Merge pull request #894 from JacobBarthelmeh/Release

Prepare for release 3.11.0

.cproject

@@ -66,7 +66,7 @@
 						</toolChain>
 					</folderInfo>
 					<sourceEntries>
-						<entry excluding="wolfcrypt/src/misc.c|IDE/LPCXPRESSO/wolf_example|tirtos|testsuite|tests|swig|support|sslSniffer|scripts|rpm|mqx|mplabx|mcapi|m4|IDE/WORKBENCH|IDE/WIN|IDE/ROWLEY-CROSSWORKS-ARM|IDE/MYSQL|IDE/MDK-ARM|IDE/MDK5-ARM|IDE/LPCXPRESSO/wolf_demo|IDE/LPCXPRESSO/lpc_chip_18xx|IDE/LPCXPRESSO/lpc_board_nxp_lpcxpresso_1837|IDE/iOS|IDE/IAR-EWARM|examples|Debug|certs|build-aux|Backup|autom4te.cache|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
+						<entry excluding="src/bio.c|wolfcrypt/src/evp.c|wolfcrypt/src/misc.c|IDE/LPCXPRESSO/wolf_example|tirtos|testsuite|tests|swig|support|sslSniffer|scripts|rpm|mqx|mplabx|mcapi|m4|IDE/WORKBENCH|IDE/WIN|IDE/ROWLEY-CROSSWORKS-ARM|IDE/MYSQL|IDE/MDK-ARM|IDE/MDK5-ARM|IDE/LPCXPRESSO/wolf_demo|IDE/LPCXPRESSO/lpc_chip_18xx|IDE/LPCXPRESSO/lpc_board_nxp_lpcxpresso_1837|IDE/iOS|IDE/IAR-EWARM|examples|Debug|certs|build-aux|Backup|autom4te.cache|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
 					</sourceEntries>
 				</configuration>
 			</storageModule>

.gitignore

@@ -44,6 +44,12 @@ src/async.c
 wolfssl/async.h
 wolfcrypt/src/async.c
 wolfssl/wolfcrypt/async.h
+wolfcrypt/src/port/intel/quickassist.c
+wolfcrypt/src/port/intel/quickassist_mem.c
+wolfcrypt/src/port/cavium/cavium_nitrox.c
+wolfssl/wolfcrypt/port/intel/quickassist.h
+wolfssl/wolfcrypt/port/intel/quickassist_mem.h
+wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
 ctaocrypt/benchmark/benchmark
 ctaocrypt/test/testctaocrypt
 wolfcrypt/benchmark/benchmark
@@ -64,6 +70,7 @@ testsuite/testsuite
 tests/unit
 testsuite/testsuite.test
 tests/unit.test
+tests/bio_write_test.txt
 testsuite/*.der
 testsuite/*.pem
 testsuite/*.raw
@@ -84,7 +91,18 @@ ecc-key.pem
 certreq.der
 certreq.pem
 pkcs7cert.der
-pkcs7signedData.der
+pkcs7signedData_RSA_SHA.der
+pkcs7signedData_RSA_SHA_noattr.der
+pkcs7signedData_RSA_SHA224.der
+pkcs7signedData_RSA_SHA256.der
+pkcs7signedData_RSA_SHA384.der
+pkcs7signedData_RSA_SHA512.der
+pkcs7signedData_ECDSA_SHA.der
+pkcs7signedData_ECDSA_SHA_noattr.der
+pkcs7signedData_ECDSA_SHA224.der
+pkcs7signedData_ECDSA_SHA256.der
+pkcs7signedData_ECDSA_SHA384.der
+pkcs7signedData_ECDSA_SHA512.der
 pkcs7envelopedDataDES3.der
 pkcs7envelopedDataAES128CBC.der
 pkcs7envelopedDataAES192CBC.der
@@ -188,4 +206,12 @@ wolfcrypt/user-crypto/lib/libusercrypto.*
 wrapper/CSharp/x64/
 
 # Visual Studio Code Workspace Files
-*.vscode
+*.vscode
+
+IDE/INTIME-RTOS/Debug_*
+
+# Hexiwear
+IDE/HEXIWEAR/wolfSSL_HW/Debug
+
+# Binaries
+wolfcrypt/src/port/intel/qat_test

ChangeLog

@@ -0,0 +1 @@
+Please see the file 'README' in this directory.

IDE/ARDUINO/wolfssl-arduino.sh

@@ -13,3 +13,14 @@ if [ "$DIR" = "ARDUINO" ]; then
 else
     echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
 fi
+
+#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since
+#         they are included inline and should not be compiled directly
+
+ARDUINO_DIR=${PWD}
+cd ../../
+rm bio.c
+rm evp.c
+cd $ARDUINO_DIR
+# end script in the origin directory for any future functionality that may be added.
+#End UPDATE: 19 Apr 2017

IDE/HEXIWEAR/wolfSSL_HW/.cproject

@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
+	<storageModule moduleId="org.eclipse.cdt.core.settings">
+		<cconfiguration id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395" moduleId="org.eclipse.cdt.core.settings" name="Debug">
+				<macros>
+					<stringMacro name="PROJECT_KSDK_PATH" type="VALUE_TEXT" value="~/Work/KSDK_1.3.0"/>
+				</macros>
+				<externalSettings>
+					<externalSetting>
+						<entry flags="VALUE_WORKSPACE_PATH" kind="includePath" name="/wolfSSL_HW"/>
+						<entry flags="VALUE_WORKSPACE_PATH" kind="libraryPath" name="/wolfSSL_HW/Debug"/>
+						<entry flags="RESOLVED" kind="libraryFile" name="wolfssl_hw" srcPrefixMapping="" srcRootPath=""/>
+					</externalSetting>
+				</externalSettings>
+				<extensions>
+					<extension id="org.eclipse.cdt.managedbuilder.core.ManagedBuildManager" point="org.eclipse.cdt.core.ScannerInfoProvider"/>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactExtension="a" artifactName="wolfssl_hw" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.staticLib" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.staticLib" cleanCommand="${cross_rm} -rf" description="" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395" name="Debug" parent="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug">
+					<folderInfo id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395." name="/" resourcePath="">
+						<toolChain id="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug.955851768" name="Cross ARM GCC" superClass="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.1637878147" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.none" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.596937133" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.412948756" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1412387181" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.1877241998" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.2038051180" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.max" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1062002269" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.1592667634" name="ARM family" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-m4" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1112951710" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1079530716" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.192917244" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.2108482930" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix" value="arm-none-eabi-" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.500222702" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c" value="gcc" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.175873499" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp" value="g++" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1700937041" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy" value="objcopy" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1874549763" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump" value="objdump" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.178137928" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size" value="size" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1274071175" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make" value="make" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.655658023" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm" value="rm" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.1937238341" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar" value="ar" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1476617138" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.1035232247" name="Enable all common warnings (-Wall)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.lto.8601271" name="Link-time optimizer (-flto)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.lto" value="false" valueType="boolean"/>
+							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.817253425" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
+							<builder buildPath="${workspace_loc:/wolfSSL_HW}/Debug" id="ilg.gnuarmeclipse.managedbuild.cross.builder.2043375702" keepEnvironmentInBuildfile="false" name="Gnu Make Builder" superClass="ilg.gnuarmeclipse.managedbuild.cross.builder"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1135882719" name="Cross ARM GNU Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.369489760" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1086496768" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1696761989" name="Cross ARM GNU C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.9643995" name="Language standard" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std" useByScannerDiscovery="true" value="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.c99" valueType="enumerated"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.349147702" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="false" valueType="includePath">
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}}/../../../&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/devices&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/CMSIS/Include&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/devices/MK64F12/startup&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/drivers/inc&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/hal/inc&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/osa/inc&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${PROJECT_KSDK_PATH}/platform/utilities/inc&quot;"/>
+								</option>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1294205548" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
+									<listOptionValue builtIn="false" value="&quot;CPU_MK64FN1M0VMD12&quot;"/>
+									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
+								</option>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.817994152" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.234608726" name="Cross ARM GNU C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.include.paths.1452713629" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.include.paths" useByScannerDiscovery="false"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.defs.497680378" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
+									<listOptionValue builtIn="false" value="&quot;CPU_MK64FN1M0VMD12&quot;"/>
+								</option>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.909966654" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.506002589" name="Cross ARM GNU C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections.1489822225" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections" value="true" valueType="boolean"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.575756954" name="Cross ARM GNU C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections.11344634" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.paths.1878565771" name="Library search path (-L)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.paths" valueType="libPaths">
+									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/Project_Settings/Linker_Files&quot;"/>
+								</option>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other.1517060693" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other" value="-specs=nosys.specs -specs=nano.specs -Xlinker -z -Xlinker muldefs" valueType="string"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.scriptfile.468376236" name="Script files (-T)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.scriptfile" valueType="stringList">
+									<listOptionValue builtIn="false" value="&quot;MK64FN1M0xxx12_flash.ld&quot;"/>
+								</option>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input.955790366" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input">
+									<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
+									<additionalInput kind="additionalinput" paths="$(LIBS)"/>
+								</inputType>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1962941231" name="Cross ARM GNU Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.1365673947" name="Cross ARM GNU Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.790507756" name="Cross ARM GNU Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source.1929510617" name="Display source (--source|-S)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders.573901902" name="Display all headers (--all-headers|-x)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle.2051558160" name="Demangle names (--demangle|-C)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers.851594065" name="Display line numbers (--line-numbers|-l)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide.1352373056" name="Wide lines (--wide|-w)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide" value="true" valueType="boolean"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.934998862" name="Cross ARM GNU Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format.1738611770" name="Size format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+					<sourceEntries>
+						<entry excluding="wolfcrypt/src/integer.c|wolfcrypt/src/misc.c|src/bio.c|wolfcrypt/src/evp.c|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|SDK|wolfssl/wolfcrypt/port|wolfcrypt/src/port|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
+					</sourceEntries>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
+	<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+		<project id="wolfSSL_HW.ilg.gnuarmeclipse.managedbuild.cross.target.elf.1053752509" name="Executable" projectType="ilg.gnuarmeclipse.managedbuild.cross.target.elf"/>
+	</storageModule>
+	<storageModule moduleId="scannerConfiguration">
+		<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.234608726;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.909966654">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.170735395.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1696761989;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.817994152">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+	</storageModule>
+	<storageModule moduleId="refreshScope" versionNumber="2">
+		<configuration configurationName="Debug">
+			<resource resourceType="PROJECT" workspacePath="/wolfSSL_HW"/>
+		</configuration>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
+</cproject>

IDE/HEXIWEAR/wolfSSL_HW/.cwGeneratedFileSetLog

@@ -0,0 +1,19 @@
+Sources/main.c
+Project_Settings/Linker_Files/MK64FN1M0xxx12_flash.ld
+SDK/platform/CMSIS/Include/core_cmSimd.h
+SDK/platform/devices/MK64F12/include/MK64F12.h
+SDK/platform/CMSIS/Include/arm_common_tables.h
+SDK/platform/CMSIS/Include/arm_const_structs.h
+SDK/platform/devices/MK64F12/include/MK64F12_features.h
+SDK/platform/CMSIS/Include/core_cm4.h
+SDK/platform/CMSIS/Include/core_cmFunc.h
+SDK/platform/CMSIS/Include/core_cmInstr.h
+SDK/platform/devices/fsl_device_registers.h
+SDK/platform/devices/MK64F12/include/fsl_bitaccess.h
+SDK/platform/CMSIS/Include/arm_math.h
+SDK/platform/devices/MK64F12/include/MK64F12_extension.h
+Project_Settings/Startup_Code/startup.c
+Project_Settings/Startup_Code/system_MK64F12.c
+Project_Settings/Startup_Code/startup.h
+Project_Settings/Startup_Code/startup_MK64F12.S
+Project_Settings/Startup_Code/system_MK64F12.h

IDE/HEXIWEAR/wolfSSL_HW/.project

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>wolfSSL_HW</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.core.ccnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>src</name>
+			<type>2</type>
+			<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/src</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt</name>
+			<type>2</type>
+			<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/wolfcrypt</locationURI>
+		</link>
+		<link>
+			<name>wolfssl</name>
+			<type>2</type>
+			<locationURI>$%7BPARENT-3-PROJECT_LOC%7D/wolfssl</locationURI>
+		</link>
+	</linkedResources>
+	<variableList>
+		<variable>
+			<name>PROJECT_KSDK_PATH</name>
+			<value>file:/.KSDK_1.3.0</value>
+		</variable>
+	</variableList>
+</projectDescription>

IDE/HEXIWEAR/wolfSSL_HW/.settings/com.freescale.processorexpert.derivative.prefs

@@ -0,0 +1,2 @@
+eclipse.preferences.version=1
+versionGenerated/versionGenerated=1.0.0.RT7_b1550-0615

IDE/HEXIWEAR/wolfSSL_HW/user_settings.h

@@ -0,0 +1,6 @@
+#define FREESCALE_KSDK_BM
+#define FREESCALE_KSDK_1_3
+#define FSL_HW_CRYPTO_MANUAL_SELECTION
+#define NO_MAIN_DRIVER
+#define USE_CERT_BUFFERS_1024
+#define ECC_USER_CURVES

IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp

@@ -2040,6 +2040,12 @@
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_port.c</name>
     </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\wolfmath.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\wolfevent.c</name>
+    </file>
   </group>
   <group>
     <name>wolfSSL</name>

IDE/IAR-EWARM/Projects/user_settings.h

@@ -8,6 +8,7 @@
 #define NO_DEV_RANDOM
 #define USE_CERT_BUFFERS_2048
 #define WOLFSSL_USER_CURRTIME
+#define SIZEOF_LONG_LONG 8
 
 #define CUSTOM_RAND_GENERATE custom_rand_generate
 /*  warning "write a real random seed!!!!, just for testing now"   */

IDE/INTIME-RTOS/README.md

@@ -0,0 +1,158 @@
+# tenAsys INtime RTOS Port
+
+## Overview
+
+This port is for the tenAsys INtime RTOS available [here](http://www.tenasys.com/intime).
+
+To enable use the define `INTIME_RTOS`.
+
+## Usage
+
+The wolfExamples.sln is a Visual Studio 2015 project. You must have the INtime SDK installed and an INtime RTOS agent running.
+
+The default configuration is set inside the `IDE/INTIME-RTOS/user_settings.h` file.
+
+The example application provides a simple menu interface to select difference application functions to test.
+
+```
+wolfExamples started
+wolfExamples finished initialization
+
+                                MENU
+
+        t. WolfCrypt Test
+        b. WolfCrypt Benchmark
+        c. WolfSSL Client Example
+        s. WolfSSL Server Example
+        l. WolfSSL Localhost Client/Server Example
+Please select one of the above options:
+```
+
+### `t`wolfCrypt Test
+
+Performs testing of all crypto algorithms.
+
+```
+Crypt Test
+error    test passed!
+base64   test passed!
+base64   test passed!
+MD5      test passed!
+SHA      test passed!
+SHA-256  test passed!
+SHA-384  test passed!
+SHA-512  test passed!
+Hash     test passed!
+HMAC-MD5 test passed!
+HMAC-SHA test passed!
+HMAC-SHA256 test passed!
+HMAC-SHA384 test passed!
+HMAC-SHA512 test passed!
+HMAC-KDF    test passed!
+X963-KDF    test passed!
+GMAC     test passed!
+Chacha   test passed!
+POLY1305 test passed!
+ChaCha20-Poly1305 AEAD test passed!
+DES      test passed!
+DES3     test passed!
+AES      test passed!
+AES-GCM  test passed!
+AES-CCM  test passed!
+AES Key Wrap test passed!
+RANDOM   test passed!
+RSA      test passed!
+DH       test passed!
+DSA      test passed!
+SRP      test passed!
+PWDBASED test passed!
+openSSL extra test
+OPENSSL  test passed!
+ECC      test passed!
+ECC Enc  test passed!
+ECC buffer test passed!
+CURVE25519 test passed!
+ED25519  test passed!
+CMAC     test passed!
+PKCS7enveloped test passed!
+PKCS7signed    test passed!
+PKCS7encrypted test passed!
+mutex    test passed!
+memcb    test passed!
+Crypt Test: Return code 0
+```
+
+### `b` wolfCrypt Benchmark
+
+Performs benchmark of crypto algorithms.
+
+```
+Benchmark Test
+RNG      25 kB took 0.002 seconds,   11.017 MB/s
+AES enc  25 kB took 0.002 seconds,   15.090 MB/s
+AES dec  25 kB took 0.002 seconds,   15.119 MB/s
+AES-GCM  25 kB took 0.003 seconds,    9.433 MB/s
+AES-CTR  25 kB took 0.001 seconds,   22.378 MB/s
+AES-CCM  25 kB took 0.002 seconds,   15.306 MB/s
+CHACHA   25 kB took 0.002 seconds,   16.063 MB/s
+CHA-POLY 25 kB took 0.001 seconds,   20.447 MB/s
+3DES     25 kB took 0.002 seconds,   10.717 MB/s
+
+MD5      25 kB took  0.00 seconds,   31.576 MB/s
+POLY1305 25 kB took 0.000 seconds,  201.575 MB/s
+SHA      25 kB took  0.00 seconds,   43.761 MB/s
+SHA-256  25 kB took 0.001 seconds,   19.299 MB/s
+SHA-384  25 kB took 0.002 seconds,   14.577 MB/s
+SHA-512  25 kB took 0.001 seconds,   21.718 MB/s
+AES-CMAC 25 kB took  0.00 seconds,   34.925 MB/s
+
+RSA 2048 public           2.445 milliseconds, avg over 1 iterations
+RSA 2048 private         64.711 milliseconds, avg over 1 iterations
+
+RSA 1024 key generation  318.755 milliseconds, avg over 5 iterations
+RSA 2048 key generation  22648.396 milliseconds, avg over 5 iterations
+DH  2048 key generation  23.119 milliseconds, avg over 1 iterations
+DH  2048 key agreement   26.756 milliseconds, avg over 1 iterations
+
+ECC  256 key generation   2.984 milliseconds, avg over 5 iterations
+EC-DHE   key agreement    2.967 milliseconds, avg over 5 iterations
+EC-DSA   sign   time      1.448 milliseconds, avg over 5 iterations
+EC-DSA   verify time      3.304 milliseconds, avg over 5 iterations
+ECC      encrypt          5.860 milliseconds, avg over 1 iterations
+ECC      decrypt          6.360 milliseconds, avg over 1 iterations
+
+CURVE25519 256 key generation  1.416 milliseconds, avg over 5 iterations
+CURVE25519 key agreement       1.332 milliseconds, avg over 5 iterations
+
+ED25519  key generation   0.320 milliseconds, avg over 5 iterations
+ED25519  sign   time      0.595 milliseconds, avg over 5 iterations
+ED25519  verify time      1.310 milliseconds, avg over 5 iterations
+Benchmark Test: Return code 0
+```
+
+### `c` wolfSSL Client
+
+To configure the host address and port modify the `TLS_HOST_REMOTE` and `TLS_PORT` macros at top of `wolfExamples.c`. This example uses TLS 1.2 to connect to a remote host.
+
+### `s` wolfSSL Server
+
+To configure the port to listen on modify `TLS_PORT` at top of `wolfExamples.c`.
+
+### `l` wolfSSL Localhost Server/Client
+
+Starts a TLS server thread listening on localhost. Starts the TLS client and performs connect, exchanges some data and disconnects.
+
+```
+Waiting for a connection...
+Client connected successfully
+Using Non-Blocking I/O: 0
+Message for server:     Client:
+
+Received:       I hear ya fa shizzle!
+
+The client has closed the connection.
+```
+
+## References
+
+For more information please contact info@wolfssl.com.

IDE/INTIME-RTOS/include.am

@@ -0,0 +1,13 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/INTIME-RTOS/README.md \
+    IDE/INTIME-RTOS/user_settings.h \
+    IDE/INTIME-RTOS/libwolfssl.c \
+    IDE/INTIME-RTOS/libwolfssl.vcxproj \
+    IDE/INTIME-RTOS/wolfExamples.c \
+    IDE/INTIME-RTOS/wolfExamples.h \
+    IDE/INTIME-RTOS/wolfExamples.vcxproj \
+    IDE/INTIME-RTOS/wolfExamples.sln

IDE/INTIME-RTOS/libwolfssl.c

@@ -0,0 +1,20 @@
+// libwolfssl.c
+// Defines the entry point for the DLL application
+
+#include <rt.h>
+
+BOOLEAN __stdcall RslMain( RTHANDLE hModule,
+                        DWORD  ul_reason_for_call,  
+                        LPVOID lpReserved
+                       )
+{
+  switch (ul_reason_for_call) {
+    case RSL_PROCESS_ATTACH:
+    case RSL_THREAD_ATTACH:
+    case RSL_THREAD_DETACH:
+    case RSL_PROCESS_DETACH:
+    break;
+  }
+
+  return TRUE;
+}

IDE/INTIME-RTOS/libwolfssl.vcxproj

@@ -0,0 +1,225 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|INtime">
+      <Configuration>Debug</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|INtime">
+      <Configuration>Release</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="README.md" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="libwolfssl.c" />
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\io.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\src\sniffer.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\async.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\compress.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc_fp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\idea.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rabbit.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\srp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="user_settings.h" />
+    <ClInclude Include="..\..\wolfssl\callbacks.h" />
+    <ClInclude Include="..\..\wolfssl\certs_test.h" />
+    <ClInclude Include="..\..\wolfssl\crl.h" />
+    <ClInclude Include="..\..\wolfssl\error-ssl.h" />
+    <ClInclude Include="..\..\wolfssl\internal.h" />
+    <ClInclude Include="..\..\wolfssl\ocsp.h" />
+    <ClInclude Include="..\..\wolfssl\options.h" />
+    <ClInclude Include="..\..\wolfssl\sniffer.h" />
+    <ClInclude Include="..\..\wolfssl\sniffer_error.h" />
+    <ClInclude Include="..\..\wolfssl\ssl.h" />
+    <ClInclude Include="..\..\wolfssl\test.h" />
+    <ClInclude Include="..\..\wolfssl\version.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\aes.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\arc4.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\asn.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\asn_public.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\async.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2-impl.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2-int.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\camellia.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\chacha.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\chacha20_poly1305.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\cmac.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\coding.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\compress.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\curve25519.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\des3.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\dh.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\dsa.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\ecc.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\ed25519.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\error-crypt.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\fe_operations.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\fips_test.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\ge_operations.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\hash.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\hc128.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\hmac.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\idea.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\integer.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\logging.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\md2.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\md4.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\md5.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\memory.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\mem_track.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\misc.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\mpi_class.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\mpi_superclass.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\pkcs12.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\pkcs7.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\poly1305.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\pwdbased.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\rabbit.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\random.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\ripemd.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\rsa.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\settings.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha256.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha512.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\signature.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\srp.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\tfm.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\types.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\visibility.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\wc_encrypt.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\wc_port.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\wolfevent.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\wolfmath.h" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1731767D-573F-45C9-A466-191DA0D180CF}</ProjectGuid>
+    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <WholeProgramOptimization>false</WholeProgramOptimization>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <ClCompile>
+    </ClCompile>
+    <Link>
+      <Version>21076.20052</Version>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib</AdditionalDependencies>
+      <OutputFile>$(SolutionDir)$(Configuration)\\libwolfssl.rsl</OutputFile>
+    </Link>
+    <ClCompile>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <PreprocessorDefinitions>_USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <XMLDocumentationFileName>$(IntDir)</XMLDocumentationFileName>
+      <ProgramDataBaseFileName>$(IntDir)vc$(PlatformToolsetVersion).pdb</ProgramDataBaseFileName>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <ClCompile>
+    </ClCompile>
+    <Link>
+      <Version>21076.20052</Version>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib</AdditionalDependencies>
+      <OutputFile>$(SolutionDir)$(Configuration)\\libwolfssl.rsl</OutputFile>
+    </Link>
+    <ClCompile>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <PreprocessorDefinitions>_USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <XMLDocumentationFileName>$(IntDir)</XMLDocumentationFileName>
+      <ProgramDataBaseFileName>$(IntDir)vc$(PlatformToolsetVersion).pdb</ProgramDataBaseFileName>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

IDE/INTIME-RTOS/user_settings.h

@@ -0,0 +1,511 @@
+/* Example custom user settings for wolfSSL and INtime RTOS port */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Port - Platform */
+/* ------------------------------------------------------------------------- */
+#undef  INTIME_RTOS
+#define INTIME_RTOS
+
+#undef  WOLF_EXAMPLES_STACK
+#define WOLF_EXAMPLES_STACK         65536
+
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+/* platform already has min()/max() */
+#undef  WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+#undef  WOLFSSL_HAVE_MAX
+#define WOLFSSL_HAVE_MAX
+
+/* disable directory support */
+#undef  NO_WOLFSSL_DIR
+#define NO_WOLFSSL_DIR
+
+/* disable writev */
+#undef  NO_WRITEV
+#define NO_WRITEV
+
+/* we provide main entry point */
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+/* if using in single threaded mode */
+#undef  SINGLE_THREADED
+//#define SINGLE_THREADED
+/* Note: HAVE_THREAD_LS is not support for INtime RTOS */
+
+/* reduces stack usage, by using malloc/free for stack variables over 100 bytes */
+#undef  WOLFSSL_SMALL_STACK
+//#define WOLFSSL_SMALL_STACK
+
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+/* fast math uses stack and inline assembly to speed up math */
+#undef  USE_FAST_MATH
+#define USE_FAST_MATH
+
+#ifdef USE_FAST_MATH
+    /* timing resistance for side-channel attack protection */
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* ECC */
+#if 1
+    #undef  HAVE_ECC
+    #define HAVE_ECC
+
+    /* Support for custom curves */
+    #define WOLFSSL_CUSTOM_CURVES
+
+    /* Curve types */
+    //#define NO_ECC_SECP
+    #define HAVE_ECC_SECPR2
+    #define HAVE_ECC_SECPR3
+    #define HAVE_ECC_BRAINPOOL
+    #define HAVE_ECC_KOBLITZ
+
+    /* Curve sizes */
+    #undef  HAVE_ALL_CURVES
+    //#define HAVE_ALL_CURVES
+    #ifndef HAVE_ALL_CURVES
+        /* allows enabling custom curve sizes */
+        #undef  ECC_USER_CURVES
+        #define ECC_USER_CURVES
+
+        //#define HAVE_ECC112
+        //#define HAVE_ECC128
+        //#define HAVE_ECC160
+        #define HAVE_ECC192
+        #define HAVE_ECC224
+        //#define NO_ECC256
+        #define HAVE_ECC384
+        #define HAVE_ECC521
+    #endif
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    #define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    /* timing resistance for side-channel attack protection */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    #ifdef USE_FAST_MATH
+        /* use reduced size math buffers for ecc points */
+        #undef  ALT_ECC_SIZE
+        #define ALT_ECC_SIZE
+
+        /* Enable TFM optimizations for ECC */
+        #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC192
+        #endif
+        #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC224
+        #endif
+        #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC256
+        #endif
+        #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC384
+        #endif
+        #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC521
+        #endif
+    #endif
+#endif
+
+/* RSA */
+#undef NO_RSA
+#if 1
+    #ifdef USE_FAST_MATH
+        /* Maximum math bits (Max RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+
+    /* RSA blinding countermeasures */
+    #undef  WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
+#else
+    #define NO_RSA
+#endif
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    #ifdef HAVE_AESGCM
+        /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+        //#define GCM_SMALL
+        #define GCM_TABLE
+    #endif
+
+    #undef  WOLFSSL_AES_COUNTER
+    #define WOLFSSL_AES_COUNTER
+
+    #undef  HAVE_AESCCM
+    #define HAVE_AESCCM
+
+    #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT
+
+    #undef  HAVE_AES_KEYWRAP
+    #define HAVE_AES_KEYWRAP
+#else
+    #define NO_AES
+#endif
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 1
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 1
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 0
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 1
+    #define WOLFSSL_SHA512
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 1
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA2
+#endif
+
+/* MD5 */
+#undef  NO_MD5
+#if 1
+#else
+    #define NO_MD5
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef  KEEP_PEER_CERT
+#define KEEP_PEER_CERT
+
+#undef  HAVE_COMP_KEY
+#define HAVE_COMP_KEY
+
+#undef  HAVE_ECC_ENCRYPT
+#define HAVE_ECC_ENCRYPT
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  WOLFSSL_DTLS
+#define WOLFSSL_DTLS
+
+#undef  OPENSSL_EXTRA
+#define OPENSSL_EXTRA
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+#undef  HAVE_HKDF
+#define HAVE_HKDF
+
+#undef  WOLFSSL_CMAC
+#define WOLFSSL_CMAC
+
+#undef  WOLFSSL_KEY_GEN
+#define WOLFSSL_KEY_GEN
+
+#undef  WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_GEN
+
+#undef  WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_REQ
+
+#undef  WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_EXT
+
+#undef  HAVE_PK_CALLBACKS
+#define HAVE_PK_CALLBACKS
+
+#undef  HAVE_ALPN
+#define HAVE_ALPN
+
+#undef  HAVE_SNI
+#define HAVE_SNI
+
+#undef  HAVE_MAX_FRAGMENT
+#define HAVE_MAX_FRAGMENT
+
+#undef  HAVE_TRUNCATED_HMAC
+#define HAVE_TRUNCATED_HMAC
+
+#undef  SESSION_CERTS
+#define SESSION_CERTS
+
+#undef  HAVE_SESSION_TICKET
+#define HAVE_SESSION_TICKET
+
+#undef  WOLFCRYPT_HAVE_SRP
+#define WOLFCRYPT_HAVE_SRP
+
+#undef  WOLFSSL_HAVE_CERT_SERVICE
+#define WOLFSSL_HAVE_CERT_SERVICE
+
+#undef  HAVE_PKCS7
+#define HAVE_PKCS7
+
+#undef  HAVE_X963_KDF
+#define HAVE_X963_KDF
+
+#undef  WOLFSSL_HAVE_WOLFSCEP
+#define WOLFSSL_HAVE_WOLFSCEP
+
+#undef  WOLFSSL_ALWAYS_KEEP_SNI
+#define WOLFSSL_ALWAYS_KEEP_SNI
+
+#undef  WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_VERIFY_CB
+
+#undef  WOLFSSL_SEP
+#define WOLFSSL_SEP
+
+#undef  ATOMIC_USER
+#define ATOMIC_USER
+
+#undef  HAVE_OCSP
+#define HAVE_OCSP
+
+#undef  HAVE_CERTIFICATE_STATUS_REQUEST
+#define HAVE_CERTIFICATE_STATUS_REQUEST
+
+#undef  HAVE_CERTIFICATE_STATUS_REQUEST_V2
+#define HAVE_CERTIFICATE_STATUS_REQUEST_V2
+
+#undef  HAVE_CRL
+#define HAVE_CRL
+
+#undef  PERSIST_CERT_CACHE
+//#define PERSIST_CERT_CACHE
+
+#undef  PERSIST_SESSION_CACHE
+//#define PERSIST_SESSION_CACHE
+
+#undef  WOLFSSL_DER_LOAD
+//#define WOLFSSL_DER_LOAD
+
+#undef  WOLFSSL_DES_ECB
+//#define WOLFSSL_DES_ECB
+
+#undef  HAVE_CAMELLIA
+//#define HAVE_CAMELLIA
+
+#undef  HAVE_NULL_CIPHER
+//#define HAVE_NULL_CIPHER
+
+#undef  WOLFSSL_RIPEMD
+//#define WOLFSSL_RIPEMD
+
+
+/* TLS Session Cache */
+#if 1
+    #define SMALL_SESSION_CACHE
+    //#define MEDIUM_SESSION_CACHE
+    //#define BIG_SESSION_CACHE
+    //#define HUGE_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+/* disables TLS 1.0/1.1 support */
+#undef  NO_OLD_TLS
+//#define NO_OLD_TLS
+
+/* disable access to filesystem */
+#undef  NO_FILESYSTEM
+//#define NO_FILESYSTEM
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  NO_MD4
+#define NO_MD4
+
+/* Pre-shared keys */
+#undef  NO_PSK
+//#define NO_PSK
+
+#undef  NO_DSA
+//#define NO_DSA
+
+#undef  NO_DH
+//#define NO_DH
+
+#undef  NO_DES3
+//#define NO_DES3
+
+#undef  NO_PWDBASED
+//#define NO_PWDBASED
+
+/* encoding/decoding support */
+#undef  NO_CODING
+//#define NO_CODING
+
+/* memory wrappers and memory callbacks */
+#undef  NO_WOLFSSL_MEMORY
+//#define NO_WOLFSSL_MEMORY
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+//#define NO_INLINE
+
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef  USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#undef  DEBUG_WOLFSSL
+//#define DEBUG_WOLFSSL
+#ifdef DEBUG_WOLFSSL
+    /* Use this to measure / print heap usage */
+    #if 0
+        #undef  USE_WOLFSSL_MEMORY
+        #define USE_WOLFSSL_MEMORY
+
+        #undef  WOLFSSL_TRACK_MEMORY
+        #define WOLFSSL_TRACK_MEMORY
+    #endif
+
+    /* Math debugging (adds support for mp_dump) */
+    #undef  WOLFSSL_DEBUG_MATH
+    //#define WOLFSSL_DEBUG_MATH
+#else
+    #undef  NO_ERROR_STRINGS
+    //#define NO_ERROR_STRINGS
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */

IDE/INTIME-RTOS/wolfExamples.c

@@ -0,0 +1,619 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <rt.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <io.h>
+
+#include "wolfExamples.h"
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/certs_test.h>
+#include <wolfcrypt/test/test.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
+
+/*****************************************************************************
+ * Globals
+ ****************************************************************************/
+RTHANDLE            hRootProcess;
+DWORD               dwKtickInUsecs;
+INIT_STRUCT         gInit;
+static int gServerExit = 0;
+static int gServerReady = 0;
+
+static const char menu1[] = "\r\n"
+    "\tt. WolfCrypt Test\r\n"
+    "\tb. WolfCrypt Benchmark\r\n"
+    "\tc. WolfSSL Client Example\r\n"
+    "\ts. WolfSSL Server Example\r\n"
+    "\tl. WolfSSL Localhost Client/Server Example\r\n";
+
+
+/*****************************************************************************
+ * Configuration
+ ****************************************************************************/
+
+#define TLS_MAXDATASIZE 4096           /* maximum acceptable amount of data */
+#define TLS_PORT        11111          /* define default port number */
+#define TLS_HOST_LOCAL  "127.0.0.1"
+#define TLS_HOST_REMOTE "192.168.0.112"
+#define SOCK_MAX_PENDING 5
+#define THREAD_BASE_PRIO 150
+
+
+/*****************************************************************************
+ * TLS Client
+ ****************************************************************************/
+int wolfExample_TLSClient(const char* ip, int port)
+{
+    int          ret = 0;
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;        /* create WOLFSSL object */
+    int                sockFd = -1; /* socket file descriptor */
+    struct sockaddr_in servAddr;    /* struct for server address */
+    char sendBuff[TLS_MAXDATASIZE], rcvBuff[TLS_MAXDATASIZE];
+
+    sockFd = socket(AF_INET, SOCK_STREAM, 0);
+    if (sockFd < 0) {
+        printf("Failed to create socket. Error: %d\n", errno);
+        return errno;
+    }
+
+    memset(&servAddr, 0, sizeof(servAddr)); /* clears memory block for use */
+    servAddr.sin_family = AF_INET;          /* sets addressfamily to internet*/
+    servAddr.sin_port = htons(port);    /* sets port to defined port */
+
+    /* looks for the server at the entered address (ip in the command line) */
+    if (inet_pton(AF_INET, ip, &servAddr.sin_addr) < 1) {
+        /* checks validity of address */
+        ret = errno;
+        printf("Invalid Address. Error: %d\n", ret);
+        goto exit;
+    }
+
+    if (connect(sockFd, (struct sockaddr *)&servAddr, sizeof(servAddr)) < 0) {
+        /* if socket fails to connect to the server*/
+        ret = errno;
+        printf("Connect error. Error: %d\n", ret);
+        goto exit;
+    }
+
+    /* create and initialize WOLFSSL_CTX structure */
+    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
+        printf("SSL_CTX_new error.\n");
+        goto exit;
+    }
+
+    /* load CA certificates into wolfSSL_CTX. which will verify the server */
+    ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
+        sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("Error %d loading CA cert\n", ret);
+        goto exit;
+    }
+    if ((ssl = wolfSSL_new(ctx)) == NULL) {
+        printf("wolfSSL_new error.\n");
+        goto exit;
+    }
+    wolfSSL_set_fd(ssl, sockFd);
+
+    ret = wolfSSL_connect(ssl);
+    if (ret == SSL_SUCCESS) {
+        printf("Message for server:\t");
+        fgets(sendBuff, TLS_MAXDATASIZE, stdin);
+
+        if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
+            /* the message is not able to send, or error trying */
+            ret = wolfSSL_get_error(ssl, 0);
+            printf("Write error: Error: %d\n", ret);
+            goto exit;
+        }
+
+        memset(rcvBuff, 0, TLS_MAXDATASIZE);
+        if (wolfSSL_read(ssl, rcvBuff, TLS_MAXDATASIZE) < 0) {
+            /* the server failed to send data, or error trying */
+            ret = wolfSSL_get_error(ssl, 0);
+            printf("Read error. Error: %d\n", ret);
+            goto exit;
+        }
+        printf("Received: \t%s\n", rcvBuff);
+    }
+
+exit:
+    /* frees all data before client termination */
+    if (sockFd != -1)
+        close(sockFd);
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+    gServerExit = 1;
+
+    return ret;
+}
+
+/*****************************************************************************
+ * TLS Server
+ ****************************************************************************/
+int wolfExample_TLSServer(int port)
+{
+    int ret = 0;
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+    int sockFd = -1, clientFd = -1;
+    struct sockaddr_in serverAddr = {0}, clientAddr = {0};
+    const char reply[]  = "I hear ya fa shizzle!\n";
+    int addrSize        = sizeof(clientAddr);
+    char buff[256];
+
+	sockFd = socket(AF_INET, SOCK_STREAM, 0);
+    if (sockFd < 0) {
+        printf("Failed to create socket. Error: %d\n", errno);
+        return errno;
+    }
+
+    /* create and initialize WOLFSSL_CTX structure */
+    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
+        fprintf(stderr, "wolfSSL_CTX_new error.\n");
+        goto exit;
+    }
+
+    /* Load server certificate into WOLFSSL_CTX */
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
+        sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        fprintf(stderr, "Error %d loading server-cert!\n", ret);
+        goto exit;
+    }
+
+    /* Load server key into WOLFSSL_CTX */
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
+        sizeof_server_key_der_2048, SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        fprintf(stderr, "Error %d loading server-key!\n", ret);
+        goto exit;
+    }
+
+    /* Initialize the server address struct to zero */
+    memset((char *)&serverAddr, 0, sizeof(serverAddr));
+
+    /* Fill the server's address family */
+    serverAddr.sin_family      = AF_INET;
+    serverAddr.sin_addr.s_addr = INADDR_ANY;
+    serverAddr.sin_port        = htons(port);
+
+    /* Attach the server socket to our port */
+    if (bind(sockFd, (struct sockaddr *)&serverAddr, sizeof(serverAddr)) < 0) {
+        printf("ERROR: failed to bind\n");
+        goto exit;
+    }
+
+    printf("Waiting for a connection...\n");
+    gServerReady = 1;
+
+    /* Continuously accept connects while not in an active connection */
+    while (gServerExit == 0) {
+        /* listen for a new connection */
+        ret = listen(sockFd, SOCK_MAX_PENDING);
+        if (ret == 0) {
+            /* Wait until a client connects */
+            clientFd = accept(sockFd, (struct sockaddr*)&clientAddr, &addrSize);
+
+            /* If fails to connect, loop back up and wait for a new connection */
+            if (clientFd == -1) {
+                printf("failed to accept the connection..\n");
+            }
+            /* If it connects, read in and reply to the client */
+            else {
+                printf("Client connected successfully\n");
+
+                ssl = wolfSSL_new(ctx);
+                if (ssl == NULL) {
+                    fprintf(stderr, "wolfSSL_new error.\n");
+                    break;
+                }
+
+                /* direct our ssl to our clients connection */
+                wolfSSL_set_fd(ssl, clientFd);
+
+                printf("Using Non-Blocking I/O: %d\n",
+                    wolfSSL_get_using_nonblock(ssl));
+
+                for ( ; ; ) {
+                    /* Clear the buffer memory for anything  possibly left over */
+                    memset(&buff, 0, sizeof(buff));
+
+                    /* Read the client data into our buff array */
+					ret = wolfSSL_read(ssl, buff, sizeof(buff) - 1);
+                    if (ret > 0) {
+                        /* Print any data the client sends to the console */
+                        printf("Client: %s\n", buff);
+
+                        /* Reply back to the client */
+						ret = wolfSSL_write(ssl, reply, sizeof(reply) - 1);
+                        if (ret < 0) {
+                            printf("wolfSSL_write error = %d\n",
+                                wolfSSL_get_error(ssl, ret));
+                            gServerExit = 1;
+                            break;
+                        }
+                    }
+                    /* if the client disconnects break the loop */
+                    else {
+                        if (ret < 0)
+                            printf("wolfSSL_read error = %d\n",
+                                wolfSSL_get_error(ssl, ret));
+                        else if (ret == 0)
+                            printf("The client has closed the connection.\n");
+                        gServerExit = 1;
+                        break;
+                    }
+                }
+                wolfSSL_free(ssl);           /* Free the WOLFSSL object */
+                ssl = NULL;
+            }
+            close(clientFd);               /* close the connected socket */
+            clientFd = -1;
+        }
+    } /* while */
+
+exit:
+    if (clientFd != -1)
+        close(clientFd);
+    if (sockFd != -1)
+        close(sockFd);
+    wolfSSL_free(ssl);       /* Free the WOLFSSL object */
+    wolfSSL_CTX_free(ctx);   /* Free WOLFSSL_CTX */
+
+    return ret;
+}
+
+/*****************************************************************************
+ * TLS Local Test
+ ****************************************************************************/
+static void wolfSSLLocalServerThread(void* param)
+{
+    int port = (int)((int*)param);
+    wolfExample_TLSServer(port);
+}
+
+int wolfExample_TLSLocal(int port)
+{
+    int ret;
+    RTHANDLE srvHandle;
+
+    /* start server thread */
+    srvHandle = CreateRtThread(THREAD_BASE_PRIO + 10,
+        (LPPROC)wolfSSLLocalServerThread, WOLF_EXAMPLES_STACK, (void*)port);
+    if (srvHandle == BAD_RTHANDLE) {
+        Fail("Cannot create server thread");
+        return -1;
+    }
+
+    /* wait for server to be ready */
+    while (gServerReady != 1) {
+        RtSleep(0);
+    }
+
+    /* run client */
+    ret = wolfExample_TLSClient(TLS_HOST_LOCAL, port);
+
+    return ret;
+}
+
+
+/*****************************************************************************
+ * Thread
+        memset(&args, 0, sizeof(args));
+ ****************************************************************************/
+typedef struct func_args {
+    int    argc;
+    char** argv;
+    int    return_code;
+} func_args;
+
+static void wolfExampleThread(void* param)
+{
+    func_args args;
+
+#ifdef DEBUG_WOLFSSL
+    wolfSSL_Debugging_ON();
+#endif
+
+    /* initialize wolfSSL */
+    wolfSSL_Init();
+
+    while (1) {
+        char rc;
+
+        gServerExit = 0;
+        gServerReady = 0;
+
+        printf("\r\n\t\t\t\tMENU\r\n");
+        printf(menu1);
+        printf("Please select one of the above options: ");
+
+        rc = getchar();
+        switch (rc) {
+            case 't':
+                printf("\nCrypt Test\n");
+                wolfcrypt_test(&args);
+                printf("Crypt Test: Return code %d\n", args.return_code);
+                break;
+
+            case 'b':
+                printf("\nBenchmark Test\n");
+                benchmark_test(&args);
+                printf("Benchmark Test: Return code %d\n", args.return_code);
+                break;
+
+            case 'c':
+                wolfExample_TLSClient(TLS_HOST_REMOTE, TLS_PORT);
+                break;
+
+            case 's':
+                wolfExample_TLSServer(TLS_PORT);
+                break;
+
+            case 'l':
+                wolfExample_TLSLocal(TLS_PORT);
+                break;
+
+            // All other cases go here
+            default:
+                if (rc != '\r' && rc != '\n')
+                    printf("\r\nSelection %c out of range\r\n", rc);
+                break;
+        }
+    }
+
+    wolfSSL_Cleanup();
+}
+
+
+/*****************************************************************************
+* FUNCTION:		Catalog
+*
+* PARAMETERS:	1. handle of the process whose object directory must be used
+*				2. the object whose handle must be cataloged
+*				3. the name to be used (upto 14 characters)
+*
+* RETURNS:		TRUE on success
+*
+* DESCRIPTION:	If the given name already exists,
+*				and the existing name refers to a non-existing object,
+*				then the existing name is removed before cataloging.
+\*****************************************************************************/
+BOOLEAN Catalog(
+	RTHANDLE			hProcess,
+	RTHANDLE			hObject,
+	LPSTR				lpszName)
+{
+	RTHANDLE		hOld;
+
+	if (CatalogRtHandle(hProcess, hObject, lpszName))
+		return TRUE;
+
+	// something wrong: check for the case mentioned above
+	if (((hOld = LookupRtHandle(hProcess, lpszName, NO_WAIT)) != BAD_RTHANDLE) &&
+		(GetRtHandleType(hOld) == INVALID_TYPE))
+	{
+		// this is the case mentioned above: remove the old entry and try again
+		if (UncatalogRtHandle(hProcess, lpszName))
+			return (CatalogRtHandle(hProcess, hObject, lpszName));
+	}
+	return FALSE;
+}
+
+/*****************************************************************************
+* FUNCTION:   Cleanup (local function)
+*
+* DESCRIPTION:
+*  Tell threads to delete themselves and wait a while;
+*  if any thread still exists, kill it.
+*  Remove all other objects as far as they have been created.
+\*****************************************************************************/
+void Cleanup(void)
+{
+	// indicate that we are cleaning up
+	gInit.state		= CLEANUP_BUSY;
+	gInit.bShutdown = TRUE;
+
+#ifdef _DEBUG
+  fprintf(stderr, "wolfExamples started cleaning up\n");
+#endif
+
+	// remove our name from the root process
+	if (gInit.bCataloged) {
+		if (!UncatalogRtHandle(hRootProcess, "wolfExample"))
+			Fail("Cannot remove my own name");
+    }
+
+#ifdef _DEBUG
+	fprintf(stderr, "wolfExamples finished cleaning up\n");
+#endif
+
+	// lie down
+	exit(0);
+}
+
+/*****************************************************************************
+* FUNCTION:     	Fail
+*
+* PARAMETERS:   	same parameters as expected by printf
+*
+* DESCRIPTION:
+*  If in debug mode, prints the message, appending a new line and the error number.
+*  Then the current process is killed graciously:
+*  If the current thread is the main thread, this is done directly.
+*  if the current thread is another one, a terminate request is sent and
+*  the function returns to the calling thread.
+\*****************************************************************************/
+void Fail(LPSTR lpszMessage, ...)
+{
+	EXCEPTION		eh;
+	RTHANDLE		hDelMbx;
+	DWORD			dwTerminate;
+
+#ifdef _DEBUG
+	va_list			ap;
+
+	va_start(ap, lpszMessage);
+	vfprintf(stderr, lpszMessage, ap);
+	va_end(ap);
+	fprintf(stderr, "\nError nr=%x %s\n", GetLastRtError(), GetRtErrorText(GetLastRtError()));
+#endif
+
+	// make sure that exceptions are returned for inline handling
+	GetRtExceptionHandlerInfo(THREAD_HANDLER, &eh);
+	eh.ExceptionMode = 0;
+	SetRtExceptionHandler(&eh);
+
+	// if we had not started initializing yet, just get out
+	if (BEFORE_INIT == gInit.state)
+		exit(0);
+
+	if (gInit.hMain == GetRtThreadHandles(THIS_THREAD))
+	{
+		// this is the main thread:
+		// if we are busy initializing, then do Cleanup
+		if (INIT_BUSY == gInit.state)
+			Cleanup();  // does not return
+
+		// this is the main thread, but we are not initializing: just return
+		return;
+	}
+
+	// this is not the main thread:
+	// ask main thread to do cleanup
+	// (allow some time to setup the deletion mailbox, ignore errors)
+	hDelMbx			= LookupRtHandle(NULL_RTHANDLE, "R?EXIT_MBOX", 5000);
+	dwTerminate		= TERMINATE;
+	SendRtData(hDelMbx, &dwTerminate, 4);
+}
+
+/*****************************************************************************
+*
+* FUNCTION:		UsecsToKticks
+*
+* PARAMETERS:	1. number of usecs
+*
+* RETURNS:		number of low level ticks
+*
+* DESCRIPTION:	returns the parameter if it is WAIT_FOREVER
+*				otherwise rounds up to number of low level ticks
+\*****************************************************************************/
+DWORD UsecsToKticks(DWORD dwUsecs)
+{
+	if (dwUsecs == WAIT_FOREVER)
+		return WAIT_FOREVER;
+
+	return (dwUsecs + dwKtickInUsecs - 1) / dwKtickInUsecs;
+}
+
+
+/*****************************************************************************
+* FUNCTION:         main
+*
+* DESCRIPTION:
+*  This is the main program module.
+*  It creates global objects  and all threads.
+*  The main thread then waits for notifications and acts accordingly
+\*****************************************************************************/
+int main(int argc, char* argv[])
+{
+    SYSINFO         sysinfo;
+    EVENTINFO       eiEventInfo;
+    RTHANDLE        taskHandle;
+
+#ifdef _DEBUG
+    fprintf(stderr, "wolfExamples started\n");
+#endif
+
+    // obtain handle of root process (cannot fail)
+    hRootProcess    = GetRtThreadHandles(ROOT_PROCESS);
+
+    // initialize the structure for cleaning up
+    memset(&gInit, 0, sizeof(gInit));
+    gInit.state     = BEFORE_INIT;
+
+    // get low level tick length in usecs
+    if (!CopyRtSystemInfo(&sysinfo))
+        Fail("Cannot copy system info");
+    dwKtickInUsecs  = 10000 / sysinfo.KernelTickRatio;
+    if (dwKtickInUsecs == 0)
+        Fail("Invalid low level tick length");
+
+    // adjust process max priority (ignore error)
+    // TODO adjust the 2nd parameter to a value closer to zero if you want to allow more priorities
+    SetRtProcessMaxPriority(NULL_RTHANDLE, THREAD_BASE_PRIO);
+
+    // obtain main thread's handle
+    gInit.hMain     = GetRtThreadHandles(THIS_THREAD);
+    gInit.state     = INIT_BUSY;
+
+    // attempt to catalog the thread but ignore error
+    Catalog(NULL_RTHANDLE, gInit.hMain, "TMain");
+
+    // catalog the handle of this process in the root process
+    if (!Catalog(hRootProcess, GetRtThreadHandles(THIS_PROCESS), "wolfExample")) {
+        Fail("Cannot catalog process name");
+    }
+    gInit.bCataloged = TRUE;
+
+    // create thread
+    taskHandle = CreateRtThread(THREAD_BASE_PRIO + 20,
+        (LPPROC)wolfExampleThread, WOLF_EXAMPLES_STACK, 0);
+    if (taskHandle == BAD_RTHANDLE) {
+        Fail("Cannot create thread");
+    }
+
+    // indicate that initialization has finished
+    gInit.state     = INIT_DONE;
+#ifdef _DEBUG
+    fprintf(stderr, "wolfExamples finished initialization\n");
+#endif
+
+    // wait for notifications
+    while (RtNotifyEvent(RT_SYSTEM_NOTIFICATIONS | RT_EXIT_NOTIFICATIONS,
+        WAIT_FOREVER, &eiEventInfo))
+    {
+        switch(eiEventInfo.dwNotifyType)
+        {
+        case TERMINATE:
+            // TODO: this process should terminate
+            // cleanup the environment
+            Cleanup();  // does not return
+
+        case NT_HOST_UP:
+            // TODO: react to a Windows host that has come back
+            break;
+
+        case NT_BLUESCREEN:
+            // TODO: react to a Windows blue screen
+            break;
+
+        case KERNEL_STOPPING:
+            // TODO: react to the INtime kernel stopping
+            break;
+
+        case NT_HOST_HIBERNATE:
+            // TODO: react to the Windows host going in hibernation
+            break;
+
+        case NT_HOST_STANDBY:
+            // TODO: react to the Windows host going in standby mode
+            break;
+
+        case NT_HOST_SHUTDOWN_PENDING:
+            // TODO: react to a Windows host that is about to shutdown
+            break;
+        }
+    }
+    Fail("Notify failed");
+    return 0;
+}

IDE/INTIME-RTOS/wolfExamples.h

@@ -0,0 +1,47 @@
+#ifndef _WOLFEXAMPLES_H_
+#define _WOLFEXAMPLES_H_
+
+#include <rt.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+// support functions for all threads
+BOOLEAN				Catalog(RTHANDLE hProcess, RTHANDLE hObject, LPSTR lpszName);
+void				Cleanup(void);
+void				Fail(LPSTR lpszMessage, ...);
+DWORD				UsecsToKticks(DWORD dwUsecs);
+
+
+/* Example API's */
+int wolfExample_TLSServer(int port);
+int wolfExample_TLSClient(const char* ip, int port);
+int wolfExample_TLSLocal(int port);
+
+
+// global type definitions
+typedef enum {
+	BEFORE_INIT,
+	INIT_BUSY,
+	INIT_DONE,
+	CLEANUP_BUSY
+}					INIT_STATE;
+
+typedef struct {
+	RTHANDLE			hMain;		// RTHANDLE of main thread
+	INIT_STATE			state;		// main thread state
+	BOOLEAN				bCataloged;	// TRUE if we cataloged process name in root
+	BOOLEAN				bShutdown;	// TRUE if all threads have to terminate
+}					INIT_STRUCT;
+
+// global variables
+extern RTHANDLE		hRootProcess;	// RTHANDLE of root process
+extern DWORD		dwKtickInUsecs;	// length of one low level tick in usecs
+extern INIT_STRUCT	gInit;			// structure describing all global objects
+
+#ifdef __cplusplus
+    }    /* extern "C" */
+#endif
+
+#endif /* _WOLFEXAMPLES_H_ */

IDE/INTIME-RTOS/wolfExamples.sln

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.23107.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfExamples", "wolfExamples.vcxproj", "{557A7EFD-2627-478A-A855-50F518DD13EE}"
+	ProjectSection(ProjectDependencies) = postProject
+		{1731767D-573F-45C9-A466-191DA0D180CF} = {1731767D-573F-45C9-A466-191DA0D180CF}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libwolfssl", "libwolfssl.vcxproj", "{1731767D-573F-45C9-A466-191DA0D180CF}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|INtime = Debug|INtime
+		Release|INtime = Release|INtime
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{557A7EFD-2627-478A-A855-50F518DD13EE}.Debug|INtime.ActiveCfg = Debug|INtime
+		{557A7EFD-2627-478A-A855-50F518DD13EE}.Debug|INtime.Build.0 = Debug|INtime
+		{557A7EFD-2627-478A-A855-50F518DD13EE}.Release|INtime.ActiveCfg = Release|INtime
+		{557A7EFD-2627-478A-A855-50F518DD13EE}.Release|INtime.Build.0 = Release|INtime
+		{1731767D-573F-45C9-A466-191DA0D180CF}.Debug|INtime.ActiveCfg = Debug|INtime
+		{1731767D-573F-45C9-A466-191DA0D180CF}.Debug|INtime.Build.0 = Debug|INtime
+		{1731767D-573F-45C9-A466-191DA0D180CF}.Release|INtime.ActiveCfg = Release|INtime
+		{1731767D-573F-45C9-A466-191DA0D180CF}.Release|INtime.Build.0 = Release|INtime
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

IDE/INTIME-RTOS/wolfExamples.vcxproj

@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|INtime">
+      <Configuration>Debug</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|INtime">
+      <Configuration>Release</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="README.md" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="wolfExamples.c" />
+    <ClCompile Include="..\..\wolfcrypt\test\test.c" />
+    <ClCompile Include="..\..\wolfcrypt\benchmark\benchmark.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="user_settings.h" />
+    <ClInclude Include="wolfExamples.h" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{557A7EFD-2627-478A-A855-50F518DD13EE}</ProjectGuid>
+    <ProjectName>wolfExamples</ProjectName>
+    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>false</WholeProgramOptimization>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <ClCompile>
+    </ClCompile>
+    <Link>
+      <Version>21076.20053</Version>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib;libwolfssl.lib</AdditionalDependencies>
+      <OutputFile>$(SolutionDir)$(Configuration)\\wolfExamples.rta</OutputFile>
+      <AdditionalLibraryDirectories>$(ProjectDir)$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+    </Link>
+    <ClCompile>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(IntDir)vc$(PlatformToolsetVersion).pdb</ProgramDataBaseFileName>
+      <XMLDocumentationFileName>$(IntDir)</XMLDocumentationFileName>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <ClCompile>
+    </ClCompile>
+    <Link>
+      <Version>21076.20053</Version>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib;libwolfssl.lib</AdditionalDependencies>
+      <OutputFile>$(SolutionDir)$(Configuration)\\wolfExamples.rta</OutputFile>
+      <AdditionalLibraryDirectories>$(ProjectDir)$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+    </Link>
+    <ClCompile>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(IntDir)vc$(PlatformToolsetVersion).pdb</ProgramDataBaseFileName>
+      <XMLDocumentationFileName>$(IntDir)</XMLDocumentationFileName>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

IDE/ROWLEY-CROSSWORKS-ARM/Kinetis_MemoryMap.xml

@@ -1,11 +0,0 @@
-<!DOCTYPE Board_Memory_Definition_File>
-<Root name="Kinetis">
-  <MemorySegment size="0x80000" access="ReadOnly" start="0x00000000" name="FLASH" />
-  <MemorySegment size="0x80000/2" access="Read/Write" start="0x00000000" name="FLASH_L" />
-  <MemorySegment size="0x80000/2" access="Read/Write" start="0x00000000+0x80000/2" name="FLASH_H" />
-  <MemorySegment size="0x20000" access="Read/Write" start="0x1fff0000" name="SRAM" />
-  <MemorySegment size="0x10000" access="Read/Write" start="0x1fff0000" name="SRAM_L" />
-  <MemorySegment size="0x10000" access="Read/Write" start="0x20000000" name="SRAM_H" />
-  <MemorySegment size="0x100000" access="Read/Write" start="0x40000000" name="PERIPHERALS" />
-  <MemorySegment size="0x100000" access="Read/Write" start="0xE0000000" name="PPB" />
-</Root>

IDE/ROWLEY-CROSSWORKS-ARM/README.md

@@ -27,12 +27,23 @@ Also the "Target Processor" in each of the projects ("Project Properties" -> "Ta
 
 ## Hardware Crypto Acceleration
 
-To enable Freescale MMCAU:
+To enable NXP/Freescale MMCAU:
 
 1. [Download the MMCAU library](http://www.freescale.com/products/arm-processors/kinetis-cortex-m/k-series/k7x-glcd-mcus/crypto-acceleration-unit-cau-and-mmcau-software-library:CAUAP).
 2. Copy the `lib_mmcau.a` and `cau_api.h` files into the project.
-3. Enable the `FREESCALE_MMCAU` define in `user_settings.h` and make sure its value is `1`.
+3. Define `USE_NXP_MMCAU` to enable in `user_settings.h`.
 4. Add the `lib_mmcau.a` file to `Source Files` in the application project.
+5. Open the wolfssl_ltc.hzp CrossWorks project
+6. Build and run
+
+To enable the NXP/Freescale MMCAU and/or LTC:
+
+1. [Download the NXP KSDK 2.0](https://nxp.flexnetoperations.com/control/frse/download?agree=Accept&element=7353807)
+2. Copy the following folders into IDE/ROWLEY-CROSSWORKS-ARM: drivers, mmcau_2.0.0 and CMSIS.
+3. Copy the following files into IDE/ROWLEY-CROSSWORKS-ARM: clock_config.c, clock_config.h, fsl_debug_console.c, fsl_debug_console.h, fsl_device_registers.h, system_MK82F25615.c, system_MK82F25615.h, MK82F25615.h and MK82F25615_features.h.
+4. Define `USE_NXP_LTX` to enable in `user_settings.h`.
+5. Open the wolfssl_ltc.hzp CrossWorks project
+6. Build and run
 
 # Project Files
 

IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c

@@ -84,6 +84,8 @@ void reset_handler(void)
 // Vector Exception/Interrupt Handlers
 static void Default_Handler(void)
 {
+    /* If we get here then need to implement real IRQ handler */
+    while(1);
 }
 
 void HardFault_HandlerC( uint32_t *hardfault_args )
@@ -93,48 +95,48 @@ void HardFault_HandlerC( uint32_t *hardfault_args )
     values of the variables, make them global my moving their declaration outside
     of this function. */
     volatile uint32_t stacked_r0;
-	volatile uint32_t stacked_r1;
-	volatile uint32_t stacked_r2;
-	volatile uint32_t stacked_r3;
-	volatile uint32_t stacked_r12;
-	volatile uint32_t stacked_lr;
+    volatile uint32_t stacked_r1;
+    volatile uint32_t stacked_r2;
+    volatile uint32_t stacked_r3;
+    volatile uint32_t stacked_r12;
+    volatile uint32_t stacked_lr;
     volatile uint32_t stacked_pc;
-	volatile uint32_t stacked_psr;
-	volatile uint32_t _CFSR;
-	volatile uint32_t _HFSR;
-	volatile uint32_t _DFSR;
-	volatile uint32_t _AFSR;
-	volatile uint32_t _BFAR;
-	volatile uint32_t _MMAR;
+    volatile uint32_t stacked_psr;
+    volatile uint32_t _CFSR;
+    volatile uint32_t _HFSR;
+    volatile uint32_t _DFSR;
+    volatile uint32_t _AFSR;
+    volatile uint32_t _BFAR;
+    volatile uint32_t _MMAR;
 
-	stacked_r0 = ((uint32_t)hardfault_args[0]);
-	stacked_r1 = ((uint32_t)hardfault_args[1]);
-	stacked_r2 = ((uint32_t)hardfault_args[2]);
-	stacked_r3 = ((uint32_t)hardfault_args[3]);
-	stacked_r12 = ((uint32_t)hardfault_args[4]);
-	stacked_lr = ((uint32_t)hardfault_args[5]);
-	stacked_pc = ((uint32_t)hardfault_args[6]);
-	stacked_psr = ((uint32_t)hardfault_args[7]);
+    stacked_r0 = ((uint32_t)hardfault_args[0]);
+    stacked_r1 = ((uint32_t)hardfault_args[1]);
+    stacked_r2 = ((uint32_t)hardfault_args[2]);
+    stacked_r3 = ((uint32_t)hardfault_args[3]);
+    stacked_r12 = ((uint32_t)hardfault_args[4]);
+    stacked_lr = ((uint32_t)hardfault_args[5]);
+    stacked_pc = ((uint32_t)hardfault_args[6]);
+    stacked_psr = ((uint32_t)hardfault_args[7]);
 
     // Configurable Fault Status Register
     // Consists of MMSR, BFSR and UFSR
-	_CFSR = (*((volatile uint32_t *)(0xE000ED28)));	
-											
-	// Hard Fault Status Register
-	_HFSR = (*((volatile uint32_t *)(0xE000ED2C)));
+    _CFSR = (*((volatile uint32_t *)(0xE000ED28)));	
+                             
+    // Hard Fault Status Register
+    _HFSR = (*((volatile uint32_t *)(0xE000ED2C)));
 
-	// Debug Fault Status Register
-	_DFSR = (*((volatile uint32_t *)(0xE000ED30)));
+    // Debug Fault Status Register
+    _DFSR = (*((volatile uint32_t *)(0xE000ED30)));
 
-	// Auxiliary Fault Status Register
-	_AFSR = (*((volatile uint32_t *)(0xE000ED3C)));
+    // Auxiliary Fault Status Register
+    _AFSR = (*((volatile uint32_t *)(0xE000ED3C)));
 
-	// Read the Fault Address Registers. These may not contain valid values.
-	// Check BFARVALID/MMARVALID to see if they are valid values
-	// MemManage Fault Address Register
-	_MMAR = (*((volatile uint32_t *)(0xE000ED34)));
-	// Bus Fault Address Register
-	_BFAR = (*((volatile uint32_t *)(0xE000ED38)));
+    // Read the Fault Address Registers. These may not contain valid values.
+    // Check BFARVALID/MMARVALID to see if they are valid values
+    // MemManage Fault Address Register
+    _MMAR = (*((volatile uint32_t *)(0xE000ED34)));
+    // Bus Fault Address Register
+    _BFAR = (*((volatile uint32_t *)(0xE000ED38)));
 
     printf ("\n\nHard fault handler (all numbers in hex):\n");
     printf ("R0 = %x\n", stacked_r0);
@@ -195,5 +197,114 @@ const vector_entry vectors[] __attribute__ ((section(".vectors"),used)) =
     Default_Handler,    // 0x0000_0038 14 -         ARM core         Pendable request for system service (PendableSrvReq)
     Default_Handler,    // 0x0000_003C 15 -         ARM core         System tick timer (SysTick)
 
+#ifdef CPU_MK82FN256VLL15
     // Add specific driver interrupt handlers below
+    Default_Handler,    /* DMA0_DMA16_IRQn              = 0,                /**< DMA channel 0,16 transfer complete */
+    Default_Handler,    /* DMA1_DMA17_IRQn              = 1,                /**< DMA channel 1,17 transfer complete */
+    Default_Handler,    /* DMA2_DMA18_IRQn              = 2,                /**< DMA channel 2,18 transfer complete */
+    Default_Handler,    /* DMA3_DMA19_IRQn              = 3,                /**< DMA channel 3,19 transfer complete */
+    Default_Handler,    /* DMA4_DMA20_IRQn              = 4,                /**< DMA channel 4,20 transfer complete */
+    Default_Handler,    /* DMA5_DMA21_IRQn              = 5,                /**< DMA channel 5,21 transfer complete */
+    Default_Handler,    /* DMA6_DMA22_IRQn              = 6,                /**< DMA channel 6,22 transfer complete */
+    Default_Handler,    /* DMA7_DMA23_IRQn              = 7,                /**< DMA channel 7,23 transfer complete */
+    Default_Handler,    /* DMA8_DMA24_IRQn              = 8,                /**< DMA channel 8,24 transfer complete */
+    Default_Handler,    /* DMA9_DMA25_IRQn              = 9,                /**< DMA channel 9,25 transfer complete */
+    Default_Handler,    /* DMA10_DMA26_IRQn             = 10,               /**< DMA channel 10,26 transfer complete */
+    Default_Handler,    /* DMA11_DMA27_IRQn             = 11,               /**< DMA channel 11,27 transfer complete */
+    Default_Handler,    /* DMA12_DMA28_IRQn             = 12,               /**< DMA channel 12,28 transfer complete */
+    Default_Handler,    /* DMA13_DMA29_IRQn             = 13,               /**< DMA channel 13,29 transfer complete */
+    Default_Handler,    /* DMA14_DMA30_IRQn             = 14,               /**< DMA channel 14,30 transfer complete */
+    Default_Handler,    /* DMA15_DMA31_IRQn             = 15,               /**< DMA channel 15,31 transfer complete */
+    Default_Handler,    /* DMA_Error_IRQn               = 16,               /**< DMA channel 0 - 31 error */
+    Default_Handler,    /* MCM_IRQn                     = 17,               /**< MCM normal interrupt */
+    Default_Handler,    /* FTFA_IRQn                    = 18,               /**< FTFA command complete */
+    Default_Handler,    /* Read_Collision_IRQn          = 19,               /**< FTFA read collision */
+    Default_Handler,    /* LVD_LVW_IRQn                 = 20,               /**< PMC controller low-voltage detect, low-voltage warning */
+    Default_Handler,    /* LLWU_IRQn                    = 21,               /**< Low leakage wakeup unit */
+    Default_Handler,    /* WDOG_EWM_IRQn                = 22,               /**< Single interrupt vector for  WDOG and EWM */
+    Default_Handler,    /* TRNG0_IRQn                   = 23,               /**< True randon number generator */
+    Default_Handler,    /* I2C0_IRQn                    = 24,               /**< Inter-integrated circuit 0 */
+    Default_Handler,    /* I2C1_IRQn                    = 25,               /**< Inter-integrated circuit 1 */
+    Default_Handler,    /* SPI0_IRQn                    = 26,               /**< Serial peripheral Interface 0 */
+    Default_Handler,    /* SPI1_IRQn                    = 27,               /**< Serial peripheral Interface 1 */
+    Default_Handler,    /* I2S0_Tx_IRQn                 = 28,               /**< Integrated interchip sound 0 transmit interrupt */
+    Default_Handler,    /* I2S0_Rx_IRQn                 = 29,               /**< Integrated interchip sound 0 receive interrupt */
+    Default_Handler,    /* LPUART0_IRQn                 = 30,               /**< LPUART0 receive/transmit/error interrupt */
+    Default_Handler,    /* LPUART1_IRQn                 = 31,               /**< LPUART1 receive/transmit/error interrupt */
+    Default_Handler,    /* LPUART2_IRQn                 = 32,               /**< LPUART2 receive/transmit/error interrupt */
+    Default_Handler,    /* LPUART3_IRQn                 = 33,               /**< LPUART3 receive/transmit/error interrupt */
+    Default_Handler,    /* LPUART4_IRQn                 = 34,               /**< LPUART4 receive/transmit/error interrupt */
+    Default_Handler,    /* Reserved51_IRQn              = 35,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved52_IRQn              = 36,               /**< Reserved interrupt */
+    Default_Handler,    /* EMVSIM0_IRQn                 = 37,               /**< EMVSIM0 common interrupt */
+    Default_Handler,    /* EMVSIM1_IRQn                 = 38,               /**< EMVSIM1 common interrupt */
+    Default_Handler,    /* ADC0_IRQn                    = 39,               /**< Analog-to-digital converter 0 */
+    Default_Handler,    /* CMP0_IRQn                    = 40,               /**< Comparator 0 */
+    Default_Handler,    /* CMP1_IRQn                    = 41,               /**< Comparator 1 */
+    Default_Handler,    /* FTM0_IRQn                    = 42,               /**< FlexTimer module 0 fault, overflow and channels interrupt */
+    Default_Handler,    /* FTM1_IRQn                    = 43,               /**< FlexTimer module 1 fault, overflow and channels interrupt */
+    Default_Handler,    /* FTM2_IRQn                    = 44,               /**< FlexTimer module 2 fault, overflow and channels interrupt */
+    Default_Handler,    /* CMT_IRQn                     = 45,               /**< Carrier modulator transmitter */
+    Default_Handler,    /* RTC_IRQn                     = 46,               /**< Real time clock */
+    Default_Handler,    /* RTC_Seconds_IRQn             = 47,               /**< Real time clock seconds */
+    Default_Handler,    /* PIT0CH0_IRQn                 = 48,               /**< Periodic interrupt timer 0 channel 0 */
+    Default_Handler,    /* PIT0CH1_IRQn                 = 49,               /**< Periodic interrupt timer 0 channel 1 */
+    Default_Handler,    /* PIT0CH2_IRQn                 = 50,               /**< Periodic interrupt timer 0 channel 2 */
+    Default_Handler,    /* PIT0CH3_IRQn                 = 51,               /**< Periodic interrupt timer 0 channel 3 */
+    Default_Handler,    /* PDB0_IRQn                    = 52,               /**< Programmable delay block */
+    Default_Handler,    /* USB0_IRQn                    = 53,               /**< USB OTG interrupt */
+    Default_Handler,    /* USBDCD_IRQn                  = 54,               /**< USB charger detect */
+    Default_Handler,    /* Reserved71_IRQn              = 55,               /**< Reserved interrupt */
+    Default_Handler,    /* DAC0_IRQn                    = 56,               /**< Digital-to-analog converter 0 */
+    Default_Handler,    /* MCG_IRQn                     = 57,               /**< Multipurpose clock generator */
+    Default_Handler,    /* LPTMR0_LPTMR1_IRQn           = 58,               /**< Single interrupt vector for  Low Power Timer 0 and 1 */
+    Default_Handler,    /* PORTA_IRQn                   = 59,               /**< Port A pin detect interrupt */
+    Default_Handler,    /* PORTB_IRQn                   = 60,               /**< Port B pin detect interrupt */
+    Default_Handler,    /* PORTC_IRQn                   = 61,               /**< Port C pin detect interrupt */
+    Default_Handler,    /* PORTD_IRQn                   = 62,               /**< Port D pin detect interrupt */
+    Default_Handler,    /* PORTE_IRQn                   = 63,               /**< Port E pin detect interrupt */
+    Default_Handler,    /* SWI_IRQn                     = 64,               /**< Software interrupt */
+    Default_Handler,    /* SPI2_IRQn                    = 65,               /**< Serial peripheral Interface 2 */
+    Default_Handler,    /* Reserved82_IRQn              = 66,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved83_IRQn              = 67,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved84_IRQn              = 68,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved85_IRQn              = 69,               /**< Reserved interrupt */
+    Default_Handler,    /* FLEXIO0_IRQn                 = 70,               /**< FLEXIO0 */
+    Default_Handler,    /* FTM3_IRQn                    = 71,               /**< FlexTimer module 3 fault, overflow and channels interrupt */
+    Default_Handler,    /* Reserved88_IRQn              = 72,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved89_IRQn              = 73,               /**< Reserved interrupt */
+    Default_Handler,    /* I2C2_IRQn                    = 74,               /**< Inter-integrated circuit 2 */
+    Default_Handler,    /* Reserved91_IRQn              = 75,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved92_IRQn              = 76,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved93_IRQn              = 77,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved94_IRQn              = 78,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved95_IRQn              = 79,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved96_IRQn              = 80,               /**< Reserved interrupt */
+    Default_Handler,    /* SDHC_IRQn                    = 81,               /**< Secured digital host controller */
+    Default_Handler,    /* Reserved98_IRQn              = 82,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved99_IRQn              = 83,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved100_IRQn             = 84,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved101_IRQn             = 85,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved102_IRQn             = 86,               /**< Reserved interrupt */
+    Default_Handler,    /* TSI0_IRQn                    = 87,               /**< Touch Sensing Input */
+    Default_Handler,    /* TPM1_IRQn                    = 88,               /**< TPM1 single interrupt vector for all sources */
+    Default_Handler,    /* TPM2_IRQn                    = 89,               /**< TPM2 single interrupt vector for all sources */
+    Default_Handler,    /* Reserved106_IRQn             = 90,               /**< Reserved interrupt */
+    Default_Handler,    /* I2C3_IRQn                    = 91,               /**< Inter-integrated circuit 3 */
+    Default_Handler,    /* Reserved108_IRQn             = 92,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved109_IRQn             = 93,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved110_IRQn             = 94,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved111_IRQn             = 95,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved112_IRQn             = 96,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved113_IRQn             = 97,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved114_IRQn             = 98,               /**< Reserved interrupt */
+    Default_Handler,    /* Reserved115_IRQn             = 99,               /**< Reserved interrupt */
+    Default_Handler,    /* QuadSPI0_IRQn                = 100,              /**< qspi */
+    Default_Handler,    /* Reserved117_IRQn             = 101,              /**< Reserved interrupt */
+    Default_Handler,    /* Reserved118_IRQn             = 102,              /**< Reserved interrupt */
+    Default_Handler,    /* Reserved119_IRQn             = 103,              /**< Reserved interrupt */
+    Default_Handler,    /* LTC0_IRQn                    = 104,              /**< LP Trusted Cryptography */
+    Default_Handler,    /* Reserved121_IRQn             = 105,              /**< Reserved interrupt */
+    Default_Handler,    /* Reserved122_IRQn             = 106               /**< Reserved interrupt */
+#endif /* CPU_MK82FN256VLL15 */
 };

IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c

@@ -54,7 +54,7 @@ void main(void)
 
 /* 
 SAMPLE OUTPUT: Freescale K64 running at 96MHz with no MMCAU:
-Benchmark Test 1:
+Benchmark Test 0:
 AES      25 kB took 0.073 seconds,    0.334 MB/s
 ARC4     25 kB took 0.033 seconds,    0.740 MB/s
 RABBIT   25 kB took 0.027 seconds,    0.904 MB/s
@@ -66,10 +66,10 @@ RSA 1024 encryption took 91.000 milliseconds, avg over 1 iterations
 RSA 1024 decryption took 573.000 milliseconds, avg over 1 iterations
 DH  1024 key generation  253.000 milliseconds, avg over 1 iterations
 DH  1024 key agreement   311.000 milliseconds, avg over 1 iterations
-Benchmark Test 1: Return code 0
+Benchmark Test 0: Return code 0
 
 SAMPLE OUTPUT: Freescale K64 running at 96MHz with MMCAU enabled:
-Benchmark Test 1:
+Benchmark Test 0:
 AES      25 kB took 0.019 seconds,    1.285 MB/s
 ARC4     25 kB took 0.033 seconds,    0.740 MB/s
 RABBIT   25 kB took 0.028 seconds,    0.872 MB/s
@@ -81,5 +81,74 @@ RSA 1024 encryption took 89.000 milliseconds, avg over 1 iterations
 RSA 1024 decryption took 573.000 milliseconds, avg over 1 iterations
 DH  1024 key generation  250.000 milliseconds, avg over 1 iterations
 DH  1024 key agreement   308.000 milliseconds, avg over 1 iterations
-Benchmark Test 1: Return code 0
+Benchmark Test 0: Return code 0
+
+
+SAMPLE OUTPUT: NXP K82 running at 150Mhz w/MMCAU and LTC
+Benchmark Test 0:
+RNG      25 kB took 0.026 seconds,    0.939 MB/s
+AES enc  25 kB took 0.002 seconds,   12.207 MB/s
+AES dec  25 kB took 0.002 seconds,   12.207 MB/s
+AES-GCM  25 kB took 0.002 seconds,   12.207 MB/s
+AES-CTR  25 kB took 0.003 seconds,    8.138 MB/s
+AES-CCM  25 kB took 0.004 seconds,    6.104 MB/s
+CHACHA   25 kB took 0.008 seconds,    3.052 MB/s
+CHA-POLY 25 kB took 0.013 seconds,    1.878 MB/s
+
+POLY1305 25 kB took 0.003 seconds,    8.138 MB/s
+SHA      25 kB took 0.006 seconds,    4.069 MB/s
+SHA-256  25 kB took 0.009 seconds,    2.713 MB/s
+SHA-384  25 kB took 0.032 seconds,    0.763 MB/s
+SHA-512  25 kB took 0.035 seconds,    0.698 MB/s
+
+RSA 2048 public          12.000 milliseconds, avg over 1 iterations
+RSA 2048 private         135.000 milliseconds, avg over 1 iterations
+
+ECC  256 key generation  17.400 milliseconds, avg over 5 iterations
+EC-DHE   key agreement   15.200 milliseconds, avg over 5 iterations
+EC-DSA   sign   time     20.200 milliseconds, avg over 5 iterations
+EC-DSA   verify time     33.000 milliseconds, avg over 5 iterations
+
+CURVE25519 256 key generation 14.400 milliseconds, avg over 5 iterations
+CURVE25519 key agreement      14.400 milliseconds, avg over 5 iterations
+
+ED25519  key generation  14.800 milliseconds, avg over 5 iterations
+ED25519  sign   time     16.800 milliseconds, avg over 5 iterations
+ED25519  verify time     30.400 milliseconds, avg over 5 iterations
+Benchmark Test 0: Return code 0
+
+SAMPLE OUTPUT: NXP K82 running at 150Mhz software only
+Benchmark Test 0:
+RNG      25 kB took 0.035 seconds,    0.698 MB/s
+AES enc  25 kB took 0.038 seconds,    0.642 MB/s
+AES dec  25 kB took 0.036 seconds,    0.678 MB/s
+AES-GCM  25 kB took 0.485 seconds,    0.050 MB/s
+AES-CTR  25 kB took 0.038 seconds,    0.642 MB/s
+AES-CCM  25 kB took 0.077 seconds,    0.317 MB/s
+CHACHA   25 kB took 0.009 seconds,    2.713 MB/s
+CHA-POLY 25 kB took 0.013 seconds,    1.878 MB/s
+
+POLY1305 25 kB took 0.003 seconds,    8.138 MB/s
+SHA      25 kB took 0.006 seconds,    4.069 MB/s
+SHA-256  25 kB took 0.014 seconds,    1.744 MB/s
+SHA-384  25 kB took 0.032 seconds,    0.763 MB/s
+SHA-512  25 kB took 0.034 seconds,    0.718 MB/s
+
+RSA 1024 encryption took 18.000 milliseconds, avg over 1 iterations
+RSA 1024 decryption took 123.000 milliseconds, avg over 1 iterations
+RSA 2048 encryption took 63.000 milliseconds, avg over 1 iterations
+RSA 2048 decryption took 1011.000 milliseconds, avg over 1 iterations
+
+ECC  256 key generation  180.800 milliseconds, avg over 5 iterations
+EC-DHE   key agreement   178.600 milliseconds, avg over 5 iterations
+EC-DSA   sign   time     184.600 milliseconds, avg over 5 iterations
+EC-DSA   verify time     130.200 milliseconds, avg over 5 iterations
+
+CURVE25519 256 key generation 41.800 milliseconds, avg over 5 iterations
+CURVE25519 key agreement      41.600 milliseconds, avg over 5 iterations
+
+ED25519  key generation  14.800 milliseconds, avg over 5 iterations
+ED25519  sign   time     16.600 milliseconds, avg over 5 iterations
+ED25519  verify time     48.000 milliseconds, avg over 5 iterations
+Benchmark Test 0: Return code 0
 */

IDE/ROWLEY-CROSSWORKS-ARM/include.am

@@ -6,10 +6,10 @@ EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/hw.h
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
-EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/Kinetis_MemoryMap.xml
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/Kinetis_FlashPlacement.xml
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/README.md
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/test_main.c
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/retarget.c
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
 EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
+EXTRA_DIST+= IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp

IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c

@@ -21,10 +21,10 @@
 
 
 #include "hw.h"
+#include "user_settings.h"
 
 #if defined(FREESCALE) && defined(K_SERIES)
 
-
 /**********************************************
  * NOTE: Customize for actual hardware
  **********************************************/
@@ -33,27 +33,53 @@
 // $(TargetsDir) location:
 // On Mac OS/X: Users/USERNAME/Library/Rowley Associates Limited/CrossWorks for ARM/packages/targets/
 // On Windows: C:/Users/USERNAME/Application Data/Local/Rowley Associates Limited/CrossWorks for ARM/packages/targets/
-#include <MK64F12.h> // Located in $(TargetsDir)/Kinetis/CMSIS/
+
+// Located in $(TargetsDir)/Kinetis/CMSIS/
+#ifdef FREESCALE_KSDK_BM
+    #include "fsl_common.h"
+    #include "fsl_debug_console.h"
+    #include "fsl_rtc.h"
+    #include "fsl_trng.h"
+    #include "fsl_lpuart.h"
+    #include "fsl_port.h"
+    #include "clock_config.h"
+#else
+    #include <MK64F12.h> // Located in $(TargetsDir)/Kinetis/CMSIS/
+#endif
+
 
 // System clock
-#define SYS_CLK_KHZ     96000ul                     /* Core system clock in KHz */
-#define SYS_CLK_DRS     MCG_C4_DRST_DRS(0x03)       /* DRS 0=24MHz, 1=48MHz, 2=72MHz, 3=96MHz */
-#define SYS_CLK_DMX     MCG_C4_DMX32_MASK           /* 0=Disable DMX32 (lower actual speed), MCG_C4_DMX32_MASK=Enable DMX32 */
-#define SYS_CLK_DIV     1                           /* System clock divisor */
-#define BUS_CLK_DIV     2                           /* Bus clock divisor */
-#define BUS_CLK_KHZ     (SYS_CLK_KHZ/BUS_CLK_DIV)   /* Helper to calculate bus speed for UART */
-#define FLASH_CLK_DIV   4                           /* Flash clock divisor */
+#ifdef FREESCALE_KSDK_BM
+    #define SYS_CLK_HZ      SystemCoreClock
+#else
+    #define SYS_CLK_HZ      96000000ul                  /* Core system clock in Hz */
+    #define SYS_CLK_DRS     MCG_C4_DRST_DRS(0x03)       /* DRS 0=24MHz, 1=48MHz, 2=72MHz, 3=96MHz */
+    #define SYS_CLK_DMX     MCG_C4_DMX32_MASK           /* 0=Disable DMX32 (lower actual speed), MCG_C4_DMX32_MASK=Enable DMX32 */
+    #define SYS_CLK_DIV     1                           /* System clock divisor */
+    #define BUS_CLK_DIV     2                           /* Bus clock divisor */
+    #define BUS_CLK_KHZ     (SYS_CLK_HZ/BUS_CLK_DIV)    /* Helper to calculate bus speed for UART */
+    #define FLASH_CLK_DIV   4                           /* Flash clock divisor */
+#endif
 
 // UART TX Port, Pin, Mux and Baud
-#define UART_PORT       UART4                       /* UART Port */
-#define UART_TX_PORT    PORTE                       /* UART TX Port */
-#define UART_TX_PIN     24                          /* UART TX Pin */
-#define UART_TX_MUX     0x3                         /* Kinetis UART pin mux */
-#define UART_BAUD       115200                      /* UART Baud Rate */
+#ifdef FREESCALE_KSDK_BM
+    #define UART_PORT       LPUART0                     /* UART Port */
+    #define UART_TX_PORT    PORTA                       /* UART TX Port */
+    #define UART_TX_PIN     2U                          /* UART TX Pin */
+    #define UART_TX_MUX     kPORT_MuxAlt2               /* Kinetis UART pin mux */
+#else
+    #define UART_PORT       UART4                       /* UART Port */
+    #define UART_TX_PORT    PORTE                       /* UART TX Port */
+    #define UART_TX_PIN     24U                         /* UART TX Pin */
+    #define UART_TX_MUX     0x3                         /* Kinetis UART pin mux */
+#endif
+#define UART_BAUD       115200                          /* UART Baud Rate */
+
 /* Note: You will also need to update the UART clock gate in hw_uart_init (SIM_SCGC1_UART5_MASK) */
 /* Note: TWR-K60 is UART3, PTC17 */
 /* Note: FRDM-K64 is UART4, PTE24 */
 /* Note: TWR-K64 is UART5, PTE8 */
+/* Note: FRDM-K82F is LPUART0 A2, LPUART4 PTC15 */
 
 /***********************************************/
 
@@ -70,6 +96,9 @@ static void delay_nop(uint32_t count)
 
 static void hw_mcg_init(void)
 {
+#ifdef FREESCALE_KSDK_BM
+    BOARD_BootClockHSRUN();
+#else
     /* Adjust clock dividers (core/system=div/1, bus=div/2, flex bus=div/2, flash=div/4) */
     SIM->CLKDIV1 = SIM_CLKDIV1_OUTDIV1(SYS_CLK_DIV-1) | SIM_CLKDIV1_OUTDIV2(BUS_CLK_DIV-1) | 
         SIM_CLKDIV1_OUTDIV3(BUS_CLK_DIV-1) | SIM_CLKDIV1_OUTDIV4(FLASH_CLK_DIV-1);
@@ -77,10 +106,18 @@ static void hw_mcg_init(void)
     /* Configure FEI internal clock speed */
     MCG->C4 = (SYS_CLK_DMX | SYS_CLK_DRS);
     while((MCG->C4 & (MCG_C4_DRST_DRS_MASK | MCG_C4_DMX32_MASK)) != (SYS_CLK_DMX | SYS_CLK_DRS));
+#endif
 }
 
 static void hw_gpio_init(void)
 {
+#ifdef FREESCALE_KSDK_BM
+    CLOCK_EnableClock(kCLOCK_PortA);
+    CLOCK_EnableClock(kCLOCK_PortB);
+    CLOCK_EnableClock(kCLOCK_PortC);
+    CLOCK_EnableClock(kCLOCK_PortD);
+    CLOCK_EnableClock(kCLOCK_PortE);
+#else
     /* Enable clocks to all GPIO ports */
     SIM->SCGC5 |= (SIM_SCGC5_PORTA_MASK | SIM_SCGC5_PORTB_MASK
 #ifdef SIM_SCGC5_PORTC_MASK
@@ -93,6 +130,7 @@ static void hw_gpio_init(void)
         | SIM_SCGC5_PORTE_MASK
 #endif
    );
+#endif
 }
 
 static void hw_uart_init(void)
@@ -100,7 +138,13 @@ static void hw_uart_init(void)
     register uint16_t sbr, brfa;
     uint8_t temp;
 
+#ifdef FREESCALE_KSDK_BM
+    PORT_SetPinMux(UART_TX_PORT, UART_TX_PIN, UART_TX_MUX);
+    CLOCK_SetLpuartClock(1); /* MCGPLLCLK */
+    DbgConsole_Init((uint32_t)UART_PORT, UART_BAUD, DEBUG_CONSOLE_DEVICE_TYPE_LPUART, SYS_CLK_HZ);
+#else
     /* Enable UART core clock */
+    /* Note: Remember to update me if UART_PORT changes */
     SIM->SCGC1 |= SIM_SCGC1_UART4_MASK;
     
     /* Configure UART TX pin */
@@ -125,12 +169,13 @@ static void hw_uart_init(void)
 
     /* Enable receiver and transmitter */
 	UART_PORT->C2 |= (UART_C2_TE_MASK | UART_C2_RE_MASK);
+#endif
 }
 
 static void hw_rtc_init(void)
 {
     /* Init nop delay */
-    mDelayCyclesPerUs = (SYS_CLK_KHZ / 1000 / NOP_FOR_LOOP_INSTRUCTION_COUNT);
+    mDelayCyclesPerUs = (SYS_CLK_HZ / 1000000 / NOP_FOR_LOOP_INSTRUCTION_COUNT);
 
     /* Enable RTC clock and oscillator */
     SIM->SCGC6 |= SIM_SCGC6_RTC_MASK;
@@ -145,7 +190,7 @@ static void hw_rtc_init(void)
     }
 
     /* Disable RTC Interrupts */
-    RTC_IER = 0;
+    RTC->IER = 0;
 
     /* Enable OSC */
     if ((RTC->CR & RTC_CR_OSCE_MASK) == 0) {
@@ -164,6 +209,14 @@ static void hw_rtc_init(void)
 
 static void hw_rand_init(void)
 {
+#ifdef FREESCALE_KSDK_BM
+    trng_config_t trngConfig;
+    TRNG_GetDefaultConfig(&trngConfig);
+    /* Set sample mode of the TRNG ring oscillator to Von Neumann, for better random data.*/
+    trngConfig.sampleMode = kTRNG_SampleModeVonNeumann;
+    /* Initialize TRNG */
+    TRNG_Init(TRNG0, &trngConfig);
+#else
     /* Enable RNG clocks */
     SIM->SCGC6 |= SIM_SCGC6_RNGA_MASK;
     SIM->SCGC3 |= SIM_SCGC3_RNGA_MASK;
@@ -176,6 +229,7 @@ static void hw_rand_init(void)
 
     /* Enable RNG generation to RANDOUT FIFO */
     RNG->CR |= RNG_CR_GO_MASK;
+#endif
 }
 
 
@@ -204,14 +258,24 @@ uint32_t hw_get_time_msec(void)
 
 void hw_uart_printchar(int c)
 {
+#ifdef FREESCALE_KSDK_BM
+    LPUART_WriteBlocking(UART_PORT, (const uint8_t*)&c, 1); /* Send the character */
+#else
     while(!(UART_PORT->S1 & UART_S1_TDRE_MASK)); /* Wait until space is available in the FIFO */
     UART_PORT->D = (uint8_t)c; /* Send the character */
+#endif
 }
 
 uint32_t hw_rand(void)
 {
+    uint32_t rng;
+#ifdef FREESCALE_KSDK_BM
+    TRNG_GetRandomData(TRNG0, &rng, sizeof(rng));
+#else
     while((RNG->SR & RNG_SR_OREG_LVL(0xF)) == 0) {}; /* Wait until FIFO has a value available */
-    return RNG->OR; /* Return next value in FIFO output register */
+    rng = RNG->OR; /* Return next value in FIFO output register */
+#endif
+    return rng;
 }
 
 void delay_us(uint32_t microseconds)

IDE/ROWLEY-CROSSWORKS-ARM/retarget.c

@@ -22,6 +22,17 @@
 
 #include "hw.h"
 #include "user_settings.h"
+#include <stdio.h>
+
+void __assert(const char *__expression, const char *__filename, int __line)
+{
+    printf("Assert: %s, File %s (%d)\n", __expression, __filename, __line);
+}
+
+unsigned int LowResTimer(void)
+{
+    return hw_get_time_sec();
+}
 
 double current_time(int reset)
 {

IDE/ROWLEY-CROSSWORKS-ARM/test_main.c

@@ -54,24 +54,26 @@ void main(void)
 
 
 /* SAMPLE OUTPUT: 
-Crypt Test 1:
-MD5      test passed!
-MD4      test passed!
+Crypt Test 0:
 SHA      test passed!
 SHA-256  test passed!
-HMAC-MD5 test passed!
+SHA-384  test passed!
+SHA-512  test passed!
 HMAC-SHA test passed!
 HMAC-SHA256 test passed!
-ARC4     test passed!
-HC-128   test passed!
-Rabbit   test passed!
-DES      test passed!
-DES3     test passed!
+HMAC-SHA384 test passed!
+HMAC-SHA512 test passed!
+GMAC     test passed!
+Chacha   test passed!
+POLY1305 test passed!
+ChaCha20-Poly1305 AEAD test passed!
 AES      test passed!
+AES-GCM  test passed!
+AES-CCM  test passed!
 RANDOM   test passed!
 RSA      test passed!
-DH       test passed!
-DSA      test passed!
-PWDBASED test passed!
-Crypt Test 1: Return code 0
+ECC      test passed!
+CURVE25519 test passed!
+ED25519  test passed!
+Crypt Test 0: Return code 0
 */

IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h

@@ -56,7 +56,9 @@ extern "C" {
     #define HAVE_ECC224
     #undef NO_ECC256
     #define HAVE_ECC384
-    #define HAVE_ECC521
+    #ifndef USE_NXP_LTC /* NXP LTC HW supports up to 512 */
+        #define HAVE_ECC521
+    #endif
 
     /* Fixed point cache (speeds repeated operations against same private key) */
     #undef  FP_ECC
@@ -72,7 +74,9 @@ extern "C" {
     /* Optional ECC calculation method */
     /* Note: doubles heap usage, but slightly faster */
     #undef  ECC_SHAMIR
-    #define ECC_SHAMIR
+    #ifndef USE_NXP_LTC /* Don't enable Shamir code for HW ECC */
+        #define ECC_SHAMIR
+    #endif
 
     /* Reduces heap usage, but slower */
     #undef  ECC_TIMING_RESISTANT
@@ -83,16 +87,22 @@ extern "C" {
         #undef  ALT_ECC_SIZE
         #define ALT_ECC_SIZE
 
-        /* optionally override the default max ecc bits */
-        #undef  FP_MAX_BITS_ECC
-        //#define FP_MAX_BITS_ECC     512
-
         /* Enable TFM optimizations for ECC */
-        #define TFM_ECC192
-        #define TFM_ECC224
-        #define TFM_ECC256
-        #define TFM_ECC384
-        #define TFM_ECC521
+        #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC192
+        #endif
+        #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC224
+        #endif
+        #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC256
+        #endif
+        #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC384
+        #endif
+        #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
+            #define TFM_ECC521
+        #endif
     #endif
 #endif
 
@@ -140,7 +150,7 @@ extern "C" {
 /* Ed25519 / Curve25519 */
 #undef HAVE_CURVE25519
 #undef HAVE_ED25519
-#if 0
+#if 1
     #define HAVE_CURVE25519
     #define HAVE_ED25519
 
@@ -195,9 +205,22 @@ extern "C" {
 /* ------------------------------------------------------------------------- */
 /* HW Crypto Acceleration */
 /* ------------------------------------------------------------------------- */
-// See README.md for instructions
-//#define FREESCALE_MMCAU   1
+#define FSL_HW_CRYPTO_MANUAL_SELECTION
+#if 1
+    /* NXP MMCAU / LTC Support (See README.md for instructions) */
+    #if defined(USE_NXP_MMCAU) || defined(USE_NXP_LTC)
+        #ifdef USE_NXP_MMCAU
+            #define FREESCALE_USE_MMCAU
+        #endif
+        #ifdef USE_NXP_LTC
+            #define FREESCALE_USE_LTC
+            #define LTC_MAX_ECC_BITS    (512)
+            #define LTC_MAX_INT_BYTES   (256)
 
+            //#define FREESCALE_LTC_TFM_RSA_4096_ENABLE
+        #endif
+    #endif
+#endif
 
 /* ------------------------------------------------------------------------- */
 /* Benchmark / Test */
@@ -209,14 +232,17 @@ extern "C" {
 #undef  USE_CERT_BUFFERS_2048
 #define USE_CERT_BUFFERS_2048
 
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
 
 /* ------------------------------------------------------------------------- */
 /* Debugging */
 /* ------------------------------------------------------------------------- */
-#undef  WOLFSSL_DEBUG
-//#define WOLFSSL_DEBUG
+#undef  DEBUG_WOLFSSL
+//#define DEBUG_WOLFSSL
 
-#ifdef WOLFSSL_DEBUG
+#ifdef DEBUG_WOLFSSL
     #define fprintf(file, format, ...)   printf(format, ##__VA_ARGS__)
 
     /* Use this to measure / print heap usage */
@@ -232,7 +258,7 @@ extern "C" {
     #define NO_WOLFSSL_MEMORY
 
     #undef  NO_ERROR_STRINGS
-    #define NO_ERROR_STRINGS
+    //#define NO_ERROR_STRINGS
 #endif
 
 
@@ -243,6 +269,7 @@ extern "C" {
 /* Override Current Time */
 /* Allows custom "custom_time()" function to be used for benchmark */
 #define WOLFSSL_USER_CURRTIME
+#define USER_TICKS
 
 
 /* ------------------------------------------------------------------------- */
@@ -251,17 +278,21 @@ extern "C" {
 /* Size of returned HW RNG value */
 #define CUSTOM_RAND_TYPE      unsigned int
 
+/* Seed source */
+extern unsigned int custom_rand_generate(void);
+#undef  CUSTOM_RAND_GENERATE
+#define CUSTOM_RAND_GENERATE  custom_rand_generate
+
 /* Choose RNG method */
 #if 1
     /* Use built-in P-RNG (SHA256 based) with HW RNG */
     /* P-RNG + HW RNG (P-RNG is ~8K) */
     #undef  HAVE_HASHDRBG
     #define HAVE_HASHDRBG
-
-    extern unsigned int custom_rand_generate(void);
-    #undef  CUSTOM_RAND_GENERATE
-    #define CUSTOM_RAND_GENERATE  custom_rand_generate
 #else
+    #undef  WC_NO_HASHDRBG
+    #define WC_NO_HASHDRBG
+
     /* Bypass P-RNG and use only HW RNG */
     extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);
     #undef  CUSTOM_RAND_GENERATE_BLOCK

IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp

@@ -83,6 +83,9 @@
           <file file_name="../../wolfcrypt/src/memory.c" />
           <file file_name="../../wolfcrypt/src/misc.c">
             <configuration Name="ARM_Debug" build_exclude_from_build="Yes" />
+            <configuration
+              Name="ARM_Release"
+              build_exclude_from_build="Yes" />
           </file>
           <file file_name="../../wolfcrypt/src/pkcs7.c" />
           <file file_name="../../wolfcrypt/src/poly1305.c" />
@@ -99,6 +102,8 @@
           <file file_name="../../wolfcrypt/src/tfm.c" />
           <file file_name="../../wolfcrypt/src/wc_encrypt.c" />
           <file file_name="../../wolfcrypt/src/wc_port.c" />
+          <file file_name="../../wolfcrypt/src/wolfmath.c" />
+          <file file_name="../../wolfcrypt/src/wolfevent.c" />
         </folder>
         <folder Name="test">
           <file file_name="../../wolfcrypt/test/include.am" />
@@ -117,12 +122,26 @@
         recurse="Yes" />
       <file file_name="user_settings.h" />
       <file file_name="README.md" />
-      <folder
-        Name="source"
-        exclude=""
-        filter=""
-        path="../../src"
-        recurse="No" />
+      <folder Name="source">
+        <file file_name="../../src/bio.c">
+          <configuration Name="ARM_Debug" build_exclude_from_build="Yes" />
+        </file>
+        <file file_name="../../src/crl.c" />
+        <file file_name="../../src/include.am" />
+        <file file_name="../../src/internal.c" />
+        <file file_name="../../src/io.c" />
+        <file file_name="../../src/keys.c" />
+        <file file_name="../../src/libwolfssl.la" />
+        <file file_name="../../src/ocsp.c" />
+        <file file_name="../../src/sniffer.c" />
+        <file file_name="../../src/src_libwolfssl_la-internal.lo" />
+        <file file_name="../../src/src_libwolfssl_la-io.lo" />
+        <file file_name="../../src/src_libwolfssl_la-keys.lo" />
+        <file file_name="../../src/src_libwolfssl_la-ssl.lo" />
+        <file file_name="../../src/src_libwolfssl_la-tls.lo" />
+        <file file_name="../../src/ssl.c" />
+        <file file_name="../../src/tls.c" />
+      </folder>
     </folder>
   </project>
   <project Name="test">
@@ -140,6 +159,8 @@
       arm_target_loader_default_loader="Flash"
       c_preprocessor_definitions="WOLFSSL_ROWLEY_ARM;WOLFSSL_USER_SETTINGS"
       c_user_include_directories=".;../;../../;$(TargetsDir);$(TargetsDir)/Kinetis;$(TargetsDir)/Kinetis/CMSIS;$(TargetsDir)/Kinetis/CMSIS/include;$(TargetsDir)/CMSIS_3/CMSIS/include"
+      debug_register_definition_file="$(TargetsDir)/Kinetis/MK64F12_Peripherals.xml"
+      linker_memory_map_file="$(TargetsDir)/Kinetis/MK64FN1M0xxx12_MemoryMap.xml"
       linker_memory_map_macros="FLASHSIZE=0x80000;SRAMSIZE=0x20000"
       linker_output_format="bin"
       project_dependencies="libwolfssl"
@@ -161,7 +182,6 @@
     </folder>
     <folder Name="System Files">
       <file file_name="Kinetis_FlashPlacement.xml" />
-      <file file_name="Kinetis_MemoryMap.xml" />
     </folder>
   </project>
   <project Name="benchmark">
@@ -169,16 +189,21 @@
       Name="Common"
       Placement="Flash"
       Target="MK64FN1M0xxx12"
+      arm_architecture="v7EM"
+      arm_core_type="Cortex-M4"
+      arm_fpu_type="FPv4-SP-D16"
       arm_linker_fiq_stack_size="0"
       arm_linker_heap_size="91136"
       arm_linker_irq_stack_size="0"
       arm_linker_stack_size="30720"
       arm_simulator_memory_simulation_filename="$(TargetsDir)/Kinetis/KinetisSimulatorMemory.dll"
-      arm_simulator_memory_simulation_parameter="MK64FN1M0xxx12;0x100000;0x0;0x0;0x40000"
+      arm_simulator_memory_simulation_parameter="MK64FN1M0xxx12;0x100000;0x0;0x0;0x40000;4"
       arm_target_loader_applicable_loaders="Flash"
       arm_target_loader_default_loader="Flash"
       c_preprocessor_definitions="WOLFSSL_ROWLEY_ARM;WOLFSSL_USER_SETTINGS"
       c_user_include_directories=".;../;../../;$(TargetsDir);$(TargetsDir)/Kinetis;$(TargetsDir)/Kinetis/CMSIS;$(TargetsDir)/Kinetis/CMSIS/include;$(TargetsDir)/CMSIS_3/CMSIS/include"
+      debug_register_definition_file="$(TargetsDir)/Kinetis/MK64F12_Peripherals.xml"
+      linker_memory_map_file="$(TargetsDir)/Kinetis/MK64FN1M0xxx12_MemoryMap.xml"
       linker_memory_map_macros="FLASHSIZE=0x80000;SRAMSIZE=0x20000"
       linker_output_format="bin"
       project_dependencies="libwolfssl"
@@ -200,8 +225,11 @@
     </folder>
     <folder Name="System Files">
       <file file_name="Kinetis_FlashPlacement.xml" />
-      <file file_name="Kinetis_MemoryMap.xml" />
     </folder>
+    <configuration
+      Name="Flash"
+      arm_target_flash_loader_file_path="$(TargetsDir)/Kinetis/Release/Loader.elf"
+      arm_target_loader_parameter="4" />
   </project>
   <configuration
     Name="ARM"
@@ -278,11 +306,10 @@
     c_preprocessor_definitions="__RAM_BUILD"
     hidden="Yes" />
   <configuration
-    Name="Kineits"
+    Name="Kinetis"
     arm_target_debug_interface_type="ADIv5"
     c_preprocessor_definitions="FREESCALE;K_SERIES"
     hidden="Yes"
-    linker_memory_map_file="$(ProjectDir)/Kinetis_MemoryMap.xml"
     linker_section_placement_file="$(ProjectDir)/Kinetis_FlashPlacement.xml" />
   <configuration
     Name="V4"
@@ -400,11 +427,11 @@
   <configuration
     Name="ARM_Debug"
     batch_build_configurations="V7EM THUMB * Debug"
-    inherited_configurations="ARM;V7EM;Debug;Kineits;THUMB;Flash" />
+    inherited_configurations="ARM;V7EM;Debug;Kinetis;THUMB;Flash" />
   <configuration
     Name="ARM_Release"
     batch_build_configurations="V7EM THUMB * Release"
-    inherited_configurations="ARM;V7EM;Release;Kineits;Flash;THUMB" />
+    inherited_configurations="ARM;V7EM;Release;Kinetis;Flash;THUMB" />
   <configuration
     Name="Common"
     build_intermediate_directory="$(ProjectName)_$(Configuration)"

IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp

@@ -0,0 +1,642 @@
+<!DOCTYPE CrossStudio_Project_File>
+<solution Name="wolfssl_ltc" target="8" version="2">
+  <project Name="libwolfssl_ltc">
+    <configuration
+      Name="Common"
+      build_output_file_name="$(OutDir)/$(ProjectName)$(LibExt)$(LIB)"
+      c_preprocessor_definitions="WOLFSSL_ROWLEY_ARM;WOLFSSL_USER_SETTINGS"
+      c_user_include_directories=".;../;../../;./drivers;./mmcau_2.0.0;./CMSIS/Include"
+      project_directory=""
+      project_type="Library" />
+    <folder Name="Source Files">
+      <configuration Name="Common" filter="c;cpp;cxx;cc;h;s;inc" />
+      <folder Name="wolfcrypt">
+        <folder Name="benchmark">
+          <file file_name="../../wolfcrypt/benchmark/benchmark.c" />
+          <file file_name="../../wolfcrypt/benchmark/benchmark.h" />
+          <file file_name="../../wolfcrypt/benchmark/include.am" />
+        </folder>
+        <folder Name="src">
+          <file file_name="../../wolfcrypt/src/aes.c" />
+          <file file_name="../../wolfcrypt/src/arc4.c" />
+          <file file_name="../../wolfcrypt/src/asm.c">
+            <configuration Name="ARM_Debug" build_exclude_from_build="Yes" />
+          </file>
+          <file file_name="../../wolfcrypt/src/asn.c" />
+          <file file_name="../../wolfcrypt/src/blake2b.c" />
+          <file file_name="../../wolfcrypt/src/camellia.c" />
+          <file file_name="../../wolfcrypt/src/chacha.c" />
+          <file file_name="../../wolfcrypt/src/chacha20_poly1305.c" />
+          <file file_name="../../wolfcrypt/src/coding.c" />
+          <file file_name="../../wolfcrypt/src/compress.c" />
+          <file file_name="../../wolfcrypt/src/curve25519.c" />
+          <file file_name="../../wolfcrypt/src/des3.c" />
+          <file file_name="../../wolfcrypt/src/dh.c" />
+          <file file_name="../../wolfcrypt/src/dsa.c" />
+          <file file_name="../../wolfcrypt/src/ecc.c" />
+          <file file_name="../../wolfcrypt/src/ecc_fp.c" />
+          <file file_name="../../wolfcrypt/src/ed25519.c" />
+          <file file_name="../../wolfcrypt/src/error.c" />
+          <file file_name="../../wolfcrypt/src/fe_low_mem.c" />
+          <file file_name="../../wolfcrypt/src/fe_operations.c" />
+          <file file_name="../../wolfcrypt/src/fp_mont_small.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_12.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_17.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_20.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_24.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_28.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_3.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_32.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_4.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_48.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_6.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_64.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_7.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_8.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_9.i" />
+          <file file_name="../../wolfcrypt/src/fp_mul_comba_small_set.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_12.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_17.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_20.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_24.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_28.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_3.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_32.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_4.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_48.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_6.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_64.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_7.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_8.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_9.i" />
+          <file file_name="../../wolfcrypt/src/fp_sqr_comba_small_set.i" />
+          <file file_name="../../wolfcrypt/src/ge_low_mem.c" />
+          <file file_name="../../wolfcrypt/src/ge_operations.c" />
+          <file file_name="../../wolfcrypt/src/hash.c" />
+          <file file_name="../../wolfcrypt/src/hc128.c" />
+          <file file_name="../../wolfcrypt/src/hmac.c" />
+          <file file_name="../../wolfcrypt/src/idea.c" />
+          <file file_name="../../wolfcrypt/src/include.am" />
+          <file file_name="../../wolfcrypt/src/integer.c" />
+          <file file_name="../../wolfcrypt/src/logging.c" />
+          <file file_name="../../wolfcrypt/src/md2.c" />
+          <file file_name="../../wolfcrypt/src/md4.c" />
+          <file file_name="../../wolfcrypt/src/md5.c" />
+          <file file_name="../../wolfcrypt/src/memory.c" />
+          <file file_name="../../wolfcrypt/src/misc.c">
+            <configuration Name="ARM_Debug" build_exclude_from_build="Yes" />
+            <configuration
+              Name="ARM_Release"
+              build_exclude_from_build="Yes" />
+          </file>
+          <file file_name="../../wolfcrypt/src/pkcs7.c" />
+          <file file_name="../../wolfcrypt/src/poly1305.c" />
+          <file file_name="../../wolfcrypt/src/pwdbased.c" />
+          <file file_name="../../wolfcrypt/src/rabbit.c" />
+          <file file_name="../../wolfcrypt/src/random.c" />
+          <file file_name="../../wolfcrypt/src/ripemd.c" />
+          <file file_name="../../wolfcrypt/src/rsa.c" />
+          <file file_name="../../wolfcrypt/src/sha.c" />
+          <file file_name="../../wolfcrypt/src/sha256.c" />
+          <file file_name="../../wolfcrypt/src/sha512.c" />
+          <file file_name="../../wolfcrypt/src/signature.c" />
+          <file file_name="../../wolfcrypt/src/srp.c" />
+          <file file_name="../../wolfcrypt/src/tfm.c" />
+          <file file_name="../../wolfcrypt/src/wc_encrypt.c" />
+          <file file_name="../../wolfcrypt/src/wc_port.c" />
+          <file file_name="../../wolfcrypt/src/wolfmath.c" />
+          <file file_name="../../wolfcrypt/src/wolfevent.c" />
+          <folder Name="port">
+            <folder Name="nxp">
+              <file file_name="../../wolfcrypt/src/port/nxp/ksdk_port.c" />
+              <file file_name="fsl_debug_console.c" />
+              <file file_name="MK82F25615.h" />
+              <file file_name="MK82F25615_features.h" />
+              <file file_name="arm_common_tables.h" />
+              <file file_name="arm_const_structs.h" />
+              <file file_name="arm_math.h" />
+              <file file_name="cmsis_gcc.h" />
+              <file file_name="core_cm4.h" />
+              <file file_name="core_cmFunc.h" />
+              <file file_name="core_cmInstr.h" />
+              <file file_name="core_cmSimd.h" />
+              <file file_name="fsl_debug_console.h" />
+              <file file_name="fsl_device_registers.h" />
+              <file file_name="system_MK82F25615.h" />
+              <file file_name="clock_config.c" />
+              <file file_name="clock_config.h" />
+              <folder Name="drivers">
+                <file file_name="drivers/fsl_adc16.c" />
+                <file file_name="drivers/fsl_adc16.h" />
+                <file file_name="drivers/fsl_clock.c" />
+                <file file_name="drivers/fsl_clock.h" />
+                <file file_name="drivers/fsl_cmp.c" />
+                <file file_name="drivers/fsl_cmp.h" />
+                <file file_name="drivers/fsl_cmt.c" />
+                <file file_name="drivers/fsl_cmt.h" />
+                <file file_name="drivers/fsl_common.c" />
+                <file file_name="drivers/fsl_common.h" />
+                <file file_name="drivers/fsl_crc.c" />
+                <file file_name="drivers/fsl_crc.h" />
+                <file file_name="drivers/fsl_dac.c" />
+                <file file_name="drivers/fsl_dac.h" />
+                <file file_name="drivers/fsl_dmamux.c" />
+                <file file_name="drivers/fsl_dmamux.h" />
+                <file file_name="drivers/fsl_dspi.c" />
+                <file file_name="drivers/fsl_dspi.h" />
+                <file file_name="drivers/fsl_dspi_edma.c" />
+                <file file_name="drivers/fsl_dspi_edma.h" />
+                <file file_name="drivers/fsl_dspi_freertos.c">
+                  <configuration
+                    Name="ARM_Debug"
+                    build_exclude_from_build="Yes" />
+                  <configuration
+                    Name="ARM_Release"
+                    build_exclude_from_build="Yes" />
+                </file>
+                <file file_name="drivers/fsl_dspi_freertos.h" />
+                <file file_name="drivers/fsl_edma.c" />
+                <file file_name="drivers/fsl_edma.h" />
+                <file file_name="drivers/fsl_ewm.c" />
+                <file file_name="drivers/fsl_ewm.h" />
+                <file file_name="drivers/fsl_flash.c" />
+                <file file_name="drivers/fsl_flash.h" />
+                <file file_name="drivers/fsl_flexbus.c" />
+                <file file_name="drivers/fsl_flexbus.h" />
+                <file file_name="drivers/fsl_flexio.c" />
+                <file file_name="drivers/fsl_flexio.h" />
+                <file file_name="drivers/fsl_flexio_camera.c" />
+                <file file_name="drivers/fsl_flexio_camera.h" />
+                <file file_name="drivers/fsl_flexio_camera_edma.c" />
+                <file file_name="drivers/fsl_flexio_camera_edma.h" />
+                <file file_name="drivers/fsl_flexio_i2c_master.c" />
+                <file file_name="drivers/fsl_flexio_i2c_master.h" />
+                <file file_name="drivers/fsl_flexio_i2s.c" />
+                <file file_name="drivers/fsl_flexio_i2s.h" />
+                <file file_name="drivers/fsl_flexio_i2s_edma.c" />
+                <file file_name="drivers/fsl_flexio_i2s_edma.h" />
+                <file file_name="drivers/fsl_flexio_spi.c" />
+                <file file_name="drivers/fsl_flexio_spi.h" />
+                <file file_name="drivers/fsl_flexio_spi_edma.c" />
+                <file file_name="drivers/fsl_flexio_spi_edma.h" />
+                <file file_name="drivers/fsl_flexio_uart.c" />
+                <file file_name="drivers/fsl_flexio_uart.h" />
+                <file file_name="drivers/fsl_flexio_uart_edma.c" />
+                <file file_name="drivers/fsl_flexio_uart_edma.h" />
+                <file file_name="drivers/fsl_ftm.c" />
+                <file file_name="drivers/fsl_ftm.h" />
+                <file file_name="drivers/fsl_gpio.c" />
+                <file file_name="drivers/fsl_gpio.h" />
+                <file file_name="drivers/fsl_i2c.c" />
+                <file file_name="drivers/fsl_i2c.h" />
+                <file file_name="drivers/fsl_i2c_edma.c" />
+                <file file_name="drivers/fsl_i2c_edma.h" />
+                <file file_name="drivers/fsl_i2c_freertos.c">
+                  <configuration
+                    Name="ARM_Debug"
+                    build_exclude_from_build="Yes" />
+                  <configuration
+                    Name="ARM_Release"
+                    build_exclude_from_build="Yes" />
+                </file>
+                <file file_name="drivers/fsl_i2c_freertos.h" />
+                <file file_name="drivers/fsl_llwu.c" />
+                <file file_name="drivers/fsl_llwu.h" />
+                <file file_name="drivers/fsl_lmem_cache.c" />
+                <file file_name="drivers/fsl_lmem_cache.h" />
+                <file file_name="drivers/fsl_lptmr.c" />
+                <file file_name="drivers/fsl_lptmr.h" />
+                <file file_name="drivers/fsl_lpuart.c" />
+                <file file_name="drivers/fsl_lpuart.h" />
+                <file file_name="drivers/fsl_lpuart_edma.c" />
+                <file file_name="drivers/fsl_lpuart_edma.h" />
+                <file file_name="fsl_lpuart_freertos.c">
+                  <configuration
+                    Name="ARM_Debug"
+                    build_exclude_from_build="Yes" />
+                  <configuration
+                    Name="ARM_Release"
+                    build_exclude_from_build="Yes" />
+                </file>
+                <file file_name="drivers/fsl_lpuart_freertos.h" />
+                <file file_name="drivers/fsl_ltc.c" />
+                <file file_name="drivers/fsl_ltc.h" />
+                <file file_name="drivers/fsl_ltc_edma.c" />
+                <file file_name="drivers/fsl_ltc_edma.h" />
+                <file file_name="drivers/fsl_mpu.c" />
+                <file file_name="drivers/fsl_mpu.h" />
+                <file file_name="drivers/fsl_pdb.c" />
+                <file file_name="drivers/fsl_pdb.h" />
+                <file file_name="drivers/fsl_pit.c" />
+                <file file_name="drivers/fsl_pit.h" />
+                <file file_name="drivers/fsl_pmc.c" />
+                <file file_name="drivers/fsl_pmc.h" />
+                <file file_name="drivers/fsl_port.h" />
+                <file file_name="drivers/fsl_qspi.c" />
+                <file file_name="drivers/fsl_qspi.h" />
+                <file file_name="drivers/fsl_qspi_edma.c" />
+                <file file_name="drivers/fsl_qspi_edma.h" />
+                <file file_name="drivers/fsl_rcm.c" />
+                <file file_name="drivers/fsl_rcm.h" />
+                <file file_name="drivers/fsl_rtc.c" />
+                <file file_name="drivers/fsl_rtc.h" />
+                <file file_name="drivers/fsl_sai.c" />
+                <file file_name="drivers/fsl_sai.h" />
+                <file file_name="drivers/fsl_sai_edma.c" />
+                <file file_name="drivers/fsl_sai_edma.h" />
+                <file file_name="drivers/fsl_sdhc.c" />
+                <file file_name="drivers/fsl_sdhc.h" />
+                <file file_name="drivers/fsl_sdramc.c" />
+                <file file_name="drivers/fsl_sdramc.h" />
+                <file file_name="drivers/fsl_sim.c" />
+                <file file_name="drivers/fsl_sim.h" />
+                <file file_name="drivers/fsl_smartcard.h" />
+                <file file_name="drivers/fsl_smartcard_emvsim.c" />
+                <file file_name="drivers/fsl_smartcard_emvsim.h" />
+                <file file_name="drivers/fsl_smartcard_freertos.c">
+                  <configuration
+                    Name="ARM_Debug"
+                    build_exclude_from_build="Yes" />
+                  <configuration
+                    Name="ARM_Release"
+                    build_exclude_from_build="Yes" />
+                </file>
+                <file file_name="drivers/fsl_smartcard_freertos.h" />
+                <file file_name="drivers/fsl_smartcard_phy_emvsim.c" />
+                <file file_name="drivers/fsl_smartcard_phy_emvsim.h" />
+                <file file_name="drivers/fsl_smartcard_phy_ncn8025.c" />
+                <file file_name="drivers/fsl_smartcard_phy_ncn8025.h" />
+                <file file_name="drivers/fsl_smc.c" />
+                <file file_name="drivers/fsl_smc.h" />
+                <file file_name="drivers/fsl_tpm.c" />
+                <file file_name="drivers/fsl_tpm.h" />
+                <file file_name="drivers/fsl_trng.c" />
+                <file file_name="drivers/fsl_trng.h" />
+                <file file_name="drivers/fsl_tsi_v4.c" />
+                <file file_name="drivers/fsl_tsi_v4.h" />
+                <file file_name="drivers/fsl_vref.c" />
+                <file file_name="drivers/fsl_vref.h" />
+                <file file_name="drivers/fsl_wdog.c" />
+                <file file_name="drivers/fsl_wdog.h" />
+              </folder>
+              <file file_name="system_MK82F25615.c" />
+            </folder>
+          </folder>
+        </folder>
+        <folder Name="test">
+          <file file_name="../../wolfcrypt/test/include.am" />
+          <file file_name="../../wolfcrypt/test/test.c" />
+          <file file_name="../../wolfcrypt/test/test.h" />
+        </folder>
+        <folder Name="user-crypto" path="../../wolfcrypt/user-crypto">
+          <configuration Name="Common" build_exclude_from_build="Yes" />
+        </folder>
+      </folder>
+      <folder
+        Name="wolfssl"
+        exclude="*.asm;*.s"
+        filter=""
+        path="../../wolfssl"
+        recurse="Yes" />
+      <file file_name="user_settings.h" />
+      <file file_name="README.md" />
+      <folder Name="source">
+        <file file_name="../../src/bio.c">
+          <configuration Name="ARM_Debug" build_exclude_from_build="Yes" />
+        </file>
+        <file file_name="../../src/crl.c" />
+        <file file_name="../../src/include.am" />
+        <file file_name="../../src/internal.c" />
+        <file file_name="../../src/io.c" />
+        <file file_name="../../src/keys.c" />
+        <file file_name="../../src/libwolfssl.la" />
+        <file file_name="../../src/ocsp.c" />
+        <file file_name="../../src/sniffer.c" />
+        <file file_name="../../src/src_libwolfssl_la-internal.lo" />
+        <file file_name="../../src/src_libwolfssl_la-io.lo" />
+        <file file_name="../../src/src_libwolfssl_la-keys.lo" />
+        <file file_name="../../src/src_libwolfssl_la-ssl.lo" />
+        <file file_name="../../src/src_libwolfssl_la-tls.lo" />
+        <file file_name="../../src/ssl.c" />
+        <file file_name="../../src/tls.c" />
+      </folder>
+    </folder>
+  </project>
+  <project Name="test_ltc">
+    <configuration
+      Name="Common"
+      Placement="Flash"
+      Target="MK82FN256xxx15"
+      arm_architecture="v7EM"
+      arm_core_type="Cortex-M4"
+      arm_fpu_type="FPv4-SP-D16"
+      arm_linker_fiq_stack_size="0"
+      arm_linker_heap_size="91136"
+      arm_linker_irq_stack_size="0"
+      arm_linker_stack_size="30720"
+      arm_simulator_memory_simulation_filename="$(TargetsDir)/Kinetis/KinetisSimulatorMemory.dll"
+      arm_simulator_memory_simulation_parameter="MK82FN256xxx15;0x40000;0x0;0x0;0x40000;4"
+      arm_target_loader_applicable_loaders="Flash"
+      arm_target_loader_default_loader="Flash"
+      c_preprocessor_definitions="WOLFSSL_ROWLEY_ARM;WOLFSSL_USER_SETTINGS"
+      c_user_include_directories=".;./drivers;./mmcau_2.0.0;./CMSIS/Include;../;../../;$(TargetsDir);$(TargetsDir)/Kinetis;$(TargetsDir)/Kinetis/CMSIS;$(TargetsDir)/Kinetis/CMSIS/include;$(TargetsDir)/CMSIS_3/CMSIS/include"
+      debug_register_definition_file="$(TargetsDir)/Kinetis/MK82F25615_Peripherals.xml"
+      linker_memory_map_file="$(TargetsDir)/Kinetis/MK82FN256xxx15_MemoryMap.xml"
+      linker_memory_map_macros="FLASHSIZE=0x40000;SRAMSIZE=0x40000"
+      linker_output_format="bin"
+      project_dependencies="libwolfssl_ltc"
+      project_type="Executable"
+      property_groups_file_path="$(TargetsDir)/Kinetis/propertyGroups.xml"
+      target_get_partname_script="GetPartName()"
+      target_match_partname_script="MatchPartName(&quot;$(Target)&quot;)"
+      target_reset_script="FLASHReset()"
+      target_script_file="$(TargetsDir)/Kinetis/Kinetis_Target.js" />
+    <folder Name="Source Files">
+      <configuration Name="Common" filter="c;cpp;cxx;cc;h;s;asm;inc" />
+      <file file_name="retarget.c" />
+      <file file_name="kinetis_hw.c" />
+      <file file_name="hw.h" />
+      <file file_name="test_main.c" />
+      <file file_name="arm_startup.c" />
+      <file file_name="user_settings.h" />
+      <file file_name="README.md" />
+      <folder Name="mmcau">
+        <file file_name="mmcau_2.0.0/cau_api.h" />
+        <file file_name="mmcau_2.0.0/fsl_mmcau.c" />
+        <file file_name="mmcau_2.0.0/fsl_mmcau.h" />
+        <file file_name="mmcau_2.0.0/README.txt" />
+        <folder Name="asm-cm4-cm7">
+          <file file_name="mmcau_2.0.0/asm-cm4-cm7/lib_mmcau.a" />
+        </folder>
+      </folder>
+    </folder>
+    <folder Name="System Files">
+      <file file_name="Kinetis_FlashPlacement.xml" />
+    </folder>
+    <configuration
+      Name="Flash"
+      arm_target_flash_loader_file_path="$(TargetsDir)/Kinetis/Release/Loader3.elf" />
+  </project>
+  <project Name="benchmark_ltc">
+    <configuration
+      Name="Common"
+      Placement="Flash"
+      Target="MK82FN256xxx15"
+      arm_architecture="v7EM"
+      arm_core_type="Cortex-M4"
+      arm_fpu_type="FPv4-SP-D16"
+      arm_linker_fiq_stack_size="0"
+      arm_linker_heap_size="91136"
+      arm_linker_irq_stack_size="0"
+      arm_linker_stack_size="30720"
+      arm_simulator_memory_simulation_filename="$(TargetsDir)/Kinetis/KinetisSimulatorMemory.dll"
+      arm_simulator_memory_simulation_parameter="MK82FN256xxx15;0x40000;0x0;0x0;0x40000;4"
+      arm_target_loader_applicable_loaders="Flash"
+      arm_target_loader_default_loader="Flash"
+      c_preprocessor_definitions="WOLFSSL_ROWLEY_ARM;WOLFSSL_USER_SETTINGS"
+      c_user_include_directories=".;./drivers;./mmcau_2.0.0;./CMSIS/Include;../;../../;$(TargetsDir);$(TargetsDir)/Kinetis;$(TargetsDir)/Kinetis/CMSIS;$(TargetsDir)/Kinetis/CMSIS/include;$(TargetsDir)/CMSIS_3/CMSIS/include"
+      debug_register_definition_file="$(TargetsDir)/Kinetis/MK82F25615_Peripherals.xml"
+      linker_memory_map_file="$(TargetsDir)/Kinetis/MK82FN256xxx15_MemoryMap.xml"
+      linker_memory_map_macros="FLASHSIZE=0x40000;SRAMSIZE=0x40000"
+      linker_output_format="bin"
+      project_dependencies="libwolfssl_ltc"
+      project_type="Executable"
+      property_groups_file_path="$(TargetsDir)/Kinetis/propertyGroups.xml"
+      target_get_partname_script="GetPartName()"
+      target_match_partname_script="MatchPartName(&quot;$(Target)&quot;)"
+      target_reset_script="FLASHReset()"
+      target_script_file="$(TargetsDir)/Kinetis/Kinetis_Target.js" />
+    <folder Name="Source Files">
+      <configuration Name="Common" filter="c;cpp;cxx;cc;h;s;asm;inc" />
+      <file file_name="retarget.c" />
+      <file file_name="kinetis_hw.c" />
+      <file file_name="hw.h" />
+      <file file_name="benchmark_main.c" />
+      <file file_name="arm_startup.c" />
+      <file file_name="user_settings.h" />
+      <file file_name="README.md" />
+      <folder Name="mmcau">
+        <file file_name="mmcau_2.0.0/cau_api.h" />
+        <file file_name="mmcau_2.0.0/fsl_mmcau.c" />
+        <file file_name="mmcau_2.0.0/fsl_mmcau.h" />
+        <file file_name="mmcau_2.0.0/README.txt" />
+        <folder Name="asm-cm4-cm7">
+          <file file_name="mmcau_2.0.0/asm-cm4-cm7/lib_mmcau.a">
+            <configuration Name="ARM_Debug" build_exclude_from_build="No" />
+          </file>
+        </folder>
+      </folder>
+    </folder>
+    <folder Name="System Files">
+      <file file_name="Kinetis_FlashPlacement.xml" />
+    </folder>
+    <configuration
+      Name="Flash"
+      arm_target_flash_loader_file_path="$(TargetsDir)/Kinetis/Release/Loader3.elf" />
+  </project>
+  <configuration
+    Name="ARM"
+    Platform="ARM"
+    arm_architecture="v7EM"
+    arm_core_type="Cortex-M4"
+    arm_instruction_set="ARM"
+    arm_library_instruction_set="ARM"
+    c_preprocessor_definitions="__ARM"
+    hidden="Yes" />
+  <configuration
+    Name="LE"
+    arm_endian="Little"
+    c_preprocessor_definitions="__LITTLE_ENDIAN"
+    hidden="Yes" />
+  <configuration
+    Name="BE"
+    arm_endian="Big"
+    c_preprocessor_definitions="__BIG_ENDIAN"
+    hidden="Yes" />
+  <configuration
+    Name="Soft"
+    arm_fp_abi="Soft"
+    c_preprocessor_definitions="__FP_ABI_SOFT__"
+    hidden="Yes" />
+  <configuration
+    Name="Small"
+    arm_library_optimization="Small"
+    c_preprocessor_definitions="__OPTIMIZATION_SMALL"
+    gcc_optimization_level="Optimize For Size"
+    hidden="Yes" />
+  <configuration Name="WCHAR16" gcc_wchar_size="16-Bit" hidden="Yes" />
+  <configuration
+    Name="Debug"
+    c_preprocessor_definitions="DEBUG"
+    gcc_debugging_level="Level 3"
+    gcc_optimization_level="None"
+    hidden="Yes" />
+  <configuration
+    Name="Float"
+    c_preprocessor_definitions="SHORT_FLOAT"
+    double_is_float="Yes"
+    hidden="Yes" />
+  <configuration
+    Name="Release"
+    c_preprocessor_definitions="NDEBUG"
+    gcc_debugging_level="Level 1"
+    gcc_optimization_level="Level 1"
+    hidden="Yes" />
+  <configuration
+    Name="Fast"
+    arm_library_optimization="Fast"
+    c_preprocessor_definitions="__OPTIMIZATION_FAST"
+    gcc_optimization_level="Level 1"
+    hidden="Yes" />
+  <configuration
+    Name="THUMB"
+    Platform="ARM"
+    arm_instruction_set="Thumb"
+    arm_library_instruction_set="Thumb"
+    c_preprocessor_definitions="__THUMB"
+    hidden="Yes" />
+  <configuration
+    Name="Hard"
+    arm_fp_abi="Hard"
+    c_preprocessor_definitions="__FP_ABI_HARD__"
+    hidden="Yes" />
+  <configuration
+    Name="Flash"
+    c_preprocessor_definitions="__FLASH_BUILD"
+    hidden="Yes" />
+  <configuration
+    Name="RAM"
+    c_preprocessor_definitions="__RAM_BUILD"
+    hidden="Yes" />
+  <configuration
+    Name="Kinetis"
+    arm_target_debug_interface_type="ADIv5"
+    c_preprocessor_definitions="FREESCALE;K_SERIES;CPU_MK82FN256VLL15;FREESCALE_KSDK_BM;USE_NXP_LTC;USE_NXP_MMCAU"
+    hidden="Yes"
+    linker_section_placement_file="$(ProjectDir)/Kinetis_FlashPlacement.xml" />
+  <configuration
+    Name="V4"
+    arm_architecture="v4T"
+    arm_interwork="No"
+    c_preprocessor_definitions="__ARCH_V4"
+    hidden="Yes" />
+  <configuration
+    Name="V4T"
+    arm_architecture="v4T"
+    c_preprocessor_definitions="__ARCH_V4T"
+    hidden="Yes" />
+  <configuration
+    Name="V5TE"
+    arm_architecture="v5TE"
+    c_preprocessor_definitions="__ARCH_V5TE"
+    hidden="Yes" />
+  <configuration
+    Name="V6"
+    arm_architecture="v6"
+    c_preprocessor_definitions="__ARCH_V6"
+    hidden="Yes" />
+  <configuration
+    Name="V7A"
+    arm_architecture="v7A"
+    c_preprocessor_definitions="__ARCH_V7A"
+    hidden="Yes" />
+  <configuration
+    Name="V7R"
+    arm_architecture="v7R"
+    c_preprocessor_definitions="__ARCH_V7R"
+    hidden="Yes" />
+  <configuration
+    Name="V6M"
+    arm_architecture="v6M"
+    c_preprocessor_definitions="__ARCH_V6M"
+    hidden="Yes" />
+  <configuration
+    Name="V7M"
+    arm_architecture="v7M"
+    c_preprocessor_definitions="__ARCH_V7M"
+    hidden="Yes" />
+  <configuration
+    Name="V7EM"
+    arm_architecture="v7EM"
+    c_preprocessor_definitions="__ARCH_V7EM"
+    hidden="Yes" />
+  <configuration
+    Name="V5TE VFP"
+    arm_architecture="v5TE"
+    arm_fpu_type="VFP"
+    c_preprocessor_definitions="__ARCH_V5TE;__FPU_VFP__"
+    hidden="Yes" />
+  <configuration
+    Name="SoftFP"
+    arm_fp_abi="SoftFP"
+    c_preprocessor_definitions="__FP_ABI_SOFT_FP__"
+    hidden="Yes" />
+  <configuration
+    Name="V6 VFP"
+    arm_architecture="v6"
+    arm_fpu_type="VFP"
+    c_preprocessor_definitions="__ARCH_V6;__FPU_VFP__"
+    hidden="Yes" />
+  <configuration
+    Name="V7A VFPv3-D32"
+    arm_architecture="v7A"
+    arm_fpu_type="VFPv3-D32"
+    c_preprocessor_definitions="__ARCH_V7A;__FPU_VFP__"
+    hidden="Yes" />
+  <configuration
+    Name="V7A VFPv4-D16"
+    arm_architecture="v7A"
+    arm_fpu_type="VFPv4-D16"
+    c_preprocessor_definitions="__ARCH_V7A;__FPU_VFP__"
+    hidden="Yes" />
+  <configuration
+    Name="V7A_IDIV VFPv4-D16"
+    arm_architecture="v7A"
+    arm_fpu_type="VFPv4-D16"
+    arm_v7_has_divide_instructions="Yes"
+    c_preprocessor_definitions="__ARCH_V7A;__FPU_VFP__"
+    hidden="Yes" />
+  <configuration
+    Name="V7R VFPv3-D16"
+    arm_architecture="v7R"
+    arm_fpu_type="VFPv3-D16"
+    c_preprocessor_definitions="__ARCH_V7R;__FPU_VFP__"
+    hidden="Yes" />
+  <configuration
+    Name="V7R_IDIV VFPv3-D16"
+    arm_architecture="v7R"
+    arm_fpu_type="VFPv3-D16"
+    arm_v7_has_divide_instructions="Yes"
+    c_preprocessor_definitions="__ARCH_V7R;__FPU_VFP__"
+    hidden="Yes" />
+  <configuration
+    Name="V7EM FPv4-SP-D16"
+    arm_architecture="v7EM"
+    arm_fpu_type="FPv4-SP-D16"
+    c_preprocessor_definitions="__ARCH_V7EM;__FPV4_SP_D16__"
+    hidden="Yes" />
+  <configuration
+    Name="V7EM FPv5-SP-D16"
+    arm_architecture="v7EM"
+    arm_fpu_type="FPv5-SP-D16"
+    c_preprocessor_definitions="__ARCH_V7EM;__FPV5_SP_D16__"
+    hidden="Yes" />
+  <configuration
+    Name="V7EM FPv5-D16"
+    arm_architecture="v7EM"
+    arm_fpu_type="FPv5-D16"
+    c_preprocessor_definitions="__ARCH_V7EM;__FPU_VFP__"
+    hidden="Yes" />
+  <configuration
+    Name="ARM_Debug"
+    batch_build_configurations="V7EM THUMB * Debug"
+    inherited_configurations="ARM;V7EM;Debug;Kinetis;THUMB;Flash" />
+  <configuration
+    Name="ARM_Release"
+    batch_build_configurations="V7EM THUMB * Release"
+    inherited_configurations="ARM;V7EM;Release;Kinetis;Flash;THUMB" />
+  <configuration
+    Name="Common"
+    build_intermediate_directory="$(ProjectName)_$(Configuration)"
+    build_output_directory="$(ProjectName)_$(Configuration)" />
+</solution>

IDE/WIN-SGX/ReadMe.txt

@@ -0,0 +1,33 @@
+==================================================================================================
+                Static Library : wolfssl Project Overview
+==================================================================================================
+
+Requirements:
+This code was created to use Intel's SGX hardware. It is expected that the user has gone through the
+steps of both turning on the hardware in bios if needed and has installed the necesary software
+from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have
+not been done then it is expected that the user is familure with simiulation software being used in
+place of hardware.
+
+Overview and Build:
+This project creates a static library to then link with Enclaves. A simple example of an Enclave
+linking to the created wolfSSL library can be found in wolfssl-examples on github. By default
+the Platform Toolset is set to "Intel C++ Compiler 16.0", this may need adjusted depending on
+available compilers on the system being built on.
+    Testing and development was done with Visual Studio 2013. This project may build with other versions
+of Visual Studio but has not been tested with them.
+
+To link with the created library with Visual Studio first open the wolfSSL_SGX project in Visual Studio.
+Select platform desired from build configuration ie Win32 or x64. (note the architecture of the library
+should match that of the Enclave/application being linked to it) Select Debug or PreSales, if looking
+to build in Release mode look at Intels documentation for farther steps on creating a Release build.
+Next select Build->Build Solution. This will create a library named wolfssl.lib in the directory
+wolfssl-root/IDE/WIN-SGX/<Configuration>/<Platform>. Move this library to the search path of Enclave
+linking to. Next create an Enclave using the library.
+
+Limitations:
+    Single Threaded (multiple threaded applications have not been tested)
+    Crypto Only (network communication from trusted Enclave has not been added yet)
+    No ASN/Certificates (handling getting the system time has not yet been added)
+    AES-NI use with SGX has not been added in yet
+

IDE/WIN-SGX/include.am

@@ -0,0 +1,9 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/WIN-SGX/ReadMe.txt
+EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.edl
+EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.sln
+EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.vcxproj
+EXTRA_DIST+= IDE/WIN-SGX/wolfSSL_SGX.vcxproj.filters

IDE/WIN-SGX/wolfSSL_SGX.edl

@@ -0,0 +1,11 @@
+enclave {
+
+    trusted {
+
+    };
+
+    untrusted {
+        /* define OCALLs here. */
+    
+    };
+};

IDE/WIN-SGX/wolfSSL_SGX.sln

@@ -0,0 +1,40 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.31101.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfSSL_SGX", "wolfSSL_SGX.vcxproj", "{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Prerelease|Win32 = Prerelease|Win32
+		Prerelease|x64 = Prerelease|x64
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+		Simulation|Win32 = Simulation|Win32
+		Simulation|x64 = Simulation|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Debug|Win32.Build.0 = Debug|Win32
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Debug|x64.ActiveCfg = Debug|x64
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Debug|x64.Build.0 = Debug|x64
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Prerelease|Win32.ActiveCfg = Prerelease|Win32
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Prerelease|Win32.Build.0 = Prerelease|Win32
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Prerelease|x64.ActiveCfg = Prerelease|x64
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Prerelease|x64.Build.0 = Prerelease|x64
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Release|Win32.ActiveCfg = Release|Win32
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Release|Win32.Build.0 = Release|Win32
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Release|x64.ActiveCfg = Release|x64
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Release|x64.Build.0 = Release|x64
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Simulation|Win32.ActiveCfg = Simulation|Win32
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Simulation|Win32.Build.0 = Simulation|Win32
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Simulation|x64.ActiveCfg = Simulation|x64
+		{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}.Simulation|x64.Build.0 = Simulation|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

IDE/WIN-SGX/wolfSSL_SGX.vcxproj

@@ -0,0 +1,321 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Prerelease|Win32">
+      <Configuration>Prerelease</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Prerelease|x64">
+      <Configuration>Prerelease</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Simulation|Win32">
+      <Configuration>Simulation</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Simulation|x64">
+      <Configuration>Simulation</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D4D81C31-1404-4E8C-8E8C-19C3A74F66F3}</ProjectGuid>
+    <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
+    <ProjectName>wolfSSL_SGX</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>Intel C++ Compiler 16.0</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>Intel C++ Compiler 16.0</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>Intel C++ Compiler 16.0</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>Intel C++ Compiler 16.0</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>Intel C++ Compiler 16.0</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>Intel C++ Compiler 16.0</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>Intel C++ Compiler 16.0</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>Intel C++ Compiler 16.0</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|Win32'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|x64'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|Win32'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|x64'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|Win32'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|x64'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Simulation|Win32'">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|x64'" Label="PropertySheets">
+    <Import Project="$(LocalAppData)\Microsoft\VisualStudio\12.0\SecureEnclave.$(Platform).props" Condition="exists('$(LocalAppData)\Microsoft\VisualStudio\11.0\SecureEnclave.$(Platform).props')" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <IncludePath>$(NoInherit)</IncludePath>
+    <LibraryPath>$(NoInherit)</LibraryPath>
+    <IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <TargetName>wolfssl</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <IncludePath>$(NoInherit)</IncludePath>
+    <LibraryPath>$(NoInherit)</LibraryPath>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform\obj\</IntDir>
+    <TargetName>wolfssl</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|Win32'">
+    <IncludePath>$(NoInherit)</IncludePath>
+    <LibraryPath>$(NoInherit)</LibraryPath>
+    <IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|x64'">
+    <IncludePath>$(NoInherit)</IncludePath>
+    <LibraryPath>$(NoInherit)</LibraryPath>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <IncludePath>$(NoInherit)</IncludePath>
+    <LibraryPath>$(NoInherit)</LibraryPath>
+    <IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <IncludePath>$(NoInherit)</IncludePath>
+    <LibraryPath>$(NoInherit)</LibraryPath>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|Win32'">
+    <IncludePath>$(NoInherit)</IncludePath>
+    <LibraryPath>$(NoInherit)</LibraryPath>
+    <IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <TargetName>wolfssl</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|x64'">
+    <IncludePath>$(NoInherit)</IncludePath>
+    <LibraryPath>$(NoInherit)</LibraryPath>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform\obj\</IntDir>
+    <TargetName>wolfssl</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <Optimization>Disabled</Optimization>
+      <WarningLevel>Level4</WarningLevel>
+      <AdditionalIncludeDirectories>../../;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;$(SolutionDir)wolfssl-3.9.6;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_SGX</PreprocessorDefinitions>
+    </ClCompile>
+    <Lib>
+      <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <Optimization>Disabled</Optimization>
+      <WarningLevel>Level4</WarningLevel>
+      <AdditionalIncludeDirectories>../../;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;$(SolutionDir)wolfssl-3.9.6;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_SGX</PreprocessorDefinitions>
+    </ClCompile>
+    <Lib>
+      <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|Win32'">
+    <ClCompile>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <Optimization>Disabled</Optimization>
+      <WarningLevel>Level4</WarningLevel>
+      <AdditionalIncludeDirectories>../../;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_SGX</PreprocessorDefinitions>
+    </ClCompile>
+    <Lib>
+      <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Simulation|x64'">
+    <ClCompile>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <Optimization>Disabled</Optimization>
+      <WarningLevel>Level3</WarningLevel>
+      <AdditionalIncludeDirectories>../../;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_SGX</PreprocessorDefinitions>
+    </ClCompile>
+    <Lib>
+      <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <Optimization>MaxSpeed</Optimization>
+      <WarningLevel>Level4</WarningLevel>
+      <AdditionalIncludeDirectories>../../;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;$(SolutionDir)wolfssl-3.9.6;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_SGX</PreprocessorDefinitions>
+    </ClCompile>
+    <Lib>
+      <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <Optimization>MaxSpeed</Optimization>
+      <WarningLevel>Level3</WarningLevel>
+      <AdditionalIncludeDirectories>../../;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;$(SolutionDir)wolfssl-3.9.6;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_SGX</PreprocessorDefinitions>
+    </ClCompile>
+    <Lib>
+      <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|Win32'">
+    <ClCompile>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <Optimization>MaxSpeed</Optimization>
+      <WarningLevel>Level4</WarningLevel>
+      <AdditionalIncludeDirectories>../../;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_SGX</PreprocessorDefinitions>
+    </ClCompile>
+    <Lib>
+      <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Prerelease|x64'">
+    <ClCompile>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <Optimization>MaxSpeed</Optimization>
+      <WarningLevel>Level3</WarningLevel>
+      <AdditionalIncludeDirectories>../../;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;$(SolutionDir)wolfssl-3.9.6;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PreprocessorDefinitions>WOLFSSL_LIB;WOLFSSL_SGX</PreprocessorDefinitions>
+    </ClCompile>
+    <Lib>
+      <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="wolfSSLEnclaveLib_t.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">..\..;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;$(SolutionDir)wolfssl-3.9.6;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Simulation|x64'">..\..;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Prerelease|x64'">..\..;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;$(SolutionDir)wolfssl-3.9.6;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..;$(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\stlport;$(SolutionDir)wolfssl-3.9.6;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

IDE/WIN-SGX/wolfSSL_SGX.vcxproj.filters

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Generated Files">
+      <UniqueIdentifier>{750b7ded-415e-41ff-a260-cdeed365e21c}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{14d1a4f3-1b3b-4e74-be2c-af4e52bd5c11}</UniqueIdentifier>
+      <Extensions>cpp;c;edl;def; .. and other options</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{22d38e35-4cca-4899-9551-3809351f7aa5}</UniqueIdentifier>
+      <Extensions>h;hpp; .. and other options</Extensions>
+    </Filter>
+    <Filter Include="Source Files\Resource Files">
+      <UniqueIdentifier>{e5d0cd71-716c-402b-a23c-4a161912a7b1}</UniqueIdentifier>
+      <Extensions>rc;xml;pem; .. and other options</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="wolfSSLEnclaveLib_t.h">
+      <Filter>Generated Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>

IDE/WIN/user_settings.h

@@ -30,6 +30,8 @@
     #define NO_PSK
     #define HAVE_EXTENDED_MASTER
     #define WOLFSSL_SNIFFER
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SECURE_RENEGOTIATION
 #else
     /* The servers and clients */
     #define OPENSSL_EXTRA

IDE/WIN/wolfssl-fips.vcxproj

@@ -300,7 +300,9 @@
     <ClCompile Include="..\..\src\ssl.c" />
     <ClCompile Include="..\..\src\tls.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
   </ItemGroup>
   <ItemGroup>
     <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
@@ -324,4 +326,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>

IDE/include.am

@@ -4,8 +4,10 @@
 
 include IDE/iOS/include.am
 include IDE/WIN/include.am
+include IDE/WIN-SGX/include.am
 include IDE/WORKBENCH/include.am
 include IDE/ROWLEY-CROSSWORKS-ARM/include.am
 include IDE/ARDUINO/include.am
+include IDE/INTIME-RTOS/include.am
 
-EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO
+EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR

Makefile.am

@@ -38,11 +38,34 @@ CLEANFILES+= cert.der \
              othercert.der \
              othercert.pem \
              pkcs7cert.der \
+             pkcs7encryptedDataAES128CBC.der \
+             pkcs7encryptedDataAES192CBC.der \
+             pkcs7encryptedDataAES256CBC_attribs.der \
+             pkcs7encryptedDataAES256CBC.der \
+             pkcs7encryptedDataAES256CBC_multi_attribs.der \
+             pkcs7encryptedDataDES3.der \
+             pkcs7encryptedDataDES.der \
+             pkcs7envelopedDataAES256CBC_ECDH.der \
+             pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der \
+             pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der \
+             pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der \
+             pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der \
              pkcs7envelopedDataDES3.der \
              pkcs7envelopedDataAES128CBC.der \
              pkcs7envelopedDataAES192CBC.der \
              pkcs7envelopedDataAES256CBC.der \
-             pkcs7signedData.der
+             pkcs7signedData_RSA_SHA.der \
+             pkcs7signedData_RSA_SHA_noattr.der \
+             pkcs7signedData_RSA_SHA224.der \
+             pkcs7signedData_RSA_SHA256.der \
+             pkcs7signedData_RSA_SHA384.der \
+             pkcs7signedData_RSA_SHA512.der \
+             pkcs7signedData_ECDSA_SHA.der \
+             pkcs7signedData_ECDSA_SHA_noattr.der \
+             pkcs7signedData_ECDSA_SHA224.der \
+             pkcs7signedData_ECDSA_SHA256.der \
+             pkcs7signedData_ECDSA_SHA384.der \
+             pkcs7signedData_ECDSA_SHA512.der
 
 exampledir = $(docdir)/example
 dist_example_DATA=
@@ -88,6 +111,9 @@ include testsuite/include.am
 include tests/include.am
 include sslSniffer/sslSnifferTest/include.am
 include rpm/include.am
+
+# Exclude references to non-DFSG sources from build files
+if !BUILD_DISTRO
 include mqx/util_lib/Sources/include.am
 include mqx/wolfcrypt_benchmark/Sources/include.am
 include mqx/wolfcrypt_test/Sources/include.am
@@ -103,8 +129,9 @@ include mcapi/wolfcrypt_test.X/nbproject/include.am
 include mcapi/wolfssl.X/nbproject/include.am
 include mcapi/zlib.X/nbproject/include.am
 include tirtos/include.am
-include scripts/include.am
 include IDE/include.am
+endif
+include scripts/include.am
 
 if USE_VALGRIND
 TESTS_ENVIRONMENT=./valgrind-error.sh

README

@@ -3,7 +3,7 @@
 Note 1)
 wolfSSL as of 3.6.6 no longer enables SSLv3 by default.  wolfSSL also no
 longer supports static key cipher suites with PSK, RSA, or ECDH.  This means
-if you plan to use TLS cipher suites you must enable DH (DH is on  by default),
+if you plan to use TLS cipher suites you must enable DH (DH is on by default),
 or enable ECC (ECC is on by default on 64bit systems), or you must enable static
 key cipher suites with
     WOLFSSL_STATIC_DH
@@ -12,11 +12,11 @@ key cipher suites with
     WOLFSSL_STATIC_PSK
 
 though static key cipher suites are deprecated and will be removed from future
-versions of TLS.  They also lower your security by removing PFS. Since current
+versions of TLS.  They also lower your security by removing PFS.  Since current
 NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
 used in order to build with NTRU suites.
 
-When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
+When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
 are available.  You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
 in the event that you desire that, i.e., you're not using TLS cipher suites.
 
@@ -34,6 +34,141 @@ before calling wolfSSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
+********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
+
+Release 3.11.0 of wolfSSL has bug fixes and new features including:
+
+- Code updates for warnings reported by Coverity scans
+- Testing and warning fixes for FreeBSD on PowerPC
+- Updates and refactoring done to ASN1 parsing functions
+- Change max PSK identity buffer to account for an identity length of 128 characters
+- Update Arduino script to handle recent files and additions
+- Added support for PKCS#7 Signed Data with ECDSA
+- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
+- DTLS update to allow multiple handshake messages in one DTLS record
+- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
+- Added support for HAproxy load balancer
+- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
+- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
+- Fix to not send session ID on server side if session cache is off unless we're echoing
+session ID as part of session tickets
+- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
+- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
+- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
+- Fixes for TLS elliptic curve selection on private key import.
+- Fixes for RNG with Intel rdrand and rdseed speedups.
+- Improved performance with Intel rdrand to use full 64-bit output
+- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
+- Removed RNG ARC4 support
+- Added ECC helpers to get size and id from curve name.
+- Added ECC Cofactor DH (ECC-CDH) support
+- Added ECC private key only import / export functions.
+- Added PKCS8 create function
+- Improvements to TLS layer CTX handling for switching keys / certs.
+- Added check for duplicate certificate policy OID in certificates.
+- Normal math speed-up to not allocate on mp_int and defer until mp_grow
+- Reduce heap usage with fast math when not using ALT_ECC_SIZE
+- Fixes for building CRL with Windows
+- Added support for inline CRL lookup when HAVE_CRL_IO is defined
+- Added port for tenAsys INtime RTOS
+- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
+- Updated WPA Supplicant support
+- Added support for Nginx
+- Update stunnel port for version 5.40
+- Fixes for STM32 hardware crypto acceleration
+- Extended test code coverage in bundled test.c
+- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
+- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
+
+
+This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
+
+3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
+- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
+- Fix for DH key accepted by wc_DhAgree when the key was malformed.
+- Fix for a double free case when adding CA cert into X509_store.
+
+Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
+
+Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
+
+Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
+
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
+********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
+
+Release 3.10.2 of wolfSSL has bug fixes and new features including:
+
+- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro
+- Compatibility layer expanded with multiple functions added
+- Improve fp_copy performance with ALT_ECC_SIZE
+- OCSP updates and improvements
+- Fixes for IAR EWARM 8 compiler warnings
+- Reduce stack usage with ECC_CACHE_CURVE disabled
+- Added ECC export raw for public and private key
+- Fix for NO_ASN_TIME build
+- Supported curves extensions now populated by default
+- Add DTLS build without big integer math
+- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR
+- Added PSK interoperability testing to script bundled with wolfSSL
+- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray)
+- Fix for tests on unaligned memory with static memory feature
+- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates
+- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret
+- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage
+
+
+This release of wolfSSL fixes 2 low and 1 medium level security vulnerability.
+
+Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report.
+
+Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update.
+
+Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report.
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016)
+
+Release 3.10.0 of wolfSSL has bug fixes and new features including:
+
+- Added support for SHA224
+- Added scrypt feature
+- Build for Intel SGX use, added in directory IDE/WIN-SGX
+- Fix for ChaCha20-Poly1305 ECDSA certificate type request
+- Enhance PKCS#7 with ECC enveloped data and AES key wrap support
+- Added support for RIOT OS
+- Add support for parsing PKCS#12 files
+- ECC performance increased with custom curves
+- ARMv8 expanded to AArch32 and performance increased
+- Added ANSI-X9.63-KDF support
+- Port to STM32 F2/F4 CubeMX
+- Port to Atmel ATECC508A board
+- Removed fPIE by default when wolfSSL library is compiled
+- Update to Python wrapper, dropping DES and adding wc_RSASetRNG
+- Added support for NXP K82 hardware acceleration
+- Added SCR client and server verify check
+- Added a disable rng option with autoconf
+- Added more tests vectors to test.c with AES-CTR
+- Updated DTLS session export version number
+- Updated DTLS for 64 bit sequence numbers
+- Fix for memory management with TI and WOLFSSL_SMALL_STACK
+- Hardening RSA CRT to be constant time
+- Fix uninitialized warning with IAR compiler
+- Fix for C# wrapper example IO hang on unexpected connection termination
+
+
+This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site:
+
+https://wolfssl.com/wolfSSL/security/vulnerabilities.php
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
 
 ********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016)
 

README.md

@@ -4,7 +4,7 @@
 ```
 wolfSSL as of 3.6.6 no longer enables SSLv3 by default.  wolfSSL also no
 longer supports static key cipher suites with PSK, RSA, or ECDH.  This means
-if you plan to use TLS cipher suites you must enable DH (DH is on  by default),
+if you plan to use TLS cipher suites you must enable DH (DH is on by default),
 or enable ECC (ECC is on by default on 64bit systems), or you must enable static
 key cipher suites with
     WOLFSSL_STATIC_DH
@@ -13,12 +13,12 @@ key cipher suites with
     WOLFSSL_STATIC_PSK
 
 though static key cipher suites are deprecated and will be removed from future
-versions of TLS.  They also lower your security by removing PFS. Since current
+versions of TLS.  They also lower your security by removing PFS.  Since current
 NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
 used in order to build with NTRU suites.
 
 
-When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
+When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
 are available.  You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
 in the event that you desire that, i.e., you're not using TLS cipher suites.
 ```
@@ -38,6 +38,144 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```
 
+# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
+
+## Release 3.11.0 of wolfSSL has bug fixes and new features including:
+
+- Code updates for warnings reported by Coverity scans
+- Testing and warning fixes for FreeBSD on PowerPC
+- Updates and refactoring done to ASN1 parsing functions
+- Change max PSK identity buffer to account for an identity length of 128 characters
+- Update Arduino script to handle recent files and additions
+- Added support for PKCS#7 Signed Data with ECDSA
+- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
+- DTLS update to allow multiple handshake messages in one DTLS record
+- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
+- Added support for HAproxy load balancer
+- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
+- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
+- Fix to not send session ID on server side if session cache is off unless we're echoing 
+session ID as part of session tickets
+- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
+- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
+- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
+- Fixes for TLS elliptic curve selection on private key import.
+- Fixes for RNG with Intel rdrand and rdseed speedups.
+- Improved performance with Intel rdrand to use full 64-bit output
+- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source 
+- Removed RNG ARC4 support
+- Added ECC helpers to get size and id from curve name.
+- Added ECC Cofactor DH (ECC-CDH) support
+- Added ECC private key only import / export functions.
+- Added PKCS8 create function
+- Improvements to TLS layer CTX handling for switching keys / certs.
+- Added check for duplicate certificate policy OID in certificates.
+- Normal math speed-up to not allocate on mp_int and defer until mp_grow
+- Reduce heap usage with fast math when not using ALT_ECC_SIZE
+- Fixes for building CRL with Windows
+- Added support for inline CRL lookup when HAVE_CRL_IO is defined
+- Added port for tenAsys INtime RTOS
+- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
+- Updated WPA Supplicant support
+- Added support for Nginx
+- Update stunnel port for version 5.40
+- Fixes for STM32 hardware crypto acceleration
+- Extended test code coverage in bundled test.c
+- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
+- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
+
+
+This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
+
+3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
+- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
+- Fix for DH key accepted by wc_DhAgree when the key was malformed.
+- Fix for a double free case when adding CA cert into X509_store.
+
+Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
+
+
+Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
+
+Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
+
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
+# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
+
+## Release 3.10.2 of wolfSSL has bug fixes and new features including:
+
+- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro
+- Compatibility layer expanded with multiple functions added
+- Improve fp_copy performance with ALT_ECC_SIZE
+- OCSP updates and improvements
+- Fixes for IAR EWARM 8 compiler warnings
+- Reduce stack usage with ECC_CACHE_CURVE disabled
+- Added ECC export raw for public and private key
+- Fix for NO_ASN_TIME build
+- Supported curves extensions now populated by default
+- Add DTLS build without big integer math
+- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR
+- Added PSK interoperability testing to script bundled with wolfSSL
+- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray)
+- Fix for tests on unaligned memory with static memory feature
+- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates
+- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret
+- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage
+
+
+This release of wolfSSL fixes 2 low and 1 medium level security vulnerability.
+
+Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report.
+
+Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update.
+
+Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report.
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
+# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016)
+
+## Release 3.10.0 of wolfSSL has bug fixes and new features including:
+
+- Added support for SHA224
+- Added scrypt feature
+- Build for Intel SGX use, added in directory IDE/WIN-SGX
+- Fix for ChaCha20-Poly1305 ECDSA certificate type request
+- Enhance PKCS#7 with ECC enveloped data and AES key wrap support
+- Added support for RIOT OS
+- Add support for parsing PKCS#12 files
+- ECC performance increased with custom curves
+- ARMv8 expanded to AArch32 and performance increased
+- Added ANSI-X9.63-KDF support
+- Port to STM32 F2/F4 CubeMX
+- Port to Atmel ATECC508A board
+- Removed fPIE by default when wolfSSL library is compiled
+- Update to Python wrapper, dropping DES and adding wc_RSASetRNG
+- Added support for NXP K82 hardware acceleration
+- Added SCR client and server verify check
+- Added a disable rng option with autoconf
+- Added more tests vectors to test.c with AES-CTR
+- Updated DTLS session export version number
+- Updated DTLS for 64 bit sequence numbers
+- Fix for memory management with TI and WOLFSSL_SMALL_STACK
+- Hardening RSA CRT to be constant time
+- Fix uninitialized warning with IAR compiler
+- Fix for C# wrapper example IO hang on unexpected connection termination
+
+
+This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site:
+
+https://wolfssl.com/wolfSSL/security/vulnerabilities.php
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
 
 # wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016)
 

autogen.sh

@@ -22,6 +22,20 @@ if test -e .git; then
   # touch async crypt files
   touch ./wolfcrypt/src/async.c
   touch ./wolfssl/wolfcrypt/async.h
+
+  # touch async port files
+  touch ./wolfcrypt/src/port/intel/quickassist.c
+  touch ./wolfcrypt/src/port/intel/quickassist_mem.c
+  touch ./wolfcrypt/src/port/cavium/cavium_nitrox.c
+  if [ ! -d ./wolfssl/wolfcrypt/port/intel ]; then
+    mkdir ./wolfssl/wolfcrypt/port/intel
+  fi
+  touch ./wolfssl/wolfcrypt/port/intel/quickassist.h
+  touch ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h
+  if [ ! -d ./wolfssl/wolfcrypt/port/cavium ]; then
+    mkdir ./wolfssl/wolfcrypt/port/cavium
+  fi
+  touch ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h
 else
   WARNINGS="all"
 fi

certs/dsaparams.pem

@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHwKBgQDN3iVogFMN5XfW0pA5P5CiPzOUbuhPK2OrMKsVuhHqil2NzLjUodXB
+R51ac2piSdEGB2f2L6M5vU4NtNMiI4TskyZaSe58iUhmTejo2FD7pXGfIhjl5gtG
+h2buUo9GT7UDzu3jvuW1gdJZ6cCtTdBNJve6UOjJj/4kGT0up1I8bQIVAPtH++yB
+IMgc6Uq6BG8Zm5TugmfTAoGBAJuVu4XFWEoynKpEhdZo3D4U9M5to0k46tZhSJJa
+QJVJOKrhOSloWEeKSwHhLo5sY29AylA/jAuZ5HJCuLHCJkjxnIPGNy5arhEJ2fOt
+H2+trVDjeDLm3o6qv9EAn7MCEhmiFewUGFwOJs75rsx7tdEm/IX+FJO2nX124zWX
+Ht7E
+-----END DSA PARAMETERS-----

certs/external/ca-verisign-g5.pem

@@ -26,3 +26,17 @@ WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
 hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i
+2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
+2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
+-----END CERTIFICATE-----

certs/include.am

@@ -9,9 +9,11 @@ EXTRA_DIST += \
 	     certs/client-keyEnc.pem \
 	     certs/client-key.pem \
 	     certs/ecc-key.pem \
+	     certs/ecc-keyPkcs8Enc.pem \
 	     certs/ecc-key-comp.pem \
 	     certs/ecc-keyPkcs8.pem \
 	     certs/ecc-client-key.pem \
+	     certs/ecc-client-keyPub.pem \
 	     certs/client-ecc-cert.pem \
 	     certs/client-ca.pem \
 	     certs/ntru-cert.pem \
@@ -22,6 +24,7 @@ EXTRA_DIST += \
 	     certs/server-ecc-rsa.pem \
 	     certs/server-keyEnc.pem \
 	     certs/server-key.pem \
+	     certs/server-keyPkcs8.der \
 	     certs/server-keyPkcs8Enc12.pem \
 	     certs/server-keyPkcs8Enc2.pem \
 	     certs/server-keyPkcs8Enc.pem \
@@ -29,23 +32,33 @@ EXTRA_DIST += \
 	     certs/server-revoked-cert.pem \
 	     certs/server-revoked-key.pem \
 	     certs/wolfssl-website-ca.pem \
-	     certs/test-servercert.p12
+	     certs/test-servercert.p12 \
+	     certs/dsaparams.pem
 EXTRA_DIST += \
 	     certs/ca-key.der \
 	     certs/ca-cert.der \
 	     certs/client-cert.der \
 	     certs/client-key.der \
+	     certs/client-ecc-cert.der \
 	     certs/client-keyPub.der \
 	     certs/dh2048.der \
 	     certs/rsa2048.der \
 	     certs/dsa2048.der \
+	     certs/ecc-client-key.der \
+	     certs/ecc-client-keyPub.der \
 	     certs/ecc-key.der \
 	     certs/ecc-keyPub.der \
 	     certs/server-key.der \
-	     certs/server-cert.der
+	     certs/server-cert.der \
+	     certs/server-ecc-comp.der \
+	     certs/server-ecc.der \
+	     certs/server-ecc-rsa.der \
+         certs/server-cert-chain.der
 
 dist_doc_DATA+= certs/taoCert.txt
 
 EXTRA_DIST+= certs/ntru-key.raw
 
+include certs/test/include.am
 include certs/test-pathlen/include.am
+include certs/test/include.am

certs/renewcerts.sh

@@ -16,6 +16,7 @@
 #                       1024/client-cert.pem
 #                       server-ecc-comp.pem
 #                       client-ca.pem
+#                       test/digsigku.pem
 # updates the following crls:
 #                       crl/cliCrl.pem
 #                       crl/crl.pem
@@ -128,6 +129,23 @@ function run_renewcerts(){
     cat ca_tmp.pem >> server-revoked-cert.pem
     rm ca_tmp.pem
     ###########################################################
+    ########## update and sign server-duplicate-policy.pem ####
+    ###########################################################
+    echo "Updating server-duplicate-policy.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\nMontana\nBozeman\nwolfSSL\ntesting duplicate policy\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > ./test/server-duplicate-policy-req.pem
+
+    openssl x509 -req -in ./test/server-duplicate-policy-req.pem -extfile wolfssl.cnf -extensions policy_test -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > ./test/server-duplicate-policy.pem
+
+    rm ./test/server-duplicate-policy-req.pem
+
+    openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    openssl x509 -in ./test/server-duplicate-policy.pem -text > srv_tmp.pem
+    mv srv_tmp.pem ./test/server-duplicate-policy.pem
+    cat ca_tmp.pem >> ./test/server-duplicate-policy.pem
+    rm ca_tmp.pem
+    ###########################################################
     #### update and sign (1024-bit) server-cert.pem ###########
     ###########################################################
     echo "Updating 1024-bit server-cert.pem"
@@ -208,6 +226,22 @@ function run_renewcerts(){
     echo ""
     cat client-cert.pem client-ecc-cert.pem > client-ca.pem
 
+    ############################################################
+    ###### update the self-signed test/digsigku.pem   ##########
+    ############################################################
+    echo "Updating test/digsigku.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\nWashington\nSeattle\nFoofarah\nArglebargle\nfoobarbaz\ninfo@worlss.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -sha1 -out digsigku.csr
+
+
+    openssl x509 -req -in digsigku.csr -days 1000 -extfile wolfssl.cnf -extensions digsigku -signkey ecc-key.pem -sha1 -set_serial 16393466893990650224 -out digsigku.pem
+    rm digsigku.csr
+
+    openssl x509 -in digsigku.pem -text > tmp.pem
+    mv tmp.pem digsigku.pem
+    mv digsigku.pem test/digsigku.pem
+
     ############################################################
     ########## make .der files from .pem files #################
     ############################################################

certs/renewcerts/wolfssl.cnf

@@ -148,6 +148,28 @@ subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
 
+# Test of rejecting duplicate policy extension OIDs
+[ policy_test ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:FALSE
+certificatePolicies=1.2.3.4,@policy_add
+
+[ policy_add ]
+policyIdentifier=1.2.3.4
+CPS.1="www.wolfssl.com"
+userNotice.1=@policy_usr
+
+[ policy_usr ]
+explicitText="Test of duplicate OIDs with different qualifiers"
+
+# create certificate without the digitalSignature bit set and uses sha1 sig
+[ digsigku ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=critical, CA:TRUE
+keyUsage=critical, nonRepudiation, keyEncipherment
+
 #tsa default
 [ tsa ]
 default_tsa = tsa_config1

certs/test/cert-ext-ia.cfg

@@ -0,0 +1,18 @@
+[ req ]
+distinguished_name = req_distinguished_name
+prompt             = no
+x509_extensions    = v3_ca
+
+[ req_distinguished_name ]
+C             = AU
+ST            = Queensland
+L             = Brisbane
+O             = wolfSSL Inc
+OU            = Engineering
+CN            = www.wolfssl.com
+emailAddress  = support@www.wolfsssl.com
+
+[ v3_ca ]
+inhibitAnyPolicy = critical,1
+nsComment        = "Testing inhibit any"
+

certs/test/cert-ext-nc.cfg

@@ -0,0 +1,18 @@
+[ req ]
+distinguished_name = req_distinguished_name
+prompt             = no
+x509_extensions    = v3_ca
+
+[ req_distinguished_name ]
+C             = AU
+ST            = Queensland
+L             = Brisbane
+O             = wolfSSL Inc
+OU            = Engineering
+CN            = www.wolfssl.com
+emailAddress  = support@www.wolfsssl.com
+
+[ v3_ca ]
+nameConstraints = critical,permitted;email:.wolfssl.com
+nsComment       = "Testing name constraints"
+

certs/test/digsigku.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            e3:81:4b:48:a5:70:61:70
-        Signature Algorithm: ecdsa-with-SHA1
+        Serial Number: 16393466893990650224 (0xe3814b48a5706170)
+    Signature Algorithm: ecdsa-with-SHA1
         Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
         Validity
-            Not Before: Sep 10 00:45:36 2014 GMT
-            Not After : Jun  6 00:45:36 2017 GMT
+            Not Before: May  3 00:07:20 2017 GMT
+            Not After : Jan 28 00:07:20 2020 GMT
         Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
-            EC Public Key:
+                Public-Key: (256 bit)
                 pub: 
                     04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
                     9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
@@ -19,34 +18,40 @@ Certificate:
                     21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
                     0b:80:34:89:d8
                 ASN1 OID: prime256v1
+                NIST CURVE: P-256
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
                 keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
+                DirName:/C=US/ST=Washington/L=Seattle/O=Foofarah/OU=Arglebargle/CN=foobarbaz/emailAddress=info@worlss.com
+                serial:E3:81:4B:48:A5:70:61:70
 
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Non Repudiation, Key Encipherment
     Signature Algorithm: ecdsa-with-SHA1
-        30:46:02:21:00:f4:36:ee:86:21:d5:c7:1f:2d:0d:bb:29:ae:
-        c1:74:ff:a3:ce:41:fe:cb:93:eb:ff:ef:fe:e3:4d:20:e5:18:
-        65:02:21:00:b1:39:13:12:e2:b5:19:f2:8f:5b:40:ac:7a:5c:
-        e2:a6:e3:d3:e6:9f:79:3c:29:d8:c6:7d:88:f4:60:0c:48:00
+         30:46:02:21:00:fe:d6:30:36:fb:43:39:51:d7:4a:02:24:5e:
+         b4:b1:11:e3:83:66:00:fc:24:12:1a:7e:a8:05:77:ca:f7:24:
+         2d:02:21:00:fb:59:c3:e9:6e:9b:f6:a2:46:0b:d8:ad:33:fb:
+         89:2d:80:d6:1d:68:1f:f7:d7:93:f1:0b:7a:6b:81:f5:af:62
 -----BEGIN CERTIFICATE-----
-MIICfTCCAiOgAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
+MIIDKTCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
 AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD
 VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv
-b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE0MDkx
-MDAwNDUzNloXDTE3MDYwNjAwNDUzNlowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE3MDUw
+MzAwMDcyMFoXDTIwMDEyODAwMDcyMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
 DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh
 aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG
 CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
 AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb
-l5Ihf/DPGNqREQI0huggWDMLgDSJ2KNjMGEwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
-K0olAiPvsokwMB8GA1UdIwQYMBaAFF1dJu+sfjb5m3YVK0olAiPvsokwMA8GA1Ud
-EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgVgMAkGByqGSM49BAEDSQAwRgIhAPQ2
-7oYh1ccfLQ27Ka7BdP+jzkH+y5Pr/+/+400g5RhlAiEAsTkTEuK1GfKPW0Cselzi
-puPT5p95PCnYxn2I9GAMSAA=
+l5Ihf/DPGNqREQI0huggWDMLgDSJ2KOCAQ0wggEJMB0GA1UdDgQWBBRdXSbvrH42
++Zt2FStKJQIj77KJMDCBxgYDVR0jBIG+MIG7gBRdXSbvrH42+Zt2FStKJQIj77KJ
+MKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAO
+BgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEZvb2ZhcmFoMRQwEgYDVQQLDAtBcmds
+ZWJhcmdsZTESMBAGA1UEAwwJZm9vYmFyYmF6MR4wHAYJKoZIhvcNAQkBFg9pbmZv
+QHdvcmxzcy5jb22CCQDjgUtIpXBhcDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIFYDAJBgcqhkjOPQQBA0kAMEYCIQD+1jA2+0M5UddKAiRetLER44NmAPwk
+Ehp+qAV3yvckLQIhAPtZw+lum/aiRgvYrTP7iS2A1h1oH/fXk/ELemuB9a9i
 -----END CERTIFICATE-----

certs/test/gen-ext-certs.sh

@@ -0,0 +1,69 @@
+#!/bin/sh
+
+TMP="/tmp/`basename $0`"
+
+gen_cert() {
+    openssl req -x509 -keyform DER -key certs/server-key.der \
+                      -outform DER -out $OUT -config $CONFIG \
+        >$TMP 2>&1
+
+    if [ "$?" = "0" -a -f $OUT ]; then
+        echo "Created: $OUT"
+    else
+        cat $TMP
+        echo "Failed:  $OUT"
+    fi
+
+    rm $TMP
+}
+
+OUT=certs/test/cert-ext-nc.der
+KEYFILE=certs/test/cert-ext-nc-key.der
+CONFIG=certs/test/cert-ext-nc.cfg
+tee >$CONFIG <<EOF
+[ req ]
+distinguished_name = req_distinguished_name
+prompt             = no
+x509_extensions    = v3_ca
+
+[ req_distinguished_name ]
+C             = AU
+ST            = Queensland
+L             = Brisbane
+O             = wolfSSL Inc
+OU            = Engineering
+CN            = www.wolfssl.com
+emailAddress  = support@www.wolfsssl.com
+
+[ v3_ca ]
+nameConstraints = critical,permitted;email:.wolfssl.com
+nsComment       = "Testing name constraints"
+
+EOF
+gen_cert
+
+OUT=certs/test/cert-ext-ia.der
+KEYFILE=certs/test/cert-ext-ia-key.der
+CONFIG=certs/test/cert-ext-ia.cfg
+tee >$CONFIG <<EOF
+[ req ]
+distinguished_name = req_distinguished_name
+prompt             = no
+x509_extensions    = v3_ca
+
+[ req_distinguished_name ]
+C             = AU
+ST            = Queensland
+L             = Brisbane
+O             = wolfSSL Inc
+OU            = Engineering
+CN            = www.wolfssl.com
+emailAddress  = support@www.wolfsssl.com
+
+[ v3_ca ]
+inhibitAnyPolicy = critical,1
+nsComment        = "Testing inhibit any"
+
+EOF
+gen_cert
+

certs/test/include.am

@@ -0,0 +1,13 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+	     certs/test/cert-ext-ia.cfg \
+	     certs/test/cert-ext-ia.der \
+	     certs/test/cert-ext-nc.cfg \
+	     certs/test/cert-ext-nc.der \
+	     certs/test/cert-ext-ns.der \
+	     certs/test/gen-ext-certs.sh \
+         certs/test/server-duplicate-policy.pem
+

certs/test/server-duplicate-policy.pem

@@ -0,0 +1,182 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Mar 10 20:37:22 2017 GMT
+            Not After : Dec  5 20:37:22 2019 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=testing duplicate policy, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:9C:86:DC:5C:A7:73:35:83
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Certificate Policies: 
+                Policy: 1.2.3.4
+                Policy: 1.2.3.4
+                  CPS: www.wolfssl.com
+                  User Notice:
+                    Explicit Text: Test of duplicate OIDs with different qualifiers
+
+    Signature Algorithm: sha256WithRSAEncryption
+         82:59:1f:4c:a7:19:9f:e7:ab:cc:51:21:da:ef:4f:73:75:22:
+         6c:db:55:83:c4:35:c7:40:69:49:46:45:56:78:06:03:76:d8:
+         3b:6c:75:aa:2c:a5:c0:61:e8:5c:c0:2b:ed:66:a9:66:c0:b3:
+         37:83:23:c5:2c:b2:45:59:61:84:be:dd:44:72:00:7a:6b:f9:
+         50:89:31:66:a7:84:46:74:0f:bb:5b:05:0d:1f:2d:4d:b4:dc:
+         69:2c:e2:a0:fd:5e:93:14:c7:ce:a2:6e:50:61:8f:73:94:a0:
+         7a:65:e5:9d:76:f0:1b:1c:da:da:72:3e:f9:8c:4d:c0:4a:cb:
+         24:e8:40:51:a1:37:9c:e7:87:1a:0e:cd:a6:7f:54:39:65:5f:
+         63:64:04:60:5e:cc:1d:a6:71:78:1f:44:32:32:f9:27:0d:23:
+         75:95:01:0b:0d:f3:90:ec:e2:7e:df:0f:43:96:e4:32:c3:b4:
+         e2:df:87:12:97:a1:1e:f1:c8:73:fe:5e:ea:55:5c:f7:4b:88:
+         2e:31:6c:52:ff:b3:05:85:f7:fe:e7:ac:f6:74:a8:4f:8e:96:
+         88:5f:73:5a:f1:77:9d:b9:16:a3:53:e2:4a:5b:e2:5e:2b:88:
+         1c:a8:b8:ee:e2:ee:72:cb:b2:51:ab:c2:90:5f:15:df:1c:ff:
+         fd:0d:95:20
+-----BEGIN CERTIFICATE-----
+MIIFJjCCBA6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTcwMzEw
+MjAzNzIyWhcNMTkxMjA1MjAzNzIyWjCBoTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxITAf
+BgNVBAsMGHRlc3RpbmcgZHVwbGljYXRlIHBvbGljeTEYMBYGA1UEAwwPd3d3Lndv
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8
+JDC4lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh
+5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4
+c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPh
+bV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KX
+c+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQAB
+o4IBcjCCAW4wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MIHJBgNVHSME
+gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
+U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAJyG3Fyn
+czWDMAkGA1UdEwQCMAAwdgYDVR0gBG8wbTAFBgMqAwQwZAYDKgMEMF0wGwYIKwYB
+BQUHAgEWD3d3dy53b2xmc3NsLmNvbTA+BggrBgEFBQcCAjAyGjBUZXN0IG9mIGR1
+cGxpY2F0ZSBPSURzIHdpdGggZGlmZmVyZW50IHF1YWxpZmllcnMwDQYJKoZIhvcN
+AQELBQADggEBAIJZH0ynGZ/nq8xRIdrvT3N1ImzbVYPENcdAaUlGRVZ4BgN22Dts
+daospcBh6FzAK+1mqWbAszeDI8UsskVZYYS+3URyAHpr+VCJMWanhEZ0D7tbBQ0f
+LU203Gks4qD9XpMUx86iblBhj3OUoHpl5Z128Bsc2tpyPvmMTcBKyyToQFGhN5zn
+hxoOzaZ/VDllX2NkBGBezB2mcXgfRDIy+ScNI3WVAQsN85Ds4n7fD0OW5DLDtOLf
+hxKXoR7xyHP+XupVXPdLiC4xbFL/swWF9/7nrPZ0qE+Olohfc1rxd525FqNT4kpb
+4l4riByouO7i7nLLslGrwpBfFd8c//0NlSA=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11278944607300433283 (0x9c86dc5ca7733583)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Mar 10 20:37:22 2017 GMT
+            Not After : Dec  5 20:37:22 2019 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:9C:86:DC:5C:A7:73:35:83
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         10:6b:75:29:65:17:7e:78:ae:85:2e:b7:a4:50:98:69:74:f9:
+         50:a1:8e:2c:9f:b0:43:66:a1:e0:42:32:38:15:5f:2e:cc:cc:
+         c4:b9:7c:b5:c2:bc:59:24:49:17:ad:1c:e4:6e:dc:70:e3:93:
+         fc:69:dd:04:7b:41:dd:08:f0:13:ee:2a:cb:6f:cf:af:d4:96:
+         3c:44:50:29:45:60:89:cd:ec:5f:c1:bb:b0:03:61:74:b3:29:
+         ad:df:e9:7c:d9:f2:18:22:45:e7:3d:d4:72:37:2c:b4:18:7d:
+         34:ca:55:00:0d:89:d0:f7:3e:81:4d:da:02:4c:2b:a6:61:4b:
+         bf:b1:ec:73:11:6a:53:a3:0a:0f:20:04:5d:17:67:b1:a6:a2:
+         37:a8:f5:ea:78:6d:00:8b:64:16:62:0a:6f:44:94:15:9e:4d:
+         15:0c:33:f0:ba:9d:e2:be:69:6f:12:9f:69:95:39:ba:97:9e:
+         c3:af:22:ad:f2:f2:3b:67:81:1a:99:d2:02:89:86:6d:8f:92:
+         98:32:dd:c1:fa:2e:38:03:2e:fc:02:a5:e7:b8:dc:94:3b:88:
+         15:4a:09:80:98:61:b4:5e:07:b5:87:57:f4:a0:91:5c:7e:89:
+         f5:89:16:f2:7a:15:52:1b:55:26:7c:59:d2:d0:23:e3:0e:12:
+         b1:99:f9:6b
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIJAJyG3FynczWDMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNzAzMTAyMDM3MjJaFw0xOTEyMDUyMDM3MjJaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
+J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAnIbcXKdzNYMwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEGt1KWUXfniuhS63pFCYaXT5
+UKGOLJ+wQ2ah4EIyOBVfLszMxLl8tcK8WSRJF60c5G7ccOOT/GndBHtB3QjwE+4q
+y2/Pr9SWPERQKUVgic3sX8G7sANhdLMprd/pfNnyGCJF5z3UcjcstBh9NMpVAA2J
+0Pc+gU3aAkwrpmFLv7HscxFqU6MKDyAEXRdnsaaiN6j16nhtAItkFmIKb0SUFZ5N
+FQwz8Lqd4r5pbxKfaZU5upeew68irfLyO2eBGpnSAomGbY+SmDLdwfouOAMu/AKl
+57jclDuIFUoJgJhhtF4HtYdX9KCRXH6J9YkW8noVUhtVJnxZ0tAj4w4SsZn5aw==
+-----END CERTIFICATE-----

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.9.10],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.11.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=8:0:5
+WOLFSSL_LIBRARY_VERSION=12:0:0
 #                       | | |
 #                +------+ | +---+
 #                |        |     |
@@ -67,6 +67,13 @@ AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
 
 m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
 
+# Moved these size of and type checks before the library checks.
+# The library checks add the library to subsequent test compiles
+# and in some rare cases, the networking check causes these sizeof
+# checks to fail.
+AC_CHECK_SIZEOF(long long, 8)
+AC_CHECK_SIZEOF(long, 4)
+AC_CHECK_TYPES(__uint128_t)
 AC_CHECK_FUNCS([gethostbyname])
 AC_CHECK_FUNCS([getaddrinfo])
 AC_CHECK_FUNCS([gettimeofday])
@@ -85,9 +92,6 @@ AC_CHECK_HEADERS([sys/socket.h])
 AC_CHECK_HEADERS([sys/time.h])
 AC_CHECK_HEADERS([errno.h])
 AC_CHECK_LIB(network,socket)
-AC_CHECK_SIZEOF(long long, 8)
-AC_CHECK_SIZEOF(long, 4)
-AC_CHECK_TYPES(__uint128_t)
 AC_C_BIGENDIAN
 # mktime check takes forever on some systems, if time supported it would be
 # highly unusual for mktime to be missing
@@ -144,9 +148,11 @@ then
     enable_pkcallbacks=yes
     enable_aesgcm=yes
     enable_aesccm=yes
+    enable_aesctr=yes
     enable_camellia=yes
     enable_ripemd=yes
     enable_sha512=yes
+    enable_sha224=yes
     enable_sessioncerts=yes
     enable_keygen=yes
     enable_certgen=yes
@@ -185,9 +191,15 @@ then
     enable_certservice=yes
     enable_jni=yes
     enable_lighty=yes
+    enable_haproxy=yes
     enable_stunnel=yes
+    enable_nginx=yes
     enable_pwdbased=yes
+    enable_aeskeywrap=yes
+    enable_x963kdf=yes
+    enable_scrypt=yes
 fi
+AM_CONDITIONAL([BUILD_DISTRO], [test "x$ENABLED_DISTRO" = "xyes"])
 
 
 # SINGLE THREADED
@@ -222,7 +234,7 @@ fi
 
 
 AC_ARG_ENABLE([rng],
-    [AS_HELP_STRING([  --enable-rng       Enable compiling and using RNG (default: enabled)])],
+    [AS_HELP_STRING([--enable-rng            Enable compiling and using RNG (default: enabled)])],
     [ ENABLED_RNG=$enableval ],
     [ ENABLED_RNG=yes ]
     )
@@ -263,6 +275,20 @@ AC_ARG_ENABLE([openssh],
     [ENABLED_OPENSSH=$enableval],
     [ENABLED_OPENSSH=no])
 
+# nginx compatibility build
+AC_ARG_ENABLE([nginx],
+    [  --enable-nginx          Enable nginx (default: disabled)],
+    [ ENABLED_NGINX=$enableval ],
+    [ ENABLED_NGINX=no ]
+    )
+
+# haproxy compatibility build
+AC_ARG_ENABLE([haproxy],
+    [  --enable-haproxy         Enable haproxy (default: disabled)],
+    [ ENABLED_HAPROXY=$enableval ],
+    [ ENABLED_HAPROXY=no ]
+    )
+
 
 # OPENSSL Extra Compatibility
 AC_ARG_ENABLE([opensslextra],
@@ -270,7 +296,7 @@ AC_ARG_ENABLE([opensslextra],
     [ ENABLED_OPENSSLEXTRA=$enableval ],
     [ ENABLED_OPENSSLEXTRA=no ]
     )
-if test "$ENABLED_OPENSSH" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes"
 then
     ENABLED_OPENSSLEXTRA="yes"
 fi
@@ -314,12 +340,28 @@ AC_ARG_ENABLE([ipv6],
 
 if test "$ENABLED_IPV6" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6"
+    AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
 fi
 
 AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
 
 
+# wpa_supplicant support
+AC_ARG_ENABLE([wpas],
+    [  --enable-wpas           Enable wpa_supplicant support (default: disabled)],
+    [ ENABLED_WPAS=$enableval ],
+    [ ENABLED_WPAS=no ]
+    )
+if test "$ENABLED_WPAS" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
+    AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER -DHAVE_EX_DATA -DWOLFSSL_KEEP_PEER_CERT"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
+fi
+
+
 # Fortress build
 AC_ARG_ENABLE([fortress],
     [  --enable-fortress       Enable SSL fortress build (default: disabled)],
@@ -327,14 +369,14 @@ AC_ARG_ENABLE([fortress],
     [ ENABLED_FORTRESS=no ]
     )
 
-if test "$ENABLED_OPENSSH" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
 then
     ENABLED_FORTRESS="yes"
 fi
 
 if test "$ENABLED_FORTRESS" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_DES_ECB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
+    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
 fi
 
 
@@ -449,6 +491,19 @@ then
 fi
 
 
+# Write duplicate WOLFSSL object
+AC_ARG_ENABLE([writedup],
+    [  --enable-writedup       Enable write duplication of WOLFSSL objects (default: disabled)],
+    [ ENABLED_WRITEDUP=$enableval ],
+    [ ENABLED_WRITEDUP=no ]
+    )
+
+if test "$ENABLED_WRITEDUP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP"
+fi
+
+
 # Atomic User Record Layer
 AC_ARG_ENABLE([atomicuser],
     [  --enable-atomicuser     Enable Atomic User Record Layer (default: disabled)],
@@ -474,6 +529,8 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
 fi
 
+AM_CONDITIONAL([BUILD_PKCALLBACKS],   [ test "x$ENABLED_PKCALLBACKS" = "xyes" ])
+
 
 # SNIFFER
 AC_ARG_ENABLE([sniffer],
@@ -555,6 +612,23 @@ fi
 AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
 
 
+# AES-CTR
+AC_ARG_ENABLE([aesctr],
+    [  --enable-aesctr         Enable wolfSSL AES-CTR support (default: disabled)],
+    [ ENABLED_AESCTR=$enableval ],
+    [ ENABLED_AESCTR=no ]
+    )
+
+if test "$ENABLED_AESCTR" = "yes"
+then
+    if test "x$ENABLED_FORTRESS" != "xyes"
+    then
+        # This is already implied by fortress build
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
+    fi
+fi
+
+
 # AES-ARM
 AC_ARG_ENABLE([armasm],
     [AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled)])],
@@ -583,7 +657,7 @@ fi
 
 AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"])
 
-# AES-NI
+# INTEL AES-NI
 AC_ARG_ENABLE([aesni],
     [AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
     [ ENABLED_AESNI=$enableval ],
@@ -597,6 +671,7 @@ AC_ARG_ENABLE([intelasm],
     [ ENABLED_INTELASM=no ]
     )
 
+
 if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
@@ -614,10 +689,22 @@ fi
 
 if test "$ENABLED_INTELASM" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDGEN -DUSE_INTEL_SPEEDUP"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
     ENABLED_AESNI=yes
 fi
 
+# INTEL RDRAND
+AC_ARG_ENABLE([intelrand],
+    [AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
+    [ ENABLED_INTELRDRAND=$enableval ],
+    [ ENABLED_INTELRDRAND=no ]
+    )
+
+if test "$ENABLED_INTELRDRAND" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
+fi
+
 AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
 
 
@@ -754,6 +841,11 @@ AC_ARG_ENABLE([sessioncerts],
     [ ENABLED_SESSIONCERTS=no ]
     )
 
+if test "x$ENABLED_NGINX" = "xyes"
+then
+    ENABLED_SESSIONCERTS=yes
+fi
+
 if test "$ENABLED_SESSIONCERTS" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
@@ -844,6 +936,18 @@ then
 fi
 
 
+# X9.63 KDF
+AC_ARG_ENABLE([x963kdf],
+    [  --enable-x963kdf        Enable X9.63 KDF support (default: disabled)],
+    [ ENABLED_X963KDF=$enableval ],
+    [ ENABLED_X963KDF=no ]
+    )
+if test "$ENABLED_X963KDF" = "yes"
+then
+  AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
+fi
+
+
 # DSA
 AC_ARG_ENABLE([dsa],
     [  --enable-dsa            Enable DSA (default: disabled)],
@@ -851,7 +955,7 @@ AC_ARG_ENABLE([dsa],
     [ ENABLED_DSA=no ]
     )
 
-if test "$ENABLED_OPENSSH" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes"
 then
     ENABLED_DSA="yes"
 fi
@@ -893,7 +997,7 @@ then
     ENABLED_ECC=no
 fi
 
-if test "$ENABLED_OPENSSH" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes"
 then
     ENABLED_ECC="yes"
 fi
@@ -919,6 +1023,12 @@ AC_ARG_ENABLE([ecccustcurves],
 if test "$ENABLED_ECCCUSTCURVES" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
+
+    # For distro build, enable all curve types
+    if test "$ENABLED_DISTRO" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
+    fi
 fi
 
 
@@ -929,6 +1039,10 @@ AC_ARG_ENABLE([compkey],
     [ ENABLED_COMPKEY=no ]
     )
 
+if test "$ENABLED_WPAS" = "yes"
+then
+    ENABLED_COMPKEY=yes
+fi
 if test "$ENABLED_COMPKEY" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
@@ -1196,7 +1310,10 @@ AC_ARG_ENABLE([anon],
     [ ENABLED_ANON=no ]
     )
 
-
+if test "x$ENABLED_WPAS" = "xyes"
+then
+    ENABLED_ANON=yes
+fi
 if test "x$ENABLED_ANON" = "xyes"
 then
     if test "x$ENABLED_DH" != "xyes"
@@ -1279,6 +1396,10 @@ then
     then
         AC_MSG_ERROR([AESCCM requires AES.])
     fi
+    if test "$ENABLED_AESCTR" = "yes"
+    then
+        AC_MSG_ERROR([AESCTR requires AES.])
+    fi
 else
     # turn off AES if leanpsk on
     if test "$ENABLED_LEANPSK" = "yes"
@@ -1361,7 +1482,7 @@ AC_ARG_ENABLE([arc4],
     [ ENABLED_ARC4=no ]
     )
 
-if test "$ENABLED_OPENSSH" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
 then
     ENABLED_ARC4="yes"
 fi
@@ -1432,6 +1553,11 @@ AC_ARG_ENABLE([cmac],
     [ ENABLED_CMAC=no ]
     )
 
+if test "$ENABLED_WPAS" = "yes"
+then
+    ENABLED_CMAC=yes
+fi
+
 AS_IF([test "x$ENABLED_CMAC" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
 
@@ -1520,11 +1646,41 @@ then
         ENABLED_DES3="yes"
     fi
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
+else
+    if test "x$ENABLED_FORTRESS" = "xyes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
+    fi
 fi
 
 AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
 
 
+# set sha224 default
+SHA224_DEFAULT=no
+if test "$host_cpu" = "x86_64"
+then
+    if test "x$ENABLED_FIPS" = "xno"
+    then
+        SHA224_DEFAULT=yes
+    fi
+fi
+
+# SHA224
+AC_ARG_ENABLE([sha224],
+    [AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64)])],
+    [ ENABLED_SHA224=$enableval ],
+    [ ENABLED_SHA224=$SHA224_DEFAULT ]
+    )
+
+if test "$ENABLED_SHA224" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
+fi
+
+AM_CONDITIONAL([BUILD_SHA224], [test "x$ENABLED_SHA224" = "xyes"])
+
+
 # set POLY1305 default
 POLY1305_DEFAULT=yes
 
@@ -1594,11 +1750,13 @@ if test "x$ENABLED_HASHDRBG" = "xyes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
 else
-    # turn on Hash DRBG if FIPS is on or ARC4 is off
-    if test "x$ENABLED_FIPS" = "xyes" || test "x$ENABLED_ARC4" = "xno"
+    # turn on Hash DRBG if FIPS is on
+    if test "x$ENABLED_FIPS" = "xyes"
     then
         AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
         ENABLED_HASHDRBG=yes
+    else
+        AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
     fi
 fi
 
@@ -1645,6 +1803,11 @@ AC_ARG_ENABLE([ocsp],
     [ ENABLED_OCSP=no ],
     )
 
+if test "x$ENABLED_NGINX" = "xyes"
+then
+    ENABLED_OCSP=yes
+fi
+
 if test "$ENABLED_OCSP" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
@@ -1674,6 +1837,12 @@ AC_ARG_ENABLE([ocspstapling],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
     )
 
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
+then
+    echo "ELLO"
+    ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
+fi
+
 if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
@@ -1696,6 +1865,11 @@ AC_ARG_ENABLE([ocspstapling2],
     [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
     )
 
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
+then
+    ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
+fi
+
 if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
@@ -1718,6 +1892,12 @@ AC_ARG_ENABLE([crl],
     [ ENABLED_CRL=no ],
     )
 
+
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
+then
+    ENABLED_CRL=yes
+fi
+
 if test "$ENABLED_CRL" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
@@ -1738,7 +1918,12 @@ then
     *linux* | *darwin* | *freebsd*)
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;;
     *)
-        AC_MSG_ERROR([crl monitor only allowed on linux, OS X, or freebsd]) ;;
+        if test "x$ENABLED_DISTRO" = "xyes" ; then
+            ENABLED_CRL_MONITOR="no"
+        else
+            AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
+        fi
+        break;;
     esac
 fi
 
@@ -1909,7 +2094,7 @@ AC_ARG_ENABLE([maxfragment],
 
 # ALPN
 AC_ARG_ENABLE([alpn],
-    [  --enable-alpn            Enable ALPN (default: disabled)],
+    [  --enable-alpn           Enable ALPN (default: disabled)],
     [ ENABLED_ALPN=$enableval ],
     [ ENABLED_ALPN=no ]
     )
@@ -1985,6 +2170,11 @@ AC_ARG_ENABLE([session-ticket],
     [ ENABLED_SESSION_TICKET=no ]
     )
 
+if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
+then
+    ENABLED_SESSION_TICKET=yes
+fi
+
 if test "x$ENABLED_SESSION_TICKET" = "xyes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
@@ -2009,6 +2199,11 @@ AC_ARG_ENABLE([tlsx],
     [ ENABLED_TLSX=no ]
     )
 
+if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
+then
+    ENABLED_TLSX=yes
+fi
+
 if test "x$ENABLED_TLSX" = "xyes"
 then
     ENABLED_SNI=yes
@@ -2140,7 +2335,7 @@ then
         ENABLED_ECC="yes"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
         AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-        
+
         if test "$ENABLED_ECC_SHAMIR" = "yes"
         then
             AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
@@ -2188,7 +2383,7 @@ then
         AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
         AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
     fi
-    if test "x$ENABLED_CRL_MONITOR" = "xno"
+    if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
     then
         ENABLED_CRL_MONITOR="yes"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
@@ -2213,7 +2408,7 @@ then
         ENABLED_ECC="yes"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
         AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-        
+
         if test "$ENABLED_ECC_SHAMIR" = "yes"
         then
             AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
@@ -2235,7 +2430,6 @@ then
     fi
 fi
 
-
 # lighty Support
 AC_ARG_ENABLE([lighty],
     [  --enable-lighty         Enable lighttpd/lighty (default: disabled)],
@@ -2253,12 +2447,41 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
 fi
 
+if test "$ENABLED_NGINX" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX"
+fi
+
+if test "$ENABLED_HAPROXY" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
+    # Requires opensslextra make sure on
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
+    fi
+fi
+
+if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
+    AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
+fi
+
+
 # stunnel Support
 AC_ARG_ENABLE([stunnel],
     [  --enable-stunnel        Enable stunnel (default: disabled)],
     [ ENABLED_STUNNEL=$enableval ],
     [ ENABLED_STUNNEL=no ]
     )
+if test "$ENABLED_WPAS" = "yes"
+then
+    ENABLED_STUNNEL="yes"
+fi
 if test "$ENABLED_STUNNEL" = "yes"
 then
     # Requires opensslextra make sure on
@@ -2317,7 +2540,7 @@ then
         ENABLED_ECC="yes"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
         AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-        
+
         if test "$ENABLED_ECC_SHAMIR" = "yes"
         then
             AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
@@ -2325,7 +2548,7 @@ then
     fi
 
     AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
 fi
 
 if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
@@ -2384,6 +2607,24 @@ fi
 AM_CONDITIONAL([BUILD_PWDBASED], [test "x$ENABLED_PWDBASED" = "xyes"])
 
 
+AC_ARG_ENABLE([scrypt],
+    [  --enable-scrypt         Enable SCRYPT (default: disabled)],
+    [ ENABLED_SCRYPT=$enableval ],
+    [ ENABLED_SCRYPT=no ]
+    )
+
+if test "$ENABLED_SCRYPT" = "yes"
+then
+    if test "$ENABLED_PWDBASED" = "no"
+    then
+        AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.])
+    fi
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT"
+fi
+
+AM_CONDITIONAL([BUILD_SCRYPT], [test "x$ENABLED_SCRYPT" = "xyes"])
+
+
 # wolfCrypt Only Build
 AC_ARG_ENABLE([cryptonly],
     [AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
@@ -2542,6 +2783,7 @@ AC_ARG_WITH([cavium],
     [
         AC_MSG_CHECKING([for cavium])
         CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
+        LIB_ADD="-lrt $LIB_ADD"
 
         if test "x$withval" == "xyes" ; then
             AC_MSG_ERROR([need a PATH for --with-cavium])
@@ -2558,6 +2800,8 @@ AC_ARG_WITH([cavium],
         if test "x$cavium_linked" == "xno" ; then
             AC_MSG_ERROR([cavium isn't found.
             If it's already installed, specify its path using --with-cavium=/dir/])
+        else
+            AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM"
         fi
         AC_MSG_RESULT([yes])
         enable_shared=no
@@ -2574,6 +2818,7 @@ AC_ARG_WITH([cavium-v],
     [
         AC_MSG_CHECKING([for cavium])
         CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
+        LIB_ADD="-lrt $LIB_ADD"
 
         if test "x$withval" == "xyes" ; then
             AC_MSG_ERROR([need a PATH for --with-cavium])
@@ -2582,7 +2827,7 @@ AC_ARG_WITH([cavium-v],
             trycaviumdir=$withval
         fi
 
-        LDFLAGS="$AM_LDFLAGS $trycaviumdir/utils/sample_tests/cavium_common.o $trycaviumdir/utils/sample_tests/cavium_sym_crypto.o $trycaviumdir/utils/sample_tests/cavium_asym_crypto.o"
+        LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/obj/cavium_common.o $trycaviumdir/api/obj/cavium_sym_crypto.o $trycaviumdir/api/obj/cavium_asym_crypto.o"
         CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
 
         #AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
@@ -2590,6 +2835,8 @@ AC_ARG_WITH([cavium-v],
         if test "x$cavium_linked" == "xno" ; then
             AC_MSG_ERROR([cavium isn't found.
             If it's already installed, specify its path using --with-cavium-v=/dir/])
+        else
+            AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
         fi
         AC_MSG_RESULT([yes])
 
@@ -2607,6 +2854,46 @@ AC_ARG_WITH([cavium-v],
 AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
 
 
+# Intel Quick Assist
+tryqatdir=""
+AC_ARG_WITH([intelqa],
+    [  --with-intelqa=PATH     PATH to Intel QuickAssit (QAT) driver dir ],
+    [
+        AC_MSG_CHECKING([for intelqa])
+        CPPFLAGS="$CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"
+
+        if test "x$withval" == "xyes" ; then
+            AC_MSG_ERROR([need a PATH for --with-intelqa])
+        fi
+        if test "x$withval" != "xno" ; then
+            tryqatdir=$withval
+        fi
+
+        CPPFLAGS="$CPPFLAGS -I$tryqatdir/quickassist/include -I$tryqatdir/quickassist/include/lac -I$tryqatdir/quickassist/utilities/osal/include -I$tryqatdir/quickassist/utilities/osal/src/linux/user_space/include -I$tryqatdir/quickassist/lookaside/access_layer/include -I$tryqatdir/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel"
+        LDFLAGS="$LDFLAGS -L$tryqatdir/build -Wl,-Map=output.map"
+        LIBS="$LIBS -licp_qa_al_s"
+        LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"
+
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]], [[ Cpa16U count = 0; cpaCyGetNumInstances(&count); ]])],[ intelqa_linked=yes ],[ intelqa_linked=no ])
+
+        if test "x$intelqa_linked" == "xno" ; then
+            AC_MSG_ERROR([Intel QuickAssist not found.
+            If it's already installed, specify its path using --with-intelqa=/dir/])
+        else
+            AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"
+        fi
+        AC_MSG_RESULT([yes])
+
+        ENABLED_INTEL_QA=yes
+    ],
+    [
+        ENABLED_INTEL_QA=no
+    ]
+)
+
+AM_CONDITIONAL([BUILD_INTEL_QA], [test "x$ENABLED_INTEL_QA" = "xyes"])
+
+
 # Fast RSA using Intel IPP
 ippdir="${srcdir}/IPP"
 ipplib="lib" # if autoconf guesses 32bit system changes lib directory
@@ -2783,7 +3070,12 @@ AC_ARG_ENABLE([mcapi],
 
 if test "$ENABLED_MCAPI" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
+    if test "x$ENABLED_AESCTR" != "xyes"
+    then
+        # These flags are already implied by --enable-aesctr
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
+    fi
 fi
 
 if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
@@ -2806,18 +3098,19 @@ AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
 
 # Asynchronous Crypto
 AC_ARG_ENABLE([asynccrypt],
-    [  --enable-asynccrypt    Enable Asynchronous Crypto (default: disabled)],
+    [  --enable-asynccrypt     Enable Asynchronous Crypto (default: disabled)],
     [ ENABLED_ASYNCCRYPT=$enableval ],
     [ ENABLED_ASYNCCRYPT=no ]
     )
 
 if test "$ENABLED_ASYNCCRYPT" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT"
-    
-    # if Cavium not enabled the use async simulator for testing
-    if test "x$ENABLED_CAVIUM" = "xno"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT"
+
+    # if no async hardware then use simulator for testing
+    if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno"
     then
+        # Async threading is Linux specific
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST"
     fi
 fi
@@ -2826,6 +3119,35 @@ AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
 
 AM_CONDITIONAL([BUILD_WOLFEVENT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
 
+# check for async if using Intel QuckAssist or Cavium
+if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then
+    if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then
+        AC_MSG_ERROR([Please enable enable asynchronous support using --enable-asynccrypt])
+    fi
+fi
+
+
+# Asynchronous threading
+AC_ARG_ENABLE([asyncthreads],
+    [  --enable-asyncthreads   Enable Asynchronous Threading (default: enabled)],
+    [ ENABLED_ASYNCTHREADS=$enableval ],
+    [ ENABLED_ASYNCTHREADS=yes ]
+    )
+
+if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes"
+then
+    AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no])
+else
+    ENABLED_ASYNCTHREADS=no
+fi
+
+if test "$ENABLED_ASYNCTHREADS" = "yes"
+then
+    LIB_ADD="-lpthread $LIB_ADD"
+    AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE"
+else
+    AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING"
+fi
 
 
 # Session Export
@@ -2845,6 +3167,24 @@ then
 fi
 
 
+# AES key wrap
+AC_ARG_ENABLE([aeskeywrap],
+    [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
+    [ ENABLED_AESKEYWRAP=$enableval ],
+    [ ENABLED_AESKEYWRAP=no ]
+    )
+
+if test "$ENABLED_WPAS" = "yes" && test "$ENABLED_FIPS" = "no"
+then
+    ENABLED_AESKEYWRAP="yes"
+fi
+
+if test "$ENABLED_AESKEYWRAP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
+fi
+
+
 # check if PSK was enabled for conditionally running psk.test script
 AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
 
@@ -2955,6 +3295,16 @@ if test "x$ENABLED_PKCS7" = "xyes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
     # Enable prereqs if not already enabled
+    if test "x$ENABLED_AESKEYWRAP" = "xno"
+    then
+        ENABLED_AESKEYWRAP="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
+    fi
+    if test "x$ENABLED_X963KDF" = "xno"
+    then
+        ENABLED_X963KDF="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
+    fi
     AS_IF([test "x$ENABLED_DES3" = "xno"],
           [ENABLED_DES3=yes])
 fi
@@ -2998,7 +3348,8 @@ AS_IF([test "x$ENABLED_DTLS" = "xno" && \
 ################################################################################
 
 # OPTIMIZE FLAGS
-if test "$GCC" = "yes"
+# For distro disable custom build options that interfere with symbol generation
+if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
     if test "$ax_enable_debug" = "no"
@@ -3047,7 +3398,11 @@ case $host_os in
 esac
 
 # add user C_EXTRA_FLAGS back
-CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
+# For distro disable custom build options that interfere with symbol generation
+if test "$ENABLED_DISTRO" = "no"
+then
+    CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
+fi
 OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $AM_CFLAGS"
 
 CREATE_HEX_VERSION
@@ -3156,7 +3511,7 @@ echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
 echo "" >> $OPTION_FILE
 echo
 
-#backwards compatability for those who have included options or version
+#backwards compatibility for those who have included options or version
 touch cyassl/options.h
 echo "/* cyassl options.h" > cyassl/options.h
 echo " * generated from wolfssl/options.h" >> cyassl/options.h
@@ -3213,6 +3568,7 @@ echo "   * AES:                        $ENABLED_AES"
 echo "   * AES-NI:                     $ENABLED_AESNI"
 echo "   * AES-GCM:                    $ENABLED_AESGCM"
 echo "   * AES-CCM:                    $ENABLED_AESCCM"
+echo "   * AES-CTR:                    $ENABLED_AESCTR"
 echo "   * DES3:                       $ENABLED_DES3"
 echo "   * IDEA:                       $ENABLED_IDEA"
 echo "   * Camellia:                   $ENABLED_CAMELLIA"
@@ -3220,6 +3576,7 @@ echo "   * NULL Cipher:                $ENABLED_NULL_CIPHER"
 echo "   * MD5:                        $ENABLED_MD5"
 echo "   * RIPEMD:                     $ENABLED_RIPEMD"
 echo "   * SHA:                        $ENABLED_SHA"
+echo "   * SHA-224:                    $ENABLED_SHA224"
 echo "   * SHA-512:                    $ENABLED_SHA512"
 echo "   * BLAKE2:                     $ENABLED_BLAKE2"
 echo "   * CMAC:                       $ENABLED_CMAC"
@@ -3232,8 +3589,10 @@ echo "   * RABBIT:                     $ENABLED_RABBIT"
 echo "   * CHACHA:                     $ENABLED_CHACHA"
 echo "   * Hash DRBG:                  $ENABLED_HASHDRBG"
 echo "   * PWDBASED:                   $ENABLED_PWDBASED"
+echo "   * scrypt:                     $ENABLED_SCRYPT"
 echo "   * wolfCrypt Only:             $ENABLED_CRYPTONLY"
 echo "   * HKDF:                       $ENABLED_HKDF"
+echo "   * X9.63 KDF:                  $ENABLED_X963KDF"
 echo "   * MD4:                        $ENABLED_MD4"
 echo "   * PSK:                        $ENABLED_PSK"
 echo "   * Poly1305:                   $ENABLED_POLY1305"
@@ -3253,7 +3612,9 @@ echo "   * CODING:                     $ENABLED_CODING"
 echo "   * MEMORY:                     $ENABLED_MEMORY"
 echo "   * I/O POOL:                   $ENABLED_IOPOOL"
 echo "   * LIGHTY:                     $ENABLED_LIGHTY"
+echo "   * HAPROXY:                    $ENABLED_HAPROXY"
 echo "   * STUNNEL:                    $ENABLED_STUNNEL"
+echo "   * NGINX:                      $ENABLED_NGINX"
 echo "   * ERROR_STRINGS:              $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                       $ENABLED_DTLS"
 echo "   * SCTP:                       $ENABLED_SCTP"
@@ -3292,6 +3653,9 @@ echo "   * Fast RSA:                   $ENABLED_FAST_RSA"
 echo "   * Async Crypto:               $ENABLED_ASYNCCRYPT"
 echo "   * Cavium:                     $ENABLED_CAVIUM"
 echo "   * ARM ASM:                    $ENABLED_ARMASM"
+echo "   * AES Key Wrap:               $ENABLED_AESKEYWRAP"
+echo "   * Write duplicate:            $ENABLED_WRITEDUP"
+echo "   * Intel Quick Assist:         $ENABLED_INTEL_QA"
 echo ""
 echo "---"
 

cyassl/ctaocrypt/settings.h

@@ -246,7 +246,7 @@
 
 /* Micrium will use Visual Studio for compilation but not the Win32 API */
 #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) \
-        && !defined(EBSNET) && !defined(CYASSL_EROAD)
+        && !defined(EBSNET) && !defined(CYASSL_EROAD) && !defined(INTIME_RTOS)
     #define USE_WINDOWS_API
 #endif
 

cyassl/ctaocrypt/sha256.h

@@ -35,6 +35,13 @@
 #define Sha256Final  wc_Sha256Final
 #define Sha256Hash   wc_Sha256Hash
 
+#ifdef WOLFSSL_SHA224
+    #define InitSha224   wc_InitSha224
+    #define Sha224Update wc_Sha224Update
+    #define Sha224Final  wc_Sha224Final
+    #define Sha224Hash   wc_Sha224Hash
+#endif
+
 #endif /* CTAO_CRYPT_SHA256_H */
 #endif /* NO_SHA256 */
 

cyassl/include.am

@@ -16,10 +16,16 @@ nobase_include_HEADERS+= \
                          cyassl/certs_test.h \
                          cyassl/test.h \
                          cyassl/version.h \
-                         cyassl/options.h \
                          cyassl/ocsp.h \
                          cyassl/crl.h
 
 noinst_HEADERS+= \
                          cyassl/internal.h
 
+# For distro build don't install options.h.
+# It depends on the architecture and conflicts with Multi-Arch.
+if BUILD_DISTRO
+noinst_HEADERS+=         cyassl/options.h
+else
+nobase_include_HEADERS+= cyassl/options.h
+endif

cyassl/openssl/include.am

@@ -32,6 +32,7 @@ nobase_include_HEADERS+= \
                          cyassl/openssl/rand.h \
                          cyassl/openssl/rsa.h \
                          cyassl/openssl/sha.h \
+                         cyassl/openssl/ssl23.h \
                          cyassl/openssl/ssl.h \
                          cyassl/openssl/stack.h \
                          cyassl/openssl/ui.h \

cyassl/openssl/ssl23.h

@@ -0,0 +1,3 @@
+/* ssl23.h for openssl */
+
+#include <wolfssl/openssl/sssl23.h>

examples/echoclient/echoclient.c

@@ -23,7 +23,7 @@
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
- 
+
 #include <cyassl/ctaocrypt/settings.h>
 
 /* let's use cyassl layer AND cyassl openssl layer */
@@ -35,7 +35,7 @@
         #include <string.h>
 
         #if !defined(WOLFSSL_MDK_ARM)
-            #include "cmsis_os.h" 
+            #include "cmsis_os.h"
             #include "rl_net.h"
         #else
             #include "rtl.h"
@@ -81,16 +81,17 @@ void echoclient_test(void* args)
     int argc    = 0;
     char** argv = 0;
     word16 port = yasslPort;
+    char buffer[CYASSL_MAX_ERROR_SZ];
 
     ((func_args*)args)->return_code = -1; /* error state */
-    
+
 #ifndef WOLFSSL_MDK_SHELL
     argc = ((func_args*)args)->argc;
     argv = ((func_args*)args)->argv;
 #endif
 
     if (argc >= 2) {
-        fin  = fopen(argv[1], "r"); 
+        fin  = fopen(argv[1], "r");
         inCreated = 1;
     }
     if (argc >= 3) {
@@ -105,7 +106,7 @@ void echoclient_test(void* args)
     doDTLS  = 1;
 #endif
 
-#ifdef CYASSL_LEANPSK 
+#ifdef CYASSL_LEANPSK
     doPSK = 1;
 #endif
 
@@ -130,16 +131,16 @@ void echoclient_test(void* args)
 
 #ifndef NO_FILESYSTEM
     #ifndef NO_RSA
-    if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
+    if (SSL_CTX_load_verify_locations(ctx, caCertFile, 0) != SSL_SUCCESS)
         err_sys("can't load ca file, Please run from wolfSSL home dir");
     #endif
     #ifdef HAVE_ECC
-        if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
+        if (SSL_CTX_load_verify_locations(ctx, eccCertFile, 0) != SSL_SUCCESS)
             err_sys("can't load ca file, Please run from wolfSSL home dir");
     #endif
 #elif !defined(NO_CERTS)
     if (!doPSK)
-        load_buffer(ctx, caCert, WOLFSSL_CA);
+        load_buffer(ctx, caCertFile, WOLFSSL_CA);
 #endif
 
 #if defined(CYASSL_SNIFFER)
@@ -173,15 +174,15 @@ void echoclient_test(void* args)
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfAsync_DevOpen(&devId);
-    if (ret != 0) {
-        err_sys("Async device open failed");
+    if (ret < 0) {
+        printf("Async device open failed\nRunning without async\n");
     }
     wolfSSL_CTX_UseAsync(ctx, devId);
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     ssl = SSL_new(ctx);
     tcp_connect(&sockfd, yasslIP, port, doDTLS, 0, ssl);
-        
+
     SSL_set_fd(ssl, sockfd);
 #if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)
     /* let echoserver bind first, TODO: add Windows signal like pthreads does */
@@ -189,31 +190,46 @@ void echoclient_test(void* args)
 #endif
 
     do {
-#ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_PENDING_E) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-#endif
         err = 0; /* Reset error */
         ret = SSL_connect(ssl);
         if (ret != SSL_SUCCESS) {
             err = SSL_get_error(ssl, 0);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            if (err == WC_PENDING_E) {
+                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                if (ret < 0) break;
+            }
+        #endif
         }
-    } while (ret != SSL_SUCCESS && err == WC_PENDING_E);
-
+    } while (err == WC_PENDING_E);
     if (ret != SSL_SUCCESS) {
-        char buffer[CYASSL_MAX_ERROR_SZ];
-        printf("err = %d, %s\n", err, ERR_error_string(err, buffer));
+        printf("SSL_connect error %d, %s\n", err,
+            ERR_error_string(err, buffer));
         err_sys("SSL_connect failed");
     }
 
     while (fgets(msg, sizeof(msg), fin) != 0) {
-     
+
         sendSz = (int)XSTRLEN(msg);
 
-        if (SSL_write(ssl, msg, sendSz) != sendSz)
+        do {
+            err = 0; /* reset error */
+            ret = SSL_write(ssl, msg, sendSz);
+            if (ret <= 0) {
+                err = SSL_get_error(ssl, 0);
+            #ifdef WOLFSSL_ASYNC_CRYPT
+                if (err == WC_PENDING_E) {
+                    ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                    if (ret < 0) break;
+                }
+            #endif
+            }
+        } while (err == WC_PENDING_E);
+        if (ret != sendSz) {
+            printf("SSL_write msg error %d, %s\n", err,
+                ERR_error_string(err, buffer));
             err_sys("SSL_write failed");
+        }
 
         if (strncmp(msg, "quit", 4) == 0) {
             fputs("sending server shutdown command: quit!\n", fout);
@@ -225,29 +241,39 @@ void echoclient_test(void* args)
             break;
         }
 
-        #ifndef WOLFSSL_MDK_SHELL
-        while (sendSz) {
-            int got;
-            if ( (got = SSL_read(ssl, reply, sizeof(reply)-1)) > 0) {
-                reply[got] = 0;
-                fputs(reply, fout);
-                fflush(fout) ;
-                sendSz -= got;
-            }
-            else
-                break;
-        }
-        #else
+    #ifndef WOLFSSL_MDK_SHELL
+        while (sendSz)
+    #endif
         {
-            int got;
-            if ( (got = SSL_read(ssl, reply, sizeof(reply)-1)) > 0) {
-                reply[got] = 0;
+            do {
+                err = 0; /* reset error */
+                ret = SSL_read(ssl, reply, sizeof(reply)-1);
+                if (ret <= 0) {
+                    err = SSL_get_error(ssl, 0);
+                #ifdef WOLFSSL_ASYNC_CRYPT
+                    if (err == WC_PENDING_E) {
+                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                        if (ret < 0) break;
+                    }
+                #endif
+                }
+            } while (err == WC_PENDING_E);
+            if (ret > 0) {
+                reply[ret] = 0;
                 fputs(reply, fout);
                 fflush(fout) ;
-                sendSz -= got;
+                sendSz -= ret;
+            }
+            else {
+                printf("SSL_read msg error %d, %s\n", err,
+                    ERR_error_string(err, buffer));
+                err_sys("SSL_read failed");
+
+            #ifndef WOLFSSL_MDK_SHELL
+                break;
+            #endif
             }
         }
-        #endif
     }
 
 
@@ -255,7 +281,19 @@ void echoclient_test(void* args)
     strncpy(msg, "break", 6);
     sendSz = (int)strlen(msg);
     /* try to tell server done */
-    SSL_write(ssl, msg, sendSz);
+    do {
+        err = 0; /* reset error */
+        ret = SSL_write(ssl, msg, sendSz);
+        if (ret <= 0) {
+            err = SSL_get_error(ssl, 0);
+        #ifdef WOLFSSL_ASYNC_CRYPT
+            if (err == WC_PENDING_E) {
+                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                if (ret < 0) break;
+            }
+        #endif
+        }
+    } while (err == WC_PENDING_E);
 #else
     SSL_shutdown(ssl);
 #endif
@@ -272,7 +310,7 @@ void echoclient_test(void* args)
     if (outCreated) fclose(fout);
 
     CloseSocket(sockfd);
-    ((func_args*)args)->return_code = 0; 
+    ((func_args*)args)->return_code = 0;
 }
 
 
@@ -311,7 +349,7 @@ void echoclient_test(void* args)
 
         return args.return_code;
     }
-        
+
 #endif /* NO_MAIN_DRIVER */
 
 

examples/echoserver/echoserver.c

@@ -36,8 +36,8 @@
 
         #if !defined(WOLFSSL_MDK_ARM)
             #include "cmsis_os.h"
-            #include "rl_fs.h" 
-            #include "rl_net.h" 
+            #include "rl_fs.h"
+            #include "rl_net.h"
         #else
             #include "rtl.h"
             #include "wolfssl_MDK_ARM.h"
@@ -91,6 +91,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     word16 port;
     int    argc = ((func_args*)args)->argc;
     char** argv = ((func_args*)args)->argv;
+    char   buffer[CYASSL_MAX_ERROR_SZ];
 
 #ifdef ECHO_OUT
     FILE* fout = stdout;
@@ -165,23 +166,23 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     if (doPSK == 0) {
     #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
         /* ntru */
-        if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
+        if (CyaSSL_CTX_use_certificate_file(ctx, ntruCertFile, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
             err_sys("can't load ntru cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
+        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKeyFile)
                 != SSL_SUCCESS)
             err_sys("can't load ntru key file, "
                     "Please run from wolfSSL home dir");
     #elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
         /* ecc */
-        if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
+        if (CyaSSL_CTX_use_certificate_file(ctx, eccCertFile, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
             err_sys("can't load server cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM)
+        if (CyaSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
@@ -189,12 +190,12 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
         /* do nothing, just don't load cert files */
     #else
         /* normal */
-        if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
+        if (CyaSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
             err_sys("can't load server cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
+        if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
@@ -202,8 +203,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     } /* doPSK */
 #elif !defined(NO_CERTS)
     if (!doPSK) {
-        load_buffer(ctx, svrCert, WOLFSSL_CERT);
-        load_buffer(ctx, svrKey,  WOLFSSL_KEY);
+        load_buffer(ctx, svrCertFile, WOLFSSL_CERT);
+        load_buffer(ctx, svrKeyFile,  WOLFSSL_KEY);
     }
 #endif
 
@@ -232,8 +233,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfAsync_DevOpen(&devId);
-    if (ret != 0) {
-        err_sys("Async device open failed");
+    if (ret < 0) {
+        printf("Async device open failed\nRunning without async\n");
     }
     wolfSSL_CTX_UseAsync(ctx, devId);
 #endif /* WOLFSSL_ASYNC_CRYPT */
@@ -241,7 +242,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     SignalReady(args, port);
 
     while (!shutDown) {
-        CYASSL* ssl = 0;
+        CYASSL* ssl = NULL;
+        CYASSL* write_ssl = NULL;   /* may have separate w/ HAVE_WRITE_DUP */
         char    command[SVR_COMMAND_SIZE+1];
         int     echoSz = 0;
         int     clientfd;
@@ -276,29 +278,27 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
             wolfSSL_dtls_set_peer(ssl, &client, client_len);
         #endif
         #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
-            CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
+            CyaSSL_SetTmpDH_file(ssl, dhParamFile, SSL_FILETYPE_PEM);
         #elif !defined(NO_DH)
             SetDH(ssl);  /* will repick suites with DHE, higher than PSK */
         #endif
 
         do {
-#ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) { break; } else if (ret == 0) { continue; }
-            }
-#endif
             err = 0; /* Reset error */
             ret = CyaSSL_accept(ssl);
             if (ret != SSL_SUCCESS) {
                 err = CyaSSL_get_error(ssl, 0);
+            #ifdef WOLFSSL_ASYNC_CRYPT
+                if (err == WC_PENDING_E) {
+                    ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                    if (ret < 0) break;
+                }
+            #endif
             }
-        } while (ret != SSL_SUCCESS && err == WC_PENDING_E);
-
+        } while (err == WC_PENDING_E);
         if (ret != SSL_SUCCESS) {
-            char buffer[CYASSL_MAX_ERROR_SZ];
-            err = CyaSSL_get_error(ssl, 0);
-            printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
+            printf("SSL_accept error = %d, %s\n", err,
+                CyaSSL_ERR_error_string(err, buffer));
             printf("SSL_accept failed\n");
             CyaSSL_free(ssl);
             CloseSocket(clientfd);
@@ -308,7 +308,41 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
         showPeer(ssl);
 #endif
 
-        while ( (echoSz = CyaSSL_read(ssl, command, sizeof(command)-1)) > 0) {
+#ifdef HAVE_WRITE_DUP
+        write_ssl = wolfSSL_write_dup(ssl);
+        if (write_ssl == NULL) {
+            printf("wolfSSL_write_dup failed\n");
+            CyaSSL_free(ssl);
+            CloseSocket(clientfd);
+            continue;
+        }
+#else
+        write_ssl = ssl;
+#endif
+
+        while (1) {
+            do {
+                err = 0; /* reset error */
+                ret = CyaSSL_read(ssl, command, sizeof(command)-1);
+                if (ret <= 0) {
+                    err = CyaSSL_get_error(ssl, 0);
+                #ifdef WOLFSSL_ASYNC_CRYPT
+                    if (err == WC_PENDING_E) {
+                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                        if (ret < 0) break;
+                    }
+                #endif
+                }
+            } while (err == WC_PENDING_E);
+            if (ret <= 0) {
+                if (err != SSL_ERROR_WANT_READ) {
+                    printf("SSL_read echo error %d, %s!\n", err,
+                        CyaSSL_ERR_error_string(err, buffer));
+                }
+                break;
+            }
+
+            echoSz = ret;
 
             if (firstRead == 1) {
                 firstRead = 0;  /* browser may send 1 byte 'G' to start */
@@ -321,7 +355,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                 strncpy(command, "GET", 4);
                 /* fall through to normal GET */
             }
-           
+
             if ( strncmp(command, "quit", 4) == 0) {
                 printf("client sent quit command: shutting down!\n");
                 shutDown = 1;
@@ -343,7 +377,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                 char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n";
                 char body[]   = "greetings from wolfSSL\n";
                 char footer[] = "</body></html>\r\n\r\n";
-            
+
                 strncpy(command, type, sizeof(type));
                 echoSz = sizeof(type) - 1;
 
@@ -354,21 +388,57 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                 strncpy(&command[echoSz], footer, sizeof(footer));
                 echoSz += (int)sizeof(footer);
 
-                if (CyaSSL_write(ssl, command, echoSz) != echoSz)
-                    err_sys("SSL_write failed");
+                do {
+                    err = 0; /* reset error */
+                    ret = CyaSSL_write(write_ssl, command, echoSz);
+                    if (ret <= 0) {
+                        err = CyaSSL_get_error(ssl, 0);
+                    #ifdef WOLFSSL_ASYNC_CRYPT
+                        if (err == WC_PENDING_E) {
+                            ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
+                            if (ret < 0) break;
+                        }
+                    #endif
+                    }
+                } while (err == WC_PENDING_E);
+                if (ret != echoSz) {
+                    printf("SSL_write get error = %d, %s\n", err,
+                        CyaSSL_ERR_error_string(err, buffer));
+                    err_sys("SSL_write get failed");
+                }
                 break;
             }
             command[echoSz] = 0;
 
-            #ifdef ECHO_OUT
-                fputs(command, fout);
-            #endif
+        #ifdef ECHO_OUT
+            fputs(command, fout);
+        #endif
 
-            if (CyaSSL_write(ssl, command, echoSz) != echoSz)
-                err_sys("SSL_write failed");
+            do {
+                err = 0; /* reset error */
+                ret = CyaSSL_write(write_ssl, command, echoSz);
+                if (ret <= 0) {
+                    err = CyaSSL_get_error(write_ssl, 0);
+                #ifdef WOLFSSL_ASYNC_CRYPT
+                    if (err == WC_PENDING_E) {
+                        ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
+                        if (ret < 0) break;
+                    }
+                #endif
+                }
+            } while (err == WC_PENDING_E);
+
+            if (ret != echoSz) {
+                printf("SSL_write echo error = %d, %s\n", err,
+                        CyaSSL_ERR_error_string(err, buffer));
+                err_sys("SSL_write echo failed");
+            }
         }
 #ifndef CYASSL_DTLS
         CyaSSL_shutdown(ssl);
+#endif
+#ifdef HAVE_WRITE_DUP
+        CyaSSL_free(write_ssl);
 #endif
         CyaSSL_free(ssl);
         CloseSocket(clientfd);
@@ -445,7 +515,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
         return args.return_code;
     }
 
-        
+
 #endif /* NO_MAIN_DRIVER */
 
 

examples/server/server.c

@@ -30,11 +30,6 @@
     #include <cyassl/ctaocrypt/ecc.h>   /* ecc_fp_free */
 #endif
 
-#if !defined(WOLFSSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
-    /* in case memory tracker wants stats */
-    #define WOLFSSL_TRACK_MEMORY
-#endif
-
 #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
         #include <stdio.h>
         #include <string.h>
@@ -74,7 +69,19 @@
     int myHsDoneCb(WOLFSSL* ssl, void* user_ctx);
 #endif
 
-
+static const char webServerMsg[] =
+    "HTTP/1.1 200 OK\n"
+    "Content-Type: text/html\n"
+    "Connection: close\n"
+    "\n"
+    "<html>\n"
+    "<head>\n"
+    "<title>Welcome to wolfSSL!</title>\n"
+    "</head>\n"
+    "<body>\n"
+    "<p>wolfSSL has successfully performed handshake!</p>\n"
+    "</body>\n"
+    "</html>\n";
 
 static int NonBlockingSSL_Accept(SSL* ssl)
 {
@@ -85,25 +92,35 @@ static int NonBlockingSSL_Accept(SSL* ssl)
 #endif
     int error = SSL_get_error(ssl, 0);
     SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl);
-    int select_ret;
+    int select_ret = 0;
 
     while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
-                                  error == SSL_ERROR_WANT_WRITE)) {
+                                  error == SSL_ERROR_WANT_WRITE ||
+                                  error == WC_PENDING_E)) {
         int currTimeout = 1;
 
         if (error == SSL_ERROR_WANT_READ) {
             /* printf("... server would read block\n"); */
-        } else {
+        }
+        else if (error == SSL_ERROR_WANT_WRITE) {
             /* printf("... server would write block\n"); */
         }
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        else if (error == WC_PENDING_E) {
+            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+            if (ret < 0) break;
+        }
+    #endif
 
-#ifdef CYASSL_DTLS
-        currTimeout = CyaSSL_dtls_get_current_timeout(ssl);
-#endif
-        select_ret = tcp_select(sockfd, currTimeout);
+        if (error != WC_PENDING_E) {
+        #ifdef CYASSL_DTLS
+            currTimeout = CyaSSL_dtls_get_current_timeout(ssl);
+        #endif
+            select_ret = tcp_select(sockfd, currTimeout);
+        }
 
         if ((select_ret == TEST_RECV_READY) ||
-                                        (select_ret == TEST_ERROR_READY)) {
+            (select_ret == TEST_ERROR_READY) || error == WC_PENDING_E) {
             #ifndef CYASSL_CALLBACKS
                 ret = SSL_accept(ssl);
             #else
@@ -115,12 +132,12 @@ static int NonBlockingSSL_Accept(SSL* ssl)
         else if (select_ret == TEST_TIMEOUT && !CyaSSL_dtls(ssl)) {
             error = SSL_ERROR_WANT_READ;
         }
-#ifdef CYASSL_DTLS
+    #ifdef CYASSL_DTLS
         else if (select_ret == TEST_TIMEOUT && CyaSSL_dtls(ssl) &&
                                             CyaSSL_dtls_got_timeout(ssl) >= 0) {
             error = SSL_ERROR_WANT_READ;
         }
-#endif
+    #endif
         else {
             error = SSL_FATAL_ERROR;
         }
@@ -132,60 +149,92 @@ static int NonBlockingSSL_Accept(SSL* ssl)
 /* Echo number of bytes specified by -e arg */
 int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
 {
-    int ret = 0;
-    char* buffer = (char*)malloc(TEST_BUFFER_SIZE);
-    if(buffer) {
-        double start = 0, rx_time = 0, tx_time = 0;
-        int xfer_bytes = 0;
-        while((echoData && throughput == 0) || (!echoData && xfer_bytes < throughput)) {
-            int select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */
-            if (select_ret == TEST_RECV_READY) {
-                int len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes);
-                int rx_pos = 0;
-                if(throughput) {
-                    start = current_time(1);
-                }
-                while(rx_pos < len) {
-                    ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
-                    if (ret <= 0) {
-                        int readErr = SSL_get_error(ssl, 0);
-                        if (readErr != SSL_ERROR_WANT_READ) {
-                            printf("SSL_read error %d!\n", readErr);
-                            err_sys("SSL_read failed");
-                        }
-                    }
-                    else {
-                        rx_pos += ret;
-                    }
-                }
-                if(throughput) {
-                    rx_time += current_time(0) - start;
-                    start = current_time(1);
-                }
-                if (SSL_write(ssl, buffer, len) != len) {
-                    err_sys("SSL_write failed");
-                }
-                if(throughput) {
-                    tx_time += current_time(0) - start;
-                }
+    int ret = 0, err;
+    double start = 0, rx_time = 0, tx_time = 0;
+    int xfer_bytes = 0, select_ret, len, rx_pos;
+    char* buffer;
 
-                xfer_bytes += len;
+    buffer = (char*)malloc(TEST_BUFFER_SIZE);
+    if (!buffer) {
+        err_sys("Server buffer malloc failed");
+    }
+
+    while ((echoData && throughput == 0) ||
+          (!echoData && xfer_bytes < throughput))
+    {
+        select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */
+        if (select_ret == TEST_RECV_READY) {
+
+            len = min(TEST_BUFFER_SIZE, throughput - xfer_bytes);
+            rx_pos = 0;
+
+            if (throughput) {
+                start = current_time(1);
             }
-        }
-        free(buffer);
 
-        if(throughput) {
-            printf("wolfSSL Server Benchmark %d bytes\n"
-                "\tRX      %8.3f ms (%8.3f MBps)\n"
-                "\tTX      %8.3f ms (%8.3f MBps)\n",
-                throughput,
-                tx_time * 1000, throughput / tx_time / 1024 / 1024,
-                rx_time * 1000, throughput / rx_time / 1024 / 1024
-            );
+            /* Read data */
+            while (rx_pos < len) {
+                ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos);
+                if (ret < 0) {
+                    err = SSL_get_error(ssl, 0);
+                #ifdef WOLFSSL_ASYNC_CRYPT
+                    if (err == WC_PENDING_E) {
+                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                        if (ret < 0) break;
+                    }
+                    else
+                #endif
+                    if (err != SSL_ERROR_WANT_READ) {
+                        printf("SSL_read echo error %d\n", err);
+                        err_sys("SSL_read failed");
+                    }
+                }
+                else {
+                    rx_pos += ret;
+                }
+            }
+            if (throughput) {
+                rx_time += current_time(0) - start;
+                start = current_time(1);
+            }
+
+            /* Write data */
+            do {
+                err = 0; /* reset error */
+                ret = SSL_write(ssl, buffer, len);
+                if (ret <= 0) {
+                    err = SSL_get_error(ssl, 0);
+                #ifdef WOLFSSL_ASYNC_CRYPT
+                    if (err == WC_PENDING_E) {
+                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                        if (ret < 0) break;
+                    }
+                #endif
+                }
+            } while (err == WC_PENDING_E);
+            if (ret != len) {
+                printf("SSL_write echo error %d\n", err);
+                err_sys("SSL_write failed");
+            }
+
+            if (throughput) {
+                tx_time += current_time(0) - start;
+            }
+
+            xfer_bytes += len;
         }
     }
-    else {
-        err_sys("Server buffer malloc failed");
+
+    free(buffer);
+
+    if (throughput) {
+        printf("wolfSSL Server Benchmark %d bytes\n"
+            "\tRX      %8.3f ms (%8.3f MBps)\n"
+            "\tTX      %8.3f ms (%8.3f MBps)\n",
+            throughput,
+            tx_time * 1000, throughput / tx_time / 1024 / 1024,
+            rx_time * 1000, throughput / rx_time / 1024 / 1024
+        );
     }
 
     return EXIT_SUCCESS;
@@ -201,12 +250,12 @@ static void Usage(void)
     printf("-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
                                  SERVER_DEFAULT_VERSION);
     printf("-l <str>    Cipher suite list (: delimited)\n");
-    printf("-c <file>   Certificate file,           default %s\n", svrCert);
-    printf("-k <file>   Key file,                   default %s\n", svrKey);
-    printf("-A <file>   Certificate Authority file, default %s\n", cliCert);
+    printf("-c <file>   Certificate file,           default %s\n", svrCertFile);
+    printf("-k <file>   Key file,                   default %s\n", svrKeyFile);
+    printf("-A <file>   Certificate Authority file, default %s\n", cliCertFile);
     printf("-R <file>   Create Ready file for external monitor default none\n");
 #ifndef NO_DH
-    printf("-D <file>   Diffie-Hellman Params file, default %s\n", dhParam);
+    printf("-D <file>   Diffie-Hellman Params file, default %s\n", dhParamFile);
     printf("-Z <num>    Minimum DH key bits,        default %d\n",
                                  DEFAULT_MIN_DHKEY_BITS);
 #endif
@@ -253,6 +302,9 @@ static void Usage(void)
 #ifdef HAVE_WNR
     printf("-q <file>   Whitewood config file,      default %s\n", wnrConfig);
 #endif
+    printf("-g          Return basic HTML web page\n");
+    printf("-C <num>    The number of connections to accept, default: 1\n");
+    printf("-U          Force use of the default cipher suite list\n");
 }
 
 THREAD_RETURN CYASSL_THREAD server_test(void* args)
@@ -269,6 +321,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #else
     const char msg[] = "I hear you fa shizzle!\n";
 #endif
+    int    useWebServerMsg = 0;
     char   input[80];
     int    ch;
     int    version = SERVER_DEFAULT_VERSION;
@@ -284,13 +337,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    needDH = 0;
     int    useNtruKey   = 0;
     int    nonBlocking  = 0;
-    int    trackMemory  = 0;
     int    fewerPackets = 0;
     int    pkCallbacks  = 0;
     int    wc_shutdown     = 0;
     int    resume = 0;
     int    resumeCount = 0;
-    int    loopIndefinitely = 0;
+    int    loops = 1;
     int    echoData = 0;
     int    throughput = 0;
     int    minDhKeyBits  = DEFAULT_MIN_DHKEY_BITS;
@@ -304,10 +356,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     char*  alpnList = NULL;
     unsigned char alpn_opt = 0;
     char*  cipherList = NULL;
-    const char* verifyCert = cliCert;
-    const char* ourCert    = svrCert;
-    const char* ourKey     = svrKey;
-    const char* ourDhParam = dhParam;
+    int    useDefCipherList = 0;
+    const char* verifyCert = cliCertFile;
+    const char* ourCert    = svrCertFile;
+    const char* ourKey     = svrKeyFile;
+    const char* ourDhParam = dhParamFile;
     tcp_ready*  readySignal = NULL;
     int    argc = ((func_args*)args)->argc;
     char** argv = ((func_args*)args)->argv;
@@ -332,6 +385,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifdef HAVE_WNR
     const char* wnrConfigFile = wnrConfig;
 #endif
+    char buffer[CYASSL_MAX_ERROR_SZ];
 
 #ifdef WOLFSSL_STATIC_MEMORY
     #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \
@@ -348,9 +402,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     ((func_args*)args)->return_code = -1; /* error state */
 
 #ifdef NO_RSA
-    verifyCert = (char*)cliEccCert;
-    ourCert    = (char*)eccCert;
-    ourKey     = (char*)eccKey;
+    verifyCert = (char*)cliEccCertFile;
+    ourCert    = (char*)eccCertFile;
+    ourKey     = (char*)eccKeyFile;
 #endif
     (void)pkCallbacks;
     (void)needDH;
@@ -375,8 +429,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifdef WOLFSSL_VXWORKS
     useAnyAddr = 1;
 #else
-    while ((ch = mygetopt(argc, argv,
-                  "?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:")) != -1) {
+    /* Not Used: h, m, t, x, y, z, F, J, K, M, Q, T, U, V, W, X, Y */
+    while ((ch = mygetopt(argc, argv, "?"
+                "abc:defgijk:l:nop:q:rsuv:w"
+                "A:B:C:D:E:GHIL:NO:PR:S:YZ:")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -398,12 +454,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 usePskPlus = 1;
                 break;
 
-            case 't' :
-            #ifdef USE_WOLFSSL_MEMORY
-                trackMemory = 1;
-            #endif
-                break;
-
             case 'n' :
                 useNtruKey = 1;
                 break;
@@ -460,6 +510,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 cipherList = myoptarg;
                 break;
 
+            case 'H' :
+                useDefCipherList = 1;
+                break;
+
             case 'A' :
                 verifyCert = myoptarg;
                 break;
@@ -541,7 +595,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 break;
 
             case 'i' :
-                loopIndefinitely = 1;
+                loops = -1;
+                break;
+
+            case 'C' :
+                loops = atoi(myoptarg);
+                if (loops <= 0) {
+                    Usage();
+                    exit(MY_EX_USAGE);
+                }
                 break;
 
             case 'e' :
@@ -568,6 +630,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 #endif
                 break;
 
+            case 'g' :
+                useWebServerMsg = 1;
+                break;
+
             default:
                 Usage();
                 exit(MY_EX_USAGE);
@@ -598,11 +664,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
         }
     }
 
-#if defined(USE_CYASSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
-    if (trackMemory)
-        InitMemoryTracker();
-#endif
-
 #ifdef HAVE_WNR
     if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
         err_sys("can't load whitewood net random config file");
@@ -689,9 +750,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
 #endif
 
-    if (cipherList)
+    if (cipherList && !useDefCipherList) {
         if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
             err_sys("server can't set cipher list 1");
+    }
 
 #ifdef CYASSL_LEANPSK
     if (!usePsk) {
@@ -717,12 +779,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
 #endif
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+#if !defined(NO_CERTS)
     if ((!usePsk || usePskPlus) && !useAnon) {
+    #if !defined(NO_FILESYSTEM)
         if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
                                          != SSL_SUCCESS)
             err_sys("can't load server cert file, check file and run from"
                     " wolfSSL home dir");
+    #else
+        /* loads cert chain file using buffer API */
+        load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
+    #endif
     }
 #endif
 
@@ -750,12 +817,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                     "Please run from wolfSSL home dir");
     }
 #endif
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
+#if !defined(NO_CERTS)
     if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) {
+    #if !defined(NO_FILESYSTEM)
         if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
                                          != SSL_SUCCESS)
             err_sys("can't load server private key file, check file and run "
                 "from wolfSSL home dir");
+    #else
+        /* loads private key file using buffer API */
+        load_buffer(ctx, ourKey, WOLFSSL_KEY);
+    #endif
     }
 #endif
 
@@ -785,7 +857,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     if (useAnon) {
 #ifdef HAVE_ANON
         CyaSSL_CTX_allow_anon_cipher(ctx);
-        if (cipherList == NULL) {
+        if (cipherList == NULL || (cipherList && useDefCipherList)) {
             if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != SSL_SUCCESS)
                 err_sys("server can't set cipher list 4");
         }
@@ -836,25 +908,26 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     ret = wolfAsync_DevOpen(&devId);
-    if (ret != 0) {
-        err_sys("Async device open failed");
+    if (ret < 0) {
+        printf("Async device open failed\nRunning without async\n");
     }
     wolfSSL_CTX_UseAsync(ctx, devId);
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
     while (1) {
         /* allow resume option */
-        if(resumeCount > 1) {
+        if (resumeCount > 1) {
             if (dtlsUDP == 0) {
                 SOCKADDR_IN_T client;
                 socklen_t client_len = sizeof(client);
                 clientfd = accept(sockfd, (struct sockaddr*)&client,
                                  (ACCEPT_THIRD_T)&client_len);
-            } else {
+            }
+            else {
                 tcp_listen(&sockfd, &port, useAnyAddr, dtlsUDP, dtlsSCTP);
                 clientfd = sockfd;
             }
-            if(WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
+            if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
                 err_sys("tcp accept failed");
             }
         }
@@ -872,6 +945,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
         ssl = SSL_new(ctx);
         if (ssl == NULL)
             err_sys("unable to get SSL");
+        #ifdef OPENSSL_EXTRA
+        wolfSSL_KeepArrays(ssl);
+        #endif
 
 #if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
     {
@@ -980,38 +1056,69 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
         }
 #endif
 
-        do {
-#ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_PENDING_E) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) { break; } else if (ret == 0) { continue; }
-            }
-#endif
-
-            err = 0; /* Reset error */
 #ifndef CYASSL_CALLBACKS
-            if (nonBlocking) {
-                ret = NonBlockingSSL_Accept(ssl);
-            }
-            else {
-                ret = SSL_accept(ssl);
-            }
-#else
+        if (nonBlocking) {
             ret = NonBlockingSSL_Accept(ssl);
+        }
+        else {
+            do {
+                err = 0; /* reset error */
+                ret = SSL_accept(ssl);
+                if (ret != SSL_SUCCESS) {
+                    err = SSL_get_error(ssl, 0);
+                #ifdef WOLFSSL_ASYNC_CRYPT
+                    if (err == WC_PENDING_E) {
+                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                        if (ret < 0) break;
+                    }
+                #endif
+                }
+            } while (err == WC_PENDING_E);
+        }
+#else
+        ret = NonBlockingSSL_Accept(ssl);
 #endif
-            if (ret != SSL_SUCCESS) {
-                err = SSL_get_error(ssl, 0);
-            }
-        } while (ret != SSL_SUCCESS && err == WC_PENDING_E);
-
         if (ret != SSL_SUCCESS) {
-            char buffer[CYASSL_MAX_ERROR_SZ];
             err = SSL_get_error(ssl, 0);
-            printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
+            printf("SSL_accept error %d, %s\n", err,
+                                                ERR_error_string(err, buffer));
             err_sys("SSL_accept failed");
         }
 
         showPeer(ssl);
+        if (SSL_state(ssl) != 0) {
+            err_sys("SSL in error state");
+        }
+
+#ifdef OPENSSL_EXTRA
+    {
+        byte*  rnd;
+        byte*  pt;
+        size_t size;
+
+        /* get size of buffer then print */
+        size = wolfSSL_get_server_random(NULL, NULL, 0);
+        if (size == 0) {
+            err_sys("error getting server random buffer size");
+        }
+
+        rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (rnd == NULL) {
+            err_sys("error creating server random buffer");
+        }
+
+        size = wolfSSL_get_server_random(ssl, rnd, size);
+        if (size == 0) {
+            XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            err_sys("error getting server random buffer");
+        }
+
+        printf("Server Random : ");
+        for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
+        printf("\n");
+        XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif
 
 #ifdef HAVE_ALPN
         if (alpnList != NULL) {
@@ -1037,21 +1144,64 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
             free(list);
         }
 #endif
-        if(echoData == 0 && throughput == 0) {
-            ret = SSL_read(ssl, input, sizeof(input)-1);
+        if (echoData == 0 && throughput == 0) {
+            const char* write_msg;
+            int write_msg_sz;
+
+            /* Read data */
+            do {
+                err = 0; /* reset error */
+                ret = SSL_read(ssl, input, sizeof(input)-1);
+                if (ret < 0) {
+                    err = SSL_get_error(ssl, 0);
+
+                #ifdef WOLFSSL_ASYNC_CRYPT
+                    if (err == WC_PENDING_E) {
+                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                        if (ret < 0) break;
+                    }
+                    else
+                #endif
+                    if (err != SSL_ERROR_WANT_READ) {
+                        printf("SSL_read input error %d, %s\n", err,
+                                                ERR_error_string(err, buffer));
+                        err_sys("SSL_read failed");
+                    }
+                }
+            } while (err == WC_PENDING_E);
             if (ret > 0) {
-                input[ret] = 0;
+                input[ret] = 0; /* null terminate message */
                 printf("Client message: %s\n", input);
-
-            }
-            else if (ret < 0) {
-                int readErr = SSL_get_error(ssl, 0);
-                if (readErr != SSL_ERROR_WANT_READ)
-                    err_sys("SSL_read failed");
             }
 
-            if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
+            /* Write data */
+            if (!useWebServerMsg) {
+                write_msg = msg;
+                write_msg_sz = sizeof(msg);
+            }
+            else {
+                write_msg = webServerMsg;
+                write_msg_sz = sizeof(webServerMsg);
+            }
+            do {
+                err = 0; /* reset error */
+                ret = SSL_write(ssl, write_msg, write_msg_sz);
+                if (ret <= 0) {
+                    err = SSL_get_error(ssl, 0);
+
+                #ifdef WOLFSSL_ASYNC_CRYPT
+                    if (err == WC_PENDING_E) {
+                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+                        if (ret < 0) break;
+                    }
+                #endif
+                }
+            } while (err == WC_PENDING_E);
+            if (ret != write_msg_sz) {
+                printf("SSL_write msg error %d, %s\n", err,
+                                                ERR_error_string(err, buffer));
                 err_sys("SSL_write failed");
+            }
         }
         else {
             ServerEchoData(ssl, clientfd, echoData, throughput);
@@ -1093,7 +1243,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
         }
         resumeCount = 0;
 
-        if(!loopIndefinitely) {
+        if (loops > 0 && --loops == 0) {
             break;  /* out of while loop, done with normal and resume option */
         }
     } /* while(1) */
@@ -1110,11 +1260,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     ecc_fp_free();  /* free per thread cache */
 #endif
 
-#if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY)
-    if (trackMemory)
-        ShowMemoryTracker();
-#endif
-
 #ifdef CYASSL_TIRTOS
     fdCloseSession(Task_self());
 #endif
@@ -1137,7 +1282,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     (void) useNtruKey;
     (void) ourDhParam;
     (void) ourCert;
-    (void) trackMemory;
 #ifndef CYASSL_TIRTOS
     return 0;
 #endif

fips-check.sh

@@ -9,14 +9,17 @@
 # This should check out all the approved versions. The command line
 # option selects the version.
 #
-#     $ ./fips-check [version]
+#     $ ./fips-check [version] [keep]
 #
-#     - version: linux (default), ios, android, windows, freertos
+#     - version: linux (default), ios, android, windows, freertos, linux-ecc
+#
+#     - keep: (default off) XXX-fips-test temp dir around for inspection
 #
 
 function Usage() {
-    echo "Usage: $0 [platform]"
-    echo "Where \"platform\" is one of linux (default), ios, android, windows, freertos"
+    echo "Usage: $0 [platform] [keep]"
+    echo "Where \"platform\" is one of linux (default), ios, android, windows, freertos, openrtos-3.9.2, linux-ecc"
+    echo "Where \"keep\" means keep (default off) XXX-fips-test temp dir around for inspection"
 }
 
 LINUX_FIPS_VERSION=v3.2.6
@@ -24,6 +27,11 @@ LINUX_FIPS_REPO=git@github.com:wolfSSL/fips.git
 LINUX_CTAO_VERSION=v3.2.6
 LINUX_CTAO_REPO=git@github.com:cyassl/cyassl.git
 
+LINUX_ECC_FIPS_VERSION=v3.10.3
+LINUX_ECC_FIPS_REPO=git@github.com:wolfSSL/fips.git
+LINUX_ECC_CTAO_VERSION=v3.2.6
+LINUX_ECC_CTAO_REPO=git@github.com:cyassl/cyassl.git
+
 IOS_FIPS_VERSION=v3.4.8a
 IOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
 IOS_CTAO_VERSION=v3.4.8.fips
@@ -44,6 +52,11 @@ FREERTOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
 FREERTOS_CTAO_VERSION=v3.6.1
 FREERTOS_CTAO_REPO=git@github.com:cyassl/cyassl.git
 
+OPENRTOS_3_9_2_FIPS_VERSION=v3.9.2-OpenRTOS
+OPENRTOS_3_9_2_FIPS_REPO=git@github.com:wolfSSL/fips.git
+OPENRTOS_3_9_2_CTAO_VERSION=v3.6.1
+OPENRTOS_3_9_2_CTAO_REPO=git@github.com:cyassl/cyassl.git
+
 FIPS_SRCS=( fips.c fips_test.c )
 WC_MODS=( aes des3 sha sha256 sha512 rsa hmac random )
 TEST_DIR=XXX-fips-test
@@ -52,6 +65,8 @@ WC_SRC_PATH=ctaocrypt/src
 
 if [ "x$1" == "x" ]; then PLATFORM="linux"; else PLATFORM=$1; fi
 
+if [ "x$2" == "xkeep" ]; then KEEP="yes"; else KEEP="no"; fi
+
 case $PLATFORM in
 ios)
   FIPS_VERSION=$IOS_FIPS_VERSION
@@ -77,12 +92,25 @@ freertos)
   CTAO_VERSION=$FREERTOS_CTAO_VERSION
   CTAO_REPO=$FREERTOS_CTAO_REPO
   ;;
+openrtos-3.9.2)
+  FIPS_VERSION=$OPENRTOS_3_9_2_FIPS_VERSION
+  FIPS_REPO=$OPENRTOS_3_9_2_FIPS_REPO
+  CTAO_VERSION=$OPENRTOS_3_9_2_CTAO_VERSION
+  CTAO_REPO=$OPENRTOS_3_9_2_CTAO_REPO
+  FIPS_CONFLICTS=( aes hmac random sha256 )
+  ;;
 linux)
   FIPS_VERSION=$LINUX_FIPS_VERSION
   FIPS_REPO=$LINUX_FIPS_REPO
   CTAO_VERSION=$LINUX_CTAO_VERSION
   CTAO_REPO=$LINUX_CTAO_REPO
   ;;
+linux-ecc)
+  FIPS_VERSION=$LINUX_ECC_FIPS_VERSION
+  FIPS_REPO=$LINUX_ECC_FIPS_REPO
+  CTAO_VERSION=$LINUX_ECC_CTAO_VERSION
+  CTAO_REPO=$LINUX_ECC_CTAO_REPO
+  ;;
 *)
   Usage
   exit 1
@@ -134,7 +162,22 @@ fi
 make test
 [ $? -ne 0 ] && echo "\n\nTest failed. Debris left for analysis." && exit 1
 
+if [ ${#FIPS_CONFLICTS[@]} -ne 0 ];
+then
+    echo "Due to the way this package is compiled by the customer duplicate"
+    echo "source file names are an issue, renaming:"
+    for FNAME in ${FIPS_CONFLICTS[@]}
+    do
+        echo "wolfcrypt/src/$FNAME.c to wolfcrypt/src/wc_$FNAME.c"
+        mv ./wolfcrypt/src/$FNAME.c ./wolfcrypt/src/wc_$FNAME.c
+    done
+    echo "Confirming files were renamed..."
+    ls -la ./wolfcrypt/src/wc_*.c
+fi
+
 # Clean up
 popd
-rm -rf $TEST_DIR
-
+if [ "x$KEEP" == "xno" ];
+then
+    rm -rf $TEST_DIR
+fi

gencertbuf.pl

@@ -55,6 +55,7 @@ my @fileList_2048 = (
         [ "./certs/dh2048.der", "dh_key_der_2048" ],
         [ "./certs/dsa2048.der", "dsa_key_der_2048" ],
         [ "./certs/rsa2048.der", "rsa_key_der_2048" ],
+        [ "./certs/ca-key.der", "ca_key_der_2048" ],
         [ "./certs/ca-cert.der", "ca_cert_der_2048" ],
         [ "./certs/server-key.der", "server_key_der_2048" ],
         [ "./certs/server-cert.der", "server_cert_der_2048" ]

m4/ax_harden_compiler_flags.m4

@@ -61,6 +61,7 @@
 # AX_APPEND_COMPILE_FLAGS([-fstack-check],,[$ax_append_compile_cflags_extra]) -- problems with fastmath stack size checks
 # AX_APPEND_COMPILE_FLAGS([-floop-parallelize-all],,[$ax_append_compile_cflags_extra]) -- causes RSA verify problem on x64
 # AX_APPEND_COMPILE_FLAGS([-Wunreachable-code],,[$ax_append_compile_cflags_extra])  -- older clang and when gcc had it are buggy
+# AX_APPEND_COMPILE_FLAGS([-fPIE],,[$ax_append_compile_cflags_extra]) -- Flag for executables not libraries
 
 #serial 4.2
 # changes: deleted the clearing of CFLAGS
@@ -155,7 +156,6 @@
       AX_APPEND_COMPILE_FLAGS([-Wunused-variable],,[$ax_append_compile_cflags_extra])
       AX_APPEND_COMPILE_FLAGS([-Wwrite-strings],,[$ax_append_compile_cflags_extra])
       AX_APPEND_COMPILE_FLAGS([-fwrapv],,[$ax_append_compile_cflags_extra])
-      AX_APPEND_COMPILE_FLAGS([-fPIE],,[$ax_append_compile_cflags_extra])
       AC_LANG_POP
       ])
 

mcapi/crypto.h

@@ -34,7 +34,7 @@
 
 /* MD5 */
 typedef struct CRYPT_MD5_CTX {
-    int holder[24];   /* big enough to hold internal, but check on init */
+    int holder[28];   /* big enough to hold internal, but check on init */
 } CRYPT_MD5_CTX;
 
 int CRYPT_MD5_Initialize(CRYPT_MD5_CTX*);
@@ -42,13 +42,13 @@ int CRYPT_MD5_DataAdd(CRYPT_MD5_CTX*, const unsigned char*, unsigned int);
 int CRYPT_MD5_Finalize(CRYPT_MD5_CTX*, unsigned char*);
 
 enum {
-    CRYPT_MD5_DIGEST_SIZE = 16 
+    CRYPT_MD5_DIGEST_SIZE = 16
 };
 
 
 /* SHA */
 typedef struct CRYPT_SHA_CTX {
-    int holder[24];   /* big enough to hold internal, but check on init */
+    int holder[28];   /* big enough to hold internal, but check on init */
 } CRYPT_SHA_CTX;
 
 int CRYPT_SHA_Initialize(CRYPT_SHA_CTX*);
@@ -62,7 +62,7 @@ enum {
 
 /* SHA-256 */
 typedef struct CRYPT_SHA256_CTX {
-    int holder[28];   /* big enough to hold internal, but check on init */
+    int holder[32];   /* big enough to hold internal, but check on init */
 } CRYPT_SHA256_CTX;
 
 int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX*);
@@ -70,13 +70,13 @@ int CRYPT_SHA256_DataAdd(CRYPT_SHA256_CTX*, const unsigned char*, unsigned int);
 int CRYPT_SHA256_Finalize(CRYPT_SHA256_CTX*, unsigned char*);
 
 enum {
-    CRYPT_SHA256_DIGEST_SIZE = 32 
+    CRYPT_SHA256_DIGEST_SIZE = 32
 };
 
 
 /* SHA-384 */
 typedef struct CRYPT_SHA384_CTX {
-    long long holder[32];   /* big enough to hold internal, but check on init */
+    long long holder[36];   /* big enough to hold internal, but check on init */
 } CRYPT_SHA384_CTX;
 
 int CRYPT_SHA384_Initialize(CRYPT_SHA384_CTX*);
@@ -98,13 +98,13 @@ int CRYPT_SHA512_DataAdd(CRYPT_SHA512_CTX*, const unsigned char*, unsigned int);
 int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX*, unsigned char*);
 
 enum {
-    CRYPT_SHA512_DIGEST_SIZE = 64 
+    CRYPT_SHA512_DIGEST_SIZE = 64
 };
 
 
 /* HMAC */
 typedef struct CRYPT_HMAC_CTX {
-    long long holder[68];   /* big enough to hold internal, but check on init */
+    long long holder[72];   /* big enough to hold internal, but check on init */
 } CRYPT_HMAC_CTX;
 
 int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX*, int, const unsigned char*, unsigned int);
@@ -113,10 +113,10 @@ int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX*, unsigned char*);
 
 /* HMAC types */
 enum {
-    CRYPT_HMAC_SHA    = 1, 
-    CRYPT_HMAC_SHA256 = 2, 
-    CRYPT_HMAC_SHA384 = 5, 
-    CRYPT_HMAC_SHA512 = 4 
+    CRYPT_HMAC_SHA    = 1,
+    CRYPT_HMAC_SHA256 = 2,
+    CRYPT_HMAC_SHA384 = 5,
+    CRYPT_HMAC_SHA512 = 4
 };
 
 
@@ -128,7 +128,7 @@ int CRYPT_HUFFMAN_DeCompress(unsigned char*, unsigned int, const unsigned char*,
 
 /* flag to use static huffman */
 enum {
-    CRYPT_HUFFMAN_COMPRESS_STATIC = 1 
+    CRYPT_HUFFMAN_COMPRESS_STATIC = 1
 };
 
 
@@ -144,7 +144,7 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX*, unsigned char*, unsigned int);
 
 /* TDES */
 typedef struct CRYPT_TDES_CTX {
-    int holder[100];   /* big enough to hold internal, but check on init */
+    int holder[104];   /* big enough to hold internal, but check on init */
 } CRYPT_TDES_CTX;
 
 int CRYPT_TDES_KeySet(CRYPT_TDES_CTX*, const unsigned char*,
@@ -158,13 +158,13 @@ int CRYPT_TDES_CBC_Decrypt(CRYPT_TDES_CTX*, unsigned char*,
 /* key direction flags for setup */
 enum {
     CRYPT_TDES_ENCRYPTION = 0,
-    CRYPT_TDES_DECRYPTION = 1 
+    CRYPT_TDES_DECRYPTION = 1
 };
 
 
 /* AES */
 typedef struct CRYPT_AES_CTX {
-    int holder[76];   /* big enough to hold internal, but check on init */
+    int holder[78];   /* big enough to hold internal, but check on init */
 } CRYPT_AES_CTX;
 
 /* key */
@@ -262,7 +262,7 @@ int CRYPT_ERROR_StringGet(int, char*);
 
 
 #ifdef __cplusplus
-    }  /* extern "C" */ 
+    }  /* extern "C" */
 #endif
 
 

rpm/spec.in

@@ -72,8 +72,8 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_docdir}/wolfssl/README.txt
 %{_libdir}/libwolfssl.la
 %{_libdir}/libwolfssl.so
-%{_libdir}/libwolfssl.so.3
-%{_libdir}/libwolfssl.so.3.5.0
+%{_libdir}/libwolfssl.so.12
+%{_libdir}/libwolfssl.so.12.0.0
 
 %files devel
 %defattr(-,root,root,-)
@@ -159,6 +159,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/cyassl/openssl/rsa.h
 %{_includedir}/cyassl/openssl/sha.h
 %{_includedir}/cyassl/openssl/ssl.h
+%{_includedir}/cyassl/openssl/ssl23.h
 %{_includedir}/cyassl/openssl/stack.h
 %{_includedir}/cyassl/openssl/ui.h
 %{_includedir}/cyassl/openssl/x509.h
@@ -172,6 +173,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/callbacks.h
 %{_includedir}/wolfssl/certs_test.h
 %{_includedir}/wolfssl/crl.h
+%{_includedir}/wolfssl/io.h
 %{_includedir}/wolfssl/wolfcrypt/aes.h
 %{_includedir}/wolfssl/wolfcrypt/cmac.h
 %{_includedir}/wolfssl/wolfcrypt/arc4.h
@@ -229,8 +231,10 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/wolfcrypt/visibility.h
 %{_includedir}/wolfssl/wolfcrypt/wc_encrypt.h
 %{_includedir}/wolfssl/wolfcrypt/wolfevent.h
+%{_includedir}/wolfssl/wolfcrypt/wolfmath.h
 %{_includedir}/wolfssl/error-ssl.h
 %{_includedir}/wolfssl/ocsp.h
+%{_includedir}/wolfssl/openssl/aes.h
 %{_includedir}/wolfssl/openssl/asn1.h
 %{_includedir}/wolfssl/openssl/bio.h
 %{_includedir}/wolfssl/openssl/bn.h
@@ -262,6 +266,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/openssl/rsa.h
 %{_includedir}/wolfssl/openssl/sha.h
 %{_includedir}/wolfssl/openssl/ssl.h
+%{_includedir}/wolfssl/openssl/ssl23.h
 %{_includedir}/wolfssl/openssl/stack.h
 %{_includedir}/wolfssl/openssl/ui.h
 %{_includedir}/wolfssl/openssl/x509.h
@@ -275,6 +280,12 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_libdir}/pkgconfig/wolfssl.pc
 
 %changelog
+* Thu May 04 2017 Jacob Barthelmeh <jacob@wolfssl.com>
+- Added header for wolfssl/io.h, wolfssl/openssl/ssl23.h, cyassl/openssl/ssl23.h
+* Thu Feb 09 2017 Jacob Barthelmeh <jacob@wolfssl.com>
+- Added header for wolfssl/wolfcrypt/wolfmath.h
+* Fri Nov 11 2016 Jacob Barthelmeh <jacob@wolfssl.com>
+- Added header for wolfssl/openssl/aes.h
 * Fri Oct 28 2016 Jacob Barthelmeh <jacob@wolfssl.com>
 - Added header for pkcs12
 * Fri Sep 23 2016 John Safranek <john@wolfssl.com>

scripts/include.am

@@ -47,6 +47,11 @@ if BUILD_TRUST_PEER_CERT
 dist_noinst_SCRIPTS+= scripts/trusted_peer.test
 endif
 
+if BUILD_PKCALLBACKS
+dist_noinst_SCRIPTS+= scripts/pkcallbacks.test
+scripts/pkcallbacks.log: scripts/resume.log
+endif
+
 endif # end of BUILD_EXAMPLE_SERVERS
 
 if BUILD_EXAMPLE_CLIENTS

scripts/openssl.test

@@ -82,7 +82,7 @@ found_free_port=0
 while [ "$counter" -lt 20 ]; do
     echo -e "\nTrying to start openssl server on port $openssl_port...\n"
 
-    openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem  -quiet -CAfile ./certs/client-ca.pem -www  -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" &
+    openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem  -quiet -CAfile ./certs/client-ca.pem -www  -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" &
     server_pid=$!
     # wait to see if s_server successfully starts before continuing
     sleep 0.1
@@ -215,12 +215,19 @@ do
             continue
         fi
 
+        # check for psk suite and turn on client psk if so
+        psk = ""
+        case $wolfSuite in
+        *PSK*)
+            psk="-s " ;;
+        esac
+
         if [ $version -lt 4 ]
         then
-            ./examples/client/client -p $openssl_port -g -r -l $wolfSuite -v $version
+            ./examples/client/client -p $openssl_port -g -r -l $wolfSuite -v $version $psk
         else
             # do all versions
-            ./examples/client/client -p $openssl_port -g -r -l $wolfSuite
+            ./examples/client/client -p $openssl_port -g -r -l $wolfSuite $psk
         fi
 
         client_result=$?

scripts/pkcallbacks.test

@@ -0,0 +1,123 @@
+#!/bin/sh
+
+#pkcallbacks.test
+
+exit_code=1
+counter=0
+# need a unique resume port since may run the same time as testsuite
+# use server port zero hack to get one
+pk_port=0
+#no_pid tells us process was never started if -1
+no_pid=-1
+#server_pid captured on startup, stores the id of the server process
+server_pid=$no_pid
+# let's use absolute path to a local dir (make distcheck may be in sub dir)
+# also let's add some randomness by adding pid in case multiple 'make check's
+# per source tree
+ready_file=`pwd`/wolfssl_pk_ready$$
+
+remove_ready_file() {
+    if test -e $ready_file; then
+        echo -e "removing existing ready file"
+        rm $ready_file
+    fi
+}
+
+do_cleanup() {
+    echo "in cleanup"
+
+    if  [ $server_pid != $no_pid ]
+    then
+        echo "killing server"
+        kill -9 $server_pid
+    fi
+    remove_ready_file
+}
+
+# trap this function so if user aborts with ^C or other kill signal we still
+# get an exit that will in turn clean up the file system
+abort_trap() {
+    echo "script aborted"
+
+    if  [ $server_pid != $no_pid ]
+    then
+        echo "killing server"
+        kill -9 $server_pid
+    fi
+
+    exit_code=2 #different exit code in case of user interrupt
+
+    echo "got abort signal, exiting with $exit_code"
+    exit $exit_code
+}
+trap abort_trap INT TERM
+
+
+# trap this function so that if we exit on an error the file system will still
+# be restored and the other tests may still pass. Never call this function
+# instead use "exit <some value>" and this function will run automatically
+restore_file_system() {
+    remove_ready_file
+}
+trap restore_file_system EXIT
+
+run_test() {
+    echo -e "\nStarting example server for pkcallbacks test...\n"
+
+    remove_ready_file
+
+    # starts the server on pk_port, -R generates ready file to be used as a
+    # mutex lock, -P does pkcallbacks. We capture the processid
+    # into the variable server_pid
+    ./examples/server/server -P -R $ready_file -p $pk_port &
+    server_pid=$!
+
+    while [ ! -s $ready_file -a "$counter" -lt 20 ]; do
+        echo -e "waiting for ready file..."
+        sleep 0.1
+        counter=$((counter+ 1))
+    done
+
+    if test -e $ready_file; then
+        echo -e "found ready file, starting client..."
+    else
+        echo -e "NO ready file ending test..."
+        exit 1
+    fi
+
+    # get created port 0 ephemeral port
+    pk_port=`cat $ready_file`
+
+    # starts client on pk_port with pkcallbacks, captures the output from client
+    capture_out=$(./examples/client/client -P -p $pk_port 2>&1)
+    client_result=$?
+
+    if [ $client_result != 0 ]
+    then
+        echo -e "client failed!"
+        do_cleanup
+        exit 1
+    fi
+
+    wait $server_pid
+    server_result=$?
+
+    if [ $server_result != 0 ]
+    then
+        echo -e "server failed!"
+        exit 1
+    fi
+
+}
+
+
+######### begin program #########
+
+# run the test
+run_test
+
+# If we get to this, success
+echo "Success!"
+exit 0
+########## end program ##########
+

src/bio.c

@@ -0,0 +1,446 @@
+/* bio.c
+ *
+ * Copyright (C) 2006-2016 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*** TBD ***/
+WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
+{
+    (void)bio;
+    (void)cmd;
+    (void)larg;
+    (void)parg;
+
+    WOLFSSL_ENTER("BIO_ctrl");
+    return 1;
+}
+
+
+/* Return the number of pending bytes in read and write buffers */
+size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
+{
+    WOLFSSL_ENTER("BIO_ctrl_pending");
+    if (bio == NULL) {
+        return 0;
+    }
+
+    if (bio->ssl != NULL) {
+        return (long)wolfSSL_pending(bio->ssl);
+    }
+
+    if (bio->type == BIO_MEMORY) {
+        return bio->memLen;
+    }
+
+    /* type BIO_BIO then check paired buffer */
+    if (bio->type == BIO_BIO && bio->pair != NULL) {
+        WOLFSSL_BIO* pair = bio->pair;
+        if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) {
+            /* in wrap around state where begining of buffer is being
+             * overwritten */
+            return pair->wrSz - pair->rdIdx + pair->wrIdx;
+        }
+        else {
+            /* simple case where has not wrapped around */
+            return pair->wrIdx - pair->rdIdx;
+        }
+    }
+
+    return 0;
+}
+
+
+long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
+{
+    WOLFSSL_ENTER("BIO_get_mem_ptr");
+
+    if (bio == NULL || ptr == NULL) {
+        return SSL_FAILURE;
+    }
+
+    *ptr = (WOLFSSL_BUF_MEM*)(bio->mem);
+    return SSL_SUCCESS;
+}
+
+/*** TBD ***/
+WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg)
+{
+    (void) bp;
+    (void) cmd;
+    (void) larg;
+    (void) iarg;
+    WOLFSSL_ENTER("BIO_int_ctrl");
+    return 0;
+}
+
+
+int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_set_write_buf_size");
+
+    if (bio == NULL || bio->type != BIO_BIO || size < 0) {
+        return SSL_FAILURE;
+    }
+
+    /* if already in pair then do not change size */
+    if (bio->pair != NULL) {
+        WOLFSSL_MSG("WOLFSSL_BIO is paired, free from pair before changing");
+        return SSL_FAILURE;
+    }
+
+    bio->wrSz  = (int)size;
+    if (bio->wrSz < 0) {
+        WOLFSSL_MSG("Unexpected negative size value");
+        return SSL_FAILURE;
+    }
+
+    if (bio->mem != NULL) {
+        XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
+    }
+
+    bio->mem = (byte*)XMALLOC(bio->wrSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
+    if (bio->mem == NULL) {
+        WOLFSSL_MSG("Memory allocation error");
+        return SSL_FAILURE;
+    }
+    bio->wrIdx = 0;
+    bio->rdIdx = 0;
+
+    return SSL_SUCCESS;
+}
+
+
+/* Joins two BIO_BIO types. The write of b1 goes to the read of b2 and vise
+ * versa. Creating something similar to a two way pipe.
+ * Reading and writing between the two BIOs is not thread safe, they are
+ * expected to be used by the same thread. */
+int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_make_bio_pair");
+
+    if (b1 == NULL || b2 == NULL) {
+        WOLFSSL_LEAVE("wolfSSL_BIO_make_bio_pair", BAD_FUNC_ARG);
+        return SSL_FAILURE;
+    }
+
+    /* both are expected to be of type BIO and not already paired */
+    if (b1->type != BIO_BIO || b2->type != BIO_BIO ||
+        b1->pair != NULL || b2->pair != NULL) {
+        WOLFSSL_MSG("Expected type BIO and not already paired");
+        return SSL_FAILURE;
+    }
+
+    /* set default write size if not already set */
+    if (b1->mem == NULL && wolfSSL_BIO_set_write_buf_size(b1,
+                            WOLFSSL_BIO_SIZE) != SSL_SUCCESS) {
+        return SSL_FAILURE;
+    }
+
+    if (b2->mem == NULL && wolfSSL_BIO_set_write_buf_size(b2,
+                            WOLFSSL_BIO_SIZE) != SSL_SUCCESS) {
+        return SSL_FAILURE;
+    }
+
+    b1->pair = b2;
+    b2->pair = b1;
+
+    return SSL_SUCCESS;
+}
+
+
+int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_ctrl_reset_read_request");
+
+    if (b == NULL) {
+        return SSL_FAILURE;
+    }
+
+    b->readRq = 0;
+
+    return SSL_SUCCESS;
+}
+
+
+/* Does not advance read index pointer */
+int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_nread0");
+
+    if (bio == NULL || buf == NULL) {
+        WOLFSSL_MSG("NULL argument passed in");
+        return 0;
+    }
+
+    /* if paired read from pair */
+    if (bio->pair != NULL) {
+        WOLFSSL_BIO* pair = bio->pair;
+
+        /* case where have wrapped around write buffer */
+        *buf = (char*)pair->mem + pair->rdIdx;
+        if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) {
+            return pair->wrSz - pair->rdIdx;
+        }
+        else {
+            return pair->wrIdx - pair->rdIdx;
+        }
+    }
+
+    return 0;
+}
+
+
+/* similar to wolfSSL_BIO_nread0 but advances the read index */
+int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num)
+{
+    int sz = WOLFSSL_BIO_UNSET;
+
+    WOLFSSL_ENTER("wolfSSL_BIO_nread");
+
+    if (bio == NULL || buf == NULL) {
+        WOLFSSL_MSG("NULL argument passed in");
+        return SSL_FAILURE;
+    }
+
+    if (bio->pair != NULL) {
+        /* special case if asking to read 0 bytes */
+        if (num == 0) {
+            *buf = (char*)bio->pair->mem + bio->pair->rdIdx;
+            return 0;
+        }
+
+        /* get amount able to read and set buffer pointer */
+        sz = wolfSSL_BIO_nread0(bio, buf);
+        if (sz == 0) {
+            return WOLFSSL_BIO_ERROR;
+        }
+
+        if (num < sz) {
+            sz = num;
+        }
+        bio->pair->rdIdx += sz;
+
+        /* check if have read to the end of the buffer and need to reset */
+        if (bio->pair->rdIdx == bio->pair->wrSz) {
+            bio->pair->rdIdx = 0;
+            if (bio->pair->wrIdx == bio->pair->wrSz) {
+                bio->pair->wrIdx = 0;
+            }
+        }
+
+        /* check if read up to write index, if so then reset indexs */
+        if (bio->pair->rdIdx == bio->pair->wrIdx) {
+            bio->pair->rdIdx = 0;
+            bio->pair->wrIdx = 0;
+        }
+    }
+
+    return sz;
+}
+
+
+int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num)
+{
+    int sz = WOLFSSL_BIO_UNSET;
+
+    WOLFSSL_ENTER("wolfSSL_BIO_nwrite");
+
+    if (bio == NULL || buf == NULL) {
+        WOLFSSL_MSG("NULL argument passed in");
+        return 0;
+    }
+
+    if (bio->pair != NULL) {
+        if (num == 0) {
+            *buf = (char*)bio->mem + bio->wrIdx;
+            return 0;
+        }
+
+        if (bio->wrIdx < bio->rdIdx) {
+            /* if wrapped around only write up to read index. In this case
+             * rdIdx is always greater then wrIdx so sz will not be negative. */
+            sz = bio->rdIdx - bio->wrIdx;
+        }
+        else if (bio->rdIdx > 0 && bio->wrIdx == bio->rdIdx) {
+            return WOLFSSL_BIO_ERROR; /* no more room to write */
+        }
+        else {
+            /* write index is past read index so write to end of buffer */
+            sz = bio->wrSz - bio->wrIdx;
+
+            if (sz <= 0) {
+                /* either an error has occured with write index or it is at the
+                 * end of the write buffer. */
+                if (bio->rdIdx == 0) {
+                    /* no more room, nothing has been read */
+                    return WOLFSSL_BIO_ERROR;
+                }
+
+                bio->wrIdx = 0;
+
+                /* check case where read index is not at 0 */
+                if (bio->rdIdx > 0) {
+                    sz = bio->rdIdx; /* can write up to the read index */
+                }
+                else {
+                    sz = bio->wrSz; /* no restriction other then buffer size */
+                }
+            }
+        }
+
+        if (num < sz) {
+            sz = num;
+        }
+        *buf = (char*)bio->mem + bio->wrIdx;
+        bio->wrIdx += sz;
+
+        /* if at the end of the buffer and space for wrap around then set
+         * write index back to 0 */
+        if (bio->wrIdx == bio->wrSz && bio->rdIdx > 0) {
+            bio->wrIdx = 0;
+        }
+    }
+
+    return sz;
+}
+
+
+/* Reset BIO to initial state */
+int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_reset");
+
+    if (bio == NULL) {
+        WOLFSSL_MSG("NULL argument passed in");
+        /* -1 is consistent failure even for FILE type */
+        return WOLFSSL_BIO_ERROR;
+    }
+
+    switch (bio->type) {
+        #ifndef NO_FILESYSTEM
+        case BIO_FILE:
+            XREWIND(bio->file);
+            return 0;
+        #endif
+
+        case BIO_BIO:
+            bio->rdIdx = 0;
+            bio->wrIdx = 0;
+            return 0;
+
+        default:
+            WOLFSSL_MSG("Unknown BIO type needs added to reset function");
+    }
+
+    return WOLFSSL_BIO_ERROR;
+}
+
+#ifndef NO_FILESYSTEM
+long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_set_fp");
+
+    if (bio == NULL || fp == NULL) {
+        WOLFSSL_LEAVE("wolfSSL_BIO_set_fp", BAD_FUNC_ARG);
+        return SSL_FAILURE;
+    }
+
+    if (bio->type != BIO_FILE) {
+        return SSL_FAILURE;
+    }
+
+    bio->close = (byte)c;
+    bio->file  = fp;
+
+    return SSL_SUCCESS;
+}
+
+
+long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_get_fp");
+
+    if (bio == NULL || fp == NULL) {
+        return SSL_FAILURE;
+    }
+
+    if (bio->type != BIO_FILE) {
+        return SSL_FAILURE;
+    }
+
+    *fp = bio->file;
+
+    return SSL_SUCCESS;
+}
+
+/* overwrites file */
+int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name)
+{
+    WOLFSSL_ENTER("wolfSSL_BIO_write_filename");
+
+    if (bio == NULL || name == NULL) {
+        return SSL_FAILURE;
+    }
+
+    if (bio->type == BIO_FILE) {
+        if (bio->file != NULL && bio->close == BIO_CLOSE) {
+            XFCLOSE(bio->file);
+        }
+
+        bio->file = XFOPEN(name, "w");
+        if (bio->file == NULL) {
+            return SSL_FAILURE;
+        }
+        bio->close = BIO_CLOSE;
+
+        return SSL_SUCCESS;
+    }
+
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs)
+{
+      WOLFSSL_ENTER("wolfSSL_BIO_seek");
+
+      if (bio == NULL) {
+          return -1;
+      }
+
+      /* offset ofs from begining of file */
+      if (bio->type == BIO_FILE && XFSEEK(bio->file, ofs, SEEK_SET) < 0) {
+          return -1;
+      }
+
+      return 0;
+}
+#endif /* NO_FILESYSTEM */
+
+
+long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v)
+{
+      WOLFSSL_ENTER("wolfSSL_BIO_set_mem_eof_return");
+
+      if (bio != NULL) {
+        bio->eof = v;
+      }
+
+      return 0;
+}

src/crl.c

@@ -34,16 +34,15 @@
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
 
-#ifndef NO_FILESYSTEM
-    #include <dirent.h>
-    #include <sys/stat.h>
-#endif
-
 #include <string.h>
 
 #ifdef HAVE_CRL_MONITOR
-    static int StopMonitor(int mfd);
-#endif
+    #if (defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__))
+        static int StopMonitor(int mfd);
+    #else
+        #error "CRL monitor only currently supported on linux or mach"
+    #endif
+#endif /* HAVE_CRL_MONITOR */
 
 
 /* Initialize CRL members */
@@ -150,15 +149,12 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
 }
 
 
-/* Is the cert ok with CRL, return 0 on success */
-int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
+static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntry)
 {
     CRL_Entry* crle;
     int        foundEntry = 0;
     int        ret = 0;
 
-    WOLFSSL_ENTER("CheckCertCRL");
-
     if (wc_LockMutex(&crl->crlLock) != 0) {
         WOLFSSL_MSG("wc_LockMutex failed");
         return BAD_MUTEX_E;
@@ -178,13 +174,17 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
                     doNextDate = 0;  /* skip */
             #endif
 
-            if (doNextDate && !ValidateDate(crle->nextDate,
-                                            crle->nextDateFormat, AFTER)) {
-                WOLFSSL_MSG("CRL next date is no longer valid");
-                ret = ASN_AFTER_DATE_E;
+            if (doNextDate) {
+            #ifndef NO_ASN_TIME
+                if (!ValidateDate(crle->nextDate,crle->nextDateFormat, AFTER)) {
+                    WOLFSSL_MSG("CRL next date is no longer valid");
+                    ret = ASN_AFTER_DATE_E;
+                }
+            #endif
             }
-            else
+            if (ret == 0) {
                 foundEntry = 1;
+            }
             break;
         }
         crle = crle->next;
@@ -205,9 +205,39 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
 
     wc_UnLockMutex(&crl->crlLock);
 
+    *pFoundEntry = foundEntry;
+
+    return ret;
+}
+
+/* Is the cert ok with CRL, return 0 on success */
+int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
+{
+    int        foundEntry = 0;
+    int        ret = 0;
+
+    WOLFSSL_ENTER("CheckCertCRL");
+
+    ret = CheckCertCRLList(crl, cert, &foundEntry);
+
+#ifdef HAVE_CRL_IO
+    if (foundEntry == 0) {
+        /* perform embedded lookup */
+        if (crl->crlIOCb) {
+            ret = crl->crlIOCb(crl, (const char*)cert->extCrlInfo,
+                                                        cert->extCrlInfoSz);
+            if (ret >= 0) {
+                /* try again */
+                ret = CheckCertCRLList(crl, cert, &foundEntry);
+            }
+        }
+    }
+#endif
+
     if (foundEntry == 0) {
         WOLFSSL_MSG("Couldn't find CRL for status check");
         ret = CRL_MISSING;
+
         if (crl->cm->cbMissingCRL) {
             char url[256];
 
@@ -220,11 +250,11 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
             else  {
                 WOLFSSL_MSG("CRL url too long");
             }
+
             crl->cm->cbMissingCRL(url);
         }
     }
 
-
     return ret;
 }
 
@@ -718,11 +748,6 @@ static void* DoMonitor(void* arg)
     return NULL;
 }
 
-
-#else
-
-#error "CRL monitor only currently supported on linux or mach"
-
 #endif /* MACH or linux */
 
 
@@ -791,74 +816,61 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl)
 
 #endif  /* HAVE_CRL_MONITOR */
 
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
 
 /* Load CRL path files of type, SSL_SUCCESS on ok */
 int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
 {
-    struct dirent* entry;
-    DIR*           dir;
-    int            ret = SSL_SUCCESS;
+    int         ret = SSL_SUCCESS;
+    char*       name = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    char*          name;
+    ReadDirCtx* readCtx = NULL;
 #else
-    char           name[MAX_FILENAME_SZ];
+    ReadDirCtx  readCtx[1];
 #endif
 
     WOLFSSL_ENTER("LoadCRL");
     if (crl == NULL)
         return BAD_FUNC_ARG;
 
-    dir = opendir(path);
-    if (dir == NULL) {
-        WOLFSSL_MSG("opendir path crl load failed");
-        return BAD_PATH_ERROR;
-    }
-
 #ifdef WOLFSSL_SMALL_STACK
-    name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (name == NULL)
+    readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), crl->heap,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+    if (readCtx == NULL)
         return MEMORY_E;
 #endif
 
-    while ( (entry = readdir(dir)) != NULL) {
-        struct stat s;
-
-        XMEMSET(name, 0, MAX_FILENAME_SZ);
-        XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
-        XSTRNCAT(name, "/", 1);
-        XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
-
-        if (stat(name, &s) != 0) {
-            WOLFSSL_MSG("stat on name failed");
-            continue;
-        }
-        if (s.st_mode & S_IFREG) {
-
-            if (type == SSL_FILETYPE_PEM) {
-                if (XSTRSTR(entry->d_name, ".pem") == NULL) {
-                    WOLFSSL_MSG("not .pem file, skipping");
-                    continue;
-                }
-            }
-            else {
-                if (XSTRSTR(entry->d_name, ".der") == NULL &&
-                    XSTRSTR(entry->d_name, ".crl") == NULL) {
-
-                    WOLFSSL_MSG("not .der or .crl file, skipping");
-                    continue;
-                }
-            }
-
-            if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
-                                                               != SSL_SUCCESS) {
-                WOLFSSL_MSG("CRL file load failed, continuing");
+    /* try to load each regular file in path */
+    ret = wc_ReadDirFirst(readCtx, path, &name);
+    while (ret == 0 && name) {
+        int skip = 0;
+        if (type == SSL_FILETYPE_PEM) {
+            if (XSTRSTR(name, ".pem") == NULL) {
+                WOLFSSL_MSG("not .pem file, skipping");
+                skip = 1;
             }
         }
+        else {
+            if (XSTRSTR(name, ".der") == NULL &&
+                XSTRSTR(name, ".crl") == NULL)
+            {
+                WOLFSSL_MSG("not .der or .crl file, skipping");
+                skip = 1;
+            }
+        }
+
+        if (!skip && ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
+                                                           != SSL_SUCCESS) {
+            WOLFSSL_MSG("CRL file load failed, continuing");
+        }
+
+        ret = wc_ReadDirNext(readCtx, path, &name);
     }
+    wc_ReadDirClose(readCtx);
+    ret = SSL_SUCCESS; /* load failures not reported, for backwards compat */
 
 #ifdef WOLFSSL_SMALL_STACK
-    XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     if (monitor & WOLFSSL_CRL_MONITOR) {
@@ -874,9 +886,19 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
             pathBuf[pathLen] = '\0'; /* Null Terminate */
 
             if (type == SSL_FILETYPE_PEM) {
+                /* free old path before setting a new one */
+                if (crl->monitors[0].path) {
+                    XFREE(crl->monitors[0].path, crl->heap,
+                            DYNAMIC_TYPE_CRL_MONITOR);
+                }
                 crl->monitors[0].path = pathBuf;
                 crl->monitors[0].type = SSL_FILETYPE_PEM;
             } else {
+                /* free old path before setting a new one */
+                if (crl->monitors[1].path) {
+                    XFREE(crl->monitors[1].path, crl->heap,
+                            DYNAMIC_TYPE_CRL_MONITOR);
+                }
                 crl->monitors[1].path = pathBuf;
                 crl->monitors[1].type = SSL_FILETYPE_ASN1;
             }
@@ -892,12 +914,21 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
         }
     }
 
-    closedir(dir);
-
     return ret;
 }
 
-#endif /* NO_FILESYSTEM */
+#else
+int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
+{
+	(void)crl;
+	(void)path;
+	(void)type;
+	(void)monitor;
+
+    /* stub for scenario where file system is not supported */
+    return NOT_COMPILED_IN;
+}
+#endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
 
 #endif /* HAVE_CRL */
 #endif /* !WOLFCRYPT_ONLY */

src/include.am

@@ -120,7 +120,8 @@ src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/wc_encrypt.c \
                wolfcrypt/src/wc_port.c \
                wolfcrypt/src/error.c \
-               wolfcrypt/src/signature.c
+               wolfcrypt/src/signature.c \
+               wolfcrypt/src/wolfmath.c
 
 if BUILD_MEMORY
 src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c

src/keys.c

@@ -1053,7 +1053,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
         return UNSUPPORTED_SUITE;
     }   /* switch */
     }   /* if     */
-    if (ssl->options.cipherSuite0 != ECC_BYTE && 
+    if (ssl->options.cipherSuite0 != ECC_BYTE &&
             ssl->options.cipherSuite0 != CHACHA_BYTE) {   /* normal suites */
     switch (ssl->options.cipherSuite) {
 
@@ -1653,7 +1653,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
 
         break;
 #endif
-            
+
 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
         case TLS_RSA_WITH_HC_128_SHA :
             ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
@@ -1667,7 +1667,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
             ssl->specs.key_size              = HC_128_KEY_SIZE;
             ssl->specs.block_size            = 0;
             ssl->specs.iv_size               = HC_128_IV_SIZE;
-            
+
             break;
 #endif
 
@@ -1684,7 +1684,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
             ssl->specs.key_size              = HC_128_KEY_SIZE;
             ssl->specs.block_size            = 0;
             ssl->specs.iv_size               = HC_128_IV_SIZE;
-            
+
             break;
 #endif
 
@@ -1701,7 +1701,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
             ssl->specs.key_size              = AES_128_KEY_SIZE;
             ssl->specs.iv_size               = AES_IV_SIZE;
             ssl->specs.block_size            = AES_BLOCK_SIZE;
-            
+
             break;
 #endif
 
@@ -1718,7 +1718,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
             ssl->specs.key_size              = AES_256_KEY_SIZE;
             ssl->specs.iv_size               = AES_IV_SIZE;
             ssl->specs.block_size            = AES_BLOCK_SIZE;
-            
+
             break;
 #endif
 
@@ -1827,7 +1827,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
 
         break;
 #endif
-    
+
 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
     case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
         ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
@@ -1978,7 +1978,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
             ssl->specs.key_size              = IDEA_KEY_SIZE;
             ssl->specs.block_size            = IDEA_BLOCK_SIZE;
             ssl->specs.iv_size               = IDEA_IV_SIZE;
-            
+
             break;
 #endif
 
@@ -2049,7 +2049,7 @@ static int SetPrefix(byte* sha_input, int idx)
         break;
     default:
         WOLFSSL_MSG("Set Prefix error, bad input");
-        return 0; 
+        return 0;
     }
     return 1;
 }
@@ -2070,22 +2070,20 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
             dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
         if (dec && dec->arc4 == NULL)
             return MEMORY_E;
-#ifdef WOLFSSL_ASYNC_CRYPT
-        if (devId != INVALID_DEVID) {
-            if (enc) {
-                if (wc_Arc4AsyncInit(enc->arc4, devId) != 0) {
-                    WOLFSSL_MSG("Arc4AsyncInit failed in SetKeys");
-                    return ASYNC_INIT_E;
-                }
-            }
-            if (dec) {
-                if (wc_Arc4AsyncInit(dec->arc4, devId) != 0) {
-                    WOLFSSL_MSG("Arc4AsyncInit failed in SetKeys");
-                    return ASYNC_INIT_E;
-                }
+
+        if (enc) {
+            if (wc_Arc4Init(enc->arc4, heap, devId) != 0) {
+                WOLFSSL_MSG("Arc4Init failed in SetKeys");
+                return ASYNC_INIT_E;
             }
         }
-#endif
+        if (dec) {
+            if (wc_Arc4Init(dec->arc4, heap, devId) != 0) {
+                WOLFSSL_MSG("Arc4Init failed in SetKeys");
+                return ASYNC_INIT_E;
+            }
+        }
+
         if (side == WOLFSSL_CLIENT_END) {
             if (enc)
                 wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz);
@@ -2103,9 +2101,9 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
+#endif /* BUILD_ARC4 */
+
 
-    
 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
     /* Check that the max implicit iv size is suffecient */
     #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
@@ -2165,7 +2163,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
+#endif /* HAVE_CHACHA && HAVE_POLY1305 */
+
 
 #ifdef HAVE_HC128
     /* check that buffer sizes are sufficient */
@@ -2214,8 +2213,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
-    
+#endif /* HAVE_HC128 */
+
 #ifdef BUILD_RABBIT
     /* check that buffer sizes are sufficient */
     #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */
@@ -2263,8 +2262,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
-    
+#endif /* BUILD_RABBIT */
+
 #ifdef BUILD_DES3
     /* check that buffer sizes are sufficient */
     #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
@@ -2274,30 +2273,34 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
     if (specs->bulk_cipher_algorithm == wolfssl_triple_des) {
         int desRet = 0;
 
-        if (enc && enc->des3 == NULL)
-            enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
-        if (enc && enc->des3 == NULL)
-            return MEMORY_E;
-        if (dec && dec->des3 == NULL)
-            dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
-        if (dec && dec->des3 == NULL)
-            return MEMORY_E;
-#ifdef WOLFSSL_ASYNC_CRYPT
-        if (devId != INVALID_DEVID) {
-            if (enc) {
-                if (wc_Des3AsyncInit(enc->des3, devId) != 0) {
-                    WOLFSSL_MSG("Des3AsyncInit failed in SetKeys");
-                    return ASYNC_INIT_E;
-                }
-            }
-            if (dec) {
-                if (wc_Des3AsyncInit(dec->des3, devId) != 0) {
-                    WOLFSSL_MSG("Des3AsyncInit failed in SetKeys");
-                    return ASYNC_INIT_E;
-                }
+        if (enc) {
+            if (enc->des3 == NULL)
+                enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
+            if (enc->des3 == NULL)
+                return MEMORY_E;
+            XMEMSET(enc->des3, 0, sizeof(Des3));
+        }
+        if (dec) {
+            if (dec->des3 == NULL)
+                dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
+            if (dec->des3 == NULL)
+                return MEMORY_E;
+            XMEMSET(dec->des3, 0, sizeof(Des3));
+        }
+
+        if (enc) {
+            if (wc_Des3Init(enc->des3, heap, devId) != 0) {
+                WOLFSSL_MSG("Des3Init failed in SetKeys");
+                return ASYNC_INIT_E;
             }
         }
-#endif
+        if (dec) {
+            if (wc_Des3Init(dec->des3, heap, devId) != 0) {
+                WOLFSSL_MSG("Des3Init failed in SetKeys");
+                return ASYNC_INIT_E;
+            }
+        }
+
         if (side == WOLFSSL_CLIENT_END) {
             if (enc) {
                 desRet = wc_Des3_SetKey(enc->des3, keys->client_write_key,
@@ -2327,7 +2330,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
+#endif /* BUILD_DES3 */
 
 #ifdef BUILD_AES
     /* check that buffer sizes are sufficient */
@@ -2338,30 +2341,33 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
     if (specs->bulk_cipher_algorithm == wolfssl_aes) {
         int aesRet = 0;
 
-        if (enc && enc->aes == NULL)
-            enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
-        if (enc && enc->aes == NULL)
-            return MEMORY_E;
-        if (dec && dec->aes == NULL)
-            dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
-        if (dec && dec->aes == NULL)
-            return MEMORY_E;
-#ifdef WOLFSSL_ASYNC_CRYPT
-        if (devId != INVALID_DEVID) {
-            if (enc) {
-                if (wc_AesAsyncInit(enc->aes, devId) != 0) {
-                    WOLFSSL_MSG("AesAsyncInit failed in SetKeys");
-                    return ASYNC_INIT_E;
-                }
-            }
-            if (dec) {
-                if (wc_AesAsyncInit(dec->aes, devId) != 0) {
-                    WOLFSSL_MSG("AesAsyncInit failed in SetKeys");
-                    return ASYNC_INIT_E;
-                }
+        if (enc) {
+            if (enc->aes == NULL)
+                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+            if (enc->aes == NULL)
+                return MEMORY_E;
+            XMEMSET(enc->aes, 0, sizeof(Aes));
+        }
+        if (dec) {
+            if (dec->aes == NULL)
+                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+            if (dec->aes == NULL)
+                return MEMORY_E;
+            XMEMSET(dec->aes, 0, sizeof(Aes));
+        }
+        if (enc) {
+            if (wc_AesInit(enc->aes, heap, devId) != 0) {
+                WOLFSSL_MSG("AesInit failed in SetKeys");
+                return ASYNC_INIT_E;
             }
         }
-#endif
+        if (dec) {
+            if (wc_AesInit(dec->aes, heap, devId) != 0) {
+                WOLFSSL_MSG("AesInit failed in SetKeys");
+                return ASYNC_INIT_E;
+            }
+        }
+
         if (side == WOLFSSL_CLIENT_END) {
             if (enc) {
                 aesRet = wc_AesSetKey(enc->aes, keys->client_write_key,
@@ -2395,7 +2401,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
+#endif /* BUILD_AES */
 
 #ifdef BUILD_AESGCM
     /* check that buffer sizes are sufficient */
@@ -2412,14 +2418,33 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
     if (specs->bulk_cipher_algorithm == wolfssl_aes_gcm) {
         int gcmRet;
 
-        if (enc && enc->aes == NULL)
-            enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
-        if (enc && enc->aes == NULL)
-            return MEMORY_E;
-        if (dec && dec->aes == NULL)
-            dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
-        if (dec && dec->aes == NULL)
-            return MEMORY_E;
+        if (enc) {
+            if (enc->aes == NULL)
+                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+            if (enc->aes == NULL)
+                return MEMORY_E;
+            XMEMSET(enc->aes, 0, sizeof(Aes));
+        }
+        if (dec) {
+            if (dec->aes == NULL)
+                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+            if (dec->aes == NULL)
+                return MEMORY_E;
+            XMEMSET(dec->aes, 0, sizeof(Aes));
+        }
+
+        if (enc) {
+            if (wc_AesInit(enc->aes, heap, devId) != 0) {
+                WOLFSSL_MSG("AesInit failed in SetKeys");
+                return ASYNC_INIT_E;
+            }
+        }
+        if (dec) {
+            if (wc_AesInit(dec->aes, heap, devId) != 0) {
+                WOLFSSL_MSG("AesInit failed in SetKeys");
+                return ASYNC_INIT_E;
+            }
+        }
 
         if (side == WOLFSSL_CLIENT_END) {
             if (enc) {
@@ -2458,7 +2483,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
+#endif /* BUILD_AESGCM */
 
 #ifdef HAVE_AESCCM
     /* check that buffer sizes are sufficient (CCM is same size as GCM) */
@@ -2475,14 +2500,33 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
     if (specs->bulk_cipher_algorithm == wolfssl_aes_ccm) {
         int CcmRet;
 
-        if (enc && enc->aes == NULL)
-            enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
-        if (enc && enc->aes == NULL)
-            return MEMORY_E;
-        if (dec && dec->aes == NULL)
-            dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
-        if (dec && dec->aes == NULL)
-            return MEMORY_E;
+        if (enc) {
+            if (enc->aes == NULL)
+                enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+            if (enc->aes == NULL)
+                return MEMORY_E;
+            XMEMSET(enc->aes, 0, sizeof(Aes));
+        }
+        if (dec) {
+            if (dec->aes == NULL)
+                dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
+            if (dec->aes == NULL)
+                return MEMORY_E;
+            XMEMSET(dec->aes, 0, sizeof(Aes));
+        }
+
+        if (enc) {
+            if (wc_AesInit(enc->aes, heap, devId) != 0) {
+                WOLFSSL_MSG("AesInit failed in SetKeys");
+                return ASYNC_INIT_E;
+            }
+        }
+        if (dec) {
+            if (wc_AesInit(dec->aes, heap, devId) != 0) {
+                WOLFSSL_MSG("AesInit failed in SetKeys");
+                return ASYNC_INIT_E;
+            }
+        }
 
         if (side == WOLFSSL_CLIENT_END) {
             if (enc) {
@@ -2529,7 +2573,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
+#endif /* HAVE_AESCCM */
 
 #ifdef HAVE_CAMELLIA
     /* check that buffer sizes are sufficient */
@@ -2581,7 +2625,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
+#endif /* HAVE_CAMELLIA */
 
 #ifdef HAVE_IDEA
     /* check that buffer sizes are sufficient */
@@ -2635,7 +2679,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
         if (dec)
             dec->setup = 1;
     }
-#endif
+#endif /* HAVE_IDEA */
 
 #ifdef HAVE_NULL_CIPHER
     if (specs->bulk_cipher_algorithm == wolfssl_cipher_null) {
@@ -2681,6 +2725,7 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
         if (authentication)
             authentication->setup = 1;
 #endif
+        (void)authentication;
         (void)heap;
         (void)keys;
         (void)specs;
@@ -2690,6 +2735,40 @@ static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
 }
 #endif /* HAVE_ONE_TIME_AUTH */
 
+#ifdef HAVE_SECURE_RENEGOTIATION
+/* function name is for cache_status++
+ * This function was added because of error incrementing enum type when
+ * compiling with a C++ compiler.
+ */
+static void CacheStatusPP(SecureRenegotiation* cache)
+{
+    switch (cache->cache_status) {
+        case SCR_CACHE_NULL:
+            cache->cache_status = SCR_CACHE_NEEDED;
+            break;
+
+        case SCR_CACHE_NEEDED:
+            cache->cache_status = SCR_CACHE_COPY;
+            break;
+
+        case SCR_CACHE_COPY:
+            cache->cache_status = SCR_CACHE_PARTIAL;
+            break;
+
+        case SCR_CACHE_PARTIAL:
+            cache->cache_status = SCR_CACHE_COMPLETE;
+            break;
+
+        case SCR_CACHE_COMPLETE:
+            WOLFSSL_MSG("SCR Cache state Complete");
+            break;
+
+        default:
+            WOLFSSL_MSG("Unknown cache state!!");
+    }
+}
+#endif /* HAVE_SECURE_RENEGOTIATION */
+
 
 /* Set wc_encrypt/wc_decrypt or both sides of key setup
  * note: use wc_encrypt to avoid shadowing global encrypt
@@ -2804,7 +2883,7 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
                 }
             #endif
         }
-        ssl->secure_renegotiation->cache_status++;
+        CacheStatusPP(ssl->secure_renegotiation);
     }
 #endif /* HAVE_SECURE_RENEGOTIATION */
 
@@ -2822,7 +2901,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData)
     if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==
                                                             SCR_CACHE_NEEDED) {
         keys = &ssl->secure_renegotiation->tmp_keys;
-        ssl->secure_renegotiation->cache_status++;
+        CacheStatusPP(ssl->secure_renegotiation);
     }
 #endif /* HAVE_SECURE_RENEGOTIATION */
 
@@ -2857,12 +2936,12 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData)
 #ifndef NO_OLD_TLS
 int DeriveKeys(WOLFSSL* ssl)
 {
-    int    length = 2 * ssl->specs.hash_size + 
+    int    length = 2 * ssl->specs.hash_size +
                     2 * ssl->specs.key_size  +
                     2 * ssl->specs.iv_size;
     int    rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
     int    ret = 0;
-    
+
 #ifdef WOLFSSL_SMALL_STACK
     byte*  shaOutput;
     byte*  md5Input;
@@ -2878,9 +2957,9 @@ int DeriveKeys(WOLFSSL* ssl)
     Md5    md5[1];
     Sha    sha[1];
 #endif
-    
+
 #ifdef WOLFSSL_SMALL_STACK
-    shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, 
+    shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
                                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
     md5Input  = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE,
                                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2890,7 +2969,7 @@ int DeriveKeys(WOLFSSL* ssl)
                                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
     md5       =  (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     sha       =  (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
         keyData   == NULL || md5      == NULL || sha      == NULL) {
         if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2899,7 +2978,7 @@ int DeriveKeys(WOLFSSL* ssl)
         if (keyData)   XFREE(keyData,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        
+
         return MEMORY_E;
     }
 #endif
@@ -3010,7 +3089,7 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
                                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
     md5       =  (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     sha       =  (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    
+
     if (shaOutput == NULL || md5Input == NULL || shaInput == NULL ||
                              md5      == NULL || sha      == NULL) {
         if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3018,15 +3097,15 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
         if (shaInput)  XFREE(shaInput,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (md5)       XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (sha)       XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        
+
         return MEMORY_E;
     }
 #endif
 
     wc_InitMd5(md5);
-    
+
     ret = wc_InitSha(sha);
-    
+
     if (ret == 0) {
         XMEMCPY(md5Input, ssl->arrays->preMasterSecret, pmsSz);
 

src/ocsp.c

@@ -110,9 +110,9 @@ void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
 }
 
 
-static int xstat2err(int stat)
+static int xstat2err(int st)
 {
-    switch (stat) {
+    switch (st) {
         case CERT_GOOD:
             return 0;
         case CERT_REVOKED:
@@ -219,9 +219,11 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
         ret = OCSP_INVALID_STATUS;
     }
     else if (*status) {
+#ifndef NO_ASN_TIME
         if (ValidateDate((*status)->thisDate, (*status)->thisDateFormat, BEFORE)
         &&  ((*status)->nextDate[0] != 0)
         &&  ValidateDate((*status)->nextDate, (*status)->nextDateFormat, AFTER))
+#endif
         {
             ret = xstat2err((*status)->status);
 
@@ -244,6 +246,134 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
     return ret;
 }
 
+/* Check that the response for validity. Store result in status.
+ *
+ * ocsp           Context object for OCSP status.
+ * response       OCSP response message data.
+ * responseSz     Length of OCSP response message data.
+ * reponseBuffer  Buffer object to return the response with.
+ * status         The certificate status object.
+ * entry          The OCSP entry for this certificate.
+ * returns OCSP_LOOKUP_FAIL when the response is bad and 0 otherwise.
+ */
+static int CheckResponse(WOLFSSL_OCSP* ocsp, byte* response, int responseSz,
+                         buffer* responseBuffer, CertStatus* status,
+                         OcspEntry* entry, OcspRequest* ocspRequest)
+{
+#ifdef WOLFSSL_SMALL_STACK
+    CertStatus*   newStatus;
+    OcspResponse* ocspResponse;
+#else
+    CertStatus    newStatus[1];
+    OcspResponse  ocspResponse[1];
+#endif
+    int           ret;
+    int           validated      = 0;    /* ocsp validation flag */
+
+#ifdef WOLFSSL_SMALL_STACK
+    newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+    ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (newStatus == NULL || ocspResponse == NULL) {
+        if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+        WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
+        return MEMORY_E;
+    }
+#endif
+    XMEMSET(newStatus, 0, sizeof(CertStatus));
+
+    InitOcspResponse(ocspResponse, newStatus, response, responseSz);
+    ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0);
+    if (ret != 0) {
+        WOLFSSL_MSG("OcspResponseDecode failed");
+        goto end;
+    }
+
+    if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) {
+        WOLFSSL_MSG("OcspResponse status bad");
+        goto end;
+    }
+    if (ocspRequest != NULL) {
+        ret = CompareOcspReqResp(ocspRequest, ocspResponse);
+        if (ret != 0) {
+            goto end;
+        }
+    }
+
+    if (responseBuffer) {
+        responseBuffer->buffer = (byte*)XMALLOC(responseSz, ocsp->cm->heap,
+                                                DYNAMIC_TYPE_TMP_BUFFER);
+
+        if (responseBuffer->buffer) {
+            responseBuffer->length = responseSz;
+            XMEMCPY(responseBuffer->buffer, response, responseSz);
+        }
+    }
+
+    ret = xstat2err(ocspResponse->status->status);
+    if (ret == 0) {
+        validated = 1;
+    }
+
+    if (wc_LockMutex(&ocsp->ocspLock) != 0) {
+        ret = BAD_MUTEX_E;
+        goto end;
+    }
+
+    if (status != NULL) {
+        if (status->rawOcspResponse) {
+            XFREE(status->rawOcspResponse, ocsp->cm->heap,
+                  DYNAMIC_TYPE_OCSP_STATUS);
+        }
+
+        /* Replace existing certificate entry with updated */
+        XMEMCPY(status, newStatus, sizeof(CertStatus));
+    }
+    else {
+        /* Save new certificate entry */
+        status = (CertStatus*)XMALLOC(sizeof(CertStatus),
+                                      ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
+        if (status != NULL) {
+            XMEMCPY(status, newStatus, sizeof(CertStatus));
+            status->next  = entry->status;
+            entry->status = status;
+            entry->totalStatus++;
+        }
+    }
+
+    if (status && responseBuffer && responseBuffer->buffer) {
+        status->rawOcspResponse = (byte*)XMALLOC(responseBuffer->length,
+                                                 ocsp->cm->heap,
+                                                 DYNAMIC_TYPE_OCSP_STATUS);
+
+        if (status->rawOcspResponse) {
+            status->rawOcspResponseSz = responseBuffer->length;
+            XMEMCPY(status->rawOcspResponse, responseBuffer->buffer,
+                    responseBuffer->length);
+        }
+    }
+
+    wc_UnLockMutex(&ocsp->ocspLock);
+
+end:
+    if (ret == 0 && validated == 1) {
+        WOLFSSL_MSG("New OcspResponse validated");
+    } else if (ret != OCSP_CERT_REVOKED) {
+        ret = OCSP_LOOKUP_FAIL;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(newStatus,    NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return ret;
+}
+
+/* 0 on success */
 int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
                                                       buffer* responseBuffer)
 {
@@ -251,19 +381,12 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
     CertStatus* status         = NULL;
     byte*       request        = NULL;
     int         requestSz      = 2048;
+    int         responseSz     = 0;
     byte*       response       = NULL;
     const char* url            = NULL;
     int         urlSz          = 0;
     int         ret            = -1;
 
-#ifdef WOLFSSL_SMALL_STACK
-    CertStatus* newStatus;
-    OcspResponse* ocspResponse;
-#else
-    CertStatus newStatus[1];
-    OcspResponse ocspResponse[1];
-#endif
-
     WOLFSSL_ENTER("CheckOcspRequest");
 
     if (responseBuffer) {
@@ -279,6 +402,22 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
     if (ret != OCSP_INVALID_STATUS)
         return ret;
 
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+    if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) {
+        ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx);
+        if (ret == 0) {
+            ret = wolfSSL_get_ocsp_response((WOLFSSL*)ocspRequest->ssl,
+                                            &response);
+            ret = CheckResponse(ocsp, response, ret, responseBuffer, status,
+                                entry, NULL);
+            if (response != NULL)
+                XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
+            return ret;
+        }
+        return OCSP_LOOKUP_FAIL;
+    }
+#endif
+
     if (ocsp->cm->ocspUseOverrideURL) {
         url = ocsp->cm->ocspOverrideURL;
         if (url != NULL && url[0] != '\0')
@@ -301,102 +440,18 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
         return MEMORY_ERROR;
     }
 
-#ifdef WOLFSSL_SMALL_STACK
-    newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-    ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (newStatus == NULL || ocspResponse == NULL) {
-        if (newStatus)    XFREE(newStatus,    NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-        XFREE(request, NULL, DYNAMIC_TYPE_OCSP);
-
-        WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
-        return MEMORY_E;
-    }
-#endif
-
     requestSz = EncodeOcspRequest(ocspRequest, request, requestSz);
-
-    if (ocsp->cm->ocspIOCb)
-        ret = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
-                                                 request, requestSz, &response);
-
-    if (ret >= 0 && response) {
-        XMEMSET(newStatus, 0, sizeof(CertStatus));
-
-        InitOcspResponse(ocspResponse, newStatus, response, ret);
-        OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap);
-
-        if (ocspResponse->responseStatus != OCSP_SUCCESSFUL)
-            ret = OCSP_LOOKUP_FAIL;
-        else {
-            if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
-                if (responseBuffer) {
-                    responseBuffer->buffer = (byte*)XMALLOC(ret, ocsp->cm->heap,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-
-                    if (responseBuffer->buffer) {
-                        responseBuffer->length = ret;
-                        XMEMCPY(responseBuffer->buffer, response, ret);
-                    }
-                }
-
-                ret = xstat2err(ocspResponse->status->status);
-
-                if (wc_LockMutex(&ocsp->ocspLock) != 0)
-                    ret = BAD_MUTEX_E;
-                else {
-                    if (status != NULL) {
-                        if (status->rawOcspResponse)
-                            XFREE(status->rawOcspResponse, ocsp->cm->heap,
-                                                      DYNAMIC_TYPE_OCSP_STATUS);
-
-                        /* Replace existing certificate entry with updated */
-                        XMEMCPY(status, newStatus, sizeof(CertStatus));
-                    }
-                    else {
-                        /* Save new certificate entry */
-                        status = (CertStatus*)XMALLOC(sizeof(CertStatus),
-                                      ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
-                        if (status != NULL) {
-                            XMEMCPY(status, newStatus, sizeof(CertStatus));
-                            status->next  = entry->status;
-                            entry->status = status;
-                            entry->totalStatus++;
-                        }
-                    }
-
-                    if (status && responseBuffer && responseBuffer->buffer) {
-                        status->rawOcspResponse = (byte*)XMALLOC(
-                                                   responseBuffer->length,
-                                                   ocsp->cm->heap,
-                                                   DYNAMIC_TYPE_OCSP_STATUS);
-
-                        if (status->rawOcspResponse) {
-                            status->rawOcspResponseSz = responseBuffer->length;
-                            XMEMCPY(status->rawOcspResponse,
-                                    responseBuffer->buffer,
-                                    responseBuffer->length);
-                        }
-                    }
-
-                    wc_UnLockMutex(&ocsp->ocspLock);
-                }
-            }
-            else
-                ret = OCSP_LOOKUP_FAIL;
-        }
+    if (requestSz > 0 && ocsp->cm->ocspIOCb) {
+        responseSz = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
+                                        request, requestSz, &response);
     }
-    else
-        ret = OCSP_LOOKUP_FAIL;
 
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(newStatus,    NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
+    XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
+
+    if (responseSz >= 0 && response) {
+        ret = CheckResponse(ocsp, response, responseSz, responseBuffer, status,
+                            entry, ocspRequest);
+    }
 
     if (response != NULL && ocsp->cm->ocspRespFreeCb)
         ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, response);
@@ -405,6 +460,372 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
     return ret;
 }
 
+#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+
+int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
+    WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
+    WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd,
+    WOLFSSL_ASN1_TIME** nextupd)
+{
+    if (bs == NULL || id == NULL)
+        return SSL_FAILURE;
+
+    /* Only supporting one certificate status in asn.c. */
+    if (CompareOcspReqResp(id, bs) != 0)
+        return SSL_FAILURE;
+
+    if (status != NULL)
+        *status = bs->status->status;
+    if (thisupd != NULL)
+        *thisupd = (WOLFSSL_ASN1_TIME*)bs->status->thisDateAsn;
+    if (nextupd != NULL)
+        *nextupd = (WOLFSSL_ASN1_TIME*)bs->status->nextDateAsn;
+
+    /* TODO: Not needed for Nginx. */
+    if (reason != NULL)
+        *reason = 0;
+    if (revtime != NULL)
+        *revtime = NULL;
+
+    return SSL_SUCCESS;
+}
+
+const char *wolfSSL_OCSP_cert_status_str(long s)
+{
+    switch (s) {
+        case CERT_GOOD:
+            return "good";
+        case CERT_REVOKED:
+            return "revoked";
+        case CERT_UNKNOWN:
+            return "unknown";
+        default:
+            return "(UNKNOWN)";
+    }
+}
+
+int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd,
+    WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec)
+{
+    (void)thisupd;
+    (void)nextupd;
+    (void)sec;
+    (void)maxsec;
+    /* Dates validated in DecodeSingleResponse. */
+    return SSL_SUCCESS;
+}
+
+void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId)
+{
+    FreeOcspRequest(certId);
+    XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
+}
+
+WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
+    const WOLFSSL_EVP_MD *dgst, const WOLFSSL_X509 *subject,
+    const WOLFSSL_X509 *issuer)
+{
+    WOLFSSL_OCSP_CERTID* certId;
+    DecodedCert cert;
+    WOLFSSL_CERT_MANAGER* cm;
+    int ret;
+    DerBuffer* derCert = NULL;
+
+    (void)dgst;
+
+    cm = wolfSSL_CertManagerNew();
+    if (cm == NULL)
+        return NULL;
+
+    ret = AllocDer(&derCert, issuer->derCert->length,
+        issuer->derCert->type, NULL);
+    if (ret == 0) {
+        /* AddCA() frees the buffer. */
+        XMEMCPY(derCert->buffer, issuer->derCert->buffer,
+                issuer->derCert->length);
+        AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
+    }
+
+    certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
+                                           DYNAMIC_TYPE_OPENSSL);
+    if (certId != NULL) {
+        InitDecodedCert(&cert, subject->derCert->buffer,
+                        subject->derCert->length, NULL);
+        if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
+            XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
+            certId = NULL;
+        }
+        else {
+            ret = InitOcspRequest(certId, &cert, 0, NULL);
+            if (ret != 0) {
+                XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
+                certId = NULL;
+            }
+        }
+        FreeDecodedCert(&cert);
+    }
+
+    wolfSSL_CertManagerFree(cm);
+
+    return certId;
+}
+
+void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse)
+{
+    wolfSSL_OCSP_RESPONSE_free(basicResponse);
+}
+
+/* Signature verified in DecodeBasicOcspResponse.
+ * But no store available to verify certificate. */
+int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
+    STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags)
+{
+    DecodedCert cert;
+    int         ret = SSL_SUCCESS;
+
+    (void)certs;
+
+    if (flags & OCSP_NOVERIFY)
+        return SSL_SUCCESS;
+
+    InitDecodedCert(&cert, bs->cert, bs->certSz, NULL);
+    if (ParseCertRelative(&cert, CERT_TYPE, VERIFY, st->cm) < 0)
+        ret = SSL_FAILURE;
+    FreeDecodedCert(&cert);
+
+    return ret;
+}
+
+void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response)
+{
+    if (response->status != NULL)
+        XFREE(response->status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (response->source != NULL)
+        XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
+}
+
+OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
+    OcspResponse** response)
+{
+    byte*         data;
+    byte*         p;
+    int           len;
+    int           dataAlloced = 0;
+    OcspResponse* ret = NULL;
+
+    if (bio == NULL)
+        return NULL;
+
+    if (bio->type == BIO_MEMORY) {
+        len = wolfSSL_BIO_get_mem_data(bio, &data);
+        if (len <= 0 || data == NULL) {
+            return NULL;
+        }
+    }
+    else if (bio->type == BIO_FILE) {
+        long i;
+        long l;
+
+        i = XFTELL(bio->file);
+        if (i < 0)
+            return NULL;
+        XFSEEK(bio->file, 0, SEEK_END);
+        l = XFTELL(bio->file);
+        if (l < 0)
+            return NULL;
+        XFSEEK(bio->file, i, SEEK_SET);
+
+        /* check calulated length */
+        if (l - i <= 0)
+            return NULL;
+
+        data = (byte*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
+        if (data == NULL)
+            return NULL;
+        dataAlloced = 1;
+
+        len = wolfSSL_BIO_read(bio, (char *)data, (int)l);
+    }
+    else
+        return NULL;
+
+    if (len > 0) {
+        p = data;
+        ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
+    }
+
+    if (dataAlloced)
+        XFREE(data, 0, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return ret;
+}
+
+OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
+    const unsigned char** data, int len)
+{
+    OcspResponse *resp = NULL;
+    word32 idx = 0;
+    int length = 0;
+
+    if (data == NULL)
+        return NULL;
+
+    if (response != NULL)
+        resp = *response;
+    if (resp == NULL) {
+        resp = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
+                                      DYNAMIC_TYPE_OPENSSL);
+        if (resp == NULL)
+            return NULL;
+        XMEMSET(resp, 0, sizeof(OcspResponse));
+    }
+
+    resp->source = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (resp->source == NULL) {
+        XFREE(resp, NULL, DYNAMIC_TYPE_OPENSSL);
+        return NULL;
+    }
+    resp->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+    if (resp->status == NULL) {
+        XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(resp, NULL, DYNAMIC_TYPE_OPENSSL);
+        return NULL;
+    }
+
+    XMEMCPY(resp->source, *data, len);
+    resp->maxIdx = len;
+
+    if (OcspResponseDecode(resp, NULL, NULL, 1) != 0) {
+        wolfSSL_OCSP_RESPONSE_free(resp);
+        return NULL;
+    }
+
+    if (GetSequence(*data, &idx, &length, len) >= 0)
+        (*data) += idx + length;
+
+    return resp;
+}
+
+int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
+    unsigned char** data)
+{
+    if (data == NULL)
+        return response->maxIdx;
+
+    XMEMCPY(*data, response->source, response->maxIdx);
+    return response->maxIdx;
+}
+
+int wolfSSL_OCSP_response_status(OcspResponse *response)
+{
+    return response->responseStatus;
+}
+
+const char *wolfSSL_OCSP_response_status_str(long s)
+{
+    switch (s) {
+        case OCSP_SUCCESSFUL:
+            return "successful";
+        case OCSP_MALFORMED_REQUEST:
+            return "malformedrequest";
+        case OCSP_INTERNAL_ERROR:
+            return "internalerror";
+        case OCSP_TRY_LATER:
+            return "trylater";
+        case OCSP_SIG_REQUIRED:
+            return "sigrequired";
+        case OCSP_UNAUTHROIZED:
+            return "unauthorized";
+        default:
+            return "(UNKNOWN)";
+    }
+}
+
+WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
+{
+    WOLFSSL_OCSP_BASICRESP* bs;
+
+    bs = (WOLFSSL_OCSP_BASICRESP*)XMALLOC(sizeof(WOLFSSL_OCSP_BASICRESP), NULL,
+                                          DYNAMIC_TYPE_OPENSSL);
+    if (bs == NULL)
+        return NULL;
+
+    XMEMCPY(bs, response, sizeof(OcspResponse));
+    bs->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
+                                      DYNAMIC_TYPE_TMP_BUFFER);
+    bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (bs->status == NULL || bs->source == NULL) {
+        if (bs->status) XFREE(bs->status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (bs->source) XFREE(bs->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        wolfSSL_OCSP_RESPONSE_free(bs);
+        bs = NULL;
+    }
+    else {
+        XMEMCPY(bs->status, response->status, sizeof(CertStatus));
+        XMEMCPY(bs->source, response->source, response->maxIdx);
+    }
+    return bs;
+}
+
+OcspRequest* wolfSSL_OCSP_REQUEST_new(void)
+{
+    OcspRequest* request;
+
+    request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
+                                    DYNAMIC_TYPE_OPENSSL);
+    if (request != NULL)
+        XMEMSET(request, 0, sizeof(OcspRequest));
+
+    return request;
+}
+
+void wolfSSL_OCSP_REQUEST_free(OcspRequest* request)
+{
+    FreeOcspRequest(request);
+    XFREE(request, NULL, DYNAMIC_TYPE_OPENSSL);
+}
+
+int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
+{
+    word32 size;
+
+    size = EncodeOcspRequest(request, NULL, 0);
+    if (size <= 0 || data == NULL)
+        return size;
+
+    return EncodeOcspRequest(request, *data, size);
+}
+
+WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
+    WOLFSSL_OCSP_CERTID *cid)
+{
+    if (req == NULL || cid == NULL)
+        return NULL;
+
+    FreeOcspRequest(req);
+    XMEMCPY(req, cid, sizeof(OcspRequest));
+
+    if (cid->serial != NULL) {
+        req->serial = (byte*)XMALLOC(cid->serialSz, NULL,
+                                     DYNAMIC_TYPE_OCSP_REQUEST);
+        req->url = (byte*)XMALLOC(cid->urlSz, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
+        if (req->serial == NULL || req->url == NULL) {
+            FreeOcspRequest(req);
+            return NULL;
+        }
+
+        XMEMCPY(req->serial, cid->serial, cid->serialSz);
+        XMEMCPY(req->url, cid->url, cid->urlSz);
+    }
+
+    wolfSSL_OCSP_REQUEST_free(cid);
+
+    return req;
+}
+
+#endif
 
 #else /* HAVE_OCSP */
 

src/sniffer.c

@@ -55,16 +55,6 @@
 #endif
 
 
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
-static INLINE word32 min(word32 a, word32 b)
-{
-    return a > b ? b : a;
-}
-
-#endif /* WOLFSSL_HAVE_MIN */
-
 #ifndef WOLFSSL_SNIFFER_TIMEOUT
     #define WOLFSSL_SNIFFER_TIMEOUT 900
     /* Cache unclosed Sessions for 15 minutes since last used */
@@ -1183,9 +1173,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
         return -1;
     }
 
-    ret = (int)XFREAD(loadBuf, fileSz, 1, file);
+    ret = (int)XFREAD(loadBuf, 1, fileSz, file);
     XFCLOSE(file);
 
+    if (ret != fileSz) {
+        free(loadBuf);
+        return -1;
+    }
+
     if (typeKey == SSL_FILETYPE_PEM) {
         byte* saveBuf   = (byte*)malloc(fileSz);
         int   saveBufSz = 0;
@@ -1197,6 +1192,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
             if (saveBufSz < 0) {
                 saveBufSz = 0;
                 free(saveBuf);
+                saveBuf = NULL;
             }
             else
                 ret = 0;
@@ -1205,8 +1201,10 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
         ForceZero(loadBuf, (word32)fileSz);
         free(loadBuf);
 
-        *keyBuf = saveBuf;
-        *keyBufSz = (word32)saveBufSz;
+        if (saveBuf) {
+            *keyBuf = saveBuf;
+            *keyBufSz = (word32)saveBufSz;
+        }
     }
     else {
         *keyBuf = loadBuf;
@@ -2213,6 +2211,9 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
         case wolfssl_aes_gcm:
             if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size))
             {
+                /* scratch buffer, sniffer ignores auth tag*/
+                byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ];
+
                 byte nonce[AESGCM_NONCE_SZ];
                 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
                 XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
@@ -2222,7 +2223,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
                             input + AESGCM_EXP_IV_SZ,
                             sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
                             nonce, AESGCM_NONCE_SZ,
-                            NULL, 0,
+                            authTag, sizeof(authTag),
                             NULL, 0) < 0) {
                     Trace(BAD_DECRYPT);
                     ret = -1;

sslSniffer/sslSnifferTest/snifftest.c

@@ -166,8 +166,9 @@ int main(int argc, char** argv)
 
 	    printf("Enter the interface number (1-%d): ", i);
 	    ret = scanf("%d", &inum);
-        if (ret != 1)
+        if (ret != 1) {
             printf("scanf port failed\n");
+        }
 
 	    if (inum < 1 || inum > i)
 		    err_sys("Interface number out of range");

support/wolfssl.pc

@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.9.10
+Version: 3.11.0
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}

tests/hash.c

@@ -40,7 +40,7 @@
 
 typedef struct testVector {
     const char*  input;
-    const char*  output; 
+    const char*  output;
     size_t inLen;
     size_t outLen;
 } testVector;
@@ -48,12 +48,14 @@ typedef struct testVector {
 int  md4_test(void);
 int  md5_test(void);
 int  sha_test(void);
+int  sha224_test(void);
 int  sha256_test(void);
 int  sha512_test(void);
 int  sha384_test(void);
 int  ripemd_test(void);
 int  hmac_md5_test(void);
 int  hmac_sha_test(void);
+int  hmac_sha224_test(void);
 int  hmac_sha256_test(void);
 int  hmac_sha384_test(void);
 
@@ -66,7 +68,7 @@ int HashTest(void)
 #ifndef NO_MD4
     if ( (ret = md4_test()) ) {
         printf( "   MD4      test failed!\n");
-        return ret; 
+        return ret;
     } else
         printf( "   MD4      test passed!\n");
 #endif
@@ -74,23 +76,31 @@ int HashTest(void)
 #ifndef NO_MD5
     if ( (ret = md5_test()) ) {
         printf( "   MD5      test failed!\n");
-        return ret; 
+        return ret;
     } else
         printf( "   MD5      test passed!\n");
 #endif
-    
+
 #ifndef NO_SHA
     if ( (ret = sha_test()) ) {
         printf( "   SHA      test failed!\n");
-        return ret; 
+        return ret;
     } else
         printf( "   SHA      test passed!\n");
 #endif
-    
+
+#ifdef WOLFSSL_SHA224
+    if ( (ret = sha224_test()) ) {
+        printf( "   SHA-224  test failed!\n");
+        return ret;
+    } else
+        printf( "   SHA-224  test passed!\n");
+#endif
+
 #ifndef NO_SHA256
     if ( (ret = sha256_test()) ) {
         printf( "   SHA-256  test failed!\n");
-        return ret; 
+        return ret;
     } else
         printf( "   SHA-256  test passed!\n");
 #endif
@@ -98,7 +108,7 @@ int HashTest(void)
 #ifdef WOLFSSL_SHA512
     if ( (ret = sha512_test()) ) {
         printf( "   SHA-512  test failed!\n");
-        return ret; 
+        return ret;
     } else
         printf( "   SHA-512  test passed!\n");
 #endif
@@ -106,7 +116,7 @@ int HashTest(void)
 #ifdef WOLFSSL_SHA384
     if ( (ret = sha384_test()) ) {
         printf( "   SHA-384  test failed!\n");
-        return ret; 
+        return ret;
     } else
         printf( "   SHA-384  test passed!\n");
 #endif
@@ -114,7 +124,7 @@ int HashTest(void)
 #ifdef WOLFSSL_RIPEMD
     if ( (ret = ripemd_test()) ) {
         printf( "   RIPEMD   test failed!\n");
-        return ret; 
+        return ret;
     } else
         printf( "   RIPEMD   test passed!\n");
 #endif
@@ -123,27 +133,34 @@ int HashTest(void)
     #ifndef NO_MD5
         if ( (ret = hmac_md5_test()) ) {
             printf( "   HMAC-MD5 test failed!\n");
-            return ret; 
+            return ret;
         } else
             printf( "   HMAC-MD5 test passed!\n");
     #endif
 
     #ifndef NO_SHA
-    if ( (ret = hmac_sha_test()) ) 
+    if ( (ret = hmac_sha_test()) )
         printf( "   HMAC-SHA test failed!\n");
     else
         printf( "   HMAC-SHA test passed!\n");
     #endif
 
+    #ifdef WOLFSSL_SHA224
+        if ( (ret = hmac_sha224_test()) )
+            printf( "   HMAC-SHA224 test failed!\n");
+        else
+            printf( "   HMAC-SHA224 test passed!\n");
+    #endif
+
     #ifndef NO_SHA256
-        if ( (ret = hmac_sha256_test()) ) 
+        if ( (ret = hmac_sha256_test()) )
             printf( "   HMAC-SHA256 test failed!\n");
         else
             printf( "   HMAC-SHA256 test passed!\n");
     #endif
 
     #ifdef WOLFSSL_SHA384
-        if ( (ret = hmac_sha384_test()) ) 
+        if ( (ret = hmac_sha384_test()) )
             printf( "   HMAC-SHA384 test failed!\n");
         else
             printf( "   HMAC-SHA384 test passed!\n");
@@ -151,7 +168,7 @@ int HashTest(void)
 #endif
 
     printf(" End HASH Tests\n");
-    
+
     return 0;
 }
 
@@ -167,45 +184,45 @@ int md4_test(void)
     int times = sizeof(test_md4) / sizeof(testVector), i;
 
     a.input  = "";
-    a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89" 
+    a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
                "\xc0";
     a.inLen  = XSTRLEN(a.input);
     a.outLen = XSTRLEN(a.output);
 
     b.input  = "a";
-    b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb" 
+    b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
                "\x24";
     b.inLen  = XSTRLEN(b.input);
     b.outLen = XSTRLEN(b.output);
 
     c.input  = "abc";
-    c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72" 
+    c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
                "\x9d";
     c.inLen  = XSTRLEN(c.input);
     c.outLen = XSTRLEN(c.output);
 
     d.input  = "message digest";
-    d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01" 
+    d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
                "\x4b";
     d.inLen  = XSTRLEN(d.input);
     d.outLen = XSTRLEN(d.output);
 
     e.input  = "abcdefghijklmnopqrstuvwxyz";
-    e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d" 
+    e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
                "\xa9";
     e.inLen  = XSTRLEN(e.input);
     e.outLen = XSTRLEN(e.output);
 
     f.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
                "6789";
-    f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0" 
+    f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
                "\xe4";
     f.inLen  = XSTRLEN(f.input);
     f.outLen = XSTRLEN(f.output);
 
     g.input  = "1234567890123456789012345678901234567890123456789012345678"
                "9012345678901234567890";
-    g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05" 
+    g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
                "\x36";
     g.inLen  = XSTRLEN(g.input);
     g.outLen = XSTRLEN(g.output);
@@ -356,6 +373,52 @@ int sha_test(void)
 }
 #endif /* NO_SHA */
 
+#ifdef WOLFSSL_SHA224
+int sha224_test(void)
+{
+    Sha224 sha;
+    byte   hash[SHA224_DIGEST_SIZE];
+
+    testVector a, b;
+    testVector test_sha[2];
+    int ret;
+    int times = sizeof(test_sha) / sizeof(struct testVector), i;
+
+    a.input  = "abc";
+    a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
+               "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = SHA224_DIGEST_SIZE;
+
+    b.input  = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+    b.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
+               "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
+    b.inLen  = XSTRLEN(b.input);
+    b.outLen = SHA224_DIGEST_SIZE;
+
+    test_sha[0] = a;
+    test_sha[1] = b;
+
+    ret = wc_InitSha224(&sha);
+    if (ret != 0)
+        return -4005;
+
+    for (i = 0; i < times; ++i) {
+        ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
+        if (ret != 0)
+            return ret;
+        ret = wc_Sha224Final(&sha, hash);
+        if (ret != 0)
+            return ret;
+
+        if (XMEMCMP(hash, test_sha[i].output, SHA224_DIGEST_SIZE) != 0)
+            return -10 - i;
+    }
+
+    return 0;
+}
+#endif
+
 #ifndef NO_SHA256
 int sha256_test(void)
 {
@@ -431,7 +494,7 @@ int sha512_test(void)
                "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
                "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
                "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
-               "\x87\x4b\xe9\x09"; 
+               "\x87\x4b\xe9\x09";
     b.inLen  = XSTRLEN(b.input);
     b.outLen = XSTRLEN(b.output);
 
@@ -533,7 +596,7 @@ int ripemd_test(void)
     b.inLen  = XSTRLEN(b.input);
     b.outLen = XSTRLEN(b.output);
 
-    c.input  = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; 
+    c.input  = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
     c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
                "\xf4\x9a\xda\x62\xeb\x2b";
     c.inLen  = XSTRLEN(c.input);
@@ -542,7 +605,7 @@ int ripemd_test(void)
     d.input  = "12345678901234567890123456789012345678901234567890123456"
                "789012345678901234567890";
     d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
-               "\x82\xbf\x63\x32\x6b\xfb"; 
+               "\x82\xbf\x63\x32\x6b\xfb";
     d.inLen  = XSTRLEN(d.input);
     d.outLen = XSTRLEN(d.output);
 
@@ -610,6 +673,10 @@ int hmac_md5_test(void)
     test_hmac[1] = b;
     test_hmac[2] = c;
 
+    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+    if (ret != 0)
+        return -20009;
+
     for (i = 0; i < times; ++i) {
 #if defined(HAVE_FIPS)
         if (i == 1)
@@ -630,6 +697,8 @@ int hmac_md5_test(void)
             return -20 - i;
     }
 
+    wc_HmacFree(&hmac);
+
     return 0;
 }
 #endif
@@ -680,6 +749,10 @@ int hmac_sha_test(void)
     test_hmac[1] = b;
     test_hmac[2] = c;
 
+    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+    if (ret != 0)
+        return -20009;
+
     for (i = 0; i < times; ++i) {
 #if defined(HAVE_FIPS)
         if (i == 1)
@@ -700,10 +773,89 @@ int hmac_sha_test(void)
             return -20 - i;
     }
 
+    wc_HmacFree(&hmac);
+
     return 0;
 }
 #endif
 
+#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
+int hmac_sha224_test(void)
+{
+    Hmac hmac;
+    byte hash[SHA224_DIGEST_SIZE];
+
+    const char* keys[]=
+    {
+        "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                                                                "\x0b\x0b\x0b",
+        "Jefe",
+        "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
+                                                                "\xAA\xAA\xAA"
+    };
+
+    testVector a, b, c;
+    testVector test_hmac[3];
+
+    int ret;
+    int times = sizeof(test_hmac) / sizeof(testVector), i;
+
+    a.input  = "Hi There";
+    a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
+               "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
+    a.inLen  = XSTRLEN(a.input);
+    a.outLen = SHA224_DIGEST_SIZE;
+
+    b.input  = "what do ya want for nothing?";
+    b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
+               "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
+    b.inLen  = XSTRLEN(b.input);
+    b.outLen = SHA224_DIGEST_SIZE;
+
+    c.input  = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
+               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
+               "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
+               "\xDD\xDD\xDD\xDD\xDD\xDD";
+    c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
+               "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
+    c.inLen  = XSTRLEN(c.input);
+    c.outLen = SHA224_DIGEST_SIZE;
+
+    test_hmac[0] = a;
+    test_hmac[1] = b;
+    test_hmac[2] = c;
+
+    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+    if (ret != 0)
+        return -20009;
+
+    for (i = 0; i < times; ++i) {
+#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
+        if (i == 1)
+            continue; /* cavium can't handle short keys, fips not allowed */
+#endif
+        ret = wc_HmacSetKey(&hmac, SHA224, (byte*)keys[i],(word32)XSTRLEN(keys[i]));
+        if (ret != 0)
+            return -4021;
+        ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
+                   (word32)test_hmac[i].inLen);
+        if (ret != 0)
+            return -4022;
+        ret = wc_HmacFinal(&hmac, hash);
+        if (ret != 0)
+            return -4023;
+
+        if (XMEMCMP(hash, test_hmac[i].output, SHA224_DIGEST_SIZE) != 0)
+            return -20 - i;
+    }
+
+    wc_HmacFree(&hmac);
+
+    return 0;
+}
+#endif
+
+
 #if !defined(NO_HMAC) && !defined(NO_SHA256)
 int hmac_sha256_test(void)
 {
@@ -753,6 +905,10 @@ int hmac_sha256_test(void)
     test_hmac[1] = b;
     test_hmac[2] = c;
 
+    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+    if (ret != 0)
+        return -20009;
+
     for (i = 0; i < times; ++i) {
 #if defined(HAVE_FIPS)
         if (i == 1)
@@ -773,6 +929,8 @@ int hmac_sha256_test(void)
             return -20 - i;
     }
 
+    wc_HmacFree(&hmac);
+
     return 0;
 }
 #endif
@@ -830,6 +988,10 @@ int hmac_sha384_test(void)
     test_hmac[1] = b;
     test_hmac[2] = c;
 
+    ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
+    if (ret != 0)
+        return -20009;
+
     for (i = 0; i < times; ++i) {
 #if defined(HAVE_FIPS)
         if (i == 1)
@@ -850,6 +1012,8 @@ int hmac_sha384_test(void)
             return -20 - i;
     }
 
+    wc_HmacFree(&hmac);
+
     return 0;
 }
 #endif

tests/include.am

@@ -23,5 +23,6 @@ EXTRA_DIST += tests/test.conf \
               tests/test-qsh.conf \
               tests/test-psk-no-id.conf \
               tests/test-dtls.conf \
+              tests/test-sctp.conf \
               tests/test-sig.conf
 DISTCLEANFILES+= tests/.libs/unit.test

tests/srp.c

@@ -117,8 +117,8 @@ static void test_SrpInit(void)
 
     /* invalid params */
     AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, 255,          SRP_CLIENT_SIDE));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, 255            ));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, (SrpSide)255));
 
     /* success */
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
@@ -240,8 +240,8 @@ static void test_SrpSetPassword(void)
 static void test_SrpGetPublic(void)
 {
     Srp srp;
-    byte public[64];
-    word32 publicSz = 0;
+    byte pub[64];
+    word32 pubSz = 0;
 
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
@@ -250,23 +250,23 @@ static void test_SrpGetPublic(void)
                                          salt, sizeof(salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz));
+    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, public, &publicSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL,   &publicSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, public, NULL));
-    AssertIntEQ(BUFFER_E,     wc_SrpGetPublic(&srp, public, &publicSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, pub, &pubSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL,   &pubSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, pub, NULL));
+    AssertIntEQ(BUFFER_E,     wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* success */
-    publicSz = sizeof(public);
+    pubSz = sizeof(pub);
     AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a)));
-    AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz));
-    AssertIntEQ(publicSz, sizeof(A));
-    AssertIntEQ(0, XMEMCMP(public, A, publicSz));
+    AssertIntEQ(0, wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(pubSz, sizeof(A));
+    AssertIntEQ(0, XMEMCMP(pub, A, pubSz));
 
     wc_SrpTerm(&srp);
 
@@ -277,16 +277,16 @@ static void test_SrpGetPublic(void)
                                          salt, sizeof(salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz));
+    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, pub, &pubSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier)));
 
     /* success */
     AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b)));
-    AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz));
-    AssertIntEQ(publicSz, sizeof(B));
-    AssertIntEQ(0, XMEMCMP(public, B, publicSz));
+    AssertIntEQ(0, wc_SrpGetPublic(&srp, pub, &pubSz));
+    AssertIntEQ(pubSz, sizeof(B));
+    AssertIntEQ(0, XMEMCMP(pub, B, pubSz));
 
     wc_SrpTerm(&srp);
 }

tests/suites.c

@@ -35,7 +35,7 @@
 
 #define MAX_ARGS 40
 #define MAX_COMMAND_SZ 240
-#define MAX_SUITE_SZ 80 
+#define MAX_SUITE_SZ 80
 #define NOT_BUILT_IN -123
 #if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
     #define VERSION_TOO_OLD -124
@@ -54,6 +54,11 @@ static char flagSep[] = " ";
     static char portFlag[] = "-p";
     static char svrPort[] = "0";
 #endif
+static char forceDefCipherListFlag[] = "-H";
+
+#ifdef WOLFSSL_ASYNC_CRYPT
+    static int devId = INVALID_DEVID;
+#endif
 
 
 #ifndef WOLFSSL_ALLOW_SSLV3
@@ -155,7 +160,8 @@ static int IsValidCipherSuite(const char* line, char* suite)
 static int execute_test_case(int svr_argc, char** svr_argv,
                               int cli_argc, char** cli_argv,
                               int addNoVerify, int addNonBlocking,
-                              int addDisableEMS)
+                              int addDisableEMS, int forceSrvDefCipherList,
+                              int forceCliDefCipherList)
 {
 #ifdef WOLFSSL_TIRTOS
     func_args cliArgs = {0};
@@ -174,20 +180,22 @@ static int execute_test_case(int svr_argc, char** svr_argv,
     char        commandLine[MAX_COMMAND_SZ];
     char        cipherSuite[MAX_SUITE_SZ+1];
     int         i;
-    size_t      added = 0;
+    size_t      added;
     static      int tests = 1;
 
+    /* Is Valid Cipher and Version Checks */
+    /* build command list for the Is checks below */
     commandLine[0] = '\0';
-    for (i = 0; i < svr_argc; i++) {
+    added = 0;
+    for (i = 0; i < svrArgs.argc; i++) {
         added += XSTRLEN(svr_argv[i]) + 2;
         if (added >= MAX_COMMAND_SZ) {
-            printf("server command line too long\n"); 
+            printf("server command line too long\n");
             break;
         }
         strcat(commandLine, svr_argv[i]);
         strcat(commandLine, flagSep);
     }
-
     if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
         #ifdef DEBUG_SUITE_TESTS
             printf("cipher suite %s not supported in build\n", cipherSuite);
@@ -203,7 +211,6 @@ static int execute_test_case(int svr_argc, char** svr_argv,
         return VERSION_TOO_OLD;
     }
 #endif
-
 #ifdef NO_OLD_TLS
     if (IsOldTlsVersion(commandLine) == 1) {
         #ifdef DEBUG_SUITE_TESTS
@@ -213,78 +220,52 @@ static int execute_test_case(int svr_argc, char** svr_argv,
     }
 #endif
 
+    /* Build Client Command */
     if (addNoVerify) {
-        printf("repeating test with client cert request off\n"); 
-        added += 4;   /* -d plus space plus terminator */
-        if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
+        printf("repeating test with client cert request off\n");
+        if (svrArgs.argc >= MAX_ARGS)
             printf("server command line too long\n");
-        else {
-            svr_argv[svr_argc++] = noVerifyFlag;
-            svrArgs.argc = svr_argc;
-            strcat(commandLine, noVerifyFlag);
-            strcat(commandLine, flagSep);
-        }
+        else
+            svr_argv[svrArgs.argc++] = noVerifyFlag;
     }
     if (addNonBlocking) {
-        printf("repeating test with non blocking on\n"); 
-        added += 4;   /* -N plus terminator */
-        if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
+        printf("repeating test with non blocking on\n");
+        if (svrArgs.argc >= MAX_ARGS)
             printf("server command line too long\n");
-        else {
-            svr_argv[svr_argc++] = nonblockFlag;
-            svrArgs.argc = svr_argc;
-            strcat(commandLine, nonblockFlag);
-            strcat(commandLine, flagSep);
-        }
+        else
+            svr_argv[svrArgs.argc++] = nonblockFlag;
     }
     #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
-        /* add port 0 */
-        if (svr_argc + 2 > MAX_ARGS)
+        /* add port */
+        if (svrArgs.argc + 2 > MAX_ARGS)
             printf("cannot add the magic port number flag to server\n");
-        else
-        {
-            svr_argv[svr_argc++] = portFlag;
-            svr_argv[svr_argc++] = svrPort;
-            svrArgs.argc = svr_argc;
+        else {
+            svr_argv[svrArgs.argc++] = portFlag;
+            svr_argv[svrArgs.argc++] = svrPort;
         }
     #endif
-    printf("trying server command line[%d]: %s\n", tests, commandLine);
+    if (forceSrvDefCipherList) {
+        if (svrArgs.argc >= MAX_ARGS)
+            printf("cannot add the force def cipher list flag to server\n");
+        else
+            svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
+    }
 
+    /* update server flags list */
     commandLine[0] = '\0';
     added = 0;
-    for (i = 0; i < cli_argc; i++) {
-        added += XSTRLEN(cli_argv[i]) + 2;
+    for (i = 0; i < svrArgs.argc; i++) {
+        added += XSTRLEN(svr_argv[i]) + 2;
         if (added >= MAX_COMMAND_SZ) {
-            printf("client command line too long\n"); 
+            printf("server command line too long\n");
             break;
         }
-        strcat(commandLine, cli_argv[i]);
+        strcat(commandLine, svr_argv[i]);
         strcat(commandLine, flagSep);
     }
-    if (addNonBlocking) {
-        added += 4;   /* -N plus space plus terminator  */
-        if (added >= MAX_COMMAND_SZ)
-            printf("client command line too long\n");
-        else  {
-            cli_argv[cli_argc++] = nonblockFlag;
-            strcat(commandLine, nonblockFlag);
-            strcat(commandLine, flagSep);
-            cliArgs.argc = cli_argc;
-        }
-    }
-    if (addDisableEMS) {
-        printf("repeating test without extended master secret\n");
-        added += 4;   /* -n plus terminator */
-        if (added >= MAX_COMMAND_SZ)
-            printf("client command line too long\n");
-        else {
-            cli_argv[cli_argc++] = disableEMSFlag;
-            strcat(commandLine, disableEMSFlag);
-            strcat(commandLine, flagSep);
-            cliArgs.argc = cli_argc;
-        }
-    }
-    printf("trying client command line[%d]: %s\n", tests++, commandLine);
+    printf("trying server command line[%d]: %s\n", tests, commandLine);
+
+    tests++; /* test count */
 
     InitTcpReady(&ready);
 
@@ -296,31 +277,65 @@ static int execute_test_case(int svr_argc, char** svr_argv,
     svrArgs.signal = &ready;
     start_thread(server_test, &svrArgs, &serverThread);
     wait_tcp_ready(&svrArgs);
-    #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
-        if (ready.port != 0)
-        {
-            if (cli_argc + 2 > MAX_ARGS)
-                printf("cannot add the magic port number flag to client\n");
-            else {
-                char portNumber[8];
-                snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
-                cli_argv[cli_argc++] = portFlag;
-                cli_argv[cli_argc++] = portNumber;
-                cliArgs.argc = cli_argc;
-            }
+
+
+    /* Build Client Command */
+    if (addNonBlocking) {
+        if (cliArgs.argc >= MAX_ARGS)
+            printf("cannot add the non block flag to client\n");
+        else
+            cli_argv[cliArgs.argc++] = nonblockFlag;
+    }
+    if (addDisableEMS) {
+        printf("repeating test without extended master secret\n");
+        if (cliArgs.argc >= MAX_ARGS)
+            printf("cannot add the disable EMS flag to client\n");
+        else
+            cli_argv[cliArgs.argc++] = disableEMSFlag;
+    }
+#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
+    if (ready.port != 0) {
+        if (cliArgs.argc + 2 > MAX_ARGS)
+            printf("cannot add the magic port number flag to client\n");
+        else {
+            char portNumber[8];
+            snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
+            cli_argv[cliArgs.argc++] = portFlag;
+            cli_argv[cliArgs.argc++] = portNumber;
         }
-    #endif
+    }
+#endif
+    if (forceCliDefCipherList) {
+        if (cliArgs.argc >= MAX_ARGS)
+            printf("cannot add the force def cipher list flag to client\n");
+        else
+            cli_argv[cliArgs.argc++] = forceDefCipherListFlag;
+    }
+
+    commandLine[0] = '\0';
+    added = 0;
+    for (i = 0; i < cliArgs.argc; i++) {
+        added += XSTRLEN(cli_argv[i]) + 2;
+        if (added >= MAX_COMMAND_SZ) {
+            printf("client command line too long\n");
+            break;
+        }
+        strcat(commandLine, cli_argv[i]);
+        strcat(commandLine, flagSep);
+    }
+    printf("trying client command line[%d]: %s\n", tests, commandLine);
+
     /* start client */
     client_test(&cliArgs);
 
-    /* verify results */ 
+    /* verify results */
     if (cliArgs.return_code != 0) {
         printf("client_test failed\n");
         exit(EXIT_FAILURE);
     }
 
     join_thread(serverThread);
-    if (svrArgs.return_code != 0) { 
+    if (svrArgs.return_code != 0) {
         printf("server_test failed\n");
         exit(EXIT_FAILURE);
     }
@@ -329,7 +344,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
     fdCloseSession(Task_self());
 #endif
     FreeTcpReady(&ready);
-    
+
     return 0;
 }
 
@@ -361,7 +376,7 @@ static void test_harness(void* vargs)
         fname = args->argv[1];
     }
 
-    file = fopen(fname, "r");
+    file = fopen(fname, "rb");
     if (file == NULL) {
         fprintf(stderr, "unable to open %s\n", fname);
         args->return_code = 1;
@@ -393,7 +408,7 @@ static void test_harness(void* vargs)
         args->return_code = 1;
         return;
     }
-    
+
     fclose(file);
     script[sz] = 0;
 
@@ -442,7 +457,7 @@ static void test_harness(void* vargs)
                 else
                     svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
                 if (*cursor == 0)  /* eof */
-                    do_it = 1; 
+                    do_it = 1;
         }
 
         if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
@@ -452,24 +467,31 @@ static void test_harness(void* vargs)
 
         if (do_it) {
             ret = execute_test_case(svrArgsSz, svrArgs,
-                                    cliArgsSz, cliArgs, 0, 0, 0);
+                                    cliArgsSz, cliArgs, 0, 0, 0, 0, 0);
             /* don't repeat if not supported in build */
             if (ret == 0) {
+                /* test with default cipher list on server side */
                 execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 0, 1, 0);
+                                  cliArgsSz, cliArgs, 0, 0, 0, 1, 0);
+                /* test with default cipher list on client side */
                 execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 1, 0, 0);
+                                  cliArgsSz, cliArgs, 0, 0, 0, 0, 1);
+
                 execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 1, 1, 0);
+                                  cliArgsSz, cliArgs, 0, 1, 0, 0, 0);
+                execute_test_case(svrArgsSz, svrArgs,
+                                  cliArgsSz, cliArgs, 1, 0, 0, 0, 0);
+                execute_test_case(svrArgsSz, svrArgs,
+                                  cliArgsSz, cliArgs, 1, 1, 0, 0, 0);
 #ifdef HAVE_EXTENDED_MASTER
                 execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 0, 0, 1);
+                                  cliArgsSz, cliArgs, 0, 0, 1, 0, 0);
                 execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 0, 1, 1);
+                                  cliArgsSz, cliArgs, 0, 1, 1, 0, 0);
                 execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 1, 0, 1);
+                                  cliArgsSz, cliArgs, 1, 0, 1, 0, 0);
                 execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 1, 1, 1);
+                                  cliArgsSz, cliArgs, 1, 1, 1, 0, 0);
 #endif
             }
             svrArgsSz = 1;
@@ -515,17 +537,28 @@ int SuiteTest(void)
                                                    memory, sizeof(memory), 0, 1)
             != SSL_SUCCESS) {
         printf("unable to load static memory and create ctx");
-        exit(EXIT_FAILURE);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
     }
 #endif
 
+#ifdef WOLFSSL_ASYNC_CRYPT
+    if (wolfAsync_DevOpen(&devId) < 0) {
+        printf("Async device open failed");
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+    wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId);
+#endif /* WOLFSSL_ASYNC_CRYPT */
+
     /* default case */
     args.argc = 1;
     printf("starting default cipher suite tests\n");
     test_harness(&args);
     if (args.return_code != 0) {
         printf("error from script %d\n", args.return_code);
-        exit(EXIT_FAILURE);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
     }
 
     /* any extra cases will need another argument */
@@ -538,7 +571,8 @@ int SuiteTest(void)
     test_harness(&args);
     if (args.return_code != 0) {
         printf("error from script %d\n", args.return_code);
-        exit(EXIT_FAILURE);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
     }
 #endif
 #ifdef WOLFSSL_SCTP
@@ -548,7 +582,8 @@ int SuiteTest(void)
     test_harness(&args);
     if (args.return_code != 0) {
         printf("error from script %d\n", args.return_code);
-        exit(EXIT_FAILURE);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
     }
 #endif
 #ifndef WC_STRICT_SIG
@@ -559,7 +594,8 @@ int SuiteTest(void)
     test_harness(&args);
     if (args.return_code != 0) {
         printf("error from script %d\n", args.return_code);
-        exit(EXIT_FAILURE);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
     }
 #endif /* HAVE_RSA and HAVE_ECC */
 #endif /* !WC_STRICT_SIG */
@@ -570,7 +606,8 @@ int SuiteTest(void)
     test_harness(&args);
     if (args.return_code != 0) {
         printf("error from script %d\n", args.return_code);
-        exit(EXIT_FAILURE);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
     }
 #endif
 
@@ -581,15 +618,21 @@ int SuiteTest(void)
     test_harness(&args);
     if (args.return_code != 0) {
         printf("error from script %d\n", args.return_code);
-        exit(EXIT_FAILURE);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
     }
 #endif
 
+exit:
     printf(" End Cipher Suite Tests\n");
 
     wolfSSL_CTX_free(cipherSuiteCtx);
     wolfSSL_Cleanup();
 
+#ifdef WOLFSSL_ASYNC_CRYPT
+    wolfAsync_DevClose(&devId);
+#endif
+
     return args.return_code;
 }
 

tests/test-dtls.conf

@@ -1,36 +1,3 @@
-# server DTLSv1 DHE-RSA-CHACHA20-POLY1305
--u
--v 2
--l DHE-RSA-CHACHA20-POLY1305
-
-# client DTLSv1 DHE-RSA-CHACHA20-POLY1305
--u
--v 2
--l DHE-RSA-CHACHA20-POLY1305
-
-# server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305
--u
--v 2
--l ECDHE-RSA-CHACHA20-POLY1305
-
-# client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305
--u
--v 2
--l ECDHE-RSA-CHACHA20-POLY1305
-
-# server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305
--u
--v 2
--l ECDHE-ECDSA-CHACHA20-POLY1305
--c ./certs/server-ecc.pem
--k ./certs/ecc-key.pem
-
-# client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305
--u
--v 2
--l ECDHE-ECDSA-CHACHA20-POLY1305
--A ./certs/server-ecc.pem
-
 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
 -u
 -v 3
@@ -133,26 +100,6 @@
 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD
 -A ./certs/server-ecc.pem
 
-# server DTLSv1 RC4-SHA
--u
--v 2
--l RC4-SHA
-
-# client DTLSv1 RC4-SHA
--u
--v 2
--l RC4-SHA
-
-# server DTLSv1.2 RC4-SHA
--u
--v 3
--l RC4-SHA
-
-# client DTLSv1.2 RC4-SHA
--u
--v 3
--l RC4-SHA
-
 # server DTLSv1 IDEA-CBC-SHA
 -u
 -v 2
@@ -263,16 +210,6 @@
 -v 3
 -l AES256-SHA256
 
-# server DTLSv1 ECDHE-RSA-RC4
--u
--v 2
--l ECDHE-RSA-RC4-SHA
-
-# client DTLSv1 ECDHE-RSA-RC4
--u
--v 2
--l ECDHE-RSA-RC4-SHA
-
 # server DTLSv1.1 ECDHE-RSA-DES3
 -u
 -v 2
@@ -283,12 +220,12 @@
 -v 2
 -l ECDHE-RSA-DES-CBC3-SHA
 
-# server DTLSv1.1 ECDHE-RSA-AES128 
+# server DTLSv1.1 ECDHE-RSA-AES128
 -u
 -v 2
 -l ECDHE-RSA-AES128-SHA
 
-# client DTLSv1.1 ECDHE-RSA-AES128 
+# client DTLSv1.1 ECDHE-RSA-AES128
 -u
 -v 2
 -l ECDHE-RSA-AES128-SHA
@@ -303,16 +240,6 @@
 -v 2
 -l ECDHE-RSA-AES256-SHA
 
-# server DTLSv1.2 ECDHE-RSA-RC4
--u
--v 3
--l ECDHE-RSA-RC4-SHA
-
-# client DTLSv1.2 ECDHE-RSA-RC4
--u
--v 3
--l ECDHE-RSA-RC4-SHA
-
 # server DTLSv1.2 ECDHE-RSA-DES3
 -u
 -v 3
@@ -323,12 +250,12 @@
 -v 3
 -l ECDHE-RSA-DES-CBC3-SHA
 
-# server DTLSv1.2 ECDHE-RSA-AES128 
+# server DTLSv1.2 ECDHE-RSA-AES128
 -u
 -v 3
 -l ECDHE-RSA-AES128-SHA
 
-# client DTLSv1.2 ECDHE-RSA-AES128 
+# client DTLSv1.2 ECDHE-RSA-AES128
 -u
 -v 3
 -l ECDHE-RSA-AES128-SHA
@@ -338,7 +265,7 @@
 -v 3
 -l ECDHE-RSA-AES128-SHA256
 
-# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 
+# client DTLSv1.2 ECDHE-RSA-AES128-SHA256
 -u
 -v 3
 -l ECDHE-RSA-AES128-SHA256
@@ -392,19 +319,6 @@
 -l ECDHE-ECDSA-NULL-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.1 ECDHE-EDCSA-RC4
--u
--v 2
--l ECDHE-ECDSA-RC4-SHA
--c ./certs/server-ecc.pem
--k ./certs/ecc-key.pem
-
-# client DTLSv1.1 ECDHE-ECDSA-RC4
--u
--v 2
--l ECDHE-ECDSA-RC4-SHA
--A ./certs/server-ecc.pem
-
 # server DTLSv1.1 ECDHE-ECDSA-DES3
 -u
 -v 2
@@ -418,14 +332,14 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.1 ECDHE-ECDSA-AES128 
+# server DTLSv1.1 ECDHE-ECDSA-AES128
 -u
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.1 ECDHE-ECDSA-AES128 
+# client DTLSv1.1 ECDHE-ECDSA-AES128
 -u
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
@@ -444,19 +358,6 @@
 -l ECDHE-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.2 ECDHE-ECDSA-RC4
--u
--v 3
--l ECDHE-ECDSA-RC4-SHA
--c ./certs/server-ecc.pem
--k ./certs/ecc-key.pem
-
-# client DTLSv1.2 ECDHE-ECDSA-RC4
--u
--v 3
--l ECDHE-ECDSA-RC4-SHA
--A ./certs/server-ecc.pem
-
 # server DTLSv1.2 ECDHE-ECDSA-DES3
 -u
 -v 3
@@ -470,14 +371,14 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.2 ECDHE-ECDSA-AES128 
+# server DTLSv1.2 ECDHE-ECDSA-AES128
 -u
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDHE-ECDSA-AES128 
+# client DTLSv1.2 ECDHE-ECDSA-AES128
 -u
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
@@ -509,18 +410,6 @@
 -l ECDHE-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.1 ECDH-RSA-RC4
--u
--v 2
--l ECDH-RSA-RC4-SHA
--c ./certs/server-ecc-rsa.pem
--k ./certs/ecc-key.pem
-
-# client DTLSv1.1 ECDH-RSA-RC4
--u
--v 2
--l ECDH-RSA-RC4-SHA
-
 # server DTLSv1.1 ECDH-RSA-DES3
 -u
 -v 2
@@ -533,14 +422,14 @@
 -v 2
 -l ECDH-RSA-DES-CBC3-SHA
 
-# server DTLSv1.1 ECDH-RSA-AES128 
+# server DTLSv1.1 ECDH-RSA-AES128
 -u
 -v 2
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.1 ECDH-RSA-AES128 
+# client DTLSv1.1 ECDH-RSA-AES128
 -u
 -v 2
 -l ECDH-RSA-AES128-SHA
@@ -557,18 +446,6 @@
 -v 2
 -l ECDH-RSA-AES256-SHA
 
-# server DTLSv1.2 ECDH-RSA-RC4
--u
--v 3
--l ECDH-RSA-RC4-SHA
--c ./certs/server-ecc-rsa.pem
--k ./certs/ecc-key.pem
-
-# client DTLSv1.2 ECDH-RSA-RC4
--u
--v 3
--l ECDH-RSA-RC4-SHA
-
 # server DTLSv1.2 ECDH-RSA-DES3
 -u
 -v 3
@@ -581,26 +458,26 @@
 -v 3
 -l ECDH-RSA-DES-CBC3-SHA
 
-# server DTLSv1.2 ECDH-RSA-AES128 
+# server DTLSv1.2 ECDH-RSA-AES128
 -u
 -v 3
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDH-RSA-AES128 
+# client DTLSv1.2 ECDH-RSA-AES128
 -u
 -v 3
 -l ECDH-RSA-AES128-SHA
 
-# server DTLSv1.2 ECDH-RSA-AES128-SHA256 
+# server DTLSv1.2 ECDH-RSA-AES128-SHA256
 -u
 -v 3
 -l ECDH-RSA-AES128-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDH-RSA-AES128-SHA256 
+# client DTLSv1.2 ECDH-RSA-AES128-SHA256
 -u
 -v 3
 -l ECDH-RSA-AES128-SHA256
@@ -617,19 +494,6 @@
 -v 3
 -l ECDH-RSA-AES256-SHA
 
-# server DTLSv1.1 ECDH-EDCSA-RC4
--u
--v 2
--l ECDH-ECDSA-RC4-SHA
--c ./certs/server-ecc.pem
--k ./certs/ecc-key.pem
-
-# client DTLSv1.1 ECDH-ECDSA-RC4
--u
--v 2
--l ECDH-ECDSA-RC4-SHA
--A ./certs/server-ecc.pem
-
 # server DTLSv1.1 ECDH-ECDSA-DES3
 -u
 -v 2
@@ -643,14 +507,14 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.1 ECDH-ECDSA-AES128 
+# server DTLSv1.1 ECDH-ECDSA-AES128
 -u
 -v 2
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.1 ECDH-ECDSA-AES128 
+# client DTLSv1.1 ECDH-ECDSA-AES128
 -u
 -v 2
 -l ECDH-ECDSA-AES128-SHA
@@ -669,19 +533,6 @@
 -l ECDH-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.2 ECDHE-ECDSA-RC4
--u
--v 3
--l ECDH-ECDSA-RC4-SHA
--c ./certs/server-ecc.pem
--k ./certs/ecc-key.pem
-
-# client DTLSv1.2 ECDH-ECDSA-RC4
--u
--v 3
--l ECDH-ECDSA-RC4-SHA
--A ./certs/server-ecc.pem
-
 # server DTLSv1.2 ECDH-ECDSA-DES3
 -u
 -v 3
@@ -695,14 +546,14 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.2 ECDH-ECDSA-AES128 
+# server DTLSv1.2 ECDH-ECDSA-AES128
 -u
 -v 3
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDH-ECDSA-AES128 
+# client DTLSv1.2 ECDH-ECDSA-AES128
 -u
 -v 3
 -l ECDH-ECDSA-AES128-SHA
@@ -715,7 +566,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 
+# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256
 -u
 -v 3
 -l ECDH-ECDSA-AES128-SHA256
@@ -734,12 +585,12 @@
 -l ECDH-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 
+# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-SHA384
 
-# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 
+# client DTLSv1.2 ECDHE-RSA-AES256-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-SHA384
@@ -757,14 +608,14 @@
 -l ECDHE-ECDSA-AES256-SHA384
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.2 ECDH-RSA-AES256-SHA384 
+# server DTLSv1.2 ECDH-RSA-AES256-SHA384
 -u
 -v 3
 -l ECDH-RSA-AES256-SHA384
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDH-RSA-AES256-SHA384 
+# client DTLSv1.2 ECDH-RSA-AES256-SHA384
 -u
 -v 3
 -l ECDH-RSA-AES256-SHA384
@@ -776,7 +627,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 
+# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384
 -u
 -v 3
 -l ECDH-ECDSA-AES256-SHA384
@@ -926,14 +777,14 @@
 -v 3
 -l PSK-AES256-CBC-SHA384
 
-# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
@@ -952,14 +803,14 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
@@ -978,12 +829,12 @@
 -l ECDH-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
 
-# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 
-# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
@@ -998,14 +849,14 @@
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 
-# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256

tests/test.conf

@@ -1,30 +1,3 @@
-# server TLSv1.1 DHE-RSA-CHACHA20-POLY1305
--v 2
--l DHE-RSA-CHACHA20-POLY1305
-
-# client TLSv1.1 DHE-RSA-CHACHA20-POLY1305
--v 2
--l DHE-RSA-CHACHA20-POLY1305
-
-# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
--v 2
--l ECDHE-RSA-CHACHA20-POLY1305
-
-# client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
--v 2
--l ECDHE-RSA-CHACHA20-POLY1305
-
-# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305
--v 2
--l ECDHE-ECDSA-CHACHA20-POLY1305
--c ./certs/server-ecc.pem
--k ./certs/ecc-key.pem
-
-# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305
--v 2
--l ECDHE-ECDSA-CHACHA20-POLY1305
--A ./certs/server-ecc.pem
-
 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305
 -v 3
 -l DHE-RSA-CHACHA20-POLY1305
@@ -341,11 +314,11 @@
 -v 1
 -l ECDHE-RSA-DES-CBC3-SHA
 
-# server TLSv1 ECDHE-RSA-AES128 
+# server TLSv1 ECDHE-RSA-AES128
 -v 1
 -l ECDHE-RSA-AES128-SHA
 
-# client TLSv1 ECDHE-RSA-AES128 
+# client TLSv1 ECDHE-RSA-AES128
 -v 1
 -l ECDHE-RSA-AES128-SHA
 
@@ -373,11 +346,11 @@
 -v 2
 -l ECDHE-RSA-DES-CBC3-SHA
 
-# server TLSv1.1 ECDHE-RSA-AES128 
+# server TLSv1.1 ECDHE-RSA-AES128
 -v 2
 -l ECDHE-RSA-AES128-SHA
 
-# client TLSv1.1 ECDHE-RSA-AES128 
+# client TLSv1.1 ECDHE-RSA-AES128
 -v 2
 -l ECDHE-RSA-AES128-SHA
 
@@ -405,11 +378,11 @@
 -v 3
 -l ECDHE-RSA-DES-CBC3-SHA
 
-# server TLSv1.2 ECDHE-RSA-AES128 
+# server TLSv1.2 ECDHE-RSA-AES128
 -v 3
 -l ECDHE-RSA-AES128-SHA
 
-# client TLSv1.2 ECDHE-RSA-AES128 
+# client TLSv1.2 ECDHE-RSA-AES128
 -v 3
 -l ECDHE-RSA-AES128-SHA
 
@@ -417,7 +390,7 @@
 -v 3
 -l ECDHE-RSA-AES128-SHA256
 
-# client TLSv1.2 ECDHE-RSA-AES128-SHA256 
+# client TLSv1.2 ECDHE-RSA-AES128-SHA256
 -v 3
 -l ECDHE-RSA-AES128-SHA256
 
@@ -484,13 +457,13 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server TLSv1 ECDHE-ECDSA-AES128 
+# server TLSv1 ECDHE-ECDSA-AES128
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDHE-ECDSA-AES128 
+# client TLSv1 ECDHE-ECDSA-AES128
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@@ -528,13 +501,13 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server TLSv1.1 ECDHE-ECDSA-AES128 
+# server TLSv1.1 ECDHE-ECDSA-AES128
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.1 ECDHE-ECDSA-AES128 
+# client TLSv1.1 ECDHE-ECDSA-AES128
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@@ -572,13 +545,13 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server TLSv1.2 ECDHE-ECDSA-AES128 
+# server TLSv1.2 ECDHE-ECDSA-AES128
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDHE-ECDSA-AES128 
+# client TLSv1.2 ECDHE-ECDSA-AES128
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@@ -625,13 +598,13 @@
 -v 1
 -l ECDH-RSA-DES-CBC3-SHA
 
-# server TLSv1 ECDH-RSA-AES128 
+# server TLSv1 ECDH-RSA-AES128
 -v 1
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDH-RSA-AES128 
+# client TLSv1 ECDH-RSA-AES128
 -v 1
 -l ECDH-RSA-AES128-SHA
 
@@ -665,13 +638,13 @@
 -v 2
 -l ECDH-RSA-DES-CBC3-SHA
 
-# server TLSv1.1 ECDH-RSA-AES128 
+# server TLSv1.1 ECDH-RSA-AES128
 -v 2
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.1 ECDH-RSA-AES128 
+# client TLSv1.1 ECDH-RSA-AES128
 -v 2
 -l ECDH-RSA-AES128-SHA
 
@@ -705,23 +678,23 @@
 -v 3
 -l ECDH-RSA-DES-CBC3-SHA
 
-# server TLSv1.2 ECDH-RSA-AES128 
+# server TLSv1.2 ECDH-RSA-AES128
 -v 3
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDH-RSA-AES128 
+# client TLSv1.2 ECDH-RSA-AES128
 -v 3
 -l ECDH-RSA-AES128-SHA
 
-# server TLSv1.2 ECDH-RSA-AES128-SHA256 
+# server TLSv1.2 ECDH-RSA-AES128-SHA256
 -v 3
 -l ECDH-RSA-AES128-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDH-RSA-AES128-SHA256 
+# client TLSv1.2 ECDH-RSA-AES128-SHA256
 -v 3
 -l ECDH-RSA-AES128-SHA256
 
@@ -757,13 +730,13 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server TLSv1 ECDH-ECDSA-AES128 
+# server TLSv1 ECDH-ECDSA-AES128
 -v 1
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDH-ECDSA-AES128 
+# client TLSv1 ECDH-ECDSA-AES128
 -v 1
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@@ -801,13 +774,13 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server TLSv1.1 ECDH-ECDSA-AES128 
+# server TLSv1.1 ECDH-ECDSA-AES128
 -v 2
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.1 ECDH-ECDSA-AES128 
+# client TLSv1.1 ECDH-ECDSA-AES128
 -v 2
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@@ -845,13 +818,13 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 
-# server TLSv1.2 ECDH-ECDSA-AES128 
+# server TLSv1.2 ECDH-ECDSA-AES128
 -v 3
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDH-ECDSA-AES128 
+# client TLSv1.2 ECDH-ECDSA-AES128
 -v 3
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@@ -862,7 +835,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDH-ECDSA-AES128-SHA256 
+# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
 -v 3
 -l ECDH-ECDSA-AES128-SHA256
 -A ./certs/server-ecc.pem
@@ -882,7 +855,7 @@
 -v 3
 -l ECDHE-RSA-AES256-SHA384
 
-# client TLSv1.2 ECDHE-RSA-AES256-SHA384 
+# client TLSv1.2 ECDHE-RSA-AES256-SHA384
 -v 3
 -l ECDHE-RSA-AES256-SHA384
 
@@ -897,13 +870,13 @@
 -l ECDHE-ECDSA-AES256-SHA384
 -A ./certs/server-ecc.pem
 
-# server TLSv1.2 ECDH-RSA-AES256-SHA384 
+# server TLSv1.2 ECDH-RSA-AES256-SHA384
 -v 3
 -l ECDH-RSA-AES256-SHA384
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDH-RSA-AES256-SHA384 
+# client TLSv1.2 ECDH-RSA-AES256-SHA384
 -v 3
 -l ECDH-RSA-AES256-SHA384
 
@@ -913,7 +886,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDH-ECDSA-AES256-SHA384 
+# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
 -v 3
 -l ECDH-ECDSA-AES256-SHA384
 -A ./certs/server-ecc.pem
@@ -1664,11 +1637,11 @@
 -v 3
 -l DHE-RSA-CAMELLIA256-SHA256
 
-# server TLSv1.2 RSA-AES128-GCM-SHA256 
+# server TLSv1.2 RSA-AES128-GCM-SHA256
 -v 3
 -l AES128-GCM-SHA256
 
-# client TLSv1.2 RSA-AES128-GCM-SHA256 
+# client TLSv1.2 RSA-AES128-GCM-SHA256
 -v 3
 -l AES128-GCM-SHA256
 
@@ -1680,13 +1653,13 @@
 -v 3
 -l AES256-GCM-SHA384
 
-# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -A ./certs/server-ecc.pem
@@ -1702,13 +1675,13 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
 
-# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
 -A ./certs/server-ecc.pem
@@ -1724,11 +1697,11 @@
 -l ECDH-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
 
-# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 
-# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 
@@ -1740,13 +1713,13 @@
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 
-# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
 
@@ -1760,11 +1733,11 @@
 -v 3
 -l ECDH-RSA-AES256-GCM-SHA384
 
-# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 
+# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
 -v 3
 -l DHE-RSA-AES128-GCM-SHA256
 
-# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 
+# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
 -v 3
 -l DHE-RSA-AES128-GCM-SHA256
 

tests/unit.c

@@ -45,7 +45,7 @@ int main(int argc, char** argv)
 
 int unit_test(int argc, char** argv)
 {
-    int ret;
+    int ret = 0;
 
     (void)argc;
     (void)argv;
@@ -68,24 +68,25 @@ int unit_test(int argc, char** argv)
 
     if ( (ret = HashTest()) != 0){
         printf("hash test failed with %d\n", ret);
-        return ret;
+        goto exit;
     }
 
 #ifndef SINGLE_THREADED
     if ( (ret = SuiteTest()) != 0){
         printf("suite test failed with %d\n", ret);
-        return ret;
+        goto exit;
     }
 #endif
 
     SrpTest();
 
+exit:
 #ifdef HAVE_WNR
     if (wc_FreeNetRandom() < 0)
         err_sys("Failed to free netRandom context");
 #endif /* HAVE_WNR */
 
-    return 0;
+    return ret;
 }
 
 

testsuite/testsuite.c

@@ -42,7 +42,9 @@
 #include "examples/client/client.h"
 
 
+#ifndef NO_SHA256
 void file_test(const char* file, byte* hash);
+#endif
 
 void simple_test(func_args*);
 
@@ -102,7 +104,7 @@ int testsuite_test(int argc, char** argv)
 #endif
 
 #if !defined(WOLFSSL_TIRTOS)
-	ChangeToWolfRoot();
+    ChangeToWolfRoot();
 #endif
 
 #ifdef WOLFSSL_TIRTOS
@@ -181,14 +183,18 @@ int testsuite_test(int argc, char** argv)
 
     /* validate output equals input */
     {
+    #ifndef NO_SHA256
         byte input[SHA256_DIGEST_SIZE];
         byte output[SHA256_DIGEST_SIZE];
 
         file_test("input",  input);
         file_test(outputName, output);
+    #endif
         remove(outputName);
+    #ifndef NO_SHA256
         if (memcmp(input, output, sizeof(input)) != 0)
             return EXIT_FAILURE;
+    #endif
     }
 
     wolfSSL_Cleanup();
@@ -325,7 +331,7 @@ void join_thread(THREAD_TYPE thread)
 #elif defined(WOLFSSL_TIRTOS)
     while(1) {
         if (Task_getMode(thread) == Task_Mode_TERMINATED) {
-		    Task_sleep(5);
+            Task_sleep(5);
             break;
         }
         Task_yield();
@@ -340,6 +346,7 @@ void join_thread(THREAD_TYPE thread)
 }
 
 
+#ifndef NO_SHA256
 void file_test(const char* file, byte* check)
 {
     FILE* f;
@@ -382,7 +389,7 @@ void file_test(const char* file, byte* check)
 
     fclose(f);
 }
-
+#endif
 
 #else /* SINGLE_THREADED */
 
@@ -398,13 +405,16 @@ int main(int argc, char** argv)
     server_args.argc = argc;
     server_args.argv = argv;
 
+    wolfSSL_Init();
     ChangeToWolfRoot();
 
     wolfcrypt_test(&server_args);
     if (server_args.return_code != 0) return server_args.return_code;
 
+    wolfSSL_Cleanup();
     printf("\nAll tests passed!\n");
-    return EXIT_SUCCESS;
+
+    EXIT_TEST(EXIT_SUCCESS);
 }
 
 

tirtos/README

@@ -7,6 +7,9 @@ library and the example applications.
 Also read TI-RTOS Getting Started Guide and TI-RTOS User Guide to learn more
 about TI-RTOS (http://www.ti.com/tool/ti-rtos).
 
+For more information see:
+(https://github.com/wolfSSL/wolfssl-examples/blob/master/tirtos_ccs_examples/README.md)
+
 ## Example Application
 
 A simple "TCP echo server with TLS" example application is provided with TI-RTOS