Merge pull request #3224 from ejohnstown/release-update

Release v4.5.0 Supplement

.gitignore

@@ -78,6 +78,7 @@ tests/unit
 testsuite/testsuite.test
 tests/unit.test
 tests/bio_write_test.txt
+tests/test-log-dump-to-file.txt
 test-write-dhparams.pem
 testsuite/*.der
 testsuite/*.pem
@@ -324,10 +325,11 @@ doc/pdf
 # XCODE Index
 IDE/XCODE/Index
 
-# ARM DS-5
+# ARM DS-5 && Eclipse
 \.settings/
 \.cproject
 \.project
+\.autotools
 
 # Renesas e2studio
 /IDE/Renesas/e2studio/Projects/test/src/smc_gen

CMakeLists.txt

@@ -0,0 +1,150 @@
+# CMakeList.txt
+#
+# Copyright (C) 2006-2020 wolfSSL Inc.
+#
+# This file is part of wolfSSL. (formerly known as CyaSSL)
+#
+# Usage:
+# $ mkdir build
+# $ cd build
+# $ cmake ..
+# $ cmake --build .
+
+# To build library only and not build examples and test apps use:
+# $ cmake .. -DBUILD_TESTS=NO
+
+# To build with debugging use:
+# $ cmake .. -DCMAKE_BUILD_TYPE=Debug
+
+
+cmake_minimum_required (VERSION 2.6)
+
+####################################################
+# Project
+####################################################
+project(wolfssl)
+find_package (Threads)
+
+####################################################
+# Compiler
+####################################################
+# Let CMake choose default compiler
+
+# Silence ranlib warning "has no symbols"
+SET(CMAKE_C_ARCHIVE_CREATE   "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+SET(CMAKE_C_ARCHIVE_FINISH   "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+SET(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+
+####################################################
+# Cross Compile Example
+####################################################
+
+#set(CMAKE_SYSTEM_NAME Linux)
+#set(CMAKE_SYSTEM_PROCESSOR arm)
+#set(CMAKE_C_COMPILER "/opt/arm-linux-musleabihf-cross/bin/arm-linux-musleabihf-gcc")
+#set(CMAKE_CXX_COMPILER "/opt/arm-linux-musleabihf-cross/bin/arm-linux-musleabihf-g++")
+#set(CMAKE_SYSROOT "/opt/arm-linux-musleabihf-cross/arm-linux-musleabihf/")
+# Example for setting CFLAGS
+#set(CMAKE_C_FLAGS "-std=gnu89 ${CMAKE_C_FLAGS}")
+# Example for map file and custom linker script
+#set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
+
+####################################################
+# Build Options
+####################################################
+SET(BUILD_TESTS YES CACHE BOOL "Build test applications")
+
+if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/options.h")
+    # Copy generated ./options.h
+    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/options.h 
+                   ${CMAKE_CURRENT_BINARY_DIR}/user_settings.h)
+else()
+   # Use template
+   configure_file(${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/options.h.in 
+                  ${CMAKE_CURRENT_BINARY_DIR}/user_settings.h)
+endif()
+
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+add_definitions(-DWOLFSSL_IGNORE_FILE_WARN)
+if(CMAKE_HAVE_PTHREAD_H)
+  add_definitions(-DHAVE_PTHREAD)
+endif()
+
+####################################################
+# Source Files
+####################################################
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/.)
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/.)
+
+file(GLOB LIB_SOURCE_FILES
+    ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/src/*.c)
+
+file(GLOB TEST_SOURCE_FILES
+    ${CMAKE_CURRENT_SOURCE_DIR}/tests/*.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
+
+####################################################
+# Output Files
+####################################################
+
+# Build wolfssl library
+add_library(wolfssl ${LIB_SOURCE_FILES})
+
+if(WIN32)
+    # For Windows link ws2_32
+    target_link_libraries(wolfssl PUBLIC $<$<PLATFORM_ID:Windows>:ws2_32>)
+else()
+    # DH requires math (m) library
+    target_link_libraries(wolfssl PUBLIC m)
+endif()
+
+# Optionally build example and test applications
+if(BUILD_TESTS)
+    # Build wolfCrypt test
+    add_executable(wolfcrypttest
+        ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
+    target_link_libraries(wolfcrypttest wolfssl)
+
+    # Build wolfCrypt benchmark
+    add_executable(wolfcryptbench
+        ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c)
+    target_link_libraries(wolfcryptbench wolfssl)
+
+    # Build wolfSSL Client example
+    add_executable(client
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
+    target_link_libraries(client wolfssl)
+
+    # Build wolfSSL Server example
+    add_executable(server
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c)
+    target_link_libraries(server wolfssl)
+
+    # Build Echo Client Example
+    add_executable(echoclient
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c)
+    target_link_libraries(echoclient wolfssl)
+
+    # Build Echo Server Example
+    add_executable(echoserver
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c)
+    target_link_libraries(echoserver wolfssl)
+
+    # Build TLS benchmark example
+    add_executable(tls_bench
+        ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
+    target_link_libraries(tls_bench wolfssl)
+    target_link_libraries(tls_bench Threads::Threads)
+
+    # Build Unit Tests
+    add_executable(unit_test
+        ${TEST_SOURCE_FILES})
+    set_target_properties( unit_test PROPERTIES COMPILE_FLAGS "-DNO_MAIN_DRIVER" )
+    target_link_libraries(unit_test wolfssl)
+    target_link_libraries(unit_test Threads::Threads)
+endif()
+
+# TODO: Add install() for library, headers and test applications

ChangeLog.md

@@ -1,3 +1,387 @@
+# wolfSSL Release 4.5.0 (August 19, 2020)
+
+If you have questions about this release, feel free to contact us on our
+info@ address.
+
+Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+## New Feature Additions
+
+* Added Xilinx Vitis 2019.2 example and README updates
+* TLS v1.3 is now enabled by default
+* Building FIPS 140-2 code and test on Solaris
+* Secure renegotiation with DTLS 1.2
+* Update RSA calls for hardware acceleration with Xilsecure
+* Additional OpenSSL compatibility layer functions added
+* Cypress PSoC6 wolfCrypt driver added
+* Added STM32CubeIDE support
+* Added certificate parsing and inspection to C# wrapper layer
+* TLS v1.3 sniffer support added
+* TSIP v1.09 for target board GR-ROSE support added
+* Added support for the "X72N Envision Kit" evaluation board
+* Support for ECC nonblocking using the configure options
+  "--enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS=-DWOLFSSL_PUBLIC_MP"
+* Added wc_curve25519_make_pub function to generate a public key given the
+  private one
+
+## Fixes
+
+* PIC32MZ hardware cache and large hashes fix
+* AES-GCM use with EVP layer in compatibility layer code
+* Fix for RSA_LOW_MEM with ARM build of SP code
+* Sanity check on tag length with AES-CCM to conform with RFC 3610
+* Fixes for 32 and 64 bit software implementations of SP code when
+  WOLFSSL_SP_CACHE_RESISTANT is defined
+* GCC warning fixes for GCC 9 and later
+* Sanity check on HKDF expand length to conform with RFC 5869
+* Fixes for STM32 CubeMX HAL with AES-GCM
+* Fixed point cache look up table (LUT) implementation fixes
+* Fix for ARM 32bit SP code when calling div word
+* Fix for potential out of bounds read when parsing CRLs
+* Fix for potential out of bounds read with RSA unpadding
+* AES-CCM optimized counter fix
+* Updates to Xcode projects for new files and features
+* Fix for adding CRL’s to a WOLFSSL_X509_STORE structure
+* FIPSv2 build with opensslall build fixes
+* Fixes for CryptoCell use with ECC and signature wrappers
+* Fix for mod calculation with SP code dealing with 3072 bit keys
+* Fix for handling certificates with multiple OU’s in name
+* Fix for SP math implementation of sp_add_d and add a sanity check on
+  rshb range
+* Fix for sanity check on padding with DES3 conversion of PEM to DER
+* Sanity check for potential out of bounds read with fp_read_radix_16
+* Additional checking of ECC scalars.
+* Fixing the FIPS Ready build w.r.t. ecc.c.
+* When processing certificate names with OpenSSL compatibility layer
+  enabled, unknown name item types were getting handled as having NID 0,
+  and failing. Added a couple more items to what is handled correctly,
+  and ignoring anything that is an unknown type.
+
+## Improvements/Optimizations
+
+* TLS 1.3 certificate verify update to handle 8192 bit RSA keys
+* wpa_supplicant support with reduced code size option
+* TLS 1.3 alerts encrypted when possible
+* Many minor coverity fixes added
+* Error checking when parsing PKCS12 DER
+* IAR warning in test.c resolved
+* ATECC608A improvements for use with Harmony 3 and PIC32 MZ
+* Support for AES-GCM and wc_SignatureVerifyHash with static memory and no
+  malloc’s
+* Enable SNI by default with JNI/JSSE builds
+* NetBSD GCC compiler warnings resolved
+* Additional test cases and code coverage added including curve25519 and
+  curve448 tests
+* Option for user defined mutexes with WOLFSSL_USER_MUTEX
+* Sniffer API’s for loading buffer directly
+* Fixes and improvements from going through the DO-178 process were added
+* Doxygen updates and fixes for auto documentation generation
+* Changed the configure option for FIPS Ready builds to be
+  `--enable-fips=ready`.
+
+## This release of wolfSSL includes fixes for 6 security vulnerabilities.
+
+wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
+2 side channel attack mitigations, 1 fix for a potential private key leak
+in a specific use case, 1 fix for DTLS.
+
+* In earlier versions of wolfSSL there exists a potential man in the middle
+  attack on TLS 1.3 clients. Malicious attackers with a privileged network
+  position can impersonate TLS 1.3 servers and bypass authentication. Users
+  that have applications with client side code and have TLS 1.3 turned on,
+  should update to the latest version of wolfSSL. Users that do not have
+  TLS 1.3 turned on, or that are server side only, are NOT affected by this
+  report. Thanks to Gerald Doussot from NCC group for the report.
+* Denial of service attack on TLS 1.3 servers from repetitively sending
+  ChangeCipherSpecs messages. This denial of service results from the
+  relatively low effort of sending a ChangeCipherSpecs message versus the
+  effort of the server to process that message. Users with TLS 1.3 servers are
+  recommended to update to the most recent version of wolfSSL which limits the
+  number of TLS 1.3 ChangeCipherSpecs that can be received in order to avoid
+  this DoS attack. CVE-2020-12457 was reserved for the report. Thanks to
+  Lenny Wang of Tencent Security Xuanwu LAB.
+* Potential cache timing attacks on public key operations in builds that are
+  not using SP (single precision). Users that have a system where malicious
+  agents could execute code on the system, are not using the SP build with
+  wolfSSL, and are doing private key operations on the system (such as signing
+  with a private key) are recommended to regenerate private keys and update to
+  the most recent version of wolfSSL. CVE-2020-15309 is reserved for this
+  issue. Thanks to Ida Bruhns from Universität zu Lübeck for the report.
+* When using SGX with EC scalar multiplication the possibility of side-channel
+  attacks are present. To mitigate the risk of side channel attacks wolfSSL’s
+  single precision EC operations should be used instead. Release 4.5.0 turns
+  this on be default now with SGX builds and in previous versions of wolfSSL
+  this can be turned on by using the WOLFSSL_SP macros. Thank you to
+  Alejandro Cabrera Aldaya, Cesar Pereida García and Billy Bob Brumley from
+  the Network and Information Security Group (NISEC) at Tampere University for
+  the report.
+* Leak of private key in the case that PEM format private keys are bundled in
+  with PEM certificates into a single file. This is due to the
+  misclassification of certificate type versus private key type when parsing
+  through the PEM file. To be affected, wolfSSL would need to have been built
+  with OPENSSL_EXTRA (--enable-opensslextra). Some build variants such as
+  --enable-all and --enable-opensslall also turn on this code path, checking
+  wolfssl/options.h for OPENSSL_EXTRA will show if the macro was used with the
+  build. If having built with the opensslextra enable option and having placed
+  PEM certificates with PEM private keys in the same file when loading up the
+  certificate file, then we recommend updating wolfSSL for this use case and
+  also recommend regenerating any private keys in the file.
+* During the handshake, clear application_data messages in epoch 0 are
+  processed and returned to the application. Fixed by dropping received
+  application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
+  University and Robert Merget of Ruhr-University Bochum for the report.
+
+For additional vulnerability information visit the vulnerability page at
+https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
+
+
+# wolfSSL Release 4.4.0 (04/22/2020)
+
+If you have questions about this release, then feel free to contact us on our
+info@ address.
+
+Release 4.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+## New Feature Additions
+
+* Hexagon support.
+* DSP builds to offload ECC verify operations.
+* Certificate Manager callback support.
+* New APIs for running updates to ChaCha20/Poly1305 AEAD.
+* Support for use with Apache.
+* Add support for IBM s390x.
+* PKCS8 support for ED25519.
+* OpenVPN support.
+* Add P384 curve support to SP.
+* Add BIO and EVP API.
+* Add AES-OFB mode.
+* Add AES-CFB mode.
+* Add Curve448, X448, and Ed448.
+* Add Renesas Synergy S7G2 build and hardware acceleration.
+
+## Fixes
+
+* Fix for RSA public encrypt / private sign with RSA key sizes over 2048-bit.
+* Correct misspellings.
+* Secure renegotiation fix.
+* Fix memory leak when using ATECC and non-SECP256R1 curves for sign, verify,
+  or shared secret.
+* Fix for K64 MMCAU with `WOLFSSL_SMALL_STACK_CACHE`.
+* Fix the RSA verify only build.
+* Fix in SP C implementation for small stack.
+* Fix using the auth key id extension is set, hash might not be present.
+* Fix when flattening certificate structure to include the subject alt names.
+* Fixes for building with ECC sign/verify only.
+* Fix for ECC and no cache resistance.
+* Fix memory leak in DSA.
+* Fix build on minGW.
+* Fix `PemToDer()` call in `ProcessBuffer()` to set more than ECC.
+* Fix for using RSA without SHA-512.
+* Add some close tags to the echoserver HTTP example output.
+* Miscellaneous fixes and updates for static analysis reports.
+* Fixes for time structure support.
+* Fixes for VxWorks support.
+* Fixes for Async crypto support.
+* Fix cache resist compile to work with SP C code.
+* Fixes for Curve25519 x64 asm.
+* Fix for SP x64 div.
+* Fix for DTLS edge case where CCS and Finished come out of order and the
+  retransmit pool gets flushed.
+* Fix for infinite loop in SHA-1 with small inputs. Thanks to Peter W.
+* Fix for FIPS Hmac where `wc_HmacInit()` isn't used. `wc_HmacSetKey()` needs
+  to initialize the Hmac structure. Type is set to NONE, and checked against
+  NONE, not 0.
+* Fixes for SP RSA private operations.
+* Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
+* Fix leak when building with HAVE_AESGCM and NO_AES_DECRYPT. Thanks G.G.
+* Fixes for building ECC without ASN.
+* Fix for async TLSv1.3 issues.
+* Fix `wc_KeyPemToDer()` with PKCS1 and empty key.
+* Omit `-fomit-frame-pointer` from CFLAGS in configure.ac.
+
+## Improvements/Optimizations
+
+* Qt 5.12 and 5.13 support.
+* Added more digest types to Cryptocell RSA sign/verify.
+* Some memory usage improvements.
+* Speed improvements for mp_rand.
+* Improvements to CRL and OCSP support.
+* Refactor Poly1305 AEAD/MAC to reduce duplicate code.
+* Add blinding to RSA key gen.
+* Improvements to blinding.
+* Improvement and expansion of OpenSSL Compatibility Layer.
+* Improvements to ChaCha20.
+* Improvements to X.509 processing.
+* Improvements to ECC support.
+* Improvement in detecting 64-bit support.
+* Refactor to combine duplicate ECC parameter parsing code.
+* Improve keyFormat to be set by algId and let later key parsing produce fail.
+* Add test cases for 3072-bit and 4096-bit RSA keys.
+* Improve signature wrapper and DH test cases.
+* Improvements to the configure.ac script.
+* Added constant time RSA q modinv p.
+* Improve performance of SP Intel 64-bit asm.
+* Added a few more functions to the ABI list.
+* Improve TLS bidirectional shutdown behavior.
+* OpenSSH 8.1 support.
+* Improve performance of RSA/DH operations on x64.
+* Add support for PKCS7/CMS Enveloped data with fragmented encrypted content.
+* Example linker description for FIPS builds to enforce object ordering.
+* C# wrapper improvements. Added TLS client example and TLSv1.3 methods.
+* Allow setting MTU in DTLS.
+* Improve PKCS12 create for outputting encrypted bundles.
+* Constant time EC map to affine for private operations.
+* Improve performance of RSA public key ops with TFM.
+* Smaller table version of AES encrypt/decrypt.
+* Support IAR with position independent code (ROPI).
+* Improve speed of AArch64 assembly.
+* Support AES-CTR on esp32.
+* Add a no malloc option for small SP math.
+
+## This release of wolfSSL includes fixes for 2 security vulnerabilities.
+
+* For fast math, use a constant time modular inverse when mapping to affine
+  when operation involves a private key - keygen, calc shared secret, sign.
+  Thank you to Alejandro Cabrera Aldaya, Cesar Pereida García and
+  Billy Bob Brumley from the Network and Information Security Group (NISEC)
+  at Tampere University for the report.
+
+* Change constant time and cache resistant ECC mulmod. Ensure points being
+  operated on change to make constant time. Thank you to Pietro Borrello at
+  Sapienza University of Rome.
+
+For additional vulnerability information visit the vulnerability page at
+https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
+
+
+
+# wolfSSL Release 4.3.0 (12/20/2019)
+
+If you have questions about this release, then feel free to contact us on our info@ address.
+
+Release 4.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+##### New Feature Additions
+* Add --enable-libwebsockets option for support of libwebsockets build
+* Updated support for NGINX 1.15.0 and added support for 1.16.1
+* Add wc_scrypt_ex API which can take in iterations rather than cost
+* Updates to RSA-PSS salt lengths. Macro WOLFSSL_PSS_SALT_LEN_DISCOVER allows for discovering the salt length. Passing RSA_PSS_SALT_LEN_DISCOVER value into wc_RsaPSS_Verify_ex attempts to discover salt length and can use larger salt lengths
+* Additional OpenSSL compatibility API wolfSSL_CertManagerGetCerts and wolfSSL_X509_STORE_GetCerts for retrieving certificates
+* Add support for 4096-bit RSA/DH operations to SP (single precision) build
+* Update support for Google WebRTC to branch m79
+* Adds new FREESCALE_MQX_5_0 macro for MQX 5.0 support
+* Adds a CMS/PKCS#7 callback for signing SignedData raw digests enabled with macro HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK and call to function wc_PKCS7_SetRsaSignRawDigestCb
+* Add --disable-errorqueue feature to disable adding debug nodes to queue with --enable-opensslextra build
+* After defining WOLFSSL_SHUTDOWNONCE macro the function wolfSSL_shutdown will return a specific error code of SSL_SHUTDOWN_ALREADY_DONE_E, to indicate to the application that the shutdown has already occurred
+* Add AES-CCM decryption to benchmarking app bundled with wolfSSL
+
+
+##### Fixes
+* Fixes IAR warnings with IAR-EWARM 7.50.2
+* Alignment fixes for mmCAU with AES and hashing algorithms
+* Fix check for plaintext length when using Encrypt-Then-MAC
+* Fix for unit tests with NGINX and debug mode
+* Fix for macro names in test cases (WOLFSSL_PUBLIC_MP) and pkcs7.c (HAVE_AESCCM)
+* Fix for Apache want read case with BIO retry flag
+* Fix for PKCS7 streaming mode that would error rather than verify bundle
+* Fix for freeing mutex for X509 and wolfSSL_EVP_PKEY_free, applies to OPENSSL_EXTRA / --enable-opensslextra builds
+* Fix for encrypt then MAC when re-handshaking, encrypted handshakes change over to ETM now
+* Fix for curve25519 assembly optimizations with GCC + AVX2
+* Fix to hang onto certificate for retrieval if using secure renegotiation and session resumption
+* Fixes case where the heap hint is created before WOLFSSL_CTX, when calling wc_LoadStaticMemory instead of wolfSSL_CTX_load_static_memory
+* Fix for setting correct return value in PKCS12 parse error case
+* Reset certificate extension policy count
+* Fix for memcpy with TLS I/O buffers when using staticmemory pools and loading memory as WOLFMEM_IO_POOL_FIXED
+* Fixes and updates for STM32 port, including additional mutex protection, AES-GCM decrypt auth tag, AES-CTR mode with CubeMX, update to OpenSTM32 project
+* Fix for EVP CipherUpdate decrypt and add a test case
+* DTLS fixes including; some DTLS sequence number issues in general where the sequence was incremented twice for each record and some offset values in the DTLS window checking
+* Fix sp_add to handle carries properly (--enable-sp-math build)
+* Additional sanity check on OCSP response decoder
+* Fix for vasprintf with Solaris and AIX builds
+* Fix for missing variable declaration with --enable-scep --with-libz build
+* Fix for certificate date check with async build
+* Sanity check on “out” length with Base64_Decode added
+* Decode X.509 name - check input length for jurisdiction
+* Additional sanity check on variable out index with DecodePolicyOID
+* Fix for PKCS#12 PBKDF buffer size for buffer overflow
+* TLS supported curve extension check curve name is in range before checking for disabled
+* Sanity check for non TLS 1.3 cipher suite with TLS 1.3 connection
+* Poly1305 AVX2 assembly optimization fix for carry with large input values
+* Fixes for coverity report including null termination of test case strings and initialization of PKCS7 variables
+* Fix for API visibility of wc_ed25519_check_key which resolves a wolfcrypt-py install issue
+* Sanity check on max ALPN length accepted
+* Additional sanity check when parsing CRL’s for copying the structure, fix for bounds checking
+* Additional checks on error string length for debug mode and check for null termination
+* ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
+* Clear the top bit when generating a serial number
+* Sanity check that ASN date characters are valid ASCII characters
+* Fix to add deterministic ECDSA and fix corner cases for add point.
+* When getting the DH public key, initialize the P, G, and Pub pointers to NULL, then set that we own the DH parameters flag. This allows FreeSSL to correctly clean up the DH key.
+
+##### Improvements/Optimizations
+* Added configure error report with using invalid build of --enable-opensslextra and --enable-opensslcoexist together
+* Update PKCS11 for determining key type given the private key type
+* Update DoVerifyCallback to check verify param hostName and ipasc (--enable-opensslextra builds)
+* additional null sanity checks on input arguments with QSH and Cryptocell builds
+* Additional checks on RSA key added to the function wc_CheckRsaKey
+* Updates for EBSNET support, including fseek, revised macros in settings.h, and realloc support
+* MISRA-C updates for SP math code
+* Update to allow compiling for pwdbased/PBKDF2 with having NO_ASN defined
+* Modify KeyShare and PreSharedKey TLS 1.3 extension linked list advancement to be easier for compilers to handle
+* Optimization to parsing certificate extension name strings
+* Adjustment to example server -x runtime behavior when encountering an unrecoverable error case 
+* Remove Blake2b support from HMAC
+* Adds new hash wrapper init wc_HashInit_ex and Adds new PBKDF2 API wc_PBKDF2_ex for using heap hints for custom memory pools
+* Adding script to cleanup generated test files,  scripts/cleanup_testfiles.sh
+* Support 20-byte serial numbers and disallow 0
+* sp_div improved to handle when a has less digits than d (--enable-sp-math build)
+* When decoding a policy OID and turning it into a human readable string use snprintf() 
+* set the IV length of EVP AES GCM to 96-bits by default
+* Allow adding CAs for root CA's over the wire that do not have the extended key usage cert_sign set
+* Added logging messages for SendAlert call and update to send alert after verify certificate callback
+* updates for synchronous OCTEON support in the Sniffer
+* Rework BER to DER functions to not be recursive
+* Updates to find CRL by AuthKeyId
+* Add a check for subject name hash after matching AKID
+* Enhancement to mp_invmod/fp_exptmod/sp_exptmod to handle more inputs
+* Remove requirement for macro NO_SKID when CRL use is enabled
+* Improvements on XFTELL return code and MAX_WOLFSSL_FILE_SIZE checking
+* When checking if value is prime return NO in the case of the value 1
+* Improve Cortex-M RSA/DH assembly code performance
+* Additional sanity checks on arrays and buffers with OCSP
+
+
+##### This release of wolfSSL includes a fix for 6 security vulnerabilities.
+
+
+A fix for having an additional sanity check when parsing certificate domain names was added. This fix checks that the domain name location index is not past the maximum value before setting it. The reported issue affects users that are parsing certificates and have --enable-opensslextra (macro OPENSSL_EXTRA), or build options that turn this on such as --enable-all, when building wolfSSL. The CVE associated with the fix is CVE-2019-18840.
+
+Fix to set a limit on the maximum size of DTLS handshake messages. By default the RFC allows for handshake message sizes of up to 2^24-1 bytes long but in typical field use cases the handshake messages are not this large. Setting a maximum size limit on the handshake message helps avoid a potential DoS attack due to memory being malloc’d. The new default max size is set to handle a certificate chain length of approximately 9, 2048 bit RSA certificates. This only effects builds that have DTLS turned on and have applications that are using DTLS.
+
+Fix for a potential hang when ECC caching is enabled (off by default) and --enable-fastmath is used. ECC caching is off by default and is turned on in builds that are using --enable-all or --enable-fpecc. This issue does not affect builds that are using the macro WOLFSSL_VALIDATE_ECC_IMPORT which turns on validating all ECC keys that are imported. To fix this potential hang case a sanity check on the input values to the internal invmod function was added.
+
+
+To fix a potential fault injection attack on a wrapper function for wolfCrypt RSA signature generations an additional sanity check verifying the signature after it’s creation was added. This check is already done automatically in current versions of wolfSSL with TLS connections (internal function call of VerifyRsaSign during TLS state machine). The report only affects users making calls to the wolfCrypt function wc_SignatureGenerateHash and does not affect current TLS use cases. Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
+
+
+Blinding was added for DSA signing operations. The DSA signing uses the BEEA algorithm during modular inversion of the nonce which can potentially leak the nonce through side channels such as cache and power fluctuations. The fix of adding in blinding makes the DSA signing operation more resistant to side channel attacks. Users who have turned on DSA (disabled by default) and are performing signing operations should update. Note that DSA is not used in any TLS connections. Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
+
+
+Fix to add additional side channel cache attack resistance to the internal ECC function wc_ecc_mulmod_ex. This function by default is used with ECDSA signing operations. Users should update if performing ECDSA singing operations (server side ECC TLS connections, mutual authentication on client side) or calling wolfCrypt ECC sign functions and have the potential for outside users to perform sophisticated monitoring of the cache.Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
+
+
+For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 # wolfSSL Release 4.2.0 (10/22/2019)
 
 If you have questions about this release, then feel free to contact us on our info@ address.
@@ -899,7 +1283,7 @@ More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
 - Add helper functions for static memory option to allow getting optimum buffer
   sizes.
 - Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now.
-- Update fp_isprime function from libtom enchancement/cleanup repository.
+- Update fp_isprime function from libtom enhancement/cleanup repository.
 - Update sanity checks on inputs and return values for AES-CMAC.
 - Update wolfSSL for use with MYSQL v5.6.30.
 - Update LPCXpresso eclipse project to not include misc.c when not needed.
@@ -1226,7 +1610,7 @@ More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
   the Prosecco team at INRIA Paris-Rocquencourt for the report.
 - FIPS version submitted
 - Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED
-- User can set mimimum downgrade version with CyaSSL_SetMinVersion()
+- User can set minimum downgrade version with CyaSSL_SetMinVersion()
 - Small stack improvements at TLS/SSL layer
 - TLS Master Secret generation and Key Expansion are now exposed
 - Adds client side Secure Renegotiation, * not recommended *
@@ -1893,7 +2277,7 @@ works but seems to remove sockets from  TIME_WAIT entirely?
 
 `sudo sysctl -w net.ipv4.tcp_fin_timeout=1`
 
-doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
+doesn't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
 
 
 # CyaSSL Release 1.4.0 (2/18/2010)

IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino

@@ -1,6 +1,6 @@
 /* wolfssl_client.ino
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino

@@ -1,6 +1,6 @@
 /* wolfssl_server.ino
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ARDUINO/wolfssl-arduino.sh

@@ -32,6 +32,14 @@ if [ "$DIR" = "ARDUINO" ]; then
     mv ./wolfSSL/bio.c ./wolfSSL/wolfssl
 	mv ./wolfSSL/evp.c ./wolfSSL/wolfssl
 
+    # make a copy of evp.c and bio.c for ssl.c to include inline
+    cp ./wolfSSL/wolfssl/evp.c ./wolfSSL/wolfcrypt/src/evp.c
+    cp ./wolfSSL/wolfssl/bio.c ./wolfSSL/wolfcrypt/src/bio.c
+    
+    # copy openssl compatibility headers to their appropriate location
+    mkdir ./wolfSSL/wolfssl/openssl
+    cp ../../wolfssl/openssl/* ./wolfSSL/wolfssl/openssl
+
     echo "/* Generated wolfSSL header file for Arduino */" > ./wolfSSL/wolfssl.h
     echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
     echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h

IDE/CRYPTOCELL/README.md

@@ -22,13 +22,15 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s
 - SHA-256
 - AES CBC
 - CryptoCell 310 RNG
-- RSA sign/verify and RSA key gen
+- RSA sign/verify and RSA key gen (2048 bit in PKCSv1.5 padding mode)
 - RSA encrypt/decrypt
 - ECC sign/verify/shared secret
 - ECC key import/export and key gen pairs
 - Hardware RNG
 - RTC for benchmark timing source
 
+Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible with key pairs generated with Cryptocell because the importing/exporting Cryptocell keys has not been implemented yet.
+
 ## Setup
 ### Setting up Nordic SDK with wolfSSL
 1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source.

IDE/CRYPTOCELL/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2019 wolfSSL Inc.
+ * Copyright (C) 2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/CRYPTOCELL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2019 wolfSSL Inc.
+ * Copyright (C) 2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/deos_malloc.c

@@ -1,6 +1,6 @@
 /* deos_malloc.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/tls_wolfssl.c

@@ -1,6 +1,6 @@
 /* tls_wolfssl.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -380,10 +380,7 @@ void wolfssl_server_test(uintData_t statusPtr)
     int  socketAddrLen=sizeof(sockaddr);
     char rx_buf[RX_BUF_SIZE];
     char tx_buf[TX_BUF_SIZE];
-    unsigned  char attempt_conn;
     clientConnectionHandleType TCPserverHandle;
-    void * sendBuffer;
-    DWORD bufferSizeInBytes;
 
     WOLFSSL * ssl;
     WOLFSSL_CTX * ctx;
@@ -572,7 +569,6 @@ int  wolfsslRunTests (void)
 {
     thread_handle_t TCPhandle;
     threadStatus ts;
-    int ret;
 
     #if !defined(NO_CRYPT_TEST)
         wolfcrypt_test(NULL);

IDE/ECLIPSE/DEOS/tls_wolfssl.h

@@ -1,6 +1,6 @@
 /* tls_wolfssl.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/user_settings.h

@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/client_wolfssl.c

@@ -1,6 +1,6 @@
 /* client_wolfssl.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/client_wolfssl.h

@@ -1,6 +1,6 @@
 /* client_wolfssl.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/server_wolfssl.c

@@ -1,6 +1,6 @@
 /* server_wolfssl.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/server_wolfssl.h

@@ -1,6 +1,6 @@
 /* server_wolfssl.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/user_settings.h

@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c

@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/dummy_config_h

@@ -1,6 +1,6 @@
 /* config.h - dummy
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c

@@ -1,6 +1,6 @@
 /* helper.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

@@ -1,6 +1,6 @@
 /* client-tls-callback.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -92,7 +92,7 @@ static void tls_smp_client_init(void)
         ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_CLIENT_TASK_NAME);
     }
 }
-/* event hander for wifi events */
+/* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
     switch (event->event_id)

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* wifi_connect.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c

@@ -1,6 +1,6 @@
 /* server-tls-callback.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -64,7 +64,7 @@ static void ShowCiphers(void)
 #include "wolfssl/wolfcrypt/port/atmel/atmel.h"
 
 /* when you want to use a custom slot allocation */
-/* enable the difinition CUSTOM_SLOT_ALLOCATION. */
+/* enable the definition CUSTOM_SLOT_ALLOCATION. */
 
 #if defined(CUSTOM_SLOT_ALLOCATION)
 

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c 
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -35,7 +35,7 @@ const static int CONNECTED_BIT = BIT0;
 static EventGroupHandle_t wifi_event_group;
 /* prefix for logging */
 const static char *TAG = "tls_server";
-/* proto-type difinition */
+/* proto-type definition */
 extern void tls_smp_server_task();
 static void tls_smp_server_init();
 
@@ -89,7 +89,7 @@ static void tls_smp_server_init(void)
         ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME);
     }
 }
-/* event hander for wifi events */
+/* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
     switch (event->event_id)
@@ -98,8 +98,13 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         esp_wifi_connect();
         break;
     case SYSTEM_EVENT_STA_GOT_IP:
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+        ESP_LOGI(TAG, "got ip:" IPSTR "\n",
+                 IP2STR(&event->event_info.got_ip.ip_info.ip));
+#else
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
+#endif
         /* http://esp32.info/docs/esp_idf/html/dd/d08/group__xEventGroupSetBits.html */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
@@ -120,8 +125,11 @@ void app_main(void)
 
     ESP_LOGI(TAG, "Initialize wifi");
     /* TCP/IP adapter initialization */
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+    esp_netif_init();
+#else
     tcpip_adapter_init();
-
+#endif
     /* */
 #if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
     (void) wifi_event_handler;

IDE/Espressif/ESP-IDF/test/test_wolfssl.c

@@ -171,7 +171,7 @@ static void tskAes256_Test(void *pvParam)
 }
 #endif
 
-#if !defined(NO_RSA) || defined(HAVE_ECC)
+#if (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(WC_NO_RNG)
 
 int mp_performance_check(int mul, int mulmod, int exptmod)
 {
@@ -280,13 +280,13 @@ int mp_performance_check(int mul, int mulmod, int exptmod)
                 printf("(%d,%d) Xbits = %d, Ybits = %d Pbits = %d",
                                                         i , j, Xbits, Ybits, Pbits);
                 if(mul) {
-                    printf(" mul = %llu (us)", elapsedTime1);
+                    printf(" mul = %llu (us)", (unsigned long long)elapsedTime1);
                 }
                 if(mulmod) {
-                    printf(" mulmod = %llu (us)\n", elapsedTime2);
+                    printf(" mulmod = %llu (us)\n", (unsigned long long)elapsedTime2);
                 }
                 if(exptmod) {
-                    printf(" exptmod = %llu (ms)\n", elapsedTime3);
+                    printf(" exptmod = %llu (ms)\n", (unsigned long long)elapsedTime3);
                 }
             }
         }
@@ -539,20 +539,20 @@ int mp_unitest_exptmod(const char* strZ, const char* strX, const char* strY,
 TEST_CASE("wolfssl mp exptmod test"   , "[wolfssl]")
 {
     ESP_LOGI(TAG, "mp test");
-    int verbose = 0;
+    int verbose = 1;
 
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("2", "5", "1", "3", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("1", "-5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("02", "5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("01", "-5", "1", "3", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("CE331E6D30A77A57", "1234", "A",
                            "FFFFFFFFFFFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("1000000", "1000", "2", "FFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("1000000", "2", "128",
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("01000000", "1000", "2", "FFFFFFF", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("01000000", "2", "128",
                             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("14B5A90", "1234", "2", "FFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("1234321", "1111", "2", "FFFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("2", "5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("014B5A90", "1234", "2", "FFFFFFF", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("01234321", "1111", "2", "FFFFFFFF", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("02", "5", "1", "3", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("22", "55", "1", "33", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("222", "555", "1", "333", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("0222", "555", "1", "333", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("2222", "5555", "1", "3333", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("11", "5555", "1", "33", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("55", "1111", "1", "77", verbose));
@@ -564,14 +564,14 @@ TEST_CASE("wolfssl mp mulmod test"   , "[wolfssl]")
     ESP_LOGI(TAG, "mp test");
     int verbose = 0;
     /*                                      Z    X    Y    M */
-    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("2", "5", "1", "3", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("1", "-5", "1", "3", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("2", "-64", "A", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("02", "5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("01", "-5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("02", "-64", "A", "3", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("74C3AC", "123456", "55555", "AAAAA1", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("73A068", "123456", "55555", "AAAAA3", verbose));
 
     mp_unitest_mulmod(
-    "10C530243ADE5EA7C557E9A2FF5B4573195665A89CB921F573267B15CD2BCB6467E925235AA752CC2D08B07D31497B497744CA3685A46E76247439826628589DD814AC9EEE9EF8B4B44BEE2DB6065BE3C51B788E4ECFF39FB28C3D8EBE10FC9989D97CDC6624E32EBD222E222A2E93085FC2D05E4EB73375F7FC7B11E9B3024",
+    "010C530243ADE5EA7C557E9A2FF5B4573195665A89CB921F573267B15CD2BCB6467E925235AA752CC2D08B07D31497B497744CA3685A46E76247439826628589DD814AC9EEE9EF8B4B44BEE2DB6065BE3C51B788E4ECFF39FB28C3D8EBE10FC9989D97CDC6624E32EBD222E222A2E93085FC2D05E4EB73375F7FC7B11E9B3024",
     "A4F780E83C3FAC34878787D4876BA7582E48C7637A26C6E720974FC7416150A3865D44F6D08E3DA38EB4296928C564D9A0008D8A0D63E0B8EF54D14D54FBEAB540E43D2ED6BE54806D9150C1944437CC3D8B2486A1FB932A6691B529E0E2A46524CB0825BA4F4E1B9C24554DB1913169E5373173A3B7CBBF77C3403C8C7AE86A",
     "6520379E44C1A2C359342010E1038F8C3644D9A47A9346A80C92B48A6986872D74C3BDDB49B2D93C554B588D4A4448614FADBC066CC10F3EB20A2422EA857B7DD0BF60C9CB7D733B12761BD785BCD122D97ECA0A8F1D0F705BC094B66EE5C96712AE3B14B5AA6AD9E50C6A3020BA01DA4FB94E3934527ADCDB3DE51C368B37C2",
     "BE7070B80418E528FE66D89088E0F1B7C3D0D23EE64B9474B0FFB0F763A5AB7EAFB62BB738161A50BFF1CA873AD5B0DAF8437A15B97EEA2A80D251B035AF07F3F25D243A4B8756481B3C249ADA7080BD3C8B034A0C8371DEE30370A2B760091B5EC73DA06460E3A9068DD3FF42BB0A94272D57420DB02DE0BA182560921192F3",
@@ -604,11 +604,11 @@ TEST_CASE("wolfssl mp mul test"   , "[wolfssl]")
     ESP_LOGI(TAG, "mp test");
     int verbose = 0;
 
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("A", "5", "2", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("-A", "-5", "2", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("A", "-5", "-2", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("6260060", "1234", "5678", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("38E83", "123", "321", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("0A", "5", "2", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("-0A", "-5", "2", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("0A", "-5", "-2", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("06260060", "1234", "5678", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("038E83", "123", "321", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_mul("75CD7FCBBC", "123456", "6789A", verbose));
 
     TEST_ASSERT_EQUAL(0, mp_unitest_mul(
@@ -618,7 +618,7 @@ TEST_CASE("wolfssl mp mul test"   , "[wolfssl]")
     verbose));
 
     TEST_ASSERT_EQUAL(0, mp_unitest_mul(
-    "33676FE7B625BF0759F7E8932B6B50D5F45E16E1C670AD20F1CDA5DFFA433685937CA8422A9CB916CC8",
+    "033676FE7B625BF0759F7E8932B6B50D5F45E16E1C670AD20F1CDA5DFFA433685937CA8422A9CB916CC8",
     "165196BA298CD54975DC483C4D21A51EA0A146783CFB41522E76E50C",
     "24D9D5CA7D9CCC06F5E70F1963E6",
     verbose));
@@ -636,7 +636,7 @@ TEST_CASE("wolfssl mp mul performance test"   , "[wolfssl]")
 
     TEST_ASSERT_EQUAL(0, mp_performance_check(mul, mulmod, exptmod));
 }
-#endif/* !NO_RSA || HAVE_ECC */
+#endif/* (!NO_RSA || HAVE_ECC) && !WC_NO_RNG */
 
 TEST_CASE("wolfssl aes test"  , "[wolfssl]")
 {

IDE/Espressif/ESP-IDF/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -43,6 +43,10 @@
 #define CURVE25519_SMALL
 #define HAVE_ED25519
 
+/* when you want to use aes counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
 /* esp32-wroom-32se specific definition */
 #if defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ATECC508A

IDE/GCC-ARM/Header/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -171,16 +171,15 @@ extern "C" {
     #undef  ECC_TIMING_RESISTANT
     #define ECC_TIMING_RESISTANT
 
-    /* Enable cofactor support */
     #ifdef HAVE_FIPS
         #undef  HAVE_ECC_CDH
-        #define HAVE_ECC_CDH
-    #endif
+        #define HAVE_ECC_CDH /* Enable cofactor support */
+
+        #undef NO_STRICT_ECDSA_LEN
+        #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
 
-    /* Validate import */
-    #ifdef HAVE_FIPS
         #undef  WOLFSSL_VALIDATE_ECC_IMPORT
-        #define WOLFSSL_VALIDATE_ECC_IMPORT
+        #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
     #endif
 
     /* Compressed Key Support */
@@ -189,14 +188,17 @@ extern "C" {
 
     /* Use alternate ECC size for ECC math */
     #ifdef USE_FAST_MATH
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
         #ifdef NO_RSA
             /* Custom fastmath size if not using RSA */
-            /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
             #undef  FP_MAX_BITS
-            #define FP_MAX_BITS     (256 + 32)
+            #define FP_MAX_BITS     (256 * 2)
         #else
             #undef  ALT_ECC_SIZE
             #define ALT_ECC_SIZE
+            /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
+            //#undef  FP_MAX_BITS_ECC
+            //#define FP_MAX_BITS_ECC (256 * 2)
         #endif
 
         /* Speedups specific to curve */

IDE/GCC-ARM/Source/armtarget.c

@@ -1,6 +1,6 @@
 /* armtarget.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -142,20 +142,20 @@ void HardFault_HandlerC( uint32_t *hardfault_args )
     _BFAR = (*((volatile uint32_t *)(0xE000ED38)));
 
     printf ("\n\nHard fault handler (all numbers in hex):\n");
-    printf ("R0 = %lx\n", stacked_r0);
-    printf ("R1 = %lx\n", stacked_r1);
-    printf ("R2 = %lx\n", stacked_r2);
-    printf ("R3 = %lx\n", stacked_r3);
-    printf ("R12 = %lx\n", stacked_r12);
-    printf ("LR [R14] = %lx  subroutine call return address\n", stacked_lr);
-    printf ("PC [R15] = %lx  program counter\n", stacked_pc);
-    printf ("PSR = %lx\n", stacked_psr);
-    printf ("CFSR = %lx\n", _CFSR);
-    printf ("HFSR = %lx\n", _HFSR);
-    printf ("DFSR = %lx\n", _DFSR);
-    printf ("AFSR = %lx\n", _AFSR);
-    printf ("MMAR = %lx\n", _MMAR);
-    printf ("BFAR = %lx\n", _BFAR);
+    printf ("R0 = %ux\n", stacked_r0);
+    printf ("R1 = %ux\n", stacked_r1);
+    printf ("R2 = %ux\n", stacked_r2);
+    printf ("R3 = %ux\n", stacked_r3);
+    printf ("R12 = %ux\n", stacked_r12);
+    printf ("LR [R14] = %ux  subroutine call return address\n", stacked_lr);
+    printf ("PC [R15] = %ux  program counter\n", stacked_pc);
+    printf ("PSR = %ux\n", stacked_psr);
+    printf ("CFSR = %ux\n", _CFSR);
+    printf ("HFSR = %ux\n", _HFSR);
+    printf ("DFSR = %ux\n", _DFSR);
+    printf ("AFSR = %ux\n", _AFSR);
+    printf ("MMAR = %ux\n", _MMAR);
+    printf ("BFAR = %ux\n", _BFAR);
 
     // Break into the debugger
     __asm("BKPT #0\n");

IDE/GCC-ARM/Source/benchmark_main.c

@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/test_main.c

@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/tls_client.c

@@ -1,6 +1,6 @@
 /* tls_client.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/wolf_main.c

@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/include.am

@@ -9,6 +9,7 @@ EXTRA_DIST+= IDE/GCC-ARM/Source/benchmark_main.c
 EXTRA_DIST+= IDE/GCC-ARM/Source/test_main.c
 EXTRA_DIST+= IDE/GCC-ARM/Source/tls_client.c
 EXTRA_DIST+= IDE/GCC-ARM/linker.ld
+EXTRA_DIST+= IDE/GCC-ARM/linker_fips.ld
 EXTRA_DIST+= IDE/GCC-ARM/Makefile
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.bench
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.client

IDE/GCC-ARM/linker_fips.ld

@@ -0,0 +1,92 @@
+MEMORY
+{
+  FLASH (wx) : ORIGIN = 0x00000000, LENGTH = 256K
+  RAM   (wx) : ORIGIN = 0x20000000, LENGTH = 64K
+}
+
+SECTIONS
+{
+    __vectors_start__ = .;
+    .vectors : { *(.vectors) } > FLASH
+    __vectors_end__ = __vectors_start__ + 0x400;
+
+    /* Custom section for wolfCrypt FIPS module */
+    .wolfCryptFIPSModule_text :
+    {
+        . = ALIGN(4);
+        KEEP(wolfcrypt_first.o (.text .text* ))
+        KEEP(aes.o(.text .text* ))
+        KEEP(cmac.o (.text .text* ))
+        KEEP(des3.o (.text .text* ))
+        KEEP(dh.o (.text .text* ))
+        KEEP(ecc.o (.text .text* ))
+        KEEP(fips.o (.text .text* ))
+        KEEP(fips_test.o (.text .text* ))
+        KEEP(hmac.o (.text .text* ))
+        KEEP(random.o(.text .text* ))
+        KEEP(rsa.o (.text .text* ))
+        KEEP(sha.o (.text .text* ))
+        KEEP(sha256.o (.text .text* ))
+        KEEP(sha3.o (.text .text* ))
+        KEEP(sha512.o (.text .text* ))
+        KEEP(wolfcrypt_last.o(.text .text*))
+        . = ALIGN(4);
+    } > FLASH
+    .wolfCryptFIPSModule_rodata :
+    {
+        . = ALIGN(4);
+        KEEP(wolfcrypt_first.o (.rodata .rodata*))
+        KEEP(aes.o(.rodata .rodata*))
+        KEEP(cmac.o(.rodata .rodata*))
+        KEEP(des3.o(.rodata .rodata*))
+        KEEP(dh.o(.rodata .rodata*))
+        KEEP(ecc.o(.rodata .rodata*))
+        KEEP(fips.o(.rodata .rodata*))
+        KEEP(fips_test.o(.rodata .rodata*))
+        KEEP(hmac.o(.rodata .rodata*))
+        KEEP(random.o(.rodata .rodata*))
+        KEEP(rsa.o(.rodata .rodata*))
+        KEEP(sha.o(.rodata .rodata*))
+        KEEP(sha256.o(.rodata .rodata*))
+        KEEP(sha3.o(.rodata .rodata*))
+        KEEP(sha512.o(.rodata .rodata*))
+        KEEP(wolfcrypt_last.o(.rodata .rodata*))
+        . = ALIGN(4);
+    } > FLASH
+
+    /* Custom section for wolfCrypt and LibC to prevent FIPS hash from changing 
+        when application code changes are made */
+    .wolfCryptNonFIPS_text :
+    {
+        . = ALIGN(4);
+        KEEP(*wolf*src*.o(.text .text*))
+        lib_a* ( .text .text*)
+        . = ALIGN(4);
+    } > FLASH
+    .wolfCryptNonFIPS_rodata :
+    {
+        . = ALIGN(4);
+        KEEP(*wolf*src*.o(.rodata .rodata*))
+        lib_a* (.rodata .rodata*)
+        . = ALIGN(4);
+    } > FLASH
+    
+	.sys    : { *(.sys*) }    > FLASH
+    .text   : { *(.text*) }   > FLASH
+    .rodata : { *(.text*) }   > FLASH
+
+	__data_load_start__ = .;
+    __data_start__ = .;
+    .data   : { *(.data*) }   > RAM
+    __data_end__ = __data_start__ + SIZEOF(.data);
+
+    __bss_start__ = .;
+    .bss    : { *(.bss*)  }   > RAM
+    __bss_end__   = __bss_start__ + SIZEOF(.bss);
+
+    __heap_start__ = .;
+    .heap   : { *(.heap*)  }   > RAM
+    __heap_end__ = __heap_start__ + SIZEOF(.heap);
+
+    end = .;
+}

IDE/HEXAGON/DSP/Makefile

@@ -0,0 +1,110 @@
+# Makefile
+#
+# Copyright (C) 2006-2020 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+
+ENVI=hexagon
+
+# default to hexagon v65 Release build
+ifndef V
+V=hexagon_Release_dynamic_toolv83_v65
+endif
+
+SUPPORTED_VS = $(default_VS)
+
+DEPENDENCIES = \
+  ATOMIC \
+  RPCMEM \
+  TEST_MAIN \
+  TEST_UTIL
+ATOMIC_DIR = $(HEXAGON_SDK_ROOT)/libs/common/atomic
+RPCMEM_DIR = $(HEXAGON_SDK_ROOT)/libs/common/rpcmem
+TEST_MAIN_DIR = $(HEXAGON_SDK_ROOT)/test/common/test_main
+TEST_UTIL_DIR = $(HEXAGON_SDK_ROOT)/test/common/test_util
+
+include $(HEXAGON_SDK_ROOT)/build/make.d/$(ENVI)_vs.min
+include $(HEXAGON_SDK_ROOT)/build/defines.min
+
+QURT = $(HEXAGON_SDK_ROOT)/libs/common/qurt
+QAIC_FLAGS += -I../../../
+CC_FLAGS += -I../../../
+CC_FLAGS += -I $(QURT)/computev65/include/posix/
+CC_FLAGS += -I $(QURT)/computev65/include/qurt/
+CC_FLAGS += -I../
+CC_FLAGS += -DWOLFSSL_USER_SETTINGS
+CC_FLAGS += -DWOLFSSL_DSP_BUILD
+CC_FLAGS += -DWC_NO_RNG
+#CC_FLAGS += -O3
+
+C_FLAGS += $(MHVX_DOUBLE_FLAG) -mllvm -hexagon-eif=0
+CC_FLAGS += $(MHVX_DOUBLE_FLAG) -mllvm -hexagon-eif=0
+
+# stub library
+BUILD_LIBS += libwolfssl_dsp_skel
+ifeq (1,$(V_dynamic))
+BUILD_DLLS += libwolfssl_dsp_skel
+endif
+libwolfssl_dsp_skel_QAICIDLS += wolfssl_dsp
+libwolfssl_dsp_skel_C_SRCS += $V/wolfSSL_skel
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/sp_dsp32.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/sp_int.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/wc_port.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/logging.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/memory.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/wolfmath.c
+#libsp_dsp_skel_DLLS += libdspCV_skel
+
+# quality test
+#BUILD_QEXES += eccverify_q
+#eccverify_q_QAICIDLS = wolfssl_dsp
+#eccverify_q_C_SRCS = ../ecc-verify
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wc_dsp.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sp_dsp32.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sp_int.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wc_port.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wc_encrypt.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/pwdbased.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/hash.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/arc4.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/hmac.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/md5.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/coding.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/aes.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/des3.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/random.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/logging.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/ecc.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/memory.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sha256.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sha.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/asn.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wolfmath.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sp_c32.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sp_c64.c
+#eccverify_q_LIBS = rtld rpcmem test_util atomic test_main
+
+BUILD_COPIES = \
+   $(DLLS) \
+   $(EXES) \
+   $(LIBS) \
+   $(SHIP_DIR)/ ;
+
+
+include $(RULES_MIN)
+
+

IDE/HEXAGON/DSP/wolfssl_dsp.idl

@@ -0,0 +1,13 @@
+#ifndef WOLFSSL_DSP_INC
+#define WOLFSSL_DSP_INC
+
+#include "AEEStdDef.idl"
+#include "remote.idl"
+
+interface wolfSSL: remote_handle64{
+
+	/* ecc operations */
+	long DSP_ECC_Verify_256(inrout sequence<int32>  hash, inrout sequence<int32> pX, inrout sequence<int32> pY,
+		inrout sequence<int32> pZ, inrout sequence<int32> r, inrout sequence<int32> sm, inrout long res);
+};
+#endif

IDE/HEXAGON/Makefile

@@ -0,0 +1,189 @@
+# Makefile
+#
+# Copyright (C) 2006-2020 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+
+ENVI=UbuntuARM
+
+# default to Ubuntu Release build
+ifndef V
+V=UbuntuARM_Release_aarch64
+endif
+
+SUPPORTED_VS = $(default_VS)
+include $(HEXAGON_SDK_ROOT)/build/make.d/$(ENVI)_vs.min
+include $(HEXAGON_SDK_ROOT)/build/defines.min
+
+ifeq ($(CDSP_FLAG), 1) 
+	LIB_DSPRPC = libcdsprpc
+else ifeq ($(MDSP_FLAG), 1) 
+	LIB_DSPRPC = libmdsprpc
+else ifeq ($(SLPI_FLAG), 1) 
+	LIB_DSPRPC = libsdsprpc
+else
+	LIB_DSPRPC = libadsprpc
+endif
+$(info ************  LIB=$(LIB_DSPRPC) ************)
+# include files
+CC_FLAGS += -I../../
+CC_FLAGS += -I./
+CC_FLAGS += -DWOLFSSL_USER_SETTINGS
+CC_FLAGS += -mcpu=generic+crypto
+#CC_FLAGS += -O3
+
+DEPENDENCIES = \
+  ATOMIC \
+  RPCMEM 
+ATOMIC_DIR = $(HEXAGON_SDK_ROOT)/libs/common/atomic
+RPCMEM_DIR = $(HEXAGON_SDK_ROOT)/libs/common/rpcmem
+
+# stub library
+BUILD_DLLS += libwolfssl
+libwolfssl_QAICIDLS += DSP/wolfssl_dsp
+libwolfssl_C_SRCS += $V/wolfSSL_stub
+libwolfssl_DLLS += $(LIB_DSPRPC)
+libwolfssl_C_SRCS += ../../wolfcrypt/src/wc_dsp
+libwolfssl_LIBS += rpcmem
+libwolfssl_LD_FLAGS += -ldl
+
+# wolfSSL crypto source files
+libwolfssl_C_SRCS += \
+	../../wolfcrypt/src/aes \
+	../../wolfcrypt/src/md2 \
+	../../wolfcrypt/src/arc4 \
+	../../wolfcrypt/src/md4 \
+	../../wolfcrypt/src/asm \
+	../../wolfcrypt/src/md5 \
+	../../wolfcrypt/src/asn \
+	../../wolfcrypt/src/memory \
+	../../wolfcrypt/src/async \
+	../../wolfcrypt/src/blake2b \
+	../../wolfcrypt/src/pkcs12 \
+	../../wolfcrypt/src/blake2s \
+	../../wolfcrypt/src/pkcs7 \
+	../../wolfcrypt/src/camellia \
+	../../wolfcrypt/src/poly1305 \
+	../../wolfcrypt/src/chacha20_poly1305 \
+	../../wolfcrypt/src/pwdbased \
+	../../wolfcrypt/src/chacha \
+	../../wolfcrypt/src/rabbit \
+	../../wolfcrypt/src/cmac \
+	../../wolfcrypt/src/random \
+	../../wolfcrypt/src/coding \
+	../../wolfcrypt/src/ripemd \
+	../../wolfcrypt/src/compress \
+	../../wolfcrypt/src/rsa \
+	../../wolfcrypt/src/cpuid \
+	../../wolfcrypt/src/selftest \
+	../../wolfcrypt/src/cryptocb \
+	../../wolfcrypt/src/sha256 \
+	../../wolfcrypt/src/curve25519 \
+	../../wolfcrypt/src/sha3 \
+	../../wolfcrypt/src/des3 \
+	../../wolfcrypt/src/sha512 \
+	../../wolfcrypt/src/dh \
+	../../wolfcrypt/src/sha \
+	../../wolfcrypt/src/signature \
+	../../wolfcrypt/src/ecc \
+	../../wolfcrypt/src/ecc_fp \
+	../../wolfcrypt/src/ed25519 \
+	../../wolfcrypt/src/sp_armthumb \
+	../../wolfcrypt/src/error \
+	../../wolfcrypt/src/sp_int \
+	../../wolfcrypt/src/fe_low_mem \
+	../../wolfcrypt/src/sp_cortexm \
+	../../wolfcrypt/src/fe_operations \
+	../../wolfcrypt/src/fips \
+	../../wolfcrypt/src/sp_x86_64 \
+	../../wolfcrypt/src/fips_test \
+	../../wolfcrypt/src/srp \
+	../../wolfcrypt/src/ge_low_mem \
+	../../wolfcrypt/src/ge_operations \
+	../../wolfcrypt/src/wc_encrypt \
+	../../wolfcrypt/src/hash \
+	../../wolfcrypt/src/wc_pkcs11 \
+	../../wolfcrypt/src/hc128 \
+	../../wolfcrypt/src/wc_port \
+	../../wolfcrypt/src/hmac \
+	../../wolfcrypt/src/wolfcrypt_first \
+	../../wolfcrypt/src/idea \
+	../../wolfcrypt/src/wolfcrypt_last \
+	../../wolfcrypt/src/wolfevent \
+	../../wolfcrypt/src/logging \
+	../../wolfcrypt/src/sp_c32 \
+	../../wolfcrypt/src/sp_c64 \
+	../../wolfcrypt/src/sp_arm32 \
+	../../wolfcrypt/src/sp_arm64 \
+	../../wolfcrypt/src/wolfmath
+
+
+# wolfSSL TLS source files
+libwolfssl_C_SRCS += \
+	../../src/ocsp \
+	../../src/tls \
+	../../src/crl \
+	../../src/sniffer \
+	../../src/wolfio \
+	../../src/internal \
+	../../src/ssl \
+	../../src/keys \
+	../../src/tls13
+
+# build benchmark app
+BUILD_EXES += benchmark
+benchmark_C_SRCS += ../../wolfcrypt/benchmark/benchmark
+benchmark_LD_FLAGS += -ldl
+benchmark_LD_FLAGS += -lpthread
+benchmark_DLLS += libwolfssl
+benchmark_LIBS += rpcmem
+benchmark_DLLS += $(LIB_DSPRPC) 
+
+# build test app
+BUILD_EXES += testwolfcrypt 
+testwolfcrypt_C_SRCS += ../../wolfcrypt/test/test
+testwolfcrypt_DLLS += libwolfssl
+testwolfcrypt_LD_FLAGS += -ldl
+testwolfcrypt_LIBS += rpcmem
+testwolfcrypt_DLLS += $(LIB_DSPRPC) 
+
+# build ecc verify test app
+BUILD_EXES += eccverify 
+eccverify_C_SRCS += ecc-verify
+eccverify_DLLS += libwolfssl
+eccverify_LD_FLAGS += -ldl
+eccverify_LIBS += rpcmem
+eccverify_DLLS += $(LIB_DSPRPC) 
+
+# build ecc verify test app
+BUILD_EXES += eccbenchmark
+eccbenchmark_C_SRCS += ecc-verify-benchmark
+eccbenchmark_DLLS += libwolfssl
+eccbenchmark_LD_FLAGS += -lpthread
+eccbenchmark_LD_FLAGS += -ldl
+eccbenchmark_LIBS += rpcmem
+eccbenchmark_DLLS += $(LIB_DSPRPC) 
+
+BUILD_COPIES = \
+   $(DLLS) \
+   $(EXES) \
+   $(LIBS) \
+   $(SHIP_DIR)/ ;
+
+
+include $(RULES_MIN)
+

IDE/HEXAGON/README.md

@@ -0,0 +1,75 @@
+# Building wolfSSL with DSP Use
+
+## Intro
+This directory is to help with building wolfSSL for use with DSP. It assumes that the Hexagon SDK has been setup on the machine and that the environment variables have been set by calling (source ~/Qualcomm/Hexagon_SDK/3.4.3/setup_sdk_env.source). Currently offloading ECC 256 verify operations to the DSP is supported. When WOLFSSL_DSP is defined ECC verify operations are offloaded to the aDSP by default. When not in SINGLE_THREADED mode a call back function must be set for getting the handle or a handle must be set in the ecc_key structure for the operation to make use of multiple threads when offloading to the DSP. This is because creating new handles for new threads must be done.
+
+
+## Building
+The directory is divided up into a build for the CPU portion in IDE/HEXAGON and a build for use on the DSP located in IDE/HEXAGON/DSP. Each section has their own Makefile. The Makefile default to an Ubuntu + hexagon v65 release build but can be changed by using V=<build type>. An example of building both would be:
+
+```
+cd IDE/HEXAGON
+make V=UbuntuARM_Release_aarch64
+cd DSP
+make V=hexagon_Release_dynamic_toolv83_v65
+```
+
+The results from each build will be placed into the ship directories of each, for example ./UbuntuARM_Release_aarch64/ship/* and ./DSP/hexagon_Release_dynamic_toolv83_v65/ship/*.
+The Makefile creates a DSP library libwolfssl_dsp_skel.so, library libwolfssl.so, executable benchmark, example ecc-verify, example ecc-verify-benchmark and executable testwolfcrypt.
+These then need pushed to the device in order to run. An example of pushing the results to the device would be:
+
+```
+cd IDE/HEXAGON
+adb push DSP/hexagon_Release_dynamic_toolv83_v65/ship/libwolfssl_dsp_skel.so /data/rfsa/adsp/
+adb push UbuntuARM_Release_aarch64/ship/libwolfssl.so /data/
+adb push UbuntuARM_Release_aarch64/ship/benchmark /data/
+adb push UbuntuARM_Release_aarch64/ship/eccverify /data/
+adb push UbuntuARM_Release_aarch64/ship/eccbenchmark /data/
+```
+
+To change the settings wolfSSL is built with macros can be set in IDE/HEXAGON/user_settings.h. It contains a default setting at this point that was used for collecting benchmark values. The macro necessary to turn on use of the DSP is WOLFSSL_DSP.
+
+
+The script IDE/HEXAGON/build.sh was added to help speed up building and testing. An example of using the script would be:
+
+```
+cd IDE/HEXAGON
+./build.sh Release
+```
+
+This will delete the previous build and rebuild for Release mode. Then it will try to push the resulting library and some of the executables to the device.
+
+
+For increased performance uncomment the -O3 flag in IDE/HEXAGON/Makefile and IDE/HEXAGON/DSP/Makefile.
+
+## Use
+
+A default handle is created with the call to wolfCrypt_Init() and is set to use the aDSP. A default mutex is locked for each use of the handle to make the library stable when multiple threads are calling to DSP supported operations.
+To use wolfSSL with a user created handle it can be done by calling wc_ecc_set_handle or by setting a callback function using wolfSSL_SetHandleCb(). This should be set in the case of multithreaded applications to account for having a handle for each thread being used.
+
+
+#### wolfSSL_SetHandleCb
+The API wolfSSL_SetHandleCb takes a function pointer of type "int (*wolfSSL_DSP_Handle_cb)(remote_handle64 *handle, int finished void *ctx);". This callback is executed right before the operation is handed off to the DSP (finished set to 0) and right after done with the handle (finished set to 1). With ECC this would be after the ECC verify function has been called but before the information is passed on to the DSP and once again with the finished flag set after the result is returned.
+
+The callback set should return 0 on successfully setting the input handle. The ctx argument is for future custom context to be passed in and is currently not used.
+
+#### Expected Performance
+This is the expected results from running ./eccbenchmark using the -O3 flag
+
+benchmarking using default (locks on handle for aDSP)
+5000 verifies on 1 threads took 17.481616 seconds
+10000 verifies on 2 threads took 35.324308 seconds
+
+benchmarking using software (+NEON if built in)
+5000 verifies on 1 threads took 1.398336 seconds
+10000 verifies on 2 threads took 1.383992 seconds
+
+benchmarking using threads on aDSP
+5000 verifies on 1 threads took 17.616811 seconds
+10000 verifies on 2 threads took 19.215413 seconds
+15000 verifies on 3 threads took 20.410200 seconds
+20000 verifies on 4 threads took 23.261446 seconds
+
+benchmarking 1 thread on cDSP
+5000 verifies on 1 threads took 18.560995 seconds 
+

IDE/HEXAGON/build.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+if [ -z $1 ]; then
+	echo "./build <Debug | Release>"
+	exit -1
+fi
+
+printf "Erasing previous hexagon_$1_dynamic_toolv83_v65 and UbuntuARM_$1_aarch64\n"
+rm -rf hexagon_$1_dynamic_toolv83_v65 &> /dev/null
+rm -rf UbuntuARM_$1_aarch64 &> /dev/null
+cd ./DSP &> /dev/null
+rm -rf hexagon_$1_dynamic_toolv83_v65 &> /dev/null
+
+printf "Building hexagon_$1_dynamic_toolv83_v65 ..."
+make V=hexagon_$1_dynamic_toolv83_v65 &> /dev/null
+if [ $? != 0 ]; then
+     printf "failed\n"
+else
+     printf "done\n"
+fi
+
+cd ../ &> /dev/null
+printf "Building UbuntuARM_$1_aarch64 ..."
+make V=UbuntuARM_$1_aarch64 &> /dev/null
+if [ $? != 0 ]; then
+     printf "failed\n"
+else
+     printf "done\n"
+fi
+
+printf "Trying to push libwolfssl_Dsp_skel.so, libwolfssl.so, benchmark, eccverify, eccbenchmark\n"
+adb push DSP/hexagon_$1_dynamic_toolv83_v65/ship/libwolfssl_dsp_skel.so /data/rfsa/adsp/
+adb push UbuntuARM_$1_aarch64/ship/libwolfssl.so /data/
+adb push UbuntuARM_$1_aarch64/ship/benchmark /data/
+adb push UbuntuARM_$1_aarch64/ship/eccverify /data/
+adb push UbuntuARM_$1_aarch64/ship/eccbenchmark /data/
+#adb push UbuntuARM_$1_aarch64/ship/testwolfcrypt /data/wolfcrypt/test/
+printf "done\n"
+exit 0

IDE/HEXAGON/ecc-verify-benchmark.c

@@ -0,0 +1,185 @@
+/* ecc-verify-benchmark.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
+#include <pthread.h>
+
+#define USE_CERT_BUFFERS_256
+#include <wolfssl/certs_test.h>
+
+#define MAX_TIMES 5000
+#define MAX_BLOCK_SIZE 1024
+
+#include <sys/time.h>                                                       
+
+static double get_time()                                              
+{                                                                           
+    struct timeval tv;                                                      
+    gettimeofday(&tv, 0);                                                   
+    return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;                
+} 
+
+
+/* software version */
+void* hash_firmware_verify(void* key)
+{
+    int ret, i;
+    int verify;
+    const byte hash[] = {
+0XFB, 0XBA, 0XB2, 0X89, 0XF7, 0XF9, 0X4B, 0X25, 0X73, 0X6C, 0X58, 0XBE, 0X46, 0XA9, 0X94, 0XC4, 0X41, 0XFD, 0X02, 0X55, 0X2C, 0XC6, 0X02, 0X23, 0X52, 0XE3, 0XD8, 0X6D, 0X2F, 0XAB, 0X7C, 0X83
+};
+    const byte sigBuf[] = {
+0X30, 0X44, 0X02, 0X20, 0X05, 0X38, 0XBC, 0X16, 0XC7, 0X67, 0X18, 0XEC, 0XE6, 0X1E, 0X43, 0X7B, 0X29, 0X8F, 0X85, 0X01, 0X33, 0XA8, 0X9B, 0XDD, 0X91, 0X32, 0X1F, 0XEC, 0XF7, 0X91, 0X18, 0X72, 0X9C, 0XE2, 0X6F, 0X31, 0X02, 0X20, 0X3E, 0X31, 0XD6, 0X40, 0XF7, 0X38, 0X3C, 0X1B, 0X6D, 0XAD, 0XE3, 0X93, 0X20, 0XE8, 0XB1, 0XBD, 0X3C, 0X59, 0XF2, 0XD2, 0X7C, 0X46, 0X1B, 0XE5, 0XE1, 0XE3, 0XAB, 0X5E, 0X76, 0X73, 0X6F, 0XFB
+    };
+    word32 sigLen = (word32)sizeof(sigBuf);
+    word32 hashLen = (word32)sizeof(hash);
+
+    for (i = 0; i < MAX_TIMES; i++) {
+        ret = wc_ecc_verify_hash((byte*)sigBuf, sigLen, hash, hashLen, &verify, (ecc_key*)key);
+        if (ret < 0 || verify != 1) {
+            printf("failed on try %d\n", i);
+            break;
+        }
+    }
+
+    if (ret < 0 || verify != 1) {
+	printf("unable to verify, ret = %d verify = %d\n", ret, verify);
+    }
+
+    return NULL;
+}
+
+
+/* when flag is set then try to use software only if DSP is built in */
+static int hash_firmware_verify_default(int numThreads)
+{
+    int ret, i;
+    word32 idx;
+    double t;
+    pthread_t threads[numThreads];
+    ecc_key eccKey[numThreads];
+
+    for (i = 0; i < numThreads; i++) {
+        wc_ecc_init(&(eccKey[i]));
+        idx = 0;
+        ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &(eccKey[i]), sizeof_ecc_clikey_der_256);
+        if (ret < 0)
+            return ret;
+
+    }
+
+    t = get_time();
+    for (i = 0; i < numThreads; i++) {
+        pthread_create(&threads[i], NULL, hash_firmware_verify, (void*)&(eccKey[i]));
+    }
+
+    for (i = 0; i < numThreads; i++) {
+        pthread_join(threads[i], NULL);
+    }
+    t = get_time() - t;
+    printf("%d verifies on %d threads took %f seconds\n", MAX_TIMES * numThreads, numThreads, t);
+
+    return 0;
+}
+
+#ifdef WOLFSSL_DSP
+/* domain 0 = cDSP 1 = aDSP */
+static int hash_firmware_verify_dsp(int numThreads, int domain)
+{
+    int ret, i;
+    word32 idx;
+    double t;
+    remote_handle64 handle[numThreads];
+    char *sp_URI_value;
+    pthread_t threads[numThreads];
+    ecc_key eccKey[numThreads];
+
+    if (domain == 0) {
+        sp_URI_value = wolfSSL_URI "&_dom=cdsp";
+    }
+    else {
+        sp_URI_value = wolfSSL_URI "&_dom=adsp";
+    }
+
+    for (i = 0; i < numThreads; i++) {
+        wc_ecc_init(&(eccKey[i]));
+        idx = 0;
+        ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &(eccKey[i]), sizeof_ecc_clikey_der_256);
+        if (ret < 0)
+            return ret;
+
+        ret = wolfSSL_open(sp_URI_value, &(handle[i]));
+        if (ret != 0) {
+            printf("unable to open CDSP? retVal = %d\n", ret);
+	    return -1;
+        }
+        wc_ecc_set_handle(&(eccKey[i]), handle[i]);
+    }
+
+    t = get_time();
+    for (i = 0; i < numThreads; i++) {
+        pthread_create(&threads[i], NULL, hash_firmware_verify, (void*)&(eccKey[i]));
+    }
+
+    for (i = 0; i < numThreads; i++) {
+        pthread_join(threads[i], NULL);
+        wolfSSL_close(handle[i]);
+    }
+    t = get_time() - t;
+    printf("%d verifies on %d threads took %f seconds\n", MAX_TIMES * numThreads, numThreads, t);
+
+    return 0;
+}
+#endif /* WOLFSSL_DSP */
+
+
+int main(int argc, char* argv[])
+{
+    wolfCrypt_Init();
+
+    printf("benchmarking using default (locks on handle for aDSP)\n");
+    hash_firmware_verify_default(1);
+    hash_firmware_verify_default(2);
+
+    printf("\nbenchmarking using software (+NEON if built in)\n");
+#ifdef WOLFSSL_DSP
+    wolfSSL_SetHandleCb(NULL); /* remove calls to DSP by default */
+#endif
+    hash_firmware_verify_default(1);
+    hash_firmware_verify_default(2);
+
+#ifdef WOLFSSL_DSP
+    printf("\nbenchmarking using threads on aDSP\n");
+    hash_firmware_verify_dsp(1, 1);
+    hash_firmware_verify_dsp(2, 1);
+    hash_firmware_verify_dsp(3, 1);
+    hash_firmware_verify_dsp(4, 1);
+
+    printf("\nbenchmarking 1 thread on cDSP\n");
+    hash_firmware_verify_dsp(1, 0);
+#endif /* WOLFSSL_DSP */
+    wolfCrypt_Cleanup();
+    return 0;
+}

IDE/HEXAGON/ecc-verify.c

@@ -0,0 +1,91 @@
+/* ecc-verify.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
+
+#define USE_CERT_BUFFERS_256
+#include <wolfssl/certs_test.h>
+
+#define MAX_BLOCK_SIZE 1024
+
+#ifdef WOLFSSL_DSP
+static char *sp_URI_value = wolfSSL_URI "&_dom=cdsp";
+
+int hash_firmware_verify(const byte* hash, word32 hashLen, const byte* sigBuf, word32 sigLen)
+{
+    int ret;
+    ecc_key eccKey;
+    word32 idx;
+    int verify;
+    remote_handle64 handle = -1;
+
+    idx = 0;
+    ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &eccKey, sizeof_ecc_clikey_der_256);
+    if (ret < 0)
+        goto exit;
+
+    int retVal = wolfSSL_open(sp_URI_value, &handle);
+    if (retVal != 0) {
+        printf("unable to open CDSP? retVal = %d\n", retVal);
+        ret = -1;
+        goto exit;
+    }
+    wc_ecc_set_handle(&eccKey, handle);
+
+    ret = wc_ecc_verify_hash((byte*)sigBuf, sigLen, hash, hashLen, &verify, &eccKey);
+    printf("verify = %d\n", verify);
+    if (ret < 0)
+        goto exit;
+
+    wolfSSL_close(handle);
+exit:
+
+    return ret;
+}
+
+int main(void)
+{
+    int ret;
+    const byte hash[] = {
+0XFB, 0XBA, 0XB2, 0X89, 0XF7, 0XF9, 0X4B, 0X25, 0X73, 0X6C, 0X58, 0XBE, 0X46, 0XA9, 0X94, 0XC4, 0X41, 0XFD, 0X02, 0X55, 0X2C, 0XC6, 0X02, 0X23, 0X52, 0XE3, 0XD8, 0X6D, 0X2F, 0XAB, 0X7C, 0X83
+};
+    const byte sigBuf[] = {
+0X30, 0X44, 0X02, 0X20, 0X05, 0X38, 0XBC, 0X16, 0XC7, 0X67, 0X18, 0XEC, 0XE6, 0X1E, 0X43, 0X7B, 0X29, 0X8F, 0X85, 0X01, 0X33, 0XA8, 0X9B, 0XDD, 0X91, 0X32, 0X1F, 0XEC, 0XF7, 0X91, 0X18, 0X72, 0X9C, 0XE2, 0X6F, 0X31, 0X02, 0X20, 0X3E, 0X31, 0XD6, 0X40, 0XF7, 0X38, 0X3C, 0X1B, 0X6D, 0XAD, 0XE3, 0X93, 0X20, 0XE8, 0XB1, 0XBD, 0X3C, 0X59, 0XF2, 0XD2, 0X7C, 0X46, 0X1B, 0XE5, 0XE1, 0XE3, 0XAB, 0X5E, 0X76, 0X73, 0X6F, 0XFB
+    };
+    word32 sigLen = (word32)sizeof(sigBuf);
+
+    wolfCrypt_Init();
+    ret = hash_firmware_verify(hash, sizeof(hash), sigBuf, sigLen);
+    printf("hash_firmware_verify: %d\n", ret);
+    wolfCrypt_Cleanup();
+    return 0;
+}
+#else
+int main()
+{
+	printf("WOLFSSL_DSP expected to be defined when building\n");
+	return 0;
+}
+#endif /* WOLFSSL_DSP */

IDE/HEXAGON/include.am

@@ -0,0 +1,14 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/HEXAGON/Makefile
+EXTRA_DIST+= IDE/HEXAGON/user_settings.h
+EXTRA_DIST+= IDE/HEXAGON/README.md
+EXTRA_DIST+= IDE/HEXAGON/build.sh
+EXTRA_DIST+= IDE/HEXAGON/ecc-verify.c
+EXTRA_DIST+= IDE/HEXAGON/ecc-verify-benchmark.c
+
+EXTRA_DIST+= IDE/HEXAGON/DSP/Makefile
+EXTRA_DIST+= IDE/HEXAGON/DSP/wolfssl_dsp.idl
+

IDE/HEXAGON/user_settings.h

@@ -0,0 +1,37 @@
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#define WOLFCRYPT_ONLY
+#define HAVE_ECC
+#define FP_ECC
+//#define FP_ENTRIES 1
+#define NO_DSA
+#define NO_DH
+#define NO_RSA
+//#define DEBUG_WOLFSSL
+
+#define USE_FAST_MATH
+#define TFM_TIMING_RESISTANT
+#ifdef HAVE_ECC
+	#define ECC_TIMING_RESISTANT
+#endif
+#ifndef NO_RSA
+	#define WC_RSA_BLINDING
+#endif
+
+#if 1
+	#define WOLFSSL_HAVE_SP_RSA
+	#define WOLFSSL_HAVE_SP_ECC
+	#define WOLFSSL_SP_MATH
+
+	#if 1
+		/* ARM NEON instructions */
+		#define WOLFSSL_SP_ARM64_ASM
+	#endif
+	#if 1
+		/* Use DSP */
+		#define WOLFSSL_DSP
+	#endif
+#endif
+
+#endif

IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c

@@ -1,6 +1,6 @@
 /* benchmark-main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/benchmark/current_time.c

@@ -1,6 +1,6 @@
 /* current-time.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -44,7 +44,7 @@ void InitTimer(void) {
                                        SYSCTL_USE_PLL |
                                        SYSCTL_CFG_VCO_480), 120000000);
 
-    printf("Clock=%dMHz\n", ui32SysClock/1000000) ;
+    printf("Clock=%dMHz\n", (int)(ui32SysClock/1000000));
     ROM_SysCtlPeripheralEnable(SYSCTL_PERIPH_TIMER0);
     ROM_TimerConfigure(TIMER0_BASE, TIMER_CFG_PERIODIC);
     ROM_TimerLoadSet(TIMER0_BASE, TIMER_A, -1);
@@ -64,10 +64,10 @@ double current_time(int reset)
 
 /* dummy */
 double current_time(int reset) {
-    static double t; 
-    t += 1.0; /* for avoid infinit loop of waiting time */
+    static double t;
+    t += 1.0; /* for avoid infinite loop of waiting time */
     if(reset)t = 0.0;
-    return t ; 
-} 
+    return t ;
+}
 
-#endif
+#endif

IDE/IAR-EWARM/Projects/common/minimum-startup.c

@@ -1,6 +1,6 @@
 /* minimum-startup.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp

@@ -343,7 +343,7 @@
         </option>
         <option>
           <name>CCPosIndRopi</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CCPosIndRwpi</name>

IDE/IAR-EWARM/Projects/test/test-main.c

@@ -1,6 +1,6 @@
 /* test-main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings.h

@@ -34,11 +34,11 @@
     #undef ECC_USER_CURVES
     #define ECC_USER_CURVES
 
-    #undef ECC_ALT_SIZE
-    #define ECC_ALT_SIZE
+    #undef ALT_ECC_SIZE
+    #define ALT_ECC_SIZE
 
     #undef FP_MAX_BITS_ECC
-    #define FP_MAX_BITS_ECC 528
+    #define FP_MAX_BITS_ECC (256 * 2)
 
     #undef TFM_TIMING_RESISTANT
     #define TFM_TIMING_RESISTANT

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_verbose_example.h

@@ -84,11 +84,13 @@
     #define ECC_TIMING_RESISTANT
 
     #ifdef USE_FAST_MATH
-        /* Max ECC bits (curve size * 8). ECC521 is (66*8) = 528. */
         #undef  ALT_ECC_SIZE
         #define ALT_ECC_SIZE
-        #undef  FP_MAX_BITS_ECC
-        #define FP_MAX_BITS_ECC     528
+
+        /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+        //#undef  FP_MAX_BITS_ECC
+        //#define FP_MAX_BITS_ECC (528 * 2)
 
         /* Enable TFM optimizations for ECC */
         #define TFM_ECC192

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/README_wolfcrypt_benchmark

@@ -6,7 +6,7 @@ embOS v4.16 (for Cortex-M and IAR compiler)
 wolfssl (latest version)
 
 Required items (Hardware) for this guide:
-Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board)
+Atmel SAM V71 Xplained Ultra (Or equivalent Cortex-M Evaluation Board)
     Note: Must have J-Trace adapter (SWD or SWD + ETM)
 j-Trace for ARM Cortex-M Processors
     Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/README_wolfcrypt_lib

@@ -6,7 +6,7 @@ embOS v4.16 (for Cortex-M and IAR compiler)
 wolfssl (latest version)
 
 Required items (Hardware) for this guide:
-Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board)
+Atmel SAM V71 Xplained Ultra (Or equivalent Cortex-M Evaluation Board)
     Note: Must have J-Trace adapter (SWD or SWD + ETM)
 j-Trace for ARM Cortex-M Processors
     Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/README_wolfcrypt_test

@@ -6,7 +6,7 @@ embOS v4.16 (for Cortex-M and IAR compiler)
 wolfssl (latest version)
 
 Required items (Hardware) for this guide:
-Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board)
+Atmel SAM V71 Xplained Ultra (Or equivalent Cortex-M Evaluation Board)
     Note: Must have J-Trace adapter (SWD or SWD + ETM)
 j-Trace for ARM Cortex-M Processors
     Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html

IDE/IAR-EWARM/embOS/custom_port/README_custom_port

@@ -109,7 +109,7 @@ We are now set to link to this library in the evaluation project
         #---------------------------------------------
 
 5. Go to Project -> Options -> Linker -> Library (Tab)
-    Add to the field "Additonal libraries:"
+    Add to the field "Additional libraries:"
     $PROJ_DIR$\..\embOS_wolfcrypt_lib_SAMV71_XULT\Debug\Exe\wolfcrypt_lib.a
     $PROJ_DIR$\..\..\extract_trial_here\Start\Lib\os7m_tlv_dp.a
 

IDE/IAR-EWARM/embOS/custom_port/custom_port_user_settings/user_settings.h

@@ -31,11 +31,11 @@
     #undef ECC_USER_CURVES
     #define ECC_USER_CURVES
 
-    #undef ECC_ALT_SIZE
-    #define ECC_ALT_SIZE
+    #undef ALT_ECC_SIZE
+    #define ALT_ECC_SIZE
 
     #undef FP_MAX_BITS_ECC
-    #define FP_MAX_BITS_ECC 528
+    #define FP_MAX_BITS_ECC (256 * 2)
 
     #undef TFM_TIMING_RESISTANT
     #define TFM_TIMING_RESISTANT

IDE/INTIME-RTOS/wolfExamples.c

@@ -55,7 +55,7 @@ int wolfExample_TLSClient(const char* ip, int port)
     int          ret = 0;
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL*     ssl = NULL;        /* create WOLFSSL object */
-    int                sockFd = -1; /* socket file descriptor */
+    int                sockFd;      /* socket file descriptor */
     struct sockaddr_in servAddr;    /* struct for server address */
     char sendBuff[TLS_MAXDATASIZE], rcvBuff[TLS_MAXDATASIZE];
 
@@ -144,13 +144,13 @@ int wolfExample_TLSServer(int port)
     int ret = 0;
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
-    int sockFd = -1, clientFd = -1;
+    int sockFd, clientFd = -1;
     struct sockaddr_in serverAddr = {0}, clientAddr = {0};
     const char reply[]  = "I hear ya fa shizzle!\n";
     int addrSize        = sizeof(clientAddr);
     char buff[256];
 
-	sockFd = socket(AF_INET, SOCK_STREAM, 0);
+    sockFd = socket(AF_INET, SOCK_STREAM, 0);
     if (sockFd < 0) {
         printf("Failed to create socket. Error: %d\n", errno);
         return errno;

IDE/LINUX-SGX/README.md

@@ -1,10 +1,14 @@
 # Static Library: Building libwolfssl.sgx.static.lib.a for use with SGX Enclaves
 
 ### Requirements:
-This code was created to use Intel's SGX hardware. It is expected that the user has gone through the steps of both turning on the hardware in bios if needed and has installed the necesary software from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have not been done then it is expected that the user is familure with simulation software being used in place of hardware.
+This code was created to use Intel's SGX hardware. It is expected that the user has gone through the steps of both turning on the hardware in bios if needed and has installed the necessary software from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have not been done then it is expected that the user is familiar with simulation software being used in place of hardware.
+
+### Security:
+If not already in use, it is recommended that SP (single precision) RSA and ECC code is used. This will help mitigate potential side channel attacks. To use SP code check that wolfcrypt/src/sp_c32.c and wolfcrypt/src/sp_c64.c are compiled and add HAVE_WOLFSSL_SP=1 to the build command to define the necessary macros.
 
 ### Overview and Build:
 This project creates a static library to then link with Enclaves. A simple example of an Enclave linking to the created wolfSSL library can be found in wolfssl-examples on github. This project has been tested with gcc 5.4.0 on Ubuntu 16.04.
+When building with tests the file wolfssl/options.h is expected, in downloaded bundles from wolfssl.com this file exists but when building from a cloned version of wolfSSL from GitHub then the file needs created. This is done either through cd wolfssl && ./autogen.sh && ./configure && ./config.status or by cd wolfssl && touch wolfssl/options.h.
 
 To create the static library, simply call make:
 
@@ -20,9 +24,10 @@ This will create a local static library, libwolfssl.sgx.static.lib.a, that can b
     To enable wolfssl debug, add CFLAGS=-DDEBUG_WOLFSSL.
     To enable wolfssl benchmark tests with enclave, specify: HAVE_WOLFSSL_BENCHMARK at build
     To enable wolfcrypt testsuite with enclave, specify: HAVE_WOLFSSL_TEST at build
+    To enable SP code, specify: HAVE_WOLFSSL_SP at build
 
-For example, to enable all three:
-`make -f sgx_t_static.mk CFLAGS=-DDEBUG_WOLFSSL HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1`
+For example:
+`make -f sgx_t_static.mk CFLAGS=-DDEBUG_WOLFSSL HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1`
 
 NOTE: This more customized step has been provided for easier execution in the
       script `build.sh`

IDE/LINUX-SGX/build.sh

@@ -5,5 +5,5 @@ CFLAGS_NEW="-DDEBUG_WOLFSSL"
 export CFLAGS="${CFLAGS} ${CFLAGS_NEW}"
 echo ${CFLAGS}
 
-make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1
+make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1
 

IDE/LINUX-SGX/sgx_t_static.mk

@@ -45,6 +45,7 @@ endif
 Crypto_Library_Name := sgx_tcrypto
 
 Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
+
 Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/asn.c\
@@ -86,6 +87,8 @@ Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sha256.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sha512.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c\
 					$(WOLFSSL_ROOT)/src/ssl.c\
 					$(WOLFSSL_ROOT)/src/tls.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c\
@@ -105,6 +108,11 @@ ifeq ($(HAVE_WOLFSSL_BENCHMARK), 1)
 	Wolfssl_Include_Paths += -I$(WOLFSSL_ROOT)/wolfcrypt/benchmark/
 endif
 
+ifeq ($(HAVE_WOLFSSL_SP), 1)
+    Wolfssl_C_Extra_Flags += -DWOLFSSL_HAVE_SP_RSA \
+                             -DWOLFSSL_HAVE_SP_DH  \
+                             -DWOLFSSL_HAVE_SP_ECC
+endif
 
 
 Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11

IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c

@@ -1,6 +1,6 @@
 /* lpc_18xx_port.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/LPCXPRESSO/lib_wolfssl/user_settings.h

@@ -22,7 +22,8 @@
 
 #define FP_LUT                   4
 #define FP_MAX_BITS              2048 /* 4096 */
-#define FP_MAX_BITS_ECC          512
+#define ECC_USER_CURVES /* Disables P-112, P-128, P-160, P-192, P-224, P-384, P-521 but leaves P-256 enabled */
+#define FP_MAX_BITS_ECC          (256 * 2)
 #define ALT_ECC_SIZE
 #define USE_FAST_MATH
 #define SMALL_SESSION_CACHE
@@ -52,7 +53,6 @@
 #define NO_64BIT
 #define NO_WOLFSSL_SERVER
 #define NO_OLD_TLS
-#define ECC_USER_CURVES /* Disables P-112, P-128, P-160, P-192, P-224, P-384, P-521 but leaves P-256 enabled */
 #define NO_DES3
 #define NO_MD5
 #define NO_RC4

IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c

@@ -1,6 +1,6 @@
 /* lpc_18xx_startup.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/M68K/README.md

@@ -3,7 +3,7 @@ toolchain and example benchmark/testwolfcrypt application linking to it. The
 examples and default builds where made to support a MCF5441X board.
 
 Macros to define for use:
-WOLFSSL_MCF5441X /* arch settings i.e. sizeof long and endianess */
+WOLFSSL_MCF5441X /* arch settings i.e. sizeof long and endianness */
 WOLFSSL_NETBURNER /* for use of NetBurner headers and RNG seed */
 
 
@@ -17,7 +17,7 @@ wolfssl-root/wolfssl/wolfcrypt/settings.h sets the sizeof long and long long
 along with big endian macro.
 
 The configuration for the build is located in wolfssl-root/IDE/M68K/user_settings.h
-Along with the defualt build there is 2 others BUILD_B (smaller resource use),
+Along with the default build there is 2 others BUILD_B (smaller resource use),
 and BUILD_C (faster runtime with more resource use).
 
 RSA speeds of the builds

IDE/M68K/benchmark/main.cpp

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/M68K/testwolfcrypt/main.cpp

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/LPC43xx/time-LCP43xx.c

@@ -1,6 +1,6 @@
 /* time.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c

@@ -1,6 +1,6 @@
 /* certs_test.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h

@@ -1,6 +1,6 @@
 /* config-BEREFOOT.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h

@@ -1,6 +1,6 @@
 /* config-FS.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h

@@ -1,6 +1,6 @@
 /* config-RTX-TCP-FS.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h

@@ -1,6 +1,6 @@
 /* config.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c

@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -214,7 +214,7 @@ static struct {
     "stack", stack_comm,        /* On/Off check stack size */
     "for", for_command,         /* iterate next command X times */
     "debug", dbg_comm,          /* On/Off debug message  */
-    "help", help_comm,          /* Breif description about the commands */
+    "help", help_comm,          /* Brief description about the commands */
 
     /** short name **/
     "ec", echoclient_test,
@@ -436,7 +436,7 @@ static void for_command(void *args)
 {
     if( args == NULL || ((func_args *)args)->argc == 1) {
         printf("For %d times\n", for_iteration) ;
-    } else if( args == NULL || ((func_args *)args)->argc == 2) {
+    } else if(((func_args *)args)->argc == 2) {
         for_iteration = atoi(((func_args *)args)->argv[1]) ;
     } else printf("Invalid argument\n") ;
 }
@@ -483,7 +483,7 @@ static char command_stack[COMMAND_STACK_SIZE] ;
 static   wolfSSL_Mutex command_mutex ;
 #endif
 
-/***********    Invoke Forground Command  *********************/
+/***********    Invoke Foreground Command  *********************/
 static void command_invoke(void *args)
 {
     void (*func)(void * ) ;

IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c

@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c

@@ -1,6 +1,6 @@
 /* time-dummy.c.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c

@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -69,7 +69,7 @@ char *inet_ntoa(struct in_addr in)
 unsigned long inet_addr(const char *cp)
 {
     unsigned int a[4] ; unsigned long ret ;
-    sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
+    sscanf(cp, "%u.%u.%u.%u", &a[0], &a[1], &a[2], &a[3]) ;
     ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
     return(ret) ;
 }

IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h

@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c

@@ -1,6 +1,6 @@
 /* time-STM32F2xx.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Conf/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h

@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_ARM.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,10 +55,10 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS<4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet<9=>MQX
+//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2
 //         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Projects/CryptBenchmark/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Projects/CryptTest/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 14
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -245,7 +245,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -514,4 +514,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Projects/EchoClient/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/EchoServer/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 14
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Projects/EchoServer/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/SimpleClient/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Projects/SimpleClient/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -209,7 +209,7 @@ int main (void) {
     snprintf(ver, VERSIZE, "%d", TLS_VER);
     argv[6] = ver;
 
-    printf("SSL/TLS Client(%d)\n ", sizeof(argv)/sizeof(argv[0])) ;
+    printf("SSL/TLS Client(%d)\n ", (int)(sizeof(argv)/sizeof(argv[0]))) ;
     printf("    Remote IP: %s, Port: %s\n    Version: %s\n", argv[2], argv[4],  verStr[TLS_VER]) ;
     printf("    Other options: %s\n", OTHER_OPTIONS);   
     setTime((time_t)((RTC_YEAR-1970)*365*24*60*60) + RTC_MONTH*30*24*60*60 + RTC_DAY*24*60*60);

IDE/MDK5-ARM/Projects/SimpleServer/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Projects/SimpleServer/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c

@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -221,7 +221,7 @@ static struct {
     "stack", stack_comm,        /* On/Off check stack size */
     "for", for_command,         /* iterate next command X times */
     "debug", dbg_comm,          /* On/Off debug message  */
-    "help", help_comm,          /* Breif description about the commands */
+    "help", help_comm,          /* Brief description about the commands */
 
     /** short name **/
     "ec", echoclient_test,
@@ -477,7 +477,7 @@ static void for_command(void *args)
 {
     if( args == NULL || ((func_args *)args)->argc == 1) {
         printf("For %d times\n", for_iteration) ;
-    } else if( args == NULL || ((func_args *)args)->argc == 2) {
+    } else if(((func_args *)args)->argc == 2) {
         for_iteration = atoi(((func_args *)args)->argv[1]) ;
     } else printf("Invalid argument\n") ;
 }
@@ -554,7 +554,7 @@ void exit_command(void) {
 }
 
 
-/***********    Invoke Forground Command  *********************/
+/***********    Invoke Foreground Command  *********************/
 static void command_invoke(void const *args)
 {
     void (*func)(void const * ) ;
@@ -630,7 +630,9 @@ void shell_main(void *arg) {
     int i ;
     func_args args ;
     int bf_flg ;
+#if defined(WOLFSSL_CMSIS_RTOS)
     osThreadId 	 cmd ;
+#endif
     i = BackGround ;
         /* Dummy for avoiding warning: BackGround is defined but not used. */
 

IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c

@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/wolfSSL-Lib/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Src/ssl-dummy.c

@@ -1,6 +1,6 @@
 /* ssl-dummy.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *