test/prj.conf

@@ -0,0 +1,25 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=32768
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_POSIX_API=y
+CONFIG_INIT_STACKS=y
+#CONFIG_FLOAT=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
+
+# Networking
+CONFIG_NETWORKING=y
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=y
+CONFIG_NET_SOCKETS=y
+CONFIG_DNS_RESOLVER=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# TLS configuration
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+

IDE/zephyr/wolfssl_test/sample.yaml

@@ -0,0 +1,9 @@
+common:
+  harness: crypto
+  tags: crypto
+sample:
+  description: wolfSSL test application
+  name: wolfSSL Test
+tests:
+  test:
+    platform_whitelist: qemu_x86

IDE/zephyr/wolfssl_tls_sock/CMakeLists.txt

@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.13.1)
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(wolfssl_tls_threaded)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+

IDE/zephyr/wolfssl_tls_sock/README

@@ -0,0 +1,12 @@
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
+Please contact wolfSSL Inc. directly at:
+
+Email: licensing@wolfssl.com
+Phone: +1 425 245-8247
+
+More information can be found on the wolfSSL website at www.wolfssl.com.
+
+

IDE/zephyr/wolfssl_tls_sock/install_sample.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_tls_sock
+
+echo "wolfSSL directory:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Sample files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Done"
+

IDE/zephyr/wolfssl_tls_sock/prj.conf

@@ -0,0 +1,53 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=12288
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_POSIX_API=y
+CONFIG_INIT_STACKS=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
+
+# General config
+CONFIG_NEWLIB_LIBC=y
+
+# Networking config
+CONFIG_NETWORKING=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=n
+CONFIG_NET_TCP=y
+CONFIG_NET_SOCKETS=y
+CONFIG_NET_SOCKETS_POSIX_NAMES=y
+
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_DNS_RESOLVER=y
+CONFIG_DNS_SERVER_IP_ADDRESSES=y
+CONFIG_DNS_SERVER1="192.0.2.2"
+
+# Network driver config
+CONFIG_TEST_RANDOM_GENERATOR=y
+
+# Network address config
+CONFIG_NET_CONFIG_SETTINGS=y
+CONFIG_NET_CONFIG_NEED_IPV4=y
+CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1"
+CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2"
+CONFIG_NET_CONFIG_MY_IPV4_GW="192.0.2.2"
+
+CONFIG_NET_PKT_TX_COUNT=10
+
+# Network debug config
+#CONFIG_NET_LOG=y
+#CONFIG_NET_PKT_LOG_LEVEL_DBG=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# TLS configuration
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
+CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
+CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
+CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y

IDE/zephyr/wolfssl_tls_sock/sample.yaml

@@ -0,0 +1,9 @@
+common:
+  harness: crypto
+  tags: crypto
+sample:
+  description: wolfSSL TLS test application
+  name: wolfSSL TLS Test
+tests:
+  test:
+    platform_whitelist: qemu_x86

IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c

@@ -0,0 +1,512 @@
+/* tls_sock.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#include <wolfssl/test.h>
+
+#ifdef WOLFSSL_ZEPHYR
+#define printf   printk
+#endif
+
+#define BUFFER_SIZE           2048
+#define STATIC_MEM_SIZE       (96*1024)
+#define THREAD_STACK_SIZE     (12*1024)
+#define MAX_SEND_SIZE         256
+
+/* The stack to use in the server's thread. */
+K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER;
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT;
+
+    static byte gMemoryServer[STATIC_MEM_SIZE];
+    static byte gMemoryClient[STATIC_MEM_SIZE];
+#else
+    #define HEAP_HINT_SERVER NULL
+    #define HEAP_HINT_CLIENT NULL
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+/* Application data to send. */
+static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
+static const char msgHTTPIndex[] =
+    "HTTP/1.1 200 OK\n"
+    "Content-Type: text/html\n"
+    "Connection: close\n"
+    "\n"
+    "<html>\n"
+    "<head>\n"
+    "<title>Welcome to wolfSSL!</title>\n"
+    "</head>\n"
+    "<body>\n"
+    "<p>wolfSSL has successfully performed handshake!</p>\n"
+    "</body>\n"
+    "</html>\n";
+
+
+/* Create a new wolfSSL client with a server CA certificate. */
+static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
+                                                   HEAP_HINT_CLIENT)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
+                sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
+                WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load CA certificate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(client_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = client_ctx;
+        *ssl = client_ssl;
+    }
+    else {
+        if (client_ssl != NULL)
+            wolfSSL_free(client_ssl);
+        if (client_ctx != NULL)
+            wolfSSL_CTX_free(client_ctx);
+    }
+
+    return ret;
+}
+
+/* Client connecting to server using TLS */
+static int wolfssl_client_connect(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL Error: %d\n", wolfSSL_get_error(ssl, -1));
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+
+/* Create a new wolfSSL server with a certificate for authentication. */
+static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
+                                                   HEAP_HINT_SERVER)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
+                server_cert_der_2048, sizeof_server_cert_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server certificate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
+                server_key_der_2048, sizeof_server_key_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server key\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(server_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = server_ctx;
+        *ssl = server_ssl;
+    }
+    else {
+        if (server_ssl != NULL)
+            wolfSSL_free(server_ssl);
+        if (server_ctx != NULL)
+            wolfSSL_CTX_free(server_ctx);
+    }
+
+    return ret;
+}
+
+/* Server accepting a client using TLS */
+static int wolfssl_server_accept(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL Error: %d\n", wolfSSL_get_error(ssl, -1));
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+/* Send application data. */
+static int wolfssl_send(WOLFSSL* ssl, const char* msg)
+{
+    int ret = 0;
+    int len;
+
+    printf("Sending:\n%s\n", msg);
+    len = wolfSSL_write(ssl, msg, XSTRLEN(msg));
+    if (len < 0)
+        ret = len;
+    else if (len != XSTRLEN(msg))
+        ret = -1;
+
+    return ret;
+}
+
+/* Receive application data. */
+static int wolfssl_recv(WOLFSSL* ssl)
+{
+    int ret;
+    byte reply[256];
+
+    ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
+    if (ret > 0) {
+        reply[ret] = '\0';
+        printf("Received:\n%s\n", reply);
+        ret = 1;
+    }
+    else if (wolfSSL_want_read(ssl) || wolfSSL_want_write(ssl))
+        ret = 0;
+
+    return ret;
+}
+
+
+/* Free the WOLFSSL object and context. */
+static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
+{
+    if (ssl != NULL)
+        wolfSSL_free(ssl);
+    if (ctx != NULL)
+        wolfSSL_CTX_free(ctx);
+}
+
+
+/* Display the static memory usage. */
+static void wolfssl_memstats(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_STATIC_MEMORY
+    WOLFSSL_MEM_CONN_STATS ssl_stats;
+
+    XMEMSET(&ssl_stats, 0 , sizeof(ssl_stats));
+
+    if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
+        printf("static memory was not used with ssl");
+    else {
+        printf("*** This is memory state before wolfSSL_free is called\n");
+        printf("peak connection memory = %d\n", ssl_stats.peakMem);
+        printf("current memory in use  = %d\n", ssl_stats.curMem);
+        printf("peak connection allocs = %d\n", ssl_stats.peakAlloc);
+        printf("current connection allocs = %d\n",ssl_stats.curAlloc);
+        printf("total connection allocs   = %d\n",ssl_stats.totalAlloc);
+        printf("total connection frees    = %d\n\n", ssl_stats.totalFr);
+    }
+#else
+    (void)ssl;
+#endif
+}
+
+
+/* Start the server thread. */
+void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
+{
+    k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
+                    func, args, NULL, NULL, 5, 0, K_NO_WAIT);
+}
+
+void join_thread(THREAD_TYPE thread)
+{
+    /* Threads are handled in the kernel. */
+}
+
+
+int wolfssl_server_accept_tcp(WOLFSSL* ssl, SOCKET_T* fd, SOCKET_T* acceptfd)
+{
+    int ret = 0;
+    SOCKET_T      sockfd   = WOLFSSL_SOCKET_INVALID;
+    SOCKET_T      clientfd = WOLFSSL_SOCKET_INVALID;
+    SOCKADDR_IN_T client;
+    socklen_t     client_len = sizeof(client);
+    word16        port = 443;
+    struct sockaddr_in bind_addr;
+
+    if (ret == 0) {
+        sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+        bind_addr.sin_family = AF_INET;
+        bind_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+        bind_addr.sin_port = htons(port);
+        if (bind(sockfd, (struct sockaddr *)&bind_addr, sizeof(bind_addr)) != 0)
+            ret = -1;
+    }
+    if (ret == 0) {
+        *fd = sockfd;
+        printf("Server Listen\n");
+        listen(sockfd, 5);
+        if (WOLFSSL_SOCKET_IS_INVALID(sockfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        printf("Server Accept\n");
+        clientfd = accept(sockfd, (struct sockaddr*)&client,
+                          (ACCEPT_THIRD_T)&client_len);
+        if (WOLFSSL_SOCKET_IS_INVALID(clientfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        *acceptfd = clientfd;
+        tcp_set_nonblocking(&clientfd);
+    }
+
+    if (ret == 0) {
+        printf("Server has client\n");
+        if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS)
+            ret = -1;
+    }
+
+    return ret;
+}
+
+/* Thread to do the server operations. */
+void server_thread(void* arg1, void* arg2, void* arg3)
+{
+    int           ret = 0;
+    WOLFSSL_CTX*  server_ctx = NULL;
+    WOLFSSL*      server_ssl = NULL;
+    SOCKET_T      sockfd   = WOLFSSL_SOCKET_INVALID;
+    SOCKET_T      clientfd = WOLFSSL_SOCKET_INVALID;
+
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
+                               sizeof(gMemoryServer),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    if (ret == 0)
+        ret = wolfssl_server_new(&server_ctx, &server_ssl);
+
+    if (ret == 0)
+        ret = wolfssl_server_accept_tcp(server_ssl, &sockfd, &clientfd);
+
+    while (ret == 0) {
+        k_sleep(100);
+        ret = wolfssl_server_accept(server_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
+            break;
+    }
+
+    /* Receive HTTP request */
+    while (ret == 0) {
+        ret = wolfssl_recv(server_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+    /* Send HTTP repsonse */
+    if (ret == 0)
+        ret = wolfssl_send(server_ssl, msgHTTPIndex);
+
+    printf("Server Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Server Memory Stats\n");
+#endif
+    wolfssl_memstats(server_ssl);
+    wolfssl_free(server_ctx, server_ssl);
+    if (clientfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(clientfd);
+    if (sockfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(sockfd);
+}
+
+int wolfssl_client_connect_tcp(WOLFSSL* ssl, SOCKET_T* fd)
+{
+    int              ret = 0;
+    SOCKET_T         sockfd = WOLFSSL_SOCKET_INVALID;
+    static struct    addrinfo hints;
+    struct addrinfo* res;
+
+    XMEMSET(&hints, 0, sizeof(hints));
+    hints.ai_family = AF_INET;
+    hints.ai_socktype = SOCK_STREAM;
+    if (getaddrinfo("192.0.2.1", "443", &hints, &res) != 0)
+        ret = -1;
+
+    if (ret == 0) {
+        printf("Client socket\n");
+        sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+        if (WOLFSSL_SOCKET_IS_INVALID(sockfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        *fd = sockfd;
+        tcp_set_nonblocking(&sockfd);
+    }
+    if (ret == 0) {
+        printf("Client Connect\n");
+        if (connect(sockfd, res->ai_addr, res->ai_addrlen) != 0)
+            ret = -1;
+    }
+
+    if (ret == 0) {
+        printf("Client Connected\n");
+        if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS)
+            ret = -1;
+    }
+
+    return ret;
+}
+
+/* Thread to do the client operations. */
+void client_thread()
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+    SOCKET_T     sockfd = WOLFSSL_SOCKET_INVALID;
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+                               sizeof(gMemoryClient),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    /* Client connection */
+    if (ret == 0)
+        ret = wolfssl_client_new(&client_ctx, &client_ssl);
+
+    if (ret == 0)
+        ret = wolfssl_client_connect_tcp(client_ssl, &sockfd);
+
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_client_connect(client_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
+            break;
+    }
+
+    if (ret == 0)
+        printf("Handshake complete\n");
+
+    /* Send HTTP request */
+    if (ret == 0)
+        ret = wolfssl_send(client_ssl, msgHTTPGet);
+    /* Receive HTTP response */
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_recv(client_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+
+    printf("Client Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Client Memory Stats\n");
+#endif
+    wolfssl_memstats(client_ssl);
+    wolfssl_free(client_ctx, client_ssl);
+    if (sockfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(sockfd);
+}
+
+int main()
+{
+    int          ret = 0;
+    THREAD_TYPE  serverThread;
+
+    wolfSSL_Init();
+
+    /* Start server */
+    start_thread(server_thread, NULL, &serverThread);
+
+    k_sleep(100);
+    client_thread();
+
+    join_thread(serverThread);
+
+    wolfSSL_Cleanup();
+
+    printf("Done\n");
+
+    return (ret == 0) ? 0 : 1;
+}
+

IDE/zephyr/wolfssl_tls_thread/CMakeLists.txt

@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.13.1)
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(wolfssl_tls_threaded)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+

IDE/zephyr/wolfssl_tls_thread/README

@@ -0,0 +1,12 @@
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
+Please contact wolfSSL Inc. directly at:
+
+Email: licensing@wolfssl.com
+Phone: +1 425 245-8247
+
+More information can be found on the wolfSSL website at www.wolfssl.com.
+
+

IDE/zephyr/wolfssl_tls_thread/install_sample.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_tls_thread
+
+echo "wolfSSL directory:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Sample files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Done"
+

IDE/zephyr/wolfssl_tls_thread/prj.conf

@@ -0,0 +1,29 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=12288
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_POSIX_API=y
+CONFIG_INIT_STACKS=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
+
+# Networking
+CONFIG_NETWORKING=y
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=y
+CONFIG_NET_SOCKETS=y
+CONFIG_DNS_RESOLVER=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# TLS configuration
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
+CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
+CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
+CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y

IDE/zephyr/wolfssl_tls_thread/sample.yaml

@@ -0,0 +1,9 @@
+common:
+  harness: crypto
+  tags: crypto
+sample:
+  description: wolfSSL TLS test application
+  name: wolfSSL TLS Test
+tests:
+  test:
+    platform_whitelist: qemu_x86

IDE/zephyr/wolfssl_tls_thread/src/tls_threaded.c

@@ -0,0 +1,504 @@
+/* tls_threaded.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#include <wolfssl/test.h>
+
+#ifdef WOLFSSL_ZEPHYR
+#define printf   printk
+#endif
+
+#define BUFFER_SIZE           2048
+#define STATIC_MEM_SIZE       (96*1024)
+#define THREAD_STACK_SIZE     (12*1024)
+
+/* The stack to use in the server's thread. */
+K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER;
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT;
+
+    static byte gMemoryServer[STATIC_MEM_SIZE];
+    static byte gMemoryClient[STATIC_MEM_SIZE];
+#else
+    #define HEAP_HINT_SERVER NULL
+    #define HEAP_HINT_CLIENT NULL
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+/* Buffer to hold data for client to read. */
+unsigned char client_buffer[BUFFER_SIZE];
+int client_buffer_sz = 0;
+wolfSSL_Mutex client_mutex;
+
+/* Buffer to hold data for server to read. */
+unsigned char server_buffer[BUFFER_SIZE];
+int server_buffer_sz = 0;
+wolfSSL_Mutex server_mutex;
+
+/* Application data to send. */
+static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
+static const char msgHTTPIndex[] =
+    "HTTP/1.1 200 OK\n"
+    "Content-Type: text/html\n"
+    "Connection: close\n"
+    "\n"
+    "<html>\n"
+    "<head>\n"
+    "<title>Welcome to wolfSSL!</title>\n"
+    "</head>\n"
+    "<body>\n"
+    "<p>wolfSSL has successfully performed handshake!</p>\n"
+    "</body>\n"
+    "</html>\n";
+
+/* wolfSSL client wants to read data from the server. */
+static int recv_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&client_mutex);
+    if (client_buffer_sz > 0) {
+        /* Take as many bytes is available or requested from buffer. */
+        if (sz > client_buffer_sz)
+            sz = client_buffer_sz;
+        XMEMCPY(buff, client_buffer, sz);
+        if (sz < client_buffer_sz) {
+            XMEMMOVE(client_buffer, client_buffer + sz, client_buffer_sz - sz);
+        }
+        client_buffer_sz -= sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_READ;
+    wc_UnLockMutex(&client_mutex);
+
+    return sz;
+}
+
+/* wolfSSL client wants to write data to the server. */
+static int send_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&server_mutex);
+    if (server_buffer_sz < BUFFER_SIZE)
+    {
+        /* Put in as many bytes requested or will fit in buffer. */
+        if (sz > BUFFER_SIZE - server_buffer_sz)
+            sz = BUFFER_SIZE - server_buffer_sz;
+        XMEMCPY(server_buffer + server_buffer_sz, buff, sz);
+        server_buffer_sz += sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_WRITE;
+    wc_UnLockMutex(&server_mutex);
+
+    return sz;
+}
+
+/* wolfSSL server wants to read data from the client. */
+static int recv_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&server_mutex);
+    if (server_buffer_sz > 0) {
+        /* Take as many bytes is available or requested from buffer. */
+        if (sz > server_buffer_sz)
+            sz = server_buffer_sz;
+        XMEMCPY(buff, server_buffer, sz);
+        if (sz < server_buffer_sz) {
+            XMEMMOVE(server_buffer, server_buffer + sz, server_buffer_sz - sz);
+        }
+        server_buffer_sz -= sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_READ;
+    wc_UnLockMutex(&server_mutex);
+
+    return sz;
+}
+
+/* wolfSSL server wants to write data to the client. */
+static int send_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&client_mutex);
+    if (client_buffer_sz < BUFFER_SIZE)
+    {
+        /* Put in as many bytes requested or will fit in buffer. */
+        if (sz > BUFFER_SIZE - client_buffer_sz)
+            sz = BUFFER_SIZE - client_buffer_sz;
+        XMEMCPY(client_buffer + client_buffer_sz, buff, sz);
+        client_buffer_sz += sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_WRITE;
+    wc_UnLockMutex(&client_mutex);
+
+    return sz;
+}
+
+/* Create a new wolfSSL client with a server CA certificate. */
+static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
+                                                   HEAP_HINT_CLIENT)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
+                sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
+                WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load CA certificate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Register callbacks */
+        wolfSSL_SetIORecv(client_ctx, recv_client);
+        wolfSSL_SetIOSend(client_ctx, send_client);
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(client_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = client_ctx;
+        *ssl = client_ssl;
+    }
+    else {
+        if (client_ssl != NULL)
+            wolfSSL_free(client_ssl);
+        if (client_ctx != NULL)
+            wolfSSL_CTX_free(client_ctx);
+    }
+
+    return ret;
+}
+
+/* Client connecting to server using TLS */
+static int wolfssl_client_connect(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+
+/* Create a new wolfSSL server with a certificate for authentication. */
+static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
+                                                   HEAP_HINT_SERVER)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
+                server_cert_der_2048, sizeof_server_cert_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server certificate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
+                server_key_der_2048, sizeof_server_key_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server key\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Register callbacks */
+        wolfSSL_SetIORecv(server_ctx, recv_server);
+        wolfSSL_SetIOSend(server_ctx, send_server);
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(server_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = server_ctx;
+        *ssl = server_ssl;
+    }
+    else {
+        if (server_ssl != NULL)
+            wolfSSL_free(server_ssl);
+        if (server_ctx != NULL)
+            wolfSSL_CTX_free(server_ctx);
+    }
+
+    return ret;
+}
+
+/* Server accepting a client using TLS */
+static int wolfssl_server_accept(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+/* Send application data. */
+static int wolfssl_send(WOLFSSL* ssl, const char* msg)
+{
+    int ret = 0;
+    int len;
+
+    printf("Sending:\n%s\n", msg);
+    len = wolfSSL_write(ssl, msg, XSTRLEN(msg));
+    if (len < 0)
+        ret = len;
+    else if (len != XSTRLEN(msg))
+        ret = -1;
+
+    return ret;
+}
+
+/* Receive application data. */
+static int wolfssl_recv(WOLFSSL* ssl)
+{
+    int ret;
+    byte reply[256];
+
+    ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
+    if (ret > 0) {
+        reply[ret] = '\0';
+        printf("Received:\n%s\n", reply);
+        ret = 1;
+    }
+    else if (wolfSSL_want_read(ssl) || wolfSSL_want_write(ssl))
+        ret = 0;
+
+    return ret;
+}
+
+
+/* Free the WOLFSSL object and context. */
+static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
+{
+    if (ssl != NULL)
+        wolfSSL_free(ssl);
+    if (ctx != NULL)
+        wolfSSL_CTX_free(ctx);
+}
+
+
+/* Display the static memory usage. */
+static void wolfssl_memstats(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_STATIC_MEMORY
+    WOLFSSL_MEM_CONN_STATS ssl_stats;
+
+    XMEMSET(&ssl_stats, 0 , sizeof(ssl_stats));
+
+    if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
+        printf("static memory was not used with ssl");
+    else {
+        printf("*** This is memory state before wolfSSL_free is called\n");
+        printf("peak connection memory = %d\n", ssl_stats.peakMem);
+        printf("current memory in use  = %d\n", ssl_stats.curMem);
+        printf("peak connection allocs = %d\n", ssl_stats.peakAlloc);
+        printf("current connection allocs = %d\n",ssl_stats.curAlloc);
+        printf("total connection allocs   = %d\n",ssl_stats.totalAlloc);
+        printf("total connection frees    = %d\n\n", ssl_stats.totalFr);
+    }
+#else
+    (void)ssl;
+#endif
+}
+
+
+/* Start the server thread. */
+void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
+{
+    k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
+                    func, args, NULL, NULL, 5, 0, K_NO_WAIT);
+}
+
+void join_thread(THREAD_TYPE thread)
+{
+    /* Threads are handled in the kernel. */
+}
+
+
+/* Thread to do the server operations. */
+void server_thread(void* arg1, void* arg2, void* arg3)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
+                               sizeof(gMemoryServer),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    if (ret == 0)
+        ret = wolfssl_server_new(&server_ctx, &server_ssl);
+
+    while (ret == 0) {
+        ret = wolfssl_server_accept(server_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
+            break;
+    }
+
+    /* Receive HTTP request */
+    while (ret == 0) {
+        ret = wolfssl_recv(server_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+    /* Send HTTP response */
+    if (ret == 0)
+        ret = wolfssl_send(server_ssl, msgHTTPIndex);
+
+    printf("Server Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Server Memory Stats\n");
+#endif
+    wolfssl_memstats(server_ssl);
+    wolfssl_free(server_ctx, server_ssl);
+}
+
+int main()
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+    THREAD_TYPE serverThread;
+
+    wolfSSL_Init();
+
+    wc_InitMutex(&client_mutex);
+    wc_InitMutex(&server_mutex);
+
+    /* Start server */
+    start_thread(server_thread, NULL, &serverThread);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+                               sizeof(gMemoryClient),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    /* Client connection */
+    if (ret == 0)
+        ret = wolfssl_client_new(&client_ctx, &client_ssl);
+
+    while (ret == 0) {
+        ret = wolfssl_client_connect(client_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
+            break;
+        k_sleep(10);
+    }
+
+    if (ret == 0)
+        printf("Handshake complete\n");
+
+    /* Send HTTP request */
+    if (ret == 0)
+        ret = wolfssl_send(client_ssl, msgHTTPGet);
+    /* Receive HTTP response */
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_recv(client_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+
+    printf("Client Return: %d\n", ret);
+
+    join_thread(serverThread);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Client Memory Stats\n");
+#endif
+    wolfssl_memstats(client_ssl);
+    wolfssl_free(client_ctx, client_ssl);
+
+    wolfSSL_Cleanup();
+
+    printf("Done\n");
+
+    return (ret == 0) ? 0 : 1;
+}
+

README

@@ -73,79 +73,38 @@ should be used for the enum name.
 *** end Notes ***
 
 
-********* wolfSSL Release 3.15.5 (11/07/2018)
+********* wolfSSL Release 3.15.7 (12/26/2018)
 
-Release 3.15.5 of wolfSSL embedded TLS has bug fixes and new features including:
+Release 3.15.7 of wolfSSL embedded TLS has bug fixes and new features including:
 
-- Fixes for GCC-8 warnings with strings
-- Additional compatibility API’s added, including functions like wolfSSL_X509_CA_num and wolfSSL_PEM_read_X509_CRL
-- Fixes for OCSP use with NGINX port
-- Renamed the macro INLINE to WC_INLINE for inline functions
-- Doxygen updates and formatting for documentation generation
-- Added support for the STM32L4 with AES/SHA hardware acceleration
-- Adds checking for critical extension with certificate Auth ID and the macro WOLFSSL_ALLOW_CRIT_SKID to override the check
-- Added public key callbacks to ConfirmSignature function to expand public key callback support
-- Added ECC and Curve25519 key generation callback support
-- Fix for memory management with wolfSSL_BN_hex2bn function
-- Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free
-- Port to apache mynewt added in the directory wolfssl-3.15.5/IDE/mynewt/*
-- OCSP stapling in TLS 1.3 additions
-- Port for ASIO added with --enable-asio configure flag
-- Contiki port added with macro WOLFSSL_CONTIKI
-- Memory free optimizations with adding in earlier free’s where possible
-- Made modifications to the primality testing so that the Miller-Rabin tests check against up to 40 random numbers rather than a fixed list of small primes
-- Certificate validation time generation updated
-- Fixes for MQX classic 4.0 with IAR-EWARM
-- Fix for assembly optimized version of Curve25519
-- Make SOCKET_PEER_CLOSED_E consistent between read and write cases
-- Relocate compatibility layer functions for OpenSSH port update
-- Update to Intel® SGX port, files included by Windows version and macros defined when using WOLFSSL_SGX
-- Updates to Nucleus version supported
-- Stack size reduction with smallstack build
-- Updates to Rowley-Crossworks settings for CMSIS 4
-- Added reference STSAFE-A100 public key callbacks for TLS support
-- Added reference ATECC508A/ATECC608A public key callbacks for TLS support
-- Updated support for latest CryptoAuthLib (10/25/2018)
-- Added a wolfSSL static library project for Atollic TrueSTUDIO
-- Flag to disable AES-CBC and have only AEAD cipher suites with TLS
-- AF_ALG and cryptodev-linux crypto support added
-- Update to IO callbacks with use of WOLFSSL_BIO
-- Additional support for parsing certificate subject OIDs (businessCategory, jurisdiction of incorporation country, and jurisdiction of incorporation state)
-- Added  wc_ecc_ecport_ex and wc_export_inti API's for ECC hex string exporting
-- Updates to XCODE build with wolfSSL
-- Fix for guard on when to include sys/time.h header
-- Updates and enhancements to the GCC-ARM example
-- Fix for PKCS8 padding with encryption
-- Updates for wolfcrypt JNI wrapper
-- ALT_ECC_SIZE use with SP math
-- PIC32MZ hardware acceleration buffer alignment fixes
-- Renesas e2studio project files added
-- Renesas RX example project added
-- Fix for DH algorithm when using SP math with ARM assembly
-- Fixes and enhancements for NXP K82 support
-- Benchmark enhancements to print in CSV format and in Japanese
-- Support for PKCS#11 added with --enable-pkcs11
-- Fixes for asynchronous crypto use with TLS 1.3
-- TLS 1.3 only build, allows for disabling TLS 1.2 and earlier protocols
-- Fix for GCC warnings in function wolfSSL_ASN1_TIME_adj
-- Added --enable-asn=nocrypt for certificate only parsing support
-- Added support for parsing PIV format certificates with the function wc_ParseCertPIV and macro WOLFSSL_CERT_PIV
-- Added APIs to support GZIP
-- Updates to support Lighttpd
-- Version resource added for Windows DLL builds
-- Increased code coverage with additional testing
-- Added support for constructed OCTET_STRING with PKCS#7 signed data
-- Added DTLS either (server/client) side initialization setting
-- Minor fixes for building with MINGW32 compiler
-- Added support for generic ECC PEM header/footer with PKCS8 parsing
-- Added Japanese output to example server and client with “-1 1” flag
-- Added USE_ECDSA_KEYSZ_HASH_ALGO macro for building to use digest sizes that match ephemeral key size
-- Expand PKCS#7 CMS support with KEKRI, PWRI and ORI
-- Streaming capability for PKCS#7 decoding and sign verify added
+- Support for Espressif ESP-IDF development framework
+- Fix for XCode build with iPhone simulator on i386
+- PKCS7 support for generating and verify bundles using a detached signature
+- Fix for build disabling AES-CBC and enabling opensslextra compatibility layer
+- Updates to sniffer for showing session information and handling split messages across records
+- Port update for Micrium uC/OS-III
+- Feature to adjust max fragment size post handshake when compiled with the macro WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
+- Adding the macro NO_MULTIBYTE_PRINT for compiling out special characters that embedded devices may have problems with
+- Updates for Doxygen documentation, including PKCS #11 API and more
+- Adding Intel QuickAssist v1.7 driver support for asynchronous crypto
+- Adding Intel QuickAssist RSA key generation and SHA-3 support
+- RSA verify only (--enable-rsavfy) and RSA public only (--enable-rsapub) builds added
+- Enhancements to test cases for increased code coverage
+- Updates to VxWorks port for use with Mongoose, including updates to the OpenSSL compatibility layer
+- Yocto Project ease of use improvements along with many updates and build instructions added to the INSTALL file
+- Maximum ticket nonce size was increased to 8
+- Updating --enable-armasm build for ease of use with autotools
+- Updates to internal code checking TLS 1.3 version with a connection
+- Removing unnecessary extended master secret from ServerHello if using TLS 1.3
+- Fix for TLS v1.3 HelloRetryRequest to be sent immediately and not grouped
 
 
-See INSTALL file for build instructions.
-More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+This release of wolfSSL includes a fix for 1 security vulnerability.
+
+Medium level fix for potential cache attack with a variant of Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5 padding information during private key decryption that could lead to a potential padding oracle attack. It is recommended that users update to the latest version of wolfSSL if they have RSA cipher suites enabled and have the potential for malicious software to be ran on the same system that is performing RSA operations. Users that have only ECC cipher suites enabled and are not performing RSA PKCS #1 v1.5 Decryption operations are not vulnerable. Also users with TLS 1.3 only connections are not vulnerable to this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for the report.
+
+The paper for further reading on the attack details can be found at http://cat.eyalro.net/cat.pdf.
 
 
 *** Resources ***

README.md

@@ -58,75 +58,38 @@ hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512
 should be used for the enum name.
 ```
 
-# wolfSSL Release 3.15.5 (11/07/2018)
+# wolfSSL Release 3.15.7 (12/26/2018)
 
-Release 3.15.5 of wolfSSL embedded TLS has bug fixes and new features including:
+Release 3.15.7 of wolfSSL embedded TLS has bug fixes and new features including:
 
-* Fixes for GCC-8 warnings with strings
-* Additional compatibility API’s added, including functions like wolfSSL_X509_CA_num and wolfSSL_PEM_read_X509_CRL
-* Fixes for OCSP use with NGINX port
-* Renamed the macro INLINE to WC_INLINE for inline functions
-* Doxygen updates and formatting for documentation generation
-* Added support for the STM32L4 with AES/SHA hardware acceleration
-* Adds checking for critical extension with certificate Auth ID and the macro WOLFSSL_ALLOW_CRIT_SKID to override the check
-* Added public key callbacks to ConfirmSignature function to expand public key callback support
-* Added ECC and Curve25519 key generation callback support
-* Fix for memory management with wolfSSL_BN_hex2bn function
-* Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free
-* Port to apache mynewt added in the directory wolfssl-3.15.5/IDE/mynewt/*
-* OCSP stapling in TLS 1.3 additions
-* Port for ASIO added with --enable-asio configure flag
-* Contiki port added with macro WOLFSSL_CONTIKI
-* Memory free optimizations with adding in earlier free’s where possible
-* Made modifications to the primality testing so that the Miller-Rabin tests check against up to 40 random numbers rather than a fixed list of small primes
-* Certificate validation time generation updated
-* Fixes for MQX classic 4.0 with IAR-EWARM
-* Fix for assembly optimized version of Curve25519
-* Make SOCKET_PEER_CLOSED_E consistent between read and write cases
-* Relocate compatibility layer functions for OpenSSH port update
-* Update to Intel® SGX port, files included by Windows version and macros defined when using WOLFSSL_SGX
-* Updates to Nucleus version supported
-* Stack size reduction with smallstack build
-* Updates to Rowley-Crossworks settings for CMSIS 4
-* Added reference STSAFE-A100 public key callbacks for TLS support
-* Added reference ATECC508A/ATECC608A public key callbacks for TLS support
-* Updated support for latest CryptoAuthLib (10/25/2018)
-* Added a wolfSSL static library project for Atollic TrueSTUDIO
-* Flag to disable AES-CBC and have only AEAD cipher suites with TLS
-* AF_ALG and cryptodev-linux crypto support added
-* Update to IO callbacks with use of WOLFSSL_BIO
-* Additional support for parsing certificate subject OIDs (businessCategory, jurisdiction of incorporation country, and jurisdiction of incorporation state)
-* Added  wc_ecc_ecport_ex and wc_export_inti API's for ECC hex string exporting
-* Updates to XCODE build with wolfSSL
-* Fix for guard on when to include sys/time.h header
-* Updates and enhancements to the GCC-ARM example
-* Fix for PKCS8 padding with encryption
-* Updates for wolfcrypt JNI wrapper
-* ALT_ECC_SIZE use with SP math
-* PIC32MZ hardware acceleration buffer alignment fixes
-* Renesas e2studio project files added
-* Renesas RX example project added
-* Fix for DH algorithm when using SP math with ARM assembly
-* Fixes and enhancements for NXP K82 support
-* Benchmark enhancements to print in CSV format and in Japanese
-* Support for PKCS#11 added with --enable-pkcs11
-* Fixes for asynchronous crypto use with TLS 1.3
-* TLS 1.3 only build, allows for disabling TLS 1.2 and earlier protocols
-* Fix for GCC warnings in function wolfSSL_ASN1_TIME_adj
-* Added --enable-asn=nocrypt for certificate only parsing support
-* Added support for parsing PIV format certificates with the function wc_ParseCertPIV and macro WOLFSSL_CERT_PIV
-* Added APIs to support GZIP
-* Updates to support Lighttpd
-* Version resource added for Windows DLL builds
-* Increased code coverage with additional testing
-* Added support for constructed OCTET_STRING with PKCS#7 signed data
-* Added DTLS either (server/client) side initialization setting
-* Minor fixes for building with MINGW32 compiler
-* Added support for generic ECC PEM header/footer with PKCS8 parsing
-* Added Japanese output to example server and client with “-1 1” flag
-* Added USE_ECDSA_KEYSZ_HASH_ALGO macro for building to use digest sizes that match ephemeral key size
-* Expand PKCS#7 CMS support with KEKRI, PWRI and ORI
-* Streaming capability for PKCS#7 decoding and sign verify added
+* Support for Espressif ESP-IDF development framework
+* Fix for XCode build with iPhone simulator on i386
+* PKCS7 support for generating and verify bundles using a detached signature
+* Fix for build disabling AES-CBC and enabling opensslextra compatibility layer
+* Updates to sniffer for showing session information and handling split messages across records
+* Port update for Micrium uC/OS-III
+* Feature to adjust max fragment size post handshake when compiled with the macro WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
+* Adding the macro NO_MULTIBYTE_PRINT for compiling out special characters that embedded devices may have problems with
+* Updates for Doxygen documentation, including PKCS #11 API and more
+* Adding Intel QuickAssist v1.7 driver support for asynchronous crypto
+* Adding Intel QuickAssist RSA key generation and SHA-3 support
+* RSA verify only (--enable-rsavfy) and RSA public only (--enable-rsapub) builds added
+* Enhancements to test cases for increased code coverage
+* Updates to VxWorks port for use with Mongoose, including updates to the OpenSSL compatibility layer
+* Yocto Project ease of use improvements along with many updates and build instructions added to the INSTALL file
+* Maximum ticket nonce size was increased to 8
+* Updating --enable-armasm build for ease of use with autotools
+* Updates to internal code checking TLS 1.3 version with a connection
+* Removing unnecessary extended master secret from ServerHello if using TLS 1.3
+* Fix for TLS v1.3 HelloRetryRequest to be sent immediately and not grouped
+
+
+
+This release of wolfSSL includes a fix for 1 security vulnerability.
+
+Medium level fix for potential cache attack with a variant of Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5 padding information during private key decryption that could lead to a potential padding oracle attack. It is recommended that users update to the latest version of wolfSSL if they have RSA cipher suites enabled and have the potential for malicious software to be ran on the same system that is performing RSA operations. Users that have only ECC cipher suites enabled and are not performing RSA PKCS #1 v1.5 Decryption operations are not vulnerable. Also users with TLS 1.3 only connections are not vulnerable to this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for the report.
+
+The paper for further reading on the attack details can be found at http://cat.eyalro.net/cat.pdf.
 
 
 See INSTALL file for build instructions.

certs/crl/ca-int-ecc.pem

@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBYDCCAQUCAQEwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0x
+ODEyMjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBSXHWDD
+hyJZm2AfhLSZHIhNv9oebjALBgNVHRQEBAICIAMwCgYIKoZIzj0EAwIDSQAwRgIh
+AMrFN7PEk0mtpHWZXJQSaXrc2K2BY/iZ6GlKnbM9G44MAiEA5K9dEKgOX/2VvGlR
+YN8aMaQ+Ly9fyMNEnXLR2OOMrBA=
+-----END X509 CRL-----

certs/crl/ca-int.pem

@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICHDCCAQQCAQEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
+U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRl
+cm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4
+MTIyMTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFO9p4PfV
+HeaZ7Nxt0PfiuVxkcYM1MAsGA1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAQEA
+d++OmLaoou17s32sU/onSY1+Y9PoqYcKqkjK14srsvnrMe8AS3QDsuF721cg3Ekp
+pghG2pmyrvsCB8uaZ5yGE0B7YZ2ZfKjq6IQAQmcMkZ9tVtchmJNGyuB0T8uL8fJE
+JsCvI+eAyYTSjgePQC4x9GMunWwRfQ4DWjXIal8f9WNLnRRZl8MKaTk6fuMM+GBt
+6QJ1qEEeWWwbTnCqAia4dJ/IJGn7bbxwMAs305zrBE8G17gzh4Q4aj/nt71+oM5e
+Jf4XHs2GahUUz29OqiXwsfNfpF9/DHxjTf0UyHjRVV95hdq2QBQNuozVQ/wDiXSH
+12py+paDtyfh1Vw3RapYMQ==
+-----END X509 CRL-----

certs/crl/client-int-ecc.pem

@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBXTCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBDbGllbnQg
+Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy
+MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBTr1EtZa5Vh
+P1FXtgRNiUGIRFyr8jALBgNVHRQEBAICIAUwCgYIKoZIzj0EAwIDSQAwRgIhAJn0
+klExhxOHZtOQi45DuNnraKRzWV+V0moXQOvQmP4+AiEAk7Oqvn3Ij3ZhB/V+7VT0
+iPE8ipSUmQbQcZzI7BhT86E=
+-----END X509 CRL-----

certs/crl/client-int.pem

@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
+U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBDbGll
+bnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy
+MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFDPYRWbXaIcY
+flQNcCeRxybXhWXAMAsGA1UdFAQEAgIgAjANBgkqhkiG9w0BAQsFAAOCAQEAefil
+VL8oAVmbbtUyF7v7cwZ+3Olt6VuCcevIPYMc8yP7huO21UpkjwrVhr0tru6SA5xO
+2I1lUwcyuH49c2H/RVEmS7q75TErYyXl/D209+LidOqPAnVibNWBsNaqQUn11dEM
+T+VBC6aiUuLxnslpzWUkmromjh0BI2f1AbYEtRDHlaqZakxiZ4FdXPpnopcO44+T
+ZLS2Kj52L6ykB1j70I2HOpZ7C07+MTBLvCV8J0Au1+GNBN1TZSO0dOX8AXLSpS+6
+q3vxJ1nsNYk/P7KdJO8eGYth9pXffKYPzMz0urrnavNd9nO9bR4u89SLepzuedBK
+vX+Acp5M8IcAnw4sEA==
+-----END X509 CRL-----

certs/crl/include.am

@@ -14,3 +14,12 @@ EXTRA_DIST += \
 
 EXTRA_DIST += \
 	     certs/crl/crl.revoked
+
+# Intermediate cert CRL's
+EXTRA_DIST += \
+		 certs/crl/ca-int.pem \
+		 certs/crl/client-int.pem \
+	     certs/crl/server-int.pem \
+	     certs/crl/ca-int-ecc.pem \
+		 certs/crl/client-int-ecc.pem \
+	     certs/crl/server-int-ecc.pem

certs/crl/server-int-ecc.pem

@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBTZXJ2ZXIg
+Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy
+MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBRdXSbvrH42
++Zt2FStKJQIj77KJMDALBgNVHRQEBAICIAQwCgYIKoZIzj0EAwIDSAAwRQIgTKmg
+a595JJuQ5U4Alhi7p8424/02UoN4WLg9tZiGtfICIQDKtdI2JZuVpTmCtRRo8gZH
+H/s5EUrqsIpXoNMdsGO1+w==
+-----END X509 CRL-----

certs/crl/server-int.pem

@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
+U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBTZXJ2
+ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy
+MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFLMRMsmSmITi
+yfjQO24DQsofDo48MAsGA1UdFAQEAgIgATANBgkqhkiG9w0BAQsFAAOCAQEAEhz6
+qLMqvX2s8/nsg2BjT+07Di3f3kkCZqxWtdvoSHg44lQof2F6UuTeKzlBWfTmFLE9
+qZJ8dj6xSMPEnZnRB1z9HvHRKZGDotuSNWCt4BElXP6ZZpQcIFaYUsWUZJ0Zb7LW
+/06fuepQTeHrxvwNPD6SF5+dVX7doQ2l2ytkQvGHznrWsQNdB2H9K2tAZTIbkiQA
+KcRP1pm1Dt2pZWPbwHws/AcXM4nCIJRUTlo1drHBClDbJB1n/AU8LjX1shX4AUds
++HthMwVmDUjofoXuqzRVyCtfdMH5tgwY//opif+FRXwXjZajx9K+vu68Qa8hI5+9
+sXu6NDs92L2KLfGNmg==
+-----END X509 CRL-----

certs/include.am

@@ -41,6 +41,7 @@ EXTRA_DIST += \
 	     certs/server-revoked-key.pem \
 	     certs/wolfssl-website-ca.pem \
 	     certs/test-degenerate.p7b \
+	     certs/test-ber-exp02-05-2022.p7b \
 	     certs/test-servercert.p12 \
 	     certs/ecc-rsa-server.p12 \
 	     certs/dsaparams.pem \
@@ -100,3 +101,4 @@ include certs/external/include.am
 include certs/ocsp/include.am
 include certs/test/include.am
 include certs/test-pathlen/include.am
+include certs/intermediate/include.am

certs/intermediate/ca-int-cert.pem

@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4096 (0x1000)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Dec 21 17:54:00 2018 GMT
+            Not After : Dec 16 17:54:00 2038 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c3:a2:73:5d:21:62:20:ce:3a:71:38:a7:94:bb:
+                    db:87:04:1c:5a:1b:9e:4b:0d:3e:ca:f8:a5:f7:0d:
+                    6a:dc:23:90:22:6a:2b:58:63:4a:28:6a:48:a8:e7:
+                    73:1f:a2:55:d8:4d:02:3b:e2:cb:6b:e2:83:c9:51:
+                    8f:77:fd:dc:2d:5d:23:b7:23:9a:7e:b6:29:68:e8:
+                    2a:4e:a9:fe:32:70:31:9e:f0:ef:ee:f8:8d:e3:fc:
+                    f3:d7:28:dd:7a:1d:9e:ad:23:2b:f1:a6:7f:34:52:
+                    29:66:d2:e5:64:55:64:d6:dd:4b:41:3b:55:83:6e:
+                    c0:11:0e:6e:20:c2:16:73:eb:30:ff:09:46:bb:e7:
+                    cc:c6:03:44:41:11:c6:c1:6c:36:2f:4a:f9:91:55:
+                    ca:58:5e:37:b8:28:10:30:89:40:96:77:cf:70:66:
+                    a4:55:fb:69:0b:e7:d9:b2:33:65:db:72:3a:77:b7:
+                    2b:49:fc:b6:cd:58:10:8d:ab:aa:cb:40:45:77:02:
+                    39:18:b3:8f:33:01:48:77:50:be:8e:73:a7:de:36:
+                    a0:49:8e:2c:16:af:b9:fb:42:2d:35:6a:db:34:37:
+                    d5:14:59:7d:65:72:e5:8b:65:55:4b:20:5e:47:f9:
+                    f8:3a:d3:6c:d9:3a:f5:c7:01:46:31:c3:79:9a:18:
+                    be:49
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         5e:cd:30:ce:13:06:a8:a3:25:6d:85:68:bf:88:3b:68:12:6a:
+         5e:5f:22:82:51:4a:fd:b1:ae:b2:c2:3e:a1:e4:73:97:6f:77:
+         1f:5e:0a:a6:3e:8a:20:93:4c:3f:68:64:69:a8:d7:ae:3e:a5:
+         58:e4:d0:45:e4:7a:5f:cc:68:23:3d:7b:df:8d:33:8d:ba:0b:
+         73:dd:97:41:99:1a:26:7f:17:87:c4:76:bb:3b:b5:15:24:b0:
+         82:4f:2e:0a:c3:fe:ab:75:c9:4d:59:74:1a:c7:33:e7:4f:14:
+         45:5b:f4:d3:c3:a9:9d:34:a8:e1:2a:33:ea:10:07:db:9e:33:
+         83:60:f0:dd:7c:27:0d:6b:92:ef:90:cc:35:b3:4e:e3:fa:ca:
+         87:55:31:e8:7b:8c:c2:35:19:41:6a:76:6c:6c:7a:d0:6a:d1:
+         2d:a8:a6:97:40:73:52:9c:3c:43:a7:4b:f1:b7:04:af:e0:d1:
+         32:3c:ac:df:a7:4a:15:fb:2e:56:d8:5c:4c:99:9d:3c:f0:6d:
+         a0:20:25:96:c9:24:fc:84:4c:dc:de:1d:29:e8:d4:e1:ff:ca:
+         06:2f:39:ed:24:dc:79:f9:2a:18:00:ae:d2:8b:44:eb:2a:94:
+         fb:c8:02:86:0d:7e:1f:65:c7:20:06:5e:ca:50:af:bd:71:cb:
+         06:da:12:ff
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
+YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
+jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
+glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
+jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
+4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
+l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
+4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
+-----END CERTIFICATE-----

certs/intermediate/ca-int-ecc-cert.pem

@@ -0,0 +1,52 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4099 (0x1003)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Dec 21 17:54:01 2018 GMT
+            Not After : Dec 16 17:54:01 2038 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub: 
+                    04:95:df:1c:b2:9e:20:a9:1d:a2:5b:ab:5c:9b:a8:
+                    66:06:29:e6:b2:d8:e3:14:a6:c3:c1:b4:ad:4d:44:
+                    18:20:1e:5d:67:fd:15:1d:6d:25:e1:17:b1:71:ca:
+                    85:03:f0:d2:af:41:66:46:36:6d:ea:41:cb:4f:c8:
+                    4a:d0:a0:61:8c
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E
+            X509v3 Authority Key Identifier: 
+                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ecdsa-with-SHA256
+         30:44:02:20:20:8d:bd:bc:08:8a:52:20:ab:bc:f0:94:0c:3c:
+         38:9c:9e:c0:18:53:94:94:7f:57:3d:15:8e:75:5f:8c:82:79:
+         02:20:40:3e:0f:27:9a:e8:ba:9b:f4:99:cf:71:36:68:d1:ed:
+         31:54:37:e8:2e:37:d0:9e:49:a9:27:79:c1:03:34:50
+-----BEGIN CERTIFICATE-----
+MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
+jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
+-----END CERTIFICATE-----

certs/intermediate/ca-int-ecc-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIDOGXhoaF5CDp/zS7ulq2RPH/WnHFq2fZ0T+vCWd0+LXoAoGCCqGSM49
+AwEHoUQDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbDwbStTUQYIB5dZ/0VHW0l
+4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjA==
+-----END EC PRIVATE KEY-----

certs/intermediate/ca-int-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAw6JzXSFiIM46cTinlLvbhwQcWhueSw0+yvil9w1q3COQImor
+WGNKKGpIqOdzH6JV2E0CO+LLa+KDyVGPd/3cLV0jtyOafrYpaOgqTqn+MnAxnvDv
+7viN4/zz1yjdeh2erSMr8aZ/NFIpZtLlZFVk1t1LQTtVg27AEQ5uIMIWc+sw/wlG
+u+fMxgNEQRHGwWw2L0r5kVXKWF43uCgQMIlAlnfPcGakVftpC+fZsjNl23I6d7cr
+Sfy2zVgQjauqy0BFdwI5GLOPMwFId1C+jnOn3jagSY4sFq+5+0ItNWrbNDfVFFl9
+ZXLli2VVSyBeR/n4OtNs2Tr1xwFGMcN5mhi+SQIDAQABAoIBAQCwoB1pyrcOiULI
+b+8U4Jpthq+WRvMeLYIwvFcS+uEsiUsbVyF1NoeAf5zEKdqNiAHbPIO0z6j66VI0
+U1elbOP5bOrO8O0OU6aFWX7A8MdYgGS8bCkjZvKsEPeRnQqAsvdMt8F39etIsJlC
+hUunz1UwjDDiXxBwjnAHtjCFkNW2pt6LscUgqSPr/dYIM6H5ZdSINvUYd9v6xvYz
+KQhOZSyikO2sqs/d+tTl1/Onca3HWxynhT4HCe47RQnxaCk+6qa25nrXCIHS+cNh
+Ro79iBqkSsG43nYtZ14ZRsPh4jeie0myP1CzYL94fTNuc9wRXJ/dOIjZu3uCHDxt
+opSopKSBAoGBAPH4m7hf4DbFtBQCXq3sQw2FqQB4WeEiOSGoZLhivAcarc6gUNZ0
+7/eVUJJJ+pW3UlDtZ5aF1yewBXTNackI/pNvHQziSf/hzRzDdsk4ei3cMnctshMk
+XM6oHxw1MyR9g3YhYcAvzmDlevwYj/k2ABhnUva2yM3gD77ao0hjwIyZAoGBAM76
+Gr3ZwT3hh/CzO8GDZuzwLPahLTcBUmCEb+yfr9ELjPH++p4xOw7QZybxaHKlzla0
+wDZ+L5mSL+HciRYIR1JUH+K6PxGqp0ufu6dclLAcNBCEotAtoWSLW3Z7h4LX7/x4
+IafDkxHWMWQxYJaLN5REbJArurY0lu1z5uBqpJ0xAoGBALI2NBpbIru0aKjEBg96
+jvgKlSoveaMCnalYaLYUof9petFP6bnJbmOeqTTVH6Xc2teXwk9uS8SDM8GO+HaE
+FVto3rB6iZ3YJEUnAPm6iuHz54c3NIw8n83krOUNmZkqiAQdGe1+SDW9ThMV1BPr
+3a4bi1MB1GsstuwOA2xxa4MhAoGBAIoPNDU9AfRH8shwlcRv5QDY9/UO770ICa3N
+yWaZ4cncHYjyHrPUfONVyeilEJmg1bDqYmg25YNXis7qrxpeLUzSRm6S8yzSm0ML
+aj2puJh8R5JZFs0sEsKhXkH7BhoV9cN/Ulu4TeqQ6GM/uIDSniEtPwkv0hxlmeML
+843wNJuRAoGBAKloBRB17AOMxVrB51GLWmVDOvbb398bL5WDHnM+j5QjEdL25rVx
+9jDsw9ysikfkjTvs9UfQ6XUIjwurR40hhWoB5KGKvXU3rO/8ds3Gu1EbGmk0h9dS
+seC5knwR/3QrRKHerNP5hzDIeRYaPOnko4Zhoo+28UFAHZcItQGF3lF/
+-----END RSA PRIVATE KEY-----

certs/intermediate/client-chain-alt-ecc.pem

@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
+bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
+VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
+ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
+c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31
+cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/
+tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
+69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI
+Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
+BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0
+wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
+jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----

certs/intermediate/client-chain-alt.pem

@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
+TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
+BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
+U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
+Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
+nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
+wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
+2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
+utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
+HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
+3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
+XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
+TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
+b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
+EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
+uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
+YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
+jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
+glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
+jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
+4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
+l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
+4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----

certs/intermediate/client-chain-ecc.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
+bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
+VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
+ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
+c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31
+cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/
+tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
+69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI
+Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
+BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0
+wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
+jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
+-----END CERTIFICATE-----

certs/intermediate/client-chain.pem

@@ -0,0 +1,49 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
+TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
+BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
+U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
+Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
+nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
+wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
+2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
+utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
+HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
+3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
+XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
+TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
+b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
+EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
+uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
+YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
+jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
+glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
+jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
+4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
+l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
+4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
+-----END CERTIFICATE-----

certs/intermediate/client-int-cert.pem

@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4098 (0x1002)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Dec 21 17:54:00 2018 GMT
+            Not After : Dec 18 17:54:00 2028 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
+                    2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
+                    32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
+                    68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
+                    ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
+                    65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
+                    b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
+                    13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
+                    0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
+                    bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
+                    c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
+                    ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
+                    cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
+                    3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
+                    54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
+                    d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
+                    2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
+                    ba:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Client, S/MIME
+            X509v3 Subject Key Identifier: 
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+            X509v3 Authority Key Identifier: 
+                keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
+
+            X509v3 Key Usage: critical
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, E-mail Protection
+    Signature Algorithm: sha256WithRSAEncryption
+         88:81:21:78:ac:04:8a:79:7e:cd:a5:ba:3b:fe:52:61:e8:9c:
+         5d:28:91:ca:68:72:31:99:d5:15:78:99:d1:03:ff:b6:13:59:
+         23:48:9e:92:94:cc:91:01:93:dc:19:36:68:d7:48:53:ab:99:
+         d8:23:fc:28:98:43:f3:eb:9f:e2:2f:c4:4c:b3:1c:48:35:92:
+         6d:53:46:5d:c1:20:21:07:71:25:a1:37:89:1a:9b:ec:f5:e3:
+         d1:15:a0:fe:10:2e:cd:67:d5:3d:6e:d6:b9:f5:38:8d:3a:12:
+         c9:2e:f9:e1:a9:c8:6f:d6:04:05:66:df:3c:3a:69:d7:aa:6b:
+         5e:71:0d:e3:53:38:3d:87:4a:1e:c7:88:78:1c:87:5a:21:bd:
+         0f:86:f4:7c:86:bd:51:7d:9c:cb:f2:b2:a6:41:7a:f8:bb:08:
+         11:67:6a:31:9f:48:f6:d1:07:a2:36:87:83:73:68:3b:c9:11:
+         5e:ab:a3:d0:61:9a:df:8d:52:b9:8a:79:d2:f3:5d:b0:3d:15:
+         69:ee:a3:b5:c2:be:b4:3f:11:b0:06:d3:b8:b4:32:45:95:ff:
+         76:48:eb:63:0b:1d:79:0f:55:95:d6:7c:86:d4:61:20:f9:0f:
+         a2:82:a4:1f:b1:10:53:d8:e8:c8:27:b3:bd:98:7b:0a:c4:5b:
+         82:d0:6c:cf
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
+TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
+BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
+U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
+Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
+nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
+wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
+2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
+utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
+HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
+3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
+XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
+TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
+b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
+EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
+uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
+-----END CERTIFICATE-----