Fix for async wolfCrypt test with AES GCM.

Merge pull request #2128 from SparkiDev/pkcs11_ecc_server_fix
PKCS #11 id RSA - TLS don't convert length a la ecc
2019-03-01 09:56:38 -08:00 · 2019-02-28 19:05:33 -08:00 · 2019-02-28 18:14:00 -08:00 · 2019-03-01 10:23:45 +10:00 · 2019-03-01 08:43:20 +10:00 · 2019-02-28 09:50:59 -08:00
250 changed files with 109993 additions and 43095 deletions
--- a/IDE/ARDUINO/README.md
+++ b/IDE/ARDUINO/README.md
@@ -16,11 +16,13 @@ wolfssl/IDE/ARDUINO directory:
 Step 2: Edit `<wolfssl-root>/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO`
 If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`.

-#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
+##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)

 1. In the Arduino IDE:
    - In `Sketch -> Include Library -> Add .ZIP Library...` and choose the
        `IDE/ARDUNIO/wolfSSL` folder.
    - In `Sketch -> Include Library` choose wolfSSL.

-An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino`
+2. Open an example Arduino sketch for wolfSSL:
+	- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
+	- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`
--- a/IDE/ARDUINO/include.am
+++ b/IDE/ARDUINO/include.am
@@ -4,5 +4,5 @@

 EXTRA_DIST+= IDE/ARDUINO/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh
-
--- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
@@ -25,7 +25,7 @@
 #include <Ethernet.h>

 const char host[] = "192.168.1.148"; // server to connect to
-int port = 11111; // port on server to connect to
+const int port = 11111; // port on server to connect to

 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
@@ -33,11 +33,12 @@ int reconnect = 10;

 EthernetClient client;

-WOLFSSL_CTX* ctx = 0;
-WOLFSSL* ssl = 0;
-WOLFSSL_METHOD* method = 0;
+WOLFSSL_CTX* ctx = NULL;
+WOLFSSL* ssl = NULL;

 void setup() {
+  WOLFSSL_METHOD* method;
+
  Serial.begin(9600);

  method = wolfTLSv1_2_client_method();
@@ -79,65 +80,76 @@ int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
 void loop() {
  int err            = 0;
  int input          = 0;
-  int sent           = 0;
  int total_input    = 0;
  char msg[32]       = "hello wolfssl!";
  int msgSz          = (int)strlen(msg);
  char errBuf[80];
  char reply[80];
-  WOLFSSL_CIPHER* cipher;
+  const char* cipherName;
    
  if (reconnect) {
    reconnect--;
+    
    if (client.connect(host, port)) {

      Serial.print("Connected to ");
      Serial.println(host);
+
      ssl = wolfSSL_new(ctx);
      if (ssl == NULL) {
+        Serial.println("Unable to allocate SSL object");
+        return;
+      }
+
+      err = wolfSSL_connect(ssl);
+      if (err != WOLFSSL_SUCCESS) {
        err = wolfSSL_get_error(ssl, 0);
        wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("Unable to get SSL object. Error = ");
+        Serial.print("TLS Connect Error: ");
        Serial.println(errBuf);
      }
-      
+
      Serial.print("SSL version is ");
      Serial.println(wolfSSL_get_version(ssl));
      
-
-      
-      if ((wolfSSL_write(ssl, msg, strlen(msg))) == msgSz) {
-      cipher = wolfSSL_get_current_cipher(ssl);
+      cipherName = wolfSSL_get_cipher(ssl);
      Serial.print("SSL cipher suite is ");
-      Serial.println(wolfSSL_CIPHER_get_name(cipher));                
+      Serial.println(cipherName);
+
+      if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
+        
        Serial.print("Server response: ");
        while (client.available() || wolfSSL_pending(ssl)) {
          input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
          total_input += input;
-          if ( input > 0 ) {
-            reply[input] = '\0';
-            Serial.print(reply);
-          } else if (input < 0) {
+          if (input < 0) {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
-            Serial.print("wolfSSL_read failed. Error: ");
+            Serial.print("TLS Read Error: ");
            Serial.println(errBuf);
+            break;
+          } else if (input > 0) {
+            reply[input] = '\0';
+            Serial.print(reply);
          } else {
            Serial.println();
          }
        } 
      } else {
-        Serial.println("SSL_write failed");
+        err = wolfSSL_get_error(ssl, 0);
+        wolfSSL_ERR_error_string(err, errBuf);
+        Serial.print("TLS Write Error: ");
+        Serial.println(errBuf);
      }
      
-      if (ssl != NULL) 
-        wolfSSL_free(ssl);
+      wolfSSL_shutdown(ssl);
+      wolfSSL_free(ssl);

      client.stop();
      Serial.println("Connection complete.");
      reconnect = 0;
    } else {
-      Serial.println("Trying to reconnect...");       
+      Serial.println("Trying to reconnect...");
    }
  }
  delay(1000);
--- a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
@@ -0,0 +1,176 @@
+/* wolfssl_server.ino
+ *
+ * Copyright (C) 2006-2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl.h>
+#include <wolfssl/ssl.h>
+#include <Ethernet.h>
+
+#define USE_CERT_BUFFERS_256
+#include <wolfssl/certs_test.h>
+
+#ifdef NO_WOLFSSL_SERVER
+  #error Please undefine NO_WOLFSSL_SERVER for this example
+#endif
+
+const int port = 11111; // port to listen on
+
+int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+
+EthernetServer server(port);
+EthernetClient client;
+
+WOLFSSL_CTX* ctx = NULL;
+WOLFSSL* ssl = NULL;
+
+void setup() {
+  int err;
+  WOLFSSL_METHOD* method;
+
+  Serial.begin(9600);
+
+  method = wolfTLSv1_2_server_method();
+  if (method == NULL) {
+    Serial.println("unable to get method");
+    return;
+  }
+  ctx = wolfSSL_CTX_new(method);
+  if (ctx == NULL) {
+    Serial.println("unable to get ctx");
+    return;
+  }
+
+  // initialize wolfSSL using callback functions
+  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+  wolfSSL_SetIOSend(ctx, EthernetSend);
+  wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+  // setup the private key and certificate
+  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, 
+    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+  if (err != WOLFSSL_SUCCESS) {
+    Serial.println("error setting key");
+    return;
+  }
+  err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256, 
+    sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+  if (err != WOLFSSL_SUCCESS) {
+    Serial.println("error setting certificate");
+    return;
+  }
+
+  // Start the server
+  server.begin();
+  
+  return;
+}
+
+int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
+  int sent = 0;
+
+  sent = client.write((byte*)msg, sz);
+
+  return sent;
+}
+
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
+  int ret = 0;
+
+  while (client.available() > 0 && ret < sz) {
+    reply[ret++] = client.read();
+  }
+
+  return ret;
+}
+
+void loop() {
+  int err = 0;
+  int input = 0;
+  char errBuf[80];
+  char reply[80];
+  int replySz = 0;
+  const char* cipherName;
+
+  // Listen for incoming client requests.
+  client = server.available();
+  if (!client) {
+    return;
+  }
+
+  if (client.connected()) {
+
+    Serial.println("Client connected");
+
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+      Serial.println("Unable to allocate SSL object");
+      return;
+    }
+
+    err = wolfSSL_accept(ssl);
+    if (err != WOLFSSL_SUCCESS) {
+      err = wolfSSL_get_error(ssl, 0);
+      wolfSSL_ERR_error_string(err, errBuf);
+      Serial.print("TLS Accept Error: ");
+      Serial.println(errBuf);
+    }
+
+    Serial.print("SSL version is ");
+    Serial.println(wolfSSL_get_version(ssl));
+    
+    cipherName = wolfSSL_get_cipher(ssl);
+    Serial.print("SSL cipher suite is ");
+    Serial.println(cipherName);
+
+    Serial.print("Server Read: ");
+    while (client.available() || wolfSSL_pending(ssl)) {
+      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+      if (input < 0) {
+        err = wolfSSL_get_error(ssl, 0);
+        wolfSSL_ERR_error_string(err, errBuf);
+        Serial.print("TLS Read Error: ");
+        Serial.println(errBuf);
+        break;
+      } else if (input > 0) {
+        replySz = input;
+        reply[input] = '\0';
+        Serial.print(reply);
+      } else {
+        Serial.println();
+      }
+    }
+
+    // echo data
+    if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
+      err = wolfSSL_get_error(ssl, 0);
+      wolfSSL_ERR_error_string(err, errBuf);
+      Serial.print("TLS Write Error: ");
+      Serial.println(errBuf);
+    }
+    
+    wolfSSL_shutdown(ssl);
+    wolfSSL_free(ssl);
+  }
+
+  client.stop();
+  Serial.println("Connection complete");
+}
--- a/IDE/ECLIPSE/DEOS/README.md
+++ b/IDE/ECLIPSE/DEOS/README.md
@@ -0,0 +1,225 @@
+
+
+# Deos Port
+## Overview
+You can enable the wolfSSL support for Deos RTOS available [here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using the `#define WOLFSSL_DEOS`.
+Deos is a time & space partitioned, multi-core enabled, DO-178C DAL A certifiable RTOS.
+## Usage
+
+You can start with your OpenArbor IDE-based example project for Deos with the network stack (lwip) to integrate wolfSSL source code.
+
+wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/DEOS/user_settings.h` file.
+
+The `tls_wolfssl.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. You can undefine any of these macro options to run a test.
+```
+       1. #undef NO_CRYPT_TEST
+       2. #undef NO_CRYPT_BENCHMARK
+       3. #undef NO_WOLFSSL_CLIENT
+       4. #undef NO_WOLFSSL_SERVER
+```
+Do one of the following steps for building and running wolfSSL with the Deos kernel examples, which are included in the DDS release:
+If you want to create a project from scratch, skip the Importing the project section and follow the steps in the other sections.
+
+If you want to use an pre-configured example project, go to the Importing the project section, skip the other sections and follow the Building and Running section.
+
+#### Importing the project
+In this section you will import a pre-configured example project.
+1. Launch the OpenArbor IDE as an administrator
+2. In the Workspace Launcher dialog, in the Workspace field, enter your
+workspace
+3. Right-click in the Project Explorer view and select Import
+4. In the Import dialog, select General > Existing Projects into Workspace, then click Next.
+5. In the Import Projects dialog, select Select archive file, then browse to `IDE/ECLIPSE/DEOS/` and double-click `deosWolfssl.zip` file
+6. In the Import Projects dialog, click Finish
+
+
+#### Setting up a Deos project with wolfSSL
+ 1. Download the wolfSSL source code or a zip file from GitHub. You can remove all of the files except for these folders and its contents. The top folder for this example is wolfsslPort.
+```
+wolfsslPort
+      |-- IDE
+          | -- ECLIPSE
+               | -- DEOS
+      |-- src
+      |-- wolfcrypt
+          | -- benchmark
+          | -- src
+          | -- test
+      |-- wolfssl
+          |-- openssl
+          |-- wolfcrypt
+              |-- port
+```
+ 2. Remove these two platform specific assembly source files:
+    -   wolfsslPort/wolfcrypt/src/aes_asm.asm
+    -   wolfsslPort/wolfcrypt/src/aes_asm.S
+
+ 3. Launch the OpenArbor IDE as an administrator
+ 4. Create a DDC-I Deos example project. In the main menu, go to File >DDC-I Deos example project > socket > udp-vs-tcp
+ 5. Import the `wolfSSLPort` source code into your project.
+    -   Right-click the ` udp-vs-tcp` project and choose File -> Import.
+    -   Expand the General folder and select File System, then click Next. You should now see the Import File system dialog.
+    -   Browse to the location containing the wolfSSL code and choose OK. Select the `wolfsslPort` folder and check the `Create top-level folder` button, then select Finish. You should see the folder hierarchy the same as wolfSSL folder structures.
+6. Review the configuration in $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h
+
+7.  Review the custom malloc/realloc/free configuration $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/deos_malloc.c . Memory allocated with malloc() is never freed.
+
+#### Configuring the Deos Project
+ 1. Customize your config/udp-vs-tcp.pd.xml with the following changes:
+```
+<processTemplate
+     mutexQuota = "5"
+   >
+
+   <logicalMemoryPools>
+           pagesNeeded = "500"
+      ></pool>
+   </logicalMemoryPools>
+
+   <threadTemplate
+      stackSizeInPages = "20"
+    ></threadTemplate>
+
+   <mutexTemplates>
+      <mutexTemplate
+           name = "protectWolfSSLTemp"
+           lockTimeInUsec = "40"
+           priority = "fastest"
+      ></mutexTemplate>
+   </mutexTemplates>
+
+</processTemplate>
+```
+Depending on your configuration, wolfSSL uses upto four mutexes. You also need to configure enough memory for the stack of each threads and the process logical memory pool.
+
+
+ 2. Right click on the `udp-vs-tcp` project, select properties and add the following macros in the DDC-I Options > C Compile > Preprocessor
+      -   DEOS_ALLOW_OBSOLETE_DEFINITIONS
+      -   WOLFSSL_USER_SETTINGS
+ 3.  Add the following directory paths in the DDC-I Options > C Compile > Directories and in the DDC-I Options > C++ Compile > Directories
+      -   $(PROJECT_DIR)/wolfsslPort
+      -   $(PROJECT_DIR)/wolfsslPort/wolfssl
+      -   $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS
+      -   $(PROJECT_DIR.printx)/code
+ 4.  Change the optimization level in the DDC-I Options > C Compile > Code Generation > Optimization level:g
+      -   g
+ 5.  Add the following library dependencies in the DDC-I Options > Deos > Dependencies
+      -   math
+      -   dart
+      -   ansi
+      -   printx
+          - You must add printx into your workspace, File >DDC-I Deos example project > training > printx
+ 6.  Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to customize your configuration. For example, you can undef or define these tests.
+      -   #undef NO_CRYPT_TEST
+      -   #undef NO_CRYPT_BENCHMARK
+      -   #undef NO_WOLFSSL_CLIENT
+      -   #undef NO_WOLFSSL_SERVER
+ 7.  Edit your application source file where main() thread is defined and add the following:
+      -   #include "printx.h"
+      -   #include "tls_wolfssl.h"
+      -   and a call to `wolfsslRunTests()`
+Here's an example:
+```
+#include <deos.h>
+#include <printx.h>
+#include <tls_wolfssl.h>
+#include <user_settings.h>
+
+int main(void)
+{
+  initPrintx("");
+  printf("TLS wolfssl example!\n");
+
+  (void) waitUntilNextPeriod();
+   wolfsslRunTests();
+
+  deleteThread(currentThreadHandle());
+}
+
+```
+ 8.  Review $(PROJECT_DIR)/udp-vs-tcp/mailbox-transport.config configuration.
+```
+transportConfigurationId
+2                              # Client thread quota - for client and server TCP
+2                              # Client connection quota - one for client and one for server
+0                              # Server startup quota
+0                              # Server connection quota
+transportMemoryObject          # Name of memory object used for managing connections
+/
+
+connectionId1                  # TCP client connection
+Network                        # Server process name
+defaultMailbox                 # Server connection request mailbox name
+0                              # Server connection mailbox queue size (unused by Network process)
+userServiceThread              # Server thread template name
+*                              # Error timeout
+1                              # Client connection mailbox queue size
+/
+
+connectionId2                  # TCP connection
+Network                        # Server process name
+defaultMailbox                 # Server connection request mailbox name
+0                              # Server connection mailbox queue size (unused by Network process)
+userServiceThread              # Server thread template name
+*                              # Error timeout
+1                              # Client connection mailbox queue size
+/
+```
+
+   #### Building and Running
+ 1.  Build your project, then load and run your image on a target platform. Review the test results on the console output.
+
+
+### `wolfcrypt_test()`
+wolfcrypt_test() prints a message on the target console similar to the following output:
+```
+error    test passed!
+base64   test passed!
+asn      test passed!
+...
+```
+This example doesn't show the whole output.
+
+### `benchmark_test()`
+benchmark_test() prints a message on the target console similar to the following output.
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 3.15.5
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG               225 KB tooks 1.026 seconds,  219.313 KB/s
+AES-128-CBC-enc    250 KB toks 1.105 seconds  226.210 KB/s
+AES-128-CBC-dec    225 KB tooks 1.005 seconds,  223.922 KB/s
+...
+```
+This example doesn't show the whole output.
+
+### `wolfssl_client_test()`
+
+You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros in the `tls_wolfssl.c` file to configure the host address and port. You will also need to define the server certificate. The example client uses the GET request to get a web resource from the server at https://google.com.
+
+### `wolfssl_server_test()`
+
+You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to configure the port number to listen on a local-host.
+Once you start the TLS server and `Listening for client connection` displays on the serial console, the server is ready to accept client connections.
+
+You can connect to the server using the wolfssl TLS client example from your Linux or Windows host as follows:
+```
+$ ./examples/client/client.exe -h TLS_SERVER_IP_ADDRESS
+
+The client outputs messages similar to the following:
+
+SSL version is TLSv1.2
+SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+SSL curve name is SECP256R1
+I hear ya fa shizzle!
+```
+
+## References
+
+The test results were collected from the qemu-x86 reference platform target with the following software and tool chains:
+- OpenArbor, eclipse based IDE, toolVersion = "3.31.0"
+- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
+
+For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)
--- a/IDE/ECLIPSE/DEOS/deos_malloc.c
+++ b/IDE/ECLIPSE/DEOS/deos_malloc.c
@@ -0,0 +1,108 @@
+/* deos_malloc.c
+ *
+ * Copyright (C) 2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+#define ROUND_UP(x, align)  (((int) (x) + (align - 1)) & ~(align - 1))
+#define SIZEOF_HEADER sizeof(size_t)  /* tracks size of allocated block */
+
+#define HEAP_SIZE_MAX   (1*1024*1024)
+
+static size_t allocatedMemory = 0;
+
+size_t getMemAllocatedSize_deos(size_t* size){
+
+    if (size)
+        *size = allocatedMemory;
+
+    return allocatedMemory;
+}
+
+/* Simply returns without freeing any memory. */
+
+void free_deos(void *ptr) {
+    //printf("fake free_deos()\n");
+    return;
+}
+
+void *realloc_deos(void *ptr, size_t size) {
+    void *newptr;
+
+    if (size == 0)
+        return ptr;
+    newptr = malloc_deos(size);
+
+    if (ptr != NULL && newptr != NULL) {
+
+        if ( *((char *)ptr - SIZEOF_HEADER) < *((char *)newptr - SIZEOF_HEADER))
+            size = *((char *)ptr - SIZEOF_HEADER);
+
+        XMEMCPY((char *) newptr, (const char *) ptr, size);
+        free_deos(ptr);
+    }
+
+    return newptr;
+}
+
+void *malloc_deos(size_t size) {
+    PDEOS_SYSTEM_INFO systemInfoPtr;
+    static VirtualAddressTYP heapAddr = NULL;
+    static VirtualAddressTYP freeAddr = NULL;
+    VirtualAddressTYP retAddr = NULL;
+    DWORD allocationSize = 0;
+    static int initialized = 0;
+
+    if (size <= 0)
+        return NULL;
+
+    if (!initialized) {
+        systemInfoPtr = (PDEOS_SYSTEM_INFO)getSystemInfoDEOS();
+        freeAddr = (VirtualAddressTYP)getNextLibraryStartAddress();
+        allocationSize = (((HEAP_SIZE_MAX - 1) / systemInfoPtr->dwPageSize) + 1) *
+                         systemInfoPtr->dwPageSize;
+
+        if (virtualAllocDEOS(freeAddr, allocationSize) != allocSuccess){
+            printf("ERROR: virtualAllocDEOS failed\n");
+            return NULL;
+        }
+
+        setNextLibraryStartAddress(freeAddr + allocationSize);
+        heapAddr = freeAddr;
+
+        initialized = 1;
+    }
+
+    size = ROUND_UP(size, sizeof(size_t));
+
+    if ((size + SIZEOF_HEADER) > (HEAP_SIZE_MAX - (freeAddr - heapAddr))){
+        printf("ERROR: malloc_deos cannot allocate from heap memory anymore\n");
+        return NULL;
+    }
+
+    *freeAddr = size;
+    freeAddr += SIZEOF_HEADER;
+    retAddr = freeAddr;
+    XMEMSET(retAddr, 0, size);
+    freeAddr += size;
+    allocatedMemory += size;
+
+    return retAddr;
+}
--- a/IDE/ECLIPSE/DEOS/include.am
+++ b/IDE/ECLIPSE/DEOS/include.am
@@ -0,0 +1,10 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/ECLIPSE/DEOS/README.md \
+    IDE/ECLIPSE/DEOS/user_settings.h \
+    IDE/ECLIPSE/DEOS/tls_wolfssl.h \
+    IDE/ECLIPSE/DEOS/tls_wolfssl.c \
+    IDE/ECLIPSE/DEOS/deos_malloc.c
--- a/IDE/ECLIPSE/DEOS/tls_wolfssl.c
+++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.c
@@ -0,0 +1,599 @@
+/* tls_wolfssl.c
+ *
+ * Copyright (C) 2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfcrypt/test/test.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+#include <wolfssl/wolfcrypt/logging.h> /* to use WOLFSSL_MSG */
+#include <tls_wolfssl.h>
+
+
+int setupTransport(clientConnectionHandleType* connectionHandle,
+                   char* connectionId) {
+    int ret, error;
+    void * sendBuffer;
+    DWORD bufferSizeInBytes;
+
+    if ((ret = socketTransportInitialize("mailbox-transport.config",
+                                         "transportConfigurationId",
+                                         (DWORD)waitIndefinitely,&error)) != transportSuccess)
+        printf("Initialize 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportClientInitialize((DWORD)waitIndefinitely,
+                                                    &error)) != transportSuccess)
+        printf("ClientInitialize 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportCreateConnection(connectionId,
+                                                    (DWORD)waitIndefinitely,
+                                                    COMPATIBILITY_ID_2,
+                                                    connectionHandle,
+                                                    &sendBuffer,
+                                                    &bufferSizeInBytes,
+                                                    &error)) != transportSuccess)
+        printf("CreateConnection 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportSetConnectionForThread(currentThreadHandle(),
+                                                          *connectionHandle,
+                                                          (DWORD)waitIndefinitely,
+                                                          &error)) != transportSuccess)
+        printf("SetConnectionForThread 0x%x, error=%d\n", ret, error);
+
+    return ret;
+}
+
+#if !defined(NO_WOLFSSL_CLIENT )
+
+/* 172.217.3.174 is the IP address of https://www.google.com */
+#define TCP_SERVER_IP_ADDR "172.217.3.174"
+#define TCP_SERVER_DOMAIN_NAME "www.google.com"
+#define TCP_SERVER_PORT 443
+
+#define TX_BUF_SIZE 64
+#define RX_BUF_SIZE 1024
+
+#define TX_MSG "GET /index.html HTTP/1.0\n\n"
+#define TX_MSG_SIZE sizeof(TX_MSG)
+
+static const unsigned char google_certs_ca[]="\n\
+## Google Internet Authority G3 \n\
+-----BEGIN CERTIFICATE-----\n\
+MIIEXDCCA0SgAwIBAgINAeOpMBz8cgY4P5pTHTANBgkqhkiG9w0BAQsFADBMMSAw\n\
+HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\n\
+U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\n\
+MTUwMDAwNDJaMFQxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\n\
+U2VydmljZXMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzMw\n\
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUkvqHv/OJGuo2nIYaNVW\n\
+XQ5IWi01CXZaz6TIHLGp/lOJ+600/4hbn7vn6AAB3DVzdQOts7G5pH0rJnnOFUAK\n\
+71G4nzKMfHCGUksW/mona+Y2emJQ2N+aicwJKetPKRSIgAuPOB6Aahh8Hb2XO3h9\n\
+RUk2T0HNouB2VzxoMXlkyW7XUR5mw6JkLHnA52XDVoRTWkNty5oCINLvGmnRsJ1z\n\
+ouAqYGVQMc/7sy+/EYhALrVJEA8KbtyX+r8snwU5C1hUrwaW6MWOARa8qBpNQcWT\n\
+kaIeoYvy/sGIJEmjR0vFEwHdp1cSaWIr6/4g72n7OqXwfinu7ZYW97EfoOSQJeAz\n\
+AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH\n\
+AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHfCuFCa\n\
+Z3Z2sS3ChtCDoH6mfrpLMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYu\n\
+MDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdv\n\
+b2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dz\n\
+cjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYc\n\
+aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA\n\
+HLeJluRT7bvs26gyAZ8so81trUISd7O45skDUmAge1cnxhG1P2cNmSxbWsoiCt2e\n\
+ux9LSD+PAj2LIYRFHW31/6xoic1k4tbWXkDCjir37xTTNqRAMPUyFRWSdvt+nlPq\n\
+wnb8Oa2I/maSJukcxDjNSfpDh/Bd1lZNgdd/8cLdsE3+wypufJ9uXO1iQpnh9zbu\n\
+FIwsIONGl1p3A8CgxkqI/UAih3JaGOqcpcdaCIzkBaR9uYQ1X4k2Vg5APRLouzVy\n\
+7a8IVk6wuy6pm+T7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZV\n\
+c7o835DLAFshEWfC7TIe3g==\n\
+-----END CERTIFICATE-----\n\
+## Google Trust Services- GlobalSign Root CA-R2\n\
+-----BEGIN CERTIFICATE-----\n\
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\n\
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\n\
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\n\
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\n\
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n\
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\n\
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\n\
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\n\
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\n\
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\n\
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\n\
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\n\
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\n\
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n\
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\n\
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n\
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\n\
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\n\
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n\
+-----END CERTIFICATE-----\n\
+";
+
+void wolfssl_client_test(uintData_t statusPtr) {
+    int sock;
+    char rx_buf[RX_BUF_SIZE];
+    char tx_buf[TX_BUF_SIZE];
+    int ret = 0, error = 0;
+
+    sockaddr_in server_addr;
+    clientConnectionHandleType TCPclientHandle;
+
+    WOLFSSL* ssl;
+    WOLFSSL_CTX* ctx;
+
+    /* set up the mailbox transport */
+
+    if (setupTransport(&TCPclientHandle, (char*)"connectionId1") != transportSuccess){
+        printf("TCP transport set up failed \n");
+        return;
+      }
+
+    printf("Creating a network socket...\n");
+
+    sock = socket(AF_INET, SOCK_STREAM, 0);
+
+    if (sock == SOCKET_ERROR) {
+        printf("ERROR: Failed to create socket, err = %d\n", errno);
+        return;
+    }
+
+    printf("Clearing memory for server_addr struct\n");
+
+    XMEMSET((char *) &server_addr, 0u, sizeof(server_addr));
+
+    printf("Connecting to server IP address: %s, port: %d\n",
+                    TCP_SERVER_IP_ADDR, TCP_SERVER_PORT);
+
+    server_addr.sin_family = AF_INET;
+    server_addr.sin_addr = inet_addr(TCP_SERVER_IP_ADDR);
+    server_addr.sin_port = htons(TCP_SERVER_PORT);
+
+    printf("Calling connect on socket\n");
+    if (connect(sock, (sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
+        printf("ERROR: connect, err = %d\n", errno);
+        closesocket(sock);
+        return;
+    }
+
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* wolfSSL INIT and CTX SETUP */
+
+    wolfSSL_Init();
+
+    /* chooses the highest possible TLS version */
+
+    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+
+    /* SET UP NETWORK SOCKET */
+    if (ctx == 0) {
+        printf("ERROR: wolfSSL_CTX_new failed\n");
+        closesocket(sock);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_CTX_new done");
+
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+
+    ret = wolfSSL_CTX_load_verify_buffer(ctx,
+                                         google_certs_ca,
+                                         sizeof(google_certs_ca),
+                                         SSL_FILETYPE_PEM);
+
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_load_verify_buffer() failed\n");
+        closesocket(sock);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+        printf("ERROR: wolfSSL_new() failed\n");
+        closesocket(sock);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_new done");
+    ret = wolfSSL_set_fd(ssl, sock);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_set_fd() failed\n");
+        closesocket(sock);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    WOLFSSL_MSG("wolfSSL_set_fd done");
+    do {
+        error = 0; /* reset error */
+        ret = wolfSSL_connect(ssl);
+        if (ret != SSL_SUCCESS) {
+            error = wolfSSL_get_error(ssl, 0);
+            printf("ERROR: wolfSSL_connect() failed, err = %d\n", error);
+            if (error != SSL_ERROR_WANT_READ) {
+                closesocket(sock);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 1 sec*/
+        }
+    } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ));
+
+    printf("wolfSSL_connect() ok... sending GET\n");
+    XSTRNCPY(tx_buf, TX_MSG, TX_MSG_SIZE);
+    if (wolfSSL_write(ssl, tx_buf, TX_MSG_SIZE) != TX_MSG_SIZE) {
+        error = wolfSSL_get_error(ssl, 0);
+        printf("ERROR: wolfSSL_write() failed, err = %d\n", error);
+        closesocket(sock);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    do {
+        error = 0; /* reset error */
+        ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1);
+        if (ret < 0) {
+            error = wolfSSL_get_error(ssl, 0);
+            if (error != SSL_ERROR_WANT_READ) {
+                printf("wolfSSL_read failed, error = %d\n", error);
+                closesocket(sock);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 1 second*/
+        } else if (ret > 0) {
+            rx_buf[ret] = 0;
+            printf("%s\n", rx_buf);
+        }
+    } while (error == SSL_ERROR_WANT_READ);
+    wolfSSL_shutdown(ssl);
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+    wolfSSL_Cleanup();
+    closesocket(sock);
+    return;
+}
+
+#endif /* NO_WOLFSSL_CLIENT */
+
+#if !defined(NO_WOLFSSL_SERVER)
+
+#define TLS_SERVER_PORT 11111
+#define TX_BUF_SIZE 64
+#define RX_BUF_SIZE 1024
+#define TCP_SERVER_CONN_Q_SIZE 1
+
+/* derived from wolfSSL/certs/server-ecc.der */
+
+static const unsigned char server_ecc_der_256[] = { 0x30, 0x82, 0x03, 0x10,
+        0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
+        0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31,
+        0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
+        0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30,
+        0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74,
+        0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
+        0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30,
+        0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31,
+        0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
+        0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+        0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E,
+        0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, 0x37,
+        0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32,
+        0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30,
+        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
+        0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73,
+        0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06,
+        0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
+        0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07,
+        0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06,
+        0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30,
+        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
+        0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A,
+        0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB,
+        0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
+        0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB,
+        0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3,
+        0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18,
+        0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80,
+        0x34, 0x89, 0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06,
+        0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF,
+        0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
+        0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23,
+        0x04, 0x81, 0xBC, 0x30, 0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF,
+        0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
+        0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4, 0x81, 0x92, 0x30, 0x81,
+        0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+        0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
+        0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65,
+        0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31,
+        0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43,
+        0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
+        0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+        0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+        0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x82, 0x09, 0x00, 0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30,
+        0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+        0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03,
+        0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF1, 0xD0, 0xA6,
+        0x3E, 0x83, 0x33, 0x24, 0xD1, 0x7A, 0x05, 0x5F, 0x1E, 0x0E, 0xBD, 0x7D,
+        0x6B, 0x33, 0xE9, 0xF2, 0x86, 0xF3, 0xF3, 0x3D, 0xA9, 0xEF, 0x6A, 0x87,
+        0x31, 0xB3, 0xB7, 0x7E, 0x50, 0x02, 0x21, 0x00, 0xF0, 0x60, 0xDD, 0xCE,
+        0xA2, 0xDB, 0x56, 0xEC, 0xD9, 0xF4, 0xE4, 0xE3, 0x25, 0xD4, 0xB0, 0xC9,
+        0x25, 0x7D, 0xCA, 0x7A, 0x5D, 0xBA, 0xC4, 0xB2, 0xF6, 0x7D, 0x04, 0xC7,
+        0xBD, 0x62, 0xC9, 0x20 };
+
+/* derived from wolfSSL/certs/ecc-key.der */
+
+static const unsigned char ecc_key_der_256[] = { 0x30, 0x77, 0x02, 0x01, 0x01,
+        0x04, 0x20, 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38,
+        0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04,
+        0xFA, 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, 0x0A,
+        0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0xA1, 0x44,
+        0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6,
+        0x4A, 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE,
+        0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61,
+        0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92,
+        0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8,
+        0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, 0xD8 };
+
+
+void wolfssl_server_test(uintData_t statusPtr)
+{
+    int sock_listen;
+    int bindStatus;
+    int sock_req;
+    sockaddr_in socketAddr;
+    sockaddr_in server_addr;
+    int  socketAddrLen=sizeof(sockaddr);
+    char rx_buf[RX_BUF_SIZE];
+    char tx_buf[TX_BUF_SIZE];
+    unsigned  char attempt_conn;
+    clientConnectionHandleType TCPserverHandle;
+    void * sendBuffer;
+    DWORD bufferSizeInBytes;
+
+    WOLFSSL * ssl;
+    WOLFSSL_CTX * ctx;
+    int tx_buf_sz = 0, ret = 0, error = 0;
+
+    /* set up the mailbox transport */
+    /* connectionId2 is defined in the mailbox-transport.config*/
+    if (setupTransport(&TCPserverHandle, (char*)"connectionId2") != transportSuccess){
+        printf("TCP transport set up failed \n");
+        return;
+      }
+
+    /* SET UP NETWORK SOCKET */
+
+    printf("Opening network socket...\n");
+    sock_listen = socket(AF_INET, SOCK_STREAM, 0);
+    if (sock_listen == SOCKET_ERROR) {
+        printf("ERROR: socket, err = %d\n", errno);
+        return;
+    }
+
+    printf("Clearing memory for server_addr struct\n");
+    XMEMSET((char *) &server_addr, 0u, sizeof(server_addr));
+
+    printf("Setting up server_addr struct\n");
+    server_addr.sin_family = AF_INET;
+    server_addr.sin_addr = INADDR_ANY;
+    server_addr.sin_port = htons(TLS_SERVER_PORT);
+
+    bindStatus = bind(sock_listen, (sockaddr *) &server_addr, sizeof(server_addr));
+    if (bindStatus == SOCKET_ERROR) {
+       printf("ERROR: bind, err = %d\n", errno);
+       closesocket(sock_listen);
+       return;
+    }
+
+    /* wolfSSL INIT and CTX SETUP */
+
+    wolfSSL_Init();
+
+    /* chooses the highest possible TLS version */
+
+    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
+
+    if (ctx == 0) {
+        printf("ERROR: wolfSSL_CTX_new failed\n");
+        closesocket(sock_listen);
+        return;
+    }
+    WOLFSSL_MSG("wolfSSL_CTX_new done");
+
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             server_ecc_der_256,
+                                             sizeof(server_ecc_der_256),
+                                             SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_use_certificate_buffer() failed, \
+                err = %d\n", ret);
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            ecc_key_der_256,
+                                            sizeof(ecc_key_der_256),
+                                            SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_use_PrivateKey_buffer() failed\n");
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    /* accept client socket connections */
+    printf("Listening for client connection\n");
+    printf("E.g, you can use ./examples/client/client.exe -h 192.168.219.100\n");
+    printf("    \n");
+
+    listen(sock_listen, TCP_SERVER_CONN_Q_SIZE);
+
+    sock_req = accept(sock_listen,
+                     (sockaddr *) &socketAddr,
+                     &socketAddrLen);
+
+    if (sock_req == -1) {
+        printf("ERROR: accept, err = %d\n", errno);
+        closesocket(sock_listen);
+        return;
+    }
+
+    printf("Got client connection! Starting TLS negotiation\n");
+
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* set up wolfSSL session */
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+        printf("ERROR: wolfSSL_new() failed\n");
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_new done");
+    ret = wolfSSL_set_fd(ssl, sock_req);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_set_fd() failed\n");
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_set_fd done");
+    do {
+        error = 0; /* reset error */
+        if (ret != SSL_SUCCESS) {
+            error = wolfSSL_get_error(ssl, 0);
+            printf("ERROR: wolfSSL_accept() failed, err = %d\n", error);
+            if (error != SSL_ERROR_WANT_READ) {
+                closesocket(sock_req);
+                closesocket(sock_listen);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 500 milli sec*/
+        }
+    } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ));
+
+    printf("wolfSSL_accept() ok...\n");
+
+    /* read client data */
+
+    error = 0;
+    XMEMSET(rx_buf, 0u, RX_BUF_SIZE);
+    ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1);
+    if (ret < 0) {
+        error = wolfSSL_get_error(ssl, 0);
+        if (error != SSL_ERROR_WANT_READ) {
+            printf("wolfSSL_read failed, error = %d\n", error);
+            closesocket(sock_req);
+            closesocket(sock_listen);
+            wolfSSL_free(ssl);
+            wolfSSL_CTX_free(ctx);
+            return;
+        }
+    }
+
+    printf("AFTER wolfSSL_read() call, ret = %d\n", ret);
+    if (ret > 0) {
+        rx_buf[ret] = 0;
+        printf("Client sent: %s\n", rx_buf);
+    }
+    /* write response to client */
+    XMEMSET(tx_buf, 0u, TX_BUF_SIZE);
+    tx_buf_sz = 22;
+    XSTRNCPY(tx_buf, "I hear ya fa shizzle!\n", tx_buf_sz);
+    if (wolfSSL_write(ssl, tx_buf, tx_buf_sz) != tx_buf_sz) {
+        error = wolfSSL_get_error(ssl, 0);
+        printf("ERROR: wolfSSL_write() failed, err = %d\n", error);
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ret = wolfSSL_shutdown(ssl);
+    if (ret == SSL_SHUTDOWN_NOT_DONE)
+        wolfSSL_shutdown(ssl);
+
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        wolfSSL_Cleanup();
+        closesocket(sock_req);
+        closesocket(sock_listen);
+    return;
+}
+
+#endif /* NO_WOLFSSL_SERVER */
+
+int  wolfsslRunTests (void)
+{
+    thread_handle_t TCPhandle;
+    threadStatus ts;
+    int ret;
+
+    #if !defined(NO_CRYPT_TEST)
+        wolfcrypt_test(NULL);
+    #endif
+    #if !defined(NO_CRYPT_BENCHMARK)
+        benchmark_test(NULL);
+    #endif
+    #if !defined(NO_WOLFSSL_CLIENT)
+        ts = createThread("TCPclient", "TCPThreadTemplate", wolfssl_client_test,
+                          0, &TCPhandle );
+        if (ts != threadSuccess) {
+            printf("Unable to create TCP client thread, %i ", (DWORD)ts);
+        }
+    #endif
+    #if !defined(NO_WOLFSSL_SERVER)
+        ts = createThread("TCPserver", "TCPThreadTemplate", wolfssl_server_test,
+                          0, &TCPhandle );
+        if (ts != threadSuccess) {
+            printf("Unable to create TCP server thread, %i ", (DWORD)ts);
+        }
+    #endif
+
+    return 0;
+}
--- a/IDE/ECLIPSE/DEOS/tls_wolfssl.h
+++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.h
@@ -0,0 +1,37 @@
+/* tls_wolfssl.h
+ *
+ * Copyright (C) 2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef  __TLS_WOLFSSL_H__
+#define  __TLS_WOLFSSL_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int wolfsslRunTests(void);
+void wolfssl_client_test(uintData_t);
+void wolfssl_server_test(uintData_t);
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* TLS_WOLFSSL_H */
--- a/IDE/ECLIPSE/DEOS/user_settings.h
+++ b/IDE/ECLIPSE/DEOS/user_settings.h
@@ -0,0 +1,112 @@
+/* user_setting.h
+ *
+ * Copyright (C) 2018 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef DEOS_USER_SETTINGS_H_
+#define DEOS_USER_SETTINGS_H_
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#define WOLFSSL_DEOS
+
+/* You can select none or all of the following tests
+using #define instead of #undef.
+By default, all four tests run*/
+
+#undef NO_CRYPT_TEST
+#undef NO_CRYPT_BENCHMARK
+#undef NO_WOLFSSL_CLIENT
+#undef NO_WOLFSSL_SERVER
+
+/* adjust CURRENT_UNIX_TIMESTAMP to seconds since Jan 01 1970. (UTC)
+You can get the current time from https://www.unixtimestamp.com/
+*/
+#define CURRENT_UNIX_TIMESTAMP 1545864916
+
+#define NO_FILESYSTEM
+#define SIZEOF_LONG_LONG 8
+
+/* prevents from including multiple definition of main() */
+#define NO_MAIN_DRIVER
+#define NO_TESTSUITE_MAIN_DRIVER
+
+/* includes certificate test buffers via header files */
+#define USE_CERT_BUFFERS_2048
+
+/*use kB instead of mB for embedded benchmarking*/
+#define BENCH_EMBEDDED
+
+#define NO_WRITE_TEMP_FILES
+
+#define HAVE_AESGCM
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519
+#define ED25519_SMALL
+
+/* TLS 1.3 */
+#if 0
+    #define WOLFSSL_TLS13
+    #define WC_RSA_PSS
+    #define HAVE_HKDF
+    #define HAVE_FFDHE_2048
+    #define HAVE_AEAD
+#endif
+
+#if 0
+
+/* You can use your own custom random generator function with
+   no input parameters and a `CUSTOM_RAND_TYPE` return type*/
+
+    #ifndef CUSTOM_RAND_GENERATE
+         #define CUSTOM_RAND_TYPE     int
+         #define CUSTOM_RAND_GENERATE yourRandGenFunc
+    #endif
+
+#endif
+
+#if 1
+    #undef  XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+    /* prototypes for user heap override functions */
+
+    #include <stddef.h>  /* for size_t */
+
+    extern void *malloc_deos(size_t size);
+    extern void  free_deos(void *ptr);
+    extern void *realloc_deos(void *ptr, size_t size);
+
+    #define XMALLOC(n, h, t)     malloc_deos(n)
+    #define XFREE(p, h, t)       free_deos(p)
+    #define XREALLOC(p, n, h, t) realloc_deos(p, n)
+
+#endif
+
+#define printf printx
+
+#ifdef __cplusplus
+    }   /* extern "C" */
+#endif
+
+#endif
--- a/IDE/Espressif/ESP-IDF/README.md
+++ b/IDE/Espressif/ESP-IDF/README.md
@@ -1,28 +1,30 @@
 # ESP-IDF port
 ## Overview
 ESP-IDF development framework with wolfSSL by setting *WOLFSSL_ESPIDF* definition
- 
- Including the following examples:
-  simple tls_client/server
-  crypt test
-  crypt benchmark
+
+Including the following examples:
+
+* simple tls_client/server
+* crypt test
+* crypt benchmark

 The *user_settings.h* file enables some of the hardened settings.

 ## Requirements
- 1. ESP-IDF development framework
+ 1. ESP-IDF development framework  
    [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/]
+
    Note: This expects to use Linux version.
-     
+
 ## Setup
 1. Run *setup.sh* to deploy files into ESP-IDF tree
 2. Find Wolfssl files at /path/to/esp-idf/components/wolfssl/
 3. Find Example programs under /path/to/esp-idf/examples/protocols/wolfssl_xxx
- 4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
+ 4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h  
    Uncomment out #define WOLFSSL_ESPWROOM32 in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h

 ## Configuration
- 1. The *user_settings.h* for each example can be found in /path/to/examples/protocols/wolfssl_xxx/main/include/user_settings.h
+ 1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h

 ## Build examples
 1. See README in each example folder
--- a/IDE/Espressif/ESP-IDF/README_esp32.md
+++ b/IDE/Espressif/ESP-IDF/README_esp32.md
@@ -0,0 +1,42 @@
+# DEMO program with ATECC608A on ESP-WROOM-32SE
+## Overview
+ Running demo programs with ATECC608A on 32SE by setting *WOLFSSL_ESPWROOM32SE* definition
+
+Including the following examples:
+
+* simple tls_client/tls_server
+* crypt benchmark
+
+ The *user_settings.h* file enables some of the hardened settings. 
+ 
+## Requirements
+ 1. ESP-IDF development framework  
+    [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/]
+
+ 2. Microchip CryptoAuthentication Library  
+    [https://github.com/MicrochipTech/cryptoauthlib]
+    
+## Setup
+ 1. wolfSSL under ESP-IDF. Please see [README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md)
+ 2. CryptoAuthentication Library under ESP-IDF. Please see [README.md](https://github.com/miyazakh/cryptoauthlib_esp_idf/blob/master/README.md)
+ 
+ 3. Uncomment out #define WOLFSSL_ESPWROOM32SE in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
+ 
+    Note : Need to enable WOLFSSL_ESPIDF  
+    Note : crypt test will fail if enabled WOLFSSL_ESPWROOM32SE
+ 
+## Configuration
+ 1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h
+
+## Build examples
+ 1. See README in each example folder
+
+## Support
+ For question please email [support@wolfssl.com]
+
+ Note: This is tested with the following condition:
+ 
+- Model    : ESP32-WROOM-32SE  
+- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)  
+- CryptAuthLib: commit hash : c6b176e
+- OS       : Ubuntu 18.04.1 LTS (Bionic Beaver)
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
@@ -2,12 +2,14 @@

 The Example contains of wolfSSL benchmark program.

-1. "make menuconfig" to configure the program.
- 1-1. Example Configuration ->
-     BENCH_ARG : argument that you want to use. Default is "-lng 0"
-                 The list of argument can be find in help.
+1. "make menuconfig" to configure the program.  
+    1-1. Example Configuration ->
+
+    BENCH_ARG : argument that you want to use. Default is "-lng 0"  
+    The list of argument can be find in help.

 When you want to run the benchmark program
+
 1. "make flash" to compile and load the firmware
 2. "make monitor" to see the message

--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
@@ -0,0 +1,10 @@
+
+#
+# wolfssl benchmark test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "benchmark.c" "helper.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+register_component()
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c
@@ -1,6 +1,6 @@
 /* helper.c
 *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -21,13 +21,98 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/benchmark/benchmark.h>

 #include "sdkconfig.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "esp_log.h"
+#include "nvs_flash.h"

-#define WOLFSSL_BENCH_ARGV              CONFIG_BENCH_ARGV
+#define WOLFSSL_BENCH_ARGV                 CONFIG_BENCH_ARGV
+#define WOLFSSLBENCHMARK_TASK_NAME         "wolfsslbenchmark_name"
+#define WOLFSSLBENCHMARK_TASK_WORDS        10240
+#define WOLFSSLBENCHMARK_TASK_PRIORITY     8
+
+/* proto-type */
+extern void wolf_benchmark_task();
+
+static const char* const TAG = "wolfbenchmark";

 char* __argv[22];

+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you need to use a custom slot allocation, */
+/* enable the definition CUSTOM_SLOT_ALLOCAION.   */
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+
+    for(i=0;i<ATECC_MAX_SLOT; i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    ESP_LOGI(TAG, "Enter my_atmel_alloc");
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 2;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i=0;i<ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    ESP_LOGI(TAG, "Leave my_atmel_alloc\n");
+
+    return slot;
+}
+
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    ESP_LOGI(TAG, "Enter my_atmel_alloc");
+
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+
+    ESP_LOGI(TAG, "Leave my_atmel_alloc");
+
+}
+
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
+
 int construct_argv()
 {
    int cnt = 0;
@@ -78,3 +163,34 @@ int construct_argv()

    return (cnt);
 }
+
+/* entry point */
+void app_main(void)
+{
+    ESP_LOGI(TAG, "Start app_main...");
+    ESP_ERROR_CHECK(nvs_flash_init());
+
+#ifndef NO_CRYPT_BENCHMARK
+
+    /* when using atecc608a on esp32-wroom-32se */
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    ESP_LOGI(TAG, "register callback for slot allocation");
+    my_atmel_slotInit();
+    /* to register the callback, it needs to be initialized. */
+    benchmark_init();
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+
+    ESP_LOGI(TAG, "Start benchmark..");
+    wolf_benchmark_task();
+
+#else
+    ESP_LOGI(TAG, "no crypt benchmark");
+
+#endif /* NO_CRYPT_BENCHMARK */
+
+}
+
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
@@ -2,3 +2,5 @@ CONFIG_BENCH_ARGV="-lng 0"
 CONFIG_MAIN_TASK_STACK_SIZE=5000
 CONFIG_FREERTOS_HZ=1000
 CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
+170 CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ=240
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
@@ -1,19 +1,22 @@
-#wolfssl Example
+#wolfSSL Example

 The Example contains of wolfSSL tls client demo.

-1. "make menuconfig" to config the project
- 1-1. Example Configuration ->
-      WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
-      WIFI Password: WIFI password, and default is "mypassword"
-      Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
+1. "make menuconfig" to config the project  
+    1-1. Example Configuration ->
+
+          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")  
+          WIFI Password: WIFI password, and default is "mypassword"  
+          Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
    
-    Note: the example program uses 11111 port. If you want to use different port
-         , you need to modifiy DEFAULT_PORT definition in the code.
+    Note: the example program uses 11111 port. If you want to use different port  
+        , you need to modifiy DEFAULT_PORT definition in the code.

 When you want to test the wolfSSL client
-1. "make falsh monitor" to load the firmware and see the context
-2. You can use <wolfssl>/examples/server/server program for test.
-   e.g. Launch ./examples/server/server -v 4 -b -i
+
+1. "make falsh monitor" to load the firmware and see the context  
+2. You can use <wolfssl>/examples/server/server program for test.  
+
+         e.g. Launch ./examples/server/server -v 4 -b -i

 See the README.md file in the upper level 'examples' directory for more information about examples.
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
@@ -0,0 +1,10 @@
+
+#
+# wolfssl client test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "client-tls.c" "wifi_connect.c")
+set(COMPONENT_ADD_INCLUDEDIRS "." "./include")
+
+register_component()
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
@@ -1,6 +1,6 @@
 /* client-tls-callback.c
 *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
@@ -28,13 +28,11 @@
 #include "wifi_connect.h"

 /* socket includes */
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <unistd.h>
+#include "lwip/netdb.h"
+#include "lwip/sockets.h"

 /* wolfSSL */
-#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/certs_test.h>

@@ -42,25 +40,111 @@
    #include <wolfssl/wolfcrypt/mem_track.h>
 #endif

-const char *TAG = "tls_client";
+static const char* const TAG = "tls_client";

+#if defined(DEBUG_WOLFSSL)
+
+static void ShowCiphers(void)
+{
+    char ciphers[4096];
+
+    int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+
+    if (ret == WOLFSSL_SUCCESS)
+        printf("%s\n", ciphers);
+}
+
+#endif
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you want to use custome slot allocation */
+/* enable the definition CUSTOM_SLOT_ALLOCATION.*/
+
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
+                                                atmel_slot_dealloc_cb dealloc);
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+
+    for(i=0;i<ATECC_MAX_SLOT; i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 2;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i=0;i<ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    return slot;
+}
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+}
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
+
+/* client task */
 void tls_smp_client_task()
 {
    int ret;
    int sockfd;
+    int doPeerCheck;
+    int sendGet;
    struct sockaddr_in servAddr;
    char buff[256];
+    const char* ch = TLS_SMP_TARGET_HOST;
    size_t len;
+    struct hostent *hp;
+    struct ip4_addr *ip4_addr;

    /* declare wolfSSL objects */
    WOLFSSL_CTX *ctx;
    WOLFSSL *ssl;

-   WOLFSSL_ENTER("tls_smp_client_task");
+    WOLFSSL_ENTER("tls_smp_client_task");
+
+    doPeerCheck = 0;
+    sendGet = 0;

 #ifdef DEBUG_WOLFSSL
-   WOLFSSL_MSG("Debug ON");
-   wolfSSL_Debugging_ON();
+    WOLFSSL_MSG("Debug ON");
+    wolfSSL_Debugging_ON();
+    ShowCiphers();
 #endif
    /* Initialize wolfSSL */
    wolfSSL_Init();
@@ -69,17 +153,48 @@ void tls_smp_client_task()
     * Sets the socket to be stream based (TCP),
     * 0 means choose the default protocol. */
    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
-        printf("ERROR: failed to create the socket\n");
+        ESP_LOGE(TAG,"ERROR: failed to create the socket\n");
+    }
+
+    ESP_LOGI(TAG, "get target IP address");
+
+    hp = gethostbyname(TLS_SMP_TARGET_HOST);
+    if (!hp) {
+         ESP_LOGE(TAG, "Failed to get host name.");
+         ip4_addr = NULL;
+    } else {
+
+         ip4_addr = (struct ip4_addr *)hp->h_addr;
+         ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
    }
    /* Create and initialize WOLFSSL_CTX */
    if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) {
-        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL_CTX\n");
    }
    WOLFSSL_MSG("Loading...cert");
    /* Load client certificates into WOLFSSL_CTX */
    if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
        sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load %d, please check the file.\n",ret);
+        ESP_LOGE(TAG,"ERROR: failed to load %d, please check the file.\n",ret);
+    }
+    /* not peer check */
+    if( doPeerCheck == 0 ){
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
+    } else {
+        WOLFSSL_MSG("Loading... our cert");
+        /* load our certificate */
+   	    if ((ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, client_cert_der_2048,
+            sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
+            ESP_LOGE(TAG,"ERROR: failed to load chain %d, please check the file.\n",ret);
+        }
+
+        if ((ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
+            sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1))  != SSL_SUCCESS) {
+            wolfSSL_CTX_free(ctx); ctx = NULL;
+            ESP_LOGE(TAG,"ERROR: failed to load key %d, please check the file.\n", ret);
+        }
+
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, 0);
    }

    /* Initialize the server address struct with zeros */
@@ -89,62 +204,86 @@ void tls_smp_client_task()
    servAddr.sin_family = AF_INET;           /* using IPv4      */
    servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */

-    /* Get the server IPv4 address from the command line call */
-    WOLFSSL_MSG("inet_pton");
-    if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST,
-             &servAddr.sin_addr)) != 1) {
-        printf("ERROR: invalid address ret=%d\n", ret);
+    if(*ch >= '1' && *ch <= '9') {
+        /* Get the server IPv4 address from the command line call */
+        WOLFSSL_MSG("inet_pton");
+        if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST,
+                 &servAddr.sin_addr)) != 1) {
+            ESP_LOGE(TAG,"ERROR: invalid address ret=%d\n", ret);
+        }
+    } else {
+        servAddr.sin_addr.s_addr = ip4_addr->addr;
    }

    /* Connect to the server */
    sprintf(buff, "Connecting to server....%s(port:%d)", TLS_SMP_TARGET_HOST
                                                      , DEFAULT_PORT);
    WOLFSSL_MSG(buff);
+    printf("%s\n",buff);
    if ((ret = connect(sockfd, (struct sockaddr *)&servAddr,
                                    sizeof(servAddr))) == -1){
-        printf("ERROR: failed to connect ret=%d\n", ret);
+        ESP_LOGE(TAG,"ERROR: failed to connect ret=%d\n", ret);
    }

    WOLFSSL_MSG("Create a WOLFSSL object");
    /* Create a WOLFSSL object */
    if ((ssl = wolfSSL_new(ctx)) == NULL) {
-        printf("ERROR: failed to create WOLFSSL object\n");
+        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL object\n");
    }

+    /* when using atecc608a on esp32-wroom-32se */
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    atcatls_set_callbacks(ctx);
+    /* when using custome slot-allocation */
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    my_atmel_slotInit();
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+
    /* Attach wolfSSL to the socket */
    wolfSSL_set_fd(ssl, sockfd);

    WOLFSSL_MSG("Connect to wolfSSL on the server side");
    /* Connect to wolfSSL on the server side */
    if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
-        printf("ERROR: failed to connect to wolfSSL\n");
+        ESP_LOGE(TAG,"ERROR: failed to connect to wolfSSL\n");
    }

    /* Get a message for the server from stdin */
    WOLFSSL_MSG("Message for server: ");
    memset(buff, 0, sizeof(buff));
-    sprintf(buff, "message from client\n");
-    len = strnlen(buff, sizeof(buff));
+
+    if(sendGet){
+        printf("SSL connect ok, sending GET...\n");
+        len = 28;
+        strncpy(buff, "GET /index.html HTTP/1.0\r\n\r\n", 28);
+        buff[len] = '\0';
+    } else {
+        sprintf(buff, "message from esp32 tls client\n");
+        len = strnlen(buff, sizeof(buff));
+    }
    /* Send the message to the server */
    if (wolfSSL_write(ssl, buff, len) != len) {
-        printf("ERROR: failed to write\n");
+        ESP_LOGE(TAG,"ERROR: failed to write\n");
    }

    /* Read the server data into our buff array */
    memset(buff, 0, sizeof(buff));
    if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
-        printf("ERROR: failed to read\n");
+        ESP_LOGE(TAG,"ERROR: failed to read\n");
    }

    /* Print to stdout any data the server sends */
-    WOLFSSL_MSG("Server:");
-    WOLFSSL_MSG(buff);
+    printf("Server:");
+    printf("%s", buff);
    /* Cleanup and return */
    wolfSSL_free(ssl);     /* Free the wolfSSL object                  */
    wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
    wolfSSL_Cleanup();     /* Cleanup the wolfSSL environment          */
    close(sockfd);         /* Close the connection to the server       */
-    
+
    vTaskDelete(NULL);

    return;                /* Return reporting a success               */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/user_settings.h
@@ -1,51 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
-
-/* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_FFDHE_2048
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
-
-#define SINGLE_THREADED /* or define RTOS  option */
-#define NO_FILESYSTEM
-
-#define HAVE_AESGCM
-#define WOLFSSL_SHA512
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
-/* #define NO_ASN_TIME */
-/* #define XTIME time */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
@@ -4,4 +4,4 @@ cmake_minimum_required(VERSION 3.5)


 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-project(tls_server)
+project(wolfssl_server)
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
@@ -3,17 +3,20 @@
 The Example contains a wolfSSL simple server.

 1. "make menuconfigure" to configure the project
-  1-1. Example Configuration ->
-       WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
-       WIFI Password : WIFI password, and default is "mypassword"
+
+    1-1. Example Configuration ->
+           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")  
+           WIFI Password : WIFI password, and default is "mypassword"

 When you want to test the wolfSSL simple server demo
+
 1. "make flash" to compile the code and load the firmware
-2. "make monitor" to see the context. The assigned IP address can be found in output message. 
-3. Once the server connects to the wifi, it is waiting for client request.
-   ("Waiting for a connection..." message will be displayed.)
-4. You can use <wolfssl>/examples/client to test the server
-   e.g ./example/client/client -h xx.xx.xx
+2. "make monitor" to see the context. The assigned IP address can be found in output message.
+3. Once the server connects to the wifi, it is waiting for client request.  
+    ("Waiting for a connection..." message will be displayed.)
+   
+4. You can use <wolfssl>/examples/client to test the server  
+    e.g ./example/client/client -h xx.xx.xx

 See the README.md file in the upper level 'examples' directory for more information about examples.

--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
@@ -0,0 +1,10 @@
+
+#
+# wolfssl server test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "server-tls.c" "wifi_connect.c")
+set(COMPONENT_ADD_INCLUDEDIRS "." "./include")
+
+register_component()
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/user_settings.h
@@ -1,51 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
-
-/* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_FFDHE_2048
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
-
-#define SINGLE_THREADED /* or define RTOS  option */
-#define NO_FILESYSTEM
-
-#define HAVE_AESGCM
-#define WOLFSSL_SHA512
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
-/* #define NO_ASN_TIME */
-/* #define XTIME time */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
@@ -1,6 +1,6 @@
 /* server-tls-callback.c
 *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
@@ -31,7 +31,7 @@
 #include <unistd.h>

 /* wolfSSL */
-#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/certs_test.h>

@@ -42,7 +42,85 @@
    #include <wolfssl/wolfcrypt/mem_track.h>
 #endif

-const char *TAG = "tls_server";
+static const char* const TAG = "tls_server";
+
+#if defined(DEBUG_WOLFSSL)
+
+static void ShowCiphers(void)
+{
+    char ciphers[4096];
+
+    int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+
+    if (ret == WOLFSSL_SUCCESS)
+        printf("%s\n", ciphers);
+}
+
+#endif
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you want to use a custom slot allocation */
+/* enable the difinition CUSTOM_SLOT_ALLOCATION. */
+
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc);
+
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+
+    for(i=0;i<ATECC_MAX_SLOT; i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i=0;i<ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    return slot;
+}
+
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+}
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */

 void tls_smp_server_task()
 {
@@ -65,7 +143,9 @@ void tls_smp_server_task()
 #ifdef DEBUG_WOLFSSL
    WOLFSSL_MSG("Debug ON");
    wolfSSL_Debugging_ON();
+    ShowCiphers();
 #endif
+
    /* Initialize wolfSSL */
    WOLFSSL_MSG("Start wolfSSL_Init()");
    wolfSSL_Init();
@@ -75,29 +155,34 @@ void tls_smp_server_task()
     * 0 means choose the default protocol. */
    WOLFSSL_MSG( "start socket())");
    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
-        printf("ERROR: failed to create the socket");
+        ESP_LOGE(TAG, "ERROR: failed to create the socket");
    }

    /* Create and initialize WOLFSSL_CTX */
    WOLFSSL_MSG("Create and initialize WOLFSSL_CTX");
    if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
-        printf("ERROR: failed to create WOLFSSL_CTX");
+        ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
    }
    WOLFSSL_MSG("Loading certificate...");
    /* Load server certificates into WOLFSSL_CTX */
+
    if ((ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
                        sizeof_server_cert_der_2048,
                        WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load cert");
+        ESP_LOGE(TAG, "ERROR: failed to load cert");
    }
    WOLFSSL_MSG("Loading key info...");
    /* Load server key into WOLFSSL_CTX */
+
    if((ret=wolfSSL_CTX_use_PrivateKey_buffer(ctx,
                            server_key_der_2048, sizeof_server_key_der_2048,
                            WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load privatekey");
+        ESP_LOGE(TAG, "ERROR: failed to load privatekey");
    }

+    /* TO DO when using ECDSA, it loads the provisioned certificate and present it.*/
+    /* TO DO when using ECDSA, it uses the generated key instead of loading key    */
+
    /* Initialize the server address struct with zeros */
    memset(&servAddr, 0, sizeof(servAddr));
    /* Fill in the server address */
@@ -107,37 +192,48 @@ void tls_smp_server_task()

    /* Bind the server socket to our port */
    if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
-         printf("ERROR: failed to bind");
+         ESP_LOGE(TAG, "ERROR: failed to bind");
    }

    /* Listen for a new connection, allow 5 pending connections */
    if (listen(sockfd, 5) == -1) {
-         printf("ERROR: failed to listen");
+         ESP_LOGE(TAG, "ERROR: failed to listen");
    }
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    atcatls_set_callbacks(ctx);
+    /* when using a custom slot allocation */
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    my_atmel_slotInit();
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+
    /* Continue to accept clients until shutdown is issued */
    while (!shutdown) {
         WOLFSSL_MSG("Waiting for a connection...");
        /* Accept client connections */
        if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
            == -1) {
-             printf("ERROR: failed to accept the connection");
+             ESP_LOGE(TAG, "ERROR: failed to accept the connection");
        }
        /* Create a WOLFSSL object */
        if ((ssl = wolfSSL_new(ctx)) == NULL) {
-             printf("ERROR: failed to create WOLFSSL object");
+             ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
        }
        /* Attach wolfSSL to the socket */
        wolfSSL_set_fd(ssl, connd);
        /* Establish TLS connection */
        ret = wolfSSL_accept(ssl);
        if (ret != SSL_SUCCESS) {
-            printf("wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret));
+            ESP_LOGE(TAG, "wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret));
        }
        WOLFSSL_MSG("Client connected successfully");
        /* Read the client data into our buff array */
        memset(buff, 0, sizeof(buff));
        if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
-            printf("ERROR: failed to read");
+            ESP_LOGE(TAG, "ERROR: failed to read");
        }
        /* Print to stdout any data the client sends */
        WOLFSSL_MSG("Client sends:");
@@ -153,7 +249,7 @@ void tls_smp_server_task()
        len = strnlen(buff, sizeof(buff));
        /* Reply back to the client */
        if (wolfSSL_write(ssl, buff, len) != len) {
-            printf("ERROR: failed to write");
+            ESP_LOGE(TAG, "ERROR: failed to write");
        }
        /* Cleanup after this connection */
        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
@@ -0,0 +1,10 @@
+
+#
+# wolfssl crypt test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "test.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+register_component()
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/user_settings.h
@@ -1,51 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
-
-/* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_FFDHE_2048
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
-
-#define SINGLE_THREADED /* or define RTOS  option */
-#define NO_FILESYSTEM
-
-#define HAVE_AESGCM
-#define WOLFSSL_SHA512
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
-/* #define NO_ASN_TIME */
-/* #define XTIME time */
--- a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
@@ -1,79 +1,37 @@
+#
+# cmake for wolfssl
+# 
 cmake_minimum_required(VERSION 3.5)
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")

 set(CMAKE_CURRENT_SOURCE_DIR ".")
 set(WOLFSSL_ROOT ${CMAKE_CURRENT_SOURCE_DIR})
 set(INCLUDE_PATH ${WOLFSSL_ROOT})
-set(COMPONENT_SRCS 
-    "src/keys.c"
-    "src/sniffer.c"
-    "src/tls.c"
-    "src/wolfio.c"
-    "src/crl.c"
-    "src/internal.c"
-    "src/ocsp.c"
-    "src/ssl.c"
-    "src/tls13.c"
-    "wolfcrypt/src/aes.c"
-    "wolfcrypt/src/arc4.c"
-    "wolfcrypt/src/asm.c"
-    "wolfcrypt/src/asn.c"
-    "wolfcrypt/src/blake2b.c"
-    "wolfcrypt/src/camellia.c"
-    "wolfcrypt/src/chacha.c"
-    "wolfcrypt/src/chacha20_poly1305.c"
-    "wolfcrypt/src/cmac.c"
-    "wolfcrypt/src/coding.c"
-    "wolfcrypt/src/compress.c"
-    "wolfcrypt/src/cpuid.c"
-    "wolfcrypt/src/cryptodev.c"
-    "wolfcrypt/src/curve25519.c"
-    "wolfcrypt/src/des3.c"
-    "wolfcrypt/src/dh.c"
-    "wolfcrypt/src/dsa.c"
-    "wolfcrypt/src/ecc.c"
-    "wolfcrypt/src/ecc_fp.c"
-    "wolfcrypt/src/ed25519.c"
-    "wolfcrypt/src/error.c"
-    "wolfcrypt/src/fe_low_mem.c"
-    "wolfcrypt/src/fe_operations.c"
-    "wolfcrypt/src/ge_low_mem.c"
-    "wolfcrypt/src/ge_operations.c"
-    "wolfcrypt/src/hash.c"
-    "wolfcrypt/src/hc128.c"
-    "wolfcrypt/src/hmac.c"
-    "wolfcrypt/src/idea.c"
-    "wolfcrypt/src/integer.c"
-    "wolfcrypt/src/logging.c"
-    "wolfcrypt/src/md2.c"
-    "wolfcrypt/src/md4.c"
-    "wolfcrypt/src/md5.c"
-    "wolfcrypt/src/memory.c"
-    "wolfcrypt/src/pkcs12.c"
-    "wolfcrypt/src/pkcs7.c"
-    "wolfcrypt/src/poly1305.c"
-    "wolfcrypt/src/pwdbased.c"
-    "wolfcrypt/src/rabbit.c"
-    "wolfcrypt/src/random.c"
-    "wolfcrypt/src/ripemd.c"
-    "wolfcrypt/src/rsa.c"
-    "wolfcrypt/src/sha.c"
-    "wolfcrypt/src/sha256.c"
-    "wolfcrypt/src/sha3.c"
-    "wolfcrypt/src/sha512.c"
-    "wolfcrypt/src/signature.c"
-    "wolfcrypt/src/sp_arm32.c"
-    "wolfcrypt/src/sp_arm64.c"
-    "wolfcrypt/src/sp_c32.c"
-    "wolfcrypt/src/sp_c64.c"
-    "wolfcrypt/src/sp_int.c"
-    "wolfcrypt/src/sp_x86_64.c"
-    "wolfcrypt/src/srp.c"
-    "wolfcrypt/src/tfm.c"
-    "wolfcrypt/src/wc_encrypt.c"
-    "wolfcrypt/src/wc_port.c"
-    "wolfcrypt/src/wolfevent.c"
-    "wolfcrypt/src/wolfmath.c"
-)
+
+set(COMPONENT_SRCDIRS "./src/"
+                      "./wolfcrypt/src/"
+                      "./wolfcrypt/src/port/Espressif/"
+                      "./wolfcrypt/src/port/atmel/"
+                      )
+
 set(COMPONENT_REQUIRES lwip)
-set(COMPONENT_ADD_INCLUDEDIRS ../freertos/include/freertos)
+
+set(COMPONENT_ADD_INCLUDEDIRS
+    "."
+    "./include"
+    "../freertos/include/freertos" 
+    "${WOLFSSL_ROOT}"
+    )
+
+if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
+endif()
+
+set(COMPONENT_SRCEXCLUDE
+    "wolfcrypt/src/aes_asm.S"
+    "wolfcrypt/src/evp.c"
+    "wolfcrypt/src/misc.c"
+    "src/bio.c"
+    )
+
 register_component()
--- a/IDE/Espressif/ESP-IDF/libs/component.mk
+++ b/IDE/Espressif/ESP-IDF/libs/component.mk
@@ -2,10 +2,14 @@
 # Component Makefile
 #

-COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS := . ./include
 COMPONENT_ADD_INCLUDEDIRS += ../freertos/include/freertos/

 COMPONENT_SRCDIRS := src wolfcrypt/src
+COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
+
+CFLAGS +=-DWOLFSSL_USER_SETTINGS

 COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
 COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
--- a/IDE/Espressif/ESP-IDF/setup.sh
+++ b/IDE/Espressif/ESP-IDF/setup.sh
@@ -37,7 +37,10 @@ ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/

 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/src
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfssl
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/test
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/include

 popd > /dev/null             # $WOLFSSL_ESPIDFDIR
 pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
@@ -45,12 +48,19 @@ pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
 # copying ... files in src/ into $WOLFSSLLIB_TRG_DIR/src
 ${CPDCMD} ./src/*.c ${WOLFSSLLIB_TRG_DIR}/src/

-${CPDCMD} -r ./wolfcrypt/src/ ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/
+
+${CPDCMD} -r ./wolfcrypt/src/*.{c,i} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src/
+${CPDCMD} -r ./wolfcrypt/src/port  ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src/port/
 ${CPDCMD} -r ./wolfcrypt/test ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/
 ${CPDCMD} -r ./wolfcrypt/benchmark ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/

 ${CPDCMD} -r ./wolfssl/*.h ${WOLFSSLLIB_TRG_DIR}/wolfssl/
 ${CPDCMD} -r ./wolfssl/wolfcrypt ${WOLFSSLLIB_TRG_DIR}/wolfssl/
+# user_settings.h
+${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/user_settings.h ${WOLFSSLLIB_TRG_DIR}/include/
+
+# unit test app
+${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/test/* ${WOLFSSLLIB_TRG_DIR}/test/

 popd > /dev/null # 

@@ -63,23 +73,19 @@ pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
-${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/include

 ${CPDCMD} -r ./wolfcrypt/benchmark/benchmark.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
-${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/include/

 # Crypt Test program
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
-${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/include

 ${CPDCMD} -r ./wolfcrypt/test/test.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
-${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/include/

 # TLS Client program
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/
--- a/IDE/Espressif/ESP-IDF/test/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/test/CMakeLists.txt
@@ -0,0 +1,6 @@
+set(COMPONENT_SRCDIRS ".")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+set(COMPONENT_REQUIRES unity test_utils wolfssl)
+
+register_component()
--- a/IDE/Espressif/ESP-IDF/test/README.md
+++ b/IDE/Espressif/ESP-IDF/test/README.md
@@ -0,0 +1,11 @@
+# wolfSSL unit-test app
+
+The test contains of wolfSSL unit-test app on Unity.
+
+When you want to run the app  
+1. Copy *test.c* file at /path/to/esp-idf/components/wolfssl/wolfcrypt/test/ folder to the  wolfssl/test folder  
+2. Go to /esp-idf/tools/unit-test-app/ folder  
+3. "make menuconfig" to configure unit test app.  
+4. "make TEST_COMPONENTS=wolfssl" to build wolfssl unit test app.  
+
+See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.
--- a/IDE/Espressif/ESP-IDF/test/component.mk
+++ b/IDE/Espressif/ESP-IDF/test/component.mk
@@ -0,0 +1,10 @@
+#
+#Component Makefile
+#
+
+#CFLAGS := -v
+CFLAGS += -DNO_MAIN_DRIVER
+CFLAGS += -DWOLFSSL_USER_SETTINGS
+#CFLAGS += -DWOLFSSL_ESP32WROOM32_CRYPT_DEBUG
+
+COMPONENT_ADD_LDFLAGS = -Wl,--whole-archive -l$(COMPONENT_NAME) -Wl,--no-whole-archive
--- a/IDE/Espressif/ESP-IDF/test/test_wolfssl.c
+++ b/IDE/Espressif/ESP-IDF/test/test_wolfssl.c
@@ -0,0 +1,524 @@
+/*
+* wolfssl sha tests
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+#include <esp_system.h>
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "unity.h"
+#include "sdkconfig.h"
+#include "esp_log.h"
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/wc_port.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+static const char* TAG = "wolfssl unit test";
+static xSemaphoreHandle exit_semaph;
+static volatile bool exit_loop=false;
+
+#define SHA_STACK_SIZE (20*1024)
+#define TIMES_SHA 500
+#define TIMES_AES 100
+
+#ifndef NO_SHA
+int sha_test();
+#endif
+#ifndef NO_SHA256
+int sha256_test();
+#endif
+#ifdef WOLFSSL_SHA384
+int sha384_test(void);
+#endif
+#ifdef WOLFSSL_SHA512
+int sha512_test(void);
+#endif
+
+#ifndef NO_AES
+int aes_test(void);
+static void tskAes_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskAes_Test");
+    int ret = 0;
+    while(exit_loop==false) {
+        ret = aes_test();
+        if(ret != 0) {
+            printf("result was not good(aes_test)(%d)\n",ret);
+            TEST_FAIL_MESSAGE("tskAes_Test\n");
+        }
+    }
+
+    ESP_LOGI(TAG, "leave tskAes_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+
+int aesgcm_test(void);
+
+static void tskAesGcm_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskAesGcm_Test");
+    int ret = 0;
+    while(exit_loop==false) {
+        ret = aesgcm_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). aesGcm_test\n",ret);
+            TEST_FAIL_MESSAGE("aesGcm_test\n");
+        }
+    }
+    ESP_LOGI(TAG, "leave tskAesGcm_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+
+#ifdef WOLFSSL_AES_192
+int aes192_test(void);
+static void tskAes192_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskAes192_Test");
+    int ret = 0;
+    while(exit_loop==false) {
+        ret = aes192_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). aes192_test\n",ret);
+            TEST_FAIL_MESSAGE("aes192_test\n");
+        }
+    }
+    ESP_LOGI(TAG, "leave tskAes192_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+#ifdef WOLFSSL_AES_256
+int aes256_test(void);
+static void tskAes256_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskAes256_Test");
+    int ret = 0;
+    while(exit_loop==false) {
+        ret = aes256_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). aes256_test\n", ret);
+            TEST_FAIL_MESSAGE("aes256_test\n");
+        }
+    }
+    ESP_LOGI(TAG, "leave tskAes256_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+
+TEST_CASE("wolfssl aes test"  , "[wolfssl]")
+{
+    ESP_LOGI(TAG, "aes test");
+    TEST_ASSERT_EQUAL(0, aes_test());
+#ifdef WOLFSSL_AES_192
+    ESP_LOGI(TAG, "aes_192 test");
+    TEST_ASSERT_EQUAL(0, aes192_test());
+#endif
+#ifdef WOLFSSL_AES_256
+    ESP_LOGI(TAG, "aes_256 test");
+    TEST_ASSERT_EQUAL(0, aes256_test());
+#endif
+    ESP_LOGI(TAG, "aes-gcm test");
+    TEST_ASSERT_EQUAL(0, aesgcm_test());
+}
+
+#endif
+
+TEST_CASE("wolfssl sha crypt-test", "[wolfssl]")
+{
+#ifndef NO_SHA
+    ESP_LOGI(TAG, "sha_test()");
+    TEST_ASSERT_EQUAL(0, sha_test());
+#endif
+#ifndef NO_SHA256
+    ESP_LOGI(TAG, "sha256_test()");
+    TEST_ASSERT_EQUAL(0, sha256_test());
+#endif
+#ifdef WOLSSL_SHA384
+    ESP_LOGI(TAG, "sha384_test()");
+    TEST_ASSERT_EQUAL(0, sha384_test());
+#endif
+#ifdef WOLFSSL_SHA512
+    ESP_LOGI(TAG, "sha512_test()");
+    TEST_ASSERT_EQUAL(0, sha512_test());
+#endif
+}
+
+
+#ifndef NO_SHA
+static void tskSha_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskSha_Test");
+
+    int ret = 0;
+
+    while(exit_loop==false) {
+        ret = sha_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). sha_test\n", ret);
+            TEST_FAIL_MESSAGE("tskSha_Test\n");
+        }
+    }
+
+    ESP_LOGI(TAG, "leave tskSha_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+
+#ifndef NO_SHA256
+static void tskSha256_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskSha256_Test");
+    int ret;
+
+    while(exit_loop==false) {
+        ret = sha256_test();
+        if(ret != 0) {
+            printf("results was not good(%d). sha256_test\n", ret);
+            TEST_FAIL_MESSAGE("sha256_test() failed");
+        }
+    }
+
+    ESP_LOGI(TAG, "leave tskSha256_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+
+#ifdef WOLFSSL_SHA384
+static void tskSha384_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskSha384_Test");
+    int ret = 0;
+
+    while(exit_loop==false) {
+        ret = sha384_test();
+        if(ret != 0) {
+            printf("results was not good(%d). sha384_test\n", ret);
+            TEST_FAIL_MESSAGE("sha384_test() failed\n");
+        }
+    }
+
+    ESP_LOGI(TAG, "leave tskSha384_Test");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+}
+#endif
+
+#ifdef WOLFSSL_SHA512
+static void tskSha512_Test(void *pvParam)
+{
+    ESP_LOGI(TAG, "enter tskSha512_Test");
+
+    int ret = 0;
+
+    while(exit_loop==false) {
+        ret = sha512_test();
+        if(ret != 0) {
+            printf(" results was not good(%d). sha512_test\n", ret);
+            TEST_FAIL_MESSAGE("tskSha512_Test() failed\n");
+        }
+    }
+    ESP_LOGI(TAG, "leave tskSha512_test()");
+    xSemaphoreGive(exit_semaph);
+    vTaskDelete(NULL);
+
+
+}
+#endif
+
+TEST_CASE("wolfssl sha multi-thread test ", "[wolfssl]")
+{
+    int num = 0;
+#ifndef NO_SHA
+    num++;
+#endif
+#ifndef NO_SHA256
+    num++;
+#endif
+#ifdef WOLFSSL_SHA384
+    num++;
+#endif
+#ifdef WOLFSSL_SHA512
+    num++;
+#endif
+
+    exit_loop = false;
+
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_SHA
+    xTaskCreate(tskSha_Test, "sha_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA256
+    xTaskCreate(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_SHA384
+    xTaskCreate(tskSha384_Test, "sha384_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_SHA512
+    xTaskCreate(tskSha512_Test, "sha512_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+
+ ESP_LOGI(TAG, "Waiting for 10s ...");
+ vTaskDelay(10000/portTICK_PERIOD_MS);
+ exit_loop = true;
+
+ for(int i=0;i<num;i++){
+     if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) {
+         TEST_FAIL_MESSAGE("exit semaphore not released by test task");
+     }
+ }
+ vSemaphoreDelete(exit_semaph);
+}
+
+TEST_CASE("wolfssl aes multi-thread test ", "[wolfssl]")
+{
+    int num = 0;
+#ifndef NO_AES
+    num++;
+    num++;
+#ifdef WOLFSSL_AES_192
+    num++;
+#endif
+#ifdef WOLFSSL_AES_256
+    num++;
+#endif
+#endif
+
+    exit_loop = false;
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    xTaskCreate(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_192
+    xTaskCreate(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_256
+    xTaskCreate(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+
+ ESP_LOGI(TAG, "Waiting for 10s ...");
+ vTaskDelay(10000/portTICK_PERIOD_MS);
+ exit_loop = true;
+
+ for(int i=0;i<num;i++){
+    if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) {
+        TEST_FAIL_MESSAGE("exit semaphore not released by test task");
+    }
+ }
+ vSemaphoreDelete(exit_semaph);
+}
+
+TEST_CASE("wolfssl aes sha sha256 multi-thread test ", "[wolfssl]")
+{
+    int num = 0;
+
+#ifndef NO_AES
+    num++;
+    num++;
+#ifdef WOLFSSL_AES_192
+    num++;
+#endif
+#ifdef WOLFSSL_AES_256
+    num++;
+#endif
+#endif
+#ifndef NO_SHA
+    num++;
+#endif
+#ifndef NO_SHA256
+    num++;
+#endif
+
+    exit_loop = false;
+
+#ifndef CONFIG_FREERTOS_UNICORE
+    num *= 2;
+    printf("num=%d\n", num);
+
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    if(xTaskCreatePinnedToCore(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -1 \n");
+    if(xTaskCreatePinnedToCore(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -2 \n");
+    if(xTaskCreatePinnedToCore(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -3 \n");
+    if(xTaskCreatePinnedToCore(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -4 \n");
+#endif
+#ifdef WOLFSSL_AES_192
+    if(xTaskCreatePinnedToCore(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -5 \n");
+    if(xTaskCreatePinnedToCore(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -6 \n");
+#endif
+#ifdef WOLFSSL_AES_256
+    if(xTaskCreatePinnedToCore(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -7 \n");
+    if(xTaskCreatePinnedToCore(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -8 \n");
+#endif
+#ifndef NO_SHA
+    if(xTaskCreatePinnedToCore(tskSha_Test, "Sha_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -9 \n");
+    if(xTaskCreatePinnedToCore(tskSha_Test, "Sha_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -10 \n");
+#endif
+#ifndef NO_SHA256
+    if(xTaskCreatePinnedToCore(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -11 \n");
+    if(xTaskCreatePinnedToCore(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -12 \n");
+#endif
+
+#else
+
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    xTaskCreate(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_192
+    xTaskCreate(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_256
+    xTaskCreate(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA
+    xTaskCreate(tskSha_Test, "Sha_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA256
+    xTaskCreate(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+
+#endif /* CONFIG_FREERTOS_UNICORE */
+
+    ESP_LOGI(TAG, "Waiting for 15s ...");
+    vTaskDelay(15000/portTICK_PERIOD_MS);
+    exit_loop = true;
+
+    for(int i=0;i<num;i++){
+       if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) {
+           TEST_FAIL_MESSAGE("exit semaphore not released by test task");
+       }
+    }
+    vSemaphoreDelete(exit_semaph);
+}
+
+TEST_CASE("wolfssl aes sha384 sha512 multi-thread test ", "[wolfssl]")
+{
+    int num = 0;
+
+#ifndef NO_AES
+    num++;
+    num++;
+#ifdef WOLFSSL_AES_192
+    num++;
+#endif
+#ifdef WOLFSSL_AES_256
+    num++;
+#endif
+#endif
+#ifdef WOLFSSL_SHA384
+    num++;
+#endif
+#ifdef WOLFSSL_SHA512
+    num++;
+#endif
+
+
+    exit_loop = false;
+
+#ifndef CONFIG_FREERTOS_UNICORE
+    num *= 2;
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    if(xTaskCreatePinnedToCore(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -1 \n");
+    if(xTaskCreatePinnedToCore(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -2 \n");
+    if(xTaskCreatePinnedToCore(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -3 \n");
+    if(xTaskCreatePinnedToCore(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -4 \n");
+#endif
+#ifdef WOLFSSL_AES_192
+    if(xTaskCreatePinnedToCore(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -5 \n");
+    if(xTaskCreatePinnedToCore(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -6 \n");
+#endif
+#ifdef WOLFSSL_AES_256
+    if(xTaskCreatePinnedToCore(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -7 \n");
+    if(xTaskCreatePinnedToCore(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -8 \n");
+#endif
+#ifdef WOLFSSL_SHA384
+    if(xTaskCreatePinnedToCore(tskSha384_Test, "sha384_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -13 \n");
+    if(xTaskCreatePinnedToCore(tskSha384_Test, "sha384_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -14 \n");
+#endif
+#ifdef WOLFSSL_SHA512
+    printf("start sha512\n");
+    if(xTaskCreatePinnedToCore(tskSha512_Test, "Sha512_test", SHA_STACK_SIZE, NULL, 3, NULL, 0)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -15 \n");
+    if(xTaskCreatePinnedToCore(tskSha512_Test, "Sha512_test", SHA_STACK_SIZE, NULL, 3, NULL, 1)!=pdPASS)
+        ESP_LOGE(TAG, "failed to create task -16 \n");
+
+#endif
+
+#else
+
+    exit_semaph = xSemaphoreCreateCounting(num, 0);
+
+#ifndef NO_AES
+    xTaskCreate(tskAes_Test, "Aes_test", SHA_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskAesGcm_Test, "AesGcm_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_192
+    xTaskCreate(tskAes192_Test, "Aes192_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifdef WOLFSSL_AES_256
+    xTaskCreate(tskAes256_Test, "Aes256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA
+    xTaskCreate(tskSha_Test, "Sha_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+#ifndef NO_SHA256
+    xTaskCreate(tskSha256_Test, "sha256_test", SHA_STACK_SIZE, NULL, 3, NULL);
+#endif
+
+#endif /* CONFIG_FREERTOS_UNICORE */
+
+    ESP_LOGI(TAG, "Waiting for 15s ...");
+    vTaskDelay(15000/portTICK_PERIOD_MS);
+    exit_loop = true;
+
+
+    for(int i=0;i<num;i++){
+       if(!xSemaphoreTake(exit_semaph, 2000/portTICK_PERIOD_MS)) {
+           TEST_FAIL_MESSAGE("exit semaphore not released by test task");
+       }
+    }
+    vSemaphoreDelete(exit_semaph);
+}
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/user_settings.h
@@ -1,6 +1,6 @@
 /* user_settings.h
 *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
@@ -31,21 +31,42 @@
 #define HAVE_AEAD
 #define HAVE_SUPPORTED_CURVES

-#define SINGLE_THREADED /* or define RTOS  option */
+/* when you want to use SINGLE THREAD */
+/* #define SINGLE_THREADED */
 #define NO_FILESYSTEM

 #define HAVE_AESGCM
+/* when you want to use SHA384 */
+/* #define WOLFSSL_SHA384 */
 #define WOLFSSL_SHA512
 #define HAVE_ECC
 #define HAVE_CURVE25519
 #define CURVE25519_SMALL
 #define HAVE_ED25519

+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+
 /* debug options */
 /* #define DEBUG_WOLFSSL */
+/* #define WOLFSSL_ESP32WROOM32_CRYPT_DEBUG */
+/* #define WOLFSSL_ATECC508A_DEBUG          */

 /* date/time                               */
 /* if it cannot adjust time in the device, */
 /* enable macro below                      */
 /* #define NO_ASN_TIME */
 /* #define XTIME time */
+
+/* when you want not to use HW acceleration */
+/* #define NO_ESP32WROOM32_CRYPT */
+/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH*/
+/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_AES */
--- a/IDE/GCC-ARM/Header/user_settings.h
+++ b/IDE/GCC-ARM/Header/user_settings.h
@@ -66,14 +66,15 @@ extern "C" {
 #undef WOLFSSL_SP
 #if 0
    #define WOLFSSL_SP
-    #define WOLFSSL_SP_SMALL
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
    #define WOLFSSL_HAVE_SP_RSA
    #define WOLFSSL_HAVE_SP_DH
    #define WOLFSSL_HAVE_SP_ECC
    #define WOLFSSL_SP_CACHE_RESISTANT
-    //#define WOLFSSL_SP_MATH
+    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */

    /* 64 or 32 bit version */
+    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
    //#define WOLFSSL_SP_ARM32_ASM
    //#define WOLFSSL_SP_ARM64_ASM
 #endif
--- a/IDE/GCC-ARM/Makefile.common
+++ b/IDE/GCC-ARM/Makefile.common
@@ -110,7 +110,7 @@ SRC_C += ../../wolfcrypt/src/cmac.c
 SRC_C += ../../wolfcrypt/src/coding.c
 SRC_C += ../../wolfcrypt/src/compress.c
 SRC_C += ../../wolfcrypt/src/cpuid.c
-SRC_C += ../../wolfcrypt/src/cryptodev.c
+SRC_C += ../../wolfcrypt/src/cryptocb.c
 SRC_C += ../../wolfcrypt/src/curve25519.c
 SRC_C += ../../wolfcrypt/src/ed25519.c
 SRC_C += ../../wolfcrypt/src/error.c
--- a/IDE/Renesas/cs+/Projects/include.am
+++ b/IDE/Renesas/cs+/Projects/include.am
@@ -16,4 +16,5 @@ EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
 EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
 EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c
 EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/wolf_demo.h
+EXTRA_DIST+= IDE/Renesas/cs+/Projects/t4_demo/t4_demo.mtpj

--- a/IDE/Renesas/cs+/Projects/t4_demo/README_en.txt
+++ b/IDE/Renesas/cs+/Projects/t4_demo/README_en.txt
@@ -42,6 +42,8 @@ Setup process:
 wolfssl\IDE\Renesas\cs+\Projects\wolfssl_lib\DefaultBuild\wolfssl_lib.lib
 wolfssl\IDE\Renesas\cs+\Projects\t4_demo\DefaultBuild\t4_demo.lib

+   - Set CC-RX(Build Tool)->Library Geberation->Library Configuration to"C99" and enable ctype.h.
+
   - Build the project and start execut. You see message on the console prompting command.
   
 ===
--- a/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
+++ b/IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt
@@ -51,6 +51,9 @@ wolfSSL/AlphaProject
 　wolfssl\IDE\Renesas\cs+\Projects\wolfssl_lib\DefaultBuild\wolfssl_lib.lib
 　wolfssl\IDE\Renesas\cs+\Projects\t4_demo\DefaultBuild\t4_demo.lib

+- CC-RX(ビルドツール)->ライブラリージェネレーションタブ->ライブラリー構成を「C99」に、
+ctype.hを有効にするを「はい」に設定します。
+
 　- プロジェクトのビルド、ターゲットへのダウンロードをしたのち、表示->デバッグ・コンソール
 　からコンソールを表示させます。実行を開始するとコンソールに以下の表示が出力されます。
 　
--- a/IDE/Renesas/cs+/Projects/t4_demo/t4_demo.mtpj
+++ b/IDE/Renesas/cs+/Projects/t4_demo/t4_demo.mtpj
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c
@@ -34,29 +34,29 @@ static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
    int ret;
    ID  cepid;
-    
+
    if(ctx != NULL)cepid = *(ID *)ctx;
    else return WOLFSSL_CBIO_ERR_GENERAL;
-    
+
    ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR);
    if(ret > 0)return ret;
-    else         return WOLFSSL_CBIO_ERR_GENERAL;  
+    else         return WOLFSSL_CBIO_ERR_GENERAL;
 }

 static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
    int ret;
    ID  cepid;
-    
+
    if(ctx != NULL)cepid = *(ID *)ctx;
    else return WOLFSSL_CBIO_ERR_GENERAL;
-    
+
    ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR);
    if(ret == sz)return ret;
-    else         return WOLFSSL_CBIO_ERR_GENERAL;          
+    else         return WOLFSSL_CBIO_ERR_GENERAL;
 }

-static int getIPaddr(char *arg) 
+static int getIPaddr(char *arg)
 {
    int a1, a2, a3, a4;
    if(sscanf(arg, "%d.%d.%d.%d", &a1, &a2, &a3, &a4) == 4)
@@ -64,8 +64,8 @@ static int getIPaddr(char *arg)
    else return 0;
 }

-static int getPort(char *arg) 
-{   
+static int getPort(char *arg)
+{
    int port;
    if(sscanf(arg, "%d", &port) == 1)
         return port;
@@ -74,7 +74,7 @@ static int getPort(char *arg)

 WOLFSSL_CTX *wolfSSL_TLS_client_init()
 {
-    
+
    WOLFSSL_CTX* ctx;
    #ifndef NO_FILESYSTEM
        #ifdef USE_ECC_CERT
@@ -91,18 +91,18 @@ WOLFSSL_CTX *wolfSSL_TLS_client_init()
        #define  SIZEOF_CERT sizeof_ca_cert_der_2048
        #endif
    #endif
-    
+
    wolfSSL_Init();
    #ifdef DEBUG_WOLFSSL
        wolfSSL_Debugging_ON();
    #endif
-    
+
    /* Create and initialize WOLFSSL_CTX */
    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) {
        printf("ERROR: failed to create WOLFSSL_CTX\n");
        return NULL;
    }
- 
+
    #if !defined(NO_FILESYSTEM)
    if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
        printf("ERROR: can't load \"%s\"\n", cert);
@@ -127,7 +127,7 @@ WOLFSSL_CTX *wolfSSL_TLS_client_init()
 void wolfSSL_TLS_client(void *v_ctx, func_args *args)
 {
    ID cepid = 1;
-    ER ercd; 
+    ER ercd;
    int ret;
    WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)v_ctx;
    WOLFSSL *ssl;
@@ -136,7 +136,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
    char    rcvBuff[BUFF_SIZE] = {0};
    static T_IPV4EP my_addr = { 0, 0 };
    T_IPV4EP dst_addr;
-    
+
    if(args->argc >= 2){
 	    if((dst_addr.ipaddr = getIPaddr(args->argv[1])) == 0){
 		printf("ERROR: IP address\n");
@@ -147,7 +147,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
 	        return;
 	    }
    }
-    
+
    if((ercd = tcp_con_cep(cepid, &my_addr, &dst_addr, TMO_FEVR)) != E_OK) {
        printf("ERROR TCP Connect: %d\n", ercd);
        return;
@@ -157,7 +157,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
        printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
        return;
    }
-    
+
    /* set callback context */
    wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
    wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
@@ -166,7 +166,7 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
        printf("ERROR SSL connect: %d\n",  wolfSSL_get_error(ssl, 0));
        return;
    }
-        
+
    if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
        printf("ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
        return;
@@ -176,9 +176,9 @@ void wolfSSL_TLS_client(void *v_ctx, func_args *args)
        printf("ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
        return;
    }
-    
+
    rcvBuff[ret] = '\0' ;
-    printf("Recieved: %s\n", rcvBuff);
+    printf("Received: %s\n", rcvBuff);

    /* frees all data before client termination */
    wolfSSL_free(ssl);
--- a/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
+++ b/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c
@@ -31,26 +31,26 @@ static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
    int ret;
    ID  cepid;
-    
+
    if(ctx != NULL)cepid = *(ID *)ctx;
    else return WOLFSSL_CBIO_ERR_GENERAL;
-    
+
    ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR);
    if(ret == sz)return ret;
-    else         return WOLFSSL_CBIO_ERR_GENERAL;  
+    else         return WOLFSSL_CBIO_ERR_GENERAL;
 }

 static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
 {
    int ret;
    ID  cepid;
-    
+
    if(ctx != NULL)cepid = *(ID *)ctx;
    else return WOLFSSL_CBIO_ERR_GENERAL;
-    
+
    ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR);
    if(ret == sz)return ret;
-    else         return WOLFSSL_CBIO_ERR_GENERAL;          
+    else         return WOLFSSL_CBIO_ERR_GENERAL;
 }


@@ -59,7 +59,7 @@ WOLFSSL_CTX *wolfSSL_TLS_server_init()

 	int ret;
    WOLFSSL_CTX* ctx;
-    
+
    #ifndef NO_FILESYSTEM
        #ifdef USE_ECC_CERT
        char *cert       = "./certs/server-ecc-cert.pem";
@@ -81,15 +81,15 @@ WOLFSSL_CTX *wolfSSL_TLS_server_init()
        #define  sizeof_key sizeof_server_key_der_2048
        #endif
    #endif
-     
+

 	wolfSSL_Init();
        #ifdef DEBUG_WOLFSSL
 	    wolfSSL_Debugging_ON();
 	#endif
-	
+
 	/* Create and initialize WOLFSSL_CTX */
-	if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex((void *)NULL))) == NULL) {	
+	if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex((void *)NULL))) == NULL) {
 		printf("ERROR: failed to create WOLFSSL_CTX\n");
 		return NULL;
 	}
@@ -130,13 +130,13 @@ void wolfSSL_TLS_server(void *v_ctx, func_args *args)
    ER ercd;
    WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)v_ctx;
    (void) args;
-    
+
    WOLFSSL *ssl;
    int len;
    #define BUFF_SIZE 256
    char buff[BUFF_SIZE];
    T_IPV4EP dst_addr = {0, 0};
-        
+
    if((ercd = tcp_acp_cep(cepid, repid, &dst_addr, TMO_FEVR)) != E_OK) {
        printf("ERROR TCP Accept: %d\n", ercd);
        return;
@@ -146,7 +146,7 @@ void wolfSSL_TLS_server(void *v_ctx, func_args *args)
        printf("ERROR: failed wolfSSL_new\n");
        return;
    }
-   
+
    wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
    wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);

@@ -154,20 +154,20 @@ void wolfSSL_TLS_server(void *v_ctx, func_args *args)
        printf("ERROR: SSL Accept(%d)\n", wolfSSL_get_error(ssl, 0));
        return;
    }
-      
+
    if ((len = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) {
        printf("ERROR: SSL Read(%d)\n", wolfSSL_get_error(ssl, 0));
        return;
    }
-        
+
    buff[len] = '\0';
-    printf("Recieved: %s\n", buff);
-	
+    printf("Received: %s\n", buff);
+
    if (wolfSSL_write(ssl, buff, len) != len) {
-        printf("ERROR: SSL Wirte(%d)\n", wolfSSL_get_error(ssl, 0));
+        printf("ERROR: SSL Write(%d)\n", wolfSSL_get_error(ssl, 0));
        return;
    }
-    
+
    wolfSSL_free(ssl);
    tcp_sht_cep(cepid);
 }
--- a/IDE/Renesas/e2studio/Projects/wolfssl/.project
+++ b/IDE/Renesas/e2studio/Projects/wolfssl/.project
@@ -130,9 +130,9 @@
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cpuid.c</locationURI>
 		</link>
 		<link>
-			<name>wolfcrypt/src/cryptodev.c</name>
+			<name>wolfcrypt/src/cryptocb.c</name>
 			<type>1</type>
-			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cryptodev.c</locationURI>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/cryptocb.c</locationURI>
 		</link>
 		<link>
 			<name>wolfcrypt/src/curve25519.c</name>
--- a/IDE/include.am
+++ b/IDE/include.am
@@ -16,8 +16,10 @@ include IDE/OPENSTM32/include.am
 include IDE/VS-ARM/include.am
 include IDE/GCC-ARM/include.am
 include IDE/CSBENCH/include.am
+include IDE/ECLIPSE/DEOS/include.am
+include IDE/ECLIPSE/MICRIUM/include.am
 include IDE/mynewt/include.am
 include IDE/Renesas/cs+/Projects/include.am
 include IDE/Renesas/e2studio/Projects/include.am

-EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
+EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr
--- a/IDE/zephyr/README.md
+++ b/IDE/zephyr/README.md
@@ -0,0 +1,41 @@
+Zephyr Project Port
+===================
+
+## Overview
+
+This port is for Zephyr Project available [here](https://www.zephyrproject.org/).
+
+It provides the following zephyr code.
+
+- zephyr/ext/lib/crypto/wolfssl
+    - wolfssl library
+- zephyr/samples/crypto/wolfssl_test
+    - wolfcrypt unit test application
+- zephyr/samples/crypto/wolfssl_tls_sock
+    - socket based sample of TLS
+- zephyr/samples/crypto/wolfssl_tls_thread
+    - socket based sample of TLS using threads
+
+## How to setup
+
+### delopy wolfssl source to mynewt project
+Specify the path of the mynewt project and execute  `wolfssl/IDE/mynewt/setup.sh`.
+
+```bash
+./IDE/zephyr/setup.sh　/path/to/zephyrproject
+```
+
+This script will deploy wolfssl's library code and samples as described in the Overview to the zephyr project.
+
+## build & test
+
+build and execute wolfssl_test
+
+```
+cd [zephyrproject]/zephyr/samples/crypto/wolfssl_test
+mkdir build && cd build
+cmake -GNinja -DBOARD=qemu_x86 ..
+ninja
+ninja run
+```
+
--- a/IDE/zephyr/lib/CMakeLists.txt
+++ b/IDE/zephyr/lib/CMakeLists.txt
@@ -0,0 +1,122 @@
+zephyr_interface_library_named(wolfSSL)
+
+if(CONFIG_WOLFSSL_BUILTIN)
+  target_compile_definitions(wolfSSL INTERFACE
+	WOLFSSL_OPTIONS_FILE="${CONFIG_WOLFSSL_OPTIONS_FILE}"
+	)
+
+  target_include_directories(wolfSSL INTERFACE
+	include
+	settings
+	)
+
+  zephyr_library()
+  zephyr_library_sources(zephyr_init.c)
+
+  zephyr_library_sources(library/src/crl.c)
+  zephyr_library_sources(library/src/internal.c)
+  zephyr_library_sources(library/src/keys.c)
+  zephyr_library_sources(library/src/ocsp.c)
+  zephyr_library_sources(library/src/sniffer.c)
+  zephyr_library_sources(library/src/ssl.c)
+  zephyr_library_sources(library/src/tls13.c)
+  zephyr_library_sources(library/src/tls.c)
+  zephyr_library_sources(library/src/wolfio.c)
+
+  zephyr_library_sources(library/wolfcrypt/src/aes.c)
+  zephyr_library_sources(library/wolfcrypt/src/arc4.c)
+  zephyr_library_sources(library/wolfcrypt/src/asm.c)
+  zephyr_library_sources(library/wolfcrypt/src/asn.c)
+  zephyr_library_sources(library/wolfcrypt/src/async.c)
+  zephyr_library_sources(library/wolfcrypt/src/blake2b.c)
+  zephyr_library_sources(library/wolfcrypt/src/camellia.c)
+  zephyr_library_sources(library/wolfcrypt/src/chacha20_poly1305.c)
+  zephyr_library_sources(library/wolfcrypt/src/chacha.c)
+  zephyr_library_sources(library/wolfcrypt/src/cmac.c)
+  zephyr_library_sources(library/wolfcrypt/src/coding.c)
+  zephyr_library_sources(library/wolfcrypt/src/compress.c)
+  zephyr_library_sources(library/wolfcrypt/src/cpuid.c)
+  zephyr_library_sources(library/wolfcrypt/src/cryptocb.c)
+  zephyr_library_sources(library/wolfcrypt/src/curve25519.c)
+  zephyr_library_sources(library/wolfcrypt/src/des3.c)
+  zephyr_library_sources(library/wolfcrypt/src/dh.c)
+  zephyr_library_sources(library/wolfcrypt/src/dsa.c)
+  zephyr_library_sources(library/wolfcrypt/src/ecc.c)
+  zephyr_library_sources(library/wolfcrypt/src/ecc_fp.c)
+  zephyr_library_sources(library/wolfcrypt/src/ed25519.c)
+  zephyr_library_sources(library/wolfcrypt/src/error.c)
+  zephyr_library_sources(library/wolfcrypt/src/fe_low_mem.c)
+  zephyr_library_sources(library/wolfcrypt/src/fe_operations.c)
+  #zephyr_library_sources(library/wolfcrypt/src/fips.c)
+  #zephyr_library_sources(library/wolfcrypt/src/fips_test.c)
+  zephyr_library_sources(library/wolfcrypt/src/ge_low_mem.c)
+  zephyr_library_sources(library/wolfcrypt/src/ge_operations.c)
+  zephyr_library_sources(library/wolfcrypt/src/hash.c)
+  zephyr_library_sources(library/wolfcrypt/src/hc128.c)
+  zephyr_library_sources(library/wolfcrypt/src/hmac.c)
+  zephyr_library_sources(library/wolfcrypt/src/idea.c)
+  zephyr_library_sources(library/wolfcrypt/src/integer.c)
+  zephyr_library_sources(library/wolfcrypt/src/logging.c)
+  zephyr_library_sources(library/wolfcrypt/src/md2.c)
+  zephyr_library_sources(library/wolfcrypt/src/md4.c)
+  zephyr_library_sources(library/wolfcrypt/src/md5.c)
+  zephyr_library_sources(library/wolfcrypt/src/memory.c)
+  #zephyr_library_sources(library/wolfcrypt/src/misc.c)
+  zephyr_library_sources(library/wolfcrypt/src/pkcs12.c)
+  zephyr_library_sources(library/wolfcrypt/src/pkcs7.c)
+  zephyr_library_sources(library/wolfcrypt/src/poly1305.c)
+  zephyr_library_sources(library/wolfcrypt/src/pwdbased.c)
+  zephyr_library_sources(library/wolfcrypt/src/rabbit.c)
+  zephyr_library_sources(library/wolfcrypt/src/random.c)
+  zephyr_library_sources(library/wolfcrypt/src/ripemd.c)
+  zephyr_library_sources(library/wolfcrypt/src/rsa.c)
+  #zephyr_library_sources(library/wolfcrypt/src/selftest.c)
+  zephyr_library_sources(library/wolfcrypt/src/sha256.c)
+  zephyr_library_sources(library/wolfcrypt/src/sha3.c)
+  zephyr_library_sources(library/wolfcrypt/src/sha512.c)
+  zephyr_library_sources(library/wolfcrypt/src/sha.c)
+  zephyr_library_sources(library/wolfcrypt/src/signature.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_arm32.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_arm64.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_armthumb.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_c32.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_c64.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_cortexm.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_int.c)
+  zephyr_library_sources(library/wolfcrypt/src/sp_x86_64.c)
+  zephyr_library_sources(library/wolfcrypt/src/srp.c)
+  zephyr_library_sources(library/wolfcrypt/src/tfm.c)
+  zephyr_library_sources(library/wolfcrypt/src/wc_encrypt.c)
+  zephyr_library_sources(library/wolfcrypt/src/wc_pkcs11.c)
+  zephyr_library_sources(library/wolfcrypt/src/wc_port.c)
+  #zephyr_library_sources(library/wolfcrypt/src/wolfcrypt_first.c)
+  #zephyr_library_sources(library/wolfcrypt/src/wolfcrypt_last.c)
+  zephyr_library_sources(library/wolfcrypt/src/wolfevent.c)
+  zephyr_library_sources(library/wolfcrypt/src/wolfmath.c)
+
+  zephyr_library_link_libraries(wolfSSL)
+
+  add_definitions(-DWOLFSSL_USER_SETTINGS)
+  add_definitions(-DWOLFSSL_ZEPHYR)
+  include_directories("library")
+else()
+  assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.")
+
+  # NB: CONFIG_WOLFSSL_LIBRARY is not regression tested and is
+  # therefore susceptible to bit rot
+
+  target_include_directories(wolfSSL INTERFACE
+	${CONFIG_WOLFSSL_INSTALL_PATH}
+	)
+
+  zephyr_link_libraries(
+    mbedtls_external
+    -L${CONFIG_WOLFSSL_INSTALL_PATH}
+    gcc
+    )
+  # Lib wolfssl depends on libgcc so to allow
+  # wolfssl to link with gcc we need to ensure it is placed
+  # after wolfssl_external on the linkers command line.
+endif()
+
+target_link_libraries(wolfSSL INTERFACE zephyr_interface)
--- a/IDE/zephyr/lib/Kconfig
+++ b/IDE/zephyr/lib/Kconfig
@@ -0,0 +1,85 @@
+# Kconfig - Cryptography primitive options for wolfSSL
+
+#
+# Copyright (c) 2016 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+menuconfig WOLFSSL
+	bool "wolfSSL Support"
+	help
+	  This option enables the wolfSSL cryptography library.
+
+if WOLFSSL
+
+choice
+	prompt "Select implementation"
+	default WOLFSSL_BUILTIN
+
+config WOLFSSL_BUILTIN
+	bool "Enable wolfSSL integrated sources"
+	help
+	  Link with local wolfSSL sources instead of external library.
+
+config WOLFSSL_LIBRARY
+	bool "Enable wolfSSL external library"
+	help
+	  This option enables wolfSSL library.
+
+endchoice
+
+config WOLFSSL_SETTINGS_FILE
+	string "wolfSSL settings file"
+	depends on WOLFSSL_BUILTIN
+	default "user_settings-tls-generic.h"
+	help
+	  Use a specific wolfSSL settings file. The default config file
+	  file can be tweaked with Kconfig. The default settings is
+	  suitable to communicate with majority of HTTPS servers on the Internet,
+	  but has relatively many features enabled. To optimize resources for
+	  special TLS usage, use available Kconfig settings, or select an
+	  alternative config.
+
+if WOLFSSL_BUILTIN && WOLFSSL_SETTINGS_FILE = "user_settings-tls-generic.h"
+source "ext/lib/crypto/wolfssl/Kconfig.tls-generic"
+endif
+
+config WOLFSSL_DEBUG
+	bool "wolfSSL debug activation"
+	depends on WOLFSSL_BUILTIN
+	help
+	  Enable debugging activation for wolfSSL configuration. If you use
+	  wolfSSL/Zephyr integration (e.g. net_app), this will activate debug
+	  logging (of the level configured by WOLFSSL_DEBUG_LEVEL).
+
+config WOLFSSL_INSTALL_PATH
+	string "wolfSSL install path"
+	depends on WOLFSSL_LIBRARY
+	help
+	  This option holds the path where the wolfSSL libraries and headers are
+	  installed. Make sure this option is properly set when WOLFSSL_LIBRARY
+	  is enabled otherwise the build will fail.
+
+config APP_LINK_WITH_WOLFSSL
+	bool "Link 'app' with WOLFSSL"
+	default y
+	depends on WOLFSSL
+	help
+	  Add WOLFSSL header files to the 'app' include path. It may be
+	  disabled if the include paths for WOLFSSL are causing aliasing
+	  issues for 'app'.
+
+endif
+
--- a/IDE/zephyr/lib/Kconfig.tls-generic
+++ b/IDE/zephyr/lib/Kconfig.tls-generic
@@ -0,0 +1,272 @@
+# Kconfig.tls - TLS/DTLS related options
+
+#
+# Copyright (c) 2018 Intel Corporation
+# Copyright (c) 2018 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+menu "TLS configuration"
+
+menu "Supported TLS version"
+
+config WOLFSSL_TLS_VERSION_1_0
+	bool "Enable support for TLS 1.0"
+	select WOLFSSL_ALLOW_TLSV10_ENABLED
+
+config WOLFSSL_TLS_VERSION_1_1
+	bool "Enable support for TLS 1.1"
+	select WOLFSSL_NO_OLD_TLS_DISABLED
+
+config WOLFSSL_TLS_VERSION_1_2
+	bool "Enable support for TLS 1.2"
+	default y
+
+config WOLFSSL_TLS_VERSION_1_3
+	bool "Enable support for TLS 1.3"
+	select WOLFSSL_TLS13_ENABLED
+
+endmenu
+
+menu "Ciphersuite configuration"
+
+comment "Supported key exchange modes"
+
+config WOLFSSL_KEY_EXCHANGE_ALL_ENABLED
+	bool "Enable all available ciphersuite modes"
+	select WOLFSSL_KEY_EXCHANGE_PSK_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_RSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+	select WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+config WOLFSSL_KEY_EXCHANGE_PSK_ENABLED
+	bool "Enable the PSK based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+	bool "Enable the DHE-PSK based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+	bool "Enable the ECDHE-PSK based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+	bool "Enable the RSA-PSK based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_RSA_ENABLED
+	bool "Enable the RSA-only based ciphersuite modes"
+	default y
+
+config WOLFSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+	bool "Enable the DHE-RSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+	bool "Enable the ECDHE-RSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+	bool "Enable the ECDHE-ECDSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+	bool "Enable the ECDH-ECDSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+	bool "Enable the ECDH-RSA based ciphersuite modes"
+
+config WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
+	bool "Enable the ECJPAKE based ciphersuite modes"
+
+if WOLFSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED || \
+   WOLFSSL_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+comment "Supported elliptic curves"
+
+config WOLFSSL_ECP_ALL_ENABLED
+	bool "Enable all available elliptic curves"
+	select WOLFSSL_ECP_DP_SECP192R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP192R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP224R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP256R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP384R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP521R1_ENABLED
+	select WOLFSSL_ECP_DP_SECP192K1_ENABLED
+	select WOLFSSL_ECP_DP_SECP224K1_ENABLED
+	select WOLFSSL_ECP_DP_SECP256K1_ENABLED
+	select WOLFSSL_ECP_DP_BP256R1_ENABLED
+	select WOLFSSL_ECP_DP_BP384R1_ENABLED
+	select WOLFSSL_ECP_DP_BP512R1_ENABLED
+	select WOLFSSL_ECP_DP_CURVE25519_ENABLED
+	select WOLFSSL_ECP_DP_CURVE448_ENABLED
+	select WOLFSSL_ECP_NIST_OPTIM
+
+config WOLFSSL_ECP_DP_SECP192R1_ENABLED
+	bool "Enable SECP192R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP224R1_ENABLED
+	bool "Enable SECP224R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP256R1_ENABLED
+	bool "Enable SECP256R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP384R1_ENABLED
+	bool "Enable SECP384R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP521R1_ENABLED
+	bool "Enable SECP521R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP192K1_ENABLED
+	bool "Enable SECP192K1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP224K1_ENABLED
+	bool "Enable SECP224K1 elliptic curve"
+
+config WOLFSSL_ECP_DP_SECP256K1_ENABLED
+	bool "Enable SECP256K1 elliptic curve"
+
+config WOLFSSL_ECP_DP_BP256R1_ENABLED
+	bool "Enable BP256R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_BP384R1_ENABLED
+	bool "Enable BP384R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_BP512R1_ENABLED
+	bool "Enable BP512R1 elliptic curve"
+
+config WOLFSSL_ECP_DP_CURVE25519_ENABLED
+	bool "Enable CURVE25519 elliptic curve"
+
+config WOLFSSL_ECP_DP_CURVE448_ENABLED
+	bool "Enable CURVE448 elliptic curve"
+
+config WOLFSSL_ECP_NIST_OPTIM
+	bool "Enable NSIT curves optimization"
+
+endif
+
+comment "Supported cipher modes"
+
+config WOLFSSL_CIPHER_ALL_ENABLED
+	bool "Enable all available ciphers"
+	select WOLFSSL_CIPHER_AES_ENABLED
+	select WOLFSSL_CIPHER_CAMELLIA_ENABLED
+	select WOLFSSL_CIPHER_DES_ENABLED
+	select WOLFSSL_CIPHER_ARC4_ENABLED
+	select WOLFSSL_CIPHER_CHACHA20_ENABLED
+	select WOLFSSL_CIPHER_BLOWFISH_ENABLED
+	select WOLFSSL_CIPHER_CCM_ENABLED
+	select WOLFSSL_CIPHER_MODE_XTS_ENABLED
+	select WOLFSSL_CIPHER_MODE_GCM_ENABLED
+	select WOLFSSL_CIPHER_CBC_ENABLED
+	select WOLFSSL_CHACHAPOLY_AEAD_ENABLED
+
+config WOLFSSL_CIPHER_AES_ENABLED
+	bool "Enable the AES block cipher"
+	default y
+
+config WOLFSSL_AES_ROM_TABLES
+	depends on WOLFSSL_CIPHER_AES_ENABLED
+	bool "Use precomputed AES tables stored in ROM."
+	default y
+
+config WOLFSSL_CIPHER_CAMELLIA_ENABLED
+	bool "Enable the Camellia block cipher"
+
+config WOLFSSL_CIPHER_DES_ENABLED
+	bool "Enable the DES block cipher"
+	default y
+
+config WOLFSSL_CIPHER_ARC4_ENABLED
+	bool "Enable the ARC4 stream cipher"
+
+config WOLFSSL_CIPHER_CHACHA20_ENABLED
+	bool "Enable the ChaCha20 stream cipher"
+
+config WOLFSSL_CIPHER_BLOWFISH_ENABLED
+	bool "Enable the Blowfish block cipher"
+
+config WOLFSSL_CIPHER_CCM_ENABLED
+	bool "Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher"
+	depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
+
+config WOLFSSL_CIPHER_MODE_XTS_ENABLED
+	bool "Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES"
+	depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
+
+config WOLFSSL_CIPHER_MODE_GCM_ENABLED
+	bool "Enable the Galois/Counter Mode (GCM) for AES"
+	depends on WOLFSSL_CIPHER_AES_ENABLED || WOLFSSL_CIPHER_CAMELLIA_ENABLED
+
+config WOLFSSL_CIPHER_CBC_ENABLED
+	bool "Enable Cipher Block Chaining mode (CBC) for symmetric ciphers"
+	default y
+
+config WOLFSSL_CHACHAPOLY_AEAD_ENABLED
+	bool "Enable the ChaCha20-Poly1305 AEAD algorithm"
+	depends on WOLFSSL_CIPHER_CHACHA20_ENABLED || WOLFSSL_MAC_POLY1305_ENABLED
+
+comment "Supported message authentication methods"
+
+config WOLFSSL_MAC_ALL_ENABLED
+	bool "Enable all available MAC methods"
+	select WOLFSSL_MAC_MD4_ENABLED
+	select WOLFSSL_MAC_MD5_ENABLED
+	select WOLFSSL_MAC_SHA1_ENABLED
+	select WOLFSSL_MAC_SHA256_ENABLED
+	select WOLFSSL_MAC_SHA512_ENABLED
+	select WOLFSSL_MAC_POLY1305_ENABLED
+
+config WOLFSSL_MAC_MD4_ENABLED
+	bool "Enable the MD4 hash algorithm"
+
+config WOLFSSL_MAC_MD5_ENABLED
+	bool "Enable the MD5 hash algorithm"
+	default y
+
+config WOLFSSL_MAC_SHA1_ENABLED
+	bool "Enable the SHA1 hash algorithm"
+	default y
+
+config WOLFSSL_MAC_SHA256_ENABLED
+	bool "Enable the SHA-224 and SHA-256 hash algorithms"
+	default y
+
+config WOLFSSL_MAC_SHA512_ENABLED
+	bool "Enable the SHA-384 and SHA-512 hash algorithms"
+
+config WOLFSSL_MAC_POLY1305_ENABLED
+	bool "Enable the Poly1305 MAC algorithm"
+
+endmenu
+
+comment "Random number generators"
+
+config WOLFSSL_HMAC_DRBG_ENABLED
+	bool "Enable the HMAC_DRBG random generator"
+	default y
+
+comment "Other configurations"
+
+config WOLFSSL_HAVE_ASM
+	bool "Enable use of assembly code"
+	default y
+	help
+	  Enable use of assembly code in wolfSSL. This improves the performances
+	  of asymetric cryptography, however this might have an impact on the
+	  code size.
+
+config WOLFSSL_USER_SETTTINGS
+	string "User settings file for wolfSSL"
+	help
+	  User settings file that contains wolfSSL defines.
+
+endmenu
--- a/IDE/zephyr/lib/README
+++ b/IDE/zephyr/lib/README
@@ -0,0 +1,12 @@
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
+Please contact wolfSSL Inc. directly at:
+
+Email: licensing@wolfssl.com
+Phone: +1 425 245-8247
+
+More information can be found on the wolfSSL website at www.wolfssl.com.
+
+
--- a/IDE/zephyr/lib/install_lib.sh
+++ b/IDE/zephyr/lib/install_lib.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+WOLFSSL_SRC_DIR=../../..
+
+if [ ! -d $WOLFSSL_SRC_DIR ]; then
+    echo "Directory does not exist: $WOLFSSL_SRC_DIR"
+    exit 1
+fi
+if [ ! -f $WOLFSSL_SRC_DIR/wolfssl/ssl.h ]; then
+    echo "Missing header file: $WOLFSSL_SRC_DIR/wolfssl/ssl.h"
+    exit 1
+fi
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/ext/lib/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl
+
+echo "wolfSSL directory in Zephyr:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Build files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Copy Source Code ..."
+rm -rf $ZEPHYR_WOLFSSL_DIR/library
+mkdir $ZEPHYR_WOLFSSL_DIR/library
+mkdir $ZEPHYR_WOLFSSL_DIR/library/src
+mkdir -p $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src
+
+cp -rf ${WOLFSSL_SRC_DIR}/src/*.c $ZEPHYR_WOLFSSL_DIR/library/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.c $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.i $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/src/*.S $ZEPHYR_WOLFSSL_DIR/library/wolfcrypt/src/
+
+echo "Copy Header Files ..."
+rm -rf $ZEPHYR_WOLFSSL_DIR/include
+mkdir $ZEPHYR_WOLFSSL_DIR/include
+
+cp $ZEPHYR_WOLFSSL_DIR/user_settings.h $ZEPHYR_WOLFSSL_DIR/include/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfssl $ZEPHYR_WOLFSSL_DIR/include/
+rm -f $ZEPHYR_WOLFSSL_DIR/include/wolfssl/options.h
+touch $ZEPHYR_WOLFSSL_DIR/include/wolfssl/options.h
+rm -rf $ZEPHYR_WOLFSSL_DIR/include/wolfssl/wolfcrypt/port
+
+
+echo "Done"
+
--- a/IDE/zephyr/lib/settings/user_settings-tls-generic.h
+++ b/IDE/zephyr/lib/settings/user_settings-tls-generic.h
@@ -0,0 +1,147 @@
+/* wolfssl options.h
+ * generated from configure options
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ */
+
+#ifndef WOLFSSL_OPTIONS_H
+#define WOLFSSL_OPTIONS_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#undef  WOLFSSL_ZEPHYR
+#define WOLFSSL_ZEPHYR
+
+#if 0
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+#endif
+
+#undef  TFM_TIMING_RESISTANT
+#define TFM_TIMING_RESISTANT
+
+#undef  ECC_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+
+#undef  WC_RSA_BLINDING
+#define WC_RSA_BLINDING
+
+#undef  HAVE_AESGCM
+#define HAVE_AESGCM
+
+#undef  WOLFSSL_SHA512
+#define WOLFSSL_SHA512
+
+#undef  WOLFSSL_SHA384
+#define WOLFSSL_SHA384
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  HAVE_ECC
+#define HAVE_ECC
+
+#undef  TFM_ECC256
+#define TFM_ECC256
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  WOLFSSL_SHA224
+#define WOLFSSL_SHA224
+
+#undef  WOLFSSL_SHA3
+#define WOLFSSL_SHA3
+
+#undef  HAVE_POLY1305
+#define HAVE_POLY1305
+
+#undef  HAVE_ONE_TIME_AUTH
+#define HAVE_ONE_TIME_AUTH
+
+#undef  HAVE_CHACHA
+#define HAVE_CHACHA
+
+#undef  HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  USE_FAST_MATH
+#define USE_FAST_MATH
+
+#undef  WOLFSSL_NO_ASM
+#define WOLFSSL_NO_ASM
+
+#undef  WOLFSSL_X86_BUILD
+#define WOLFSSL_X86_BUILD
+
+#undef  WC_NO_ASYNC_THREADING
+#define WC_NO_ASYNC_THREADING
+
+#undef  NO_DES3
+#define NO_DES3
+
+#if 1
+#undef  NO_ASN_TIME
+#define NO_ASN_TIME
+#endif
+
+#undef  WOLFSSL_STATIC_MEMORY
+#define WOLFSSL_STATIC_MEMORY
+
+#if 0
+#undef  WOLFSSL_HAVE_SP_RSA
+#define WOLFSSL_HAVE_SP_RSA
+#undef  WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_DH
+#undef  WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_HAVE_SP_ECC
+#endif
+
+#if 0
+#undef  DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_OPTIONS_H */
+
--- a/IDE/zephyr/lib/user_settings.h
+++ b/IDE/zephyr/lib/user_settings.h
@@ -0,0 +1,147 @@
+
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#ifdef CONFIG_WOLFSSL
+#ifdef CONFIG_WOLFSSL_SETTINGS_FILE
+
+#include CONFIG_WOLFSSL_SETTINGS_FILE
+
+#else
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#undef  WOLFSSL_ZEPHYR
+#define WOLFSSL_ZEPHYR
+
+#if 0
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+#endif
+
+#undef  TFM_TIMING_RESISTANT
+#define TFM_TIMING_RESISTANT
+
+#undef  ECC_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+
+#undef  WC_RSA_BLINDING
+#define WC_RSA_BLINDING
+
+#undef  HAVE_AESGCM
+#define HAVE_AESGCM
+
+#undef  WOLFSSL_SHA512
+#define WOLFSSL_SHA512
+
+#undef  WOLFSSL_SHA384
+#define WOLFSSL_SHA384
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  HAVE_ECC
+#define HAVE_ECC
+
+#undef  TFM_ECC256
+#define TFM_ECC256
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  WOLFSSL_SHA224
+#define WOLFSSL_SHA224
+
+#undef  WOLFSSL_SHA3
+#define WOLFSSL_SHA3
+
+#undef  HAVE_POLY1305
+#define HAVE_POLY1305
+
+#undef  HAVE_ONE_TIME_AUTH
+#define HAVE_ONE_TIME_AUTH
+
+#undef  HAVE_CHACHA
+#define HAVE_CHACHA
+
+#undef  HAVE_HASHDRBG
+#define HAVE_HASHDRBG
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  USE_FAST_MATH
+#define USE_FAST_MATH
+
+#undef  WOLFSSL_NO_ASM
+#define WOLFSSL_NO_ASM
+
+#undef  WOLFSSL_X86_BUILD
+#define WOLFSSL_X86_BUILD
+
+#undef  WC_NO_ASYNC_THREADING
+#define WC_NO_ASYNC_THREADING
+
+#undef  NO_DES3
+#define NO_DES3
+
+#if 1
+#undef  NO_ASN_TIME
+#define NO_ASN_TIME
+#endif
+
+#undef  WOLFSSL_STATIC_MEMORY
+#define WOLFSSL_STATIC_MEMORY
+
+#if 0
+#undef  WOLFSSL_HAVE_SP_RSA
+#define WOLFSSL_HAVE_SP_RSA
+#undef  WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_DH
+#undef  WOLFSSL_HAVE_SP_ECC
+#define WOLFSSL_HAVE_SP_ECC
+#endif
+
+#if 0
+#undef  DEBUG_WOLFSSL
+#define DEBUG_WOLFSSL
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CONFIG_WOLFSSL_SETTINGS_FILE */
+#endif /* CONFIG_WOLFSSL */
+
+#endif /* USER_SETTINGS_H */
+
--- a/IDE/zephyr/lib/zephyr_init.c
+++ b/IDE/zephyr/lib/zephyr_init.c
@@ -0,0 +1,19 @@
+/** @file
+ * @brief wolfSSL initialization
+ *
+ * Initialize the wolfSSL library.
+ */
+
+#include <init.h>
+
+#include "user_settings.h"
+#include "wolfssl/ssl.h"
+
+static int _wolfssl_init(struct device *device)
+{
+    ARG_UNUSED(device);
+
+    return 0;
+}
+
+SYS_INIT(_wolfssl_init, POST_KERNEL, 0);
--- a/IDE/zephyr/setup.sh
+++ b/IDE/zephyr/setup.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Check for zephyr directory on command line
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 'zephyr project root directory path'" 1>&2
+    exit 1
+fi
+ZEPHYR_DIR=$1
+
+# Check zephyr directory exists
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+
+cd `dirname $0`
+
+(cd lib; ./install_lib.sh $ZEPHYR_DIR)
+(cd wolfssl_test; ./install_test.sh $ZEPHYR_DIR)
+(cd wolfssl_tls_sock; ./install_sample.sh $ZEPHYR_DIR)
+(cd wolfssl_tls_thread; ./install_sample.sh $ZEPHYR_DIR)
+
--- a/IDE/zephyr/wolfssl_test/CMakeLists.txt
+++ b/IDE/zephyr/wolfssl_test/CMakeLists.txt
@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.13.1)
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(wolfssl_test)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+
--- a/IDE/zephyr/wolfssl_test/README
+++ b/IDE/zephyr/wolfssl_test/README
@@ -0,0 +1,12 @@
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
+Please contact wolfSSL Inc. directly at:
+
+Email: licensing@wolfssl.com
+Phone: +1 425 245-8247
+
+More information can be found on the wolfSSL website at www.wolfssl.com.
+
+
--- a/IDE/zephyr/wolfssl_test/install_test.sh
+++ b/IDE/zephyr/wolfssl_test/install_test.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+WOLFSSL_SRC_DIR=../../..
+
+if [ ! -d $WOLFSSL_SRC_DIR ]; then
+    echo "Directory does not exist: $WOLFSSL_SRC_DIR"
+    exit 1
+fi
+if [ ! -f $WOLFSSL_SRC_DIR/wolfcrypt/test/test.c ]; then
+    echo "Missing source file: $WOLFSSL_SRC_DIR/wolfcrypt/test/test.h"
+    exit 1
+fi
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_test
+
+echo "wolfSSL directory:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Build files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Copy Source Code ..."
+rm -rf $ZEPHYR_WOLFSSL_DIR/src
+mkdir $ZEPHYR_WOLFSSL_DIR/src
+
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/test/test.c $ZEPHYR_WOLFSSL_DIR/src/
+cp -rf ${WOLFSSL_SRC_DIR}/wolfcrypt/test/test.h $ZEPHYR_WOLFSSL_DIR/src/
+
+echo "Done"
+
--- a/IDE/zephyr/wolfssl_test/prj.conf
+++ b/IDE/zephyr/wolfssl_test/prj.conf
@@ -0,0 +1,25 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=32768
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_POSIX_API=y
+CONFIG_INIT_STACKS=y
+#CONFIG_FLOAT=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
+
+# Networking
+CONFIG_NETWORKING=y
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=y
+CONFIG_NET_SOCKETS=y
+CONFIG_DNS_RESOLVER=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# TLS configuration
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
--- a/IDE/zephyr/wolfssl_test/sample.yaml
+++ b/IDE/zephyr/wolfssl_test/sample.yaml
@@ -0,0 +1,9 @@
+common:
+  harness: crypto
+  tags: crypto
+sample:
+  description: wolfSSL test application
+  name: wolfSSL Test
+tests:
+  test:
+    platform_whitelist: qemu_x86
--- a/IDE/zephyr/wolfssl_tls_sock/CMakeLists.txt
+++ b/IDE/zephyr/wolfssl_tls_sock/CMakeLists.txt
@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.13.1)
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(wolfssl_tls_threaded)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+
--- a/IDE/zephyr/wolfssl_tls_sock/README
+++ b/IDE/zephyr/wolfssl_tls_sock/README
@@ -0,0 +1,12 @@
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
+Please contact wolfSSL Inc. directly at:
+
+Email: licensing@wolfssl.com
+Phone: +1 425 245-8247
+
+More information can be found on the wolfSSL website at www.wolfssl.com.
+
+
--- a/IDE/zephyr/wolfssl_tls_sock/install_sample.sh
+++ b/IDE/zephyr/wolfssl_tls_sock/install_sample.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_tls_sock
+
+echo "wolfSSL directory:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Sample files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Done"
+
--- a/IDE/zephyr/wolfssl_tls_sock/prj.conf
+++ b/IDE/zephyr/wolfssl_tls_sock/prj.conf
@@ -0,0 +1,53 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=12288
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_POSIX_API=y
+CONFIG_INIT_STACKS=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
+
+# General config
+CONFIG_NEWLIB_LIBC=y
+
+# Networking config
+CONFIG_NETWORKING=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=n
+CONFIG_NET_TCP=y
+CONFIG_NET_SOCKETS=y
+CONFIG_NET_SOCKETS_POSIX_NAMES=y
+
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_DNS_RESOLVER=y
+CONFIG_DNS_SERVER_IP_ADDRESSES=y
+CONFIG_DNS_SERVER1="192.0.2.2"
+
+# Network driver config
+CONFIG_TEST_RANDOM_GENERATOR=y
+
+# Network address config
+CONFIG_NET_CONFIG_SETTINGS=y
+CONFIG_NET_CONFIG_NEED_IPV4=y
+CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1"
+CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2"
+CONFIG_NET_CONFIG_MY_IPV4_GW="192.0.2.2"
+
+CONFIG_NET_PKT_TX_COUNT=10
+
+# Network debug config
+#CONFIG_NET_LOG=y
+#CONFIG_NET_PKT_LOG_LEVEL_DBG=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# TLS configuration
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
+CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
+CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
+CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y
--- a/IDE/zephyr/wolfssl_tls_sock/sample.yaml
+++ b/IDE/zephyr/wolfssl_tls_sock/sample.yaml
@@ -0,0 +1,9 @@
+common:
+  harness: crypto
+  tags: crypto
+sample:
+  description: wolfSSL TLS test application
+  name: wolfSSL TLS Test
+tests:
+  test:
+    platform_whitelist: qemu_x86
--- a/IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c
+++ b/IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c
@@ -0,0 +1,512 @@
+/* tls_sock.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#include <wolfssl/test.h>
+
+#ifdef WOLFSSL_ZEPHYR
+#define printf   printk
+#endif
+
+#define BUFFER_SIZE           2048
+#define STATIC_MEM_SIZE       (96*1024)
+#define THREAD_STACK_SIZE     (12*1024)
+#define MAX_SEND_SIZE         256
+
+/* The stack to use in the server's thread. */
+K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER;
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT;
+
+    static byte gMemoryServer[STATIC_MEM_SIZE];
+    static byte gMemoryClient[STATIC_MEM_SIZE];
+#else
+    #define HEAP_HINT_SERVER NULL
+    #define HEAP_HINT_CLIENT NULL
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+/* Application data to send. */
+static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
+static const char msgHTTPIndex[] =
+    "HTTP/1.1 200 OK\n"
+    "Content-Type: text/html\n"
+    "Connection: close\n"
+    "\n"
+    "<html>\n"
+    "<head>\n"
+    "<title>Welcome to wolfSSL!</title>\n"
+    "</head>\n"
+    "<body>\n"
+    "<p>wolfSSL has successfully performed handshake!</p>\n"
+    "</body>\n"
+    "</html>\n";
+
+
+/* Create a new wolfSSL client with a server CA certificate. */
+static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
+                                                   HEAP_HINT_CLIENT)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
+                sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
+                WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load CA certificate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(client_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = client_ctx;
+        *ssl = client_ssl;
+    }
+    else {
+        if (client_ssl != NULL)
+            wolfSSL_free(client_ssl);
+        if (client_ctx != NULL)
+            wolfSSL_CTX_free(client_ctx);
+    }
+
+    return ret;
+}
+
+/* Client connecting to server using TLS */
+static int wolfssl_client_connect(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL Error: %d\n", wolfSSL_get_error(ssl, -1));
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+
+/* Create a new wolfSSL server with a certificate for authentication. */
+static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
+                                                   HEAP_HINT_SERVER)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
+                server_cert_der_2048, sizeof_server_cert_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server certificate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
+                server_key_der_2048, sizeof_server_key_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server key\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(server_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = server_ctx;
+        *ssl = server_ssl;
+    }
+    else {
+        if (server_ssl != NULL)
+            wolfSSL_free(server_ssl);
+        if (server_ctx != NULL)
+            wolfSSL_CTX_free(server_ctx);
+    }
+
+    return ret;
+}
+
+/* Server accepting a client using TLS */
+static int wolfssl_server_accept(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL Error: %d\n", wolfSSL_get_error(ssl, -1));
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+/* Send application data. */
+static int wolfssl_send(WOLFSSL* ssl, const char* msg)
+{
+    int ret = 0;
+    int len;
+
+    printf("Sending:\n%s\n", msg);
+    len = wolfSSL_write(ssl, msg, XSTRLEN(msg));
+    if (len < 0)
+        ret = len;
+    else if (len != XSTRLEN(msg))
+        ret = -1;
+
+    return ret;
+}
+
+/* Receive application data. */
+static int wolfssl_recv(WOLFSSL* ssl)
+{
+    int ret;
+    byte reply[256];
+
+    ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
+    if (ret > 0) {
+        reply[ret] = '\0';
+        printf("Received:\n%s\n", reply);
+        ret = 1;
+    }
+    else if (wolfSSL_want_read(ssl) || wolfSSL_want_write(ssl))
+        ret = 0;
+
+    return ret;
+}
+
+
+/* Free the WOLFSSL object and context. */
+static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
+{
+    if (ssl != NULL)
+        wolfSSL_free(ssl);
+    if (ctx != NULL)
+        wolfSSL_CTX_free(ctx);
+}
+
+
+/* Display the static memory usage. */
+static void wolfssl_memstats(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_STATIC_MEMORY
+    WOLFSSL_MEM_CONN_STATS ssl_stats;
+
+    XMEMSET(&ssl_stats, 0 , sizeof(ssl_stats));
+
+    if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
+        printf("static memory was not used with ssl");
+    else {
+        printf("*** This is memory state before wolfSSL_free is called\n");
+        printf("peak connection memory = %d\n", ssl_stats.peakMem);
+        printf("current memory in use  = %d\n", ssl_stats.curMem);
+        printf("peak connection allocs = %d\n", ssl_stats.peakAlloc);
+        printf("current connection allocs = %d\n",ssl_stats.curAlloc);
+        printf("total connection allocs   = %d\n",ssl_stats.totalAlloc);
+        printf("total connection frees    = %d\n\n", ssl_stats.totalFr);
+    }
+#else
+    (void)ssl;
+#endif
+}
+
+
+/* Start the server thread. */
+void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
+{
+    k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
+                    func, args, NULL, NULL, 5, 0, K_NO_WAIT);
+}
+
+void join_thread(THREAD_TYPE thread)
+{
+    /* Threads are handled in the kernel. */
+}
+
+
+int wolfssl_server_accept_tcp(WOLFSSL* ssl, SOCKET_T* fd, SOCKET_T* acceptfd)
+{
+    int ret = 0;
+    SOCKET_T      sockfd   = WOLFSSL_SOCKET_INVALID;
+    SOCKET_T      clientfd = WOLFSSL_SOCKET_INVALID;
+    SOCKADDR_IN_T client;
+    socklen_t     client_len = sizeof(client);
+    word16        port = 443;
+    struct sockaddr_in bind_addr;
+
+    if (ret == 0) {
+        sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+        bind_addr.sin_family = AF_INET;
+        bind_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+        bind_addr.sin_port = htons(port);
+        if (bind(sockfd, (struct sockaddr *)&bind_addr, sizeof(bind_addr)) != 0)
+            ret = -1;
+    }
+    if (ret == 0) {
+        *fd = sockfd;
+        printf("Server Listen\n");
+        listen(sockfd, 5);
+        if (WOLFSSL_SOCKET_IS_INVALID(sockfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        printf("Server Accept\n");
+        clientfd = accept(sockfd, (struct sockaddr*)&client,
+                          (ACCEPT_THIRD_T)&client_len);
+        if (WOLFSSL_SOCKET_IS_INVALID(clientfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        *acceptfd = clientfd;
+        tcp_set_nonblocking(&clientfd);
+    }
+
+    if (ret == 0) {
+        printf("Server has client\n");
+        if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS)
+            ret = -1;
+    }
+
+    return ret;
+}
+
+/* Thread to do the server operations. */
+void server_thread(void* arg1, void* arg2, void* arg3)
+{
+    int           ret = 0;
+    WOLFSSL_CTX*  server_ctx = NULL;
+    WOLFSSL*      server_ssl = NULL;
+    SOCKET_T      sockfd   = WOLFSSL_SOCKET_INVALID;
+    SOCKET_T      clientfd = WOLFSSL_SOCKET_INVALID;
+
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
+                               sizeof(gMemoryServer),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    if (ret == 0)
+        ret = wolfssl_server_new(&server_ctx, &server_ssl);
+
+    if (ret == 0)
+        ret = wolfssl_server_accept_tcp(server_ssl, &sockfd, &clientfd);
+
+    while (ret == 0) {
+        k_sleep(100);
+        ret = wolfssl_server_accept(server_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
+            break;
+    }
+
+    /* Receive HTTP request */
+    while (ret == 0) {
+        ret = wolfssl_recv(server_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+    /* Send HTTP repsonse */
+    if (ret == 0)
+        ret = wolfssl_send(server_ssl, msgHTTPIndex);
+
+    printf("Server Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Server Memory Stats\n");
+#endif
+    wolfssl_memstats(server_ssl);
+    wolfssl_free(server_ctx, server_ssl);
+    if (clientfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(clientfd);
+    if (sockfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(sockfd);
+}
+
+int wolfssl_client_connect_tcp(WOLFSSL* ssl, SOCKET_T* fd)
+{
+    int              ret = 0;
+    SOCKET_T         sockfd = WOLFSSL_SOCKET_INVALID;
+    static struct    addrinfo hints;
+    struct addrinfo* res;
+
+    XMEMSET(&hints, 0, sizeof(hints));
+    hints.ai_family = AF_INET;
+    hints.ai_socktype = SOCK_STREAM;
+    if (getaddrinfo("192.0.2.1", "443", &hints, &res) != 0)
+        ret = -1;
+
+    if (ret == 0) {
+        printf("Client socket\n");
+        sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+        if (WOLFSSL_SOCKET_IS_INVALID(sockfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        *fd = sockfd;
+        tcp_set_nonblocking(&sockfd);
+    }
+    if (ret == 0) {
+        printf("Client Connect\n");
+        if (connect(sockfd, res->ai_addr, res->ai_addrlen) != 0)
+            ret = -1;
+    }
+
+    if (ret == 0) {
+        printf("Client Connected\n");
+        if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS)
+            ret = -1;
+    }
+
+    return ret;
+}
+
+/* Thread to do the client operations. */
+void client_thread()
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+    SOCKET_T     sockfd = WOLFSSL_SOCKET_INVALID;
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+                               sizeof(gMemoryClient),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    /* Client connection */
+    if (ret == 0)
+        ret = wolfssl_client_new(&client_ctx, &client_ssl);
+
+    if (ret == 0)
+        ret = wolfssl_client_connect_tcp(client_ssl, &sockfd);
+
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_client_connect(client_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
+            break;
+    }
+
+    if (ret == 0)
+        printf("Handshake complete\n");
+
+    /* Send HTTP request */
+    if (ret == 0)
+        ret = wolfssl_send(client_ssl, msgHTTPGet);
+    /* Receive HTTP response */
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_recv(client_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+
+    printf("Client Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Client Memory Stats\n");
+#endif
+    wolfssl_memstats(client_ssl);
+    wolfssl_free(client_ctx, client_ssl);
+    if (sockfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(sockfd);
+}
+
+int main()
+{
+    int          ret = 0;
+    THREAD_TYPE  serverThread;
+
+    wolfSSL_Init();
+
+    /* Start server */
+    start_thread(server_thread, NULL, &serverThread);
+
+    k_sleep(100);
+    client_thread();
+
+    join_thread(serverThread);
+
+    wolfSSL_Cleanup();
+
+    printf("Done\n");
+
+    return (ret == 0) ? 0 : 1;
+}
+
--- a/IDE/zephyr/wolfssl_tls_thread/CMakeLists.txt
+++ b/IDE/zephyr/wolfssl_tls_thread/CMakeLists.txt
@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.13.1)
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(wolfssl_tls_threaded)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+
--- a/IDE/zephyr/wolfssl_tls_thread/README
+++ b/IDE/zephyr/wolfssl_tls_thread/README
@@ -0,0 +1,12 @@
+
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
+Please contact wolfSSL Inc. directly at:
+
+Email: licensing@wolfssl.com
+Phone: +1 425 245-8247
+
+More information can be found on the wolfSSL website at www.wolfssl.com.
+
+
--- a/IDE/zephyr/wolfssl_tls_thread/install_sample.sh
+++ b/IDE/zephyr/wolfssl_tls_thread/install_sample.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_tls_thread
+
+echo "wolfSSL directory:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Sample files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Done"
+
--- a/IDE/zephyr/wolfssl_tls_thread/prj.conf
+++ b/IDE/zephyr/wolfssl_tls_thread/prj.conf
@@ -0,0 +1,29 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=12288
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_POSIX_API=y
+CONFIG_INIT_STACKS=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
+
+# Networking
+CONFIG_NETWORKING=y
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=y
+CONFIG_NET_SOCKETS=y
+CONFIG_DNS_RESOLVER=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# TLS configuration
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
+CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
+CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
+CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y
--- a/IDE/zephyr/wolfssl_tls_thread/sample.yaml
+++ b/IDE/zephyr/wolfssl_tls_thread/sample.yaml
@@ -0,0 +1,9 @@
+common:
+  harness: crypto
+  tags: crypto
+sample:
+  description: wolfSSL TLS test application
+  name: wolfSSL TLS Test
+tests:
+  test:
+    platform_whitelist: qemu_x86
--- a/IDE/zephyr/wolfssl_tls_thread/src/tls_threaded.c
+++ b/IDE/zephyr/wolfssl_tls_thread/src/tls_threaded.c
@@ -0,0 +1,504 @@
+/* tls_threaded.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#include <wolfssl/test.h>
+
+#ifdef WOLFSSL_ZEPHYR
+#define printf   printk
+#endif
+
+#define BUFFER_SIZE           2048
+#define STATIC_MEM_SIZE       (96*1024)
+#define THREAD_STACK_SIZE     (12*1024)
+
+/* The stack to use in the server's thread. */
+K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER;
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT;
+
+    static byte gMemoryServer[STATIC_MEM_SIZE];
+    static byte gMemoryClient[STATIC_MEM_SIZE];
+#else
+    #define HEAP_HINT_SERVER NULL
+    #define HEAP_HINT_CLIENT NULL
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+/* Buffer to hold data for client to read. */
+unsigned char client_buffer[BUFFER_SIZE];
+int client_buffer_sz = 0;
+wolfSSL_Mutex client_mutex;
+
+/* Buffer to hold data for server to read. */
+unsigned char server_buffer[BUFFER_SIZE];
+int server_buffer_sz = 0;
+wolfSSL_Mutex server_mutex;
+
+/* Application data to send. */
+static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
+static const char msgHTTPIndex[] =
+    "HTTP/1.1 200 OK\n"
+    "Content-Type: text/html\n"
+    "Connection: close\n"
+    "\n"
+    "<html>\n"
+    "<head>\n"
+    "<title>Welcome to wolfSSL!</title>\n"
+    "</head>\n"
+    "<body>\n"
+    "<p>wolfSSL has successfully performed handshake!</p>\n"
+    "</body>\n"
+    "</html>\n";
+
+/* wolfSSL client wants to read data from the server. */
+static int recv_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&client_mutex);
+    if (client_buffer_sz > 0) {
+        /* Take as many bytes is available or requested from buffer. */
+        if (sz > client_buffer_sz)
+            sz = client_buffer_sz;
+        XMEMCPY(buff, client_buffer, sz);
+        if (sz < client_buffer_sz) {
+            XMEMMOVE(client_buffer, client_buffer + sz, client_buffer_sz - sz);
+        }
+        client_buffer_sz -= sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_READ;
+    wc_UnLockMutex(&client_mutex);
+
+    return sz;
+}
+
+/* wolfSSL client wants to write data to the server. */
+static int send_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&server_mutex);
+    if (server_buffer_sz < BUFFER_SIZE)
+    {
+        /* Put in as many bytes requested or will fit in buffer. */
+        if (sz > BUFFER_SIZE - server_buffer_sz)
+            sz = BUFFER_SIZE - server_buffer_sz;
+        XMEMCPY(server_buffer + server_buffer_sz, buff, sz);
+        server_buffer_sz += sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_WRITE;
+    wc_UnLockMutex(&server_mutex);
+
+    return sz;
+}
+
+/* wolfSSL server wants to read data from the client. */
+static int recv_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&server_mutex);
+    if (server_buffer_sz > 0) {
+        /* Take as many bytes is available or requested from buffer. */
+        if (sz > server_buffer_sz)
+            sz = server_buffer_sz;
+        XMEMCPY(buff, server_buffer, sz);
+        if (sz < server_buffer_sz) {
+            XMEMMOVE(server_buffer, server_buffer + sz, server_buffer_sz - sz);
+        }
+        server_buffer_sz -= sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_READ;
+    wc_UnLockMutex(&server_mutex);
+
+    return sz;
+}
+
+/* wolfSSL server wants to write data to the client. */
+static int send_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&client_mutex);
+    if (client_buffer_sz < BUFFER_SIZE)
+    {
+        /* Put in as many bytes requested or will fit in buffer. */
+        if (sz > BUFFER_SIZE - client_buffer_sz)
+            sz = BUFFER_SIZE - client_buffer_sz;
+        XMEMCPY(client_buffer + client_buffer_sz, buff, sz);
+        client_buffer_sz += sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_WRITE;
+    wc_UnLockMutex(&client_mutex);
+
+    return sz;
+}
+
+/* Create a new wolfSSL client with a server CA certificate. */
+static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
+                                                   HEAP_HINT_CLIENT)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
+                sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
+                WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load CA certificate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Register callbacks */
+        wolfSSL_SetIORecv(client_ctx, recv_client);
+        wolfSSL_SetIOSend(client_ctx, send_client);
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(client_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = client_ctx;
+        *ssl = client_ssl;
+    }
+    else {
+        if (client_ssl != NULL)
+            wolfSSL_free(client_ssl);
+        if (client_ctx != NULL)
+            wolfSSL_CTX_free(client_ctx);
+    }
+
+    return ret;
+}
+
+/* Client connecting to server using TLS */
+static int wolfssl_client_connect(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+
+/* Create a new wolfSSL server with a certificate for authentication. */
+static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
+                                                   HEAP_HINT_SERVER)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
+                server_cert_der_2048, sizeof_server_cert_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server certificate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
+                server_key_der_2048, sizeof_server_key_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server key\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Register callbacks */
+        wolfSSL_SetIORecv(server_ctx, recv_server);
+        wolfSSL_SetIOSend(server_ctx, send_server);
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(server_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = server_ctx;
+        *ssl = server_ssl;
+    }
+    else {
+        if (server_ssl != NULL)
+            wolfSSL_free(server_ssl);
+        if (server_ctx != NULL)
+            wolfSSL_CTX_free(server_ctx);
+    }
+
+    return ret;
+}
+
+/* Server accepting a client using TLS */
+static int wolfssl_server_accept(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+/* Send application data. */
+static int wolfssl_send(WOLFSSL* ssl, const char* msg)
+{
+    int ret = 0;
+    int len;
+
+    printf("Sending:\n%s\n", msg);
+    len = wolfSSL_write(ssl, msg, XSTRLEN(msg));
+    if (len < 0)
+        ret = len;
+    else if (len != XSTRLEN(msg))
+        ret = -1;
+
+    return ret;
+}
+
+/* Receive application data. */
+static int wolfssl_recv(WOLFSSL* ssl)
+{
+    int ret;
+    byte reply[256];
+
+    ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
+    if (ret > 0) {
+        reply[ret] = '\0';
+        printf("Received:\n%s\n", reply);
+        ret = 1;
+    }
+    else if (wolfSSL_want_read(ssl) || wolfSSL_want_write(ssl))
+        ret = 0;
+
+    return ret;
+}
+
+
+/* Free the WOLFSSL object and context. */
+static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
+{
+    if (ssl != NULL)
+        wolfSSL_free(ssl);
+    if (ctx != NULL)
+        wolfSSL_CTX_free(ctx);
+}
+
+
+/* Display the static memory usage. */
+static void wolfssl_memstats(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_STATIC_MEMORY
+    WOLFSSL_MEM_CONN_STATS ssl_stats;
+
+    XMEMSET(&ssl_stats, 0 , sizeof(ssl_stats));
+
+    if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
+        printf("static memory was not used with ssl");
+    else {
+        printf("*** This is memory state before wolfSSL_free is called\n");
+        printf("peak connection memory = %d\n", ssl_stats.peakMem);
+        printf("current memory in use  = %d\n", ssl_stats.curMem);
+        printf("peak connection allocs = %d\n", ssl_stats.peakAlloc);
+        printf("current connection allocs = %d\n",ssl_stats.curAlloc);
+        printf("total connection allocs   = %d\n",ssl_stats.totalAlloc);
+        printf("total connection frees    = %d\n\n", ssl_stats.totalFr);
+    }
+#else
+    (void)ssl;
+#endif
+}
+
+
+/* Start the server thread. */
+void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
+{
+    k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
+                    func, args, NULL, NULL, 5, 0, K_NO_WAIT);
+}
+
+void join_thread(THREAD_TYPE thread)
+{
+    /* Threads are handled in the kernel. */
+}
+
+
+/* Thread to do the server operations. */
+void server_thread(void* arg1, void* arg2, void* arg3)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
+                               sizeof(gMemoryServer),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    if (ret == 0)
+        ret = wolfssl_server_new(&server_ctx, &server_ssl);
+
+    while (ret == 0) {
+        ret = wolfssl_server_accept(server_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
+            break;
+    }
+
+    /* Receive HTTP request */
+    while (ret == 0) {
+        ret = wolfssl_recv(server_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+    /* Send HTTP response */
+    if (ret == 0)
+        ret = wolfssl_send(server_ssl, msgHTTPIndex);
+
+    printf("Server Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Server Memory Stats\n");
+#endif
+    wolfssl_memstats(server_ssl);
+    wolfssl_free(server_ctx, server_ssl);
+}
+
+int main()
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+    THREAD_TYPE serverThread;
+
+    wolfSSL_Init();
+
+    wc_InitMutex(&client_mutex);
+    wc_InitMutex(&server_mutex);
+
+    /* Start server */
+    start_thread(server_thread, NULL, &serverThread);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+                               sizeof(gMemoryClient),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    /* Client connection */
+    if (ret == 0)
+        ret = wolfssl_client_new(&client_ctx, &client_ssl);
+
+    while (ret == 0) {
+        ret = wolfssl_client_connect(client_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
+            break;
+        k_sleep(10);
+    }
+
+    if (ret == 0)
+        printf("Handshake complete\n");
+
+    /* Send HTTP request */
+    if (ret == 0)
+        ret = wolfssl_send(client_ssl, msgHTTPGet);
+    /* Receive HTTP response */
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_recv(client_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+
+    printf("Client Return: %d\n", ret);
+
+    join_thread(serverThread);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Client Memory Stats\n");
+#endif
+    wolfssl_memstats(client_ssl);
+    wolfssl_free(client_ctx, client_ssl);
+
+    wolfSSL_Cleanup();
+
+    printf("Done\n");
+
+    return (ret == 0) ? 0 : 1;
+}
+
--- a/certs/crl/ca-int-ecc.pem
+++ b/certs/crl/ca-int-ecc.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBYDCCAQUCAQEwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0x
+ODEyMjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBSXHWDD
+hyJZm2AfhLSZHIhNv9oebjALBgNVHRQEBAICIAMwCgYIKoZIzj0EAwIDSQAwRgIh
+AMrFN7PEk0mtpHWZXJQSaXrc2K2BY/iZ6GlKnbM9G44MAiEA5K9dEKgOX/2VvGlR
+YN8aMaQ+Ly9fyMNEnXLR2OOMrBA=
+-----END X509 CRL-----
--- a/certs/crl/ca-int.pem
+++ b/certs/crl/ca-int.pem
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICHDCCAQQCAQEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
+U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRl
+cm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4
+MTIyMTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFO9p4PfV
+HeaZ7Nxt0PfiuVxkcYM1MAsGA1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAQEA
+d++OmLaoou17s32sU/onSY1+Y9PoqYcKqkjK14srsvnrMe8AS3QDsuF721cg3Ekp
+pghG2pmyrvsCB8uaZ5yGE0B7YZ2ZfKjq6IQAQmcMkZ9tVtchmJNGyuB0T8uL8fJE
+JsCvI+eAyYTSjgePQC4x9GMunWwRfQ4DWjXIal8f9WNLnRRZl8MKaTk6fuMM+GBt
+6QJ1qEEeWWwbTnCqAia4dJ/IJGn7bbxwMAs305zrBE8G17gzh4Q4aj/nt71+oM5e
+Jf4XHs2GahUUz29OqiXwsfNfpF9/DHxjTf0UyHjRVV95hdq2QBQNuozVQ/wDiXSH
+12py+paDtyfh1Vw3RapYMQ==
+-----END X509 CRL-----
--- a/certs/crl/client-int-ecc.pem
+++ b/certs/crl/client-int-ecc.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBXTCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBDbGllbnQg
+Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy
+MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBTr1EtZa5Vh
+P1FXtgRNiUGIRFyr8jALBgNVHRQEBAICIAUwCgYIKoZIzj0EAwIDSQAwRgIhAJn0
+klExhxOHZtOQi45DuNnraKRzWV+V0moXQOvQmP4+AiEAk7Oqvn3Ij3ZhB/V+7VT0
+iPE8ipSUmQbQcZzI7BhT86E=
+-----END X509 CRL-----
--- a/certs/crl/client-int.pem
+++ b/certs/crl/client-int.pem
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
+U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBDbGll
+bnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy
+MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFDPYRWbXaIcY
+flQNcCeRxybXhWXAMAsGA1UdFAQEAgIgAjANBgkqhkiG9w0BAQsFAAOCAQEAefil
+VL8oAVmbbtUyF7v7cwZ+3Olt6VuCcevIPYMc8yP7huO21UpkjwrVhr0tru6SA5xO
+2I1lUwcyuH49c2H/RVEmS7q75TErYyXl/D209+LidOqPAnVibNWBsNaqQUn11dEM
+T+VBC6aiUuLxnslpzWUkmromjh0BI2f1AbYEtRDHlaqZakxiZ4FdXPpnopcO44+T
+ZLS2Kj52L6ykB1j70I2HOpZ7C07+MTBLvCV8J0Au1+GNBN1TZSO0dOX8AXLSpS+6
+q3vxJ1nsNYk/P7KdJO8eGYth9pXffKYPzMz0urrnavNd9nO9bR4u89SLepzuedBK
+vX+Acp5M8IcAnw4sEA==
+-----END X509 CRL-----
--- a/certs/crl/include.am
+++ b/certs/crl/include.am
@@ -14,3 +14,12 @@ EXTRA_DIST += \

 EXTRA_DIST += \
 	     certs/crl/crl.revoked
+
+# Intermediate cert CRL's
+EXTRA_DIST += \
+		 certs/crl/ca-int.pem \
+		 certs/crl/client-int.pem \
+	     certs/crl/server-int.pem \
+	     certs/crl/ca-int-ecc.pem \
+		 certs/crl/client-int-ecc.pem \
+	     certs/crl/server-int-ecc.pem
--- a/certs/crl/server-int-ecc.pem
+++ b/certs/crl/server-int-ecc.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBTZXJ2ZXIg
+Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy
+MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBRdXSbvrH42
+Zt2FStKJQIj77KJMDALBgNVHRQEBAICIAQwCgYIKoZIzj0EAwIDSAAwRQIgTKmg
+a595JJuQ5U4Alhi7p8424/02UoN4WLg9tZiGtfICIQDKtdI2JZuVpTmCtRRo8gZH
+H/s5EUrqsIpXoNMdsGO1+w==
+-----END X509 CRL-----
--- a/certs/crl/server-int.pem
+++ b/certs/crl/server-int.pem
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm
+U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBTZXJ2
+ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy
+MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFLMRMsmSmITi
+yfjQO24DQsofDo48MAsGA1UdFAQEAgIgATANBgkqhkiG9w0BAQsFAAOCAQEAEhz6
+qLMqvX2s8/nsg2BjT+07Di3f3kkCZqxWtdvoSHg44lQof2F6UuTeKzlBWfTmFLE9
+qZJ8dj6xSMPEnZnRB1z9HvHRKZGDotuSNWCt4BElXP6ZZpQcIFaYUsWUZJ0Zb7LW
+/06fuepQTeHrxvwNPD6SF5+dVX7doQ2l2ytkQvGHznrWsQNdB2H9K2tAZTIbkiQA
+KcRP1pm1Dt2pZWPbwHws/AcXM4nCIJRUTlo1drHBClDbJB1n/AU8LjX1shX4AUds
+HthMwVmDUjofoXuqzRVyCtfdMH5tgwY//opif+FRXwXjZajx9K+vu68Qa8hI5+9
+sXu6NDs92L2KLfGNmg==
+-----END X509 CRL-----
--- a/certs/include.am
+++ b/certs/include.am
@@ -41,6 +41,7 @@ EXTRA_DIST += \
 	     certs/server-revoked-key.pem \
 	     certs/wolfssl-website-ca.pem \
 	     certs/test-degenerate.p7b \
+	     certs/test-ber-exp02-05-2022.p7b \
 	     certs/test-servercert.p12 \
 	     certs/ecc-rsa-server.p12 \
 	     certs/dsaparams.pem \
@@ -100,3 +101,4 @@ include certs/external/include.am
 include certs/ocsp/include.am
 include certs/test/include.am
 include certs/test-pathlen/include.am
+include certs/intermediate/include.am
--- a/certs/intermediate/ca-int-cert.der
+++ b/certs/intermediate/ca-int-cert.der
--- a/certs/intermediate/ca-int-cert.pem
+++ b/certs/intermediate/ca-int-cert.pem
@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4096 (0x1000)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Dec 21 17:54:00 2018 GMT
+            Not After : Dec 16 17:54:00 2038 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c3:a2:73:5d:21:62:20:ce:3a:71:38:a7:94:bb:
+                    db:87:04:1c:5a:1b:9e:4b:0d:3e:ca:f8:a5:f7:0d:
+                    6a:dc:23:90:22:6a:2b:58:63:4a:28:6a:48:a8:e7:
+                    73:1f:a2:55:d8:4d:02:3b:e2:cb:6b:e2:83:c9:51:
+                    8f:77:fd:dc:2d:5d:23:b7:23:9a:7e:b6:29:68:e8:
+                    2a:4e:a9:fe:32:70:31:9e:f0:ef:ee:f8:8d:e3:fc:
+                    f3:d7:28:dd:7a:1d:9e:ad:23:2b:f1:a6:7f:34:52:
+                    29:66:d2:e5:64:55:64:d6:dd:4b:41:3b:55:83:6e:
+                    c0:11:0e:6e:20:c2:16:73:eb:30:ff:09:46:bb:e7:
+                    cc:c6:03:44:41:11:c6:c1:6c:36:2f:4a:f9:91:55:
+                    ca:58:5e:37:b8:28:10:30:89:40:96:77:cf:70:66:
+                    a4:55:fb:69:0b:e7:d9:b2:33:65:db:72:3a:77:b7:
+                    2b:49:fc:b6:cd:58:10:8d:ab:aa:cb:40:45:77:02:
+                    39:18:b3:8f:33:01:48:77:50:be:8e:73:a7:de:36:
+                    a0:49:8e:2c:16:af:b9:fb:42:2d:35:6a:db:34:37:
+                    d5:14:59:7d:65:72:e5:8b:65:55:4b:20:5e:47:f9:
+                    f8:3a:d3:6c:d9:3a:f5:c7:01:46:31:c3:79:9a:18:
+                    be:49
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         5e:cd:30:ce:13:06:a8:a3:25:6d:85:68:bf:88:3b:68:12:6a:
+         5e:5f:22:82:51:4a:fd:b1:ae:b2:c2:3e:a1:e4:73:97:6f:77:
+         1f:5e:0a:a6:3e:8a:20:93:4c:3f:68:64:69:a8:d7:ae:3e:a5:
+         58:e4:d0:45:e4:7a:5f:cc:68:23:3d:7b:df:8d:33:8d:ba:0b:
+         73:dd:97:41:99:1a:26:7f:17:87:c4:76:bb:3b:b5:15:24:b0:
+         82:4f:2e:0a:c3:fe:ab:75:c9:4d:59:74:1a:c7:33:e7:4f:14:
+         45:5b:f4:d3:c3:a9:9d:34:a8:e1:2a:33:ea:10:07:db:9e:33:
+         83:60:f0:dd:7c:27:0d:6b:92:ef:90:cc:35:b3:4e:e3:fa:ca:
+         87:55:31:e8:7b:8c:c2:35:19:41:6a:76:6c:6c:7a:d0:6a:d1:
+         2d:a8:a6:97:40:73:52:9c:3c:43:a7:4b:f1:b7:04:af:e0:d1:
+         32:3c:ac:df:a7:4a:15:fb:2e:56:d8:5c:4c:99:9d:3c:f0:6d:
+         a0:20:25:96:c9:24:fc:84:4c:dc:de:1d:29:e8:d4:e1:ff:ca:
+         06:2f:39:ed:24:dc:79:f9:2a:18:00:ae:d2:8b:44:eb:2a:94:
+         fb:c8:02:86:0d:7e:1f:65:c7:20:06:5e:ca:50:af:bd:71:cb:
+         06:da:12:ff
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
+YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
+2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
+jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
+glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
+jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
+4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
+l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
+4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
+-----END CERTIFICATE-----
--- a/certs/intermediate/ca-int-ecc-cert.der
+++ b/certs/intermediate/ca-int-ecc-cert.der
--- a/certs/intermediate/ca-int-ecc-cert.pem
+++ b/certs/intermediate/ca-int-ecc-cert.pem
@@ -0,0 +1,52 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4099 (0x1003)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Dec 21 17:54:01 2018 GMT
+            Not After : Dec 16 17:54:01 2038 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub: 
+                    04:95:df:1c:b2:9e:20:a9:1d:a2:5b:ab:5c:9b:a8:
+                    66:06:29:e6:b2:d8:e3:14:a6:c3:c1:b4:ad:4d:44:
+                    18:20:1e:5d:67:fd:15:1d:6d:25:e1:17:b1:71:ca:
+                    85:03:f0:d2:af:41:66:46:36:6d:ea:41:cb:4f:c8:
+                    4a:d0:a0:61:8c
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E
+            X509v3 Authority Key Identifier: 
+                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ecdsa-with-SHA256
+         30:44:02:20:20:8d:bd:bc:08:8a:52:20:ab:bc:f0:94:0c:3c:
+         38:9c:9e:c0:18:53:94:94:7f:57:3d:15:8e:75:5f:8c:82:79:
+         02:20:40:3e:0f:27:9a:e8:ba:9b:f4:99:cf:71:36:68:d1:ed:
+         31:54:37:e8:2e:37:d0:9e:49:a9:27:79:c1:03:34:50
+-----BEGIN CERTIFICATE-----
+MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
+jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
+-----END CERTIFICATE-----
--- a/certs/intermediate/ca-int-ecc-key.der
+++ b/certs/intermediate/ca-int-ecc-key.der
--- a/certs/intermediate/ca-int-ecc-key.pem
+++ b/certs/intermediate/ca-int-ecc-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIDOGXhoaF5CDp/zS7ulq2RPH/WnHFq2fZ0T+vCWd0+LXoAoGCCqGSM49
+AwEHoUQDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbDwbStTUQYIB5dZ/0VHW0l
+4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjA==
+-----END EC PRIVATE KEY-----
--- a/certs/intermediate/ca-int-key.der
+++ b/certs/intermediate/ca-int-key.der
--- a/certs/intermediate/ca-int-key.pem
+++ b/certs/intermediate/ca-int-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAw6JzXSFiIM46cTinlLvbhwQcWhueSw0+yvil9w1q3COQImor
+WGNKKGpIqOdzH6JV2E0CO+LLa+KDyVGPd/3cLV0jtyOafrYpaOgqTqn+MnAxnvDv
+7viN4/zz1yjdeh2erSMr8aZ/NFIpZtLlZFVk1t1LQTtVg27AEQ5uIMIWc+sw/wlG
+u+fMxgNEQRHGwWw2L0r5kVXKWF43uCgQMIlAlnfPcGakVftpC+fZsjNl23I6d7cr
+Sfy2zVgQjauqy0BFdwI5GLOPMwFId1C+jnOn3jagSY4sFq+5+0ItNWrbNDfVFFl9
+ZXLli2VVSyBeR/n4OtNs2Tr1xwFGMcN5mhi+SQIDAQABAoIBAQCwoB1pyrcOiULI
+b+8U4Jpthq+WRvMeLYIwvFcS+uEsiUsbVyF1NoeAf5zEKdqNiAHbPIO0z6j66VI0
+U1elbOP5bOrO8O0OU6aFWX7A8MdYgGS8bCkjZvKsEPeRnQqAsvdMt8F39etIsJlC
+hUunz1UwjDDiXxBwjnAHtjCFkNW2pt6LscUgqSPr/dYIM6H5ZdSINvUYd9v6xvYz
+KQhOZSyikO2sqs/d+tTl1/Onca3HWxynhT4HCe47RQnxaCk+6qa25nrXCIHS+cNh
+Ro79iBqkSsG43nYtZ14ZRsPh4jeie0myP1CzYL94fTNuc9wRXJ/dOIjZu3uCHDxt
+opSopKSBAoGBAPH4m7hf4DbFtBQCXq3sQw2FqQB4WeEiOSGoZLhivAcarc6gUNZ0
+7/eVUJJJ+pW3UlDtZ5aF1yewBXTNackI/pNvHQziSf/hzRzDdsk4ei3cMnctshMk
+XM6oHxw1MyR9g3YhYcAvzmDlevwYj/k2ABhnUva2yM3gD77ao0hjwIyZAoGBAM76
+Gr3ZwT3hh/CzO8GDZuzwLPahLTcBUmCEb+yfr9ELjPH++p4xOw7QZybxaHKlzla0
+wDZ+L5mSL+HciRYIR1JUH+K6PxGqp0ufu6dclLAcNBCEotAtoWSLW3Z7h4LX7/x4
+IafDkxHWMWQxYJaLN5REbJArurY0lu1z5uBqpJ0xAoGBALI2NBpbIru0aKjEBg96
+jvgKlSoveaMCnalYaLYUof9petFP6bnJbmOeqTTVH6Xc2teXwk9uS8SDM8GO+HaE
+FVto3rB6iZ3YJEUnAPm6iuHz54c3NIw8n83krOUNmZkqiAQdGe1+SDW9ThMV1BPr
+3a4bi1MB1GsstuwOA2xxa4MhAoGBAIoPNDU9AfRH8shwlcRv5QDY9/UO770ICa3N
+yWaZ4cncHYjyHrPUfONVyeilEJmg1bDqYmg25YNXis7qrxpeLUzSRm6S8yzSm0ML
+aj2puJh8R5JZFs0sEsKhXkH7BhoV9cN/Ulu4TeqQ6GM/uIDSniEtPwkv0hxlmeML
+843wNJuRAoGBAKloBRB17AOMxVrB51GLWmVDOvbb398bL5WDHnM+j5QjEdL25rVx
+9jDsw9ysikfkjTvs9UfQ6XUIjwurR40hhWoB5KGKvXU3rO/8ds3Gu1EbGmk0h9dS
+seC5knwR/3QrRKHerNP5hzDIeRYaPOnko4Zhoo+28UFAHZcItQGF3lF/
+-----END RSA PRIVATE KEY-----
--- a/certs/intermediate/client-chain-alt-ecc.pem
+++ b/certs/intermediate/client-chain-alt-ecc.pem
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
+bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
+VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
+ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
+c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31
+cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/
+tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
+69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI
+Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
+BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0
+wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
+jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
--- a/certs/intermediate/client-chain-alt.pem
+++ b/certs/intermediate/client-chain-alt.pem
@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
+TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
+BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
+U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
+Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
+nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
+wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
+2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
+utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
+HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
+3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
+XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
+TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
+b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
+EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
+uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
+YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
+2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
+jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
+glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
+jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
+4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
+l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
+4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
--- a/certs/intermediate/client-chain-ecc.der
+++ b/certs/intermediate/client-chain-ecc.der
--- a/certs/intermediate/client-chain-ecc.pem
+++ b/certs/intermediate/client-chain-ecc.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
+bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
+VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
+ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
+c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31
+cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/
+tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
+69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI
+Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
+BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0
+wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD
+wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD
+VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y
+uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
+MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf
+jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA==
+-----END CERTIFICATE-----
--- a/certs/intermediate/client-chain.der
+++ b/certs/intermediate/client-chain.der
--- a/certs/intermediate/client-chain.pem
+++ b/certs/intermediate/client-chain.pem
@@ -0,0 +1,49 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
+TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
+BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
+U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
+Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
+nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
+wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
+2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
+utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
+HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
+3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
+XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
+TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
+b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
+EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
+uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT
+YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz
+c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy
+MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l
+ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L
+DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+
+tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD
+bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV
+2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW
+r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj
+ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn
+jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB
+/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i
+glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z
+jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo
+4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim
+l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU
+4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w==
+-----END CERTIFICATE-----
--- a/certs/intermediate/client-int-cert.der
+++ b/certs/intermediate/client-int-cert.der
--- a/certs/intermediate/client-int-cert.pem
+++ b/certs/intermediate/client-int-cert.pem
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4098 (0x1002)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Dec 21 17:54:00 2018 GMT
+            Not After : Dec 18 17:54:00 2028 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
+                    2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
+                    32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
+                    68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
+                    ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
+                    65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
+                    b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
+                    13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
+                    0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
+                    bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
+                    c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
+                    ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
+                    cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
+                    3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
+                    54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
+                    d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
+                    2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
+                    ba:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Client, S/MIME
+            X509v3 Subject Key Identifier: 
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+            X509v3 Authority Key Identifier: 
+                keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
+
+            X509v3 Key Usage: critical
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, E-mail Protection
+    Signature Algorithm: sha256WithRSAEncryption
+         88:81:21:78:ac:04:8a:79:7e:cd:a5:ba:3b:fe:52:61:e8:9c:
+         5d:28:91:ca:68:72:31:99:d5:15:78:99:d1:03:ff:b6:13:59:
+         23:48:9e:92:94:cc:91:01:93:dc:19:36:68:d7:48:53:ab:99:
+         d8:23:fc:28:98:43:f3:eb:9f:e2:2f:c4:4c:b3:1c:48:35:92:
+         6d:53:46:5d:c1:20:21:07:71:25:a1:37:89:1a:9b:ec:f5:e3:
+         d1:15:a0:fe:10:2e:cd:67:d5:3d:6e:d6:b9:f5:38:8d:3a:12:
+         c9:2e:f9:e1:a9:c8:6f:d6:04:05:66:df:3c:3a:69:d7:aa:6b:
+         5e:71:0d:e3:53:38:3d:87:4a:1e:c7:88:78:1c:87:5a:21:bd:
+         0f:86:f4:7c:86:bd:51:7d:9c:cb:f2:b2:a6:41:7a:f8:bb:08:
+         11:67:6a:31:9f:48:f6:d1:07:a2:36:87:83:73:68:3b:c9:11:
+         5e:ab:a3:d0:61:9a:df:8d:52:b9:8a:79:d2:f3:5d:b0:3d:15:
+         69:ee:a3:b5:c2:be:b4:3f:11:b0:06:d3:b8:b4:32:45:95:ff:
+         76:48:eb:63:0b:1d:79:0f:55:95:d6:7c:86:d4:61:20:f9:0f:
+         a2:82:a4:1f:b1:10:53:d8:e8:c8:27:b3:bd:98:7b:0a:c4:5b:
+         82:d0:6c:cf
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
+TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
+BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm
+U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
+Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
+nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
+wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
+2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
+utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV
+HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns
+3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic
+XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E
+TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI
+b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI
+EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT
+uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw==
+-----END CERTIFICATE-----
--- a/certs/intermediate/client-int-ecc-cert.der
+++ b/certs/intermediate/client-int-ecc-cert.der
--- a/certs/intermediate/client-int-ecc-cert.pem
+++ b/certs/intermediate/client-int-ecc-cert.pem
@@ -0,0 +1,57 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4101 (0x1005)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Dec 21 17:54:01 2018 GMT
+            Not After : Dec 18 17:54:01 2028 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain ECC/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub: 
+                    04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
+                    f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
+                    62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
+                    06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
+                    5f:c7:5d:7f:b4
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Client, S/MIME
+            X509v3 Subject Key Identifier: 
+                EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+            X509v3 Authority Key Identifier: 
+                keyid:97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E
+
+            X509v3 Key Usage: critical
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, E-mail Protection
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:5e:e8:cc:ba:d9:8c:d5:47:f1:00:9f:f6:b6:22:
+         39:45:a4:27:a4:b4:e6:5b:0a:72:74:c0:50:74:2a:28:a5:65:
+         02:21:00:aa:1f:2e:ef:5d:62:5c:e7:e4:93:01:ef:bc:0c:8a:
+         34:a8:86:e8:b7:7c:00:4e:03:b4:17:e3:72:fe:65:81:df
+-----BEGIN CERTIFICATE-----
+MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3
+b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ
+bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD
+VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s
+ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
+c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31
+cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/
+tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU
+69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI
+Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
+BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0
+wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf
+-----END CERTIFICATE-----
--- a/certs/intermediate/genintcerts.sh
+++ b/certs/intermediate/genintcerts.sh
@@ -0,0 +1,293 @@
+#!/bin/sh
+
+# Script for generating RSA and ECC Intermediate CA and server/client certs based on it.
+
+# Result is chains that looks like:
+# RSA Server
+#  ROOT: ./certs/ca-cert.pem
+#      C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com)
+#    INTERMEDIATE: ./certs/intermediate/ca-int-cert.pem 
+#        C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
+#      SERVER: ./certs/intermediate/server-int-cert.pem
+#          C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain/emailAddress=info@wolfssl.com
+
+# RSA Client
+#  ROOT: ./certs/ca-cert.pem
+#      C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com)
+#    INTERMEDIATE: ./certs/intermediate/ca-int-cert.pem 
+#        C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com
+#      CLIENT: ./certs/intermediate/client-int-cert.pem
+#          C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com
+
+# ECC Server
+#  ROOT: ./certs/ca-ecc-cert.pem
+#      C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+#    INTERMEDIATE: ./certs/intermediate/ca-int-ecc-cert.pem 
+#        C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
+#      SERVER: ./certs/intermediate/server-int-ecc-cert.pem
+#          C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain ECC/emailAddress=info@wolfssl.com
+
+# ECC Client
+#  ROOT: ./certs/ca-ecc-cert.pem
+#      C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+#    INTERMEDIATE: ./certs/intermediate/ca-int-ecc-cert.pem 
+#        C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com
+#      CLIENT: ./certs/intermediate/client-int-ecc-cert.pem
+#          C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain ECC/emailAddress=info@wolfssl.com
+
+
+# Run from wolfssl-root as  `./certs/intermediate/genintcerts.sh`
+# To cleanup temp files use `./certs/intermediate/genintcerts.sh clean`
+# To cleanup all files use  `./certs/intermediate/genintcerts.sh cleanall`
+
+dir="."
+
+cleanup_files(){
+    rm -f ./certs/intermediate/index.*
+    rm -f ./certs/intermediate/*.old
+    rm -f ./certs/intermediate/serial
+    rm -f ./certs/intermediate/crlnumber
+    rm -f ./certs/intermediate/*.cnf
+    rm -rf ./certs/intermediate/new_certs
+    exit 0
+}
+
+check_result() {
+    if [ $1 -ne 0 ]; then
+        echo "Step Failed, Abort"
+        exit 1
+    else
+        echo "Step Succeeded!"
+    fi
+}
+
+# Args: 1=CnfFile, 2=Key, 3=Cert
+create_ca_config() {
+    echo "# Generated openssl conf"                              > "$1"
+    echo "[ ca ]"                                               >> "$1"
+    echo "default_ca = CA_default"                              >> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ CA_default ]"                                       >> "$1"
+    echo "certs             = $dir/certs/intermediate"          >> "$1"
+    echo "new_certs_dir     = $dir/certs/intermediate/new_certs">> "$1"
+    echo "database          = $dir/certs/intermediate/index.txt">> "$1"
+    echo "serial            = $dir/certs/intermediate/serial"   >> "$1"
+    echo "RANDFILE          = $dir/private/.rand"               >> "$1"
+    echo ""                                                     >> "$1"
+    echo "private_key       = $dir/$2"                          >> "$1"
+    echo "certificate       = $dir/$3"                          >> "$1"
+    echo ""                                                     >> "$1"
+    echo "crlnumber         = $dir/certs/intermediate/crlnumber">> "$1"
+    echo "crl_extensions    = crl_ext"                          >> "$1"
+    echo "default_crl_days  = 1000"                             >> "$1"
+    echo "default_md        = sha256"                           >> "$1"
+    echo ""                                                     >> "$1"
+    echo "name_opt          = ca_default"                       >> "$1"
+    echo "cert_opt          = ca_default"                       >> "$1"
+    echo "default_days      = 3650"                             >> "$1"
+    echo "preserve          = no"                               >> "$1"
+    echo "policy            = policy_loose"                     >> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ policy_strict ]"                                    >> "$1"
+    echo "countryName             = match"                      >> "$1"
+    echo "stateOrProvinceName     = match"                      >> "$1"
+    echo "organizationName        = match"                      >> "$1"
+    echo "organizationalUnitName  = optional"                   >> "$1"
+    echo "commonName              = supplied"                   >> "$1"
+    echo "emailAddress            = optional"                   >> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ policy_loose ]"                                     >> "$1"
+    echo "countryName             = optional"                   >> "$1"
+    echo "stateOrProvinceName     = optional"                   >> "$1"
+    echo "localityName            = optional"                   >> "$1"
+    echo "organizationName        = optional"                   >> "$1"
+    echo "organizationalUnitName  = optional"                   >> "$1"
+    echo "commonName              = supplied"                   >> "$1"
+    echo "emailAddress            = optional"                   >> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ req ]"                                              >> "$1"
+    echo "default_bits        = 2048"                           >> "$1"
+    echo "distinguished_name  = req_distinguished_name"         >> "$1"
+    echo "string_mask         = utf8only"                       >> "$1"
+    echo "default_md          = sha256"                         >> "$1"
+    echo "x509_extensions     = v3_ca"                          >> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ req_distinguished_name ]"                           >> "$1"
+    echo "countryName                     = US"                 >> "$1"
+    echo "stateOrProvinceName             = Washington"         >> "$1"
+    echo "localityName                    = Seattle"            >> "$1"
+    echo "organizationName                = wolfSSL"            >> "$1"
+    echo "organizationalUnitName          = Development"        >> "$1"
+    echo "commonName                      = www.wolfssl.com"    >> "$1"
+    echo "emailAddress                    = info@wolfssl.com"   >> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ v3_ca ]"                                            >> "$1"
+    echo "subjectKeyIdentifier = hash"                          >> "$1"
+    echo "authorityKeyIdentifier = keyid:always,issuer"         >> "$1"
+    echo "basicConstraints = critical, CA:true"                 >> "$1"
+    echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ v3_intermediate_ca ]"                               >> "$1"
+    echo "subjectKeyIdentifier = hash"                          >> "$1"
+    echo "authorityKeyIdentifier = keyid:always,issuer"         >> "$1"
+    echo "basicConstraints = critical, CA:true, pathlen:0"      >> "$1"
+    echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ usr_cert ]"                                         >> "$1"
+    echo "basicConstraints = CA:FALSE"                          >> "$1"
+    echo "nsCertType = client, email"                           >> "$1"
+    echo "subjectKeyIdentifier = hash"                          >> "$1"
+    echo "authorityKeyIdentifier = keyid,issuer"                >> "$1"
+    echo "keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment">> "$1"
+    echo "extendedKeyUsage = clientAuth, emailProtection"       >> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ server_cert ]"                                      >> "$1"
+    echo "basicConstraints = CA:FALSE"                          >> "$1"
+    echo "nsCertType = server"                                  >> "$1"
+    echo "subjectKeyIdentifier = hash"                          >> "$1"
+    echo "authorityKeyIdentifier = keyid,issuer:always"         >> "$1"
+    echo "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement">> "$1"
+    echo "extendedKeyUsage = serverAuth"                        >> "$1"
+    echo ""                                                     >> "$1"
+    echo "[ crl_ext ]"                                          >> "$1"
+    echo "authorityKeyIdentifier=keyid:always"                  >> "$1"
+}
+
+# Args: 1=reqcnf, 2=signcnf, 3=keyfile, 4=certfile, 5=ext, 6=subj, 7=days
+create_cert() {
+    openssl req -config ./certs/intermediate/$1.cnf -new -sha256 \
+        -key $3 \
+        -out ./certs/intermediate/tmp.csr \
+        -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=$6/emailAddress=info@wolfssl.com"
+    check_result $?
+    openssl ca -config ./certs/intermediate/$2.cnf -extensions $5 -days $7 -notext -md sha256 \
+        -in ./certs/intermediate/tmp.csr -out ./certs/intermediate/$4.pem -batch
+    check_result $?
+    rm ./certs/intermediate/tmp.csr
+
+    # Convert Cert to DER
+    openssl x509 -in ./certs/intermediate/$4.pem -inform PEM -out ./certs/intermediate/$4.der -outform DER
+    check_result $?
+
+    # Add text to cert PEM file
+    openssl x509 -in ./certs/intermediate/$4.pem -text > ./certs/intermediate/tmp.pem
+    check_result $?
+    mv ./certs/intermediate/tmp.pem ./certs/intermediate/$4.pem
+}
+
+if [ "$1" == "clean" ]; then
+    echo "Cleaning temp files"
+    cleanup_files
+fi
+if [ "$1" == "cleanall" ]; then
+    echo "Cleaning all files"
+    rm -f ./certs/intermediate/*.pem
+    rm -f ./certs/intermediate/*.der
+    rm -f ./certs/intermediate/*.csr
+    cleanup_files
+fi
+
+# Make sure required CA files exist and are populated
+rm -f ./certs/intermediate/index.*
+touch ./certs/intermediate/index.txt 
+if [ ! -f ./certs/intermediate/serial ]; then
+    echo 1000 > ./certs/intermediate/serial
+fi
+if [ ! -f ./certs/intermediate/crlnumber ]; then
+    echo 2000 > ./certs/intermediate/crlnumber
+fi
+if [ ! -d ./certs/intermediate/new_certs ]; then
+    mkdir ./certs/intermediate/new_certs
+fi
+
+
+# RSA
+echo "Creating RSA CA configuration cnf files"
+create_ca_config ./certs/intermediate/wolfssl_root.cnf certs/ca-key.pem certs/ca-cert.pem
+create_ca_config ./certs/intermediate/wolfssl_int.cnf certs/intermediate/ca-int-key.pem certs/intermediate/ca-int-cert.pem
+
+if [ ! -f ./certs/intermediate/ca-int-key.pem ]; then
+    echo "Make Intermediate RSA CA Key"
+    openssl genrsa -out ./certs/intermediate/ca-int-key.pem 2048
+    check_result $?
+    openssl rsa -in ./certs/intermediate/ca-int-key.pem -inform PEM -out ./certs/intermediate/ca-int-key.der -outform DER
+    check_result $?
+fi
+
+echo "Create RSA Intermediate CA signed by root"
+create_cert wolfssl_int wolfssl_root ./certs/intermediate/ca-int-key.pem ca-int-cert v3_intermediate_ca "wolfSSL Intermediate CA" 7300
+
+echo "Create RSA Server Certificate signed by intermediate"
+create_cert wolfssl_int wolfssl_int ./certs/server-key.pem server-int-cert server_cert "wolfSSL Server Chain" 3650
+
+echo "Create RSA Client Certificate signed by intermediate"
+create_cert wolfssl_int wolfssl_int ./certs/client-key.pem client-int-cert usr_cert "wolfSSL Client Chain" 3650
+
+echo "Generate CRLs for new certificates"
+openssl ca -config ./certs/intermediate/wolfssl_root.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int.pem -keyfile ./certs/intermediate/ca-int-key.pem -cert ./certs/intermediate/ca-int-cert.pem
+check_result $?
+openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int.pem -keyfile ./certs/server-key.pem -cert ./certs/intermediate/server-int-cert.pem
+check_result $?
+openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int.pem -keyfile ./certs/client-key.pem -cert ./certs/intermediate/client-int-cert.pem
+check_result $?
+
+echo "Assemble test chains - peer first, then intermediate"
+openssl x509 -in ./certs/intermediate/server-int-cert.pem  > ./certs/intermediate/server-chain.pem
+openssl x509 -in ./certs/intermediate/ca-int-cert.pem     >> ./certs/intermediate/server-chain.pem
+cat ./certs/intermediate/server-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/server-chain.der
+
+openssl x509 -in ./certs/intermediate/client-int-cert.pem  > ./certs/intermediate/client-chain.pem
+openssl x509 -in ./certs/intermediate/ca-int-cert.pem     >> ./certs/intermediate/client-chain.pem
+cat ./certs/intermediate/client-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/client-chain.der
+
+echo "Assemble cert chain with extra cert for testing alternate chains"
+cp ./certs/intermediate/server-chain.pem ./certs/intermediate/server-chain-alt.pem
+cp ./certs/intermediate/client-chain.pem ./certs/intermediate/client-chain-alt.pem
+openssl x509 -in ./certs/external/ca-google-root.pem      >> ./certs/intermediate/server-chain-alt.pem
+openssl x509 -in ./certs/external/ca-google-root.pem      >> ./certs/intermediate/client-chain-alt.pem
+
+
+# ECC
+echo "Creating ECC CA configuration cnf files"
+create_ca_config ./certs/intermediate/wolfssl_root_ecc.cnf certs/ca-ecc-key.pem certs/ca-ecc-cert.pem
+create_ca_config ./certs/intermediate/wolfssl_int_ecc.cnf certs/intermediate/ca-int-ecc-key.pem certs/intermediate/ca-int-ecc-cert.pem
+
+if [ ! -f ./certs/intermediate/ca-int-ecc-key.pem ]; then
+    echo "Make Intermediate ECC CA Key"
+    openssl ecparam -name prime256v1 -genkey -noout -out ./certs/intermediate/ca-int-ecc-key.pem
+    check_result $?
+    openssl ec -in ./certs/intermediate/ca-int-ecc-key.pem -inform PEM -out ./certs/intermediate/ca-int-ecc-key.der -outform DER
+    check_result $?
+fi
+
+echo "Create ECC Intermediate CA signed by root"
+create_cert wolfssl_int_ecc wolfssl_root_ecc ./certs/intermediate/ca-int-ecc-key.pem ca-int-ecc-cert v3_intermediate_ca "wolfSSL Intermediate CA ECC" 7300
+
+echo "Create ECC Server Certificate signed by intermediate"
+create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-key.pem server-int-ecc-cert server_cert "wolfSSL Server Chain ECC" 3650
+
+echo "Create ECC Client Certificate signed by intermediate"
+create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-client-key.pem client-int-ecc-cert usr_cert "wolfSSL Client Chain ECC" 3650
+
+echo "Generate CRLs for new certificates"
+openssl ca -config ./certs/intermediate/wolfssl_root_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int-ecc.pem -keyfile ./certs/intermediate/ca-int-ecc-key.pem -cert ./certs/intermediate/ca-int-ecc-cert.pem
+check_result $?
+openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int-ecc.pem -keyfile ./certs/ecc-key.pem -cert ./certs/intermediate/server-int-ecc-cert.pem
+check_result $?
+openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int-ecc.pem -keyfile ./certs/ecc-client-key.pem -cert ./certs/intermediate/client-int-ecc-cert.pem
+check_result $?
+
+echo "Assemble test chains - peer first, then intermediate"
+openssl x509 -in ./certs/intermediate/server-int-ecc-cert.pem  > ./certs/intermediate/server-chain-ecc.pem
+openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem     >> ./certs/intermediate/server-chain-ecc.pem
+cat ./certs/intermediate/server-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/server-chain-ecc.der
+
+openssl x509 -in ./certs/intermediate/client-int-ecc-cert.pem  > ./certs/intermediate/client-chain-ecc.pem
+openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem     >> ./certs/intermediate/client-chain-ecc.pem
+cat ./certs/intermediate/client-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/client-chain-ecc.der
+
+echo "Assemble cert chain with extra untrusted cert for testing alternate chains"
+cp ./certs/intermediate/server-chain-ecc.pem ./certs/intermediate/server-chain-alt-ecc.pem
+cp ./certs/intermediate/client-chain-ecc.pem ./certs/intermediate/client-chain-alt-ecc.pem
+openssl x509 -in ./certs/external/ca-google-root.pem          >> ./certs/intermediate/server-chain-alt-ecc.pem
+openssl x509 -in ./certs/external/ca-google-root.pem          >> ./certs/intermediate/client-chain-alt-ecc.pem
--- a/certs/intermediate/include.am
+++ b/certs/intermediate/include.am
@@ -0,0 +1,34 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+	     certs/intermediate/genintcerts.sh \
+	     certs/intermediate/ca-int-cert.der \
+	     certs/intermediate/ca-int-cert.pem \
+	     certs/intermediate/ca-int-ecc-cert.der \
+	     certs/intermediate/ca-int-ecc-cert.pem \
+	     certs/intermediate/ca-int-ecc-key.der \
+	     certs/intermediate/ca-int-ecc-key.pem \
+	     certs/intermediate/ca-int-key.der \
+	     certs/intermediate/ca-int-key.pem \
+	     certs/intermediate/client-chain-alt-ecc.pem \
+	     certs/intermediate/client-chain-alt.pem \
+	     certs/intermediate/client-chain-ecc.der \
+	     certs/intermediate/client-chain-ecc.pem \
+		 certs/intermediate/client-chain.der \
+	     certs/intermediate/client-chain.pem \
+	     certs/intermediate/client-int-cert.der \
+	     certs/intermediate/client-int-cert.pem \
+	     certs/intermediate/client-int-ecc-cert.der \
+	     certs/intermediate/client-int-ecc-cert.pem \
+	     certs/intermediate/server-chain-alt-ecc.pem \
+	     certs/intermediate/server-chain-alt.pem \
+	     certs/intermediate/server-chain-ecc.der \
+	     certs/intermediate/server-chain-ecc.pem \
+	     certs/intermediate/server-chain.der \
+	     certs/intermediate/server-chain.pem \
+	     certs/intermediate/server-int-cert.der \
+	     certs/intermediate/server-int-cert.pem \
+	     certs/intermediate/server-int-ecc-cert.der \
+	     certs/intermediate/server-int-ecc-cert.pem
--- a/Show More
+++ b/Show More