Merge pull request #2521 from JacobBarthelmeh/Release

prepare for release version 4.2.0

.gitignore

@@ -328,3 +328,9 @@ IDE/XCODE/Index
 \.settings/
 \.cproject
 \.project
+
+# Renesas e2studio
+/IDE/Renesas/e2studio/Projects/test/src/smc_gen
+/IDE/Renesas/e2studio/Projects/test/trash
+/IDE/Renesas/e2studio/Projects/test/*.launch
+/IDE/Renesas/e2studio/Projects/test/*.scfg

ChangeLog.md

@@ -1,3 +1,96 @@
+# wolfSSL Release 4.2.0 (10/22/2019)
+
+If you have questions about this release, then feel free to contact us on our info@ address.
+
+Release 4.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+
+##### New Feature Additions
+* Over 198 OpenSSL compatibility API’s added
+* Apache port added for compiling with wolfSSL using --enable-apachehttpd
+* Port for using wolfSSL with OpenVSwitch
+* Port for Renesas TSIP added
+* Visual Studio Solution for Azure Sphere Devices (MT3620 and MT3620-mini) added to the directory IDE/VS-AZURE-SPHERE
+* Addition of Coldfire MCF5441X NetBurner example to the directory IDE/M68K/
+* Added support for prime checking to SP math build
+* Addition of DYNAMIC_TYPE_BIGINT type for tracking mp_int allocations
+* Addition of wc_ecc_get_curve_params API for getting ecc_set_type params for a curve
+* Adding in TLS_SHA256_SHA256 and TLS_SHA384_SHA384 TLS1.3 cipher suites (null ciphers)
+* Added in PKCS7 decryption callbacks for CMS operations
+* Added handling for optional ECC parameters with PKCS7 KARI
+* Addition to configure.ac for FIPS wolfRand builds
+* Adding the flag WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY for ignoring certificate date checks with the functions wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex
+* Support for PKCS8 keys added to the function wolfSSL_CTX_use_PrivateKey_buffer
+* Support for KECCAK hashing. Build with macro WOLFSSL_HASH_FLAGS and call wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256) before the first SHA3 update 
+* Addition of setting secure renegotiation at CTX level
+* Addition of KDS (NXP Kinetis Design Studio) example project to directory IDE/KDS/
+* Support for Encrypt-Then-MAC to TLS 1.2 and below
+* Added a new build option for a TITAN session cache that can hold just over 2 million session entries (--enable-titancache)  
+* Synchronous Quick Assist Support for Sniffer
+* Added Support for SiFive HiFive Unleashed board 
+* Support for Google WebRTC added in to compatibility layer build
+* Additional Sniffer features; IPv6 sniffer support, Fragment chain input, Data store callback, Various statistics tweaks and other Sniffer fixes
+
+
+##### Fixes
+* Addition of internal content digest checks for PKCS7 SignedData message types that also have signed attributes present. Users could previously check the content digest against the messageDigest attribute, but this adds a default internal check. It’s advised that if users are not doing their own checks that they update wolfSSL version.
+* A fix for BIO and base64 encoding/decoding
+* A fix for memory management of CTX / WOLFSSL_METHOD pointer with staticmemory build
+* A fix for detection of AES-NI support to read bit 25 from ECX
+* A fix a DTLS handshake message retransmit bug corner case
+* Additional fixes to coding style and uninitialized values using cppcheck tool
+* Fixes for failing IAR builds, thanks to Joseph C. for the report
+* Fixes for ARMv8 Poly1305 inline assembly code to compile with clang 3.5
+* Fixes for esp-idf build warnings
+* A fix for XSNPRINTF with mingw32 builds
+* Fixes for strncpy warnings when compiling with newer versions of GCC
+* A fix for using IV of all 0’s as default case with AES-NI when no IV passed in
+* Fixes for types with 16 bit systems, thanks to Ralf Schlatterbeck
+* Fixes for build with devcrypto/afalg and aesccm, thanks to GitHub user cotequeiroz for the report
+* Fixes for addressing handling of pathLen constraint when parsing certificate chains
+* A DTLS fix for alert packet injection at end of handshake
+* Fixes for Poly1305 AArch64 assembly code
+* A fix for memory management in error cases when adding a CA, this resolves a coverity report
+* A fix for SP math for precomputation tables to not include infinity field
+* Fixes for checks on defines with AVX2 and Poly1305 build
+* Fixes for CubeMX HAL v1.15 with STM32F7
+* A fix for TLS 1.3 to always send Key Share extension
+* A fix for a potential buffer over read in TLS 1.3 DoTls13SupportedVersions, thanks to Artem for the report
+
+
+##### Improvements/Optimizations
+* Optimization to SP math, changing variables to const where possible. Thanks to Yair Poleg (yair.poleg@ayyeka.com) of Ayyeka for proposing static declaration of global constant variables in SP code
+* Additional fuzz testing and fixes for TLS 1.3 use, including additional TLS 1.3 alert messages (PR#2440 for more information)
+* Additional sanity check that ciphersuite from client hello is used in server hello response (check can be removed with the macro WOLFSSL_NO_STRICT_CIPHER_SUITE)
+* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78% 
+* By default, disallow SHA-2 cipher suites from being used in TLS 1.0 and 1.1 handshakes (can be ignored with macro WOLFSSL_OLDTLS_SHA2_CIPHERSUITES)
+* Optimization of export session buffer size with enable option --enable-sessionexport=nopeer
+* Spelling fixes in comments and some cast warnings resolved
+* Updates to abstract atoi to XATOI when used, this allows for better portability when making calls to the system function atoi for converting strings to integers
+* Improvements to the STSAFE-A100 error code handling, providing better debug information
+* Adding a sanity check on TLS 1.3 ticket encrypt callback
+* Specialized implementations of mod exp when base is 2
+
+
+
+##### This release of wolfSSL includes a fix for 5 security vulnerabilities.
+
+Fix for sanity check on reading TLS 1.3 pre-shared key extension. This fixes a potential for an invalid read when TLS 1.3 and pre-shared keys is enabled. Users without TLS 1.3 enabled are unaffected. Users with TLS 1.3 enabled and HAVE_SESSION_TICKET defined or NO_PSK not defined should update wolfSSL versions. Thanks to Robert Hoerr for the report.
+
+Fix for potential program hang when ocspstapling2 is enabled. This is a moderate level fix that affects users who have ocspstapling2 enabled(off by default) and are on the server side. In parsing a CSR2 (Certificate Status Request v2 ) on the server side, there was the potential for a malformed extension to cause a program hang. Thanks to Robert Hoerr for the report.
+
+Two moderate level fixes involving an ASN.1 over read by one byte. CVE-2019-15651 is for a fix that is due to a potential one byte over read when decoding certificate extensions. CVE-2019-16748 is for a fix on a potential one byte overread with checking certificate signatures. This affects builds that do certificate parsing and do not have the macro NO_SKID defined.Thanks to Yan Jia and the researcher team  from Institute of Software, Chinese Academy of Sciences for the report.
+
+High level fix for DSA operations involving an attack on recovering DSA private keys. This fix affects users that have DSA enabled and are performing DSA operations (off by default). All users that have DSA enabled and are using DSA keys are advised to regenerate DSA keys and update wolfSSL version. ECDSA is NOT affected by this and TLS code is NOT affected by this issue. Thanks to Ján Jančár for the report.
+
+
+For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
+
 # wolfSSL Release 4.1.0 (07/22/2019)
 
 Release 4.1.0 of wolfSSL embedded TLS has bug fixes and new features including:

IDE/ECLIPSE/SIFIVE/README.md

@@ -1,199 +1 @@
-# SiFive RISC-V HiFive1 Port
-
-## Overview
-You can enable the wolfSSL support for RISC-V using the `#define WOLFSSL_SIFIVE_RISC_V`.
-
-## Prerequisites
-1. Follow the instructions on the SiFive GitHub [here](https://github.com/sifive/freedom-e-sdk) and SiFive website [here](https://www.sifive.com/) to download the freedom-e-sdk and software tools.
-3. Run a simple hello application on your development board to confirm that your board functions as expected and the communication between your computer and the board works.
-
-## Usage
-You can start with a wolfcrypt example project to integrate the wolfSSL source code.
-wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/SIFIVE/user_settings.h` file.
-
-The `IDE/ECLIPSE/SIFIVE/main.c` example application provides a function to run the selected examples at compile time through the following two #defines in user_settings.h. You can define these macro options to disable the test run.
-```
-- #undef NO_CRYPT_TEST
-- #undef NO_CRYPT_BENCHMARK
-```
-
-## Setup
-### Setting up the SDK with wolfSSL
-1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `$HOME` directory. You can also copy or simlink to the source.
-```
-  For example,
-  $ cd $HOME
-  $ git clone --depth=1 https://github.com/wolfSSL/wolfssl.git
-
-```
-2. Copy the wolfcrypt example project into your `freedom-e-sdk/software` directory.
-
-```
-  $ cp -rf ~/wolfssl/IDE/ECLIPSE/SIFIVE ~/freedom-e-sdk/software/wolfcrypt
-```
-
-3. Edit your `~/freedom-e-sdk/scripts/standalone.mk` and add the following line after the last RISCV_CFLAGS entry:
-
-```
-  RISCV_CFLAGS += -I$(WOLFSSL_SRC_DIR) -I$(WOLFSSL_SRC_DIR)/IDE/ECLIPSE/SIFIVE -DWOLFSSL_USER_SETTINGS
-```
-
-4. WOLFSSL_SRC_DIR variable must be set in the environment when GNU make is started.
-
-```
-  $ export WOLFSSL_SRC_DIR=~/wolfssl
-```
-
-5. Setup your riscv64 compiler 
-
-```
-  $ export RISCV_OPENOCD_PATH=/opt/riscv-openocd
-```
-6. (Optional) Setup OpenOCD if your target supports it:
-
-```
-  $ export RISCV_OPENOCD_PATH=/opt/riscv-openocd
-```
-## Building and Running
-
-You can build from source or create a static library.
-
-1. Using command-line:
-
-```
-  $ cd freedom-e-sdk
-  $ make PROGRAM=wolfcrypt TARGET=sifive-hifive1-revb CONFIGURATION=debug clean software upload
-```
-This example cleans, builds and uploads the software on the sifive-hifive1-revb target but you can also combine and build for any of the supported targets. 
-
-Review the test results on the target console.
-
-2. Building a static library for RISC-V using a cross-compiler:
-
-```
-$ cd $WOLFSSL_SRC_DIR
-
-$./configure --host=riscv64-unknown-elf  \
-CC=riscv64-unknown-elf-gcc \
-AR=riscv64-unknown-elf-ar \
-AS=riscv64-unknown-elf-as \
-RANLIB=$RISCV_PATH/bin/riscv64-unknown-elf-gcc-ranlib \
-LD=riscv64-unknown-elf-ld \
-CXX=riscv64-unknown-elf-g++ \
---disable-examples --enable-static --disable-shared \
-CFLAGS="-march=rv32imac -mabi=ilp32 -mcmodel=medlow -ffunction-sections -fdata-sections -I~/freedom-e-sdk/bsp/sifive-hifive1/install/include -O0 -g -DNO_FILESYSTEM -DWOLFSSL_NO_SOCK -DNO_WRITEV -DWOLFCRYPT_ONLY -DWOLFSSL_SIFIVE_RISC_V"
-
-$make
-$sudo make install
-```
-You can now build and link your software to the wolfSSL libwolfssl.a static library.
-
-### `wolfcrypt_test()`
-
-wolfcrypt_test() prints a message on the target console similar to the following output:
-
-```
-SiFive HiFive1 Demo
-Setting clock to 320MHz
-Actual Clock 320MHz
-
-error    test passed!
-MEMORY   test passed!
-base64   test passed!
-asn      test passed!
-SHA      test passed!
-SHA-256  test passed!
-SHA-512  test passed!
-Hash     test passed!
-HMAC-SHA test passed!
-HMAC-SHA256 test passed!
-HMAC-SHA512 test passed!
-GMAC     test passed!
-Chacha   test passed!
-POLY1305 test passed!
-ChaCha20-Poly1305 AEAD test passed!
-AES      test passed!
-AES192   test passed!
-AES256   test passed!
-AES-GCM  test passed!
-RANDOM   test passed!
-ECC      test passed!
-ECC buffer test passed!
-CURVE25519 test passed!
-ED25519  test passed!
-logging  test passed!
-mutex    test passed!
-Test complete
-```
-### `benchmark_test()`
-
-benchmark_test() prints a message on the target console similar to the following output.
-
-TARGET=sifive-hifive1-revb:
-
-```
-SiFive HiFive1 Demo
-Setting clock to 320MHz
-Actual Clock 320MHz
-
-------------------------------------------------------------------------------
- wolfSSL version 4.0.0
-------------------------------------------------------------------------------
-wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
-RNG                250 KB took 1.098 seconds,  227.714 KB/s
-AES-128-CBC-enc     50 KB took 1.132 seconds,   44.175 KB/s
-AES-128-CBC-dec     50 KB took 1.142 seconds,   43.778 KB/s
-AES-192-CBC-enc     50 KB took 1.250 seconds,   40.007 KB/s
-AES-192-CBC-dec     50 KB took 1.260 seconds,   39.677 KB/s
-AES-256-CBC-enc     50 KB took 1.368 seconds,   36.552 KB/s
-AES-256-CBC-dec     50 KB took 1.378 seconds,   36.279 KB/s
-AES-128-GCM-enc     25 KB took 1.225 seconds,   20.412 KB/s
-AES-128-GCM-dec     25 KB took 1.225 seconds,   20.402 KB/s
-AES-192-GCM-enc     25 KB took 1.290 seconds,   19.373 KB/s
-AES-192-GCM-dec     25 KB took 1.291 seconds,   19.366 KB/s
-AES-256-GCM-enc     25 KB took 1.352 seconds,   18.487 KB/s
-AES-256-GCM-dec     25 KB took 1.353 seconds,   18.478 KB/s
-CHACHA               1 MB took 1.006 seconds,    1.020 MB/s
-CHA-POLY           700 KB took 1.032 seconds,  678.045 KB/s
-POLY1305             2 MB took 1.007 seconds,    2.255 MB/s
-SHA                  2 MB took 1.002 seconds,    1.511 MB/s
-SHA-256            525 KB took 1.011 seconds,  519.279 KB/s
-SHA-512            275 KB took 1.017 seconds,  270.477 KB/s
-HMAC-SHA             1 MB took 1.013 seconds,    1.399 MB/s
-HMAC-SHA256        525 KB took 1.019 seconds,  515.020 KB/s
-HMAC-SHA512        275 KB took 1.032 seconds,  266.351 KB/s
-ECC      256 key gen         2 ops took 1.104 sec, avg 551.834 ms, 1.812 ops/sec
-ECDHE    256 agree           2 ops took 1.101 sec, avg 550.400 ms, 1.817 ops/sec
-ECDSA    256 sign            2 ops took 1.173 sec, avg 586.502 ms, 1.705 ops/sec
-ECDSA    256 verify          2 ops took 2.153 sec, avg 1076.294 ms, 0.929 ops/sec
-CURVE  25519 key gen         2 ops took 1.629 sec, avg 814.423 ms, 1.228 ops/sec
-CURVE  25519 agree           2 ops took 1.626 sec, avg 813.156 ms, 1.230 ops/sec
-ED     25519 key gen         1 ops took 1.436 sec, avg 1436.096 ms, 0.696 ops/sec
-ED     25519 sign            2 ops took 2.913 sec, avg 1456.421 ms, 0.687 ops/sec
-ED     25519 verify          2 ops took 5.012 sec, avg 2506.012 ms, 0.399 ops/sec
-Benchmark complete
-```
-
-## Tested Configurations
-- P-RNG (NIST DRBG) with SHA-256
-- SHA 1/256/512
-- AES 128/192/256 CBC/GCM
-- ECC 256 sign/verify/shared secret with fast math or Single Precision (SP) library
-- ED25519/Curve25519
-- HMAC
-- ChaCha20/Poly1305
-
-## Known Caveats
-- If you find the wolfcrypt test stuck on early_trap_vector error, it is like related to memory issues
-- Using the `__stack_size` default value of 0x400 will not be enough for the ECC test to pass.
-The `IDE/ECLIPSE/SIFIVE/Makefile` overwrites the value with 0x1000 (4 KBytes)
-- Enabling RSA will cause the ECC test to fail due to memory shortage.
-
-## References
-
-The test results were collected from a SiFive reference platform target with the following hardware, software and tool chains:
-- HiFive1 Rev A/Rev B: HiFive1 Development Board with the Freedom Everywhere SoC, E300
-- freedom-e-sdk
-- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
-
-For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)
+This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.

IDE/ECLIPSE/SIFIVE/include.am

@@ -3,7 +3,4 @@
 # All paths should be given relative to the root
 
 EXTRA_DIST += \
-    IDE/ECLIPSE/SIFIVE/README.md \
-    IDE/ECLIPSE/SIFIVE/main.c \
-    IDE/ECLIPSE/SIFIVE/Makefile\
-    IDE/ECLIPSE/SIFIVE/user_settings.h
+    IDE/ECLIPSE/SIFIVE/README.md

IDE/Espressif/ESP-IDF/dummy_config_h

@@ -0,0 +1,24 @@
+/* config.h - dummy
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _CONFIG_H_
+#define _CONFIG_H_
+#endif

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c

@@ -150,6 +150,7 @@ int construct_argv()
 /* entry point */
 void app_main(void)
 {
+    (void) TAG;
 #ifndef NO_CRYPT_BENCHMARK
 
 /* when using atecc608a on esp32-wroom-32se */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt

@@ -2,5 +2,10 @@
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.5)
 
+# (Not part of the boilerplate)
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# disable the following line if there isn't the directory
+set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(wolfssl_client)

IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile

@@ -6,6 +6,7 @@
 PROJECT_NAME := wolfssl_client
 
 CFLAGS += -DWOLFSSL_USER_SETTINGS
+# if there isn't the directory, please disable the line below.
+EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
 
 include $(IDF_PATH)/make/project.mk
-

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

@@ -131,6 +131,7 @@ void tls_smp_client_task()
     size_t len;
     struct hostent *hp;
     struct ip4_addr *ip4_addr;
+    const char sndMsg[] = "GET /index.html HTTP/1.0\r\n\r\n";
 
     /* declare wolfSSL objects */
     WOLFSSL_CTX *ctx;
@@ -257,8 +258,8 @@ void tls_smp_client_task()
 
     if(sendGet){
         printf("SSL connect ok, sending GET...\n");
-        len = 28;
-        strncpy(buff, "GET /index.html HTTP/1.0\r\n\r\n", 28);
+        len = XSTRLEN(sndMsg);
+        strncpy(buff, sndMsg, len);
         buff[len] = '\0';
     } else {
         sprintf(buff, "message from esp32 tls client\n");

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h

@@ -21,9 +21,14 @@
 #ifndef _TLS_WIFI_H_
 #define _TLS_WIFI_H_
 
+#include "esp_idf_version.h"
 #include "esp_log.h"
 #include "esp_wifi.h"
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#include "esp_event.h"
+#else
 #include "esp_event_loop.h"
+#endif
 
 #define DEFAULT_PORT                     11111
 

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c

@@ -27,6 +27,9 @@
 #include "lwip/netdb.h"
 #include "lwip/apps/sntp.h"
 #include "nvs_flash.h"
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#include "protocol_examples_common.h"
+#endif
 
 const static int CONNECTED_BIT = BIT0;
 static EventGroupHandle_t wifi_event_group;
@@ -48,12 +51,13 @@ static void set_time()
     time_t now;
     struct tm timeinfo;
     char strftime_buf[64];
-
-    utctime.tv_sec = 1542008020; /* dummy time: Mon Nov 12 07:33:40 2018 */
+    /* please update the time if seeing unknown failure. */
+    /* this could cause TLS communication failure due to time expiration */
+    utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;
-    
+
     settimeofday(&utctime, &tz);
 
     time(&now);
@@ -62,9 +66,11 @@ static void set_time()
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
 
+#if ESP_IDF_VERSION_MAJOR < 4
     /* wait until wifi connect */
     xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                                             false, true, portMAX_DELAY);
+#endif
     /* now we start client tasks. */
     tls_smp_client_init();
 }
@@ -120,6 +126,15 @@ void app_main(void)
     tcpip_adapter_init();
 
     /* */
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+    (void) wifi_event_handler;
+   ESP_ERROR_CHECK(esp_event_loop_create_default());
+   /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
+   * Read "Establishing Wi-Fi or Ethernet Connection" section in
+   * examples/protocols/README.md for more information about this function.
+   */
+    ESP_ERROR_CHECK(example_connect());
+#else
     wifi_event_group = xEventGroupCreate();
     ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL));
     wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
@@ -141,6 +156,7 @@ void app_main(void)
     ESP_LOGI(TAG, "wifi_init_sta finished.");
     ESP_LOGI(TAG, "connect to ap SSID:%s password:%s",
                                         TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS);
+#endif
     ESP_LOGI(TAG, "Set dummy time...");
     set_time();
 }

IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt

@@ -2,6 +2,10 @@
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.5)
 
+# (Not part of the boilerplate)
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# disable the following line if there isn't the directory
+set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(wolfssl_server)

IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile

@@ -7,5 +7,8 @@ PROJECT_NAME := tls_server
 
 CFLAGS += -DWOLFSSL_USER_SETTINGS
 
+# if there isn't the directory, please disable the line below.
+EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
+
 include $(IDF_PATH)/make/project.mk
 

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h

@@ -1,4 +1,4 @@
-/* wifi_connect.h 
+/* wifi_connect.h
  *
  * Copyright (C) 2006-2019 wolfSSL Inc.
  *
@@ -21,9 +21,14 @@
 #ifndef _TLS_WIFI_H_
 #define _TLS_WIFI_H_
 
+#include "esp_idf_version.h"
 #include "esp_log.h"
 #include "esp_wifi.h"
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#include "esp_event.h"
+#else
 #include "esp_event_loop.h"
+#endif
 
 #define DEFAULT_PORT                     11111
 

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c

@@ -133,6 +133,7 @@ void tls_smp_server_task()
     size_t             len;
     int                shutdown = 0;
     int                ret;
+    const char msg[] = "I hear you fa shizzle!";
 
     /* declare wolfSSL objects */
     WOLFSSL_CTX* ctx;
@@ -245,7 +246,7 @@ void tls_smp_server_task()
         }
         /* Write our reply into buff */
         memset(buff, 0, sizeof(buff));
-        memcpy(buff, "I hear ya fa shizzle!", sizeof(buff));
+        memcpy(buff, msg, sizeof(msg));
         len = strnlen(buff, sizeof(buff));
         /* Reply back to the client */
         if (wolfSSL_write(ssl, buff, len) != len) {

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c

@@ -27,6 +27,9 @@
 #include "lwip/netdb.h"
 #include "lwip/apps/sntp.h"
 #include "nvs_flash.h"
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#include "protocol_examples_common.h"
+#endif
 
 const static int CONNECTED_BIT = BIT0;
 static EventGroupHandle_t wifi_event_group;
@@ -45,8 +48,9 @@ static void set_time()
     time_t now;
     struct tm timeinfo;
     char strftime_buf[64];
-
-    utctime.tv_sec = 1542008020; /* dummy time: Mon Nov 12 07:33:40 2018 */
+    /* please update the time if seeing unknown failure. */
+    /* this could cause TLS communication failure due to time expiration */
+    utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;
@@ -59,9 +63,11 @@ static void set_time()
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
 
+#if ESP_IDF_VERSION_MAJOR < 4
     /* wait until wifi connect */
     xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                                             false, true, portMAX_DELAY);
+#endif
     /* now we start client tasks. */
     tls_smp_server_init();
 }
@@ -117,6 +123,15 @@ void app_main(void)
     tcpip_adapter_init();
 
     /* */
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+    (void) wifi_event_handler;
+   ESP_ERROR_CHECK(esp_event_loop_create_default());
+   /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
+   * Read "Establishing Wi-Fi or Ethernet Connection" section in
+   * examples/protocols/README.md for more information about this function.
+   */
+    ESP_ERROR_CHECK(example_connect());
+#else
     wifi_event_group = xEventGroupCreate();
     ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL));
     wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
@@ -138,6 +153,7 @@ void app_main(void)
     ESP_LOGI(TAG, "wifi_init_sta finished.");
     ESP_LOGI(TAG, "connect to ap SSID:%s password:%s",
                                         TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS);
-    ESP_LOGI(TAG, "Set Dummy time...");
+#endif
+    ESP_LOGI(TAG, "Set dummy time...");
     set_time();
 }

IDE/Espressif/ESP-IDF/setup.sh

@@ -58,6 +58,7 @@ ${CPDCMD} -r ./wolfssl/*.h ${WOLFSSLLIB_TRG_DIR}/wolfssl/
 ${CPDCMD} -r ./wolfssl/wolfcrypt ${WOLFSSLLIB_TRG_DIR}/wolfssl/
 # user_settings.h
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/user_settings.h ${WOLFSSLLIB_TRG_DIR}/include/
+${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/dummy_config_h ${WOLFSSLLIB_TRG_DIR}/include/config.h
 
 # unit test app
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/test/* ${WOLFSSLLIB_TRG_DIR}/test/

IDE/GCC-ARM/README.md

@@ -120,6 +120,6 @@ These settings are located in `Header/user_settings.h`.
 * `USE_SLOW_SHA512`: Over twice as small, but 50% slower
 * `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with. 
 * `BENCH_EMBEDDED`: Define this if using the wolfCrypt test/benchmark and using a low memory target.
-* `ECC_USER_CURVES`: Allows user to defines curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc....
+* `ECC_USER_CURVES`: Allows user to define curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc....
 * `TFM_ARM`, `TFM_SSE2`, `TFM_AVR32`, `TFM_PPC32`, `TFM_MIPS`, `TFM_X86` or `TFM_X86_64`: These are assembly optimizations available with USE_FAST_MATH.
 * Single Precision Math for ARM: See `WOLFSSL_SP`. Optimized math for ARM performance of specific RSA, DH and ECC algorithms.

IDE/KDS/.cproject

@@ -0,0 +1,204 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
+	<storageModule moduleId="org.eclipse.cdt.core.settings">
+		<cconfiguration id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755" moduleId="org.eclipse.cdt.core.settings" name="Debug">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe" cleanCommand="${cross_rm} -rf" description="" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755" name="Debug" parent="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug">
+					<folderInfo id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755." name="/" resourcePath="">
+						<toolChain id="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug.1219033186" name="Cross ARM GCC" superClass="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.1889985691" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.none" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.1934974013" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.1488765487" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.2137237709" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.189250506" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.318329197" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.max" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.379381336" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1982231667" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.982386377" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture" value="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.arm" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.357134062" name="ARM family" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-m3" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.942886942" name="Instruction set" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.thumb" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.1985384014" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix" value="arm-none-eabi-" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.980821709" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c" value="gcc" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.741978820" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp" value="g++" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.644448038" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar" value="ar" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1568794824" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy" value="objcopy" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1663916396" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump" value="objdump" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.644079467" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size" value="size" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1653907508" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make" value="make" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.212411635" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm" value="rm" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.37217667" name="Create flash image" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.938806288" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize" value="true" valueType="boolean"/>
+							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.2020299399" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
+							<builder buildPath="${workspace_loc:/wolfssl-test}/Debug" id="ilg.gnuarmeclipse.managedbuild.cross.builder.1169013041" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" superClass="ilg.gnuarmeclipse.managedbuild.cross.builder"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1652818945" name="Cross ARM GNU Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.1995204633" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.588237282" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1618862980" name="Cross ARM C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.1348561577" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="false" valueType="includePath">
+									<listOptionValue builtIn="false" value="../../../../wolfssl"/>
+									<listOptionValue builtIn="false" value=".././config"/>
+								</option>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1370434476" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="false" valueType="definedSymbols">
+									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
+								</option>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1511494824" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.204098874" name="Cross ARM C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1188857255" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.706026125" name="Cross ARM C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections.960189587" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.other.1923669300" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.other" value="--specs=rdimon.specs -Wl,--start-group -lgcc -lc -lc -lm -lrdimon -Wl,--end-group" valueType="string"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.653534040" name="Cross ARM C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections.1864249736" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other.1426398559" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other" value="--specs=rdimon.specs -Wl,--start-group -lgcc -lc -lc -lm -lrdimon -Wl,--end-group" valueType="string"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input.907833184" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input">
+									<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
+									<additionalInput kind="additionalinput" paths="$(LIBS)"/>
+								</inputType>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1802905650" name="Cross ARM GNU Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.1296666581" name="Cross ARM GNU Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.913795604" name="Cross ARM GNU Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source.1264511626" name="Display source (--source|-S)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders.957974251" name="Display all headers (--all-headers|-x)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle.2098897888" name="Demangle names (--demangle|-C)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers.511113554" name="Display line numbers (--line-numbers|-l)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide.3492907" name="Wide lines (--wide|-w)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide" value="true" valueType="boolean"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.91497735" name="Cross ARM GNU Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format.898726007" name="Size format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+					<sourceEntries>
+						<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="src"/>
+					</sourceEntries>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+		<cconfiguration id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795" moduleId="org.eclipse.cdt.core.settings" name="Release">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.release,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe" cleanCommand="${cross_rm} -rf" description="" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795" name="Release" parent="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release">
+					<folderInfo id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795." name="/" resourcePath="">
+						<toolChain id="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.release.813859650" name="Cross ARM GCC" superClass="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.release">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.794819747" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.size" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.1496674696" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.650429804" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1570447896" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.838509098" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.662400626" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1161227121" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.705055087" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.506368524" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture" value="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.arm" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.612731672" name="ARM family" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-m3" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.1833413616" name="Instruction set" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.thumb" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.881134378" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix" value="arm-none-eabi-" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.2100237234" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c" value="gcc" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.1356336567" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp" value="g++" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.1525413618" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar" value="ar" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1604347618" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy" value="objcopy" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1779877498" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump" value="objdump" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.911087419" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size" value="size" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1710464795" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make" value="make" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.1501290946" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm" value="rm" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1999176868" name="Create flash image" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1190543033" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize" value="true" valueType="boolean"/>
+							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.30283807" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
+							<builder buildPath="${workspace_loc:/wolfssl-test}/Release" id="ilg.gnuarmeclipse.managedbuild.cross.builder.394488448" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" superClass="ilg.gnuarmeclipse.managedbuild.cross.builder"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.441759325" name="Cross ARM GNU Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.594523961" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.250835699" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.377447475" name="Cross ARM C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1965124250" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1682275351" name="Cross ARM C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1092458319" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.1984331723" name="Cross ARM C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections.1569599516" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.other.933648471" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.other" value="--specs=rdimon.specs -Wl,--start-group -lgcc -lc -lc -lm -lrdimon -Wl,--end-group" valueType="string"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.1950861502" name="Cross ARM C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections.2133729789" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other.1119517305" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other" value="--specs=rdimon.specs -Wl,--start-group -lgcc -lc -lc -lm -lrdimon -Wl,--end-group" valueType="string"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input.27793787" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input">
+									<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
+									<additionalInput kind="additionalinput" paths="$(LIBS)"/>
+								</inputType>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.513801227" name="Cross ARM GNU Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.1231377091" name="Cross ARM GNU Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.89637169" name="Cross ARM GNU Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source.2090652470" name="Display source (--source|-S)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders.1819919258" name="Display all headers (--all-headers|-x)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle.276097013" name="Demangle names (--demangle|-C)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers.1578115309" name="Display line numbers (--line-numbers|-l)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide.786035502" name="Wide lines (--wide|-w)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide" value="true" valueType="boolean"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.397820407" name="Cross ARM GNU Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format.226153595" name="Size format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+					<sourceEntries>
+						<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="src"/>
+					</sourceEntries>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+	</storageModule>
+	<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+		<project id="wolfssl-test.ilg.gnuarmeclipse.managedbuild.cross.target.elf.1253579278" name="Executable" projectType="ilg.gnuarmeclipse.managedbuild.cross.target.elf"/>
+	</storageModule>
+	<storageModule moduleId="scannerConfiguration">
+		<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1613256277;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1613256277.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1198618439;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1181889101">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795;ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.377447475;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1965124250">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1618862980;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1511494824">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.204098874;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1188857255">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795;ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1682275351;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1092458319">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1613256277;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1613256277.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1931048491;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1225137803">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
+	<storageModule moduleId="refreshScope"/>
+</cproject>

IDE/KDS/.project

@@ -0,0 +1,394 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>wolfssl-test</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.core.ccnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>src/test.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/test/test.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/aes.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/aes.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/arc4.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/arc4.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/asm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/asm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/asn.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/asn.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/blake2b.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/blake2b.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/blake2s.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/blake2s.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/camellia.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/camellia.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/chacha.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/chacha.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/chacha20_poly1305.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/chacha20_poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/cmac.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/cmac.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/coding.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/coding.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/compress.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/compress.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/cpuid.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/cpuid.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/cryptocb.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/cryptocb.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/curve25519.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/curve25519.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/des3.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/des3.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/dh.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/dh.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/dsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/dsa.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ecc.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ecc.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ecc_fp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ecc_fp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ed25519.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ed25519.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/error.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/error.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/fe_low_mem.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/fe_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/fe_operations.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/fe_operations.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ge_low_mem.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ge_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ge_operations.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ge_operations.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/hash.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/hc128.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/hc128.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/hmac.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/hmac.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/idea.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/idea.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/integer.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/integer.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/logging.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/logging.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/md2.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/md2.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/md4.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/md4.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/md5.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/md5.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/memory.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/memory.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/pkcs12.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/pkcs12.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/pkcs7.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/pkcs7.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/poly1305.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/pwdbased.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/pwdbased.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/rabbit.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/rabbit.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/random.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/random.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ripemd.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ripemd.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/rsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/rsa.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sha.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sha.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sha256.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sha256.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sha3.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sha3.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sha512.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sha512.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/signature.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/signature.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_arm32.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_arm32.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_arm64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_arm64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_armthumb.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_armthumb.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_c32.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_c32.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_c64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_c64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_cortexm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_cortexm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_int.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_int.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_x86_64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_x86_64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/srp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/srp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/tfm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/tfm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wc_encrypt.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wc_encrypt.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wc_pkcs11.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wc_pkcs11.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wc_port.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wc_port.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wolfevent.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wolfevent.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wolfmath.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wolfmath.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/crl.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/crl.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/internal.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/internal.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/keys.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/keys.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/ocsp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/ocsp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/ssl.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/ssl.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/tls.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/tls.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/tls13.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/tls13.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/wolfio.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/wolfio.c</locationURI>
+		</link>
+	</linkedResources>
+</projectDescription>

IDE/KDS/config/user_settings.h

@@ -0,0 +1,32 @@
+/* #define NO_MAIN_DRIVER */
+#define BENCH_EMBEDDED
+#define NO_WRITEV
+#define WOLFSSL_USER_IO
+#define NO_DEV_RANDOM
+#define USE_CERT_BUFFERS_2048
+#define WOLFSSL_USER_CURRTIME
+#define SIZEOF_LONG_LONG 8
+#define NO_WOLFSSL_DIR
+#define WOLFSSL_NO_CURRDIR
+#define NO_WOLF_C99
+#define NO_MULTIBYTE_PRINT
+
+#define WOLFSSL_USER_CURRTIME /* for benchmark */
+
+#define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
+
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+#define SINGLE_THREADED  /* or define RTOS  option */
+/* #define WOLFSSL_CMSIS_RTOS */
+#define NO_FILESYSTEM
+
+#define NO_DH
+#define HAVE_AESGCM
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519

IDE/KDS/include.am

@@ -0,0 +1,7 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/KDS/.cproject
+EXTRA_DIST+= IDE/KDS/.project
+EXTRA_DIST+= IDE/KDS/config/user_settings.h

IDE/M68K/Makefile

@@ -0,0 +1,91 @@
+NAME    = wolfssl
+DEVICE  = -m5206e -gdwarf-2 -DMOD5441X -DMCF5441X
+OLEVEL  = -O2
+NBHEADERS = -I"$(NBROOT)/include" -I"$(NBROOT)/MOD5441X/include"
+
+# location to put wolfssl.a created
+OUTPUT  = $(NBROOT)/lib
+
+
+CSRCS := ../../wolfcrypt/src/rsa.c \
+        ../../wolfcrypt/src/asn.c \
+        ../../wolfcrypt/src/aes.c \
+        ../../wolfcrypt/src/sha.c \
+        ../../wolfcrypt/src/sha256.c \
+        ../../wolfcrypt/src/sha512.c \
+        ../../wolfcrypt/src/integer.c \
+        ../../wolfcrypt/src/tfm.c \
+        ../../wolfcrypt/src/random.c \
+        ../../wolfcrypt/src/logging.c \
+        ../../wolfcrypt/src/memory.c \
+        ../../wolfcrypt/src/coding.c \
+        ../../wolfcrypt/src/hash.c \
+        ../../wolfcrypt/src/hmac.c \
+        ../../wolfcrypt/src/md5.c \
+        ../../wolfcrypt/src/wc_port.c \
+        ../../wolfcrypt/src/wc_encrypt.c \
+        ../../wolfcrypt/src/wolfmath.c \
+        ../../wolfcrypt/src/sp_c32.c \
+        ../../wolfcrypt/src/sp_int.c \
+        ../../wolfcrypt/src/signature.c \
+        ../../wolfcrypt/src/error.c \
+        ../../src/wolfio.c \
+        ../../src/ssl.c
+
+INC = -I"./" -I"../../"
+EXTRACFLAGS  = -DWOLFSSL_USER_SETTINGS $(INC) $(DEVICE) $(OLEVEL)
+EXTRACFLAGS += -DNBMINGW -Wall -fno-rtti -fno-exceptions -falign-functions=4
+EXTRACFLAGS += $(NBHEADERS)
+EXTRACXXFLAGS = $(EXTRACFLAGS)
+
+#LDEXTRA =
+LIBOBJS = ./rsa.o \
+          ./asn.o \
+          ./aes.o \
+          ./sha.o \
+          ./sha256.o \
+          ./sha512.o \
+          ./integer.o \
+          ./tfm.o \
+          ./random.o \
+          ./logging.o \
+          ./memory.o \
+          ./coding.o \
+          ./hash.o \
+          ./hmac.o \
+          ./md5.o \
+          ./wc_port.o \
+          ./wc_encrypt.o \
+          ./wolfmath.o \
+          ./sp_c32.o \
+          ./sp_int.o \
+          ./signature.o \
+          ./wolfio.o \
+          ./ssl.o \
+          ./error.o
+
+#include $(NBROOT)/make/libmain.mak
+
+all: compile link rmo
+
+# compiling using g++ compiler to avoid mangled name complications if linking
+# against other NetBurner libraries
+compile:
+	m68k-elf-g++ $(EXTRACFLAGS) -c $(CSRCS)
+
+link:
+	m68k-elf-ar -cr $(OUTPUT)/$(NAME).a $(LIBOBJS)
+
+rmo:
+	rm -f *.o
+
+clean: rmo
+	rm -f $(OUTPUT)/$(NAME).a
+
+help:
+	@echo "all     : exectue compile, link, rmo"
+	@echo "compile : create .o files"
+	@echo "link    : create .a library from .o files"
+	@echo "rmo     : remove all .o files"
+	@echo "clean   : remove all .o files and .a library"
+

IDE/M68K/README.md

@@ -0,0 +1,46 @@
+This is makefile's for creating a wolfCrypt library using the m68k-elf-gcc
+toolchain and example benchmark/testwolfcrypt application linking to it. The
+examples and default builds where made to support a MCF5441X board.
+
+Macros to define for use:
+WOLFSSL_MCF5441X /* arch settings i.e. sizeof long and endianess */
+WOLFSSL_NETBURNER /* for use of NetBurner headers and RNG seed */
+
+
+To build the wolfssl.a library (settings for wolfCrypt only by default) run
+"make" from the directory wolfssl-root/IDE/M68K/.
+By default this outputs the wolfssl.a library to be at $(NBROOT)/lib. This can
+be adjusted by adjusting the variable OUTPUT in Makefile.
+
+If the macro WOLFSSL_MCF5441X is defined then
+wolfssl-root/wolfssl/wolfcrypt/settings.h sets the sizeof long and long long
+along with big endian macro.
+
+The configuration for the build is located in wolfssl-root/IDE/M68K/user_settings.h
+Along with the defualt build there is 2 others BUILD_B (smaller resource use),
+and BUILD_C (faster runtime with more resource use).
+
+RSA speeds of the builds
+
+default:
+RSA 2048 public 3.333 ops/sec
+RSA 2048 private 0.190 ops/sec
+
+BUILD_B
+RSA 2048 public 3.333 ops/sec
+RSA 2048 private 0.053 ops/sec
+
+BUILD_C
+RSA 2048 public 7.619 ops/sec
+RSA 2048 private 0.276 ops/sec
+
+###Building testwolfcryt/benchmark
+To build either testwolfcrypt or benchmark first build wolfssl.a, place it in
+$(NBROOT)/lib and then cd into the respective directory. Running "make" will
+then create a .s19 application that can be ran on the board.
+
+When running either testwolfcrypt or the benchmark app the first thing they do
+is loop on calling RandomValid until getting a successful return. This is done
+in order to wait for a source of entropy. It could take several moments until
+completed.
+

IDE/M68K/benchmark/Makefile

@@ -0,0 +1,11 @@
+NAME    = benchmark
+PLATFORM = MOD5441X
+CSRCS := ../../../wolfcrypt/benchmark/benchmark.c
+CXXSRCS := ./main.cpp
+XTRALIB += $(NBROOT)/lib/wolfssl.a
+
+INC = -I"./../../../" -I"./../"
+EXTRACFLAGS = $(INC) -DWOLFSSL_USER_SETTINGS -DUSE_CERT_BUFFERS_2048 -DBENCH_EMBEDDED  -DNO_MAIN_DRIVER
+EXTRACXXFLAGS = $(EXTRACFLAGS)
+
+include $(NBROOT)/make/main.mak

IDE/M68K/benchmark/main.cpp

@@ -0,0 +1,79 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <predef.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <startnet.h>
+#include <autoupdate.h>
+#include <dhcpclient.h>
+#include <random.h>
+#include <init.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
+extern "C" {
+void UserMain(void * pd);
+}
+
+const char * AppName="benchmark";
+
+typedef struct func_args {
+    int argc;
+    char** argv;
+    int return_code;
+} func_args;
+
+void UserMain(void * pd) {
+    InitializeStack();
+    GetDHCPAddressIfNecessary();
+    OSChangePrio(MAIN_PRIO);
+    EnableAutoUpdate();
+
+
+    init();
+    iprintf("wolfcrypt benchmark Application started\n");
+    iprintf("waiting for sufficient entropy before starting...\n\r");
+    iprintf("looks like NetBurner is using uart/tcp to seed GetRandomX so ..."
+            " input enough uart characters.\n\r");
+    {
+        BYTE b;
+        do {
+            b = GetRandomByte();
+            iprintf(".");
+        } while (!RandomValid());
+        iprintf("\n\r");
+        (void)b;
+    }
+
+    /* run wolfCrypt benchmarks */
+    {
+        func_args args;
+        args.argc = 0;
+        args.argv = NULL;
+
+        benchmark_test(&args);
+    }
+    while (1) {
+        OSTimeDly(TICKS_PER_SECOND);
+    }
+}

IDE/M68K/include.am

@@ -0,0 +1,11 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/M68K/README.md
+EXTRA_DIST+= IDE/M68K/Makefile
+EXTRA_DIST+= IDE/M68K/user_settings.h
+EXTRA_DIST+= IDE/M68K/testwolfcrypt/main.cpp
+EXTRA_DIST+= IDE/M68K/testwolfcrypt/Makefile
+EXTRA_DIST+= IDE/M68K/benchmark/main.cpp
+EXTRA_DIST+= IDE/M68K/benchmark/Makefile

IDE/M68K/testwolfcrypt/Makefile

@@ -0,0 +1,12 @@
+NAME    = testwolfcyprt
+PLATFORM = MOD5441X
+CSRCS := ../../../wolfcrypt/test/test.c
+CXXSRCS := ./main.cpp
+XTRALIB += $(NBROOT)/lib/wolfssl.a
+
+INC = -I"./../../../" -I"./../"
+EXTRACFLAGS = $(INC) -DWOLFSSL_USER_SETTINGS -DUSE_CERT_BUFFERS_1024 -DNO_MAIN_DRIVER
+EXTRACXXFLAGS = $(EXTRACFLAGS)
+
+include $(NBROOT)/make/main.mak
+

IDE/M68K/testwolfcrypt/main.cpp

@@ -0,0 +1,82 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <predef.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <startnet.h>
+#include <autoupdate.h>
+#include <dhcpclient.h>
+#include <random.h>
+#include <init.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfcrypt/test/test.h>
+
+extern "C" {
+void UserMain(void * pd);
+}
+
+const char * AppName="testwolfcrypt";
+
+typedef struct func_args {
+    int argc;
+    char** argv;
+    int return_code;
+} func_args;
+
+
+void UserMain(void * pd) {
+    InitializeStack();
+    GetDHCPAddressIfNecessary();
+    OSChangePrio(MAIN_PRIO);
+    EnableAutoUpdate();
+
+
+    init();
+    iprintf("wolfcrypt test Application started\n\r");
+
+    iprintf("waiting for sufficient entropy before starting...\n\r");
+    iprintf("looks like NetBurner is using uart/tcp to seed GetRandomX so ..."
+            " input enough uart characters.\n\r");
+    {
+        BYTE b;
+        do {
+            b = GetRandomByte();
+            iprintf(".");
+        } while (!RandomValid());
+        iprintf("\n\r");
+        (void)b;
+    }
+
+    /* run wolfCrypt tests */
+    {
+        func_args args;
+        args.argc = 0;
+        args.argv = NULL;
+
+        wolfcrypt_test(&args);
+    }
+    while (1) {
+        OSTimeDly(TICKS_PER_SECOND);
+    }
+}

IDE/M68K/user_settings.h

@@ -0,0 +1,87 @@
+
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+
+/* Default build with fast math */
+
+
+/* Slower build but uses less memory */
+//#define BUILD_B
+
+/* Performant build but uses more memory */
+//#define BUILD_C
+
+
+
+/* Used for getting random value for seeding RNG */
+#define WOLFSSL_NETBURNER
+#define WOLFSSL_MCF5441X
+
+/* environment settings */
+#define NO_WRITEV
+#define WOLFSSL_NO_SOCK
+#define NO_WOLFSSL_DIR
+
+/* with USE_FAST_MATH smallstack is used to fit in the default stack size */
+#define WOLFSSL_SMALL_STACK
+
+
+/* enable features off by default */
+#define WOLFSSL_SHA512
+// OPENSSL_EXTRA uses a lot more memory but is needed in order to enable
+// compatibility layer API
+#define OPENSSL_EXTRA
+
+// additional RSA padding schemes
+#define WC_RSA_NO_PADDING
+#define WC_RSA_PSS
+
+// uncomment and add wolfSSL_Debugging_ON() to app for debug messages
+//#define DEBUG_WOLFSSL
+
+
+/* disable features that are on by default */
+#define WOLFCRYPT_ONLY
+#define NO_FILESYSTEM
+#define SINGLE_THREADED
+
+#define NO_ASN_TIME
+#define NO_PWDBASED
+#define NO_HC128
+#define NO_RABBIT
+#define NO_RC4
+#define NO_DSA
+#define NO_DES3
+#define NO_DH
+#define NO_MD4
+
+
+#define USE_FAST_MATH
+#ifdef BUILD_B
+    #define RSA_LOW_MEM
+    #define USE_SLOW_SHA
+    #define USE_SLOW_SHA256
+    #define NO_ERROR_STRINGS
+    #define USE_FAST_MATH
+#endif
+
+#ifdef BUILD_C
+    #define WOLFSSL_HAVE_SP_RSA
+    #define SP_WORD_SIZE 32
+#endif
+
+/* hardening against side channel attacks */
+#if defined(USE_FAST_MATH)
+    #define TFM_TIMING_RESISTANT
+    #ifdef HAVE_ECC
+        #define ECC_TIMING_RESISTANT
+    #endif
+#endif /* USE_FAST_MATH */
+#ifndef NO_RSA
+    /* this slows down RSA operations but increases side channel resistance */
+    #define WC_RSA_BLINDING
+#endif
+
+#endif /* USER_SETTINGS_H */
+

IDE/RISCV/SIFIVE-HIFIVE1/README.md

@@ -0,0 +1,199 @@
+# SiFive RISC-V HiFive1 Port
+
+## Overview
+You can enable the wolfSSL support for RISC-V using the `#define WOLFSSL_SIFIVE_RISC_V`.
+
+## Prerequisites
+1. Follow the instructions on the SiFive GitHub [here](https://github.com/sifive/freedom-e-sdk) and SiFive website [here](https://www.sifive.com/) to download the freedom-e-sdk and software tools.
+3. Run a simple hello application on your development board to confirm that your board functions as expected and the communication between your computer and the board works.
+
+## Usage
+You can start with a wolfcrypt example project to integrate the wolfSSL source code.
+wolfSSL supports a compile-time user configurable options in the `IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h` file.
+
+The `IDE/RISCV/SIFIVE-HIFIVE1/main.c` example application provides a function to run the selected examples at compile time through the following two #defines in user_settings.h. You can define these macro options to disable the test run.
+```
+- #undef NO_CRYPT_TEST
+- #undef NO_CRYPT_BENCHMARK
+```
+
+## Setup
+### Setting up the SDK with wolfSSL
+1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `$HOME` directory. You can also copy or simlink to the source.
+```
+  For example,
+  $ cd $HOME
+  $ git clone --depth=1 https://github.com/wolfSSL/wolfssl.git
+
+```
+2. Copy the wolfcrypt example project into your `freedom-e-sdk/software` directory.
+
+```
+  $ cp -rf ~/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1 ~/freedom-e-sdk/software/wolfcrypt
+```
+
+3. Edit your `~/freedom-e-sdk/scripts/standalone.mk` and add the following line after the last RISCV_CFLAGS entry:
+
+```
+  RISCV_CFLAGS += -I$(WOLFSSL_SRC_DIR) -I$(WOLFSSL_SRC_DIR)/IDE/RISCV/SIFIVE-HIFIVE1 -DWOLFSSL_USER_SETTINGS
+```
+
+4. WOLFSSL_SRC_DIR variable must be set in the environment when GNU make is started.
+
+```
+  $ export WOLFSSL_SRC_DIR=~/wolfssl
+```
+
+5. Setup your riscv64 compiler 
+
+```
+  $ export RISCV_OPENOCD_PATH=/opt/riscv-openocd
+```
+6. (Optional) Setup OpenOCD if your target supports it:
+
+```
+  $ export RISCV_OPENOCD_PATH=/opt/riscv-openocd
+```
+## Building and Running
+
+You can build from source or create a static library.
+
+1. Using command-line:
+
+```
+  $ cd freedom-e-sdk
+  $ make PROGRAM=wolfcrypt TARGET=sifive-hifive1-revb CONFIGURATION=debug clean software upload
+```
+This example cleans, builds and uploads the software on the sifive-hifive1-revb target but you can also combine and build for any of the supported targets. 
+
+Review the test results on the target console.
+
+2. Building a static library for RISC-V using a cross-compiler:
+
+```
+$ cd $WOLFSSL_SRC_DIR
+
+$./configure --host=riscv64-unknown-elf  \
+CC=riscv64-unknown-elf-gcc \
+AR=riscv64-unknown-elf-ar \
+AS=riscv64-unknown-elf-as \
+RANLIB=$RISCV_PATH/bin/riscv64-unknown-elf-gcc-ranlib \
+LD=riscv64-unknown-elf-ld \
+CXX=riscv64-unknown-elf-g++ \
+--disable-examples --enable-static --disable-shared \
+CFLAGS="-march=rv32imac -mabi=ilp32 -mcmodel=medlow -ffunction-sections -fdata-sections -I~/freedom-e-sdk/bsp/sifive-hifive1/install/include -O0 -g -DNO_FILESYSTEM -DWOLFSSL_NO_SOCK -DNO_WRITEV -DWOLFCRYPT_ONLY -DWOLFSSL_SIFIVE_RISC_V"
+
+$make
+$sudo make install
+```
+You can now build and link your software to the wolfSSL libwolfssl.a static library.
+
+### `wolfcrypt_test()`
+
+wolfcrypt_test() prints a message on the target console similar to the following output:
+
+```
+SiFive HiFive1 Demo
+Setting clock to 320MHz
+Actual Clock 320MHz
+
+error    test passed!
+MEMORY   test passed!
+base64   test passed!
+asn      test passed!
+SHA      test passed!
+SHA-256  test passed!
+SHA-512  test passed!
+Hash     test passed!
+HMAC-SHA test passed!
+HMAC-SHA256 test passed!
+HMAC-SHA512 test passed!
+GMAC     test passed!
+Chacha   test passed!
+POLY1305 test passed!
+ChaCha20-Poly1305 AEAD test passed!
+AES      test passed!
+AES192   test passed!
+AES256   test passed!
+AES-GCM  test passed!
+RANDOM   test passed!
+ECC      test passed!
+ECC buffer test passed!
+CURVE25519 test passed!
+ED25519  test passed!
+logging  test passed!
+mutex    test passed!
+Test complete
+```
+### `benchmark_test()`
+
+benchmark_test() prints a message on the target console similar to the following output.
+
+TARGET=sifive-hifive1-revb:
+
+```
+SiFive HiFive1 Demo
+Setting clock to 320MHz
+Actual Clock 320MHz
+
+------------------------------------------------------------------------------
+ wolfSSL version 4.0.0
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                250 KB took 1.098 seconds,  227.714 KB/s
+AES-128-CBC-enc     50 KB took 1.132 seconds,   44.175 KB/s
+AES-128-CBC-dec     50 KB took 1.142 seconds,   43.778 KB/s
+AES-192-CBC-enc     50 KB took 1.250 seconds,   40.007 KB/s
+AES-192-CBC-dec     50 KB took 1.260 seconds,   39.677 KB/s
+AES-256-CBC-enc     50 KB took 1.368 seconds,   36.552 KB/s
+AES-256-CBC-dec     50 KB took 1.378 seconds,   36.279 KB/s
+AES-128-GCM-enc     25 KB took 1.225 seconds,   20.412 KB/s
+AES-128-GCM-dec     25 KB took 1.225 seconds,   20.402 KB/s
+AES-192-GCM-enc     25 KB took 1.290 seconds,   19.373 KB/s
+AES-192-GCM-dec     25 KB took 1.291 seconds,   19.366 KB/s
+AES-256-GCM-enc     25 KB took 1.352 seconds,   18.487 KB/s
+AES-256-GCM-dec     25 KB took 1.353 seconds,   18.478 KB/s
+CHACHA               1 MB took 1.006 seconds,    1.020 MB/s
+CHA-POLY           700 KB took 1.032 seconds,  678.045 KB/s
+POLY1305             2 MB took 1.007 seconds,    2.255 MB/s
+SHA                  2 MB took 1.002 seconds,    1.511 MB/s
+SHA-256            525 KB took 1.011 seconds,  519.279 KB/s
+SHA-512            275 KB took 1.017 seconds,  270.477 KB/s
+HMAC-SHA             1 MB took 1.013 seconds,    1.399 MB/s
+HMAC-SHA256        525 KB took 1.019 seconds,  515.020 KB/s
+HMAC-SHA512        275 KB took 1.032 seconds,  266.351 KB/s
+ECC      256 key gen         2 ops took 1.104 sec, avg 551.834 ms, 1.812 ops/sec
+ECDHE    256 agree           2 ops took 1.101 sec, avg 550.400 ms, 1.817 ops/sec
+ECDSA    256 sign            2 ops took 1.173 sec, avg 586.502 ms, 1.705 ops/sec
+ECDSA    256 verify          2 ops took 2.153 sec, avg 1076.294 ms, 0.929 ops/sec
+CURVE  25519 key gen         2 ops took 1.629 sec, avg 814.423 ms, 1.228 ops/sec
+CURVE  25519 agree           2 ops took 1.626 sec, avg 813.156 ms, 1.230 ops/sec
+ED     25519 key gen         1 ops took 1.436 sec, avg 1436.096 ms, 0.696 ops/sec
+ED     25519 sign            2 ops took 2.913 sec, avg 1456.421 ms, 0.687 ops/sec
+ED     25519 verify          2 ops took 5.012 sec, avg 2506.012 ms, 0.399 ops/sec
+Benchmark complete
+```
+
+## Tested Configurations
+- P-RNG (NIST DRBG) with SHA-256
+- SHA 1/256/512
+- AES 128/192/256 CBC/GCM
+- ECC 256 sign/verify/shared secret with fast math or Single Precision (SP) library
+- ED25519/Curve25519
+- HMAC
+- ChaCha20/Poly1305
+
+## Known Caveats
+- If you find the wolfcrypt test stuck on early_trap_vector error, it is like related to memory issues
+- Using the `__stack_size` default value of 0x400 will not be enough for the ECC test to pass.
+The `IDE/RISCV/SIFIVE-HIFIVE1/Makefile` overwrites the value with 0x1000 (4 KBytes)
+- Enabling RSA will cause the ECC test to fail due to memory shortage.
+
+## References
+
+The test results were collected from a SiFive reference platform target with the following hardware, software and tool chains:
+- HiFive1 Rev A/Rev B: HiFive1 Development Board with the Freedom Everywhere SoC, E300
+- freedom-e-sdk
+- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
+
+For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)

IDE/RISCV/SIFIVE-HIFIVE1/include.am

@@ -0,0 +1,9 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/RISCV/SIFIVE-HIFIVE1/README.md \
+    IDE/RISCV/SIFIVE-HIFIVE1/main.c \
+    IDE/RISCV/SIFIVE-HIFIVE1/Makefile\
+    IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h

IDE/RISCV/SIFIVE-UNLEASHED/README.md

@@ -0,0 +1,151 @@
+# SiFive HiFive Unleashed
+
+Instructions for cross-compiling and running wolfSSL on the HiFive Unleashed board.
+
+## Board SiFive HiFive Unleashed Board
+
+SiFive Freedom U540 SoC at 1.5GHz
+
+Getting started guide: 
+https://sifive.cdn.prismic.io/sifive%2Ffa3a584a-a02f-4fda-b758-a2def05f49f9_hifive-unleashed-getting-started-guide-v1p1.pdf
+
+Make sure your ethernet is attached and power up board. You can connecct the micro-usb to get a UART console that will display the DHCP IP address. Default login password is "sifive".
+
+## Building Freedom-U-SDK
+
+```sh
+git clone https://github.com/sifive/freedom-u-sdk.git
+cd freedom-u-sdk
+git submodule update --recursive --init
+make
+```
+
+See `freedom-u-sdk/README.md` file for instructions on updating the SD card U-Boot and Linux image.
+
+### Installing U-Boot
+
+Insert SD card from Unleashed into host and determine the assigned `/dev/sdX` for the media.
+
+From `freedom-u-sdk` directory:
+
+```sh
+sudo make DISK=/dev/sdX format-boot-loader
+
+# Copy U-Boot .fit image to first FAT partition (32MB)
+sudo mkdir /media/hifiveu_boot
+sudo mount -t vfat /dev/sdX1 /media/hifiveu_boot
+cp ./work/image-<GITID>.fit /media/hifiveu_boot/hifiveu.fit
+sudo umount /media/hifiveu_boot
+
+# Copy Linux FS
+sudo dd if=./work/hifive-unleashed-<ID>.gpt of=/dev/sdX2 bs=1M
+```
+
+Note: Make sure S1 Switch 5 (MSEL2) is OFF, rest ON (MSEL=1011) to boot from SD
+
+### Installing Debian
+
+Insert SD card from Unleashed into host and determine the assigned character sequence (X) for the media.
+
+From `freedom-u-sdk` directory:
+
+```sh
+sudo make DISK=/dev/sdX format-demo-image
+```
+
+## Building wolfSSL
+
+Make sure you are using wolfSSL sources based on this PR https://github.com/wolfSSL/wolfssl/pull/2456
+The PR 2456 includes a patch to `wolfssl/wolfcrypt/types.h` to detect 64-bit types based on the `__riscv_xlen` macro.
+
+### Cross Compiling
+
+This example assumes the `wolfssl` root directory is along side the `freedom-u-sdk` directory. If not then adjust paths.
+
+```
+~\
+	wolfssl
+	freedom-u-sdk
+```
+
+```sh
+./configure --host=riscv64 \
+	CC="`pwd`/../freedom-u-sdk/work/buildroot_initramfs/host/bin/riscv64-sifive-linux-gnu-gcc" \
+	--with-sysroot="`pwd`/../freedom-u-sdk/work/buildroot_initramfs_sysroot/" \
+	--disable-shared \
+	--enable-sp \
+	CFLAGS="-mabi=lp64d -march=rv64imafdc"
+make
+```
+
+Copy files to device (replace IP address):
+
+```sh
+scp ./wolfcrypt/test/testwolfcrypt root@192.168.0.144:~
+scp ./wolfcrypt/benchmark/benchmark root@192.168.0.144:~
+scp ./examples/client/client root@192.168.0.144:~
+scp ./examples/server/server root@192.168.0.144:~
+
+# manually `mkdir certs` on target
+scp ./certs/* root@192.168.0.144:~/certs
+```
+
+### Native Compiler
+
+```sh
+./configure --enable-sp
+make
+```
+
+## Benchmark Results
+
+The following is running the wolfCrypt benchmark at 1.5GHz on a single thread (default CPU speed is 1.0GHz).
+
+```sh
+echo 1500000000 > /sys/devices/platform/soc/10000000.prci/rate
+
+./benchmark
+------------------------------------------------------------------------------
+ wolfSSL version 4.1.0
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)
+RNG                 10 MB took 1.165 seconds,    8.585 MB/s
+AES-128-CBC-enc     15 MB took 1.346 seconds,   11.141 MB/s
+AES-128-CBC-dec     15 MB took 1.380 seconds,   10.867 MB/s
+AES-192-CBC-enc     10 MB took 1.002 seconds,    9.983 MB/s
+AES-192-CBC-dec     10 MB took 1.020 seconds,    9.805 MB/s
+AES-256-CBC-enc     10 MB took 1.100 seconds,    9.091 MB/s
+AES-256-CBC-dec     10 MB took 1.117 seconds,    8.952 MB/s
+AES-128-GCM-enc     10 MB took 1.809 seconds,    5.528 MB/s
+AES-128-GCM-dec     10 MB took 1.810 seconds,    5.524 MB/s
+AES-192-GCM-enc     10 MB took 1.911 seconds,    5.233 MB/s
+AES-192-GCM-dec     10 MB took 1.911 seconds,    5.232 MB/s
+AES-256-GCM-enc      5 MB took 1.013 seconds,    4.935 MB/s
+AES-256-GCM-dec      5 MB took 1.014 seconds,    4.933 MB/s
+CHACHA              25 MB took 1.181 seconds,   21.168 MB/s
+CHA-POLY            20 MB took 1.188 seconds,   16.833 MB/s
+MD5                 80 MB took 1.025 seconds,   78.066 MB/s
+POLY1305            85 MB took 1.032 seconds,   82.357 MB/s
+SHA                 40 MB took 1.033 seconds,   38.728 MB/s
+SHA-256             20 MB took 1.023 seconds,   19.557 MB/s
+SHA-384             25 MB took 1.059 seconds,   23.597 MB/s
+SHA-512             25 MB took 1.059 seconds,   23.597 MB/s
+HMAC-MD5            80 MB took 1.026 seconds,   77.950 MB/s
+HMAC-SHA            40 MB took 1.034 seconds,   38.700 MB/s
+HMAC-SHA256         20 MB took 1.023 seconds,   19.559 MB/s
+HMAC-SHA384         25 MB took 1.059 seconds,   23.598 MB/s
+HMAC-SHA512         25 MB took 1.059 seconds,   23.599 MB/s
+RSA     2048 public       2000 ops took 1.032 sec, avg 0.516 ms, 1938.304 ops/sec
+RSA     2048 private       100 ops took 1.713 sec, avg 17.132 ms, 58.370 ops/sec
+DH      2048 key gen       133 ops took 1.003 sec, avg 7.544 ms, 132.552 ops/sec
+DH      2048 agree         200 ops took 1.531 sec, avg 7.653 ms, 130.676 ops/sec
+ECC      256 key gen      1330 ops took 1.001 sec, avg 0.752 ms, 1329.260 ops/sec
+ECDHE    256 agree         400 ops took 1.243 sec, avg 3.107 ms, 321.830 ops/sec
+ECDSA    256 sign         1000 ops took 1.043 sec, avg 1.043 ms, 958.539 ops/sec
+ECDSA    256 verify        300 ops took 1.104 sec, avg 3.680 ms, 271.766 ops/sec
+Benchmark complete
+```
+
+## Support
+
+For questions please email us at support@wolfssl.com.

IDE/RISCV/SIFIVE-UNLEASHED/include.am

@@ -0,0 +1,5 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/RISCV/SIFIVE-UNLEASHED/README.md

IDE/RISCV/include.am

@@ -0,0 +1,6 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+include IDE/RISCV/SIFIVE-HIFIVE1/include.am
+include IDE/RISCV/SIFIVE-UNLEASHED/include.am

IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c

@@ -89,7 +89,6 @@
 
 /* Note: You will also need to update the UART clock gate in hw_uart_init (SIM_SCGC1_UART5_MASK) */
 /* Note: TWR-K60 is UART3, PTC17 */
-/* Note: FRDM-K64 is UART4, PTE24 */
 /* Note: FRDM-K64 is UART4, PTE24 or UART0 PTB17 for OpenOCD  (SIM_SCGC4_UART0_MASK)*/
 /* Note: TWR-K64 is UART5, PTE8 */
 /* Note: FRDM-K82F is LPUART0 A2, LPUART4 PTC15 */

IDE/ROWLEY-CROSSWORKS-ARM/test_main.c

@@ -65,7 +65,7 @@ void main(void)
         test_num++;
     } while(args.return_code == 0);
 
-    /*Print this again for redundancy*/
+    /* Print this again for redundancy */
     #ifdef WOLFSSL_FRDM_K64_JENKINS
         printf("\n&&&&&&&&&&&&&& done &&&&&&&&&&&&&\n");
         delay_us(1000000);

IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h

@@ -208,6 +208,7 @@ extern "C" {
 /* MD5 */
 #undef  NO_MD5
 #if 1
+#else
     #define NO_MD5
 #endif
 

IDE/Renesas/e2studio/Projects/common/user_settings.h

@@ -31,10 +31,11 @@
 #define WOLFSSL_NO_CURRDIR
 #define NO_FILESYSTEM
 #define WOLFSSL_LOG_PRINTF
-
-/* #define DEBUG_WOLFSSL */
-
-#define OPENSSL_EXTRA
+#define WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MAX
+#if !defined(min)
+    #define min(data1, data2)                _builtin_min(data1, data2)
+#endif
 
 #define WOLFSSL_SMALL_STACK
 #define WOLFSSL_DH_CONST
@@ -47,15 +48,15 @@
 #define USE_WOLF_TIMEVAL_T
 
 #define WOLFSSL_USER_CURRTIME /* for benchmark */
-
-#define WOLFSSL_GENSEED_FORTEST /* Wardning: define your own seed gen */
-
 #define TFM_TIMING_RESISTANT
 #define ECC_TIMING_RESISTANT
 #define WC_RSA_BLINDING
 
 #define SINGLE_THREADED  /* or define RTOS  option */
-/* #define WOLFSSL_CMSIS_RTOS */
+#ifndef SINGLE_THREADED
+    /* expects use FRERRTOS */
+    #define FREERTOS
+#endif
 
 /* #define NO_DH */
 #define HAVE_AESGCM
@@ -66,3 +67,20 @@
 #define HAVE_ED25519
 
 /* #define NO_WOLFSSL_STUB */
+/* #define DEBUG_WOLFSSL */
+/* TSIP TLS specific definitions */
+#if !defined(WOLFSSL_RENESAS_TSIP)
+    #define OPENSSL_EXTRA
+    #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
+#else
+#if defined(WOLFSSL_RENESAS_RX65N)
+    /* In the case of Static RSA and AES-CBC use */
+    #define HAVE_AES_CBC
+    /* TSIP ver 1.0.6 or lower supports only static RSA as Public-key cryptography. */
+    #define WOLFSSL_STATIC_RSA
+    /* for disabling TSIP CRYPT and TSIP TLS */
+    /* #define NO_RENESAS_TSIP_CRYPT */
+    /* for disabling only TSIP TLS-linked Common key encryption method */
+    /* #define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION */
+#endif
+#endif

IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c

@@ -21,7 +21,7 @@
 
 typedef unsigned long time_t;
 
-#define YEAR 2018
+#define YEAR 2019
 #define MON  5
 
 static int tick = 0;
@@ -36,6 +36,6 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz)
 {
     for( ; sz>0; sz--)
         if(toupper(s1++) != toupper(s2++))
-	    return 1;
+        return 1;
     return 0;
 }

IDE/Renesas/e2studio/Projects/include.am

@@ -8,6 +8,11 @@ EXTRA_DIST+= IDE/Renesas/e2studio/Projects/wolfssl/.project
 EXTRA_DIST+= IDE/Renesas/e2studio/Projects/test/.cproject
 EXTRA_DIST+= IDE/Renesas/e2studio/Projects/test/.project
 EXTRA_DIST+= IDE/Renesas/e2studio/Projects/test/src/test_main.c
+EXTRA_DIST+= IDE/Renesas/e2studio/Projects/test/src/key_data.c
+EXTRA_DIST+= IDE/Renesas/e2studio/Projects/test/src/key_data.h
+EXTRA_DIST+= IDE/Renesas/e2studio/Projects/test/src/wolf_client.c
+EXTRA_DIST+= IDE/Renesas/e2studio/Projects/test/src/wolf_server.c
+EXTRA_DIST+= IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h
 EXTRA_DIST+= IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c
 EXTRA_DIST+= IDE/Renesas/e2studio/Projects/common/strings.h
 EXTRA_DIST+= IDE/Renesas/e2studio/Projects/common/unistd.h

IDE/Renesas/e2studio/Projects/test/.cproject

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
 	<storageModule moduleId="org.eclipse.cdt.core.settings">
-		<cconfiguration id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.246204984">
-			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.246204984" moduleId="org.eclipse.cdt.core.settings" name="Debug">
+		<cconfiguration id="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.configuration.1378385971">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.configuration.1378385971" moduleId="org.eclipse.cdt.core.settings" name="HardwareDebug">
 				<externalSettings/>
 				<extensions>
 					<extension id="org.eclipse.cdt.core.PE" point="org.eclipse.cdt.core.BinaryParser"/>
@@ -14,83 +14,407 @@
 			</storageModule>
 			<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
 				<option id="toolchain.id" value="Renesas_RXC"/>
-				<option id="toolchain.version" value="v2.08.00"/>
+				<option id="toolchain.version" value="v3.01.00"/>
 			</storageModule>
 			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
-				<configuration artifactExtension="abs" artifactName="${ProjName}" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug" description="Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.246204984" name="Debug" parent="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration">
-					<folderInfo id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.246204984." name="/" resourcePath="">
-						<toolChain id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.toolChain.490516599" name="Renesas CCRX Toolchain" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.debug.toolChain">
-							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.546125733" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/test}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.864420363" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.398562691" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1671134834" name="デバッグ情報を出力する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
+				<configuration artifactExtension="abs" artifactName="${ProjName}" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug" description="Debug on hardware" id="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.configuration.1378385971" name="HardwareDebug" parent="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.configuration">
+					<folderInfo id="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.configuration.1378385971." name="/" resourcePath="">
+						<toolChain id="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.toolChain.1637393351" name="Renesas CCRX Toolchain" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.toolChain">
+							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.808325012" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
+							<builder buildPath="${workspace_loc:/test}/HardwareDebug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.65531188" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1710373085" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.390598726" name="デバッグ情報を出力する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.2145260692" name="出力するデータ値のエンディアン" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
 							</tool>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.741650141" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.1805078695" name="命令セット・アーキテクチャ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv2" valueType="enumerated"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.1234136355" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.278687847" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F571MLCxFC" valueType="string"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand.1991523533" name="Device Command" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand" useByScannerDiscovery="false" value="R5F571ML" valueType="string"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos.1718474165" name="Check RTOS" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos" useByScannerDiscovery="false" value="unusedRtos" valueType="string"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.1754444988" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.2135235189" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX71M" valueType="string"/>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.385785132" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.968417281" name="命令セット・アーキテクチャ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv2" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture.1826562770" name="RX Architecture" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture" useByScannerDiscovery="false" value="rxv2" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.2015650112" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.1065149525" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.1439501151" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F565NEHxFP" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.141103170" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="non_init;R5F565NEHxFP" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isaHistory.13818145" name="ISA history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isaHistory" useByScannerDiscovery="false" value="non_init;com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv2" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand.624156745" name="Device Command" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand" useByScannerDiscovery="false" value="R5F565NE" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos.198501700" name="Check RTOS" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos" useByScannerDiscovery="false" value="unusedRtos" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.898504242" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.2015079094" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX65N" valueType="string"/>
 							</tool>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.1005426126" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1655116744" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
-								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.421912226" name="インクルード・ファイルを検索するフォルダ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.220371913" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1764475068" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.477145288" name="インクルード・ファイルを検索するフォルダ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" useByScannerDiscovery="false" valueType="includePath">
 									<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/../common"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/../../../../../"/>
-									<listOptionValue builtIn="false" value="${ProjDirPath}/generate"/>
+									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../../../../&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/src/targets/rx231}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/src/targets/rx66t}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/src/targets/rx65n}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
 								</option>
-								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.1250794291" name="プリプロセッサ・マクロの定義" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.511269805" name="プリプロセッサ・マクロの定義" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
+									<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.286984585" name="Cソース" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
-								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.1125458755" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
-								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.1044037817" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.165256012" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.850666858" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.897672730" name="Cソース" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.862144636" name="プログラムの文字コード" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.48690443" name="出力する文字コード" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.1557621233" name="最適化レベル" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
+								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.1722484558" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
+								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.709788007" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
 							</tool>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler.616605202" name="Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler">
-								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.889934690" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler.1564576801" name="Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.1555827005" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.912893655" name="追加するオプション（すべての指定オプションの後ろに追加）&#10;" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.864537553" name="プログラムの文字コード" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1616986135" name="インクルード・ファイルを検索するフォルダ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" useByScannerDiscovery="false" valueType="includePath">
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
+								</option>
+								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.502444415" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
 							</tool>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.1854484070" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
-								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.1587151897" name="ROMからRAMへマップするセクション" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.1333901009" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.2020069967" name="ROMからRAMへマップするセクション" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="D=R"/>
 									<listOptionValue builtIn="false" value="D_1=R_1"/>
 									<listOptionValue builtIn="false" value="D_2=R_2"/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1728337952" name="セクション" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,PIntPRG,P/0FFC00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
-								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1657015231" name="(リンク順序のリスト)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
-									<listOptionValue builtIn="false" value="&quot;.\generate\lowlvl.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\generate\dbsct.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\generate\hwsetup.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\generate\intprg.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\generate\lowsrc.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\generate\resetprg.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\generate\sbrk.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\generate\vecttbl.obj&quot;"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.2043161263" name="セクション" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/020000,C_1,C_2,C,C$*,D*,W*,L,P*/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1452234640" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.1724535779" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.47410515" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.239094904" name="セクションの割り付けアドレスをチェックする" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1942768497" name="アドレス範囲指定方法" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(リンク順序のリスト)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_cg_hardware_setup.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_smc_cgc.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_smc_cgc_user.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_smc_interrupt.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx65n\dbsct.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx65n\hwsetup.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx65n\lowlvl.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx65n\lowsrc.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx65n\resetprg.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx65n\sbrk.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx65n\vecttbl.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/all\r_bsp_common.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\cpu.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\locking.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_clocks.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_init.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_interrupts.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_locks.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_mapped_interrupts.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_startup.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_pincfg\Pin.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function000.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function001.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function002.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function100.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function101.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function102.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function103.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function200.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function202.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function205.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function206.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function207.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p00.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p01.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p02.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p03.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p04.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p05.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p06.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p07.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p08.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0a.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0b.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0c.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0d.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0e.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0f.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p10.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p14.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p18.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p1f.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p20.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p21.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p22.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p23.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p26.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p29.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p2a.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p2b.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p31.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p32.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p33.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p34.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p35.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p36.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p37.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p38.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p39.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p3a.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p3b.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p3c.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p3d.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p41.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p42.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p43.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p44.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p45.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p46.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p47.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p48.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p49.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p4a.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p4b.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p4c.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p4d.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p50.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p51.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p52.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p53.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p54.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p56.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p57.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p59.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p60.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p62.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p63.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p71.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p72.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p73.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p74.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p75.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p76.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p77.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p78.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pd5.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pd9.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pda.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pdb.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pdf.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe0.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe1.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe2.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe3.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe4.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe5.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe6.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_subprc01.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_subprc02.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_subprc03.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_subprc04.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_aes_rx.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_md5_rx.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_rsa_rx.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_rx.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_rx_private.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_sha_rx.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_tdes_rx.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_tls_rx.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\test.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\test_main.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\wolfssl_dummy.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\test.lib&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
 								</option>
-								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.2096473091" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/T4_Library_rxv1_ether_little.lib}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
 								</option>
 							</tool>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.977317851" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1234557916" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype.42661342" name="ctype.h（C89/C99）：文字操作用ライブラリ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headMath.29506179" name="math.h（C89/C99）：数値計算用ライブラリ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headMath" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCppString.277930384" name="string（EC++）：文字列操作用ライブラリ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCppString" useByScannerDiscovery="false" value="true" valueType="boolean"/>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.1481899164" name="C言語標準ライブラリ関数の構成" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1723543812" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1397073307" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.1773409552" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.946493093" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.338617005" name="C言語標準ライブラリ関数の構成" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype.1293885198" name="ctype.h（C89/C99）：文字操作用ライブラリ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.headCtype" useByScannerDiscovery="false" value="true" valueType="boolean"/>
 							</tool>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.1278951147" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter"/>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1737524887" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.1917108303" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.109845398" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.289006348" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+							</tool>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.318974000" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
 						</toolChain>
 					</folderInfo>
 					<sourceEntries>
-						<entry flags="VALUE_WORKSPACE_PATH" kind="sourcePath" name="src"/>
+						<entry excluding="ether" flags="VALUE_WORKSPACE_PATH" kind="sourcePath" name="src"/>
+					</sourceEntries>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+		<cconfiguration id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.992474000">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.992474000" moduleId="org.eclipse.cdt.core.settings" name="Debug">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.PE" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="com.renesas.cdt.managedbuild.renesas.core.RenesasCompilerAssemblerErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="com.renesas.cdt.managedbuild.core.buildRunnerErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
+				<option id="toolchain.id" value="Renesas_RXC"/>
+				<option id="toolchain.version" value="v3.01.00"/>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactExtension="abs" artifactName="${ProjName}" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug" description="Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.992474000" name="Debug" parent="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration">
+					<folderInfo id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.992474000." name="/" resourcePath="">
+						<toolChain id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.toolChain.1794956243" name="Renesas CCRX Toolchain" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.debug.toolChain">
+							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF;org.eclipse.cdt.core.PE" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform.617132481" osList="win32" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.targetPlatform"/>
+							<builder buildPath="${workspace_loc:/test}/Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder.117543810" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="CCRX Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.builder"/>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp.1744140894" name="DSP Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.dsp">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo.1464228342" name="デバッグ情報を出力する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.noDebugInfo" useByScannerDiscovery="false" value="true" valueType="boolean"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.733005442" name="出力するデータ値のエンディアン" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.dsp.option.endian.big" valueType="enumerated"/>
+							</tool>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.common.1294844059" name="Common" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.common">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.644795578" name="命令セット・アーキテクチャ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv2" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture.1771586719" name="RX Architecture" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.rxArchitecture" useByScannerDiscovery="false" value="rxv2" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.1045346284" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.floatIns.yes" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu.229476184" name="Has FPU" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasFpu" useByScannerDiscovery="false" value="TRUE" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName.748972653" name="Device Name" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceName" useByScannerDiscovery="false" value="R5F565NEHxFP" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.780008434" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="non_init;R5F565NEHxFP" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isaHistory.783836823" name="ISA history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isaHistory" useByScannerDiscovery="false" value="non_init;com.renesas.cdt.managedbuild.renesas.ccrx.common.option.isa.rxv2" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand.1221884092" name="Device Command" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceCommand" useByScannerDiscovery="false" value="R5F565NE" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos.1001057208" name="Check RTOS" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos" useByScannerDiscovery="false" value="unusedRtos" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.963664750" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.1280023203" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX65N" valueType="string"/>
+							</tool>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.278830907" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.2144484247" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.545347560" name="インクルード・ファイルを検索するフォルダ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" valueType="includePath">
+									<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/src/targets/rx231}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/src/targets/rx66t}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/src/targets/rx65n}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.935611572" name="プリプロセッサ・マクロの定義" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" valueType="definedSymbols">
+									<listOptionValue builtIn="false" value="DEBUG_CONSOLE"/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore.878126292" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter.443993930" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.47850385" name="Cソース" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.24533273" name="プログラムの文字コード" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.inputCharCode.utf8" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.542364588" name="出力する文字コード" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.outcode.utf8" valueType="enumerated"/>
+								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.1919404628" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
+								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.293530100" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
+							</tool>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler.607581328" name="Assembler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.assembler">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore.622904140" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.67379527" name="追加するオプション（すべての指定オプションの後ろに追加）&#10;" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1186358257" name="プログラムの文字コード" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1360045103" name="インクルード・ファイルを検索するフォルダ" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" valueType="includePath">
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
+								</option>
+								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.1482916460" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
+							</tool>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.1516159151" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom.1765662172" name="ROMからRAMへマップするセクション" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.rom" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value="D=R"/>
+									<listOptionValue builtIn="false" value="D_1=R_1"/>
+									<listOptionValue builtIn="false" value="D_2=R_2"/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1046231838" name="セクション" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,C_1,C_2,C,C$*,D*,W*,L,P*/0FFE00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC,B_ETHERNET_BUFFERS_1,B_RX_DESC_1,B_TX_DESC_1/00010000" valueType="string"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore.1651005552" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter.40118921" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect.1524833684" name="可変ベクタテーブルのアドレス未設定ベクタ番号に指定するアドレス" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.vect" useByScannerDiscovery="false" value="_undefined_interrupt_source_isr" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection.1914971075" name="セクションの割り付けアドレスをチェックする" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.checkSection" useByScannerDiscovery="false" value="true" valueType="boolean"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.1670384649" name="アドレス範囲指定方法" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.memoryType.autoSpecify" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1556433699" name="(リンク順序のリスト)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
+									<listOptionValue builtIn="false" value="&quot;.\test.lib&quot;"/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.856176867" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/T4_Library_rxv1_ether_little.lib}&quot;"/>
+								</option>
+							</tool>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.1598250045" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.665362864" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore.413642487" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter.322853429" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.1591825359" name="C言語標準ライブラリ関数の構成" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.lang.c99" valueType="enumerated"/>
+							</tool>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.175269062" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore.1586351233" name="追加するオプション（すべての指定オプションの前に追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userBefore" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.900284814" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
+									<listOptionValue builtIn="false" value=""/>
+								</option>
+							</tool>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1118615463" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
+						</toolChain>
+					</folderInfo>
+					<sourceEntries>
+						<entry excluding="ether" flags="VALUE_WORKSPACE_PATH" kind="sourcePath" name="src"/>
 					</sourceEntries>
 				</configuration>
 			</storageModule>
@@ -98,13 +422,16 @@
 		</cconfiguration>
 	</storageModule>
 	<storageModule moduleId="cdtBuildSystem" version="4.0.0">
-		<project id="test.com.renesas.cdt.managedbuild.renesas.ccrx.projectType.1174322677" name="実行可能" projectType="com.renesas.cdt.managedbuild.renesas.ccrx.projectType"/>
+		<project id="test.com.renesas.cdt.managedbuild.renesas.ccrx.projectType.1611298680" name="実行可能" projectType="com.renesas.cdt.managedbuild.renesas.ccrx.projectType"/>
 	</storageModule>
 	<storageModule moduleId="scannerConfiguration">
 		<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
 	</storageModule>
 	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
 	<storageModule moduleId="refreshScope" versionNumber="2">
+		<configuration configurationName="HardwareDebug">
+			<resource resourceType="PROJECT" workspacePath="/test"/>
+		</configuration>
 		<configuration configurationName="Debug">
 			<resource resourceType="PROJECT" workspacePath="/test"/>
 		</configuration>

IDE/Renesas/e2studio/Projects/test/.project

@@ -17,6 +17,11 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>com.renesas.cdt.managedbuild.renesas.misrachecker.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 	</buildSpec>
 	<natures>
 		<nature>org.eclipse.cdt.core.cnature</nature>
@@ -24,6 +29,16 @@
 		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
 	</natures>
 	<linkedResources>
+		<link>
+			<name>src/benchmark.c</name>
+			<type>1</type>
+			<locationURI>$%7BPARENT-5-PROJECT_LOC%7D/wolfcrypt/benchmark/benchmark.c</locationURI>
+		</link>
+		<link>
+			<name>src/benchmark.h</name>
+			<type>1</type>
+			<locationURI>$%7BPARENT-5-PROJECT_LOC%7D/wolfcrypt/benchmark/benchmark.h</locationURI>
+		</link>
 		<link>
 			<name>src/test.c</name>
 			<type>1</type>
@@ -32,7 +47,13 @@
 		<link>
 			<name>src/wolfssl_dummy.c</name>
 			<type>1</type>
-			<locationURI>PARENT-1-PROJECT_LOC/common/wolfssl_dummy.c</locationURI>
+			<locationURI>$%7BPARENT-1-PROJECT_LOC%7D/common/wolfssl_dummy.c</locationURI>
 		</link>
 	</linkedResources>
+	<variableList>
+		<variable>
+			<name>copy_PARENT</name>
+			<value>$%7BPARENT-3-ECLIPSE_HOME%7D/workspace/wolfssl</value>
+		</variable>
+	</variableList>
 </projectDescription>

IDE/Renesas/e2studio/Projects/test/src/key_data.c

@@ -0,0 +1,164 @@
+/* key_data.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include "key_data.h"
+#ifdef WOLFSSL_RENESAS_TSIP
+
+/* The following key data is an dummy data. */
+/* Please replace them by your own data     */
+const st_key_block_data_t g_key_block_data =
+{
+
+   /* uint8_t encrypted_session_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
+   {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+   },
+   /* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
+   {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+   },
+   /* uint8_t encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]; */
+   {
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    },
+};
+
+const uint32_t s_flash[] =
+{
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000,
+};
+
+/* ./ca-cert.der.sign,  */
+const unsigned char ca_cert_sig[] =
+{
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+const int sizeof_ca_cert_sig = sizeof(ca_cert_sig);
+
+/* ./client-cert.der.sign,  */
+const unsigned char client_cert_der_sign[] =
+{
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
+
+uint32_t s_inst1[R_TSIP_SINST_WORD_SIZE] = { 0 };
+uint32_t s_inst2[R_TSIP_SINST2_WORD_SIZE]= { 0 };
+#endif

IDE/Renesas/e2studio/Projects/test/src/key_data.h

@@ -0,0 +1,45 @@
+/* key_data.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#ifndef KEY_DATA_H_
+#define KEY_DATA_H_
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_RENESAS_TSIP
+#include "r_tsip_rx_if.h"
+
+/** user key datas */
+typedef struct key_block_data
+{
+    uint8_t  encrypted_session_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2];
+    uint8_t  iv[R_TSIP_AES_CBC_IV_BYTE_SIZE];
+    uint8_t  encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
+} st_key_block_data_t;
+
+extern const st_key_block_data_t g_key_block_data;
+extern const uint32_t s_flash[];
+extern const unsigned char ca_cert_der[];
+extern const int sizeof_ca_cert_der;
+extern const unsigned char ca_cert_sig[];
+extern const unsigned char client_cert_der_sign[];
+
+#endif /* WOLFSSL_RENESAS_TSIP */
+#endif /* KEY_DATA_H_ */
+

IDE/Renesas/e2studio/Projects/test/src/test_main.c

@@ -26,6 +26,10 @@
 #endif
 
 #include "stdio.h"
+#include "stdint.h"
+#include <wolfssl/wolfcrypt/settings.h>
+#include "wolfssl/wolfcrypt/types.h"
+#include "wolfssl_demo.h"
 
 void main(void);
 #ifdef __cplusplus
@@ -34,6 +38,29 @@ void abort(void);
 }
 #endif
 
+
+#if defined(TLS_CLIENT) || defined(TLS_SERVER)
+    #include "r_t4_itcpip.h"
+    #include "r_sys_time_rx_if.h"
+    #include "Pin.h"
+
+    #define T4_WORK_SIZE (14800)
+    static UW tcpudp_work[(T4_WORK_SIZE / 4) + 1];
+
+#if defined(WOLFSSL_RENESAS_TSIP)
+    #include "key_data.h"
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+
+    extern const st_key_block_data_t g_key_block_data;
+#endif
+#endif
+
+static long tick;
+static void timeTick(void *pdata)
+{
+    tick++;
+}
+
 typedef struct func_args {
     int    argc;
     char** argv;
@@ -42,13 +69,148 @@ typedef struct func_args {
 
 
 void wolfcrypt_test(func_args args);
+int benchmark_test(void *args);
+
+double current_time(int reset)
+{
+      if(reset) tick = 0 ;
+      return ((double)tick/FREQ) ;
+}
+
+#if defined(TLS_CLIENT) || defined(TLS_SERVER)
+
+int SetTsiptlsKey()
+{
+#if defined(WOLFSSL_RENESAS_TSIP) && defined(TLS_CLIENT)
+    tsip_inform_cert_sign((const byte *)ca_cert_sig);
+    tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
+                          (byte*)&g_key_block_data.iv,
+                          (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
+#elif defined(WOLFSSL_RENESAS_TSIP) && defined(TLS_SERVER)
+    tsip_inform_cert_sign((const byte *)client_cert_der_sign);
+    tsip_inform_user_keys((byte*)&g_key_block_data.encrypted_session_key,
+                          (byte*)&g_key_block_data.iv,
+                          (byte*)&g_key_block_data.encrypted_user_rsa2048_ne_key);
+#endif
+    return 0;
+}
+
+int Open_tcp( )
+{
+    ER  ercd;
+    W   size;
+    sys_time_err_t sys_ercd;
+    char ver[128];
+
+    /* cast from uint8_t to char* */
+    strcpy(ver, (char*)R_t4_version.library);
+
+    sys_ercd = R_SYS_TIME_Open();
+    if (sys_ercd != SYS_TIME_SUCCESS) {
+        printf("ERROR : R_SYS_TIME_Open() failed\n");
+        return -1;
+    }
+    R_Pins_Create();
+    /* start LAN controller */
+    ercd = lan_open();
+    /* initialize TCP/IP */
+    size = tcpudp_get_ramsize();
+    if (size > (sizeof(tcpudp_work))) {
+        printf("size > (sizeof(tcpudp_work))!\n");
+        return -1;
+    }
+    ercd = tcpudp_open(tcpudp_work);
+    if (ercd != E_OK) {
+        printf("ERROR : tcpudp_open failed\n");
+        return -1;
+    }
+
+    return 0;
+}
+
+void Close_tcp()
+{
+    /* end TCP/IP */
+    tcpudp_close();
+    lan_close();
+    R_SYS_TIME_Close();
+}
+#endif
+
 void main(void)
 {
-	func_args args = {1};
+    (void)timeTick;
 
-	printf("Start wolfCrypt Test\n");
-	wolfcrypt_test(args);
-	printf("End wolfCrypt Test\n");
+#if defined(CRYPT_TEST) || defined(BENCHMARK)
+#if defined(CRYPT_TEST)
+    int ret;
+    func_args args = { 0 };
+
+    if ((ret = wolfCrypt_Init()) != 0) {
+         printf("wolfCrypt_Init failed %d\n", ret);
+    }
+
+    printf("Start wolfCrypt Test\n");
+    wolfcrypt_test(args);
+    printf("End wolfCrypt Test\n");
+
+    if ((ret = wolfCrypt_Cleanup()) != 0) {
+        printf("wolfCrypt_Cleanup failed %d\n", ret);
+    }
+#endif
+#if defined(BENCHMARK)
+    #include "r_cmt_rx_if.h"
+
+    uint32_t channel;
+    R_CMT_CreatePeriodic(FREQ, &timeTick, &channel);
+
+    printf("Start wolfCrypt Benchmark\n");
+    benchmark_test(NULL);
+    printf("End wolfCrypt Benchmark\n");
+#endif
+#elif defined(TLS_CLIENT)
+#if   defined(WOLFSSL_RENESAS_TSIP)
+    const char* cipherlist[] = {
+       /* NULL */
+       "AES128-SHA",
+       "AES128-SHA256",
+       "AES256-SHA",
+       "AES256-SHA256"
+    };
+    const int cipherlist_sz = 4;
+#else
+    const char* cipherlist[] = { NULL };
+    const int cipherlist_sz = 0;
+
+#endif
+    int i = 0;
+
+    Open_tcp();
+#if   defined(WOLFSSL_RENESAS_TSIP)
+    SetTsiptlsKey();
+#endif
+
+    do {
+        if(cipherlist_sz > 0 ) printf("cipher : %s\n", cipherlist[i]);
+        wolfSSL_TLS_client_init(cipherlist[i]);
+        wolfSSL_TLS_client();
+
+        i++;
+    } while (i < cipherlist_sz);
+
+    Close_tcp();
+#elif defined(TLS_SERVER)
+
+    Open_tcp();
+#if   defined(WOLFSSL_RENESAS_TSIP)
+    SetTsiptlsKey();
+#endif
+
+    wolfSSL_TLS_server_init();
+    wolfSSL_TLS_server();
+
+    Close_tcp();
+#endif
 }
 
 #ifdef __cplusplus

IDE/Renesas/e2studio/Projects/test/src/wolf_client.c

@@ -0,0 +1,205 @@
+/* wolf_client.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "r_t4_itcpip.h"
+
+#include "wolfssl/wolfcrypt/settings.h"
+#include "wolfssl/ssl.h"
+#include "wolfssl/certs_test.h"
+#include "key_data.h"
+
+#define SIMPLE_TLSSEVER_IP       "192.168.1.45"
+#define SIMPLE_TLSSERVER_PORT    "11111"
+
+ER    t4_tcp_callback(ID cepid, FN fncd , VP p_parblk);
+uint32_t g_encrypted_root_public_key[140];
+
+static WOLFSSL_CTX *client_ctx;
+
+static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    int ret;
+    ID  cepid;
+
+    if(ctx != NULL)
+        cepid = *(ID *)ctx;
+    else
+        return WOLFSSL_CBIO_ERR_GENERAL;
+
+    ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR);
+    if(ret > 0)
+        return ret;
+    else
+        return WOLFSSL_CBIO_ERR_GENERAL;
+}
+
+static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    int ret;
+    ID  cepid;
+
+    if(ctx != NULL)
+        cepid = *(ID *)ctx;
+    else
+        return WOLFSSL_CBIO_ERR_GENERAL;
+
+    ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR);
+    if(ret == sz)
+        return ret;
+    else
+        return WOLFSSL_CBIO_ERR_GENERAL;
+}
+
+static int getIPaddr(char *arg)
+{
+    int a1, a2, a3, a4;
+    if(sscanf(arg, "%d.%d.%d.%d", &a1, &a2, &a3, &a4) == 4)
+         return (a1 << 24) | (a2 << 16) | (a3 << 8) | a4;
+    else return 0;
+}
+
+static int getPort(char *arg)
+{
+    int port;
+    if(sscanf(arg, "%d", &port) == 1)
+         return port;
+    else return 0;
+}
+
+void wolfSSL_TLS_client_init(const char* cipherlist)
+{
+
+    #ifndef NO_FILESYSTEM
+        #ifdef USE_ECC_CERT
+        char *cert       = "./certs/ca-ecc-cert.pem";
+        #else
+        char *cert       = "./certs/ca-cert.pem";
+        #endif
+    #else
+        #ifdef USE_ECC_CERT
+        const unsigned char *cert       = ca_ecc_der_256;
+        #define  SIZEOF_CERT sizeof_ca_ecc_der_256
+        #else
+        const unsigned char *cert       = ca_cert_der_2048;
+        #define  SIZEOF_CERT sizeof_ca_cert_der_2048
+        #endif
+    #endif
+
+    wolfSSL_Init();
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((client_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method_ex((void *)NULL))) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        return;
+    }
+
+    #if !defined(NO_FILESYSTEM)
+    if (wolfSSL_CTX_load_verify_locations(client_ctx, cert, 0) != SSL_SUCCESS) {
+        printf("ERROR: can't load \"%s\"\n", cert);
+        return NULL;
+    }
+    #else
+    if (wolfSSL_CTX_load_verify_buffer(client_ctx, cert, SIZEOF_CERT, SSL_FILETYPE_ASN1) != SSL_SUCCESS){
+           printf("ERROR: can't load certificate data\n");
+       return;
+    }
+    #endif
+
+    /* Register callbacks */
+    wolfSSL_SetIORecv(client_ctx, my_IORecv);
+    wolfSSL_SetIOSend(client_ctx, my_IOSend);
+
+    /* use specific cipher */
+    if (cipherlist != NULL && wolfSSL_CTX_set_cipher_list(client_ctx, cipherlist) != WOLFSSL_SUCCESS) {
+        wolfSSL_CTX_free(client_ctx); client_ctx = NULL;
+        printf("client can't set cipher list 1");
+    }
+}
+
+void wolfSSL_TLS_client( )
+{
+    ID cepid = 1;
+    ER ercd;
+    int ret;
+    WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx;
+    WOLFSSL *ssl;
+    #define BUFF_SIZE 256
+    static const char sendBuff[]= "Hello Server\n" ;
+    char    rcvBuff[BUFF_SIZE] = {0};
+    static T_IPV4EP my_addr = { 0, 0 };
+    T_IPV4EP dst_addr;
+
+    if((dst_addr.ipaddr = getIPaddr(SIMPLE_TLSSEVER_IP)) == 0){
+        printf("ERROR: IP address\n");
+        return;
+    }
+    if((dst_addr.portno = getPort(SIMPLE_TLSSERVER_PORT)) == 0){
+        printf("ERROR: IP address\n");
+        return;
+    }
+
+    if((ercd = tcp_con_cep(cepid, &my_addr, &dst_addr, TMO_FEVR)) != E_OK) {
+        printf("ERROR TCP Connect: %d\n", ercd);
+        return;
+    }
+
+    if((ssl = wolfSSL_new(ctx)) == NULL) {
+        printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
+        return;
+    }
+
+    /* set callback context */
+    wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
+    wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
+
+    if(wolfSSL_connect(ssl) != SSL_SUCCESS) {
+        printf("ERROR SSL connect: %d\n",  wolfSSL_get_error(ssl, 0));
+        return;
+    }
+
+    if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
+        printf("ERROR SSL write: %d\n", wolfSSL_get_error(ssl, 0));
+        return;
+    }
+
+    if ((ret=wolfSSL_read(ssl, rcvBuff, BUFF_SIZE)) < 0) {
+        printf("ERROR SSL read: %d\n", wolfSSL_get_error(ssl, 0));
+        return;
+    }
+
+    rcvBuff[ret] = '\0' ;
+    printf("Received: %s\n", rcvBuff);
+
+    /* frees all data before client termination */
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+    wolfSSL_Cleanup();
+
+    tcp_sht_cep(cepid);
+    tcp_cls_cep(cepid, TMO_FEVR);
+
+    return;
+}

IDE/Renesas/e2studio/Projects/test/src/wolf_server.c

@@ -0,0 +1,203 @@
+/* wolf_server.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <stdio.h>
+#include <string.h>
+#include "r_t4_itcpip.h"
+
+#include "wolfssl/wolfcrypt/settings.h"
+#include "wolfssl/ssl.h"
+#include "wolfssl/certs_test.h"
+#include "wolfssl_demo.h"
+
+static WOLFSSL_CTX *server_ctx;
+static byte doCliCertCheck;
+
+static int my_IORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    int ret;
+    ID  cepid;
+
+    if(ctx != NULL)
+        cepid = *(ID *)ctx;
+    else
+        return WOLFSSL_CBIO_ERR_GENERAL;
+
+    ret = tcp_rcv_dat(cepid, buff, sz, TMO_FEVR);
+    if(ret == sz)
+       return ret;
+    else
+       return WOLFSSL_CBIO_ERR_GENERAL;
+}
+
+static int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    int ret;
+    ID  cepid;
+
+    if(ctx != NULL)
+        cepid = *(ID *)ctx;
+    else
+        return WOLFSSL_CBIO_ERR_GENERAL;
+
+    ret = tcp_snd_dat(cepid, buff, sz, TMO_FEVR);
+    if(ret == sz)
+        return ret;
+    else
+        return WOLFSSL_CBIO_ERR_GENERAL;
+}
+
+
+void wolfSSL_TLS_server_init(byte doClientCheck)
+{
+
+    int ret;
+
+
+    #ifndef NO_FILESYSTEM
+        #ifdef USE_ECC_CERT
+        char *cert       = "./certs/server-ecc-cert.pem";
+        char *key        = "./certs/server-ecc-key.pem";
+        #else
+        char *cert       = "./certs/server-cert.pem";
+        char *key        = "./certs/server-key.pem";
+        #endif
+        char *clientCert = "./certs/client-cert.pem";
+    #else
+        #ifdef USE_ECC_CERT
+        char *cert       = serv_ecc_der_256;
+        int  sizeof_cert = sizeof_serv_ecc_der_256;
+        char *cert       = serv_ecc_key_der_256;
+        int  sizeof_key  = sizeof_serv_ecc_key_der_256;
+        #else
+        const unsigned char *cert       = server_cert_der_2048;
+        #define sizeof_cert sizeof_server_cert_der_2048
+        const unsigned char *key        = server_key_der_2048;
+        #define  sizeof_key sizeof_server_key_der_2048
+        const unsigned char *clientCert = client_cert_der_2048;
+        #define  sizeof_clicert sizeof_client_cert_der_2048
+        #endif
+    #endif
+
+
+    wolfSSL_Init();
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((server_ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex((void *)NULL)))
+                                                                    == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        return;
+    }
+
+    #if !defined(NO_FILESYSTEM)
+        ret = wolfSSL_CTX_use_certificate_file(server_ctx, cert, 0);
+    #else
+        ret = wolfSSL_CTX_use_certificate_buffer(server_ctx, cert,
+                                            sizeof_cert, SSL_FILETYPE_ASN1);
+    #endif
+        if (ret != SSL_SUCCESS) {
+            printf("Error %d loading server-cert!\n", ret);
+            return;
+        }
+
+        /* Load server key into WOLFSSL_CTX */
+    #if !defined(NO_FILESYSTEM)
+        ret = wolfSSL_CTX_use_PrivateKey_file(server_ctx, key, 0);
+    #else
+        ret = wolfSSL_CTX_use_PrivateKey_buffer(server_ctx, key, sizeof_key, 
+                                                        SSL_FILETYPE_ASN1);
+    #endif
+        if (ret != SSL_SUCCESS) {
+            printf("Error %d loading server-key!\n", ret);
+            return;
+        }
+#if defined(WOLFSSL_RENESAS_TSIP)
+        doCliCertCheck = 1;
+#endif
+        if (doCliCertCheck) {
+            wolfSSL_CTX_set_verify(server_ctx, WOLFSSL_VERIFY_PEER |
+                                WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
+#if !defined(NO_FILESYSTEM)
+            if (wolfSSL_CTX_load_verify_locations(server_ctx, clientCert, 0) 
+                                                                != WOLFSSL_SUCCESS)
+#else
+            if (wolfSSL_CTX_load_verify_buffer(server_ctx, clientCert, 
+                                               sizeof_clicert,
+                                               SSL_FILETYPE_ASN1) != SSL_SUCCESS)
+#endif
+                printf("can't load ca file, Please run from wolfSSL home dir\n");
+        }
+   
+   /* Register callbacks */
+   wolfSSL_SetIORecv(server_ctx, my_IORecv);
+   wolfSSL_SetIOSend(server_ctx, my_IOSend);
+   
+}
+
+void wolfSSL_TLS_server( )
+{
+    ID cepid = 1;
+    ID repid = 1;
+    ER ercd;
+    WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)server_ctx;
+
+    WOLFSSL *ssl;
+    int len;
+    #define BUFF_SIZE 256
+    char buff[BUFF_SIZE];
+    T_IPV4EP dst_addr = {0, 0};
+
+    if((ercd = tcp_acp_cep(cepid, repid, &dst_addr, TMO_FEVR)) != E_OK) {
+        printf("ERROR TCP Accept: %d\n", ercd);
+        return;
+    }
+
+    if((ssl = wolfSSL_new(ctx)) == NULL) {
+        printf("ERROR: failed wolfSSL_new\n");
+        return;
+    }
+
+    wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);
+    wolfSSL_SetIOWriteCtx(ssl, (void *)&cepid);
+
+    if (wolfSSL_accept(ssl) < 0) {
+        printf("ERROR: SSL Accept(%d)\n", wolfSSL_get_error(ssl, 0));
+        return;
+    }
+
+    if ((len = wolfSSL_read(ssl, buff, sizeof(buff) - 1)) < 0) {
+        printf("ERROR: SSL Read(%d)\n", wolfSSL_get_error(ssl, 0));
+        return;
+    }
+
+    buff[len] = '\0';
+    printf("Received: %s\n", buff);
+
+    if (wolfSSL_write(ssl, buff, len) != len) {
+        printf("ERROR: SSL Write(%d)\n", wolfSSL_get_error(ssl, 0));
+        return;
+    }
+
+    wolfSSL_free(ssl);
+    tcp_sht_cep(cepid);
+}

IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h

@@ -0,0 +1,48 @@
+/* wolfssl_demo.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_DEMO_H_
+#define WOLFSSL_DEMO_H_
+
+#define FREQ 10000 /* Hz */
+
+/* Enable wolfcrypt test */
+/* can be enabled with benchmark test */
+/* #define CRYPT_TEST    */
+
+/* Enable benchmark               */
+/* can be enabled with cyrpt test */
+/* #define BENCHMARK     */
+
+/* Enable TLS client     */
+/* cannot enable with other definition */
+/* #define TLS_CLIENT */
+
+/* Enable TLS server     */
+/* cannot enable with other definition */
+/* #define TLS_SERVER */
+
+void wolfSSL_TLS_client_init();
+void wolfSSL_TLS_client();
+void wolfSSL_TLS_server_init();
+void wolfSSL_TLS_server();
+
+#endif /* WOLFSSL_DEMO_H_ */

IDE/Renesas/e2studio/Projects/tools/generate_rsa_keypair.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+
+function usage(){
+    cat << _EOT_
+    Usage :
+     $0 [-g] [-]
+
+    Description:
+     Generate 2048 bit Rsa key pair and Display modulus and public exponent
+     
+    Options:
+      -g    generate rsa key pair, default on
+      -s    only show modulus and public exponent
+_EOT_
+exit 1
+}
+
+FLAG_G="on"
+FLAG_S="off"
+
+    while getopts gsh OPT
+    do
+        case $OPT in
+        g)
+          FLAG_G="on"
+          ;;
+        s)
+          FLAG_S="on"
+          FLAG_G="off"
+          ;;
+        h)
+          usage
+          ;;
+        \?)
+          usage
+          ;;
+        esac
+    done
+
+if [ $FLAG_G = "on" ]; then
+    # generate 2048bit Rsa private key
+    openssl genrsa 2048 2> /dev/null > private-key.pem 
+    # expose public key
+    openssl rsa -in private-key.pem -pubout -out public-key.pem 2> /dev/null
+fi
+
+if [ $FLAG_S = "on" ]; then
+    # display modulus and exponent
+    openssl rsa -modulus < private-key.pem 2>/dev/null | grep Modulus=
+    openssl rsa -text < private-key.pem 2> /dev/null | grep publicExponent
+fi
+

IDE/Renesas/e2studio/Projects/tools/genhexbuf.pl

@@ -0,0 +1,89 @@
+#!/usr/bin/perl
+
+# genhexbuf.pl
+# Copyright (C) 2019 wolfSSL Inc.
+#
+
+use strict;
+use warnings;
+
+# ---- SCRIPT SETTINGS -------------------------------------------------------
+
+# output C header file to write cert/key buffers to
+my $outputFile = "certs_sig_data.h";
+
+# rsa keys and certs to be converted
+
+my @fileList = (
+# please add your der file and name of the data for C language
+        #   der file name     name of the data
+        #[ "./yourder.der",    "your_der_name_in_C" ],
+        [ "./ca-cert.der",    "ca_cert_der" ],
+        [ "./ca-cert.der.sign",    "ca_cert_der_sign" ],
+        );
+
+
+# ----------------------------------------------------------------------------
+
+my $num = @fileList;
+
+# open our output file, "+>" creates and/or truncates
+open OUT_FILE, "+>", $outputFile  or die $!;
+
+print OUT_FILE "/* certs_sig_data.h */\n\n";
+print OUT_FILE "#ifndef WOLFSSL_CERTS_SIG_DATA_H\n";
+print OUT_FILE "#define WOLFSSL_CERTS_SIG_DATA_H\n\n";
+
+
+# convert and print 1024-bit cert/keys
+for (my $i = 0; $i < $num; $i++) {
+
+    my $fname = $fileList[$i][0];
+    my $sname = $fileList[$i][1];
+
+    print OUT_FILE "/* $fname,  */\n";
+    print OUT_FILE "static const unsigned char $sname\[] =\n";
+    print OUT_FILE "{\n";
+    file_to_hex($fname);
+    print OUT_FILE "};\n";
+    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+}
+print OUT_FILE "#endif /* WOLFSSL_CERTS_SIG_DATA_H */\n\n";
+
+
+# print file as hex, comma-separated, as needed by C buffer
+sub file_to_hex {
+    my $fileName = $_[0];
+
+    open my $fp, "<", $fileName or die $!;
+    binmode($fp);
+
+    my $fileLen = -s $fileName;
+    my $byte;
+
+    for (my $i = 0, my $j = 1; $i < $fileLen; $i++, $j++)
+    {
+        if ($j == 1) {
+            print OUT_FILE "        ";
+        }
+        if ($j != 1) {
+            print OUT_FILE " ";
+        }
+        read($fp, $byte, 1) or die "Error reading $fileName";
+        my $output = sprintf("0x%02X", ord($byte));
+        print OUT_FILE $output;
+
+        if ($i != ($fileLen - 1)) {
+            print OUT_FILE ",";
+        }
+
+        if ($j == 10) {
+            $j = 0;
+            print OUT_FILE "\n";
+        }
+    }
+
+    print OUT_FILE "\n";
+
+    close($fp);
+}

IDE/Renesas/e2studio/Projects/tools/rsa_pss_sign.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+SIGOPT=rsa_padding_mode:pss
+SIGOPT2=rsa_pss_saltlen:-1
+
+function usage() {
+    cat <<_EOT_
+    Usage:
+      $0 <pri key> <pub key> <file name>
+
+      pri key : private key for sign/verify
+      pub key : public key for sign/verify
+      file name : file name to be signed
+
+_EOT_
+exit 1
+}
+
+if [ $# -ne 3 ]; then
+    usage
+fi
+
+# $1 private key for sign/verify
+# $2 public key for verify
+# $3 file for sign/verify
+
+openssl dgst -sha256 -sign $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -out $3.sign $3
+
+echo verify by private key
+openssl dgst -sha256 -prverify $1 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature $3.sign $3
+
+echo verifiy by public key
+openssl dgst -sha256 -verify $2 -sigopt $SIGOPT -sigopt $SIGOPT2 -signature $3.sign $3
+

IDE/Renesas/e2studio/Projects/wolfssl/.cproject

@@ -14,7 +14,7 @@
 			</storageModule>
 			<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
 				<option id="toolchain.id" value="Renesas_RXC"/>
-				<option id="toolchain.version" value="v2.08.00"/>
+				<option id="toolchain.version" value="v3.00.00"/>
 			</storageModule>
 			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
 				<configuration artifactExtension="lib" artifactName="${ProjName}" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug" description="Debug" id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.13311124" name="Debug" parent="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration">
@@ -33,6 +33,7 @@
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos.313687436" name="Check RTOS" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.checkRtos" useByScannerDiscovery="false" value="unusedRtos" valueType="string"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp.963524125" name="Has DSP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.hasDsp" useByScannerDiscovery="false" value="false" valueType="string"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily.664031971" name="Device Family" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceFamily" useByScannerDiscovery="false" value="RX71M" valueType="string"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory.1128940076" name="Device history" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.common.option.deviceHistory" useByScannerDiscovery="false" value="non_init;R5F571MLCxFC" valueType="string"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler.958103973" name="Compiler" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.compiler">
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.1276851320" name="浮動小数点演算命令を使用する" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
@@ -40,11 +41,16 @@
 									<listOptionValue builtIn="false" value="${ProjDirPath}/../common"/>
 									<listOptionValue builtIn="false" value="${ProjDirPath}//../../../../../"/>
 									<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
+									<listOptionValue builtIn="false" value="${ProjDirPath}/../test/src/smc_gen/"/>
+									<listOptionValue builtIn="false" value="${ProjDirPath}/../test/src/smc_gen/r_bsp"/>
+									<listOptionValue builtIn="false" value="${ProjDirPath}/../test/src/smc_gen/r_config"/>
+									<listOptionValue builtIn="false" value="${ProjDirPath}/../test/src/smc_gen/r_tsip_rx"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define.687020263" name="プリプロセッサ・マクロの定義" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.define" useByScannerDiscovery="false" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
 								</option>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.1494793389" name="Cソース" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.langFileC.c99" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.573554071" name="最適化レベル" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.optimize.level2" valueType="enumerated"/>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType.971510512" name="Compiler Input C" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gcc.inputType"/>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType.948214383" name="Compiler Input CPP" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.gpp.inputType"/>
 							</tool>
@@ -59,7 +65,7 @@
 									<listOptionValue builtIn="false" value="D_2=R_2"/>
 								</option>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection.1739258398" name="セクション" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.linkerSection" useByScannerDiscovery="false" value="SU,SI,B_1,R_1,B_2,R_2,B,R/04,PResetPRG,C_1,C_2,C,C$*,D*,W*,L,PIntPRG,P/0FFC00000,EXCEPTVECT/0FFFFFF80,RESETVECT/0FFFFFFFC" valueType="string"/>
-								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1344120748" name="(リンク順序のリスト)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" valueType="stringList">
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1344120748" name="(リンク順序のリスト)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;.\src\sample3.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\sample1.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\sample2.obj&quot;"/>

IDE/Renesas/e2studio/Projects/wolfssl/.project

@@ -69,6 +69,21 @@
 			<type>1</type>
 			<locationURI>PARENT-5-PROJECT_LOC/src/wolfio.c</locationURI>
 		</link>
+		<link>
+			<name>wolfcrypt/port/renesas_tsip_aes.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/port/renesas_tsip_sha.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c</locationURI>
+		</link>
+		<link>
+			<name>wolfcrypt/port/renesas_tsip_util.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/port/Renesas/renesas_tsip_util.c</locationURI>
+		</link>
 		<link>
 			<name>wolfcrypt/src/aes.c</name>
 			<type>1</type>

IDE/VS-AZURE-SPHERE/README.md

@@ -0,0 +1,145 @@
+wolfSSL for Microsoft Azure Sphere Devices
+==========================================
+
+## Description
+This directory contains the Visual Studio projects targeted for Azure Sphere.
+The example projects include a client, server and wolfCrypt Library Test.
+Each of these projects relies on the wolfSSL static library project.
+Each project uses `user_settings.h` for to enable and disable features.
+
+
+### Set Up Steps
+0. Setup your Azure Sphere device.
+   [Install Azure Sphere](https://docs.microsoft.com/en-us/azure-sphere/install/install)
+   [Set up an account](https://docs.microsoft.com/en-us/azure-sphere/install/azure-directory-account)
+   [Claim your device](https://docs.microsoft.com/en-us/azure-sphere/install/claim-device)
+   [Configure networking](https://docs.microsoft.com/en-us/azure-sphere/install/configure-wifi)
+
+1. Open the wolfssl Microsoft Visual Studio Solution
+
+2. Build All the Projects
+    + Right Click: `Solution 'wolfssl' (4 of 4 projects)`
+    + Click: `Build Solution`
+
+3. Connect your Azure Sphere MT3620 Development Board using USB.
+
+4. Run the wolfCrypt Library Test
+    + Right Click: `wolfcrypt_test (Azure Sphere)`
+    + Click: `Debug->'Start new instance'.`
+
+5. Wait for the wolfCrypt Library Test to finish.
+
+6. Test the client.
+    + Run client(Azure Sphere) using: `Debug->'Start new instance'`
+
+It's OK if the HTTP GET request returns an error.
+The TLS connection was successful.
+
+7. Test the server.
+    + Run server(Azure Sphere) using: `Debug->'Start new instance'`
+    + Run the following wolfSSL example client command inside wolfssl directory.
+
+```
+./examples/client/client -h "Server IP Address" -p 11111 -A ./certs/ca-cert.pem
+```
+
+### Client
+The client project has defines in `user_settings.h` for:
+`SERVER_IP`, `CERT`, `SIZEOF_CERT`, `DEFAULT_PORT` and `msg`.
+These are set by default to connect to `www.wolfssl.com`.
+
+If `CUSTOM_SERVER_CONNECTION` is defined then the client would be ready to connect
+to a example server at an IP address of `192.168.1.200`.
+The example server could be started with the following command:
+
+```
+./examples/server/server -b -d -p 11111 -c ./certs/server-cert.pem -k ./certs/server-key.pem
+```
+
+Server Options Explanation:
+`    -b          Bind to any interface instead of localhost only`
+`    -c <file>   Certificate file, default ./certs/server-cert.pem`
+`    -d          Disable client cert check`
+`    -k <file>   Key file, default ./certs/server-key.pem`
+`    -p <num>    Port to listen on, not 0, default 11111`
+`    -? <num>    Help, print this usage`
+
+
+This command assumes that you're in the base directory of 'wolfssl' and it has
+been configured and compiled on a computer with an IP address of `192.168.1.200`.
+Change `SERVER_IP` under `CUSTOM_SERVER_CONNECTION` in `user_settings.h`
+accordingly.
+
+If you would like to connect to a website on the internet other then
+`www.wolfssl.com` then you would need to put it's corresponding CA certificate
+in `client.h` similarly to `wolfssl_website_root_ca`.
+
+The `CERT` and `SIZEOF_CERT` array could be created using the `dertoc.pl`
+script under `wolfssl/scripts/dertoc.pl`.
+
+Usage Example:
+
+```
+./scripts/dertoc.pl ./certs/server-cert.der server_cert_der_2048 dertoc.c
+```
+
+You would then copy the generated output from `dertoc.c` into `client.h` and set
+CERT and `SIZEOF_CERT` accordingly inside `user_settings.h`.
+The IP address of the server to connect to also needs to be added to the client's
+`app_manifest.json` under 'AllowedConnections'.  There are IP addresses in the
+default `app_manifest.json` for testing purposes and can be removed if not needed.
+
+
+### Server
+The Server application will wait for any incoming client connections once built
+and uploaded to the MT3620 Development board.
+
+The following wolfSSL example client can connect to a server on the MT3620 board:
+
+```
+./examples/client/client -h "Server IP Address" -p 11111 -A ./certs/ca-cert.pem
+```
+
+Client Options Explanation:
+`    -A <file>   Certificate Authority file, default ./certs/ca-cert.pem`
+`    -h <host>   Host to connect to, default 127.0.0.1`
+`    -p <num>    Port to listen on, not 0, default 11111`
+`    -? <num>    Help, print this usage`
+
+
+### wolfCrypt Test
+This tests the wolfCrypt Library.
+This is a good test to run if you change the options in `user_settings.h`.
+
+
+### Troubleshooting
+* Ensure your Azure Sphere MT3620 Development Board was set up using the
+  instructions using the Azure Sphere Documentation (See Link Below).
+  This includes claiming your device, updating device, setting up networking,
+  and prepping for debug.
+
+* The commands for the example client/server assumes it is being run from the
+  base directory of wolfssl.
+
+[Azure Sphere Documentation](https://docs.microsoft.com/en-us/azure-sphere/)
+
+[Support Forum](https://www.wolfssl.com/forums/)
+
+[Support Email](support@wolfssl.com)
+
+
+### Resources
+
+[wolfSSL Website](https://www.wolfssl.com/)
+
+[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
+
+[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
+
+[wolfSSL API Reference]
+(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
+
+[wolfCrypt API Reference]
+(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
+
+[TLS 1.3](https://www.wolfssl.com/docs/tls13/)

IDE/VS-AZURE-SPHERE/client/app_manifest.json

@@ -0,0 +1,17 @@
+{
+  "SchemaVersion": 1,
+  "Name": "wolfSSL_Client",
+  "ComponentId": "00000000-0000-0000-0000-000000000002",
+  "EntryPoint": "/bin/app",
+  "CmdArgs": [],
+  "Capabilities": {
+    "AllowedConnections": [
+      "www.wolfssl.com",
+      "192.168.1.128",
+      "192.168.1.150",
+      "192.168.1.200",
+      "192.168.1.225"
+    ]
+  },
+  "ApplicationType": "Default"
+}

IDE/VS-AZURE-SPHERE/client/client.c

@@ -0,0 +1,132 @@
+/* client.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include "client.h"
+/* the usual suspects */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/* socket includes */
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <unistd.h>
+
+/* utility functions shared between client and server */
+#include <shared/util.h>
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/certs_test.h>
+
+/* Azure Sphere */
+#include <applibs/networking.h>
+
+int main(int argc, char** argv)
+{
+    bool isNetworkingReady = false;
+    SOCKET_T           sockfd = 0;
+    char               buff[256];
+    size_t             len;
+    int ret;
+
+    /* declare wolfSSL objects */
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL* ssl = NULL;
+
+	util_PrintIfAddr();
+
+    /* Check if the Azure Sphere Dev Board has network connectivity. */
+    if ((Networking_IsNetworkingReady(&isNetworkingReady) < 0) || !isNetworkingReady) {
+        fprintf(stderr, "ERROR: network is not up.\n");
+        return -1;
+    }
+
+    ret = wolfIO_TcpConnect(&sockfd, SERVER_IP, DEFAULT_PORT, 0);
+    if ((ret != 0) || ((int)sockfd < 0)) {
+        fprintf(stderr, "ERROR: failed to create socket.");
+        return -1;
+    }
+
+    /* Initialize wolfSSL */
+    wolfSSL_Init();
+
+    /* Create and initialize WOLFSSL_CTX */
+    ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
+    if (ctx == NULL) {
+        fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
+        util_Cleanup(sockfd,ctx,ssl);
+        return -1;
+    }
+
+    /* Load client certificates into WOLFSSL_CTX */
+    ret = wolfSSL_CTX_load_verify_buffer(ctx, CERT, SIZEOF_CERT, WOLFSSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the buffer.\n");
+        util_Cleanup(sockfd,ctx,ssl);
+        return -1;
+    }
+
+    /* Create a WOLFSSL object */
+    if ((ssl = wolfSSL_new(ctx)) == NULL) {
+        fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
+        util_Cleanup(sockfd,ctx,ssl);
+        return -1;
+    }
+
+    /* Attach wolfSSL to the socket */
+    wolfSSL_set_fd(ssl, sockfd);
+
+    /* Connect to wolfSSL on the server side */
+    if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to connect to wolfSSL\n");
+        util_Cleanup(sockfd,ctx,ssl);
+        return -1;
+    }
+
+    /* Get length of message for server. */
+    printf("\nMessage for server: %s\n",msg);
+    len = strnlen(msg, sizeof(msg));
+
+    /* Send the message to the server */
+    if (wolfSSL_write(ssl, msg, (int)len) != len) {
+        fprintf(stderr, "ERROR: failed to write\n");
+        util_Cleanup(sockfd,ctx,ssl);
+        return -1;
+    }
+
+    /* Read the server data into our buff array */
+    memset(buff, 0, sizeof(buff));
+    if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
+        fprintf(stderr, "ERROR: failed to read\n");
+        util_Cleanup(sockfd,ctx,ssl);
+        return -1;
+    }
+
+    /* Print to stdout any data the server sends */
+    printf("Server Reply: %s\n", buff);
+
+    /* Cleanup and return */
+    util_Cleanup(sockfd,ctx,ssl);
+    return 0; /* Return reporting a success */
+}

IDE/VS-AZURE-SPHERE/client/client.h

@@ -0,0 +1,119 @@
+/* client.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CLIENT_H
+#define WOLFSSL_CLIENT_H
+
+static const unsigned char wolfssl_website_root_ca[] =
+{
+    0x30, 0x82, 0x03, 0x75, 0x30, 0x82, 0x02, 0x5D, 0xA0, 0x03,
+    0x02, 0x01, 0x02, 0x02, 0x0B, 0x04, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x15, 0x4B, 0x5A, 0xC3, 0x94, 0x30, 0x0D, 0x06, 0x09,
+    0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05,
+    0x00, 0x30, 0x57, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
+    0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30, 0x17,
+    0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x10, 0x47, 0x6C, 0x6F,
+    0x62, 0x61, 0x6C, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x6E, 0x76,
+    0x2D, 0x73, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+    0x04, 0x0B, 0x13, 0x07, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43,
+    0x41, 0x31, 0x1B, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x13, 0x12, 0x47, 0x6C, 0x6F, 0x62, 0x61, 0x6C, 0x53, 0x69,
+    0x67, 0x6E, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41,
+    0x30, 0x1E, 0x17, 0x0D, 0x39, 0x38, 0x30, 0x39, 0x30, 0x31,
+    0x31, 0x32, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x32,
+    0x38, 0x30, 0x31, 0x32, 0x38, 0x31, 0x32, 0x30, 0x30, 0x30,
+    0x30, 0x5A, 0x30, 0x57, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
+    0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30,
+    0x17, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x10, 0x47, 0x6C,
+    0x6F, 0x62, 0x61, 0x6C, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x6E,
+    0x76, 0x2D, 0x73, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+    0x55, 0x04, 0x0B, 0x13, 0x07, 0x52, 0x6F, 0x6F, 0x74, 0x20,
+    0x43, 0x41, 0x31, 0x1B, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x13, 0x12, 0x47, 0x6C, 0x6F, 0x62, 0x61, 0x6C, 0x53,
+    0x69, 0x67, 0x6E, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43,
+    0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+    0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00,
+    0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02,
+    0x82, 0x01, 0x01, 0x00, 0xDA, 0x0E, 0xE6, 0x99, 0x8D, 0xCE,
+    0xA3, 0xE3, 0x4F, 0x8A, 0x7E, 0xFB, 0xF1, 0x8B, 0x83, 0x25,
+    0x6B, 0xEA, 0x48, 0x1F, 0xF1, 0x2A, 0xB0, 0xB9, 0x95, 0x11,
+    0x04, 0xBD, 0xF0, 0x63, 0xD1, 0xE2, 0x67, 0x66, 0xCF, 0x1C,
+    0xDD, 0xCF, 0x1B, 0x48, 0x2B, 0xEE, 0x8D, 0x89, 0x8E, 0x9A,
+    0xAF, 0x29, 0x80, 0x65, 0xAB, 0xE9, 0xC7, 0x2D, 0x12, 0xCB,
+    0xAB, 0x1C, 0x4C, 0x70, 0x07, 0xA1, 0x3D, 0x0A, 0x30, 0xCD,
+    0x15, 0x8D, 0x4F, 0xF8, 0xDD, 0xD4, 0x8C, 0x50, 0x15, 0x1C,
+    0xEF, 0x50, 0xEE, 0xC4, 0x2E, 0xF7, 0xFC, 0xE9, 0x52, 0xF2,
+    0x91, 0x7D, 0xE0, 0x6D, 0xD5, 0x35, 0x30, 0x8E, 0x5E, 0x43,
+    0x73, 0xF2, 0x41, 0xE9, 0xD5, 0x6A, 0xE3, 0xB2, 0x89, 0x3A,
+    0x56, 0x39, 0x38, 0x6F, 0x06, 0x3C, 0x88, 0x69, 0x5B, 0x2A,
+    0x4D, 0xC5, 0xA7, 0x54, 0xB8, 0x6C, 0x89, 0xCC, 0x9B, 0xF9,
+    0x3C, 0xCA, 0xE5, 0xFD, 0x89, 0xF5, 0x12, 0x3C, 0x92, 0x78,
+    0x96, 0xD6, 0xDC, 0x74, 0x6E, 0x93, 0x44, 0x61, 0xD1, 0x8D,
+    0xC7, 0x46, 0xB2, 0x75, 0x0E, 0x86, 0xE8, 0x19, 0x8A, 0xD5,
+    0x6D, 0x6C, 0xD5, 0x78, 0x16, 0x95, 0xA2, 0xE9, 0xC8, 0x0A,
+    0x38, 0xEB, 0xF2, 0x24, 0x13, 0x4F, 0x73, 0x54, 0x93, 0x13,
+    0x85, 0x3A, 0x1B, 0xBC, 0x1E, 0x34, 0xB5, 0x8B, 0x05, 0x8C,
+    0xB9, 0x77, 0x8B, 0xB1, 0xDB, 0x1F, 0x20, 0x91, 0xAB, 0x09,
+    0x53, 0x6E, 0x90, 0xCE, 0x7B, 0x37, 0x74, 0xB9, 0x70, 0x47,
+    0x91, 0x22, 0x51, 0x63, 0x16, 0x79, 0xAE, 0xB1, 0xAE, 0x41,
+    0x26, 0x08, 0xC8, 0x19, 0x2B, 0xD1, 0x46, 0xAA, 0x48, 0xD6,
+    0x64, 0x2A, 0xD7, 0x83, 0x34, 0xFF, 0x2C, 0x2A, 0xC1, 0x6C,
+    0x19, 0x43, 0x4A, 0x07, 0x85, 0xE7, 0xD3, 0x7C, 0xF6, 0x21,
+    0x68, 0xEF, 0xEA, 0xF2, 0x52, 0x9F, 0x7F, 0x93, 0x90, 0xCF,
+    0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x42, 0x30, 0x40, 0x30,
+    0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04,
+    0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0F, 0x06, 0x03, 0x55,
+    0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01,
+    0x01, 0xFF, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04,
+    0x16, 0x04, 0x14, 0x60, 0x7B, 0x66, 0x1A, 0x45, 0x0D, 0x97,
+    0xCA, 0x89, 0x50, 0x2F, 0x7D, 0x04, 0xCD, 0x34, 0xA8, 0xFF,
+    0xFC, 0xFD, 0x4B, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+    0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82,
+    0x01, 0x01, 0x00, 0xD6, 0x73, 0xE7, 0x7C, 0x4F, 0x76, 0xD0,
+    0x8D, 0xBF, 0xEC, 0xBA, 0xA2, 0xBE, 0x34, 0xC5, 0x28, 0x32,
+    0xB5, 0x7C, 0xFC, 0x6C, 0x9C, 0x2C, 0x2B, 0xBD, 0x09, 0x9E,
+    0x53, 0xBF, 0x6B, 0x5E, 0xAA, 0x11, 0x48, 0xB6, 0xE5, 0x08,
+    0xA3, 0xB3, 0xCA, 0x3D, 0x61, 0x4D, 0xD3, 0x46, 0x09, 0xB3,
+    0x3E, 0xC3, 0xA0, 0xE3, 0x63, 0x55, 0x1B, 0xF2, 0xBA, 0xEF,
+    0xAD, 0x39, 0xE1, 0x43, 0xB9, 0x38, 0xA3, 0xE6, 0x2F, 0x8A,
+    0x26, 0x3B, 0xEF, 0xA0, 0x50, 0x56, 0xF9, 0xC6, 0x0A, 0xFD,
+    0x38, 0xCD, 0xC4, 0x0B, 0x70, 0x51, 0x94, 0x97, 0x98, 0x04,
+    0xDF, 0xC3, 0x5F, 0x94, 0xD5, 0x15, 0xC9, 0x14, 0x41, 0x9C,
+    0xC4, 0x5D, 0x75, 0x64, 0x15, 0x0D, 0xFF, 0x55, 0x30, 0xEC,
+    0x86, 0x8F, 0xFF, 0x0D, 0xEF, 0x2C, 0xB9, 0x63, 0x46, 0xF6,
+    0xAA, 0xFC, 0xDF, 0xBC, 0x69, 0xFD, 0x2E, 0x12, 0x48, 0x64,
+    0x9A, 0xE0, 0x95, 0xF0, 0xA6, 0xEF, 0x29, 0x8F, 0x01, 0xB1,
+    0x15, 0xB5, 0x0C, 0x1D, 0xA5, 0xFE, 0x69, 0x2C, 0x69, 0x24,
+    0x78, 0x1E, 0xB3, 0xA7, 0x1C, 0x71, 0x62, 0xEE, 0xCA, 0xC8,
+    0x97, 0xAC, 0x17, 0x5D, 0x8A, 0xC2, 0xF8, 0x47, 0x86, 0x6E,
+    0x2A, 0xC4, 0x56, 0x31, 0x95, 0xD0, 0x67, 0x89, 0x85, 0x2B,
+    0xF9, 0x6C, 0xA6, 0x5D, 0x46, 0x9D, 0x0C, 0xAA, 0x82, 0xE4,
+    0x99, 0x51, 0xDD, 0x70, 0xB7, 0xDB, 0x56, 0x3D, 0x61, 0xE4,
+    0x6A, 0xE1, 0x5C, 0xD6, 0xF6, 0xFE, 0x3D, 0xDE, 0x41, 0xCC,
+    0x07, 0xAE, 0x63, 0x52, 0xBF, 0x53, 0x53, 0xF4, 0x2B, 0xE9,
+    0xC7, 0xFD, 0xB6, 0xF7, 0x82, 0x5F, 0x85, 0xD2, 0x41, 0x18,
+    0xDB, 0x81, 0xB3, 0x04, 0x1C, 0xC5, 0x1F, 0xA4, 0x80, 0x6F,
+    0x15, 0x20, 0xC9, 0xDE, 0x0C, 0x88, 0x0A, 0x1D, 0xD6, 0x66,
+    0x55, 0xE2, 0xFC, 0x48, 0xC9, 0x29, 0x26, 0x69, 0xE0
+};
+static const int sizeof_wolfssl_website_root_ca = sizeof(wolfssl_website_root_ca);
+
+#endif /* WOLFSSL_CLIENT_H */

IDE/VS-AZURE-SPHERE/client/client.vcxproj

@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{fbf6f097-b2bf-49ac-a70b-dba6036a395d}</ProjectGuid>
+    <Keyword>AzureSphere</Keyword>
+    <RootNamespace>client</RootNamespace>
+    <MinimumVisualStudioVersion>15.0</MinimumVisualStudioVersion>
+    <ApplicationType>Linux</ApplicationType>
+    <ApplicationTypeRevision>1.0</ApplicationTypeRevision>
+    <TargetLinuxPlatform>Generic</TargetLinuxPlatform>
+    <LinuxProjectType>{D51BCBC9-82E9-4017-911E-C93873C4EA2B}</LinuxProjectType>
+    <DebugMachineType>Device</DebugMachineType>
+    <PlatformToolset>GCC_AzureSphere_1_0</PlatformToolset>
+    <ProjectPublicIncludePath>$(MSBuildProjectDirectory)\Inc\Public</ProjectPublicIncludePath>
+    <PublicIncludePath>$(MSBuildProjectDirectory)\Inc\Public</PublicIncludePath>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <TargetSysroot>2</TargetSysroot>
+    <ConfigurationType>Application</ConfigurationType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <TargetSysroot>2</TargetSysroot>
+    <ConfigurationType>Application</ConfigurationType>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings" />
+  <ImportGroup Label="Shared" />
+  <ImportGroup Label="PropertySheets" />
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\</IntDir>
+    <TargetName>$(ProjectName)</TargetName>
+    <TargetExt>.out</TargetExt>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <TargetExt>.out</TargetExt>
+    <OutDir>$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <AdditionalOptions>-Werror=implicit-function-declaration %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">..\..\..;../;$(ProjectDir);$(SysRootIncludePath);%(AdditionalIncludeDirectories);</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">WOLFSSL_USER_SETTINGS;_POSIX_C_SOURCE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">..\..\..;$(ProjectDir);$(SysRootIncludePath);%(AdditionalIncludeDirectories);</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">WOLFSSL_USER_SETTINGS;_POSIX_C_SOURCE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <LibraryDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">applibs;pthread;gcc_s;c;wolfssl</LibraryDependencies>
+      <ShowProgress Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</ShowProgress>
+      <AdditionalLibraryDirectories Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">$(SolutionDir)$(Platform)\$(Configuration)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+    </Link>
+    <CustomBuildStep>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">192.168.35.1</Command>
+    </CustomBuildStep>
+    <Link>
+      <AdditionalLibraryDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">$(SolutionDir)$(Platform)\$(Configuration)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <LibraryDependencies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">applibs;pthread;gcc_s;c;wolfssl</LibraryDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="client.c" />
+    <ClInclude Include="client.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="app_manifest.json" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets" />
+</Project>

IDE/VS-AZURE-SPHERE/include.am

@@ -0,0 +1,18 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/README.md
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/user_settings.h
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/wolfssl.sln
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/wolfssl.vcxproj
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/client/app_manifest.json
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/client/client.c
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/client/client.h
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/client/client.vcxproj
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/server/app_manifest.json
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/server/server.c
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/server/server.h
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/server/server.vcxproj
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/wolfcrypt_test/app_manifest.json
+EXTRA_DIST+= IDE/VS-AZURE-SPHERE/wolfcrypt_test/wolfcrypt_test.vcxproj

IDE/VS-AZURE-SPHERE/server/app_manifest.json

@@ -0,0 +1,11 @@
+{
+  "SchemaVersion": 1,
+  "Name": "wolfSSL_Server",
+  "ComponentId": "00000000-0000-0000-0000-000000000001",
+  "EntryPoint": "/bin/app",
+  "CmdArgs": [],
+  "Capabilities": {
+    "AllowedTcpServerPorts": [ 11111 ]
+  },
+  "ApplicationType": "Default"
+}

IDE/VS-AZURE-SPHERE/server/server.c

@@ -0,0 +1,208 @@
+/* server.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include "server.h"
+/* the usual suspects */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/* socket includes */
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <unistd.h>
+
+/* <shared/util.h> includes */
+#include <shared/util.h>
+
+/* wolfSSL */
+#include <wolfssl/ssl.h>
+#include <wolfssl/certs_test.h>
+
+/* Azure Sphere */
+#include <applibs/log.h>
+#include <applibs/networking.h>
+
+#define BIND_PORT		11111
+#define CERT_BUF        server_cert_der_2048
+#define SIZEOF_CERT_BUF sizeof_server_cert_der_2048
+#define KEY_BUF         server_key_der_2048
+#define SIZEOF_KEY_BUF  sizeof_server_key_der_2048
+
+int main(void)
+{
+    bool isNetworkingReady = false;
+    int                sockfd;
+    int                connd;
+    struct sockaddr_in servAddr;
+    struct sockaddr_in clientAddr;
+    socklen_t          size = sizeof(clientAddr);
+    char               buff[256];
+    size_t             len;
+    int                shutdown = 0;
+    int                ret;
+    const char*        reply = "I hear ya fa shizzle!\n";
+
+    /* declare wolfSSL objects */
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+
+    util_PrintIfAddr();
+
+    /* Check if the Azure Sphere Dev Board has network connectivity. */
+    if ((Networking_IsNetworkingReady(&isNetworkingReady) < 0) || !isNetworkingReady) {
+        fprintf(stderr,"Error: Network is not up.\n");
+        return -1;
+    }
+
+    /* Initialize wolfSSL */
+    wolfSSL_Init();
+
+    /* Create a socket that uses an internet IPv4 address,
+     * Sets the socket to be stream based (TCP),
+     * 0 means choose the default protocol. */
+    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
+        fprintf(stderr, "ERROR: failed to create the socket\n");
+        util_Cleanup(sockfd, ctx, ssl);
+        return -1;
+    }
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
+        fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
+        util_Cleanup(sockfd, ctx, ssl);
+        return -1;
+    }
+
+    /* Load server certificates into WOLFSSL_CTX */
+    if (wolfSSL_CTX_use_certificate_buffer(ctx, CERT_BUF, SIZEOF_CERT_BUF, SSL_FILETYPE_ASN1)
+        != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
+                CERT_BUF);
+        util_Cleanup(sockfd, ctx, ssl);
+        return -1;
+    }
+
+    /* Load server key into WOLFSSL_CTX */
+    if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, KEY_BUF, SIZEOF_KEY_BUF, SSL_FILETYPE_ASN1)
+        != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
+                KEY_BUF);
+        util_Cleanup(sockfd, ctx, ssl);
+        return -1;
+    }
+
+    /* Initialize the server address struct with zeros */
+    memset(&servAddr, 0, sizeof(servAddr));
+
+    /* Fill in the server address */
+    servAddr.sin_family      = AF_INET;             /* using IPv4      */
+    servAddr.sin_port        = htons(BIND_PORT);    /* on BIND_PORT    */
+    servAddr.sin_addr.s_addr = INADDR_ANY;          /* from anywhere   */
+
+    /* Bind the server socket to our port */
+    if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
+        fprintf(stderr, "ERROR: failed to bind\n");
+        util_Cleanup(sockfd, ctx, ssl);
+        return -1;
+    }
+
+    /* Listen for a new connection, allow 5 pending connections */
+    if (listen(sockfd, 5) == -1) {
+        fprintf(stderr, "ERROR: failed to listen\n");
+        util_Cleanup(sockfd, ctx, ssl);
+        return -1;
+    }
+
+    /* Continue to accept clients until shutdown is issued */
+    while (!shutdown) {
+        printf("Waiting for a connection...\n");
+
+        /* Accept client connections */
+        if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
+            == -1) {
+            fprintf(stderr, "ERROR: failed to accept the connection\n\n");
+            util_Cleanup(sockfd, ctx, ssl);
+            return -1;
+        }
+
+        /* Create a WOLFSSL object */
+        if ((ssl = wolfSSL_new(ctx)) == NULL) {
+            fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
+            util_Cleanup(sockfd, ctx, ssl);
+            return -1;
+        }
+
+        /* Attach wolfSSL to the socket */
+        wolfSSL_set_fd(ssl, connd);
+
+        /* Establish TLS connection */
+        ret = wolfSSL_accept(ssl);
+        if (ret != SSL_SUCCESS) {
+            fprintf(stderr, "wolfSSL_accept error = %d\n",
+                wolfSSL_get_error(ssl, ret));
+            util_Cleanup(sockfd, ctx, ssl);
+            return -1;
+        }
+
+        printf("Client connected successfully\n");
+
+        /* Read the client data into our buff array */
+        memset(buff, 0, sizeof(buff));
+        if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
+            fprintf(stderr, "ERROR: failed to read\n");
+            util_Cleanup(sockfd, ctx, ssl);
+            return -1;
+        }
+
+        /* Print to stdout any data the client sends */
+        printf("Client: %s\n", buff);
+
+        /* Check for server shutdown command */
+        if (strncmp(buff, "shutdown", 8) == 0) {
+            printf("Shutdown command issued!\n");
+            shutdown = 1;
+        }
+
+        /* Write our reply into buff */
+        memset(buff, 0, sizeof(buff));
+        memcpy(buff, reply, strlen(reply));
+        len = strnlen(buff, sizeof(buff));
+
+        /* Reply back to the client */
+        if (wolfSSL_write(ssl, buff, (int)len) != len) {
+            fprintf(stderr, "ERROR: failed to write\n");
+            util_Cleanup(sockfd, ctx, ssl);
+            return -1;
+        }
+
+        /* Cleanup after this connection */
+        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
+        close(connd);           /* Close the connection to the client   */
+    }
+
+    printf("Shutdown complete\n");
+
+    /* Cleanup and return */
+    util_Cleanup(sockfd, ctx, ssl);
+    return 0;               /* Return reporting a success               */
+}

IDE/VS-AZURE-SPHERE/server/server.h

@@ -0,0 +1,27 @@
+/* server.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef WOLFSSL_SERVER_H
+#define WOLFSSL_SERVER_H
+
+#endif /* WOLFSSL_SERVER_H */
+

IDE/VS-AZURE-SPHERE/server/server.vcxproj

@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{F005DF72-46F4-4989-BCB4-3ACDA323D569}</ProjectGuid>
+    <Keyword>AzureSphere</Keyword>
+    <RootNamespace>client</RootNamespace>
+    <MinimumVisualStudioVersion>15.0</MinimumVisualStudioVersion>
+    <ApplicationType>Linux</ApplicationType>
+    <ApplicationTypeRevision>1.0</ApplicationTypeRevision>
+    <TargetLinuxPlatform>Generic</TargetLinuxPlatform>
+    <LinuxProjectType>{D51BCBC9-82E9-4017-911E-C93873C4EA2B}</LinuxProjectType>
+    <DebugMachineType>Device</DebugMachineType>
+    <PlatformToolset>GCC_AzureSphere_1_0</PlatformToolset>
+    <ProjectPublicIncludePath>$(MSBuildProjectDirectory)\Inc\Public</ProjectPublicIncludePath>
+    <PublicIncludePath>$(MSBuildProjectDirectory)\Inc\Public</PublicIncludePath>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <TargetSysroot>2</TargetSysroot>
+    <ConfigurationType>Application</ConfigurationType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <TargetSysroot>2</TargetSysroot>
+    <ConfigurationType>Application</ConfigurationType>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings" />
+  <ImportGroup Label="Shared" />
+  <ImportGroup Label="PropertySheets" />
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\</IntDir>
+    <TargetName>$(ProjectName)</TargetName>
+    <TargetExt>.out</TargetExt>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\</IntDir>
+    <TargetExt>.out</TargetExt>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <AdditionalOptions>-Werror=implicit-function-declaration %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">..\..\..;../;$(ProjectDir);$(SysRootIncludePath);%(AdditionalIncludeDirectories);</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">WOLFSSL_USER_SETTINGS;_POSIX_C_SOURCE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">..\..\..;$(ProjectDir);$(SysRootIncludePath);%(AdditionalIncludeDirectories);</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">WOLFSSL_USER_SETTINGS;_POSIX_C_SOURCE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <LibraryDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">applibs;pthread;gcc_s;c;wolfssl</LibraryDependencies>
+      <ShowProgress Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</ShowProgress>
+      <AdditionalLibraryDirectories Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">$(SolutionDir)$(Platform)\$(Configuration)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+    </Link>
+    <CustomBuildStep>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">192.168.35.1</Command>
+    </CustomBuildStep>
+    <Link>
+      <AdditionalLibraryDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">$(SolutionDir)$(Platform)\$(Configuration)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <LibraryDependencies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">applibs;pthread;gcc_s;c;wolfssl</LibraryDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="server.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="app_manifest.json" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="server.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets" />
+</Project>

IDE/VS-AZURE-SPHERE/shared/util.h

@@ -0,0 +1,61 @@
+#ifndef _UTIL_H_
+#define _UTIL_H_
+
+#include <stdio.h>
+#include <wolfssl/ssl.h>
+#include <ifaddrs.h>
+#include <applibs/log.h>
+
+#define _GNU_SOURCE /* defines NI_NUMERICHOST */
+#ifndef NI_MAXHOST
+        #define NI_MAXHOST 256
+#endif
+
+static void util_Cleanup(int sockfd, WOLFSSL_CTX* ctx, WOLFSSL* ssl)
+{
+    wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
+    wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
+    wolfSSL_Cleanup();      /* Cleanup the wolfSSL environment          */
+    close(sockfd);          /* Close the connection to the server       */
+}
+
+/* Displays each AF_INET interface and it's IP Address
+*  Return: WOLFSSL_SUCCESS if print is successful else WOLFSSL_FAILURE
+*/
+static int util_PrintIfAddr(void)
+{
+    char host[NI_MAXHOST];
+    struct ifaddrs* ifaddr, * nxt;
+    int family, info, n;
+
+    /* Get a linked list of 'struct ifaddrs*' */
+    if (getifaddrs(&ifaddr) != 0) {
+        fprintf(stderr, "ERROR: Getting network interface and IP address");
+        return WOLFSSL_FAILURE;
+    }
+    printf("\nInterface   IP Address\n");
+    /* Traverse ifaddr linked list using nxt */
+    for (nxt = ifaddr; nxt != NULL; nxt = nxt->ifa_next) {
+        if (nxt->ifa_addr == NULL)
+            continue;
+        family = nxt->ifa_addr->sa_family;
+        /* Display the address of each AF_INET* interface */
+        if (family == AF_INET) {
+            info = getnameinfo(nxt->ifa_addr, sizeof(struct sockaddr_in),
+                    host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
+            if (info != 0) {
+                    fprintf(stderr, "Failed to getnameinfo");
+                    freeifaddrs(ifaddr);
+                    return WOLFSSL_FAILURE;
+            }
+            /* Determine amount of space, n, to justify IP Address */
+            n = (int)strlen("Interface   ") - (int)strlen(nxt->ifa_name);
+            n = (n > 0) ? n : 1; /* Set space to 1 if n is negative */
+            printf("%s %*c%s>\n", nxt->ifa_name, n, '<', host);
+        }
+    }
+    printf("\n");
+    freeifaddrs(ifaddr);
+    return WOLFSSL_SUCCESS;
+}
+#endif

IDE/VS-AZURE-SPHERE/user_settings.h

@@ -0,0 +1,70 @@
+#ifndef _USER_SETTINGS_H_
+#define _USER_SETTINGS_H_
+
+#define WOLFSSL_AZSPHERE
+/* Client connects to the server with these details. */
+#ifdef CUSTOM_SERVER_CONNECTION
+    #ifndef SERVER_IP
+        #define SERVER_IP "192.168.1.200" /* Local Test Server IP */
+    #endif
+	#ifndef DEFAULT_PORT
+		#define DEFAULT_PORT 11111
+	#endif
+    #define CERT         ca_cert_der_2048
+    #define SIZEOF_CERT  sizeof_ca_cert_der_2048
+    static const char msg[] = "Are you listening wolfSSL Server?";
+#else
+    #ifndef SERVER_IP
+        #define SERVER_IP "www.wolfssl.com"
+    #endif
+	#ifndef DEFAULT_PORT
+		#define DEFAULT_PORT 443
+	#endif
+    #define CERT         wolfssl_website_root_ca
+    #define SIZEOF_CERT  sizeof_wolfssl_website_root_ca
+    static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";
+#endif
+
+/* Math: Normal (!USE_FAST_MATH) */
+#define SIZEOF_LONG_LONG 8
+#define WC_RSA_BLINDING
+#define ECC_TIMING_RESISTANT
+
+/* Enable options */
+#define HAVE_CHACHA
+#define HAVE_POLY1305
+#define HAVE_ECC
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_ONE_TIME_AUTH
+#define HAVE_TRUNCATED_HMAC
+#define HAVE_EXTENDED_MASTER
+#define HAVE_ALPN
+#define HAVE_SNI
+#define HAVE_OCSP
+#define HAVE_AESGCM
+
+/* Disable options */
+#define NO_PWDBASED
+#define NO_DSA
+#define NO_DES3
+#define NO_RABBIT
+#define NO_RC4
+#define NO_MD4
+
+/* Benchmark / Testing */
+#define BENCH_EMBEDDED
+#define USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_256
+
+/* OS */
+#define SINGLE_THREADED
+
+/* Filesystem */
+#define NO_FILESYSTEM
+
+/* Debug */
+#define printf Log_Debug
+#define WOLFIO_DEBUG
+
+#endif /* _USER_SETTINGS_H_ */

IDE/VS-AZURE-SPHERE/wolfcrypt_test/app_manifest.json

@@ -0,0 +1,10 @@
+{
+  "SchemaVersion": 1,
+  "Name": "wolfCrypt_Test",
+  "ComponentId": "00000000-0000-0000-0000-000000000003",
+  "EntryPoint": "/bin/app",
+  "CmdArgs": [],
+  "Capabilities": {
+  },
+  "ApplicationType": "Default"
+}

IDE/VS-AZURE-SPHERE/wolfcrypt_test/wolfcrypt_test.vcxproj

@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{CD96C02B-1FC9-424E-88BE-816BE143A1C3}</ProjectGuid>
+    <Keyword>AzureSphere</Keyword>
+    <RootNamespace>echoclient</RootNamespace>
+    <MinimumVisualStudioVersion>15.0</MinimumVisualStudioVersion>
+    <ApplicationType>Linux</ApplicationType>
+    <ApplicationTypeRevision>1.0</ApplicationTypeRevision>
+    <TargetLinuxPlatform>Generic</TargetLinuxPlatform>
+    <LinuxProjectType>{D51BCBC9-82E9-4017-911E-C93873C4EA2B}</LinuxProjectType>
+    <DebugMachineType>Device</DebugMachineType>
+    <PlatformToolset>GCC_AzureSphere_1_0</PlatformToolset>
+    <ProjectPublicIncludePath>$(MSBuildProjectDirectory)\Inc\Public</ProjectPublicIncludePath>
+    <PublicIncludePath>$(MSBuildProjectDirectory)\Inc\Public</PublicIncludePath>
+    <ProjectName>wolfcrypt_test</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <TargetSysroot>2</TargetSysroot>
+    <ConfigurationType>Application</ConfigurationType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <TargetSysroot>2</TargetSysroot>
+    <ConfigurationType>Application</ConfigurationType>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings" />
+  <ImportGroup Label="Shared" />
+  <ImportGroup Label="PropertySheets" />
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <TargetName>$(ProjectName)</TargetName>
+    <TargetExt>.out</TargetExt>
+    <OutDir>$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\</IntDir>
+    <IncludePath>$(SysRootIncludePath);$(IncludePath);</IncludePath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\</IntDir>
+    <TargetExt>.out</TargetExt>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <AdditionalOptions>-Werror=implicit-function-declaration %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">..\..\..;../;$(ProjectDir);$(SysRootIncludePath);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">WOLFSSL_USER_SETTINGS;_POSIX_C_SOURCE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <CAdditionalWarning Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">strict-prototypes;%(CAdditionalWarning);deprecated-declarations</CAdditionalWarning>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">TurnOffAllWarnings</WarningLevel>
+      <Verbose Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</Verbose>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">..\..\..;$(ProjectDir);$(SysRootIncludePath);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">WOLFSSL_USER_SETTINGS;_POSIX_C_SOURCE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">TurnOffAllWarnings</WarningLevel>
+    </ClCompile>
+    <Link>
+      <LibraryDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">applibs;pthread;gcc_s;c;wolfssl</LibraryDependencies>
+      <SharedLibrarySearchPath Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">%(SharedLibrarySearchPath)</SharedLibrarySearchPath>
+      <AdditionalLibraryDirectories Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">$(SolutionDir)$(Platform)\$(Configuration)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <ShowProgress Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</ShowProgress>
+    </Link>
+    <Link>
+      <AdditionalLibraryDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">$(SolutionDir)$(Platform)\$(Configuration)\;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <LibraryDependencies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">applibs;pthread;gcc_s;c;wolfssl</LibraryDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\wolfcrypt\test\test.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\..\wolfcrypt\test\test.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="..\..\..\certs\ecc-key.der" />
+    <None Include="app_manifest.json" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets" />
+</Project>

IDE/VS-AZURE-SPHERE/wolfssl.sln

@@ -0,0 +1,52 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29201.188
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfcrypt_test", "wolfcrypt_test\wolfcrypt_test.vcxproj", "{CD96C02B-1FC9-424E-88BE-816BE143A1C3}"
+	ProjectSection(ProjectDependencies) = postProject
+		{EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6} = {EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "client", "client\client.vcxproj", "{FBF6F097-B2BF-49AC-A70B-DBA6036A395D}"
+	ProjectSection(ProjectDependencies) = postProject
+		{EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6} = {EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "server", "server\server.vcxproj", "{F005DF72-46F4-4989-BCB4-3ACDA323D569}"
+	ProjectSection(ProjectDependencies) = postProject
+		{EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6} = {EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6}
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|ARM = Debug|ARM
+		Release|ARM = Release|ARM
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6}.Debug|ARM.ActiveCfg = Debug|ARM
+		{EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6}.Debug|ARM.Build.0 = Debug|ARM
+		{EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6}.Release|ARM.ActiveCfg = Release|ARM
+		{EAED6D0C-D9C8-4901-B7D8-F8610AFCEAE6}.Release|ARM.Build.0 = Release|ARM
+		{CD96C02B-1FC9-424E-88BE-816BE143A1C3}.Debug|ARM.ActiveCfg = Debug|ARM
+		{CD96C02B-1FC9-424E-88BE-816BE143A1C3}.Debug|ARM.Build.0 = Debug|ARM
+		{CD96C02B-1FC9-424E-88BE-816BE143A1C3}.Release|ARM.ActiveCfg = Release|ARM
+		{CD96C02B-1FC9-424E-88BE-816BE143A1C3}.Release|ARM.Build.0 = Release|ARM
+		{FBF6F097-B2BF-49AC-A70B-DBA6036A395D}.Debug|ARM.ActiveCfg = Debug|ARM
+		{FBF6F097-B2BF-49AC-A70B-DBA6036A395D}.Debug|ARM.Build.0 = Debug|ARM
+		{FBF6F097-B2BF-49AC-A70B-DBA6036A395D}.Release|ARM.ActiveCfg = Release|ARM
+		{FBF6F097-B2BF-49AC-A70B-DBA6036A395D}.Release|ARM.Build.0 = Release|ARM
+		{F005DF72-46F4-4989-BCB4-3ACDA323D569}.Debug|ARM.ActiveCfg = Debug|ARM
+		{F005DF72-46F4-4989-BCB4-3ACDA323D569}.Debug|ARM.Build.0 = Debug|ARM
+		{F005DF72-46F4-4989-BCB4-3ACDA323D569}.Release|ARM.ActiveCfg = Release|ARM
+		{F005DF72-46F4-4989-BCB4-3ACDA323D569}.Release|ARM.Build.0 = Release|ARM
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {13BC142A-0A4E-42D5-BB84-347B5D44153E}
+	EndGlobalSection
+EndGlobal

IDE/VS-AZURE-SPHERE/wolfssl.vcxproj

@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\src\bio.c" />
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\src\sniffer.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+    <ClCompile Include="..\..\src\tls13.c" />
+    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\evp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\idea.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\srp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="user_settings.h" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{eaed6d0c-d9c8-4901-b7d8-f8610afceae6}</ProjectGuid>
+    <Keyword>AzureSphere</Keyword>
+    <RootNamespace>wolfssl</RootNamespace>
+    <MinimumVisualStudioVersion>15.0</MinimumVisualStudioVersion>
+    <ApplicationType>Linux</ApplicationType>
+    <ApplicationTypeRevision>1.0</ApplicationTypeRevision>
+    <TargetLinuxPlatform>Generic</TargetLinuxPlatform>
+    <LinuxProjectType>{D51BCBC9-82E9-4017-911E-C93873C4EA2B}</LinuxProjectType>
+    <DebugMachineType>Device</DebugMachineType>
+    <PlatformToolset>GCC_AzureSphere_1_0</PlatformToolset>
+    <ProjectPublicIncludePath>$(MSBuildProjectDirectory)\Inc\Public</ProjectPublicIncludePath>
+    <PublicIncludePath>$(MSBuildProjectDirectory)\Inc\Public</PublicIncludePath>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <TargetSysroot>2</TargetSysroot>
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <TargetSysroot>2</TargetSysroot>
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings" />
+  <ImportGroup Label="Shared" />
+  <ImportGroup Label="PropertySheets" />
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\</IntDir>
+    <TargetExt>.a</TargetExt>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <AdditionalOptions>-Werror=implicit-function-declaration %(AdditionalOptions)</AdditionalOptions>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">NO_MAIN_DRIVER;WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_POSIX_C_SOURCE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">..\..;$(ProjectDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CAdditionalWarning Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">strict-prototypes;%(CAdditionalWarning);deprecated-declarations</CAdditionalWarning>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">WOLFSSL_USER_SETTINGS;WOLFSSL_LIB;_POSIX_C_SOURCE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">..\..;$(ProjectDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">TurnOffAllWarnings</WarningLevel>
+      <WarningLevel Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">TurnOffAllWarnings</WarningLevel>
+    </ClCompile>
+    <Link>
+      <LibraryDependencies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">applibs;pthread;gcc_s;c</LibraryDependencies>
+    </Link>
+    <Lib>
+      <Verbose Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</Verbose>
+    </Lib>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets" />
+</Project>

IDE/include.am

@@ -14,6 +14,7 @@ include IDE/ARDUINO/include.am
 include IDE/INTIME-RTOS/include.am
 include IDE/OPENSTM32/include.am
 include IDE/VS-ARM/include.am
+include IDE/VS-AZURE-SPHERE/include.am
 include IDE/GCC-ARM/include.am
 include IDE/CSBENCH/include.am
 include IDE/ECLIPSE/DEOS/include.am
@@ -24,5 +25,7 @@ include IDE/Renesas/cs+/Projects/include.am
 include IDE/Renesas/e2studio/Projects/include.am
 include IDE/WICED-STUDIO/include.am
 include IDE/CRYPTOCELL/include.am
+include IDE/M68K/include.am
+include IDE/RISCV/include.am
 
 EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr

README

@@ -73,108 +73,98 @@ should be used for the enum name.
 *** end Notes ***
 
 
-********* wolfSSL Release 4.1.0 (07/22/2019)
+********* wolfSSL Release 4.2.0 (10/22/2019)
 
-Release 4.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
+If you have questions about this release, then feel free to contact us on our info@ address.
 
-* A fix for the check on return value when verifying PKCS7 bundle signatures, all users with applications using the function wc_PKCS7_VerifySignedData should update
-* Adding the function wc_PKCS7_GetSignerSID for PKCS7 firmware bundles as a getter function for the signers SID
-* PKCS7 callback functions for unwrapping of CEK and for decryption
-* Adding the error value PKCS7_SIGNEEDS_CHECK when no certificates are available in a PKCS7 bundle to verify the signature
-* TLS 1.3 fixes including if major version is TLS Draft then it is now ignored and if version negotiation occurs but none were matched then an alert is now sent
-* Addition of the WOLFSSL_PSK_ONE_ID macro for indicating that only one identity in TLS 1.3 PSK is available and will be cached
-* Adding sanity checks on length of PSK identity from a TLS 1.3 pre-shared key extension
-* Additional sanity checks and alert messages added for TLS 1.3
-* Adding XTIME_MS macro to simplify the tls13.c time requirement
-* Improvements and refactoring of code related to parsing and creating TLS 1.3 client hello packets
-* TLS 1.3 version renegotiation now happens before interpreting ClientHello message
-* Chacha20 algorithm optimizations on the ARM architecture for performance increase
-* Poly1305 algorithm performance enhancements for the ARM architecture using the SIMD NEON extension
-* Curve25519 and Ed25519 optimized for ARM architecture for performance increase
-* SHA-512/384 optimizations for performance with ARM architecture using the SIMD NEON extension
-* Sniffer updates including adding support for the null cipher and static ECDH key exchange and new SSLWatchCb callback
-* Cipher suite TLS_RSA_WITH_NULL_MD5 for use with the sniffer (off by default)
-* Sniffer statistic print outs with the macro WOLFSSL_SNIFFER_STATS defined
-* A fix for wolfSSL_DH_generate_key when WOLFSSL_SMALL_STACK is defined
-* wolfSSL_BN_Init implementation for opensslextra builds
-* Updates to the function wolfSSL_i2d_RSAPrivateKey and additional automated tests
-* Fixes for EVP_CipherFinal edge cases to match behavior desired
-* Check for appropriate private vs public flag with ECC key decode in wolfSSL_EC_KEY_LoadDer_ex, thanks to Eric Miller for the report
-* Implementation of the function wolfSSL_PEM_write_DHparams
-* wolfSSL_RAND_seed is called in wolfSSL_Init now when opensslextra is enabled
-* CryptoCell-310 support on nRF52840 added
-* Fixes for atmel_ecc_create_pms to free the used slot.
-* Fixes for building ATECC with ATCAPRINTF or WOLFSSL_PUBLIC_MP
-* Cortex-M code changes to support IAR compiler
-* Improvements to STM32 AES-GCM performance
-* Fixes for 16-bit systems including PK callbacks, ATECC and LowResTimer function ptoto.
-* IAR-EWARM compiler warning fix
-* Clean up of user_settings for CS+ port
-* Updating Renesas example projects to the latest version
-* Micrium updates adjusting STATIC macro name and added inline flag
-* Fixes for building with WOLFSSL_CUSTOM_CURVES on Windows
-* Updates and refactor to the default build settings with Arduino
-* Fixes for visibility tags with Cygwin build
-* STSAFE Improvements to support wolfSSL Crypto Callbacks
-* Improvements to NetBSD builds and mutex use in test case
-* Updating TI hardware offload with WOLFSSL_TI_CRYPT build
-* Maintaining Xilinx FreeRTOS port by adjusting time.h include in wolfSSL
-* SiFive HiFive E31 RISC‐V core family port
-* Port for Telit IoT AppZone SDK
-* OCSP Response signed by issuer with identical SKID fix
-* Fix for sending revoked certificate with OCSP
-* Honor the status sent over connection with peers and do not perform an internal OCSP lookup
-* Adding the build flag `--enable-ecccustcurves=all` to enable all curve types
-* Support add for Ed25519ctx and Ed25519ph sign/verify algorithms as per RFC 8032
-* Addition of the macro WOLFSSL_NO_SIGALG to disable signature algorithms extension
-* wc_AesCtrEncrypt in place addition, where input and output buffer can be the same buffer
-* Single shot API added for SHA3; wc_Sha3_224Hash, wc_Sha3_256Hash, wc_Sha3_384Hash, wc_Sha3_512Hash
-* Function additions for JSSE support some of which are wolfSSL_get_ciphers_iana and wolfSSL_X509_verify along with expansion of the --enable-jni option
-* Macro guards for more modular SHA3 build (i.e. support for 384 size only)
-* Benchmarking -thread <num> argument support for asynchronous crypto
-* Blake2s support (--enable-blake2s), which provides 32-bit Blake2 support
-* Macro SHA256_MANY_REGISTERS addition to potentially speed up SHA256 depending on architecture
-* Additional TLS alert messages sent with the macro WOLFSSL_EXTRA_ALERTS defined
-* Feature to fail resumption of a session if the session’s cipher suite is not in the client’s list, this can be overridden by defining the macro NO_RESUME_SUITE_CHECK
-* Fallback SCSV (Signaling Cipher Suite Value) support on Server only (--enable-fallback-scsv)
-* DTLS export state only (wolfSSL_dtls_export_state_only) which is a subset of the information exported from previous DTLS export function
-* Function wc_DhCheckPubValue added to perform simple validity checks on DH keys
-* Support for RSA SHA-224 signatures with TLS added
-* Additional option “-print” to the benchmark app for printing out a brief summary after benchmarks are complete
-*  Adding (--disable-pkcs12) option and improvements for disabled sections in pwdbased.c, asn.c, rsa.c, pkcs12.c and wc_encrypt
-* Added DES3 support to the wolfSSL crypto callbacks
-* Compile time fixes for build case with SP math and RSA only
-* Fixes for Coverity static analysis report including explicit initialization of reported stack variables some additional Coverity fixes added thanks to Martin
-* Fixes for scan build warnings (i.e possible null dereference in ecc.c)
-* Resetting verify send value with a call to wolfSSL_clear function
-* Fix for extern with sp_ModExp_2048 when building with --cpp option
-* Fix for typo issue with --enable-sp=cortexm
-* Adding #pragma warning disable 4127 for tfm.c when building with Visual Studio
-* Improvements to the maximum ECC signature calculations
-* Improvements to TLS write handling in error cases which helps user application not go through with a wolfSSL_write attempt after a wolfSSL_read failure
-* Fix for read directory functions with Windows (wc_ReadDirFirst and wc_ReadDirNext)
-* Sanity check on index before accessing domain component buffer in call to wolfSSL_X509_NAME_get_entry
-* Sending fatal alert from client side on version error
-* Fix for static RSA cipher suite with PK callback and no loaded private key
-* Fix for potential memory leak in error case with the function wc_DsaKeyToDer, thanks to Chris H. for the report
-* Adjusting STRING_USER macro to remove includes of standard lib <string.h> or <stdio.h>
-* Bug fix for checking wrong allocation assignment in the function wc_PBKDF2 and handling potential leak on allocation failure. This case is only hit when the specific call to malloc fails in the function wc_PBKDF2. Thanks to Robert Altnoeder (Linbit) for the report
-* Improved length checks when parsing ASN.1 certificates
-* extern "C" additions to header files that were missing them
-* Improved checking of return values with TLS extension functions and error codes
-* Removing redundant calls to the generate function when instantiating and reseeding DRBG
-* Refactoring and improvements to autoconf code with consolidating AM_CONDITIONAL statements
-* Improvements for handling error return codes when reading input from transport layer
-* Improvements to efficiency of SNI extension parsing and error checking with ALPN parsing
-* Macro WOLFSSL_DEBUG_TLS addition for printing out extension data being parsed during a TLS connection
-* Adjustment of prime testing with --disable-fastmath builds
+Release 4.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
 
-This release of wolfSSL includes a fix for 2 security vulnerabilities.
+****** New Feature Additions
+* Over 198 OpenSSL compatibility API’s added
+* Apache port added for compiling with wolfSSL using --enable-apachehttpd
+* Port for using wolfSSL with OpenVSwitch
+* Port for Renesas TSIP added
+* Visual Studio Solution for Azure Sphere Devices (MT3620 and MT3620-mini) added to the directory IDE/VS-AZURE-SPHERE
+* Addition of Coldfire MCF5441X NetBurner example to the directory IDE/M68K/
+* Added support for prime checking to SP math build
+* Addition of DYNAMIC_TYPE_BIGINT type for tracking mp_int allocations
+* Addition of wc_ecc_get_curve_params API for getting ecc_set_type params for a curve
+* Adding in TLS_SHA256_SHA256 and TLS_SHA384_SHA384 TLS1.3 cipher suites (null ciphers)
+* Added in PKCS7 decryption callbacks for CMS operations
+* Added handling for optional ECC parameters with PKCS7 KARI
+* Addition to configure.ac for FIPS wolfRand builds
+* Adding the flag WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY for ignoring certificate date checks with the functions wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex
+* Support for PKCS8 keys added to the function wolfSSL_CTX_use_PrivateKey_buffer
+* Support for KECCAK hashing. Build with macro WOLFSSL_HASH_FLAGS and call wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256) before the first SHA3 update
+* Addition of setting secure renegotiation at CTX level
+* Addition of KDS (NXP Kinetis Design Studio) example project to directory IDE/KDS/
+* Support for Encrypt-Then-MAC to TLS 1.2 and below
+* Added a new build option for a TITAN session cache that can hold just over 2 million session entries (--enable-titancache)
+* Synchronous Quick Assist Support for Sniffer
+* Added Support for SiFive HiFive Unleashed board
+* Support for Google WebRTC added in to compatibility layer build
+* Additional Sniffer features; IPv6 sniffer support, Fragment chain input, Data store callback, Various statistics tweaks and other Sniffer fixes
+
+
+****** Fixes
+* Addition of internal content digest checks for PKCS7 SignedData message types that also have signed attributes present. Users could previously check the content digest against the messageDigest attribute, but this adds a default internal check. It’s advised that if users are not doing their own checks that they update wolfSSL version.
+* A fix for BIO and base64 encoding/decoding
+* A fix for memory management of CTX / WOLFSSL_METHOD pointer with staticmemory build
+* A fix for detection of AES-NI support to read bit 25 from ECX
+* A fix a DTLS handshake message retransmit bug corner case
+* Additional fixes to coding style and uninitialized values using cppcheck tool
+* Fixes for failing IAR builds, thanks to Joseph C. for the report
+* Fixes for ARMv8 Poly1305 inline assembly code to compile with clang 3.5
+* Fixes for esp-idf build warnings
+* A fix for XSNPRINTF with mingw32 builds
+* Fixes for strncpy warnings when compiling with newer versions of GCC
+* A fix for using IV of all 0’s as default case with AES-NI when no IV passed in
+* Fixes for types with 16 bit systems, thanks to Ralf Schlatterbeck
+* Fixes for build with devcrypto/afalg and aesccm, thanks to GitHub user cotequeiroz for the report
+* Fixes for addressing handling of pathLen constraint when parsing certificate chains
+* A DTLS fix for alert packet injection at end of handshake
+* Fixes for Poly1305 AArch64 assembly code
+* A fix for memory management in error cases when adding a CA, this resolves a coverity report
+* A fix for SP math for precomputation tables to not include infinity field
+* Fixes for checks on defines with AVX2 and Poly1305 build
+* Fixes for CubeMX HAL v1.15 with STM32F7
+* A fix for TLS 1.3 to always send Key Share extension
+* A fix for a potential buffer over read in TLS 1.3 DoTls13SupportedVersions, thanks to Artem for the report
+
+
+****** Improvements/Optimizations
+* Optimization to SP math, changing variables to const where possible. Thanks to Yair Poleg (yair.poleg@ayyeka.com) of Ayyeka for proposing static declaration of global constant variables in SP code
+* Additional fuzz testing and fixes for TLS 1.3 use, including additional TLS 1.3 alert messages (PR#2440 for more information)
+* Additional sanity check that ciphersuite from client hello is used in server hello response (check can be removed with the macro WOLFSSL_NO_STRICT_CIPHER_SUITE)
+* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78%
+* By default, disallow SHA-2 cipher suites from being used in TLS 1.0 and 1.1 handshakes (can be ignored with macro WOLFSSL_OLDTLS_SHA2_CIPHERSUITES)
+* Optimization of export session buffer size with enable option --enable-sessionexport=nopeer
+* Spelling fixes in comments and some cast warnings resolved
+* Updates to abstract atoi to XATOI when used, this allows for better portability when making calls to the system function atoi for converting strings to integers
+* Improvements to the STSAFE-A100 error code handling, providing better debug information
+* Adding a sanity check on TLS 1.3 ticket encrypt callback
+* Specialized implementations of mod exp when base is 2
+
+
+
+***** This release of wolfSSL includes a fix for 5 security vulnerabilities.
+
+Fix for sanity check on reading TLS 1.3 pre-shared key extension. This fixes a potential for an invalid read when TLS 1.3 and pre-shared keys is enabled. Users without TLS 1.3 enabled are unaffected. Users with TLS 1.3 enabled and HAVE_SESSION_TICKET defined or NO_PSK not defined should update wolfSSL versions. Thanks to Robert Hoerr for the report.
+
+Fix for potential program hang when ocspstapling2 is enabled. This is a moderate level fix that affects users who have ocspstapling2 enabled(off by default) and are on the server side. In parsing a CSR2 (Certificate Status Request v2 ) on the server side, there was the potential for a malformed extension to cause a program hang. Thanks to Robert Hoerr for the report.
+
+Two moderate level fixes involving an ASN.1 over read by one byte. CVE-2019-15651 is for a fix that is due to a potential one byte over read when decoding certificate extensions. CVE-2019-16748 is for a fix on a potential one byte overread with checking certificate signatures. This affects builds that do certificate parsing and do not have the macro NO_SKID defined.Thanks to Yan Jia and the researcher team  from Institute of Software, Chinese Academy of Sciences for the report.
+
+High level fix for DSA operations involving an attack on recovering DSA private keys. This fix affects users that have DSA enabled and are performing DSA operations (off by default). All users that have DSA enabled and are using DSA keys are advised to regenerate DSA keys and update wolfSSL version. ECDSA is NOT affected by this and TLS code is NOT affected by this issue. Thanks to Ján Jančár for the report.
+
+
+For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
 
-There is a fix for a potential buffer overflow case with the TLSv1.3 PSK extension parsing. This affects users that are enabling TLSv1.3 (--enable-tls13). Thanks to Robert Hoerr for the report. The CVE associated with the report is CVE-2019-11873.
 
-There is a fix for the potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack against previous wolfSSL versions. ECC operations with --enable-sp and --enable-sp-asm are not affected, users with private ECC keys in other builds that are performing ECDSA signing operations should update versions of wolfSSL along with private ECC keys. Thanks to Ján Jančár from Masaryk University for the report.
 
 
 *** Resources ***

README.md

@@ -73,108 +73,97 @@ should be used for the enum name.
 *** end Notes ***
 
 
-********* wolfSSL Release 4.1.0 (07/22/2019)
+# wolfSSL Release 4.2.0 (10/22/2019)
 
-Release 4.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
+If you have questions about this release, then feel free to contact us on our info@ address.
 
-* A fix for the check on return value when verifying PKCS7 bundle signatures, all users with applications using the function wc_PKCS7_VerifySignedData should update
-* Adding the function wc_PKCS7_GetSignerSID for PKCS7 firmware bundles as a getter function for the signers SID
-* PKCS7 callback functions for unwrapping of CEK and for decryption
-* Adding the error value PKCS7_SIGNEEDS_CHECK when no certificates are available in a PKCS7 bundle to verify the signature
-* TLS 1.3 fixes including if major version is TLS Draft then it is now ignored and if version negotiation occurs but none were matched then an alert is now sent
-* Addition of the WOLFSSL_PSK_ONE_ID macro for indicating that only one identity in TLS 1.3 PSK is available and will be cached
-* Adding sanity checks on length of PSK identity from a TLS 1.3 pre-shared key extension
-* Additional sanity checks and alert messages added for TLS 1.3
-* Adding XTIME_MS macro to simplify the tls13.c time requirement
-* Improvements and refactoring of code related to parsing and creating TLS 1.3 client hello packets
-* TLS 1.3 version renegotiation now happens before interpreting ClientHello message
-* Chacha20 algorithm optimizations on the ARM architecture for performance increase
-* Poly1305 algorithm performance enhancements for the ARM architecture using the SIMD NEON extension
-* Curve25519 and Ed25519 optimized for ARM architecture for performance increase
-* SHA-512/384 optimizations for performance with ARM architecture using the SIMD NEON extension
-* Sniffer updates including adding support for the null cipher and static ECDH key exchange and new SSLWatchCb callback
-* Cipher suite TLS_RSA_WITH_NULL_MD5 for use with the sniffer (off by default)
-* Sniffer statistic print outs with the macro WOLFSSL_SNIFFER_STATS defined
-* A fix for wolfSSL_DH_generate_key when WOLFSSL_SMALL_STACK is defined
-* wolfSSL_BN_Init implementation for opensslextra builds
-* Updates to the function wolfSSL_i2d_RSAPrivateKey and additional automated tests
-* Fixes for EVP_CipherFinal edge cases to match behavior desired
-* Check for appropriate private vs public flag with ECC key decode in wolfSSL_EC_KEY_LoadDer_ex, thanks to Eric Miller for the report
-* Implementation of the function wolfSSL_PEM_write_DHparams
-* wolfSSL_RAND_seed is called in wolfSSL_Init now when opensslextra is enabled
-* CryptoCell-310 support on nRF52840 added
-* Fixes for atmel_ecc_create_pms to free the used slot.
-* Fixes for building ATECC with ATCAPRINTF or WOLFSSL_PUBLIC_MP
-* Cortex-M code changes to support IAR compiler
-* Improvements to STM32 AES-GCM performance
-* Fixes for 16-bit systems including PK callbacks, ATECC and LowResTimer function ptoto.
-* IAR-EWARM compiler warning fix
-* Clean up of user_settings for CS+ port
-* Updating Renesas example projects to the latest version
-* Micrium updates adjusting STATIC macro name and added inline flag
-* Fixes for building with WOLFSSL_CUSTOM_CURVES on Windows
-* Updates and refactor to the default build settings with Arduino
-* Fixes for visibility tags with Cygwin build
-* STSAFE Improvements to support wolfSSL Crypto Callbacks
-* Improvements to NetBSD builds and mutex use in test case
-* Updating TI hardware offload with WOLFSSL_TI_CRYPT build
-* Maintaining Xilinx FreeRTOS port by adjusting time.h include in wolfSSL
-* SiFive HiFive E31 RISC‐V core family port
-* Port for Telit IoT AppZone SDK
-* OCSP Response signed by issuer with identical SKID fix
-* Fix for sending revoked certificate with OCSP
-* Honor the status sent over connection with peers and do not perform an internal OCSP lookup
-* Adding the build flag `--enable-ecccustcurves=all` to enable all curve types
-* Support add for Ed25519ctx and Ed25519ph sign/verify algorithms as per RFC 8032
-* Addition of the macro WOLFSSL_NO_SIGALG to disable signature algorithms extension
-* wc_AesCtrEncrypt in place addition, where input and output buffer can be the same buffer
-* Single shot API added for SHA3; wc_Sha3_224Hash, wc_Sha3_256Hash, wc_Sha3_384Hash, wc_Sha3_512Hash
-* Function additions for JSSE support some of which are wolfSSL_get_ciphers_iana and wolfSSL_X509_verify along with expansion of the --enable-jni option
-* Macro guards for more modular SHA3 build (i.e. support for 384 size only)
-* Benchmarking -thread <num> argument support for asynchronous crypto
-* Blake2s support (--enable-blake2s), which provides 32-bit Blake2 support
-* Macro SHA256_MANY_REGISTERS addition to potentially speed up SHA256 depending on architecture
-* Additional TLS alert messages sent with the macro WOLFSSL_EXTRA_ALERTS defined
-* Feature to fail resumption of a session if the session’s cipher suite is not in the client’s list, this can be overridden by defining the macro NO_RESUME_SUITE_CHECK
-* Fallback SCSV (Signaling Cipher Suite Value) support on Server only (--enable-fallback-scsv)
-* DTLS export state only (wolfSSL_dtls_export_state_only) which is a subset of the information exported from previous DTLS export function
-* Function wc_DhCheckPubValue added to perform simple validity checks on DH keys
-* Support for RSA SHA-224 signatures with TLS added
-* Additional option “-print” to the benchmark app for printing out a brief summary after benchmarks are complete
-*  Adding (--disable-pkcs12) option and improvements for disabled sections in pwdbased.c, asn.c, rsa.c, pkcs12.c and wc_encrypt
-* Added DES3 support to the wolfSSL crypto callbacks
-* Compile time fixes for build case with SP math and RSA only
-* Fixes for Coverity static analysis report including explicit initialization of reported stack variables some additional Coverity fixes added thanks to Martin
-* Fixes for scan build warnings (i.e possible null dereference in ecc.c)
-* Resetting verify send value with a call to wolfSSL_clear function
-* Fix for extern with sp_ModExp_2048 when building with --cpp option
-* Fix for typo issue with --enable-sp=cortexm
-* Adding #pragma warning disable 4127 for tfm.c when building with Visual Studio
-* Improvements to the maximum ECC signature calculations
-* Improvements to TLS write handling in error cases which helps user application not go through with a wolfSSL_write attempt after a wolfSSL_read failure
-* Fix for read directory functions with Windows (wc_ReadDirFirst and wc_ReadDirNext)
-* Sanity check on index before accessing domain component buffer in call to wolfSSL_X509_NAME_get_entry
-* Sending fatal alert from client side on version error
-* Fix for static RSA cipher suite with PK callback and no loaded private key
-* Fix for potential memory leak in error case with the function wc_DsaKeyToDer, thanks to Chris H. for the report
-* Adjusting STRING_USER macro to remove includes of standard lib <string.h> or <stdio.h>
-* Bug fix for checking wrong allocation assignment in the function wc_PBKDF2 and handling potential leak on allocation failure. This case is only hit when the specific call to malloc fails in the function wc_PBKDF2. Thanks to Robert Altnoeder (Linbit) for the report
-* Improved length checks when parsing ASN.1 certificates
-* extern "C" additions to header files that were missing them
-* Improved checking of return values with TLS extension functions and error codes
-* Removing redundant calls to the generate function when instantiating and reseeding DRBG
-* Refactoring and improvements to autoconf code with consolidating AM_CONDITIONAL statements
-* Improvements for handling error return codes when reading input from transport layer
-* Improvements to efficiency of SNI extension parsing and error checking with ALPN parsing
-* Macro WOLFSSL_DEBUG_TLS addition for printing out extension data being parsed during a TLS connection
-* Adjustment of prime testing with --disable-fastmath builds
+Release 4.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
 
-This release of wolfSSL includes a fix for 2 security vulnerabilities.
+##### New Feature Additions
+* Over 198 OpenSSL compatibility API’s added
+* Apache port added for compiling with wolfSSL using --enable-apachehttpd
+* Port for using wolfSSL with OpenVSwitch
+* Port for Renesas TSIP added
+* Visual Studio Solution for Azure Sphere Devices (MT3620 and MT3620-mini) added to the directory IDE/VS-AZURE-SPHERE
+* Addition of Coldfire MCF5441X NetBurner example to the directory IDE/M68K/
+* Added support for prime checking to SP math build
+* Addition of DYNAMIC_TYPE_BIGINT type for tracking mp_int allocations
+* Addition of wc_ecc_get_curve_params API for getting ecc_set_type params for a curve
+* Adding in TLS_SHA256_SHA256 and TLS_SHA384_SHA384 TLS1.3 cipher suites (null ciphers)
+* Added in PKCS7 decryption callbacks for CMS operations
+* Added handling for optional ECC parameters with PKCS7 KARI
+* Addition to configure.ac for FIPS wolfRand builds
+* Adding the flag WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY for ignoring certificate date checks with the functions wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex
+* Support for PKCS8 keys added to the function wolfSSL_CTX_use_PrivateKey_buffer
+* Support for KECCAK hashing. Build with macro WOLFSSL_HASH_FLAGS and call wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256) before the first SHA3 update 
+* Addition of setting secure renegotiation at CTX level
+* Addition of KDS (NXP Kinetis Design Studio) example project to directory IDE/KDS/
+* Support for Encrypt-Then-MAC to TLS 1.2 and below
+* Added a new build option for a TITAN session cache that can hold just over 2 million session entries (--enable-titancache)  
+* Synchronous Quick Assist Support for Sniffer
+* Added Support for SiFive HiFive Unleashed board 
+* Support for Google WebRTC added in to compatibility layer build
+* Additional Sniffer features; IPv6 sniffer support, Fragment chain input, Data store callback, Various statistics tweaks and other Sniffer fixes
 
-There is a fix for a potential buffer overflow case with the TLSv1.3 PSK extension parsing. This affects users that are enabling TLSv1.3 (--enable-tls13). Thanks to Robert Hoerr for the report. The CVE associated with the report is CVE-2019-11873.
 
-There is a fix for the potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack against previous wolfSSL versions. ECC operations with --enable-sp and --enable-sp-asm are not affected, users with private ECC keys in other builds that are performing ECDSA signing operations should update versions of wolfSSL along with private ECC keys. Thanks to Ján Jančár from Masaryk University for the report.
+##### Fixes
+* Addition of internal content digest checks for PKCS7 SignedData message types that also have signed attributes present. Users could previously check the content digest against the messageDigest attribute, but this adds a default internal check. It’s advised that if users are not doing their own checks that they update wolfSSL version.
+* A fix for BIO and base64 encoding/decoding
+* A fix for memory management of CTX / WOLFSSL_METHOD pointer with staticmemory build
+* A fix for detection of AES-NI support to read bit 25 from ECX
+* A fix a DTLS handshake message retransmit bug corner case
+* Additional fixes to coding style and uninitialized values using cppcheck tool
+* Fixes for failing IAR builds, thanks to Joseph C. for the report
+* Fixes for ARMv8 Poly1305 inline assembly code to compile with clang 3.5
+* Fixes for esp-idf build warnings
+* A fix for XSNPRINTF with mingw32 builds
+* Fixes for strncpy warnings when compiling with newer versions of GCC
+* A fix for using IV of all 0’s as default case with AES-NI when no IV passed in
+* Fixes for types with 16 bit systems, thanks to Ralf Schlatterbeck
+* Fixes for build with devcrypto/afalg and aesccm, thanks to GitHub user cotequeiroz for the report
+* Fixes for addressing handling of pathLen constraint when parsing certificate chains
+* A DTLS fix for alert packet injection at end of handshake
+* Fixes for Poly1305 AArch64 assembly code
+* A fix for memory management in error cases when adding a CA, this resolves a coverity report
+* A fix for SP math for precomputation tables to not include infinity field
+* Fixes for checks on defines with AVX2 and Poly1305 build
+* Fixes for CubeMX HAL v1.15 with STM32F7
+* A fix for TLS 1.3 to always send Key Share extension
+* A fix for a potential buffer over read in TLS 1.3 DoTls13SupportedVersions, thanks to Artem for the report
+
+
+##### Improvements/Optimizations
+* Optimization to SP math, changing variables to const where possible. Thanks to Yair Poleg (yair.poleg@ayyeka.com) of Ayyeka for proposing static declaration of global constant variables in SP code
+* Additional fuzz testing and fixes for TLS 1.3 use, including additional TLS 1.3 alert messages (PR#2440 for more information)
+* Additional sanity check that ciphersuite from client hello is used in server hello response (check can be removed with the macro WOLFSSL_NO_STRICT_CIPHER_SUITE)
+* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78% 
+* By default, disallow SHA-2 cipher suites from being used in TLS 1.0 and 1.1 handshakes (can be ignored with macro WOLFSSL_OLDTLS_SHA2_CIPHERSUITES)
+* Optimization of export session buffer size with enable option --enable-sessionexport=nopeer
+* Spelling fixes in comments and some cast warnings resolved
+* Updates to abstract atoi to XATOI when used, this allows for better portability when making calls to the system function atoi for converting strings to integers
+* Improvements to the STSAFE-A100 error code handling, providing better debug information
+* Adding a sanity check on TLS 1.3 ticket encrypt callback
+* Specialized implementations of mod exp when base is 2
+
+
+
+##### This release of wolfSSL includes a fix for 5 security vulnerabilities.
+
+Fix for sanity check on reading TLS 1.3 pre-shared key extension. This fixes a potential for an invalid read when TLS 1.3 and pre-shared keys is enabled. Users without TLS 1.3 enabled are unaffected. Users with TLS 1.3 enabled and HAVE_SESSION_TICKET defined or NO_PSK not defined should update wolfSSL versions. Thanks to Robert Hoerr for the report.
+
+Fix for potential program hang when ocspstapling2 is enabled. This is a moderate level fix that affects users who have ocspstapling2 enabled(off by default) and are on the server side. In parsing a CSR2 (Certificate Status Request v2 ) on the server side, there was the potential for a malformed extension to cause a program hang. Thanks to Robert Hoerr for the report.
+
+Two moderate level fixes involving an ASN.1 over read by one byte. CVE-2019-15651 is for a fix that is due to a potential one byte over read when decoding certificate extensions. CVE-2019-16748 is for a fix on a potential one byte overread with checking certificate signatures. This affects builds that do certificate parsing and do not have the macro NO_SKID defined.Thanks to Yan Jia and the researcher team  from Institute of Software, Chinese Academy of Sciences for the report.
+
+High level fix for DSA operations involving an attack on recovering DSA private keys. This fix affects users that have DSA enabled and are performing DSA operations (off by default). All users that have DSA enabled and are using DSA keys are advised to regenerate DSA keys and update wolfSSL version. ECDSA is NOT affected by this and TLS code is NOT affected by this issue. Thanks to Ján Jančár for the report.
+
+
+For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
 
 
 *** Resources ***

certs/include.am

@@ -13,6 +13,7 @@ EXTRA_DIST += \
 	     certs/client-relative-uri.pem \
 	     certs/ecc-key.pem \
 	     certs/ecc-privkey.pem \
+	     certs/ecc-privkeyPkcs8.der \
 	     certs/ecc-privkeyPkcs8.pem \
 	     certs/ecc-keyPkcs8Enc.pem \
 	     certs/ecc-keyPkcs8Enc.der \

certs/renewcerts/wolfssl.cnf

@@ -125,6 +125,13 @@ subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints=CA:true
 
+#wolfssl extensions for intermediate CAs
+[wolfssl_opts_ICA]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true
+keyUsage=keyCertSign, cRLSign
+
 # CA with pathlen 0
 [ pathlen_0 ]
 subjectKeyIdentifier=hash
@@ -146,6 +153,13 @@ authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints=CA:true,pathlen:127
 keyUsage=keyCertSign, cRLSign
 
+# CA with pathlen 100
+[ pathlen_100 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:100
+keyUsage=keyCertSign, cRLSign
+
 # CA with pathlen 128
 [ pathlen_128 ]
 subjectKeyIdentifier=hash
@@ -153,6 +167,41 @@ authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints=CA:true,pathlen:128
 keyUsage=keyCertSign, cRLSign
 
+# CA with pathlen 5
+[ pathlen_5 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:5
+keyUsage=keyCertSign, cRLSign
+
+# CA with pathlen 10
+[ pathlen_10 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:10
+keyUsage=keyCertSign, cRLSign
+
+# CA with pathlen 20
+[ pathlen_20 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:20
+keyUsage=keyCertSign, cRLSign
+
+# CA with pathlen 99
+[ pathlen_99 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:99
+keyUsage=keyCertSign, cRLSign
+
+# CA with pathlen 2
+[ pathlen_2 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:2
+keyUsage=keyCertSign, cRLSign
+
 # test pathlen server cert
 [ test_pathlen ]
 subjectKeyIdentifier=hash

certs/test-pathlen/assemble-chains.sh

@@ -12,249 +12,188 @@ check_result(){
     fi
 }
 
-###########################################################
-########## update server-0-ca.pem          ################
-###########################################################
-echo "Updating server-0-ca.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 0 CA\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-0-ca-req.pem
-check_result $? "Step 1"
+create_an_intermediate(){
+    # $1 - chain ID
+    # $2 - ICA Number (Example entity signed by ICA1 signed by ICA2 and so on)
+    # $2 - pathLength to use
+    # $3 - Signer of this Intermediate
+    # $4 - The signers Key
+    # example: create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem"
+    chainID="$1"
+    icaNum="$2"
+    pathLen="$3"
+    signer="$4"
+    signerKey="$5"
+    echo "pathLen = $3, $pathLen"
+    echo ""
+    #pipe the following arguments to openssl req...
 
-openssl x509 -req -in server-0-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_0 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 100 -sha1 > server-0-ca.pem
-check_result $? "Step 2"
+    if [ "$pathLen" = "no_pathlen" ]; then
+        echo "Updating $chainID-$icaNum-$pathLen.pem"
+
+        echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-$icaNum-$pathLen\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-$icaNum-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem
+        check_result $? "Step 1"
+
+        openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts_ICA -days 1000 -CA $signer -CAkey $signerKey -set_serial 100 -sha256 > "$chainID-$icaNum-$pathLen.pem"
+        check_result $? "Step 2"
+
+        rm temp-req.pem
+        openssl x509 -in "$chainID-$icaNum-$pathLen.pem" -text > ca_tmp.pem
+        check_result $? "Step 3"
+        mv ca_tmp.pem "$chainID-$icaNum-$pathLen.pem"
+    else
+        echo "Updating $chainID-$icaNum-pathlen$pathLen.pem"
+
+        echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-$icaNum-pathlen$pathLen\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-$icaNum-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem
+        check_result $? "Step 1"
+
+        openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions "pathlen_$pathLen" -days 1000 -CA $signer -CAkey $signerKey -set_serial 100 -sha256 > "$chainID-$icaNum-pathlen$pathLen.pem"
+        check_result $? "Step 2"
+
+        rm temp-req.pem
+        openssl x509 -in "$chainID-$icaNum-pathlen$pathLen.pem" -text > ca_tmp.pem
+        check_result $? "Step 3"
+        mv ca_tmp.pem "$chainID-$icaNum-pathlen$pathLen.pem"
+    fi
+    echo "End of Section"
+    echo "-------------------------------------------------------------------------"
+}
 
-rm server-0-ca-req.pem
-openssl x509 -in server-0-ca.pem -text > ca_tmp.pem
-check_result $? "Step 3"
-mv ca_tmp.pem server-0-ca.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
 ###########################################################
-########## update server-0-cert.pem        ################
+########## update chainA-entity.pem        ################
 ###########################################################
-echo "Updating server-0-cert.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 0\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-0-cert-req.pem
-check_result $? "Step 1"
+create_an_entity(){
+    # $1 - chain ID
+    # $2 - ICA Number (Example entity signed by ICA1 signed by ICA2 and so on)
+    # $2 - pathLength to use
+    # $3 - Signer of this Intermediate
+    # $4 - The signers Key
+    # example: create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem"
+    chainID="$1"
+    signer="$2"
+    signerKey="$3"
+    echo "Updating $chainID-entity.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-entity\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-entity-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem
+    check_result $? "Step 1"
 
-openssl x509 -req -in server-0-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-0-ca.pem -CAkey ../server-key.pem -set_serial 101 -sha1 > server-0-cert.pem
-check_result $? "Step 2"
+    openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA "$signer" -CAkey "$signerKey" -set_serial 101 -sha256 > "$chainID"-entity.pem
+    check_result $? "Step 2"
+
+    rm temp-req.pem
+    openssl x509 -in "$chainID"-entity.pem -text > cert_tmp.pem
+    check_result $? "Step 3"
+    mv cert_tmp.pem "$chainID"-entity.pem
+    echo "End of Section"
+    echo "-------------------------------------------------------------------------"
+}
 
-rm server-0-cert-req.pem
-openssl x509 -in server-0-cert.pem -text > cert_tmp.pem
-check_result $? "Step 3"
-mv cert_tmp.pem server-0-cert.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
 ###########################################################
-########## update server-1-ca.pem          ################
+########## Create the certs                ################
 ###########################################################
-echo "Updating server-1-ca.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 1 CA\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-1-ca-req.pem
-check_result $? "Step 1"
+create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem"
+create_an_entity "chainA" "chainA-ICA1-pathlen0.pem" "chainA-ICA1-key.pem"
 
-openssl x509 -req -in server-1-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_1 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 102 -sha1 > server-1-ca.pem
-check_result $? "Step 2"
+create_an_intermediate "chainB" "ICA2" "1" "../ca-cert.pem" "../ca-key.pem"
+create_an_intermediate "chainB" "ICA1" "0" "chainB-ICA2-pathlen1.pem" "chainB-ICA2-key.pem"
+create_an_entity "chainB" "chainB-ICA1-pathlen0.pem" "chainB-ICA1-key.pem"
 
-rm server-1-ca-req.pem
-openssl x509 -in server-1-ca.pem -text > ca_tmp.pem
-check_result $? "Step 3"
-mv ca_tmp.pem server-1-ca.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-1-cert.pem        ################
-###########################################################
-echo "Updating server-1-cert.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 1\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-1-cert-req.pem
-check_result $? "Step 1"
+create_an_intermediate "chainC" "ICA1" "1" "../ca-cert.pem" "../ca-key.pem"
+create_an_entity "chainC" "chainC-ICA1-pathlen1.pem" "chainC-ICA1-key.pem"
 
-openssl x509 -req -in server-1-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-1-ca.pem -CAkey ../server-key.pem -set_serial 105 -sha1 > server-1-cert.pem
-check_result $? "Step 2"
+create_an_intermediate "chainD" "ICA1" "127" "../ca-cert.pem" "../ca-key.pem"
+create_an_entity "chainD" "chainD-ICA1-pathlen127.pem" "chainD-ICA1-key.pem"
 
-rm server-1-cert-req.pem
-openssl x509 -in server-1-cert.pem -text > cert_tmp.pem
-check_result $? "Step 3"
-mv cert_tmp.pem server-1-cert.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-0-1-ca.pem        ################
-###########################################################
-echo "Updating server-0-1-ca.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 0-1 CA\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-0-1-ca-req.pem
-check_result $? "Step 1"
+create_an_intermediate "chainE" "ICA1" "128" "../ca-cert.pem" "../ca-key.pem"
+create_an_entity "chainE" "chainE-ICA1-pathlen128.pem" "chainE-ICA1-key.pem"
 
-openssl x509 -req -in server-0-1-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_1 -days 1000 -CA server-0-ca.pem -CAkey ../server-key.pem -set_serial 110 -sha1 > server-0-1-ca.pem
-check_result $? "Step 2"
+create_an_intermediate "chainF" "ICA2" "0" "../ca-cert.pem" "../ca-key.pem"
+create_an_intermediate "chainF" "ICA1" "1" "chainF-ICA2-pathlen0.pem" "chainF-ICA2-key.pem"
+create_an_entity "chainF" "chainF-ICA1-pathlen1.pem" "chainF-ICA1-key.pem"
 
-rm server-0-1-ca-req.pem
-openssl x509 -in server-0-1-ca.pem -text > ca_tmp.pem
-check_result $? "Step 3"
-mv ca_tmp.pem server-0-1-ca.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-0-1-cert.pem      ################
-###########################################################
-echo "Updating server-0-1-cert.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 0-1\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-0-1-cert-req.pem
-check_result $? "Step 1"
+create_an_intermediate "chainG" "ICA7" "100" "../ca-cert.pem" "../ca-key.pem"
+create_an_intermediate "chainG" "ICA6" "10" "chainG-ICA7-pathlen100.pem" "chainG-ICA7-key.pem"
+create_an_intermediate "chainG" "ICA5" "20" "chainG-ICA6-pathlen10.pem" "chainG-ICA6-key.pem"
+create_an_intermediate "chainG" "ICA4" "5" "chainG-ICA5-pathlen20.pem" "chainG-ICA5-key.pem"
+create_an_intermediate "chainG" "ICA3" "99" "chainG-ICA4-pathlen5.pem" "chainG-ICA4-key.pem"
+create_an_intermediate "chainG" "ICA2" "1" "chainG-ICA3-pathlen99.pem" "chainG-ICA3-key.pem"
+create_an_intermediate "chainG" "ICA1" "0" "chainG-ICA2-pathlen1.pem" "chainG-ICA2-key.pem"
+create_an_entity "chainG" "chainG-ICA1-pathlen0.pem" "chainG-ICA1-key.pem"
 
-openssl x509 -req -in server-0-1-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-0-1-ca.pem -CAkey ../server-key.pem -set_serial 111 -sha1 > server-0-1-cert.pem
-check_result $? "Step 2"
+# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0
+#       max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert.
+create_an_intermediate "chainH" "ICA4" "2" "../ca-cert.pem" "../ca-key.pem"
+create_an_intermediate "chainH" "ICA3" "2" "chainH-ICA4-pathlen2.pem" "chainH-ICA4-key.pem"
+create_an_intermediate "chainH" "ICA2" "2" "chainH-ICA3-pathlen2.pem" "chainH-ICA3-key.pem"
+create_an_intermediate "chainH" "ICA1" "0" "chainH-ICA2-pathlen2.pem" "chainH-ICA2-key.pem"
+create_an_entity "chainH" "chainH-ICA1-pathlen0.pem" "chainH-ICA1-key.pem"
 
-rm server-0-1-cert-req.pem
-openssl x509 -in server-0-1-cert.pem -text > cert_tmp.pem
-check_result $? "Step 3"
-mv cert_tmp.pem server-0-1-cert.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-1-0-ca.pem        ################
-###########################################################
-echo "Updating server-1-0-ca.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 1-0 CA\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-1-0-ca-req.pem
-check_result $? "Step 1"
+# Success, PathLen of 2 followed by 2 Intermediates with no pathLen set
+create_an_intermediate "chainI" "ICA3" "2" "../ca-cert.pem" "../ca-key.pem"
+create_an_intermediate "chainI" "ICA2" "no_pathlen" "chainI-ICA3-pathlen2.pem" "chainI-ICA3-key.pem"
+create_an_intermediate "chainI" "ICA1" "no_pathlen" "chainI-ICA2-no_pathlen.pem" "chainI-ICA2-key.pem"
+create_an_entity "chainI" "chainI-ICA1-no_pathlen.pem" "chainI-ICA1-key.pem"
 
-openssl x509 -req -in server-1-0-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_0 -days 1000 -CA server-1-ca.pem -CAkey ../server-key.pem -set_serial 103 -sha1 > server-1-0-ca.pem
-check_result $? "Step 2"
+# Fail: PathLen of 2 followed by 3 Intermediates with no pathLen set
+create_an_intermediate "chainJ" "ICA4" "2" "../ca-cert.pem" "../ca-key.pem"
+create_an_intermediate "chainJ" "ICA3" "no_pathlen" "chainJ-ICA4-pathlen2.pem" "chainJ-ICA4-key.pem"
+create_an_intermediate "chainJ" "ICA2" "no_pathlen" "chainJ-ICA3-no_pathlen.pem" "chainJ-ICA3-key.pem"
+create_an_intermediate "chainJ" "ICA1" "no_pathlen" "chainJ-ICA2-no_pathlen.pem" "chainJ-ICA2-key.pem"
+create_an_entity "chainJ" "chainJ-ICA1-no_pathlen.pem" "chainJ-ICA1-key.pem"
 
-rm server-1-0-ca-req.pem
-openssl x509 -in server-1-0-ca.pem -text > ca_tmp.pem
-check_result $? "Step 3"
-mv ca_tmp.pem server-1-0-ca.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-1-0-cert.pem      ################
-###########################################################
-echo "Updating server-1-0-cert.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 1-0\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-1-0-cert-req.pem
-check_result $? "Step 1"
-
-openssl x509 -req -in server-1-0-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-1-0-ca.pem -CAkey ../server-key.pem -set_serial 104 -sha1 > server-1-0-cert.pem
-check_result $? "Step 2"
-
-rm server-1-0-cert-req.pem
-openssl x509 -in server-1-0-cert.pem -text > cert_tmp.pem
-check_result $? "Step 3"
-mv cert_tmp.pem server-1-0-cert.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-127-ca.pem        ################
-###########################################################
-echo "Updating server-127-ca.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 127 CA\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-127-ca-req.pem
-check_result $? "Step 1"
-
-openssl x509 -req -in server-127-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_127 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 106 -sha1 > server-127-ca.pem
-check_result $? "Step 2"
-
-rm server-127-ca-req.pem
-openssl x509 -in server-127-ca.pem -text > ca_tmp.pem
-check_result $? "Step 3"
-mv ca_tmp.pem server-127-ca.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-127-cert.pem      ################
-###########################################################
-echo "Updating server-127-cert.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 127\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-127-cert-req.pem
-check_result $? "Step 1"
-
-openssl x509 -req -in server-127-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-127-ca.pem -CAkey ../server-key.pem -set_serial 107 -sha1 > server-127-cert.pem
-check_result $? "Step 2"
-
-rm server-127-cert-req.pem
-openssl x509 -in server-127-cert.pem -text > cert_tmp.pem
-check_result $? "Step 3"
-mv cert_tmp.pem server-127-cert.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-128-ca.pem        ################
-###########################################################
-echo "Updating server-128-ca.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 128 CA\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-128-ca-req.pem
-check_result $? "Step 1"
-
-openssl x509 -req -in server-128-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_128 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 106 -sha1 > server-128-ca.pem
-check_result $? "Step 2"
-
-rm server-128-ca-req.pem
-openssl x509 -in server-128-ca.pem -text > ca_tmp.pem
-check_result $? "Step 3"
-mv ca_tmp.pem server-128-ca.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
-###########################################################
-########## update server-128-cert.pem      ################
-###########################################################
-echo "Updating server-128-cert.pem"
-echo ""
-#pipe the following arguments to openssl req...
-echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\nServer 128\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key ../server-key.pem -config ../renewcerts/wolfssl.cnf -nodes -sha1 > server-128-cert-req.pem
-check_result $? "Step 1"
-
-openssl x509 -req -in server-128-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-128-ca.pem -CAkey ../server-key.pem -set_serial 107 -sha1 > server-128-cert.pem
-check_result $? "Step 2"
-
-rm server-128-cert-req.pem
-openssl x509 -in server-128-cert.pem -text > cert_tmp.pem
-check_result $? "Step 3"
-mv cert_tmp.pem server-128-cert.pem
-echo "End of Section"
-echo "-------------------------------------------------------------------------"
 ###########################################################
 ########## Assemble Chains                 ################
 ###########################################################
 # Success: PathLen of 0
-## server-0-ca.pem: signed by ca-cert.pem
-## server-0-cert.pem: signed by server-0-ca.pem 
-cat server-0-cert.pem server-0-ca.pem > server-0-chain.pem
+## chainA-ICA1-pathlen0.pem: signed by ca-cert.pem
+## chainA-entity.pem: signed by chainA-ICA1-pathlen0.pem 
+cat chainA-entity.pem chainA-ICA1-pathlen0.pem > chainA-assembled.pem
 
 # Success: PathLen of 1
-## server-1-ca.pem: signed by ca-cert.pem
-## server-1-0-ca.pem: signed by server-1-ca.pem
-## server-1-0-cert.pem: signed by server-1-0-ca.pem
-cat server-1-0-cert.pem server-1-0-ca.pem server-1-ca.pem > server-1-0-chain.pem
-## server-1-cert.pem: signed by server-1-ca.pem
-cat server-1-cert.pem server-1-ca.pem > server-1-chain.pem
+## chainB-ICA2-pathlen1.pem: signed by ca-cert.pem
+## chainB-ICA1-pathlen0.pem: signed by chainB-ICA2-pathlen1.pem
+## chainB-entity.pem: signed by chainB-ICA1-pathlen0.pem
+cat chainB-entity.pem chainB-ICA1-pathlen0.pem chainB-ICA2-pathlen1.pem > chainB-assembled.pem
+## chainC-entity.pem: signed by chainC-ICA1-pathlen1.pem
+cat chainC-entity.pem chainC-ICA1-pathlen1.pem > chainC-assembled.pem
 
 # Success: PathLen of 127
-## server-127-ca.pem: signed by ca-cert.pem
-## server-127-cert.pem: signed by server-127-cert.pem
-cat server-127-cert.pem server-127-ca.pem > server-127-chain.pem
+## chainD-ICA1-pathlen127.pem: signed by ca-cert.pem
+## chainD-entity.pem: signed by chainD-entity.pem
+cat chainD-entity.pem chainD-ICA1-pathlen127.pem > chainD-assembled.pem
 
 # Failure: PathLen of 128
-## server-128-ca.pem: signed by ca-cert.pem
-## server-128-cert.pem: signed by server-128-ca.pem
-cat server-128-cert.pem server-128-ca.pem > server-128-chain.pem
+## chainE-ICA1-pathlen128.pem: signed by ca-cert.pem
+## chainE-entity.pem: signed by chainE-ICA1-pathlen128.pem
+cat chainE-entity.pem chainE-ICA1-pathlen128.pem > chainE-assembled.pem
 
 # Failure: PathLen of 0, signing PathLen of 1
-## server-0-1-ca.pem: signed by server-0-ca.pem
-## server-0-1-cert.pem: signed by server-0-1-ca.pem
-cat server-0-1-cert.pem server-0-1-ca.pem server-0-ca.pem > server-0-1-chain.pem
+## chainF-ICA1-pathlen1.pem: signed by chainA-ICA1-pathlen0.pem
+## chainF-entity.pem: signed by chainF-ICA1-pathlen1.pem
+cat chainF-entity.pem chainF-ICA1-pathlen1.pem chainF-ICA2-pathlen0.pem > chainF-assembled.pem
+
+# Success: PathLen of 127, signing PathLen of 10, signing PathLen of 20, signing
+#          PathLen of 5, signing PathLen of 99, signing PathLen of 1, signing
+#          PathLen of 0
+cat chainG-entity.pem chainG-ICA1-pathlen0.pem > chainG-assembled.pem
+cat chainG-ICA2-pathlen1.pem chainG-ICA3-pathlen99.pem >> chainG-assembled.pem
+cat chainG-ICA4-pathlen5.pem chainG-ICA5-pathlen20.pem >> chainG-assembled.pem
+cat chainG-ICA6-pathlen10.pem chainG-ICA7-pathlen100.pem >> chainG-assembled.pem
+
+# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0
+#       max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert.
+cat chainH-entity.pem chainH-ICA1-pathlen0.pem > chainH-assembled.pem
+cat chainH-ICA2-pathlen2.pem chainH-ICA3-pathlen2.pem >> chainH-assembled.pem
+cat chainH-ICA4-pathlen2.pem >> chainH-assembled.pem
+
+# Fail:
+cat chainI-entity.pem chainI-ICA1-no_pathlen.pem > chainI-assembled.pem
+cat chainI-ICA2-no_pathlen.pem chainI-ICA3-pathlen2.pem >> chainI-assembled.pem
+
+# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0
+#       max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert.
+cat chainJ-entity.pem chainJ-ICA1-no_pathlen.pem > chainJ-assembled.pem
+cat chainJ-ICA2-no_pathlen.pem chainJ-ICA3-no_pathlen.pem >> chainJ-assembled.pem
+cat chainJ-ICA4-pathlen2.pem >> chainJ-assembled.pem
+

certs/test-pathlen/chainA-ICA1-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAsiuhP77AWL06vA0ZrMp/uTvwjDD/BLE0fiaGljZrUy5EHaH0
+vFF5VQXKu6CnnTMBk5YUZ+z0wy5mJ9FBaDSsjWRj2FWGnWIkme23/8tNnUBU1eOq
+Raam2/5zQpRCwdAyXMQhrpyTALdKH56VpihtS9jAZefto23KGLP638lnGnUjYIOl
+A19hveXWjZ0FRyN+oI3Rf0JOOKzOcLy/ewVbD4ICsJqNwBTK0EVelxDRoeEj2txp
+nM5TzGiJxkBNabyrT8cRXmKi3+KlNHw5NidnNBEELCqzFtuO/dd7HZNfM8LKliIq
+Q4KKSEYHE/9sHLC6C/DNP0zcNBePInBpnSLXxwIDAQABAoIBAH+tbFw14bi1wgVI
+jgGZC3Y+Ud7krZs7MZbFHOVAEiEFoqJpkOvyprQa9nEGa5bnGlYc0nq2/59u/J3E
+As8eEBkyu6onf9QApKH6DEUt92yc0S6Fe1t2VVSJPyeS/1PMUorPsiNi6KU2s9N8
+3Vi417nmldlxHoZjAtQ5BaqgtVXrMMIS05Q3bySULdOXYNu8hBGvGkR99tSyKQ1S
+qVfJWi7dHrjiRPbYSW7aOaYID3QjB3GIqkcoUMWXTzdogE/EPKZL52CL+hBBw8C2
+4Q/8o0Wy60Futj/1Hdax6o/sVPDmoypDzYbbQ5IVcGM+SWykDn2+tNJDvfFp1T6k
++az1H0ECgYEA41cCvONXUQQ9PWSeNutdxS49c+tr0UN5/F09Yy6vVEWkjKuUwYzj
+9RMxH6Hf0t6k3Qvm4x0m9jWFWTiUQVGDg9EU9AWSGeQ73TZN9gUaI5meWUQnZoiL
+kJqkKvdiXfCSBwCRQuW3vrKyi8miLYTVTeBewjoUbZnkVkIN3+f0Vb8CgYEAyKHD
+P0JE4UegsTB3r0VZtXHF+en2TcJ0kl4tc09O+R3FOmslmXpaG7ZMx+KVVCrmTlPl
+pzScv1kNEhQYSJPIfbc1YxLOQNUf96oiTeG4RsCMm+zSIgYQKe5VKvEPrw4OfOQW
+bqUyHGHfm4NSxmTZgi6ukgZqpTcD5KUyajZaz/kCgYBeWLfcKAUOrFG17tHyPM+X
+i08ZknQWToiLgS5+wNsmgBiAAJ0ljhD0nlheplE7NAb7bXsOegS3XRLQKjjsuqV3
+yQeHFeDCOgPWFDlahleIurIKncw0MyqogmTrJ+t8zN/tZADk4GzXCVYrySwy89OK
+FDl/JZdgvOMUISmc6KhwBQKBgGWOrJya2O8IKOlIVW0dN7nG66YDri/SXNuyXGNg
+I+OqFCnsDs5Pxsj8UIVlxp0iUg4YHcmzshyR4THjhh9G31fzo0yROmJK/7GIJ3Ew
+7uyxjvtmtz+NviTbhbUE7SF5hg/mDQzZBjKjwGKh6QaQCiIBq1Aze0xCOvBERu7I
+sNNRAoGBAN5bKB0JoskQcd5uJTgwTrATrY4FNBPs2s/I8XIBYCLuvhGyiR95B7Uy
+nZobhWFx2xwWWHksrJ8CKXodQuojtQPEC+JnoKeUvzEs95KvHwdxNGH74VMT8bqg
+Q3qKoHsd8dkclcJbIPI3KCkpuaimqNits4ma+oVTuB0JyYFXEg+X
+-----END RSA PRIVATE KEY-----

certs/test-pathlen/chainA-ICA1-pathlen0.pem

@@ -0,0 +1,89 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:b2:2b:a1:3f:be:c0:58:bd:3a:bc:0d:19:ac:ca:
+                    7f:b9:3b:f0:8c:30:ff:04:b1:34:7e:26:86:96:36:
+                    6b:53:2e:44:1d:a1:f4:bc:51:79:55:05:ca:bb:a0:
+                    a7:9d:33:01:93:96:14:67:ec:f4:c3:2e:66:27:d1:
+                    41:68:34:ac:8d:64:63:d8:55:86:9d:62:24:99:ed:
+                    b7:ff:cb:4d:9d:40:54:d5:e3:aa:45:a6:a6:db:fe:
+                    73:42:94:42:c1:d0:32:5c:c4:21:ae:9c:93:00:b7:
+                    4a:1f:9e:95:a6:28:6d:4b:d8:c0:65:e7:ed:a3:6d:
+                    ca:18:b3:fa:df:c9:67:1a:75:23:60:83:a5:03:5f:
+                    61:bd:e5:d6:8d:9d:05:47:23:7e:a0:8d:d1:7f:42:
+                    4e:38:ac:ce:70:bc:bf:7b:05:5b:0f:82:02:b0:9a:
+                    8d:c0:14:ca:d0:45:5e:97:10:d1:a1:e1:23:da:dc:
+                    69:9c:ce:53:cc:68:89:c6:40:4d:69:bc:ab:4f:c7:
+                    11:5e:62:a2:df:e2:a5:34:7c:39:36:27:67:34:11:
+                    04:2c:2a:b3:16:db:8e:fd:d7:7b:1d:93:5f:33:c2:
+                    ca:96:22:2a:43:82:8a:48:46:07:13:ff:6c:1c:b0:
+                    ba:0b:f0:cd:3f:4c:dc:34:17:8f:22:70:69:9d:22:
+                    d7:c7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A8:10:EA:C8:EF:4F:00:CD:E3:79:C3:EB:DF:F6:C8:86:9D:44:6C:26
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:86:FF:F5:8E:10:DE:B8:FB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         2a:15:34:be:88:ed:0b:5d:97:b4:c0:9e:f7:45:a2:ba:bb:a0:
+         7f:a0:b3:93:15:79:38:27:36:25:91:5d:73:10:bb:d0:f9:f3:
+         e9:5f:98:c6:9b:6b:da:08:60:48:3e:26:17:2b:ae:22:08:ac:
+         10:ed:a1:28:65:96:7f:94:75:c8:da:6c:c9:f6:4c:4c:b1:a3:
+         45:4b:74:c7:de:49:f6:c1:1c:2c:eb:41:3c:2d:56:52:75:5b:
+         7c:13:c0:dc:41:34:02:c0:e5:5e:79:71:65:ac:d1:f3:36:f7:
+         55:d5:13:8f:0a:42:49:d9:fc:7f:5c:a4:cb:ad:7b:72:2f:98:
+         e2:56:92:9e:11:1a:b2:9d:5b:b9:2c:14:1e:51:f5:c5:b7:2c:
+         c2:39:52:90:0f:4e:04:5e:59:23:6f:d8:f9:75:2b:54:b0:6e:
+         98:0a:54:3a:45:fd:9a:63:31:ce:a3:a8:ae:7b:be:03:81:a5:
+         18:d3:00:51:a4:29:d4:f7:8d:53:31:72:85:80:c0:62:71:06:
+         2b:07:b6:0a:b2:12:cf:2b:bd:99:34:6b:5e:ea:94:0c:1a:e8:
+         2b:ee:e5:d6:3d:cb:7a:f6:f8:6e:e4:e2:f4:25:07:13:11:b1:
+         18:b3:75:29:40:dc:bc:31:57:37:71:7c:09:bb:74:1c:9e:b4:
+         3e:1d:47:20
+-----BEGIN CERTIFICATE-----
+MIIEwTCCA6mgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTkxMDEx
+MDAyODA4WhcNMjIwNzA3MDAyODA4WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
+SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQS1JQ0Ex
+LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiuhP77AWL06vA0ZrMp/uTvwjDD/
+BLE0fiaGljZrUy5EHaH0vFF5VQXKu6CnnTMBk5YUZ+z0wy5mJ9FBaDSsjWRj2FWG
+nWIkme23/8tNnUBU1eOqRaam2/5zQpRCwdAyXMQhrpyTALdKH56VpihtS9jAZeft
+o23KGLP638lnGnUjYIOlA19hveXWjZ0FRyN+oI3Rf0JOOKzOcLy/ewVbD4ICsJqN
+wBTK0EVelxDRoeEj2txpnM5TzGiJxkBNabyrT8cRXmKi3+KlNHw5NidnNBEELCqz
+FtuO/dd7HZNfM8LKliIqQ4KKSEYHE/9sHLC6C/DNP0zcNBePInBpnSLXxwIDAQAB
+o4IBDTCCAQkwHQYDVR0OBBYEFKgQ6sjvTwDN43nD69/2yIadRGwmMIHJBgNVHSME
+gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
+U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q
+3rj7MA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA
+A4IBAQAqFTS+iO0LXZe0wJ73RaK6u6B/oLOTFXk4JzYlkV1zELvQ+fPpX5jGm2va
+CGBIPiYXK64iCKwQ7aEoZZZ/lHXI2mzJ9kxMsaNFS3TH3kn2wRws60E8LVZSdVt8
+E8DcQTQCwOVeeXFlrNHzNvdV1ROPCkJJ2fx/XKTLrXtyL5jiVpKeERqynVu5LBQe
+UfXFtyzCOVKQD04EXlkjb9j5dStUsG6YClQ6Rf2aYzHOo6iue74DgaUY0wBRpCnU
+941TMXKFgMBicQYrB7YKshLPK72ZNGte6pQMGugr7uXWPct69vhu5OL0JQcTEbEY
+s3UpQNy8MVc3cXwJu3QcnrQ+HUcg
+-----END CERTIFICATE-----

certs/test-pathlen/chainA-assembled.pem

@@ -0,0 +1,175 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 101 (0x65)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-entity, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d0:7a:d8:c8:6c:4f:a5:cd:72:25:87:ff:12:a3:
+                    65:0e:1d:1f:78:b2:d7:1a:65:a1:e7:4e:bd:05:b5:
+                    05:3e:39:3e:85:ad:90:c7:5b:a5:81:42:b5:01:00:
+                    57:87:29:a3:45:ce:f4:02:fa:80:8f:3b:8e:99:40:
+                    2c:fc:c8:b0:8b:2b:19:c3:20:c6:af:db:a0:d9:d5:
+                    70:32:6d:66:c3:ca:c4:ea:63:fb:08:0e:35:bc:50:
+                    7f:85:c7:62:f4:e2:85:e4:89:59:52:71:f2:e3:d1:
+                    63:3e:1d:08:6d:ff:86:cb:e5:eb:bc:1f:de:13:f0:
+                    b2:f8:92:ee:23:9d:64:e7:b0:49:6f:26:a2:64:bc:
+                    9c:18:8a:f3:c6:db:83:a4:6c:b0:56:23:16:40:57:
+                    b0:95:5e:1b:3d:c5:3f:10:7a:84:e0:3e:bb:78:e8:
+                    7d:c1:63:f3:fe:ee:af:16:db:ce:28:02:21:df:8b:
+                    ca:f3:c3:1e:d1:47:c0:59:5f:1c:48:ec:50:6a:e3:
+                    cc:fb:b6:16:45:40:c8:50:cf:dc:3e:2d:2d:cb:cd:
+                    19:2a:17:74:41:7f:bc:26:4d:cd:97:b2:2b:67:57:
+                    8e:6e:75:b5:d8:ec:6b:69:ab:09:3d:95:85:2c:0f:
+                    d7:8d:29:75:1f:9b:88:56:bc:e8:11:a3:c8:65:e5:
+                    2b:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D6:56:A1:9C:F1:66:E4:05:17:36:32:74:BA:72:97:50:13:58:B3:3D
+            X509v3 Authority Key Identifier: 
+                keyid:A8:10:EA:C8:EF:4F:00:CD:E3:79:C3:EB:DF:F6:C8:86:9D:44:6C:26
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         72:8d:c5:a7:a8:d5:4a:bc:d9:72:ef:46:79:53:5c:e8:32:10:
+         f5:29:ee:b0:6c:ef:68:80:a3:f6:0f:fe:ba:73:ce:a9:c4:93:
+         01:ba:78:eb:a9:4a:f3:32:e2:4c:74:6c:f7:23:c9:70:44:a1:
+         d1:f7:59:d7:fd:34:12:ab:81:91:16:20:60:59:dd:ff:d5:6f:
+         1f:d6:25:d9:95:85:7f:9d:dc:18:49:39:44:43:03:03:98:db:
+         2e:03:a8:88:27:13:d2:a5:52:0e:15:a0:e5:5d:15:81:2b:3d:
+         1c:cb:41:58:46:d3:4f:37:be:ae:45:eb:7d:9c:52:91:50:98:
+         a5:c1:e6:7b:1a:60:e0:d6:61:7e:88:19:b7:ec:8a:33:07:24:
+         04:9f:78:89:50:97:9c:a4:1e:15:fc:ef:bf:29:4d:c3:8c:19:
+         d7:59:68:30:d2:08:d8:80:d8:7e:32:31:2b:ee:cf:7f:b4:47:
+         a4:bb:7d:cf:b6:64:9d:55:5c:e9:44:0a:43:ed:3b:c2:ae:1d:
+         34:1c:bf:7e:5b:91:8c:26:76:fb:68:d9:3e:6b:68:22:ae:60:
+         56:d3:4e:f3:b7:d1:de:da:47:03:2e:22:74:85:ea:52:de:22:
+         fd:90:55:21:8d:b2:e4:35:c3:15:44:f6:1a:01:3c:0a:56:f8:
+         89:98:59:4a
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
+YWluQS1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE5MTAxMTAwMjgwOFoXDTIyMDcwNzAwMjgwOFowgZoxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
+VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
+DA1jaGFpbkEtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HrYyGxPpc1yJYf/EqNl
+Dh0feLLXGmWh5069BbUFPjk+ha2Qx1ulgUK1AQBXhymjRc70AvqAjzuOmUAs/Miw
+iysZwyDGr9ug2dVwMm1mw8rE6mP7CA41vFB/hcdi9OKF5IlZUnHy49FjPh0Ibf+G
+y+XrvB/eE/Cy+JLuI51k57BJbyaiZLycGIrzxtuDpGywViMWQFewlV4bPcU/EHqE
+4D67eOh9wWPz/u6vFtvOKAIh34vK88Me0UfAWV8cSOxQauPM+7YWRUDIUM/cPi0t
+y80ZKhd0QX+8Jk3Nl7IrZ1eObnW12OxraasJPZWFLA/XjSl1H5uIVrzoEaPIZeUr
+IwIDAQABo4HxMIHuMB0GA1UdDgQWBBTWVqGc8WbkBRc2MnS6cpdQE1izPTCBwQYD
+VR0jBIG5MIG2gBSoEOrI708AzeN5w+vf9siGnURsJqGBmqSBlzCBlDELMAkGA1UE
+BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
+BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
+d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAco3Fp6jVSrzZcu9GeVNc6DIQ
+9SnusGzvaICj9g/+unPOqcSTAbp466lK8zLiTHRs9yPJcESh0fdZ1/00EquBkRYg
+YFnd/9VvH9Yl2ZWFf53cGEk5REMDA5jbLgOoiCcT0qVSDhWg5V0VgSs9HMtBWEbT
+Tze+rkXrfZxSkVCYpcHmexpg4NZhfogZt+yKMwckBJ94iVCXnKQeFfzvvylNw4wZ
+11loMNII2IDYfjIxK+7Pf7RHpLt9z7ZknVVc6UQKQ+07wq4dNBy/fluRjCZ2+2jZ
+PmtoIq5gVtNO87fR3tpHAy4idIXqUt4i/ZBVIY2y5DXDFUT2GgE8Clb4iZhZSg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:b2:2b:a1:3f:be:c0:58:bd:3a:bc:0d:19:ac:ca:
+                    7f:b9:3b:f0:8c:30:ff:04:b1:34:7e:26:86:96:36:
+                    6b:53:2e:44:1d:a1:f4:bc:51:79:55:05:ca:bb:a0:
+                    a7:9d:33:01:93:96:14:67:ec:f4:c3:2e:66:27:d1:
+                    41:68:34:ac:8d:64:63:d8:55:86:9d:62:24:99:ed:
+                    b7:ff:cb:4d:9d:40:54:d5:e3:aa:45:a6:a6:db:fe:
+                    73:42:94:42:c1:d0:32:5c:c4:21:ae:9c:93:00:b7:
+                    4a:1f:9e:95:a6:28:6d:4b:d8:c0:65:e7:ed:a3:6d:
+                    ca:18:b3:fa:df:c9:67:1a:75:23:60:83:a5:03:5f:
+                    61:bd:e5:d6:8d:9d:05:47:23:7e:a0:8d:d1:7f:42:
+                    4e:38:ac:ce:70:bc:bf:7b:05:5b:0f:82:02:b0:9a:
+                    8d:c0:14:ca:d0:45:5e:97:10:d1:a1:e1:23:da:dc:
+                    69:9c:ce:53:cc:68:89:c6:40:4d:69:bc:ab:4f:c7:
+                    11:5e:62:a2:df:e2:a5:34:7c:39:36:27:67:34:11:
+                    04:2c:2a:b3:16:db:8e:fd:d7:7b:1d:93:5f:33:c2:
+                    ca:96:22:2a:43:82:8a:48:46:07:13:ff:6c:1c:b0:
+                    ba:0b:f0:cd:3f:4c:dc:34:17:8f:22:70:69:9d:22:
+                    d7:c7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A8:10:EA:C8:EF:4F:00:CD:E3:79:C3:EB:DF:F6:C8:86:9D:44:6C:26
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:86:FF:F5:8E:10:DE:B8:FB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         2a:15:34:be:88:ed:0b:5d:97:b4:c0:9e:f7:45:a2:ba:bb:a0:
+         7f:a0:b3:93:15:79:38:27:36:25:91:5d:73:10:bb:d0:f9:f3:
+         e9:5f:98:c6:9b:6b:da:08:60:48:3e:26:17:2b:ae:22:08:ac:
+         10:ed:a1:28:65:96:7f:94:75:c8:da:6c:c9:f6:4c:4c:b1:a3:
+         45:4b:74:c7:de:49:f6:c1:1c:2c:eb:41:3c:2d:56:52:75:5b:
+         7c:13:c0:dc:41:34:02:c0:e5:5e:79:71:65:ac:d1:f3:36:f7:
+         55:d5:13:8f:0a:42:49:d9:fc:7f:5c:a4:cb:ad:7b:72:2f:98:
+         e2:56:92:9e:11:1a:b2:9d:5b:b9:2c:14:1e:51:f5:c5:b7:2c:
+         c2:39:52:90:0f:4e:04:5e:59:23:6f:d8:f9:75:2b:54:b0:6e:
+         98:0a:54:3a:45:fd:9a:63:31:ce:a3:a8:ae:7b:be:03:81:a5:
+         18:d3:00:51:a4:29:d4:f7:8d:53:31:72:85:80:c0:62:71:06:
+         2b:07:b6:0a:b2:12:cf:2b:bd:99:34:6b:5e:ea:94:0c:1a:e8:
+         2b:ee:e5:d6:3d:cb:7a:f6:f8:6e:e4:e2:f4:25:07:13:11:b1:
+         18:b3:75:29:40:dc:bc:31:57:37:71:7c:09:bb:74:1c:9e:b4:
+         3e:1d:47:20
+-----BEGIN CERTIFICATE-----
+MIIEwTCCA6mgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTkxMDEx
+MDAyODA4WhcNMjIwNzA3MDAyODA4WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
+SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQS1JQ0Ex
+LXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiuhP77AWL06vA0ZrMp/uTvwjDD/
+BLE0fiaGljZrUy5EHaH0vFF5VQXKu6CnnTMBk5YUZ+z0wy5mJ9FBaDSsjWRj2FWG
+nWIkme23/8tNnUBU1eOqRaam2/5zQpRCwdAyXMQhrpyTALdKH56VpihtS9jAZeft
+o23KGLP638lnGnUjYIOlA19hveXWjZ0FRyN+oI3Rf0JOOKzOcLy/ewVbD4ICsJqN
+wBTK0EVelxDRoeEj2txpnM5TzGiJxkBNabyrT8cRXmKi3+KlNHw5NidnNBEELCqz
+FtuO/dd7HZNfM8LKliIqQ4KKSEYHE/9sHLC6C/DNP0zcNBePInBpnSLXxwIDAQAB
+o4IBDTCCAQkwHQYDVR0OBBYEFKgQ6sjvTwDN43nD69/2yIadRGwmMIHJBgNVHSME
+gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
+U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q
+3rj7MA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA
+A4IBAQAqFTS+iO0LXZe0wJ73RaK6u6B/oLOTFXk4JzYlkV1zELvQ+fPpX5jGm2va
+CGBIPiYXK64iCKwQ7aEoZZZ/lHXI2mzJ9kxMsaNFS3TH3kn2wRws60E8LVZSdVt8
+E8DcQTQCwOVeeXFlrNHzNvdV1ROPCkJJ2fx/XKTLrXtyL5jiVpKeERqynVu5LBQe
+UfXFtyzCOVKQD04EXlkjb9j5dStUsG6YClQ6Rf2aYzHOo6iue74DgaUY0wBRpCnU
+941TMXKFgMBicQYrB7YKshLPK72ZNGte6pQMGugr7uXWPct69vhu5OL0JQcTEbEY
+s3UpQNy8MVc3cXwJu3QcnrQ+HUcg
+-----END CERTIFICATE-----

certs/test-pathlen/chainA-entity-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA0HrYyGxPpc1yJYf/EqNlDh0feLLXGmWh5069BbUFPjk+ha2Q
+x1ulgUK1AQBXhymjRc70AvqAjzuOmUAs/MiwiysZwyDGr9ug2dVwMm1mw8rE6mP7
+CA41vFB/hcdi9OKF5IlZUnHy49FjPh0Ibf+Gy+XrvB/eE/Cy+JLuI51k57BJbyai
+ZLycGIrzxtuDpGywViMWQFewlV4bPcU/EHqE4D67eOh9wWPz/u6vFtvOKAIh34vK
+88Me0UfAWV8cSOxQauPM+7YWRUDIUM/cPi0ty80ZKhd0QX+8Jk3Nl7IrZ1eObnW1
+2OxraasJPZWFLA/XjSl1H5uIVrzoEaPIZeUrIwIDAQABAoIBAQCpeFMkiTctlpYF
+gEmOwxfwoyfkG6zTnm4/8zegnggHDs2OKQsZo5wkOS+eAsMj8mrw4kxk53D9/fHr
+DcoEKreoSX8FqW0ZozVcHi64L0psOjZcOq3jXHm9/MnM28nLOyCQKD5d0JcbLii4
+Yy1pDWBr+xjnshf6qZ0yh23hsZ5G3wUadf4CwFfEeTdUFw4vOAZRPdKQqGooR6NW
+u7C6NWcrcoilX3tpcz6W+5TFfth0Uuyd10K9oBiGoQIx/qQcGg4wHVi+Si8PkRbX
+9cRxOeJ6ozmoNikfTB6RUcAnCWJC3CtFZQHUX+CpBXc1pbQMKRGyo5WhqX32BI/s
+8CE9pVYRAoGBAOfDlJMe6rPeP8e0s0Zc/tV2NCOZzhO8WLlPSnt731PXVooRjfPy
+65gq6v7Wg6vdoniFC+NxVmeTTrTAPSuts8tqCKXq59CSoGkj1rxEsCgnEZJXtjZU
+HUrukCyTPksnEjsOSR1obh7NUABut4ZVFMs6s2DSadyV4a9dw7y2zbrvAoGBAOZH
+8Nt1OlCxJ2lmbADHRQCNW48oiWNB05xQkii0ZdOMKWHBbKkJa0JW67ru6issvzTe
+RbzVcBQsipECTGFTmeJShTWs9yZPeOObIMHo8mEuzRf0n6W3O2AdB/XqGjO1idR/
+VyBiuP8Ttc5ofVyGg7tpPfYPcJ9s2MVi56MhXCMNAoGAWaafJ1XTRiaXl2G/41z/
+uoTR4F+ThrDZxTz1u9SL6/ulXx0xQwdZuPAJHPDP2ECQo3wbwCxMVx51WJfwUaAM
+p4fptnyqlVTStjkFzKfpWG7cbjZ9poBdIGot3QBMHXgMpkl9YOHPjxyucKxjU5Q/
+yel4D+D00D4uIc7sc2hnJoMCgYEAhJsKxKVF1m+dPWGgcfZN8tpzzgVO0Bx46buv
+3sa7GE3PCp7inphw7nu1NSkdKY2T8bLJP8s8xjE7/fLv3t/QbnaMhPM8QxBikdaj
+z2YAJRxZOCFCyZ+xDlDJY7/SJNK2Muq9VkXjN+e2usyK2/wN4Z7h8k7D0NpSHaAt
+uU+digUCgYEAiU2KYqosro3lzNh5vLc5ad/ZsE4m9RHf5AixXb3cf8CnAavczkPr
+/X2k81+7Vbq7nv6WD9kMtaAfaYUU5tkqzlLO4i51IYXfzgyUNW4//wSMYqPDvhEt
+M7+tIdaUTubZ8IhrCwgqHbs7VHejoWnFfIA2kgvWtR5m0UrXg0hGAmM=
+-----END RSA PRIVATE KEY-----

certs/test-pathlen/chainA-entity.pem

@@ -0,0 +1,86 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 101 (0x65)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-ICA1-pathlen0, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainA-entity, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d0:7a:d8:c8:6c:4f:a5:cd:72:25:87:ff:12:a3:
+                    65:0e:1d:1f:78:b2:d7:1a:65:a1:e7:4e:bd:05:b5:
+                    05:3e:39:3e:85:ad:90:c7:5b:a5:81:42:b5:01:00:
+                    57:87:29:a3:45:ce:f4:02:fa:80:8f:3b:8e:99:40:
+                    2c:fc:c8:b0:8b:2b:19:c3:20:c6:af:db:a0:d9:d5:
+                    70:32:6d:66:c3:ca:c4:ea:63:fb:08:0e:35:bc:50:
+                    7f:85:c7:62:f4:e2:85:e4:89:59:52:71:f2:e3:d1:
+                    63:3e:1d:08:6d:ff:86:cb:e5:eb:bc:1f:de:13:f0:
+                    b2:f8:92:ee:23:9d:64:e7:b0:49:6f:26:a2:64:bc:
+                    9c:18:8a:f3:c6:db:83:a4:6c:b0:56:23:16:40:57:
+                    b0:95:5e:1b:3d:c5:3f:10:7a:84:e0:3e:bb:78:e8:
+                    7d:c1:63:f3:fe:ee:af:16:db:ce:28:02:21:df:8b:
+                    ca:f3:c3:1e:d1:47:c0:59:5f:1c:48:ec:50:6a:e3:
+                    cc:fb:b6:16:45:40:c8:50:cf:dc:3e:2d:2d:cb:cd:
+                    19:2a:17:74:41:7f:bc:26:4d:cd:97:b2:2b:67:57:
+                    8e:6e:75:b5:d8:ec:6b:69:ab:09:3d:95:85:2c:0f:
+                    d7:8d:29:75:1f:9b:88:56:bc:e8:11:a3:c8:65:e5:
+                    2b:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D6:56:A1:9C:F1:66:E4:05:17:36:32:74:BA:72:97:50:13:58:B3:3D
+            X509v3 Authority Key Identifier: 
+                keyid:A8:10:EA:C8:EF:4F:00:CD:E3:79:C3:EB:DF:F6:C8:86:9D:44:6C:26
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         72:8d:c5:a7:a8:d5:4a:bc:d9:72:ef:46:79:53:5c:e8:32:10:
+         f5:29:ee:b0:6c:ef:68:80:a3:f6:0f:fe:ba:73:ce:a9:c4:93:
+         01:ba:78:eb:a9:4a:f3:32:e2:4c:74:6c:f7:23:c9:70:44:a1:
+         d1:f7:59:d7:fd:34:12:ab:81:91:16:20:60:59:dd:ff:d5:6f:
+         1f:d6:25:d9:95:85:7f:9d:dc:18:49:39:44:43:03:03:98:db:
+         2e:03:a8:88:27:13:d2:a5:52:0e:15:a0:e5:5d:15:81:2b:3d:
+         1c:cb:41:58:46:d3:4f:37:be:ae:45:eb:7d:9c:52:91:50:98:
+         a5:c1:e6:7b:1a:60:e0:d6:61:7e:88:19:b7:ec:8a:33:07:24:
+         04:9f:78:89:50:97:9c:a4:1e:15:fc:ef:bf:29:4d:c3:8c:19:
+         d7:59:68:30:d2:08:d8:80:d8:7e:32:31:2b:ee:cf:7f:b4:47:
+         a4:bb:7d:cf:b6:64:9d:55:5c:e9:44:0a:43:ed:3b:c2:ae:1d:
+         34:1c:bf:7e:5b:91:8c:26:76:fb:68:d9:3e:6b:68:22:ae:60:
+         56:d3:4e:f3:b7:d1:de:da:47:03:2e:22:74:85:ea:52:de:22:
+         fd:90:55:21:8d:b2:e4:35:c3:15:44:f6:1a:01:3c:0a:56:f8:
+         89:98:59:4a
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
+YWluQS1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE5MTAxMTAwMjgwOFoXDTIyMDcwNzAwMjgwOFowgZoxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
+VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
+DA1jaGFpbkEtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HrYyGxPpc1yJYf/EqNl
+Dh0feLLXGmWh5069BbUFPjk+ha2Qx1ulgUK1AQBXhymjRc70AvqAjzuOmUAs/Miw
+iysZwyDGr9ug2dVwMm1mw8rE6mP7CA41vFB/hcdi9OKF5IlZUnHy49FjPh0Ibf+G
+y+XrvB/eE/Cy+JLuI51k57BJbyaiZLycGIrzxtuDpGywViMWQFewlV4bPcU/EHqE
+4D67eOh9wWPz/u6vFtvOKAIh34vK88Me0UfAWV8cSOxQauPM+7YWRUDIUM/cPi0t
+y80ZKhd0QX+8Jk3Nl7IrZ1eObnW12OxraasJPZWFLA/XjSl1H5uIVrzoEaPIZeUr
+IwIDAQABo4HxMIHuMB0GA1UdDgQWBBTWVqGc8WbkBRc2MnS6cpdQE1izPTCBwQYD
+VR0jBIG5MIG2gBSoEOrI708AzeN5w+vf9siGnURsJqGBmqSBlzCBlDELMAkGA1UE
+BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
+BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
+d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAco3Fp6jVSrzZcu9GeVNc6DIQ
+9SnusGzvaICj9g/+unPOqcSTAbp466lK8zLiTHRs9yPJcESh0fdZ1/00EquBkRYg
+YFnd/9VvH9Yl2ZWFf53cGEk5REMDA5jbLgOoiCcT0qVSDhWg5V0VgSs9HMtBWEbT
+Tze+rkXrfZxSkVCYpcHmexpg4NZhfogZt+yKMwckBJ94iVCXnKQeFfzvvylNw4wZ
+11loMNII2IDYfjIxK+7Pf7RHpLt9z7ZknVVc6UQKQ+07wq4dNBy/fluRjCZ2+2jZ
+PmtoIq5gVtNO87fR3tpHAy4idIXqUt4i/ZBVIY2y5DXDFUT2GgE8Clb4iZhZSg==
+-----END CERTIFICATE-----

certs/test-pathlen/chainB-ICA1-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsveqrpHRJEFSoSLg05eb4AyUnErks4WuqUOf7HoF3Yhc5RlS
+UzmGirLihierA5q+xFRnr7msZeJhl3hmYCmQYghikaCWKw8wbNo9cDVSqKfVhUkl
+alZZvGtFkcM3/AYNoqlG4imCG3emSTX7V18zApLla2fCYeI3nBJctSybKqWFlyJz
+PTZQVRpqWdnarC0/5mqxHWBSAwVAX88GaPAyhlpvtQJj5i4enwmCjAMYGeR51TVu
+2RefPMHZO5X5b/MZ0dO4XXyTN8N8O6BYx/vlLfVY05ty80N6Kexr9IaByOZgiyvF
+rVnlpKAFlwkCAKdV3Fvv5IuDGu7IHLW25mFr0QIDAQABAoIBAAqE3BdeorhKzpyB
+/EzzgEnu810sWbzjgpyYSPIRSf73YN5mWpxhqTLFyOKxui+ADO5lN6Lwet2SLMJG
+ZV4Jk17vtztwAOOPBP2g5jOOLsmS883dusFBSgz1ESW8H7JEeNCyumPYpLkQk0mC
+Tr+X7Nud3rYtZxNxxGr7+U78zDH5Z3G7CErHyZ27+wks/IjxZhvnjVByEjAo+wkK
+wVm40vDj8QmdTG8z+1OSqCM5lY/k0VibuZyvQ9gbsXIpzPqxsd2HnrJSf4gShtBR
+L6OV2QQFW923PxWCwG26rPdT4vVSDlBuPQ6BjFKsvjnsonxZYnNTSMAKFM+E0OSV
+C6EmRwECgYEA2sY94Dt6FoYWPBYGioiNlDJ20lUal1s64yjrNjA209V1s1FYJIhN
+utMQNqq+DwkQoLcy7TV/cleRs5lPp1nM++w+6HoMLqUUzPhygmLcvh9f7r/VLpUm
++8encqEOcUsr6V0fVt2s/Wj7611rzR1tXVklxEbWwke4libinDT//HkCgYEA0Wtx
+3VIDLXqj5Z1pIX1ZBXgHdgsJvbJ6qrQ+1gnK3vnOixsz0HrTMh10IcC5J0XWKIHk
+ldC6bt0+ZhvP0Jdu6yx19cYeIFkgATd7duicllFqn05RPwAmM2LcUj95gew/rHKY
+9hJ+Mqb3x+eL5maO2ij6Wi6qEDQiOuffUZM25BkCgYEAwE5SRbECeJoVIWwbA9tU
+2Fgjqm+0mCdRdCyb1V48U6jndWCjojlOWlL9hZBA0Oae/ycKVQkZpmDjaoPxSKHf
+VfMsuR3PZ5Ek36fkwEg20ciygyONOQ1S3y95OYHpOB1j1BZPXgQt8/M8vn+4Ku0b
+HVsnn4jFbrGsyBAWUkkkW8ECgYAljymq0gyz2W0Pv32dfge7TV25NB2ZIiuR9iXW
+6YazGwaKOGTAnWbHdDTh4NjUTFguh61hmT/2pkOMuKw68w33q8+0NsYscw+kaDkC
+iJGc/BktXTSBIhu316FANxYp0R9SZHM+nu53Uy7ZcZPLzNUOF49fIUNrCI6jFfcd
+gFO18QKBgQCJL8qVYFIh5A8IicIM1fD17QiKPHI06f0KOXqQU33VLdGLRGwYruTh
+NTlcvzevFMxEDyS7rhZk30PmNP9XpAVtoFYIdhJbA0Xnf2H8R1sN+zYZV/YgU1Og
+E+pE9ay8jKsrmr1mvVVomPAtz0/yvZLsEt6ymL2tQm1A5CraeVhMTA==
+-----END RSA PRIVATE KEY-----

certs/test-pathlen/chainB-ICA1-pathlen0.pem

@@ -0,0 +1,89 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:b2:f7:aa:ae:91:d1:24:41:52:a1:22:e0:d3:97:
+                    9b:e0:0c:94:9c:4a:e4:b3:85:ae:a9:43:9f:ec:7a:
+                    05:dd:88:5c:e5:19:52:53:39:86:8a:b2:e2:86:27:
+                    ab:03:9a:be:c4:54:67:af:b9:ac:65:e2:61:97:78:
+                    66:60:29:90:62:08:62:91:a0:96:2b:0f:30:6c:da:
+                    3d:70:35:52:a8:a7:d5:85:49:25:6a:56:59:bc:6b:
+                    45:91:c3:37:fc:06:0d:a2:a9:46:e2:29:82:1b:77:
+                    a6:49:35:fb:57:5f:33:02:92:e5:6b:67:c2:61:e2:
+                    37:9c:12:5c:b5:2c:9b:2a:a5:85:97:22:73:3d:36:
+                    50:55:1a:6a:59:d9:da:ac:2d:3f:e6:6a:b1:1d:60:
+                    52:03:05:40:5f:cf:06:68:f0:32:86:5a:6f:b5:02:
+                    63:e6:2e:1e:9f:09:82:8c:03:18:19:e4:79:d5:35:
+                    6e:d9:17:9f:3c:c1:d9:3b:95:f9:6f:f3:19:d1:d3:
+                    b8:5d:7c:93:37:c3:7c:3b:a0:58:c7:fb:e5:2d:f5:
+                    58:d3:9b:72:f3:43:7a:29:ec:6b:f4:86:81:c8:e6:
+                    60:8b:2b:c5:ad:59:e5:a4:a0:05:97:09:02:00:a7:
+                    55:dc:5b:ef:e4:8b:83:1a:ee:c8:1c:b5:b6:e6:61:
+                    6b:d1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D7:90:E4:86:59:24:F9:2B:B8:06:8E:B1:8F:33:E5:2C:63:F1:03:16
+            X509v3 Authority Key Identifier: 
+                keyid:EE:59:9D:56:0B:7C:0A:45:44:E3:15:57:E2:B2:F3:1D:64:6F:AF:7A
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         cd:0b:7e:66:b9:1d:a8:14:81:a8:e0:b3:74:d9:79:8a:c1:e5:
+         15:cf:6a:a7:a3:ca:d2:ad:f8:f6:9f:c2:be:67:ee:cf:9a:3c:
+         1c:a3:c4:db:2b:c8:a9:b1:55:94:a1:9e:e3:c2:6c:3a:95:90:
+         7e:8f:29:56:c6:99:d2:e5:3b:8f:f3:9a:11:4a:97:22:07:d9:
+         e2:e5:f8:3e:0f:08:50:43:ea:66:13:6c:20:2e:71:95:10:07:
+         88:89:2d:30:9c:96:b1:7e:42:5f:63:c3:8b:71:c6:1d:00:ee:
+         83:d7:80:1b:fa:f4:fe:f5:b1:29:f8:c1:ca:1d:89:9b:7c:2a:
+         84:00:e4:f5:04:2d:35:be:12:c1:fa:78:cb:bc:c9:04:8a:bf:
+         87:57:99:3a:9f:0a:88:a5:e8:94:db:2b:8f:ba:5f:b4:75:7f:
+         ac:56:75:b4:db:7f:57:24:17:cb:89:f8:cb:8b:c4:b2:44:4a:
+         d9:57:82:fb:ce:0c:84:e2:2b:a5:f2:90:63:aa:b3:c5:e1:00:
+         22:60:8f:23:1f:a8:97:4b:49:f7:f7:cb:92:f7:94:80:52:5b:
+         8d:4a:c1:f1:d1:3e:9f:28:96:61:af:8e:72:8d:b6:9e:14:ed:
+         14:db:ea:f0:fc:50:39:ca:c8:ab:1e:49:c3:9e:97:0a:d7:1c:
+         6f:b2:17:9a
+-----BEGIN CERTIFICATE-----
+MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
+YWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE5MTAxMTAwMjgwOFoXDTIyMDcwNzAwMjgwOFowgaExCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
+VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
+DBRjaGFpbkItSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
+c3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALL3qq6R0SRB
+UqEi4NOXm+AMlJxK5LOFrqlDn+x6Bd2IXOUZUlM5hoqy4oYnqwOavsRUZ6+5rGXi
+YZd4ZmApkGIIYpGglisPMGzaPXA1Uqin1YVJJWpWWbxrRZHDN/wGDaKpRuIpght3
+pkk1+1dfMwKS5WtnwmHiN5wSXLUsmyqlhZcicz02UFUaalnZ2qwtP+ZqsR1gUgMF
+QF/PBmjwMoZab7UCY+YuHp8JgowDGBnkedU1btkXnzzB2TuV+W/zGdHTuF18kzfD
+fDugWMf75S31WNObcvNDeinsa/SGgcjmYIsrxa1Z5aSgBZcJAgCnVdxb7+SLgxru
+yBy1tuZha9ECAwEAAaOCAQUwggEBMB0GA1UdDgQWBBTXkOSGWST5K7gGjrGPM+Us
+Y/EDFjCBwQYDVR0jBIG5MIG2gBTuWZ1WC3wKRUTjFVfisvMdZG+veqGBmqSBlzCB
+lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
+YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
+VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
+bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
+AQELBQADggEBAM0Lfma5HagUgajgs3TZeYrB5RXPaqejytKt+Pafwr5n7s+aPByj
+xNsryKmxVZShnuPCbDqVkH6PKVbGmdLlO4/zmhFKlyIH2eLl+D4PCFBD6mYTbCAu
+cZUQB4iJLTCclrF+Ql9jw4txxh0A7oPXgBv69P71sSn4wcodiZt8KoQA5PUELTW+
+EsH6eMu8yQSKv4dXmTqfCoil6JTbK4+6X7R1f6xWdbTbf1ckF8uJ+MuLxLJEStlX
+gvvODITiK6XykGOqs8XhACJgjyMfqJdLSff3y5L3lIBSW41KwfHRPp8olmGvjnKN
+tp4U7RTb6vD8UDnKyKseScOelwrXHG+yF5o=
+-----END CERTIFICATE-----

certs/test-pathlen/chainB-ICA2-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA0H+CBZ1bxEngPh+HbhcF6+IK0dGl9cy+HUbYzahuIs49XDlx
+pA0D+nh+u2zoUeWY76ZeYtIw+juPIV+3X5i3n6hWejnKwt+hVv6Vl1ZeW/502fIu
+yn7bUHda0ZDcItb+S8BXocY7SrqtBRTJJGh2teIm1ctQ/dB3DowMuV73pJpFNWxi
+yuk41BCaXDClTyZHAwNzVoWMvvXQwAkGPg7o5X3QGVTtV+xRz7yVFZHP0JqE3YpQ
+fDPCGmFwMZoZFyizjNpfuNIGa4I/tmooKYa0IMulr3Nm5Dc2gfA/rb8FuNsuxCLi
+60aH9GDRpn/unEGn86rpN93a1vDNSKxR0XeNoQIDAQABAoIBAQCGBNAA5+squwnn
+JMEa5LWrr/qgcBArdVXm37lQSKmyubr7YvlHKA6cm4Nq2lBjBCBQOzKEdvOAhXQ1
+UZ8/VZ0ChWRA4JESvkio8LAbPSseGuvlhCTLiMtUZ8P63RCDXIrNCm/JzvAh0uiQ
+UZIRUwyrURkBZ9VBsRQ2R5OOPBsWs+FpVbx9w7Zvkq2shFDbqTm8bCPbM9huCNZb
+Z01Zp9+j5MfxzK4tgkKct3fbNOKzKGmOivloMQFY1fABWHg6dsvT/EprqBYcuRfy
+gf1a4wJM22Zkv6+7rN3qmly0bEriVLlkw+dbGawEScCnI9+ormrQG9B22ynUFj0c
+nK+odMk5AoGBAPhxZ5jZI9APgXcdWhgThSCtzmm9sHyUEBEkVYWqtc4qnBGREB9e
+cuDDOTCppc8fJvDo+MnrEHxIIhBdMCMAg1JIEOXgDNzgBPb7y/43qQLV9bYfHJ7P
+jvYeZ/S7PASK0lYjFq+1BlTa7m47ajwA/fwgW1Z6aga4dEm+LOpwaAw3AoGBANbX
+Dpw/lHOgLOa/Zz/AUHmdQcXwiZbGJSdRI2yKOaE6TUvOman/WrDy4UQyej3gT4M8
+3pUYl34Cn/gl8K3QpRMHT7C11iF1IX4vS/eSvxf7fwCwG+3MaP4LEuOiJ84a2ILo
+8WM20/L8unGb1+0WlzV0TJFTe97RtYViHHG3G7jnAoGAGWkH7oMu/YXIeRVgdJvy
+ftAoD3qeRW+jYQ11TdGS/L4w7j8HBh5T45c0Dz0av19xTSyW3ZgUPJHoIgJV/Q59
+X/oM+GX9Cs5C07wXNi4dNDQMCI+QDtItzhB4E3je/5vvPW4jUN9UAXPO9SlQiUiU
+safhj6u/kmZlRnGUCHpsuesCgYBIUbpkVG63gWq7/iBWcHlmhs42QGNActDc7E49
+YkZGBKcyZoiJliDEQe4ck9VccN6zMdFHZTDRxTZuRO9Aw2ReBG8J8Bv1xUUSAf/T
+hf13qDw3UhEEunN5WObx44r8sULCxoFDQZiVSgfE6I4GDD24S77eiLjA59zv2nfy
+u43EbwKBgQDpH5SnH3GEqWAyDpehK2gK2f5Ho7ZPANo5Z0lllv7Ic+7aHWBAEiiq
+vtRTvtl4GXzjvOuhcb3hPYft+YPTj8L8V1a2Bac4Ohxq73diwbTFgS1D4owJ/1jc
+0mnPyANCeoe85znU1D1FGveQfBYqUSRiX9iEQsN42C1GPR/xBhm6oQ==
+-----END RSA PRIVATE KEY-----

certs/test-pathlen/chainB-ICA2-pathlen1.pem

@@ -0,0 +1,89 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d0:7f:82:05:9d:5b:c4:49:e0:3e:1f:87:6e:17:
+                    05:eb:e2:0a:d1:d1:a5:f5:cc:be:1d:46:d8:cd:a8:
+                    6e:22:ce:3d:5c:39:71:a4:0d:03:fa:78:7e:bb:6c:
+                    e8:51:e5:98:ef:a6:5e:62:d2:30:fa:3b:8f:21:5f:
+                    b7:5f:98:b7:9f:a8:56:7a:39:ca:c2:df:a1:56:fe:
+                    95:97:56:5e:5b:fe:74:d9:f2:2e:ca:7e:db:50:77:
+                    5a:d1:90:dc:22:d6:fe:4b:c0:57:a1:c6:3b:4a:ba:
+                    ad:05:14:c9:24:68:76:b5:e2:26:d5:cb:50:fd:d0:
+                    77:0e:8c:0c:b9:5e:f7:a4:9a:45:35:6c:62:ca:e9:
+                    38:d4:10:9a:5c:30:a5:4f:26:47:03:03:73:56:85:
+                    8c:be:f5:d0:c0:09:06:3e:0e:e8:e5:7d:d0:19:54:
+                    ed:57:ec:51:cf:bc:95:15:91:cf:d0:9a:84:dd:8a:
+                    50:7c:33:c2:1a:61:70:31:9a:19:17:28:b3:8c:da:
+                    5f:b8:d2:06:6b:82:3f:b6:6a:28:29:86:b4:20:cb:
+                    a5:af:73:66:e4:37:36:81:f0:3f:ad:bf:05:b8:db:
+                    2e:c4:22:e2:eb:46:87:f4:60:d1:a6:7f:ee:9c:41:
+                    a7:f3:aa:e9:37:dd:da:d6:f0:cd:48:ac:51:d1:77:
+                    8d:a1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EE:59:9D:56:0B:7C:0A:45:44:E3:15:57:E2:B2:F3:1D:64:6F:AF:7A
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:86:FF:F5:8E:10:DE:B8:FB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:1
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         ab:c7:2b:9d:15:73:97:47:e0:88:32:9d:10:71:81:53:62:97:
+         dc:c4:72:73:49:3e:50:50:10:03:1e:22:58:82:e0:b3:da:ca:
+         89:92:70:c8:54:0d:8e:a6:44:a0:26:5d:5d:52:d2:fb:63:e4:
+         13:7e:30:9a:13:25:4e:c8:34:a1:c9:e6:69:24:64:98:e3:88:
+         9c:86:18:62:53:70:ae:f0:d9:ed:f3:0c:e8:ec:5b:e5:27:85:
+         16:d0:b0:f6:bd:5d:9a:62:41:26:25:31:88:70:fe:25:97:48:
+         f1:e6:21:1c:78:f7:68:03:59:21:db:f1:c5:92:96:24:b8:23:
+         fc:ab:52:95:70:6a:52:16:4d:fc:36:6b:5f:58:4f:3f:c9:f4:
+         e7:6e:52:41:42:99:41:07:c2:75:74:db:c2:49:84:7c:3f:c1:
+         ac:bd:d4:d5:8f:d0:73:95:18:8a:5d:f0:8d:dd:2d:f0:b7:61:
+         8d:8a:ef:14:9f:fd:30:ba:10:e8:57:d3:1b:8e:2d:9b:74:b3:
+         63:0d:0e:8c:f9:a2:f7:42:c8:e6:5e:83:6f:0f:9a:85:3b:6e:
+         66:48:b9:a7:a8:fc:da:19:47:0c:90:26:0d:ce:15:fe:6a:1e:
+         47:5a:49:f8:76:0f:3a:a8:68:cd:a6:38:4c:a6:ca:b2:b0:9b:
+         c7:46:43:cd
+-----BEGIN CERTIFICATE-----
+MIIEwTCCA6mgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTkxMDEx
+MDAyODA4WhcNMjIwNzA3MDAyODA4WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
+SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQi1JQ0Ey
+LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0H+CBZ1bxEngPh+HbhcF6+IK0dGl
+9cy+HUbYzahuIs49XDlxpA0D+nh+u2zoUeWY76ZeYtIw+juPIV+3X5i3n6hWejnK
+wt+hVv6Vl1ZeW/502fIuyn7bUHda0ZDcItb+S8BXocY7SrqtBRTJJGh2teIm1ctQ
+/dB3DowMuV73pJpFNWxiyuk41BCaXDClTyZHAwNzVoWMvvXQwAkGPg7o5X3QGVTt
+V+xRz7yVFZHP0JqE3YpQfDPCGmFwMZoZFyizjNpfuNIGa4I/tmooKYa0IMulr3Nm
+5Dc2gfA/rb8FuNsuxCLi60aH9GDRpn/unEGn86rpN93a1vDNSKxR0XeNoQIDAQAB
+o4IBDTCCAQkwHQYDVR0OBBYEFO5ZnVYLfApFROMVV+Ky8x1kb696MIHJBgNVHSME
+gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
+U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q
+3rj7MA8GA1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA
+A4IBAQCrxyudFXOXR+CIMp0QcYFTYpfcxHJzST5QUBADHiJYguCz2sqJknDIVA2O
+pkSgJl1dUtL7Y+QTfjCaEyVOyDShyeZpJGSY44ichhhiU3Cu8Nnt8wzo7FvlJ4UW
+0LD2vV2aYkEmJTGIcP4ll0jx5iEcePdoA1kh2/HFkpYkuCP8q1KVcGpSFk38Nmtf
+WE8/yfTnblJBQplBB8J1dNvCSYR8P8GsvdTVj9BzlRiKXfCN3S3wt2GNiu8Un/0w
+uhDoV9Mbji2bdLNjDQ6M+aL3QsjmXoNvD5qFO25mSLmnqPzaGUcMkCYNzhX+ah5H
+Wkn4dg86qGjNpjhMpsqysJvHRkPN
+-----END CERTIFICATE-----

certs/test-pathlen/chainB-assembled.pem

@@ -0,0 +1,265 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 101 (0x65)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-entity, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d7:5f:d9:3d:d7:5b:11:aa:3e:53:31:d0:32:78:
+                    87:fb:c0:8e:80:6d:fc:68:73:1f:9c:77:66:16:35:
+                    fc:2f:d7:e4:ca:ba:2a:73:5f:14:94:12:f0:48:31:
+                    a2:40:ad:b4:e3:07:0c:02:47:b4:0a:07:69:d5:d2:
+                    85:bf:c8:bc:14:8c:c7:87:ba:5f:87:c5:07:f4:df:
+                    a4:46:1e:b7:13:0f:9d:7e:f6:1a:7b:29:09:55:4c:
+                    17:ee:c8:b0:9d:39:0c:89:6e:18:9c:06:7f:5d:95:
+                    d2:4c:71:b3:1f:ea:5d:d2:f6:2c:69:a8:16:15:59:
+                    e5:7d:03:d7:bd:1a:34:e3:f1:27:e3:b9:7d:68:e0:
+                    39:3f:35:62:2f:20:20:fa:19:62:37:1a:30:47:6c:
+                    a3:f9:8e:9c:f3:67:2e:bb:38:4c:2e:0a:21:9b:70:
+                    b6:97:a2:1b:b3:98:0d:5b:74:97:33:f0:b8:6c:4e:
+                    ad:b4:1f:48:62:c9:9a:af:2d:a6:a1:06:ae:98:30:
+                    54:5e:cb:dd:23:77:d5:ee:5c:fb:81:f0:2b:ad:6f:
+                    fa:e3:b1:0e:98:bd:3e:0b:f4:7c:c5:e3:50:bf:08:
+                    9b:bf:be:f8:6a:d9:db:78:36:84:f2:7e:7b:7d:5e:
+                    a7:8f:42:81:5f:41:f4:77:5c:30:51:f5:3f:2d:25:
+                    95:4d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                7F:17:7E:8E:A8:2C:AD:9C:C7:22:7E:A6:C6:90:9E:63:C4:5F:33:9E
+            X509v3 Authority Key Identifier: 
+                keyid:D7:90:E4:86:59:24:F9:2B:B8:06:8E:B1:8F:33:E5:2C:63:F1:03:16
+                DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainB-ICA2-pathlen1/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         1f:ee:5c:85:ed:4e:3b:39:6b:29:a2:ef:65:b9:f3:c7:47:85:
+         8e:79:a0:35:1b:aa:0e:98:67:a8:df:03:9c:2b:81:24:ed:cb:
+         cc:c0:42:49:76:bf:78:7b:b9:39:ca:f6:06:35:76:dd:e3:59:
+         c5:70:3b:b3:cf:62:0a:09:1d:07:90:96:c4:0e:0a:38:97:f7:
+         31:1d:ad:44:f9:03:f9:30:22:b6:68:01:00:38:23:3d:f6:e7:
+         71:5a:e4:d4:59:52:4f:80:86:ec:8f:ca:92:1d:9b:07:93:fe:
+         34:22:ac:9a:a2:aa:9e:fe:f5:7b:99:fd:72:32:40:98:88:d8:
+         42:1d:33:59:4c:38:2e:97:f2:9d:a2:fc:b7:33:cd:84:c1:c6:
+         ef:f5:c5:d9:be:32:ba:44:66:06:62:5c:55:31:38:b4:25:1a:
+         6a:64:de:14:39:b4:38:74:1b:d7:c4:ec:81:fc:3a:13:4b:e1:
+         d1:b1:5f:3c:8e:25:bc:63:7f:30:78:04:4e:79:3a:83:97:52:
+         f6:00:6a:9e:d8:b5:c6:06:21:97:4a:98:ee:cf:e8:83:94:23:
+         11:6c:00:d7:e9:35:1f:89:77:85:9a:d7:8f:29:90:c6:61:14:
+         e5:7d:55:5b:66:65:60:44:79:8a:1b:58:88:b9:0f:5f:a6:5f:
+         7a:ca:6b:0c
+-----BEGIN CERTIFICATE-----
+MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
+YWluQi1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE5MTAxMTAwMjgwOFoXDTIyMDcwNzAwMjgwOFowgZoxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
+VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
+DA1jaGFpbkItZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11/ZPddbEao+UzHQMniH
++8COgG38aHMfnHdmFjX8L9fkyroqc18UlBLwSDGiQK204wcMAke0Cgdp1dKFv8i8
+FIzHh7pfh8UH9N+kRh63Ew+dfvYaeykJVUwX7siwnTkMiW4YnAZ/XZXSTHGzH+pd
+0vYsaagWFVnlfQPXvRo04/En47l9aOA5PzViLyAg+hliNxowR2yj+Y6c82cuuzhM
+Lgohm3C2l6Ibs5gNW3SXM/C4bE6ttB9IYsmary2moQaumDBUXsvdI3fV7lz7gfAr
+rW/647EOmL0+C/R8xeNQvwibv774atnbeDaE8n57fV6nj0KBX0H0d1wwUfU/LSWV
+TQIDAQABo4H+MIH7MB0GA1UdDgQWBBR/F36OqCytnMcifqbGkJ5jxF8znjCBzgYD
+VR0jBIHGMIHDgBTXkOSGWST5K7gGjrGPM+UsY/EDFqGBp6SBpDCBoTELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
+BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
+BAMMFGNoYWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAB/uXIXt
+Tjs5aymi72W588dHhY55oDUbqg6YZ6jfA5wrgSTty8zAQkl2v3h7uTnK9gY1dt3j
+WcVwO7PPYgoJHQeQlsQOCjiX9zEdrUT5A/kwIrZoAQA4Iz3253Fa5NRZUk+AhuyP
+ypIdmweT/jQirJqiqp7+9XuZ/XIyQJiI2EIdM1lMOC6X8p2i/LczzYTBxu/1xdm+
+MrpEZgZiXFUxOLQlGmpk3hQ5tDh0G9fE7IH8OhNL4dGxXzyOJbxjfzB4BE55OoOX
+UvYAap7YtcYGIZdKmO7P6IOUIxFsANfpNR+Jd4Wa148pkMZhFOV9VVtmZWBEeYob
+WIi5D1+mX3rKaww=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:b2:f7:aa:ae:91:d1:24:41:52:a1:22:e0:d3:97:
+                    9b:e0:0c:94:9c:4a:e4:b3:85:ae:a9:43:9f:ec:7a:
+                    05:dd:88:5c:e5:19:52:53:39:86:8a:b2:e2:86:27:
+                    ab:03:9a:be:c4:54:67:af:b9:ac:65:e2:61:97:78:
+                    66:60:29:90:62:08:62:91:a0:96:2b:0f:30:6c:da:
+                    3d:70:35:52:a8:a7:d5:85:49:25:6a:56:59:bc:6b:
+                    45:91:c3:37:fc:06:0d:a2:a9:46:e2:29:82:1b:77:
+                    a6:49:35:fb:57:5f:33:02:92:e5:6b:67:c2:61:e2:
+                    37:9c:12:5c:b5:2c:9b:2a:a5:85:97:22:73:3d:36:
+                    50:55:1a:6a:59:d9:da:ac:2d:3f:e6:6a:b1:1d:60:
+                    52:03:05:40:5f:cf:06:68:f0:32:86:5a:6f:b5:02:
+                    63:e6:2e:1e:9f:09:82:8c:03:18:19:e4:79:d5:35:
+                    6e:d9:17:9f:3c:c1:d9:3b:95:f9:6f:f3:19:d1:d3:
+                    b8:5d:7c:93:37:c3:7c:3b:a0:58:c7:fb:e5:2d:f5:
+                    58:d3:9b:72:f3:43:7a:29:ec:6b:f4:86:81:c8:e6:
+                    60:8b:2b:c5:ad:59:e5:a4:a0:05:97:09:02:00:a7:
+                    55:dc:5b:ef:e4:8b:83:1a:ee:c8:1c:b5:b6:e6:61:
+                    6b:d1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D7:90:E4:86:59:24:F9:2B:B8:06:8E:B1:8F:33:E5:2C:63:F1:03:16
+            X509v3 Authority Key Identifier: 
+                keyid:EE:59:9D:56:0B:7C:0A:45:44:E3:15:57:E2:B2:F3:1D:64:6F:AF:7A
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:0
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         cd:0b:7e:66:b9:1d:a8:14:81:a8:e0:b3:74:d9:79:8a:c1:e5:
+         15:cf:6a:a7:a3:ca:d2:ad:f8:f6:9f:c2:be:67:ee:cf:9a:3c:
+         1c:a3:c4:db:2b:c8:a9:b1:55:94:a1:9e:e3:c2:6c:3a:95:90:
+         7e:8f:29:56:c6:99:d2:e5:3b:8f:f3:9a:11:4a:97:22:07:d9:
+         e2:e5:f8:3e:0f:08:50:43:ea:66:13:6c:20:2e:71:95:10:07:
+         88:89:2d:30:9c:96:b1:7e:42:5f:63:c3:8b:71:c6:1d:00:ee:
+         83:d7:80:1b:fa:f4:fe:f5:b1:29:f8:c1:ca:1d:89:9b:7c:2a:
+         84:00:e4:f5:04:2d:35:be:12:c1:fa:78:cb:bc:c9:04:8a:bf:
+         87:57:99:3a:9f:0a:88:a5:e8:94:db:2b:8f:ba:5f:b4:75:7f:
+         ac:56:75:b4:db:7f:57:24:17:cb:89:f8:cb:8b:c4:b2:44:4a:
+         d9:57:82:fb:ce:0c:84:e2:2b:a5:f2:90:63:aa:b3:c5:e1:00:
+         22:60:8f:23:1f:a8:97:4b:49:f7:f7:cb:92:f7:94:80:52:5b:
+         8d:4a:c1:f1:d1:3e:9f:28:96:61:af:8e:72:8d:b6:9e:14:ed:
+         14:db:ea:f0:fc:50:39:ca:c8:ab:1e:49:c3:9e:97:0a:d7:1c:
+         6f:b2:17:9a
+-----BEGIN CERTIFICATE-----
+MIIExjCCA66gAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
+YWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE5MTAxMTAwMjgwOFoXDTIyMDcwNzAwMjgwOFowgaExCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
+VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQD
+DBRjaGFpbkItSUNBMS1wYXRobGVuMDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
+c3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALL3qq6R0SRB
+UqEi4NOXm+AMlJxK5LOFrqlDn+x6Bd2IXOUZUlM5hoqy4oYnqwOavsRUZ6+5rGXi
+YZd4ZmApkGIIYpGglisPMGzaPXA1Uqin1YVJJWpWWbxrRZHDN/wGDaKpRuIpght3
+pkk1+1dfMwKS5WtnwmHiN5wSXLUsmyqlhZcicz02UFUaalnZ2qwtP+ZqsR1gUgMF
+QF/PBmjwMoZab7UCY+YuHp8JgowDGBnkedU1btkXnzzB2TuV+W/zGdHTuF18kzfD
+fDugWMf75S31WNObcvNDeinsa/SGgcjmYIsrxa1Z5aSgBZcJAgCnVdxb7+SLgxru
+yBy1tuZha9ECAwEAAaOCAQUwggEBMB0GA1UdDgQWBBTXkOSGWST5K7gGjrGPM+Us
+Y/EDFjCBwQYDVR0jBIG5MIG2gBTuWZ1WC3wKRUTjFVfisvMdZG+veqGBmqSBlzCB
+lDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
+YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYD
+VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
+bC5jb22CAWQwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcN
+AQELBQADggEBAM0Lfma5HagUgajgs3TZeYrB5RXPaqejytKt+Pafwr5n7s+aPByj
+xNsryKmxVZShnuPCbDqVkH6PKVbGmdLlO4/zmhFKlyIH2eLl+D4PCFBD6mYTbCAu
+cZUQB4iJLTCclrF+Ql9jw4txxh0A7oPXgBv69P71sSn4wcodiZt8KoQA5PUELTW+
+EsH6eMu8yQSKv4dXmTqfCoil6JTbK4+6X7R1f6xWdbTbf1ckF8uJ+MuLxLJEStlX
+gvvODITiK6XykGOqs8XhACJgjyMfqJdLSff3y5L3lIBSW41KwfHRPp8olmGvjnKN
+tp4U7RTb6vD8UDnKyKseScOelwrXHG+yF5o=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA2-pathlen1, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d0:7f:82:05:9d:5b:c4:49:e0:3e:1f:87:6e:17:
+                    05:eb:e2:0a:d1:d1:a5:f5:cc:be:1d:46:d8:cd:a8:
+                    6e:22:ce:3d:5c:39:71:a4:0d:03:fa:78:7e:bb:6c:
+                    e8:51:e5:98:ef:a6:5e:62:d2:30:fa:3b:8f:21:5f:
+                    b7:5f:98:b7:9f:a8:56:7a:39:ca:c2:df:a1:56:fe:
+                    95:97:56:5e:5b:fe:74:d9:f2:2e:ca:7e:db:50:77:
+                    5a:d1:90:dc:22:d6:fe:4b:c0:57:a1:c6:3b:4a:ba:
+                    ad:05:14:c9:24:68:76:b5:e2:26:d5:cb:50:fd:d0:
+                    77:0e:8c:0c:b9:5e:f7:a4:9a:45:35:6c:62:ca:e9:
+                    38:d4:10:9a:5c:30:a5:4f:26:47:03:03:73:56:85:
+                    8c:be:f5:d0:c0:09:06:3e:0e:e8:e5:7d:d0:19:54:
+                    ed:57:ec:51:cf:bc:95:15:91:cf:d0:9a:84:dd:8a:
+                    50:7c:33:c2:1a:61:70:31:9a:19:17:28:b3:8c:da:
+                    5f:b8:d2:06:6b:82:3f:b6:6a:28:29:86:b4:20:cb:
+                    a5:af:73:66:e4:37:36:81:f0:3f:ad:bf:05:b8:db:
+                    2e:c4:22:e2:eb:46:87:f4:60:d1:a6:7f:ee:9c:41:
+                    a7:f3:aa:e9:37:dd:da:d6:f0:cd:48:ac:51:d1:77:
+                    8d:a1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EE:59:9D:56:0B:7C:0A:45:44:E3:15:57:E2:B2:F3:1D:64:6F:AF:7A
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:86:FF:F5:8E:10:DE:B8:FB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:1
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         ab:c7:2b:9d:15:73:97:47:e0:88:32:9d:10:71:81:53:62:97:
+         dc:c4:72:73:49:3e:50:50:10:03:1e:22:58:82:e0:b3:da:ca:
+         89:92:70:c8:54:0d:8e:a6:44:a0:26:5d:5d:52:d2:fb:63:e4:
+         13:7e:30:9a:13:25:4e:c8:34:a1:c9:e6:69:24:64:98:e3:88:
+         9c:86:18:62:53:70:ae:f0:d9:ed:f3:0c:e8:ec:5b:e5:27:85:
+         16:d0:b0:f6:bd:5d:9a:62:41:26:25:31:88:70:fe:25:97:48:
+         f1:e6:21:1c:78:f7:68:03:59:21:db:f1:c5:92:96:24:b8:23:
+         fc:ab:52:95:70:6a:52:16:4d:fc:36:6b:5f:58:4f:3f:c9:f4:
+         e7:6e:52:41:42:99:41:07:c2:75:74:db:c2:49:84:7c:3f:c1:
+         ac:bd:d4:d5:8f:d0:73:95:18:8a:5d:f0:8d:dd:2d:f0:b7:61:
+         8d:8a:ef:14:9f:fd:30:ba:10:e8:57:d3:1b:8e:2d:9b:74:b3:
+         63:0d:0e:8c:f9:a2:f7:42:c8:e6:5e:83:6f:0f:9a:85:3b:6e:
+         66:48:b9:a7:a8:fc:da:19:47:0c:90:26:0d:ce:15:fe:6a:1e:
+         47:5a:49:f8:76:0f:3a:a8:68:cd:a6:38:4c:a6:ca:b2:b0:9b:
+         c7:46:43:cd
+-----BEGIN CERTIFICATE-----
+MIIEwTCCA6mgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTkxMDEx
+MDAyODA4WhcNMjIwNzA3MDAyODA4WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
+SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQi1JQ0Ey
+LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0H+CBZ1bxEngPh+HbhcF6+IK0dGl
+9cy+HUbYzahuIs49XDlxpA0D+nh+u2zoUeWY76ZeYtIw+juPIV+3X5i3n6hWejnK
+wt+hVv6Vl1ZeW/502fIuyn7bUHda0ZDcItb+S8BXocY7SrqtBRTJJGh2teIm1ctQ
+/dB3DowMuV73pJpFNWxiyuk41BCaXDClTyZHAwNzVoWMvvXQwAkGPg7o5X3QGVTt
+V+xRz7yVFZHP0JqE3YpQfDPCGmFwMZoZFyizjNpfuNIGa4I/tmooKYa0IMulr3Nm
+5Dc2gfA/rb8FuNsuxCLi60aH9GDRpn/unEGn86rpN93a1vDNSKxR0XeNoQIDAQAB
+o4IBDTCCAQkwHQYDVR0OBBYEFO5ZnVYLfApFROMVV+Ky8x1kb696MIHJBgNVHSME
+gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
+U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q
+3rj7MA8GA1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA
+A4IBAQCrxyudFXOXR+CIMp0QcYFTYpfcxHJzST5QUBADHiJYguCz2sqJknDIVA2O
+pkSgJl1dUtL7Y+QTfjCaEyVOyDShyeZpJGSY44ichhhiU3Cu8Nnt8wzo7FvlJ4UW
+0LD2vV2aYkEmJTGIcP4ll0jx5iEcePdoA1kh2/HFkpYkuCP8q1KVcGpSFk38Nmtf
+WE8/yfTnblJBQplBB8J1dNvCSYR8P8GsvdTVj9BzlRiKXfCN3S3wt2GNiu8Un/0w
+uhDoV9Mbji2bdLNjDQ6M+aL3QsjmXoNvD5qFO25mSLmnqPzaGUcMkCYNzhX+ah5H
+Wkn4dg86qGjNpjhMpsqysJvHRkPN
+-----END CERTIFICATE-----

certs/test-pathlen/chainB-entity-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA11/ZPddbEao+UzHQMniH+8COgG38aHMfnHdmFjX8L9fkyroq
+c18UlBLwSDGiQK204wcMAke0Cgdp1dKFv8i8FIzHh7pfh8UH9N+kRh63Ew+dfvYa
+eykJVUwX7siwnTkMiW4YnAZ/XZXSTHGzH+pd0vYsaagWFVnlfQPXvRo04/En47l9
+aOA5PzViLyAg+hliNxowR2yj+Y6c82cuuzhMLgohm3C2l6Ibs5gNW3SXM/C4bE6t
+tB9IYsmary2moQaumDBUXsvdI3fV7lz7gfArrW/647EOmL0+C/R8xeNQvwibv774
+atnbeDaE8n57fV6nj0KBX0H0d1wwUfU/LSWVTQIDAQABAoIBAH2lLB5YuYc3sz5j
+rBsVl/c1oayo/XyN1N46BbNlcScUIyRlsQg3atDrr4PeeNKUxBdB8C6QWCcVpheY
+xnBZEehHLMww3TRerMKdib9igdk73dzIhDBfg1NgngGu0OIX+wld0juLytf05Ie2
+ORKgbnX5KXXGGoQAOtJQ4JYwaLSk1Ccz/Oa9LrYKPNqoDT90EagCSlie+/McEbu5
+oX/Wn4cmK2TF0XXGpcFzvZ5r1Humzvb7cbPl+HAYHdceTzS6nUREokCC37j3x+ks
+6gRgYGR78uk+oayKBk7PFK6KW5T4U/TFpMkiJ9iEYprMap74P8L/rdqgLot+VIFM
+/5y70CECgYEA9dJA/cCuIEDKMDaS1SwhigPZOqMw1iGflDjZbZw2nd5Vo7EcLghS
+G4+YDMOj/ATd/2Ukb0/uoeZqz6qg/8RePrgRs+yafYI1r5MJqV4TXAX2OZm0H9Fa
+Bcih7FWZFM7Y0BhYQAD9x816jq0fvq6mt/g95q9PAiZNp9mug1BSjQkCgYEA4Era
+Rsqhrg3OVW64RTL6iRbG5JnyWPRbclYHBubGR7adV0SFYmPNdLhlONfe1dsXtrS5
+R/2nKCSBJJKE6Mgd0iTD+BDvi7PgQhxu4SIjm3RstYDNg4LfIg3eEVChzQHG8lrZ
+23zPJAUt6rFW6EfYnPZWFF4nLeJvv8yxgxqtWyUCgYEAiePI5Q5iHmF5iRXzw3Qf
+1CVYgxXrXRI7S4+gF2YbFO8Upt/AaOnt9NvVdMOBhurMBGkdyPrTZymzHI4gBZiH
+LTNfasf72Q9jQft+3eyRe3s0pRbc/UQX9UqX2dQiLJPi9sfRKQXlVWCjsMjYF8Qs
+bOHpBy+raA9IXDE1PR+fTtECgYEAz6m+KukVhNdXgJYAmmE2wZKLF8DJNz8XI+cu
+nl8wmdkkGFZiwNPyt+y6G0UTFiHB9PGi0lqxV2NlBn15/SS7J4POxXC4uToTmmJE
+7sDzAs1qkSnuHaMgAKGiR5nGFM9eaalgJ+2Iw6rf9nm3I1zR25Hf5P+/eqY6HPTi
+LaaXdtkCgYBgvU/odZK0iBhqBsAxDfbk7BhnV9jKQOvkm7T6NupjmxhPmLQaFnWG
+d7KyYH052MpHR4+sTGo+LqFT7PGSo2FQDpRRUJ7NjocFr9jVi2LU3B3bDpQU7vKi
+Odovr+9RuHqcTiwnULPMlPeeXFIlWFT3tz2v6jodGjf8ejzv3IbH5g==
+-----END RSA PRIVATE KEY-----

certs/test-pathlen/chainB-entity.pem

@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 101 (0x65)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-ICA1-pathlen0, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainB-entity, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d7:5f:d9:3d:d7:5b:11:aa:3e:53:31:d0:32:78:
+                    87:fb:c0:8e:80:6d:fc:68:73:1f:9c:77:66:16:35:
+                    fc:2f:d7:e4:ca:ba:2a:73:5f:14:94:12:f0:48:31:
+                    a2:40:ad:b4:e3:07:0c:02:47:b4:0a:07:69:d5:d2:
+                    85:bf:c8:bc:14:8c:c7:87:ba:5f:87:c5:07:f4:df:
+                    a4:46:1e:b7:13:0f:9d:7e:f6:1a:7b:29:09:55:4c:
+                    17:ee:c8:b0:9d:39:0c:89:6e:18:9c:06:7f:5d:95:
+                    d2:4c:71:b3:1f:ea:5d:d2:f6:2c:69:a8:16:15:59:
+                    e5:7d:03:d7:bd:1a:34:e3:f1:27:e3:b9:7d:68:e0:
+                    39:3f:35:62:2f:20:20:fa:19:62:37:1a:30:47:6c:
+                    a3:f9:8e:9c:f3:67:2e:bb:38:4c:2e:0a:21:9b:70:
+                    b6:97:a2:1b:b3:98:0d:5b:74:97:33:f0:b8:6c:4e:
+                    ad:b4:1f:48:62:c9:9a:af:2d:a6:a1:06:ae:98:30:
+                    54:5e:cb:dd:23:77:d5:ee:5c:fb:81:f0:2b:ad:6f:
+                    fa:e3:b1:0e:98:bd:3e:0b:f4:7c:c5:e3:50:bf:08:
+                    9b:bf:be:f8:6a:d9:db:78:36:84:f2:7e:7b:7d:5e:
+                    a7:8f:42:81:5f:41:f4:77:5c:30:51:f5:3f:2d:25:
+                    95:4d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                7F:17:7E:8E:A8:2C:AD:9C:C7:22:7E:A6:C6:90:9E:63:C4:5F:33:9E
+            X509v3 Authority Key Identifier: 
+                keyid:D7:90:E4:86:59:24:F9:2B:B8:06:8E:B1:8F:33:E5:2C:63:F1:03:16
+                DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL Inc./OU=Engineering/CN=chainB-ICA2-pathlen1/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         1f:ee:5c:85:ed:4e:3b:39:6b:29:a2:ef:65:b9:f3:c7:47:85:
+         8e:79:a0:35:1b:aa:0e:98:67:a8:df:03:9c:2b:81:24:ed:cb:
+         cc:c0:42:49:76:bf:78:7b:b9:39:ca:f6:06:35:76:dd:e3:59:
+         c5:70:3b:b3:cf:62:0a:09:1d:07:90:96:c4:0e:0a:38:97:f7:
+         31:1d:ad:44:f9:03:f9:30:22:b6:68:01:00:38:23:3d:f6:e7:
+         71:5a:e4:d4:59:52:4f:80:86:ec:8f:ca:92:1d:9b:07:93:fe:
+         34:22:ac:9a:a2:aa:9e:fe:f5:7b:99:fd:72:32:40:98:88:d8:
+         42:1d:33:59:4c:38:2e:97:f2:9d:a2:fc:b7:33:cd:84:c1:c6:
+         ef:f5:c5:d9:be:32:ba:44:66:06:62:5c:55:31:38:b4:25:1a:
+         6a:64:de:14:39:b4:38:74:1b:d7:c4:ec:81:fc:3a:13:4b:e1:
+         d1:b1:5f:3c:8e:25:bc:63:7f:30:78:04:4e:79:3a:83:97:52:
+         f6:00:6a:9e:d8:b5:c6:06:21:97:4a:98:ee:cf:e8:83:94:23:
+         11:6c:00:d7:e9:35:1f:89:77:85:9a:d7:8f:29:90:c6:61:14:
+         e5:7d:55:5b:66:65:60:44:79:8a:1b:58:88:b9:0f:5f:a6:5f:
+         7a:ca:6b:0c
+-----BEGIN CERTIFICATE-----
+MIIEtzCCA5+gAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
+YWluQi1JQ0ExLXBhdGhsZW4wMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE5MTAxMTAwMjgwOFoXDTIyMDcwNzAwMjgwOFowgZoxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
+VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
+DA1jaGFpbkItZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11/ZPddbEao+UzHQMniH
++8COgG38aHMfnHdmFjX8L9fkyroqc18UlBLwSDGiQK204wcMAke0Cgdp1dKFv8i8
+FIzHh7pfh8UH9N+kRh63Ew+dfvYaeykJVUwX7siwnTkMiW4YnAZ/XZXSTHGzH+pd
+0vYsaagWFVnlfQPXvRo04/En47l9aOA5PzViLyAg+hliNxowR2yj+Y6c82cuuzhM
+Lgohm3C2l6Ibs5gNW3SXM/C4bE6ttB9IYsmary2moQaumDBUXsvdI3fV7lz7gfAr
+rW/647EOmL0+C/R8xeNQvwibv774atnbeDaE8n57fV6nj0KBX0H0d1wwUfU/LSWV
+TQIDAQABo4H+MIH7MB0GA1UdDgQWBBR/F36OqCytnMcifqbGkJ5jxF8znjCBzgYD
+VR0jBIHGMIHDgBTXkOSGWST5K7gGjrGPM+UsY/EDFqGBp6SBpDCBoTELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
+BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNV
+BAMMFGNoYWluQi1JQ0EyLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tggFkMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAB/uXIXt
+Tjs5aymi72W588dHhY55oDUbqg6YZ6jfA5wrgSTty8zAQkl2v3h7uTnK9gY1dt3j
+WcVwO7PPYgoJHQeQlsQOCjiX9zEdrUT5A/kwIrZoAQA4Iz3253Fa5NRZUk+AhuyP
+ypIdmweT/jQirJqiqp7+9XuZ/XIyQJiI2EIdM1lMOC6X8p2i/LczzYTBxu/1xdm+
+MrpEZgZiXFUxOLQlGmpk3hQ5tDh0G9fE7IH8OhNL4dGxXzyOJbxjfzB4BE55OoOX
+UvYAap7YtcYGIZdKmO7P6IOUIxFsANfpNR+Jd4Wa148pkMZhFOV9VVtmZWBEeYob
+WIi5D1+mX3rKaww=
+-----END CERTIFICATE-----

certs/test-pathlen/chainC-ICA1-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuxpswb27mynKNT1joynNpmXEnqPFUJmtUZAKmpuDzr4Gu2ZP
+7x4xJTRvX5iuAUnDYxeEuXptwNj9DP+aAkxBN0nwGGMbT/w3Jk5UedcXOVB5bqMp
+mQetnVzY4QLnM37k2qQFvGID059qkZJm3SnQlfsvP/BZuHBbJVR7oAqfMwlk7fvU
+HC2WVEXjUJj/sX+axs8Jo9rpV60dBY8edXXn0gcz3tp9QtgOlP6ux5vDtZ7zayGf
+dMSzMnwoTg+8FTO6nAk8wUAGeLuxID9hFfYeSXNRiZUtlb801sKp0TQdjSFtT6Nu
+7/wjonb80CVTDkN2O+2C7NgjyzPvPJ2h3uZ6rQIDAQABAoIBAQCBojJeHbYBMHgg
+YRNKtij9NB+BhpisWn2COFmQe1Vchb6mUqHpW7LTQzwzMNbGn7PXUTEtTU0Dw5O4
+UNQE6Y553ymRzADdbzNKwBS5gjReCorIBBZLJ827bNv7Moa74Bxx/BjZR9O86QPu
+LlBExbb2Y11+YGnZZ0dPWvR4k0NwGM+zsEVfJQcRR7JXaQ720123sg+7TuTk30X/
+mgayttEyJhLt7UqulYagTethwKLY18fdvHTOGdES5Xiw+bWC7PKa/FePX8YXnFVN
+Cz3t4l4Us/xs22nYo4IG2lu1LSxy2IxPV92w4KX4XcrwTW3+eH8+tfPByp3gFTdP
+ZetlWehBAoGBAOLoOMIwLLSN5S0tJ4vwQaxn0YqEwJsEaSx85SUujhbsbjgyeVF6
+iN/v6TTb2EYliZvtQirkC7GMnS313AxzpUFO7+V/xf3jYDK7t+UJ1ap3zUU3vUOb
+F4FKorNbfoxYd/vtZ7wt/KvuCKvDTszv8NhUNzFhXeIEzFhf+S4SDqFdAoGBANMX
+uAZoLngBmAyw2zYcWTW5U9armeycTDpfxDpM4PjbxOs17/hK0G4IXqzCfQ2Hi0bl
+fW6KeO5FqD9d5klIYo0278w4n5FpvA3yxqVlHoqXCtSYedSWsXN/sl7Ak1d2VngW
+ecytOdrBxvQy9wqnmk3lhJby5DNWiuiUafudlxmRAoGAbFPhhRPqw+haWU8Nakmx
+kNWfvDnUmi1o6MxXuYCYZWlK1ZmDQdr2LbMj6xBqGFMjd0W2KTPmQUWYZLDT9T3g
+z2UYMsDljWhYLOBh0v72+wNnBHyv5u7MMfWn52ju6aHy5ltZAwYRcyOZECeWH1EN
+8rmCABkz8QvJYweutsf4JCECgYEAz6B7zCl602TV9l2aL/3wLSyNbw+4RYdyXtRF
+QQbPHVekt6mE0BZeLmwjGw/tSnpwnpopJqoiylJPa4xjbt84uCc59AgZw0BZzOpn
+QtVUFgL8jyEua9CQ18bZXeNSyWtHH7UTtiMITcfddeIPJTa3Sjkfkg10MZ7E4IDi
+Qa++qFECgYBRM+cS7jwo5oulYJ7Sqs8n1pj8MNGSLEcPQaTOxMUWqtkaN9iVQLx7
+lI/FYusedOReZ/+UDUrwZDdMXYrnL4/f8STXidDsY2+LOilaT2XggdBABe0bCjbf
+r/Pknwx2VkwWFbDN6h/U9tKU47allf64kCQqzgoZtzMXTefZiAxLrw==
+-----END RSA PRIVATE KEY-----

certs/test-pathlen/chainC-ICA1-pathlen1.pem

@@ -0,0 +1,89 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:bb:1a:6c:c1:bd:bb:9b:29:ca:35:3d:63:a3:29:
+                    cd:a6:65:c4:9e:a3:c5:50:99:ad:51:90:0a:9a:9b:
+                    83:ce:be:06:bb:66:4f:ef:1e:31:25:34:6f:5f:98:
+                    ae:01:49:c3:63:17:84:b9:7a:6d:c0:d8:fd:0c:ff:
+                    9a:02:4c:41:37:49:f0:18:63:1b:4f:fc:37:26:4e:
+                    54:79:d7:17:39:50:79:6e:a3:29:99:07:ad:9d:5c:
+                    d8:e1:02:e7:33:7e:e4:da:a4:05:bc:62:03:d3:9f:
+                    6a:91:92:66:dd:29:d0:95:fb:2f:3f:f0:59:b8:70:
+                    5b:25:54:7b:a0:0a:9f:33:09:64:ed:fb:d4:1c:2d:
+                    96:54:45:e3:50:98:ff:b1:7f:9a:c6:cf:09:a3:da:
+                    e9:57:ad:1d:05:8f:1e:75:75:e7:d2:07:33:de:da:
+                    7d:42:d8:0e:94:fe:ae:c7:9b:c3:b5:9e:f3:6b:21:
+                    9f:74:c4:b3:32:7c:28:4e:0f:bc:15:33:ba:9c:09:
+                    3c:c1:40:06:78:bb:b1:20:3f:61:15:f6:1e:49:73:
+                    51:89:95:2d:95:bf:34:d6:c2:a9:d1:34:1d:8d:21:
+                    6d:4f:a3:6e:ef:fc:23:a2:76:fc:d0:25:53:0e:43:
+                    76:3b:ed:82:ec:d8:23:cb:33:ef:3c:9d:a1:de:e6:
+                    7a:ad
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                94:1D:2E:07:37:C6:2F:52:C1:EC:79:6B:13:CE:09:90:5F:F4:C4:51
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:86:FF:F5:8E:10:DE:B8:FB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:1
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         65:d2:6a:a3:a2:98:ac:5a:53:e4:b4:02:66:8e:9c:64:fa:53:
+         88:a7:31:09:fa:31:4d:27:7a:17:7a:1c:8f:13:2a:e5:60:e4:
+         f2:0f:6a:e6:a6:48:ed:e4:17:0e:cb:57:77:66:98:c0:37:2f:
+         00:26:1e:1a:a8:e4:ad:9e:c9:47:4d:6c:c5:57:75:79:97:be:
+         0f:82:92:aa:b0:df:0d:f4:25:49:fd:c6:6f:e7:70:f1:f0:0d:
+         e7:13:81:ed:a1:1e:69:f3:10:3d:3e:3c:5b:c0:71:fb:44:47:
+         e2:bc:51:62:6c:21:7a:ea:ad:74:f5:46:35:63:93:ab:f9:89:
+         31:e6:01:5f:eb:ca:df:d3:93:86:3d:8b:0a:88:79:f1:b1:47:
+         df:1f:2e:a0:7e:34:f6:80:30:7d:bd:e5:70:43:0d:76:2a:fc:
+         fe:38:4f:3a:bc:58:52:81:37:5e:e9:3b:26:f4:8d:20:5f:f2:
+         44:56:e8:b8:cc:42:7a:5e:67:28:34:c3:8f:a9:08:87:92:4b:
+         bc:1d:3b:d1:1a:d8:79:20:eb:4a:6f:87:b3:3b:ef:2f:a6:98:
+         34:48:a6:43:ba:d4:fa:65:6f:54:9b:28:a1:e1:77:fe:0e:91:
+         0b:4f:f5:95:3e:b3:c9:4e:2d:17:67:37:5b:d5:dd:83:ef:a4:
+         b4:41:53:36
+-----BEGIN CERTIFICATE-----
+MIIEwTCCA6mgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTkxMDEx
+MDAyODA4WhcNMjIwNzA3MDAyODA4WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
+SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQy1JQ0Ex
+LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxpswb27mynKNT1joynNpmXEnqPF
+UJmtUZAKmpuDzr4Gu2ZP7x4xJTRvX5iuAUnDYxeEuXptwNj9DP+aAkxBN0nwGGMb
+T/w3Jk5UedcXOVB5bqMpmQetnVzY4QLnM37k2qQFvGID059qkZJm3SnQlfsvP/BZ
+uHBbJVR7oAqfMwlk7fvUHC2WVEXjUJj/sX+axs8Jo9rpV60dBY8edXXn0gcz3tp9
+QtgOlP6ux5vDtZ7zayGfdMSzMnwoTg+8FTO6nAk8wUAGeLuxID9hFfYeSXNRiZUt
+lb801sKp0TQdjSFtT6Nu7/wjonb80CVTDkN2O+2C7NgjyzPvPJ2h3uZ6rQIDAQAB
+o4IBDTCCAQkwHQYDVR0OBBYEFJQdLgc3xi9Swex5axPOCZBf9MRRMIHJBgNVHSME
+gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
+U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q
+3rj7MA8GA1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA
+A4IBAQBl0mqjopisWlPktAJmjpxk+lOIpzEJ+jFNJ3oXehyPEyrlYOTyD2rmpkjt
+5BcOy1d3ZpjANy8AJh4aqOStnslHTWzFV3V5l74PgpKqsN8N9CVJ/cZv53Dx8A3n
+E4HtoR5p8xA9PjxbwHH7REfivFFibCF66q109UY1Y5Or+Ykx5gFf68rf05OGPYsK
+iHnxsUffHy6gfjT2gDB9veVwQw12Kvz+OE86vFhSgTde6Tsm9I0gX/JEVui4zEJ6
+XmcoNMOPqQiHkku8HTvRGth5IOtKb4ezO+8vppg0SKZDutT6ZW9Umyih4Xf+DpEL
+T/WVPrPJTi0XZzdb1d2D76S0QVM2
+-----END CERTIFICATE-----

certs/test-pathlen/chainC-assembled.pem

@@ -0,0 +1,175 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 101 (0x65)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-entity, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:34:e1:1c:2c:2d:a4:93:b5:c4:fc:65:40:fa:
+                    94:68:74:24:ff:52:a4:df:3e:f1:7c:92:14:f0:f0:
+                    91:ed:9c:7e:a0:7e:b1:07:20:38:b2:c4:a2:b8:09:
+                    d1:06:ee:fa:c6:7e:4d:79:be:dd:83:18:cf:e8:a7:
+                    78:88:cd:44:ce:3a:40:05:7a:6e:c5:c9:e4:84:64:
+                    e0:01:7d:4f:f9:87:d2:94:91:e9:c8:21:bc:71:2e:
+                    ef:f6:61:23:46:6b:da:5f:32:23:a1:86:9c:c6:9a:
+                    b4:98:35:6d:36:b8:34:14:fd:9d:63:2f:75:7e:58:
+                    f2:08:f9:e3:32:2a:a6:d2:b1:49:05:d3:8c:d4:48:
+                    5c:c2:57:07:62:4e:7a:05:23:c2:4f:ca:d5:a8:38:
+                    32:92:c2:21:3b:74:3e:2d:b1:6b:57:96:81:a3:2d:
+                    ce:6e:9c:d9:ce:1f:e9:42:f8:2c:bb:fe:07:57:c6:
+                    c8:93:6e:89:d3:fc:d2:83:4b:c1:2c:ea:5e:41:c9:
+                    7c:be:6c:23:01:89:75:1b:1f:57:ac:83:dc:da:e1:
+                    63:55:d8:94:fc:2d:a6:99:15:d1:71:88:a5:1b:f5:
+                    6f:39:0a:bd:ec:09:02:09:77:a7:5d:da:78:f8:8f:
+                    b1:5d:a7:83:12:10:5f:89:ae:72:c2:88:bf:3e:80:
+                    98:c3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                91:79:7C:91:A7:A0:BC:E1:7B:77:9E:51:6E:5C:A7:7A:D9:3F:18:A0
+            X509v3 Authority Key Identifier: 
+                keyid:94:1D:2E:07:37:C6:2F:52:C1:EC:79:6B:13:CE:09:90:5F:F4:C4:51
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         b7:d0:5e:86:77:76:45:77:c3:f8:5c:cd:9b:84:52:b7:8b:d6:
+         84:ed:d3:1b:fa:7f:27:d1:24:05:11:9d:bf:74:eb:14:93:ee:
+         08:2c:16:0a:d8:00:46:31:e3:43:f1:95:64:b1:72:93:49:fa:
+         fe:73:e8:be:2a:02:95:e8:3a:56:f3:aa:8b:fa:cb:3a:f5:06:
+         a2:00:ae:19:36:86:be:93:79:3f:58:f7:95:de:a8:e2:12:89:
+         52:2f:a0:be:09:3e:18:69:19:d5:96:7c:94:9a:ee:ab:f1:2b:
+         74:54:c9:1c:0a:5f:aa:d1:62:34:24:33:f8:5e:b2:43:9c:c9:
+         e6:8c:fa:b5:89:a7:3e:6b:51:00:a6:e3:d5:c4:f9:ac:78:a5:
+         4d:85:7c:e3:7d:f9:b5:e8:ad:3e:32:56:fb:99:bf:f9:3b:a4:
+         98:04:72:cd:ea:95:08:af:7e:62:2d:74:e4:25:48:43:25:ba:
+         07:7c:00:c9:31:41:6f:59:ff:da:bb:ac:08:06:18:1a:0a:3d:
+         1d:2e:ad:98:2c:06:72:51:f2:75:7c:87:ef:e0:37:f6:80:70:
+         aa:8d:d9:a8:13:e5:31:91:3c:e3:0f:21:33:0a:15:91:1c:4d:
+         3a:1b:35:f6:4c:f5:5f:70:34:b2:dc:ed:10:5d:37:58:16:e4:
+         e0:83:12:90
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
+YWluQy1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE5MTAxMTAwMjgwOFoXDTIyMDcwNzAwMjgwOFowgZoxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
+VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
+DA1jaGFpbkMtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzThHCwtpJO1xPxlQPqU
+aHQk/1Kk3z7xfJIU8PCR7Zx+oH6xByA4ssSiuAnRBu76xn5Neb7dgxjP6Kd4iM1E
+zjpABXpuxcnkhGTgAX1P+YfSlJHpyCG8cS7v9mEjRmvaXzIjoYacxpq0mDVtNrg0
+FP2dYy91fljyCPnjMiqm0rFJBdOM1EhcwlcHYk56BSPCT8rVqDgyksIhO3Q+LbFr
+V5aBoy3ObpzZzh/pQvgsu/4HV8bIk26J0/zSg0vBLOpeQcl8vmwjAYl1Gx9XrIPc
+2uFjVdiU/C2mmRXRcYilG/VvOQq97AkCCXenXdp4+I+xXaeDEhBfia5ywoi/PoCY
+wwIDAQABo4HxMIHuMB0GA1UdDgQWBBSReXyRp6C84Xt3nlFuXKd62T8YoDCBwQYD
+VR0jBIG5MIG2gBSUHS4HN8YvUsHseWsTzgmQX/TEUaGBmqSBlzCBlDELMAkGA1UE
+BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
+BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
+d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAt9Behnd2RXfD+FzNm4RSt4vW
+hO3TG/p/J9EkBRGdv3TrFJPuCCwWCtgARjHjQ/GVZLFyk0n6/nPovioCleg6VvOq
+i/rLOvUGogCuGTaGvpN5P1j3ld6o4hKJUi+gvgk+GGkZ1ZZ8lJruq/ErdFTJHApf
+qtFiNCQz+F6yQ5zJ5oz6tYmnPmtRAKbj1cT5rHilTYV84335teitPjJW+5m/+Tuk
+mARyzeqVCK9+Yi105CVIQyW6B3wAyTFBb1n/2rusCAYYGgo9HS6tmCwGclHydXyH
+7+A39oBwqo3ZqBPlMZE84w8hMwoVkRxNOhs19kz1X3A0stztEF03WBbk4IMSkA==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:bb:1a:6c:c1:bd:bb:9b:29:ca:35:3d:63:a3:29:
+                    cd:a6:65:c4:9e:a3:c5:50:99:ad:51:90:0a:9a:9b:
+                    83:ce:be:06:bb:66:4f:ef:1e:31:25:34:6f:5f:98:
+                    ae:01:49:c3:63:17:84:b9:7a:6d:c0:d8:fd:0c:ff:
+                    9a:02:4c:41:37:49:f0:18:63:1b:4f:fc:37:26:4e:
+                    54:79:d7:17:39:50:79:6e:a3:29:99:07:ad:9d:5c:
+                    d8:e1:02:e7:33:7e:e4:da:a4:05:bc:62:03:d3:9f:
+                    6a:91:92:66:dd:29:d0:95:fb:2f:3f:f0:59:b8:70:
+                    5b:25:54:7b:a0:0a:9f:33:09:64:ed:fb:d4:1c:2d:
+                    96:54:45:e3:50:98:ff:b1:7f:9a:c6:cf:09:a3:da:
+                    e9:57:ad:1d:05:8f:1e:75:75:e7:d2:07:33:de:da:
+                    7d:42:d8:0e:94:fe:ae:c7:9b:c3:b5:9e:f3:6b:21:
+                    9f:74:c4:b3:32:7c:28:4e:0f:bc:15:33:ba:9c:09:
+                    3c:c1:40:06:78:bb:b1:20:3f:61:15:f6:1e:49:73:
+                    51:89:95:2d:95:bf:34:d6:c2:a9:d1:34:1d:8d:21:
+                    6d:4f:a3:6e:ef:fc:23:a2:76:fc:d0:25:53:0e:43:
+                    76:3b:ed:82:ec:d8:23:cb:33:ef:3c:9d:a1:de:e6:
+                    7a:ad
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                94:1D:2E:07:37:C6:2F:52:C1:EC:79:6B:13:CE:09:90:5F:F4:C4:51
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:86:FF:F5:8E:10:DE:B8:FB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:1
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         65:d2:6a:a3:a2:98:ac:5a:53:e4:b4:02:66:8e:9c:64:fa:53:
+         88:a7:31:09:fa:31:4d:27:7a:17:7a:1c:8f:13:2a:e5:60:e4:
+         f2:0f:6a:e6:a6:48:ed:e4:17:0e:cb:57:77:66:98:c0:37:2f:
+         00:26:1e:1a:a8:e4:ad:9e:c9:47:4d:6c:c5:57:75:79:97:be:
+         0f:82:92:aa:b0:df:0d:f4:25:49:fd:c6:6f:e7:70:f1:f0:0d:
+         e7:13:81:ed:a1:1e:69:f3:10:3d:3e:3c:5b:c0:71:fb:44:47:
+         e2:bc:51:62:6c:21:7a:ea:ad:74:f5:46:35:63:93:ab:f9:89:
+         31:e6:01:5f:eb:ca:df:d3:93:86:3d:8b:0a:88:79:f1:b1:47:
+         df:1f:2e:a0:7e:34:f6:80:30:7d:bd:e5:70:43:0d:76:2a:fc:
+         fe:38:4f:3a:bc:58:52:81:37:5e:e9:3b:26:f4:8d:20:5f:f2:
+         44:56:e8:b8:cc:42:7a:5e:67:28:34:c3:8f:a9:08:87:92:4b:
+         bc:1d:3b:d1:1a:d8:79:20:eb:4a:6f:87:b3:3b:ef:2f:a6:98:
+         34:48:a6:43:ba:d4:fa:65:6f:54:9b:28:a1:e1:77:fe:0e:91:
+         0b:4f:f5:95:3e:b3:c9:4e:2d:17:67:37:5b:d5:dd:83:ef:a4:
+         b4:41:53:36
+-----BEGIN CERTIFICATE-----
+MIIEwTCCA6mgAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTkxMDEx
+MDAyODA4WhcNMjIwNzA3MDAyODA4WjCBoTELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
+SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNoYWluQy1JQ0Ex
+LXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxpswb27mynKNT1joynNpmXEnqPF
+UJmtUZAKmpuDzr4Gu2ZP7x4xJTRvX5iuAUnDYxeEuXptwNj9DP+aAkxBN0nwGGMb
+T/w3Jk5UedcXOVB5bqMpmQetnVzY4QLnM37k2qQFvGID059qkZJm3SnQlfsvP/BZ
+uHBbJVR7oAqfMwlk7fvUHC2WVEXjUJj/sX+axs8Jo9rpV60dBY8edXXn0gcz3tp9
+QtgOlP6ux5vDtZ7zayGfdMSzMnwoTg+8FTO6nAk8wUAGeLuxID9hFfYeSXNRiZUt
+lb801sKp0TQdjSFtT6Nu7/wjonb80CVTDkN2O+2C7NgjyzPvPJ2h3uZ6rQIDAQAB
+o4IBDTCCAQkwHQYDVR0OBBYEFJQdLgc3xi9Swex5axPOCZBf9MRRMIHJBgNVHSME
+gcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJV
+UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwI
+U2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAIb/9Y4Q
+3rj7MA8GA1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA
+A4IBAQBl0mqjopisWlPktAJmjpxk+lOIpzEJ+jFNJ3oXehyPEyrlYOTyD2rmpkjt
+5BcOy1d3ZpjANy8AJh4aqOStnslHTWzFV3V5l74PgpKqsN8N9CVJ/cZv53Dx8A3n
+E4HtoR5p8xA9PjxbwHH7REfivFFibCF66q109UY1Y5Or+Ykx5gFf68rf05OGPYsK
+iHnxsUffHy6gfjT2gDB9veVwQw12Kvz+OE86vFhSgTde6Tsm9I0gX/JEVui4zEJ6
+XmcoNMOPqQiHkku8HTvRGth5IOtKb4ezO+8vppg0SKZDutT6ZW9Umyih4Xf+DpEL
+T/WVPrPJTi0XZzdb1d2D76S0QVM2
+-----END CERTIFICATE-----

certs/test-pathlen/chainC-entity-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAvzThHCwtpJO1xPxlQPqUaHQk/1Kk3z7xfJIU8PCR7Zx+oH6x
+ByA4ssSiuAnRBu76xn5Neb7dgxjP6Kd4iM1EzjpABXpuxcnkhGTgAX1P+YfSlJHp
+yCG8cS7v9mEjRmvaXzIjoYacxpq0mDVtNrg0FP2dYy91fljyCPnjMiqm0rFJBdOM
+1EhcwlcHYk56BSPCT8rVqDgyksIhO3Q+LbFrV5aBoy3ObpzZzh/pQvgsu/4HV8bI
+k26J0/zSg0vBLOpeQcl8vmwjAYl1Gx9XrIPc2uFjVdiU/C2mmRXRcYilG/VvOQq9
+7AkCCXenXdp4+I+xXaeDEhBfia5ywoi/PoCYwwIDAQABAoIBAQCSlHYyQ8flz/rb
+/WWeD7sv7EHknjWYk0dLaS22m6YzUvJcFWOfA9uTaF0Z2ySsPQ5wlqjMOT7VXnMc
+dy5XKY2iz1L/ICHFbQXLXQ3A9pEVyULs9IMVEo/E8OeyqDsDpHDu46AfFvQe6MCj
+oumLtmDu6pH6VIqtBoDd0ruSXNIw17a99b7kdCsGq4cobwbPmQtqc4+bpEd1+5si
+EErSmHA+x1u/M2B1xJo9KPFAHKifGTBpU7t/uSPAmGmA/oq1fkhAkqYmBlxbLi72
+E6T7BoXpZ42dzaZnKXRU1M2uo3hocaZaZdZ4eRWrJcjpAnL12HyfpotOKFUJbNZY
+ILZlVIMpAoGBAOMr6kz51tfSTLj/vcp/U/zelSE6J9VGlhGoeW8fkyI1rZ2scOo1
+kHQgOcaOwptAatNmclJuAChc3cwflN232egbRLEMWDdUXTwydSH/Aldjj0SZkgqz
+n4wlOmXW05faInU8DeIHq8m1IoTcjciH5QLc/Gq24dBElSsXLFOS7mdNAoGBANd4
+k1dPyoYkGPjEO89E6rSnwv2pGvj+Eu9EANpCtkx6o341yxWCou6GDTxiepZe18Ed
+RGV/QWQCYPRQXJf+XwTrmxMJ3VN8+jHN8kd/iZPbIgti4Tn68Svkjq97yEBMcAjH
+sYyMo2Iuo6e8kWGJJJe+5JuLflu8YjZQglANfZhPAoGBAIls4ZqbcUqyX9Nycn/z
+sv1AMXseUUaGIvafsoZ01W9Whabi0JP+v1pgvFLPvg5pU7Z7PSF8hf/k3hBD8qyG
+Mf5lsJJiY2NlV9m4tH9SYzo2ck8Pj/eFXjlLtB4zbWFphnrhT4yzE0s8lptFSUhM
+XU/0G4b7B3QUaSDeLeSI+EvpAoGBANXlak7IdMGI4AlDtCPjxCKmTxlEX/RBNEa0
++SuyAgoVzGsjt4CY+GlURZtmH09aw09/YEBpfV5sRhcCF4kDCQx3XrAdoMqaTDxY
+t2RmpQpUBI3NEMxf4j2yXDqz5Gx/9M+ifQyLKD31Ep0WwjNS0zKYW5RVe5BRiCVm
+8pXJbp5dAoGBAJiN8lryCqG+0VZ+SKU8UI9paR6G64IFO3A2SjBJf7YrQ8fivhOk
+gEdB/Aph2ztx0AZP56b38y7EievsKW95kg1LhGi0bhlKygVuZRWJa4Kj9DaTlAss
+2ufqrz1VGK7o0elCrNnNp0F/ocWMAvVFBPOA90WMKd2z97HpcgvzXGj6
+-----END RSA PRIVATE KEY-----

certs/test-pathlen/chainC-entity.pem

@@ -0,0 +1,86 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 101 (0x65)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-ICA1-pathlen1, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:08 2019 GMT
+            Not After : Jul  7 00:28:08 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainC-entity, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:34:e1:1c:2c:2d:a4:93:b5:c4:fc:65:40:fa:
+                    94:68:74:24:ff:52:a4:df:3e:f1:7c:92:14:f0:f0:
+                    91:ed:9c:7e:a0:7e:b1:07:20:38:b2:c4:a2:b8:09:
+                    d1:06:ee:fa:c6:7e:4d:79:be:dd:83:18:cf:e8:a7:
+                    78:88:cd:44:ce:3a:40:05:7a:6e:c5:c9:e4:84:64:
+                    e0:01:7d:4f:f9:87:d2:94:91:e9:c8:21:bc:71:2e:
+                    ef:f6:61:23:46:6b:da:5f:32:23:a1:86:9c:c6:9a:
+                    b4:98:35:6d:36:b8:34:14:fd:9d:63:2f:75:7e:58:
+                    f2:08:f9:e3:32:2a:a6:d2:b1:49:05:d3:8c:d4:48:
+                    5c:c2:57:07:62:4e:7a:05:23:c2:4f:ca:d5:a8:38:
+                    32:92:c2:21:3b:74:3e:2d:b1:6b:57:96:81:a3:2d:
+                    ce:6e:9c:d9:ce:1f:e9:42:f8:2c:bb:fe:07:57:c6:
+                    c8:93:6e:89:d3:fc:d2:83:4b:c1:2c:ea:5e:41:c9:
+                    7c:be:6c:23:01:89:75:1b:1f:57:ac:83:dc:da:e1:
+                    63:55:d8:94:fc:2d:a6:99:15:d1:71:88:a5:1b:f5:
+                    6f:39:0a:bd:ec:09:02:09:77:a7:5d:da:78:f8:8f:
+                    b1:5d:a7:83:12:10:5f:89:ae:72:c2:88:bf:3e:80:
+                    98:c3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                91:79:7C:91:A7:A0:BC:E1:7B:77:9E:51:6E:5C:A7:7A:D9:3F:18:A0
+            X509v3 Authority Key Identifier: 
+                keyid:94:1D:2E:07:37:C6:2F:52:C1:EC:79:6B:13:CE:09:90:5F:F4:C4:51
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         b7:d0:5e:86:77:76:45:77:c3:f8:5c:cd:9b:84:52:b7:8b:d6:
+         84:ed:d3:1b:fa:7f:27:d1:24:05:11:9d:bf:74:eb:14:93:ee:
+         08:2c:16:0a:d8:00:46:31:e3:43:f1:95:64:b1:72:93:49:fa:
+         fe:73:e8:be:2a:02:95:e8:3a:56:f3:aa:8b:fa:cb:3a:f5:06:
+         a2:00:ae:19:36:86:be:93:79:3f:58:f7:95:de:a8:e2:12:89:
+         52:2f:a0:be:09:3e:18:69:19:d5:96:7c:94:9a:ee:ab:f1:2b:
+         74:54:c9:1c:0a:5f:aa:d1:62:34:24:33:f8:5e:b2:43:9c:c9:
+         e6:8c:fa:b5:89:a7:3e:6b:51:00:a6:e3:d5:c4:f9:ac:78:a5:
+         4d:85:7c:e3:7d:f9:b5:e8:ad:3e:32:56:fb:99:bf:f9:3b:a4:
+         98:04:72:cd:ea:95:08:af:7e:62:2d:74:e4:25:48:43:25:ba:
+         07:7c:00:c9:31:41:6f:59:ff:da:bb:ac:08:06:18:1a:0a:3d:
+         1d:2e:ad:98:2c:06:72:51:f2:75:7c:87:ef:e0:37:f6:80:70:
+         aa:8d:d9:a8:13:e5:31:91:3c:e3:0f:21:33:0a:15:91:1c:4d:
+         3a:1b:35:f6:4c:f5:5f:70:34:b2:dc:ed:10:5d:37:58:16:e4:
+         e0:83:12:90
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHTAbBgNVBAMMFGNo
+YWluQy1JQ0ExLXBhdGhsZW4xMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTE5MTAxMTAwMjgwOFoXDTIyMDcwNzAwMjgwOFowgZoxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRUwEwYD
+VQQKDAx3b2xmU1NMIEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRYwFAYDVQQD
+DA1jaGFpbkMtZW50aXR5MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzThHCwtpJO1xPxlQPqU
+aHQk/1Kk3z7xfJIU8PCR7Zx+oH6xByA4ssSiuAnRBu76xn5Neb7dgxjP6Kd4iM1E
+zjpABXpuxcnkhGTgAX1P+YfSlJHpyCG8cS7v9mEjRmvaXzIjoYacxpq0mDVtNrg0
+FP2dYy91fljyCPnjMiqm0rFJBdOM1EhcwlcHYk56BSPCT8rVqDgyksIhO3Q+LbFr
+V5aBoy3ObpzZzh/pQvgsu/4HV8bIk26J0/zSg0vBLOpeQcl8vmwjAYl1Gx9XrIPc
+2uFjVdiU/C2mmRXRcYilG/VvOQq97AkCCXenXdp4+I+xXaeDEhBfia5ywoi/PoCY
+wwIDAQABo4HxMIHuMB0GA1UdDgQWBBSReXyRp6C84Xt3nlFuXKd62T8YoDCBwQYD
+VR0jBIG5MIG2gBSUHS4HN8YvUsHseWsTzgmQX/TEUaGBmqSBlzCBlDELMAkGA1UE
+BhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNV
+BAoMCFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cu
+d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAWQw
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAt9Behnd2RXfD+FzNm4RSt4vW
+hO3TG/p/J9EkBRGdv3TrFJPuCCwWCtgARjHjQ/GVZLFyk0n6/nPovioCleg6VvOq
+i/rLOvUGogCuGTaGvpN5P1j3ld6o4hKJUi+gvgk+GGkZ1ZZ8lJruq/ErdFTJHApf
+qtFiNCQz+F6yQ5zJ5oz6tYmnPmtRAKbj1cT5rHilTYV84335teitPjJW+5m/+Tuk
+mARyzeqVCK9+Yi105CVIQyW6B3wAyTFBb1n/2rusCAYYGgo9HS6tmCwGclHydXyH
+7+A39oBwqo3ZqBPlMZE84w8hMwoVkRxNOhs19kz1X3A0stztEF03WBbk4IMSkA==
+-----END CERTIFICATE-----

certs/test-pathlen/chainD-ICA1-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA14F4qRmZEtHPPVFUHdMUlO0+3v/gI+T3I/xcSSTYNpPmKu6n
+q8aNya1ARclEBkdMDWUJ3dvi8L3NeRzs0Y3e8v9m9bK9Q8xYfx3bS5elg1yHXptz
+h8gdK0eSVeTbvlHV63bCqllye/YnL77A29w88uIZybAwuy6ilUgGvY6dvYxrXsaa
+c0tssCCWR0TTCWtqK/qGXx0Lp2IictVWHKqXjM5Xow/mvM1jVFVgh1Dr+ozpFXCz
+XE0OJ2D9B26M7D+gJcUBWaP8LYBLhEwQtcina7HlxcGasNZLMCG6QmXgP1nPf0lL
+O89iBvSJrluBXRVj+3wpprXP87W1ZgZPo9pnOQIDAQABAoIBAFEIoxlawb9c20Ng
+SHPqggu55fEuX9a/atrCMuViEFb9aAfus2eZAom6NrfHBWgi+Qr0WjBtVTlW9WM8
+KCRn51SSCuIKcraCqSgrTuFuxVLOwSwm4dtFuQokIHdh1esLlJe0kWBCwBSyq2t9
+m8FQYC6oLDA1qy1HTOU7LyWp8dBqwnbplTSUax9ske3hQ51uLVI3ESWIHwoC2t9D
+fCAPQII7CIIOAO9hmi5324Z06Pi8LkuRY/ayiZ+CxMn2gSG3HuE2yg8fbbbVwN5u
+w6Luwc0qPh8CmBDWXFftLjgY7u+PJOlYDz8GKYSaykVAvyjl9YeAMXKVo+dgER/H
+4nBrWvECgYEA/Q+k2BIwr5gyE8dWoY7nVUQY/UlOX3WIQG13GCJBiUh23rZui3YQ
++tCTi1CRdoLkbyN2gPorMBxEjaQ+tKGhd/fSXeeftWMAIrQuKdxlYwBIG3xNCG69
+heL9Bcv9HKYtTWjEw9cR8OaXj9G3ExCqrdeJ2oA3Ow9xNTexSidT7o0CgYEA2gIs
+rRzYtqIxgCML1iMUU5BwMeO7kqtQD9pl8jsoMgTFD83C3pS8iZcm3A53vmBi+l5a
+ELljofTq4Sx9PLFLKITRjyMXZI0HJg7gaZRKcR8W8K38gIVTYT+KIp4fTsa51jKD
+u7VWxKwCsTSRr50cvhUtW2kydgxrOShOiWz3Nl0CgYEAkdrLaxII55wz+LxizRk9
+ciKeuJXgyxpF3sR46PsNhN+0S6cgTddN8BH5iEl2nbTRjtEEw0/tRnx0cqLg1WF3
+XFsE78TJg1U9RcNN/CigcxA9f0IEcEDLkXiD1yx8hV+uKrig+DNkjtGJN4ZrG1z2
+0t2xAbP2oV7EJCUmVRQXxx0CgYEAw2erj8cJYDnk0IuZMmji8TvHtJABMqem7W6+
+be4kSyEHWPD/N+5tR45Z4Gh/X/6Y+PzVEaR571LNrOLpphrr2Pejtf6oGxJlU/GF
+qFyolNhfAX+RkcjvQX1oXTsJqNxq+djxRrB1g3cCOr95zcSvXJkyvHqAJltfSC4e
+pwMqWmkCgYBsEbkdUr9thcGrDeb+g4ZefnhkVwt9c80zwPFpfFsdp7en2c4isjZw
+UyCA0qQPXBG+ChbtL3mRd/sAt10vFzBfTwjhU55rDBNjLUljEBkGpOQM1Hgi6IdY
+A/J9/DoRY6Tg66bgQxu7iqwkCWTEnSjyRyeTDrem7zED/B/CNpbTtA==
+-----END RSA PRIVATE KEY-----

certs/test-pathlen/chainD-ICA1-pathlen127.pem

@@ -0,0 +1,89 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:09 2019 GMT
+            Not After : Jul  7 00:28:09 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d7:81:78:a9:19:99:12:d1:cf:3d:51:54:1d:d3:
+                    14:94:ed:3e:de:ff:e0:23:e4:f7:23:fc:5c:49:24:
+                    d8:36:93:e6:2a:ee:a7:ab:c6:8d:c9:ad:40:45:c9:
+                    44:06:47:4c:0d:65:09:dd:db:e2:f0:bd:cd:79:1c:
+                    ec:d1:8d:de:f2:ff:66:f5:b2:bd:43:cc:58:7f:1d:
+                    db:4b:97:a5:83:5c:87:5e:9b:73:87:c8:1d:2b:47:
+                    92:55:e4:db:be:51:d5:eb:76:c2:aa:59:72:7b:f6:
+                    27:2f:be:c0:db:dc:3c:f2:e2:19:c9:b0:30:bb:2e:
+                    a2:95:48:06:bd:8e:9d:bd:8c:6b:5e:c6:9a:73:4b:
+                    6c:b0:20:96:47:44:d3:09:6b:6a:2b:fa:86:5f:1d:
+                    0b:a7:62:22:72:d5:56:1c:aa:97:8c:ce:57:a3:0f:
+                    e6:bc:cd:63:54:55:60:87:50:eb:fa:8c:e9:15:70:
+                    b3:5c:4d:0e:27:60:fd:07:6e:8c:ec:3f:a0:25:c5:
+                    01:59:a3:fc:2d:80:4b:84:4c:10:b5:c8:a7:6b:b1:
+                    e5:c5:c1:9a:b0:d6:4b:30:21:ba:42:65:e0:3f:59:
+                    cf:7f:49:4b:3b:cf:62:06:f4:89:ae:5b:81:5d:15:
+                    63:fb:7c:29:a6:b5:cf:f3:b5:b5:66:06:4f:a3:da:
+                    67:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                67:78:F9:AD:1C:53:41:1F:46:BD:49:9B:73:2E:7C:DC:5C:2D:0B:FB
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:86:FF:F5:8E:10:DE:B8:FB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:127
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         12:87:4f:82:bb:5a:21:b0:95:f6:b5:2b:95:53:a5:10:fc:f6:
+         fe:7e:03:9c:fa:cf:d7:d5:a1:72:1d:33:69:1b:0e:07:07:62:
+         74:9b:0c:2b:46:d2:b8:80:b1:72:f3:c1:83:13:62:fd:dd:17:
+         15:14:0b:64:57:26:db:70:e5:3d:44:88:05:f9:91:b0:9a:4a:
+         c0:f9:87:3c:70:16:d6:1c:58:51:d9:b9:b8:ac:11:d2:4d:94:
+         58:cf:fd:9e:74:51:28:b0:4f:ed:7d:88:25:ce:6b:eb:5e:ca:
+         e8:f9:ce:31:e1:b9:2d:e6:d9:0c:13:ff:3f:24:1f:fa:25:e8:
+         cd:cd:25:88:e7:98:dc:b5:f8:cd:21:d2:a8:71:d1:b9:18:dd:
+         18:5d:0b:97:a7:82:04:d5:e8:36:29:4b:dc:7f:d9:42:85:55:
+         81:dc:da:f9:ca:58:38:f3:2c:df:b4:2c:23:65:d3:17:01:ed:
+         f4:8b:f6:9b:0b:b5:32:ea:28:cb:c2:fb:16:2a:fe:3d:3d:0b:
+         e6:f3:bf:8f:43:75:a7:d1:b8:c9:04:31:4f:60:3a:3a:4a:b0:
+         1b:16:7d:24:b8:78:be:be:7a:80:a5:81:8c:77:7c:aa:79:75:
+         4d:3f:a2:14:36:5a:81:1f:6c:44:7d:d1:9a:db:a6:f6:e3:48:
+         d3:bb:ea:9c
+-----BEGIN CERTIFICATE-----
+MIIEwzCCA6ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTkxMDEx
+MDAyODA5WhcNMjIwNzA3MDAyODA5WjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
+SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRC1JQ0Ex
+LXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXgXipGZkS0c89UVQd0xSU7T7e
+/+Aj5Pcj/FxJJNg2k+Yq7qerxo3JrUBFyUQGR0wNZQnd2+Lwvc15HOzRjd7y/2b1
+sr1DzFh/HdtLl6WDXIdem3OHyB0rR5JV5Nu+UdXrdsKqWXJ79icvvsDb3Dzy4hnJ
+sDC7LqKVSAa9jp29jGtexppzS2ywIJZHRNMJa2or+oZfHQunYiJy1VYcqpeMzlej
+D+a8zWNUVWCHUOv6jOkVcLNcTQ4nYP0HbozsP6AlxQFZo/wtgEuETBC1yKdrseXF
+wZqw1kswIbpCZeA/Wc9/SUs7z2IG9ImuW4FdFWP7fCmmtc/ztbVmBk+j2mc5AgMB
+AAGjggENMIIBCTAdBgNVHQ4EFgQUZ3j5rRxTQR9GvUmbcy583FwtC/swgckGA1Ud
+IwSBwTCBvoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
+DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1
+jhDeuPswDwYDVR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEL
+BQADggEBABKHT4K7WiGwlfa1K5VTpRD89v5+A5z6z9fVoXIdM2kbDgcHYnSbDCtG
+0riAsXLzwYMTYv3dFxUUC2RXJttw5T1EiAX5kbCaSsD5hzxwFtYcWFHZubisEdJN
+lFjP/Z50USiwT+19iCXOa+teyuj5zjHhuS3m2QwT/z8kH/ol6M3NJYjnmNy1+M0h
+0qhx0bkY3RhdC5enggTV6DYpS9x/2UKFVYHc2vnKWDjzLN+0LCNl0xcB7fSL9psL
+tTLqKMvC+xYq/j09C+bzv49DdafRuMkEMU9gOjpKsBsWfSS4eL6+eoClgYx3fKp5
+dU0/ohQ2WoEfbER90ZrbpvbjSNO76pw=
+-----END CERTIFICATE-----

certs/test-pathlen/chainD-assembled.pem

@@ -0,0 +1,175 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 101 (0x65)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:09 2019 GMT
+            Not After : Jul  7 00:28:09 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-entity, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:e2:5d:f4:bd:06:b6:a1:21:3a:2d:7f:cc:f2:5a:
+                    15:36:28:0a:f2:bb:16:b5:ec:f9:e7:5b:92:ec:17:
+                    75:76:89:f4:1b:7c:a9:79:cb:62:4b:55:8a:ca:cc:
+                    f9:f0:a9:a2:05:61:ee:d8:8b:d0:5d:c5:49:bc:7d:
+                    28:26:7d:3a:22:cc:20:71:55:4c:3a:f7:24:d7:95:
+                    ac:ce:18:7d:0d:7b:20:4f:11:a9:7b:02:08:09:e6:
+                    85:91:e4:4e:80:b9:a4:76:0f:28:cc:07:f6:f2:be:
+                    c1:54:63:d2:b7:81:59:09:0b:c1:bd:0d:27:70:55:
+                    c7:5f:bc:54:ee:73:16:7e:d2:b4:4c:df:a8:a9:81:
+                    cc:e3:a6:8c:eb:e3:98:49:84:0b:a0:da:f3:e1:5f:
+                    32:69:6a:b0:50:69:4f:96:72:04:3f:e7:1c:80:b1:
+                    2c:6f:7d:ff:41:f2:bb:0b:17:b7:b5:ce:21:ea:e6:
+                    c2:bd:cd:28:08:40:43:04:e5:40:e2:7d:41:35:b5:
+                    51:bf:e8:20:01:99:85:a2:38:f1:6e:69:40:da:6e:
+                    9f:d3:40:63:89:19:de:4d:49:d2:79:10:b6:2a:bb:
+                    6f:66:fa:25:5f:96:c1:e8:38:96:e3:e5:28:28:b4:
+                    ca:3c:21:1c:95:cd:b5:5e:50:f1:c9:3e:c2:4c:f2:
+                    cb:33
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                58:92:0B:B2:E4:12:D8:A3:31:37:D9:89:F2:9E:6E:62:22:40:42:82
+            X509v3 Authority Key Identifier: 
+                keyid:67:78:F9:AD:1C:53:41:1F:46:BD:49:9B:73:2E:7C:DC:5C:2D:0B:FB
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:64
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+    Signature Algorithm: sha256WithRSAEncryption
+         58:fd:0d:2f:47:32:d2:11:b4:b5:a5:b5:ea:26:23:66:85:cc:
+         46:b5:42:fc:63:98:57:14:84:ca:2a:02:30:9e:a0:64:d4:24:
+         cb:42:2e:53:a3:0f:d7:24:46:cb:37:0c:ba:d9:73:50:11:15:
+         d0:4a:4a:f5:10:15:db:c9:e5:e6:a2:c3:91:89:70:c8:df:59:
+         c3:2f:c3:94:a4:50:5b:f5:d8:71:e8:ba:fa:85:ee:aa:f4:b1:
+         64:29:54:62:08:cc:89:a3:41:be:df:03:d3:75:f8:92:41:95:
+         4b:06:cc:95:30:ef:a8:6f:01:9a:2e:bc:a0:7e:4c:08:4e:d4:
+         f0:91:fe:b4:a3:67:0f:9c:5d:4d:7d:ad:04:d7:cf:e4:79:d8:
+         b2:18:78:33:fd:a3:cb:14:d3:50:1b:50:62:ef:9d:1b:88:8d:
+         7b:42:76:ce:c7:88:70:58:40:f4:bf:7c:1e:c5:26:8c:23:b7:
+         7e:d2:85:67:c7:fe:ae:59:98:06:60:54:43:1e:31:74:25:c9:
+         1e:4c:05:d2:6d:01:3e:33:ac:5d:42:c5:47:c4:20:9f:04:30:
+         ca:c7:22:63:bd:8e:16:0a:42:4c:5b:2c:3b:b4:77:3c:b4:43:
+         bb:6d:4d:40:d6:ed:30:df:29:a4:3e:e2:78:c3:4f:11:a4:53:
+         65:33:e0:c9
+-----BEGIN CERTIFICATE-----
+MIIErDCCA5SgAwIBAgIBZTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoM
+DHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNo
+YWluRC1JQ0ExLXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
+bC5jb20wHhcNMTkxMDExMDAyODA5WhcNMjIwNzA3MDAyODA5WjCBmjELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTAT
+BgNVBAoMDHdvbGZTU0wgSW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxFjAUBgNV
+BAMMDWNoYWluRC1lbnRpdHkxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiXfS9BrahITotf8zy
+WhU2KAryuxa17PnnW5LsF3V2ifQbfKl5y2JLVYrKzPnwqaIFYe7Yi9BdxUm8fSgm
+fToizCBxVUw69yTXlazOGH0NeyBPEal7AggJ5oWR5E6AuaR2DyjMB/byvsFUY9K3
+gVkJC8G9DSdwVcdfvFTucxZ+0rRM36ipgczjpozr45hJhAug2vPhXzJparBQaU+W
+cgQ/5xyAsSxvff9B8rsLF7e1ziHq5sK9zSgIQEME5UDifUE1tVG/6CABmYWiOPFu
+aUDabp/TQGOJGd5NSdJ5ELYqu29m+iVflsHoOJbj5SgotMo8IRyVzbVeUPHJPsJM
+8sszAgMBAAGjgfEwge4wHQYDVR0OBBYEFFiSC7LkEtijMTfZifKebmIiQEKCMIHB
+BgNVHSMEgbkwgbaAFGd4+a0cU0EfRr1Jm3MufNxcLQv7oYGapIGXMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIB
+ZDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBY/Q0vRzLSEbS1pbXqJiNm
+hcxGtUL8Y5hXFITKKgIwnqBk1CTLQi5Tow/XJEbLNwy62XNQERXQSkr1EBXbyeXm
+osORiXDI31nDL8OUpFBb9dhx6Lr6he6q9LFkKVRiCMyJo0G+3wPTdfiSQZVLBsyV
+MO+obwGaLrygfkwITtTwkf60o2cPnF1Nfa0E18/kediyGHgz/aPLFNNQG1Bi750b
+iI17QnbOx4hwWED0v3wexSaMI7d+0oVnx/6uWZgGYFRDHjF0JckeTAXSbQE+M6xd
+QsVHxCCfBDDKxyJjvY4WCkJMWyw7tHc8tEO7bU1A1u0w3ymkPuJ4w08RpFNlM+DJ
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 100 (0x64)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Oct 11 00:28:09 2019 GMT
+            Not After : Jul  7 00:28:09 2022 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL Inc., OU = Engineering, CN = chainD-ICA1-pathlen127, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:d7:81:78:a9:19:99:12:d1:cf:3d:51:54:1d:d3:
+                    14:94:ed:3e:de:ff:e0:23:e4:f7:23:fc:5c:49:24:
+                    d8:36:93:e6:2a:ee:a7:ab:c6:8d:c9:ad:40:45:c9:
+                    44:06:47:4c:0d:65:09:dd:db:e2:f0:bd:cd:79:1c:
+                    ec:d1:8d:de:f2:ff:66:f5:b2:bd:43:cc:58:7f:1d:
+                    db:4b:97:a5:83:5c:87:5e:9b:73:87:c8:1d:2b:47:
+                    92:55:e4:db:be:51:d5:eb:76:c2:aa:59:72:7b:f6:
+                    27:2f:be:c0:db:dc:3c:f2:e2:19:c9:b0:30:bb:2e:
+                    a2:95:48:06:bd:8e:9d:bd:8c:6b:5e:c6:9a:73:4b:
+                    6c:b0:20:96:47:44:d3:09:6b:6a:2b:fa:86:5f:1d:
+                    0b:a7:62:22:72:d5:56:1c:aa:97:8c:ce:57:a3:0f:
+                    e6:bc:cd:63:54:55:60:87:50:eb:fa:8c:e9:15:70:
+                    b3:5c:4d:0e:27:60:fd:07:6e:8c:ec:3f:a0:25:c5:
+                    01:59:a3:fc:2d:80:4b:84:4c:10:b5:c8:a7:6b:b1:
+                    e5:c5:c1:9a:b0:d6:4b:30:21:ba:42:65:e0:3f:59:
+                    cf:7f:49:4b:3b:cf:62:06:f4:89:ae:5b:81:5d:15:
+                    63:fb:7c:29:a6:b5:cf:f3:b5:b5:66:06:4f:a3:da:
+                    67:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                67:78:F9:AD:1C:53:41:1F:46:BD:49:9B:73:2E:7C:DC:5C:2D:0B:FB
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:86:FF:F5:8E:10:DE:B8:FB
+
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:127
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         12:87:4f:82:bb:5a:21:b0:95:f6:b5:2b:95:53:a5:10:fc:f6:
+         fe:7e:03:9c:fa:cf:d7:d5:a1:72:1d:33:69:1b:0e:07:07:62:
+         74:9b:0c:2b:46:d2:b8:80:b1:72:f3:c1:83:13:62:fd:dd:17:
+         15:14:0b:64:57:26:db:70:e5:3d:44:88:05:f9:91:b0:9a:4a:
+         c0:f9:87:3c:70:16:d6:1c:58:51:d9:b9:b8:ac:11:d2:4d:94:
+         58:cf:fd:9e:74:51:28:b0:4f:ed:7d:88:25:ce:6b:eb:5e:ca:
+         e8:f9:ce:31:e1:b9:2d:e6:d9:0c:13:ff:3f:24:1f:fa:25:e8:
+         cd:cd:25:88:e7:98:dc:b5:f8:cd:21:d2:a8:71:d1:b9:18:dd:
+         18:5d:0b:97:a7:82:04:d5:e8:36:29:4b:dc:7f:d9:42:85:55:
+         81:dc:da:f9:ca:58:38:f3:2c:df:b4:2c:23:65:d3:17:01:ed:
+         f4:8b:f6:9b:0b:b5:32:ea:28:cb:c2:fb:16:2a:fe:3d:3d:0b:
+         e6:f3:bf:8f:43:75:a7:d1:b8:c9:04:31:4f:60:3a:3a:4a:b0:
+         1b:16:7d:24:b8:78:be:be:7a:80:a5:81:8c:77:7c:aa:79:75:
+         4d:3f:a2:14:36:5a:81:1f:6c:44:7d:d1:9a:db:a6:f6:e3:48:
+         d3:bb:ea:9c
+-----BEGIN CERTIFICATE-----
+MIIEwzCCA6ugAwIBAgIBZDANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTkxMDEx
+MDAyODA5WhcNMjIwNzA3MDAyODA5WjCBozELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFTATBgNVBAoMDHdvbGZTU0wg
+SW5jLjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFmNoYWluRC1JQ0Ex
+LXBhdGhsZW4xMjcxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXgXipGZkS0c89UVQd0xSU7T7e
+/+Aj5Pcj/FxJJNg2k+Yq7qerxo3JrUBFyUQGR0wNZQnd2+Lwvc15HOzRjd7y/2b1
+sr1DzFh/HdtLl6WDXIdem3OHyB0rR5JV5Nu+UdXrdsKqWXJ79icvvsDb3Dzy4hnJ
+sDC7LqKVSAa9jp29jGtexppzS2ywIJZHRNMJa2or+oZfHQunYiJy1VYcqpeMzlej
+D+a8zWNUVWCHUOv6jOkVcLNcTQ4nYP0HbozsP6AlxQFZo/wtgEuETBC1yKdrseXF
+wZqw1kswIbpCZeA/Wc9/SUs7z2IG9ImuW4FdFWP7fCmmtc/ztbVmBk+j2mc5AgMB
+AAGjggENMIIBCTAdBgNVHQ4EFgQUZ3j5rRxTQR9GvUmbcy583FwtC/swgckGA1Ud
+IwSBwTCBvoAUJ45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
+DAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3Lndv
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAhv/1
+jhDeuPswDwYDVR0TBAgwBgEB/wIBfzALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEL
+BQADggEBABKHT4K7WiGwlfa1K5VTpRD89v5+A5z6z9fVoXIdM2kbDgcHYnSbDCtG
+0riAsXLzwYMTYv3dFxUUC2RXJttw5T1EiAX5kbCaSsD5hzxwFtYcWFHZubisEdJN
+lFjP/Z50USiwT+19iCXOa+teyuj5zjHhuS3m2QwT/z8kH/ol6M3NJYjnmNy1+M0h
+0qhx0bkY3RhdC5enggTV6DYpS9x/2UKFVYHc2vnKWDjzLN+0LCNl0xcB7fSL9psL
+tTLqKMvC+xYq/j09C+bzv49DdafRuMkEMU9gOjpKsBsWfSS4eL6+eoClgYx3fKp5
+dU0/ohQ2WoEfbER90ZrbpvbjSNO76pw=
+-----END CERTIFICATE-----