Merge pull request #3760 from JacobBarthelmeh/Release

prepare for release v4.7.0

.gitignore

@@ -5,18 +5,21 @@ ctaocrypt/src/src/
 *.o
 *.patch
 *.deps
+*.d
 *.libs
 *.cache
 .dirstamp
 *.user
 configure
 config.*
+!cmake/config.in
 *Debug/
 *Release/
 *.ncb
 *.suo
 *.sdf
 *.opensdf
+*.cmd
 ipch/
 build-aux/
 rpm/spec
@@ -227,6 +230,21 @@ IDE/MDK-ARM/LPC43xx/LPC43xx/
 *.gcno
 *.gcda
 *.gcov
+!linuxkm/Makefile
+/Kbuild
+linuxkm/*.ko
+linuxkm/Module.symvers
+linuxkm/built-in.a
+linuxkm/modules.order
+linuxkm/wolfcrypt
+linuxkm/libwolfssl.mod
+linuxkm/libwolfssl.mod.c
+linuxkm/module_exports.c
+linuxkm/linuxkm/get_thread_size
+
+# autotools generated
+scripts/unit.test
+wolfcrypt/test/test_paths.h
 
 # MPLAB Generated Files (OS X)
 mcapi/wolfcrypt_mcapi.X/nbproject/Makefile-*
@@ -336,3 +354,11 @@ IDE/XCODE/Index
 /IDE/Renesas/e2studio/Projects/test/trash
 /IDE/Renesas/e2studio/Projects/test/*.launch
 /IDE/Renesas/e2studio/Projects/test/*.scfg
+
+# Emacs
+*~
+
+# CMake
+CMakeFiles/
+CMakeCache.txt
+cmake_install.cmake

ChangeLog.md

@@ -1,3 +1,203 @@
+# wolfSSL Release 4.7.0 (February 16, 2021)
+Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### New Feature Additions
+* Compatibility Layer expansion SSL_get_verify_mode, X509_VERIFY_PARAM API, X509_STORE_CTX API added
+* WOLFSSL_PSK_IDENTITY_ALERT macro added for enabling a subset of TLS alerts
+* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
+* Implement RFC 5705: Keying Material Exporters for TLS
+* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
+
+### Fixes
+* Fix to free mutex when cert manager is free’d
+* Compatibility layer EVP function to return the correct block size and type
+* DTLS secure renegotiation fixes including resetting timeout and retransmit on duplicate HelloRequest
+* Fix for edge case with shrink buffer and secure renegotiation
+* Compile fix for type used with curve448 and PPC64
+* Fixes for SP math all with PPC64 and other embedded compilers
+* SP math all fix when performing montgomery reduction on one word modulus
+* Fixes to SP math all to better support digit size of 8-bit
+* Fix for results of edge case with SP integer square operation
+* Stop non-ct mod inv from using register x29 with SP ARM64 build
+* Fix edge case when generating z value of ECC with SP code
+* Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
+* Fix for compiling builds with RSA verify and public only
+* Fix for PKCS11 not properly exporting the public key due to a missing key type field
+* Call certificate callback with certificate depth issues
+* Fix for out-of-bounds read in TLSX_CSR_Parse()
+* Fix incorrect AES-GCM tag generation in the EVP layer
+* Fix for out of bounds write with SP math all enabled and an edge case of calling sp_tohex on the result of sp_mont_norm
+* Fix for parameter check in sp_rand_prime to handle 0 length values
+* Fix for edge case of failing malloc resulting in an out of bounds write with SHA256/SHA512 when small stack is enabled
+
+
+### Improvements/Optimizations
+* Added --enable-wolftpm option for easily building wolfSSL to be used with wolfTPM
+* DTLS macro WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT added for resending flight only after a timeout
+* Update linux kernel module to use kvmalloc and kvfree
+* Add user settings option to cmake build
+* Added support for AES GCM session ticket encryption
+* Thread protection for global RNG used by wolfSSL_RAND_bytes function calls
+* Sanity check on FIPs configure flag used against the version of FIPs bundle
+* --enable-aesgcm=table now is compatible with --enable-linuxkm
+* Increase output buffer size that wolfSSL_RAND_bytes can handle
+* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
+
+### Vulnerabilities
+* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
+* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
+* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
+
+# wolfSSL Release 4.6.0 (December 22, 2020)
+Release 4.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### New Feature Additions
+###### New Build Options
+* wolfSSL now enables linux kernel module support. Big news for Linux kernel module developers with crypto requirements! wolfCrypt and wolfSSL are now loadable as modules in the Linux kernel, providing the entire libwolfssl API natively to other kernel modules. For the first time on Linux, the entire TLS protocol stack can be loaded as a module, allowing fully kernel-resident TLS/DTLS endpoints with in-kernel handshaking.  (--enable-linuxkm, --enable-linuxkm-defaults, --with-linux-source) (https://www.wolfssl.com/loading-wolfssl-into-the-linux-kernel/)
+* Build tests and updated instructions for use with Apple’s A12Z chipset  (https://www.wolfssl.com/preliminary-cryptographic-benchmarks-on-new-apple-a12z-bionic-platform/)
+* Expansion of wolfSSL SP math implementation and addition of --enable-sp-math-all build option
+* Apache httpd w/TLS 1.3 support added
+* Sniffer support for TLS 1.3 and AES CCM
+* Support small memory footprint build with only TLS 1.3 and PSK without code for (EC)DHE and certificates
+
+###### New Hardware Acceleration
+* Added support for NXP DCP (i.MX RT1060/1062) crypto co-processor
+* Add Silicon Labs hardware acceleration using [SL SE Manager](https://docs.silabs.com/gecko-platform/latest/service/api/group-sl-se-manager)
+
+###### New Algorithms
+* RC2 ECB/CBC added for use with PKCS#12 bundles
+* XChaCha and the XChaCha20-Poly1305 AEAD algorithm support added
+
+###### Misc
+* Added support for 802.11Q VLAN frames to sniffer
+* Added OCSP function wolfSSL_get_ocsp_producedDate
+* Added API to set CPU ID flags cpuid_select_flags, cpuid_set_flag, cpuid_clear_flag
+* New DTLS/TLS non-blocking Secure Renegotiation example added to server.c and client.c
+
+### Fixes
+###### Math Library
+* Fix mp_to_unsigned_bin_len out of bounds read with buffers longer than maximum MP
+* Fix for fp_read_radix_16 out of bounds read
+* Fix to add wrapper for new timing resistant wc_ecc_mulmod_ex2 function version in HW ECC acceleration
+* Handle an edge case with RSA-PSS encoding message to hash
+
+###### Compatibility Layer Fixes
+* Fix for setting serial number wolfSSL_X509_set_serialNumber
+* Fix for setting ASN1 time not before / not after with WOLFSSL_X509
+* Fix for order of components in issuer name when using X509_sign
+* Fix for compatibility layer API DH_compute_key
+* EVP fix incorrect block size for GCM and buffer up AAD for encryption/decryption
+* EVP fix for AES-XTS key length return value and fix for string compare calls
+* Fix for mutex freeing during RNG failure case with EVP_KEY creation
+* Non blocking use with compatibility layer BIOs in TLS connections
+
+###### Build Configuration
+* Fix for custom build with WOLFSSL_USER_MALLOC defined
+* ED448 compiler warning on Intel 32bit systems
+* CURVE448_SMALL build fix for 32bit systems with Curve448
+* Fix to build SP math with IAR
+* CMake fix to only set ranlib arguments for Mac, and for stray typo of , -> ;
+* Build with --enable-wpas=small fix
+* Fix for building fips ready using openssl extra
+* Fixes for building with Microchip (min/max and undef SHA_BLOCK_SIZE)
+* FIx for NO_FILESYSTEM build on Windows
+* Fixed SHA256 support for IMX-RT1060
+* Fix for ECC key gen with NO_TFM_64BIT
+
+###### Sniffer
+* Fixes for sniffer when using static ECC keys. Adds back TLS v1.2 static ECC key fallback detection and fixes new ECC RNG requirement for timing resistance
+* Fix for sniffer with SNI enabled to properly handle WOLFSSL_SUCCESS error code in ProcessClientHello
+* Fix for sniffer using HAVE_MAX_FRAGMENT in "certificate" type message
+* Fix build error with unused "ret" when building with WOLFSSL_SNIFFER_WATCH.
+* Fix to not treat cert/key not found as error in myWatchCb and WOLFSSL_SNIFFER_WATCH.
+* Sniffer fixes for handling TCP `out-of-range sequence number`
+* Fixes SSLv3 use of ECDH in sniffer
+
+###### PKCS
+* PKCS#11 fix to generate ECC key for decrypt/sign or derive
+* Fix for resetting internal variables when parsing a malformed PKCS#7 bundle with PKCS7_VerifySignedData()
+* Verify the extracted public key in wc_PKCS7_InitWithCert
+* Fix for internal buffer size when using decompression with PKCS#7
+
+###### Misc
+* Pin the C# verify callback function to keep from garbage collection
+* DH fixes for when public key is owned and free’d after a handshake
+* Fix for TLS 1.3 early data packets
+* Fix for STM32 issue with some Cube HAL versions and STM32 example timeout
+* Fix mmCAU and LTC hardware mutex locking to prevent double lock
+* Fix potential race condition with CRL monitor
+* Fix for possible malformed encrypted key with 3DES causing negative length
+* AES-CTR performance fixed with AES-NI
+
+### Improvements/Optimizations
+##### SP and Math
+* mp_radix_size adjustment for leading 0
+* Resolve implicit cast warnings with SP build
+* Change mp_sqr to return an error if the result won't fit into the fixed length dp
+* ARM64 assembly with clang improvements, clang doesn't always handle use of x29 (FP or Frame Pointer) in inline assembly code correctly - reworked sp_2048_sqr_8 to not use x29
+* SP mod exp changed to support exponents of different lengths
+* TFM div: fix initial value of size in q so clamping doesn't OOB read
+* Numerous stack depth improvements with --enable-smallstack
+* Improve cache resistance with Base64 operations
+
+###### TLS 1.3
+* TLS 1.3 wolfSSL_peek want read return addition
+* TLS 1.3: Fix P-521 algorithm matching
+
+###### PKCS
+* Improvements and refactoring to PKCS#11 key look up
+* PKCS #11 changes for signing and loading RSA public key from private
+* check PKCS#7 SignedData private key is valid before using it
+* check PKCS#7 VerifySignedData content length against total bundle size to avoid large malloc
+
+###### Compatibility Layer
+* EVP add block size for more ciphers in wolfSSL_EVP_CIPHER_block_size()
+* Return long names instead of short names in wolfSSL_OBJ_obj2txt()
+* Add additional OpenSSL compatibility functions to update the version of Apache httpd supported
+* add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
+
+###### Builds
+* Cortex-M SP ASM support for IAR 6.70
+* STM Cube pack support (IDE/STM32Cube)
+* Build option --enable-aesgcm=4bit added for AES-GCM GMULT using 4 bit table
+* Xilinx IDE updates to allow XTIME override for Xilinx, spelling fixes in Xilinx README.md, and add Xilinx SDK printf support
+* Added ED448 to the "all" options and ED448 check key null argument sanity check
+* Added ARC4, 3DES, nullcipher, BLAKE2, BLAKE2s, XChaCha, MD2, and MD4 to the “all” options
+* Added an --enable-all-crypto option, to enable only the wolfCrypt features of --enable-all, combinable with --enable-cryptonly
+* Added the ability to selectively remove features from --enable-all and --enable-all-crypto using specific --disable-<feature> options
+* Use Intel intrinsics with Windows for RDSEED and RDRAND (thanks to dr-m from MariaDB)
+* Add option to build with WOLFSSL_NO_CLIENT_AUTH
+* Updated build requirements for wolfSSH use to be less restrictive
+* lighttpd support update for v1.4.56
+* Added batch file to copy files to ESP-IDF folders and resolved warnings when using v4.0 ESP-IDF
+* Added --enable-stacksize=verbose, showing at a glance the stack high water mark for each subtest in testwolfcrypt
+
+###### ECC
+* Performance increase for ECC verify only, using non constant time SP modinv
+* During ECC verify add validation of r and s before any use
+* Always use safe add and dbl with ECC
+* Timing resistant scalar multiplication updated with use of Joye double-add ladder
+* Update mp_jacobi function to reduce stack and increase performance for base ECC build
+* Reduce heap memory use with wc_EccPrivateKeyDecode, Improvement to ECC wc_ecc_sig_to_rs and wc_ecc_rs_raw_to_sig to reduce memory use (avoid the mp_int)
+* Improve StoreECC_DSA_Sig bounds checking
+
+###### OCSP
+* OCSP improvement to handle extensions in singleResponse
+* support for OCSP request/response for multiple certificates
+* OCSP Must Staple option added to require OCSP stapling response
+* Add support for id-pkix-ocsp-nocheck extension
+
+###### Misc
+* Additional code coverage added for ECC and RSA, PKCS#7, 3DES, EVP and Blake2b operations
+* DTLS MTU: check MTU on write
+* Refactor hash sig selection and add the macros WOLFSSL_STRONGEST_HASH_SIG (picks the strongest hash) and WOLFSSL_ECDSA_MATCH_HASH (will pick the hash to match the ECC curve)
+* Strict certificate version allowed from client, TLS 1.2 / 1.3 can not accept client certificates lower than version 3
+* wolfSSL_get_ciphers_compat(), skip the fake indicator ciphers like the renegotiation indication and the quantum-safe hybrid
+* When parsing session ticket, check TLS version to see whether they are version compatible
+* Additional sanity check for invalid ASN1 padding on integer type
+* Adding in ChaCha20 streaming feature with Mac and Intel assembly build
+* Sniffer build with --enable-oldtls option on
+
 # wolfSSL Release 4.5.0 (August 19, 2020)
 
 If you have questions about this release, feel free to contact us on our
@@ -106,7 +306,8 @@ in a specific use case, 1 fix for DTLS.
   wolfSSL, and are doing private key operations on the system (such as signing
   with a private key) are recommended to regenerate private keys and update to
   the most recent version of wolfSSL. CVE-2020-15309 is reserved for this
-  issue. Thanks to Ida Bruhns from Universität zu Lübeck for the report.
+  issue. Thanks to Ida Bruhns from Universität zu Lübeck and Samira Briongos
+  from NEC Laboratories Europe for the report.
 * When using SGX with EC scalar multiplication the possibility of side-channel
   attacks are present. To mitigate the risk of side channel attacks wolfSSL’s
   single precision EC operations should be used instead. Release 4.5.0 turns
@@ -335,13 +536,13 @@ Release 4.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Update to allow compiling for pwdbased/PBKDF2 with having NO_ASN defined
 * Modify KeyShare and PreSharedKey TLS 1.3 extension linked list advancement to be easier for compilers to handle
 * Optimization to parsing certificate extension name strings
-* Adjustment to example server -x runtime behavior when encountering an unrecoverable error case 
+* Adjustment to example server -x runtime behavior when encountering an unrecoverable error case
 * Remove Blake2b support from HMAC
 * Adds new hash wrapper init wc_HashInit_ex and Adds new PBKDF2 API wc_PBKDF2_ex for using heap hints for custom memory pools
 * Adding script to cleanup generated test files,  scripts/cleanup_testfiles.sh
 * Support 20-byte serial numbers and disallow 0
 * sp_div improved to handle when a has less digits than d (--enable-sp-math build)
-* When decoding a policy OID and turning it into a human readable string use snprintf() 
+* When decoding a policy OID and turning it into a human readable string use snprintf()
 * set the IV length of EVP AES GCM to 96-bits by default
 * Allow adding CAs for root CA's over the wire that do not have the extended key usage cert_sign set
 * Added logging messages for SendAlert call and update to send alert after verify certificate callback
@@ -405,13 +606,13 @@ Release 4.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Addition to configure.ac for FIPS wolfRand builds
 * Adding the flag WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY for ignoring certificate date checks with the functions wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex
 * Support for PKCS8 keys added to the function wolfSSL_CTX_use_PrivateKey_buffer
-* Support for KECCAK hashing. Build with macro WOLFSSL_HASH_FLAGS and call wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256) before the first SHA3 update 
+* Support for KECCAK hashing. Build with macro WOLFSSL_HASH_FLAGS and call wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256) before the first SHA3 update
 * Addition of setting secure renegotiation at CTX level
 * Addition of KDS (NXP Kinetis Design Studio) example project to directory IDE/KDS/
 * Support for Encrypt-Then-MAC to TLS 1.2 and below
-* Added a new build option for a TITAN session cache that can hold just over 2 million session entries (--enable-titancache)  
+* Added a new build option for a TITAN session cache that can hold just over 2 million session entries (--enable-titancache)
 * Synchronous Quick Assist Support for Sniffer
-* Added Support for SiFive HiFive Unleashed board 
+* Added Support for SiFive HiFive Unleashed board
 * Support for Google WebRTC added in to compatibility layer build
 * Additional Sniffer features; IPv6 sniffer support, Fragment chain input, Data store callback, Various statistics tweaks and other Sniffer fixes
 
@@ -446,7 +647,7 @@ Release 4.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Optimization to SP math, changing variables to const where possible. Thanks to Yair Poleg (yair.poleg@ayyeka.com) of Ayyeka for proposing static declaration of global constant variables in SP code
 * Additional fuzz testing and fixes for TLS 1.3 use, including additional TLS 1.3 alert messages (PR#2440 for more information)
 * Additional sanity check that ciphersuite from client hello is used in server hello response (check can be removed with the macro WOLFSSL_NO_STRICT_CIPHER_SUITE)
-* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78% 
+* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78%
 * By default, disallow SHA-2 cipher suites from being used in TLS 1.0 and 1.1 handshakes (can be ignored with macro WOLFSSL_OLDTLS_SHA2_CIPHERSUITES)
 * Optimization of export session buffer size with enable option --enable-sessionexport=nopeer
 * Spelling fixes in comments and some cast warnings resolved
@@ -986,7 +1187,7 @@ This release includes many performance improvements with Intel ASM (AVX/AVX2) an
 * Fixes to allow custom serial number during certificate generation
 * Add method to get WOLFSSL_CTX certificate manager
 * Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object
-* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. 
+* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's.
 * Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA).
 * Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence.
 * Fixes for HAVE_INTEL_MULX
@@ -1106,7 +1307,7 @@ More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
 - Added support for HAproxy load balancer
 - Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
 - Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
-- Fix to not send session ID on server side if session cache is off unless we're echoing 
+- Fix to not send session ID on server side if session cache is off unless we're echoing
 session ID as part of session tickets
 - Fixes for ensuring all default ciphers are setup correctly (see PR #830)
 - Added NXP Hexiwear example in `IDE/HEXIWEAR`.
@@ -1114,7 +1315,7 @@ session ID as part of session tickets
 - Fixes for TLS elliptic curve selection on private key import.
 - Fixes for RNG with Intel rdrand and rdseed speedups.
 - Improved performance with Intel rdrand to use full 64-bit output
-- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source 
+- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
 - Removed RNG ARC4 support
 - Added ECC helpers to get size and id from curve name.
 - Added ECC Cofactor DH (ECC-CDH) support
@@ -1737,7 +1938,7 @@ and comments about the new features please check the manual.
   handling and reduce memory fragmentation on I/O large sizes
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1748,7 +1949,7 @@ and comments about the new features please check the manual.
 - Freescale Kinetis mmCAU support
 - TLS Hello extensions
   - ECC
-  - Secure Renegotiation (null) 
+  - Secure Renegotiation (null)
   - Truncated HMAC
 - SCEP support
   - PKCS #7 Enveloped data and signed data
@@ -1795,7 +1996,7 @@ http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf
 
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1821,7 +2022,7 @@ and comments about the new features please check the manual.
 
 When compiling with Mingw, libtool may give the following warning due to
 path conversion errors:
- 
+
 ```
 libtool: link: Could not determine host file name corresponding to **
 libtool: link: Continuing, but uninstalled executables may not work.
@@ -1831,7 +2032,7 @@ If so, examples and testsuite will have problems when run, showing an
 error while loading shared libraries. To resolve, please run "make install".
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1853,7 +2054,7 @@ and comments about the new features please check the manual.
       13 bytes DTLS headers, but every effort is now made to align with the
       CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement
 - NO_64BIT flag to turn off 64bit data type accumulators in public key code
-    * Note, some systems are faster with 32bit accumulators 
+    * Note, some systems are faster with 32bit accumulators
 - --enable-stacksize for example client/server stack use
     * Note, modern desktop Operating Systems may add bytes to each stack frame
 - Updated compression/decompression with direct crypto access
@@ -1874,19 +2075,19 @@ and comments about the new features please check the manual.
     * dh
     * dsa
     * md5
-    * sha 
+    * sha
     * arc4
     * null    (allow NULL ciphers)
     * oldtls  (only use TLS 1.2)
     * asn     (no certs or public keys allowed)
-- ./configure generates cyassl/options.h which allows a header the user can 
+- ./configure generates cyassl/options.h which allows a header the user can
   include in their app to make sure the same options are set at the app and
   CyaSSL level.
 - autoconf no longer needs serial-tests which lowers version requirements of
   automake to 1.11 and autoconf to 2.63
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1904,7 +2105,7 @@ and comments about the new features please check the manual.
 - Camellia crypto and cipher suites
 - Bumped minimum autoconf version to 2.65, automake version to 1.12
 - Addition of OCSP callbacks
-- STM32F2 support with hardware crypto and RNG 
+- STM32F2 support with hardware crypto and RNG
 - Cavium NITROX support
 
 CTaoCrypt now has support for the Microchip PIC32 and has been tested with
@@ -1917,7 +2118,7 @@ To add Cavium NITROX support do:
 ./configure --with-cavium=/home/user/cavium/software
 
 pointing to your licensed cavium/software directory.  Since Cavium doesn't
-build a library we pull in the cavium_common.o file which gives a libtool 
+build a library we pull in the cavium_common.o file which gives a libtool
 warning about the portability of this.  Also, if you're using the github source
 tree you'll need to remove the -Wredundant-decls warning from the generated
 Makefile because the cavium headers don't conform to this warning.  Currently
@@ -1930,11 +2131,11 @@ test and benchmark.  Please see the HAVE_CAVIUM define.
 CyaSSL is able to use the STM32F2 hardware-based cryptography and random number
 generator through the STM32F2 Standard Peripheral Library. For necessary
 defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the
-STM32F2 Standard Peripheral Library can be found in the following document: 
+STM32F2 Standard Peripheral Library can be found in the following document:
 http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1962,7 +2163,7 @@ K70 Sub-Family Reference Manual:
 http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1974,7 +2175,7 @@ and comments about the new features please check the manual.
 - Updated build process
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1993,7 +2194,7 @@ and comments about the new features please check the manual.
 - DTLS Cookie support, reliability coming soon
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -2006,13 +2207,13 @@ and comments about the new features please check the manual.
 - Add static ECDH suites
 - SHA-384 support
 - ECC client certificate support
-- Add medium session cache size (1055 sessions) 
+- Add medium session cache size (1055 sessions)
 - Updated unit tests
 - Protection against mutex reinitialization
 
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -2029,7 +2230,7 @@ and comments about the new features please check the manual.
 
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -2048,7 +2249,7 @@ and comments about the new features please check the manual.
 - Export Base64_Encode for general use
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -2065,7 +2266,7 @@ and comments about the new features please check the manual.
 - Microchip pic32 support
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -2089,7 +2290,7 @@ changes are required.
 Special Thanks to Brian Aker for his autoconf, install, and header patches.
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 # CyaSSL Release 2.0.0rc2 (6/6/2011)
@@ -2108,21 +2309,21 @@ This is the 2nd and perhaps final release candidate for version 2.
 Please send any comments or questions to support@yassl.com.
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 # CyaSSL Release 2.0.0rc1 (5/2/2011)
 
 #### Release 2.0.0rc1 for CyaSSL has many new features including:
 - bug fixes
-- SHA-256 cipher suites 
-- Root Certificate Verification (instead of needing all certs in the chain) 
-- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) 
-- Serial number retrieval for x509 
-- PBKDF2 and PKCS #12 PBKDF 
-- UID parsing for x509 
-- SHA-256 certificate signatures 
-- Client and server can send chains (SSL_CTX_use_certificate_chain_file) 
+- SHA-256 cipher suites
+- Root Certificate Verification (instead of needing all certs in the chain)
+- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12)
+- Serial number retrieval for x509
+- PBKDF2 and PKCS #12 PBKDF
+- UID parsing for x509
+- SHA-256 certificate signatures
+- Client and server can send chains (SSL_CTX_use_certificate_chain_file)
 - CA loading can now parse multiple certificates per file
 - Dynamic memory runtime hooks
 - Runtime hooks for logging
@@ -2141,7 +2342,7 @@ options that CyaSSL allows, there may be some configuration fixes needed.
 Please send any comments or questions to support@yassl.com.
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 # CyaSSL Release 1.9.0 (3/2/2011)
@@ -2169,13 +2370,13 @@ build instructions and comments about the new features please check the manual.
 Please send any comments or questions to support@yassl.com.
 
 Happy Holidays.
- 
+
 
 # CyaSSL Release 1.6.5 (9/9/2010)
 
 Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate
 generation.
- 
+
 For general build instructions see doc/Building_CyaSSL.pdf.
 
 To enable certificate generation support add this option to ./configure
@@ -2188,7 +2389,7 @@ in doc/CyaSSL_Extensions_Reference.pdf item 11.
 
 Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key
 generation.
- 
+
 For general build instructions see doc/Building_CyaSSL.pdf.
 
 To add RIPEMD-160 support add this option to ./configure
@@ -2211,7 +2412,7 @@ CyaSSL.
 
 Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider,
 and a fix for GCC builds on some systems.
- 
+
 For general build instructions see doc/Building_CyaSSL.pdf.
 
 To add AES-NI support add this option to ./configure
@@ -2221,9 +2422,9 @@ You'll need GCC 4.4.3 or later to make use of the assembly.
 
 # CyaSSL Release 1.5.4 (7/7/2010)
 
-Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed 
+Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed
 improvements from loop unrolling, and support for the Mongoose Web Server.
- 
+
 For general build instructions see doc/Building_CyaSSL.pdf.
 
 To add AES-NI support add this option to ./configure
@@ -2255,7 +2456,7 @@ please send questions or comments to support@yassl.com.
 When doing load testing with CyaSSL, on the echoserver example say, the client
 machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT
 queue, and can't be reused by default.  There are generally two ways to fix
-this. 
+this.
 
 1. Reduce the length sockets remain on the TIME_WAIT queue OR
 2. Allow items on the TIME_WAIT queue to be reused.
@@ -2313,7 +2514,7 @@ SSL_METHOD *TLSv1_2_server_method(void);
 SSL_METHOD *TLSv1_2_client_method(void);
 ```
 
-CyaSSL was tested against lighttpd 1.4.23.  To build CyaSSL for use with 
+CyaSSL was tested against lighttpd 1.4.23.  To build CyaSSL for use with
 lighttpd use the following commands from the CyaSSL install dir <CyaSSLDir>:
 
 ```
@@ -2498,7 +2699,7 @@ This gives warnings for some symbols but seems to work.
     ./configure
     make
 
-    from the ./testsuite/ directory run ./testsuite 
+    from the ./testsuite/ directory run ./testsuite
 
 #### To make a debug build:
 
@@ -2517,7 +2718,7 @@ Run the testsuite program
 
 
 
-# CyaSSL version 0.9.9 (7/25/2008) 
+# CyaSSL version 0.9.9 (7/25/2008)
 
 This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory
 handling, and optionally TomsFastMath.  Thanks to Moisés Guimarães for the
@@ -2537,7 +2738,7 @@ yet use -m64 because of GCCs inability to do 128bit division.
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.9.8 (5/7/2008) 
+# CyaSSL version 0.9.8 (5/7/2008)
 
 This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better
 socket handling.
@@ -2545,7 +2746,7 @@ socket handling.
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.9.6 (1/31/2008) 
+# CyaSSL version 0.9.6 (1/31/2008)
 
 This release of CyaSSL adds bug fixes, increased session management, and a fix
 for gnutls.
@@ -2553,15 +2754,15 @@ for gnutls.
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.9.0 (10/15/2007) 
+# CyaSSL version 0.9.0 (10/15/2007)
 
-This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, 
+This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support,
 IPV6 support and test, and new test certificates.
 
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.8.0 (1/10/2007) 
+# CyaSSL version 0.8.0 (1/10/2007)
 
 This release of CyaSSL adds increased socket support, for non-blocking writes,
 connects, and interrupted system calls.
@@ -2569,7 +2770,7 @@ connects, and interrupted system calls.
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.6.3 (10/30/2006) 
+# CyaSSL version 0.6.3 (10/30/2006)
 
 This release of CyaSSL adds debug logging to stderr to aid in the debugging of
 CyaSSL on systems that may not provide the best support.
@@ -2587,19 +2788,19 @@ To turn logging back off call CyaSSL_Debugging_OFF()
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.6.2 (10/29/2006) 
+# CyaSSL version 0.6.2 (10/29/2006)
 
 This release of CyaSSL adds TLS 1.1.
 
 Note that CyaSSL has certificate verification on by default, unlike OpenSSL.
 To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with
-SSL_VERIFY_NONE.  In order to have full security you should never do this, 
+SSL_VERIFY_NONE.  In order to have full security you should never do this,
 provide CyaSSL with the proper certificates to eliminate impostors and call
 CyaSSL_check_domain_name() to prevent man in the middle attacks.
 
 See notes below (0.2.0) for build instructions.
 
-# CyaSSL version 0.6.0 (10/25/2006) 
+# CyaSSL version 0.6.0 (10/25/2006)
 
 This release of CyaSSL adds more SSL functions, better autoconf, nonblocking
 I/O for accept, connect, and read.  There is now an --enable-small configure
@@ -2609,7 +2810,7 @@ for the defines.  Note that TLS requires HMAC and AES requires TLS.
 See notes below (0.2.0) for build instructions.
 
 
-# CyaSSL version 0.5.5 (09/27/2006) 
+# CyaSSL version 0.5.5 (09/27/2006)
 
 This mini release of CyaSSL adds better input processing through buffered input
 and big message support.  Added SSL_pending() and some sanity checks on user
@@ -2618,23 +2819,23 @@ settings.
 See notes below (0.2.0) for build instructions.
 
 
-# CyaSSL version 0.5.0 (03/27/2006) 
+# CyaSSL version 0.5.0 (03/27/2006)
 
-This release of CyaSSL adds AES support and minor bug fixes. 
+This release of CyaSSL adds AES support and minor bug fixes.
 
 See notes below (0.2.0) for build instructions.
 
 
 # CyaSSL version 0.4.0 (03/15/2006)
 
-This release of CyaSSL adds TLSv1 client/server support and libtool. 
+This release of CyaSSL adds TLSv1 client/server support and libtool.
 
 See notes below for build instructions.
 
 
 # CyaSSL version 0.3.0 (02/26/2006)
 
-This release of CyaSSL adds SSLv3 server support and session resumption. 
+This release of CyaSSL adds SSLv3 server support and session resumption.
 
 See notes below for build instructions.
 
@@ -2660,7 +2861,7 @@ with support for SHA-1 and MD5 digests.  Ciphers include 3DES and RC4.
     ./configure
     make
 
-    from the ./testsuite/ directory run ./testsuite 
+    from the ./testsuite/ directory run ./testsuite
 
 #### to make a debug build:
 

IDE/ECLIPSE/MICRIUM/README.md

@@ -1,7 +1,7 @@
 
 # Micrium μC/OS-III Port
 ## Overview
-You can enable the wolfSSL support for Micrium μC/OS-III RTOS available [here](http://www.micriums.com/) using the define `MICRIUM`.
+You can enable the wolfSSL support for Micrium μC/OS-III RTOS available [here](http://www.micrium.com/) using the define `MICRIUM`.
 
 ## Usage
 
@@ -72,7 +72,7 @@ The test results below were collected from the NXP Kinetis K70 (Freescale TWR-K7
 
 - IAR Embedded Workbench IDE - ARM 8.32.1 (IAR ELF Linker V8.32.1.169/W32 for ARM)
 
-- The starting project is based on an IAR EWARM project from Micrium download center at [micrium_twr-k70f120m-os3/](https://www.micrium.com/download/micrium_twr-k70f120m-os3/) but the K70X_FLASH.icf linker script file was slightly modified to configure the stack and heap sizes to 16KB and 20KB. The test was run on a 1 MBytes of program flash and 128 KBytes of static RAM.
+- The starting project is based on an IAR EWARM project from Micrium download center at [micrium_twr-k70f120m-os3/](https://www.micrium.com/download/micrium_twr-k70f120m-os3/) but the K70X_FLASH.icf linker script file was slightly modified to configure the stack and heap sizes to 16KB and 20KB. The test was run on a 1 MBytes of program flash and 128 KBytes of static RAM. ([Similar TCP version](https://www.micrium.com/download/twr-k70f120m_os3-tcpip-wifi-lib/))
 
 - wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
 

IDE/ECLIPSE/RTTHREAD/README.md

@@ -0,0 +1,175 @@
+# RT-Thread Port
+## Overview
+You can enable the wolfSSL support for RT-Thread available [here](https://www.rt-thread.io) using the define `RTTHREAD`.
+
+## Usage
+
+wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/RTTHREAD/user_settings.h` file.
+
+The `wolfssl_test.c` example application provides a simple function to run the test and benchmark.
+
+1. Open your IDE-based example project for RT-Thread.
+
+2. Create the following folder and sub-folders structures in your project.
+```
+wolfssl
+   |src
+   |wolfcrypt
+          |benchmark
+          |src
+          |test
+   |wolfssl
+          |openssl
+          |wolfcrypt
+   |example
+```
+The folder hierarchy is the same as the wolfSSL folders with an exception of the example folder.
+
+3. Add or link all of the header and source files in `IDE/ECLIPSE/RTTHREAD/` folder into the example folder.
+
+4. Add or link all the source code in the corresponding folder in wolfSSL.
+
+5. Remove non-C platform dependent files from your build.
+
+6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths.
+Here's an example of the paths that must be added.
+
+```
+$PROJ_DIR$\...
+$PROJ_DIR$\...\wolfcrypt
+$PROJ_DIR$\...\wolfssl
+$PROJ_DIR$\...\IDE\ECLIPSE\RTTHREAD
+```
+
+7. In your C/C++ compiler preprocessor settings, define the WOLFSSL_USER_SETTINGS symbol to add user_settings.h file in your project.
+
+8. Add a call to `wolfssl_test()` from your startup task. Here's an example:
+
+```c
+static void test_task (void *p_arg)
+{
+    ...
+    while (1) {
+           wolfssl_test();
+           rt_thread_mdelay(500);
+        }
+}
+```
+9. Rebuild all your project.
+
+10. Now you are ready to download and debug your image on the board.
+
+
+The test results below were collected from the RT-Thread ART-Pi with the following software and tool chains:
+
+- STM32H750XBH6
+
+- RT-Thread Studio (Version: 2.0.0)
+
+- GNU ARM Cross C Compiler (Optimization level: -O0)
+
+- The starting project is based on [RT-Thread ART-Pi SDK](https://github.com/RT-Thread-Studio/sdk-bsp-stm32h750-realthread-artpi) (./projects/art_pi_wifi)
+
+- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
+
+
+### `WOLFSSL_WOLFCRYPT_TEST` output of wolfcrypt_test()
+```
+error    test passed!
+MEMORY   test passed!
+base64   test passed!
+asn      test passed!
+RANDOM   test passed!
+MD5      test passed!
+MD4      test passed!
+SHA      test passed!
+SHA-256  test passed!
+SHA-512  test passed!
+Hash     test passed!
+HMAC-MD5 test passed!
+HMAC-SHA test passed!
+HMAC-SHA256 test passed!
+HMAC-SHA512 test passed!
+X963-KDF    test passed!
+GMAC     test passed!
+ARC4     test passed!
+HC-128   test passed!
+Rabbit   test passed!
+DES      test passed!
+DES3     test passed!
+AES      test passed!
+AES192   test passed!
+AES256   test passed!
+AES-GCM  test passed!
+AES Key Wrap test passed!
+RSA      test passed!
+DH       test passed!
+DSA      test passed!
+PWDBASED test passed!
+ECC      test passed!
+ECC buffer test passed!
+CURVE25519 test passed!
+ED25519  test passed!
+PKCS7encrypted  test passed!
+PKCS7signed     test passed!
+PKCS7enveloped  test passed!
+PKCS7authenveloped  test passed!
+logging  test passed!
+mutex    test passed!
+memcb    test passed!
+```
+### `WOLFSSL_BENCHMARK_TEST` output of benchmark_test()
+```
+------------------------------------------------------------------------------
+ wolfSSL version 4.5.0
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                 50 KB took 1.000 seconds,   50.000 KB/s
+AES-128-CBC-enc      2 MB took 1.000 seconds,    2.075 MB/s
+AES-128-CBC-dec      2 MB took 1.000 seconds,    1.611 MB/s
+AES-192-CBC-enc      2 MB took 1.000 seconds,    2.002 MB/s
+AES-192-CBC-dec      2 MB took 1.000 seconds,    1.514 MB/s
+AES-256-CBC-enc      2 MB took 1.000 seconds,    1.855 MB/s
+AES-256-CBC-dec      1 MB took 1.000 seconds,    1.465 MB/s
+AES-128-GCM-enc    700 KB took 1.000 seconds,  700.000 KB/s
+AES-128-GCM-dec    675 KB took 1.000 seconds,  675.000 KB/s
+AES-192-GCM-enc    675 KB took 1.000 seconds,  675.000 KB/s
+AES-192-GCM-dec    675 KB took 1.000 seconds,  675.000 KB/s
+AES-256-GCM-enc    650 KB took 1.000 seconds,  650.000 KB/s
+AES-256-GCM-dec    650 KB took 1.000 seconds,  650.000 KB/s
+AES-128-ECB-enc      2 MB took 1.000 seconds,    1.902 MB/s
+AES-128-ECB-dec      2 MB took 1.000 seconds,    1.521 MB/s
+AES-192-ECB-enc      2 MB took 1.000 seconds,    1.780 MB/s
+AES-192-ECB-dec      1 MB took 1.000 seconds,    1.433 MB/s
+AES-256-ECB-enc      2 MB took 1.000 seconds,    1.638 MB/s
+AES-256-ECB-dec      1 MB took 1.000 seconds,    1.405 MB/s
+ARC4                 5 MB took 1.000 seconds,    4.956 MB/s
+RABBIT               6 MB took 1.000 seconds,    6.470 MB/s
+3DES               750 KB took 1.000 seconds,  750.000 KB/s
+MD5                 12 MB took 1.000 seconds,   12.061 MB/s
+SHA                  4 MB took 1.000 seconds,    3.979 MB/s
+SHA-256              2 MB took 1.000 seconds,    1.782 MB/s
+SHA-512              1 MB took 1.000 seconds,    1.001 MB/s
+HMAC-MD5            12 MB took 1.000 seconds,   12.329 MB/s
+HMAC-SHA             4 MB took 1.000 seconds,    3.662 MB/s
+HMAC-SHA256          2 MB took 1.000 seconds,    1.758 MB/s
+HMAC-SHA512          1 MB took 1.000 seconds,    1.001 MB/s
+PBKDF2             224 bytes took 1.000 seconds,  224.000 bytes/s
+RSA     2048 public         20 ops took 1.000 sec, avg 50.000 ms, 20.000 ops/sec
+RSA     2048 private         2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
+DH      2048 key gen         4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+DH      2048 agree           4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+ECC      256 key gen         6 ops took 1.000 sec, avg 166.667 ms, 6.000 ops/sec
+ECDHE    256 agree           6 ops took 1.000 sec, avg 166.667 ms, 6.000 ops/sec
+ECDSA    256 sign            6 ops took 1.000 sec, avg 166.667 ms, 6.000 ops/sec
+ECDSA    256 verify          4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+CURVE  25519 key gen         4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+CURVE  25519 agree           2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
+ED     25519 key gen         4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+ED     25519 sign            2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
+ED     25519 verify          2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
+```
+
+## References
+
+For more information please contact info@wolfssl.com.

IDE/ECLIPSE/RTTHREAD/include.am

@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/ECLIPSE/RTTHREAD/README.md \
+    IDE/ECLIPSE/RTTHREAD/user_settings.h \
+    IDE/ECLIPSE/RTTHREAD/wolfssl_test.c

IDE/ECLIPSE/RTTHREAD/user_settings.h

@@ -0,0 +1,81 @@
+/* user_setting.h
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_USER_SETTINGS_H_
+#define WOLFSSL_USER_SETTINGS_H_
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#define RTTHREAD
+
+/* You can select one or all of the following tests */
+#define WOLFSSL_WOLFCRYPT_TEST
+#define WOLFSSL_BENCHMARK_TEST
+#define WOLFSSL_CLIENT_TEST
+#define WOLFSSL_SERVER_TEST
+#define USE_TEST_GENSEED
+#define NO_DEV_RANDOM
+#define HAVE_PKCS7
+#define HAVE_AES_KEYWRAP
+#define HAVE_X963_KDF
+#define WOLFSSL_AES_DIRECT
+/* adjust CURRENT_UNIX_TS to seconds since Jan 01 1970. (UTC)
+You can get the current time from https://www.unixtimestamp.com/
+*/
+#define CURRENT_UNIX_TS 1542605837UL
+
+/* When using Windows simulator, you must define USE_WINDOWS_API for test.h to build */
+#ifdef _WIN32
+#define USE_WINDOWS_API
+#endif
+
+#define NO_FILESYSTEM
+#define SIZEOF_LONG_LONG 8
+
+/* prevents from including multiple definition of main() */
+#define NO_MAIN_DRIVER
+#define NO_TESTSUITE_MAIN_DRIVER
+
+/* includes certificate test buffers via header files */
+#define USE_CERT_BUFFERS_2048
+/*use kB instead of mB for embedded benchmarking*/
+#define BENCH_EMBEDDED
+
+#define NO_WRITE_TEMP_FILES
+
+#define XSNPRINTF snprintf
+#define NO_WRITEV
+
+#define HAVE_AESGCM
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519
+#define ED25519_SMALL
+
+#ifdef __cplusplus
+    }   /* extern "C" */
+#endif
+
+#endif

IDE/ECLIPSE/RTTHREAD/wolfssl_test.c

@@ -0,0 +1,33 @@
+/* wolfsslRunTests.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <stdint.h>
+#include <wolfcrypt/test/test.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
+int wolfssl_test(void) {
+#if !defined(NO_CRYPT_TEST)
+    wolfcrypt_test(NULL);
+#endif
+#if !defined(NO_CRYPT_BENCHMARK)
+    benchmark_test(NULL);
+#endif
+    return 0;
+}

IDE/Espressif/ESP-IDF/README.md

@@ -16,8 +16,9 @@ Including the following examples:
 
     Note: This expects to use Linux version.
 
-## Setup
- 1. Run *setup.sh* to deploy files into ESP-IDF tree
+## Setup for Linux
+ 1. Run *setup.sh* at /path/to/wolfssl/IDE/Espressif/ESP-IDF/ to deploy files into ESP-IDF tree  
+    For Windows : Run *setup_win.bat* at \IDE\Espressif\ESP-IDF\
  2. Find Wolfssl files at /path/to/esp-idf/components/wolfssl/
  3. Find Example programs under /path/to/esp-idf/examples/protocols/wolfssl_xxx
  4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h  
@@ -32,4 +33,8 @@ Including the following examples:
 ## Support
  For question please email [support@wolfssl.com]
 
- Note: This is tested with "Ubuntu 18.04.1 LTS" and ESP32-WROOM-32.
+ Note: This is tested with :  
+   - OS: Ubuntu 18.04.1 LTS and Microsoft Windows 10 Pro 10.0.19041  
+   - ESP-IDF: v4.1 and v4.0.1  
+   - Module : ESP32-WROOM-32
+

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults

@@ -1,5 +1,5 @@
 CONFIG_BENCH_ARGV="-lng 0"
-CONFIG_MAIN_TASK_STACK_SIZE=7000
+CONFIG_MAIN_TASK_STACK_SIZE=7500
 CONFIG_FREERTOS_HZ=1000
 CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h

@@ -24,7 +24,7 @@
 #include "esp_idf_version.h"
 #include "esp_log.h"
 #include "esp_wifi.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "esp_event.h"
 #else
 #include "esp_event_loop.h"

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c

@@ -27,7 +27,7 @@
 #include "lwip/netdb.h"
 #include "lwip/apps/sntp.h"
 #include "nvs_flash.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "protocol_examples_common.h"
 #endif
 
@@ -53,7 +53,8 @@ static void set_time()
     char strftime_buf[64];
     /* please update the time if seeing unknown failure. */
     /* this could cause TLS communication failure due to time expiration */
-    utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */
+    /* incleasing 31536000 seconds is close to spend 356 days.           */
+    utctime.tv_sec = 1598661910; /* dummy time: Fri Aug 29 09:45:00 2020 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;
@@ -122,11 +123,14 @@ void app_main(void)
     ESP_ERROR_CHECK(nvs_flash_init());
 
     ESP_LOGI(TAG, "Initialize wifi");
-    /* TCP/IP adapter initialization */
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+    esp_netif_init();
+#else
     tcpip_adapter_init();
+#endif
 
     /* */
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
     (void) wifi_event_handler;
    ESP_ERROR_CHECK(esp_event_loop_create_default());
    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h

@@ -24,7 +24,7 @@
 #include "esp_idf_version.h"
 #include "esp_log.h"
 #include "esp_wifi.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "esp_event.h"
 #else
 #include "esp_event_loop.h"

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c

@@ -27,7 +27,7 @@
 #include "lwip/netdb.h"
 #include "lwip/apps/sntp.h"
 #include "nvs_flash.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "protocol_examples_common.h"
 #endif
 
@@ -50,7 +50,8 @@ static void set_time()
     char strftime_buf[64];
     /* please update the time if seeing unknown failure. */
     /* this could cause TLS communication failure due to time expiration */
-    utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */
+    /* incleasing 31536000 seconds is close to spend 356 days.           */
+    utctime.tv_sec = 1598661910; /* dummy time: Fri Aug 29 09:45:00 2020 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;
@@ -98,7 +99,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         esp_wifi_connect();
         break;
     case SYSTEM_EVENT_STA_GOT_IP:
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
         ESP_LOGI(TAG, "got ip:" IPSTR "\n",
                  IP2STR(&event->event_info.got_ip.ip_info.ip));
 #else
@@ -131,7 +132,7 @@ void app_main(void)
     tcpip_adapter_init();
 #endif
     /* */
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
     (void) wifi_event_handler;
    ESP_ERROR_CHECK(esp_event_loop_create_default());
    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.

IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults

@@ -1,2 +1,2 @@
-CONFIG_MAIN_TASK_STACK_SIZE=9000
+CONFIG_MAIN_TASK_STACK_SIZE=11000
 CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=

IDE/Espressif/ESP-IDF/setup_win.bat

@@ -0,0 +1,73 @@
+@echo off
+REM Expect the script at /path/to/wolfssl/IDE/Espressif/ESP-IDF/
+
+if NOT EXIST "setup.sh" ( 
+  echo "Please run this script at /path/to/wolfssl/IDE/Espressif/ESP-IDF/
+  goto exit
+)
+
+if "%IDF_PATH%" == "" (
+  echo "Please launch the script from ESP-IDF command prompt."
+  goto exit
+)
+
+set SCRIPTDIR=%CD%
+set BASEDIR=%SCRIPTDIR%\..\..\..\
+set WOLFSSL_ESPIDFDIR=%BASEDIR%\IDE\Espressif\ESP-IDF
+set WOLFSSLLIB_TRG_DIR=%IDF_PATH%\components\wolfssl
+set WOLFSSLEXP_TRG_DIR=%IDF_PATH%\examples\protocols
+
+echo Copy files into $IDF_PATH%
+rem Remove/Create directories
+rmdir /S/Q %WOLFSSLLIB_TRG_DIR%
+mkdir      %WOLFSSLLIB_TRG_DIR%
+mkdir      %WOLFSSLLIB_TRG_DIR%\src
+mkdir      %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src
+mkdir      %WOLFSSLLIB_TRG_DIR%\wolfssl
+mkdir      %WOLFSSLLIB_TRG_DIR%\test
+mkdir      %WOLFSSLLIB_TRG_DIR%\include
+
+rem copying ... files in src/ into $WOLFSSLLIB_TRG_DIR%/src
+xcopy /Y/Q %BASEDIR%\src\*.c %WOLFSSLLIB_TRG_DIR%\src\
+xcopy /Y/Q %BASEDIR%\wolfcrypt\src\*.c %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src
+xcopy /Y/Q %BASEDIR%\wolfcrypt\src\*.i %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src
+xcopy /E/Y/Q %BASEDIR%\wolfcrypt\src\port %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src\port\
+xcopy /E/Y/Q %BASEDIR%\wolfcrypt\test\ %WOLFSSLLIB_TRG_DIR%\wolfcrypt\test\
+xcopy /E/Y/Q %BASEDIR%\wolfcrypt\benchmark\ %WOLFSSLLIB_TRG_DIR%\wolfcrypt\benchmark\
+xcopy /Y/Q %BASEDIR%\wolfssl\*.h %WOLFSSLLIB_TRG_DIR%\wolfssl\
+xcopy /E/Y/Q %BASEDIR%\wolfssl\wolfcrypt\ %WOLFSSLLIB_TRG_DIR%\wolfssl\wolfcrypt\
+
+rem user_settings.h
+xcopy /F/Q %WOLFSSL_ESPIDFDIR%\user_settings.h %WOLFSSLLIB_TRG_DIR%\include\
+echo F |xcopy /F/Q %WOLFSSL_ESPIDFDIR%\dummy_config_h %WOLFSSLLIB_TRG_DIR%\include\config.h
+
+rem unit test app
+xcopy /E/Y/Q %WOLFSSL_ESPIDFDIR%\test %WOLFSSLLIB_TRG_DIR%\test\
+xcopy /F/Q   %WOLFSSL_ESPIDFDIR%\libs\CMakeLists.txt %WOLFSSLLIB_TRG_DIR%\
+xcopy /F/Q   %WOLFSSL_ESPIDFDIR%\libs\component.mk   %WOLFSSLLIB_TRG_DIR%\
+
+rem Benchmark program
+rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\
+mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\main\
+xcopy /F/Q %BASEDIR%\wolfcrypt\benchmark\benchmark.c %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\main\
+xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_benchmark %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\
+
+rem Crypt Test program
+rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_test\
+mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_test\main\
+xcopy /F/Q %BASEDIR%\wolfcrypt\test\test.c %WOLFSSLEXP_TRG_DIR%\wolfssl_test\main\
+xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_test %WOLFSSLEXP_TRG_DIR%\wolfssl_test\
+
+rem TLS Client program
+rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_client\
+mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_client\main\
+xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_client %WOLFSSLEXP_TRG_DIR%\wolfssl_client\
+
+rem TLS Server program
+rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_server\
+mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_server\main\
+xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_server %WOLFSSLEXP_TRG_DIR%\wolfssl_server\
+
+:exit
+ echo completed
+

IDE/Espressif/ESP-IDF/test/CMakeLists.txt

@@ -1,4 +1,6 @@
-set(COMPONENT_SRCDIRS ".")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DNO_MAIN_DRIVER -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "test_wolfssl.c" "../wolfcrypt/test/test.c")
 set(COMPONENT_ADD_INCLUDEDIRS ".")
 
 set(COMPONENT_REQUIRES unity test_utils wolfssl)

IDE/Espressif/ESP-IDF/test/README.md

@@ -3,9 +3,8 @@
 The test contains of wolfSSL unit-test app on Unity.
 
 When you want to run the app  
-1. Copy *test.c* file at /path/to/esp-idf/components/wolfssl/wolfcrypt/test/ folder to the  wolfssl/test folder  
-2. Go to /esp-idf/tools/unit-test-app/ folder  
-3. "make menuconfig" to configure unit test app.  
-4. "make TEST_COMPONENTS=wolfssl" to build wolfssl unit test app.  
+1. Go to /esp-idf/tools/unit-test-app/ folder  
+2. "idf.py menuconfig" to configure unit test app.  
+3. "idf.py -T wolfssl build" to build wolfssl unit test app.  
 
 See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.

IDE/Espressif/ESP-IDF/test/test_wolfssl.c

@@ -308,8 +308,8 @@ int mp_performance_check(int mul, int mulmod, int exptmod)
 int mp_unitest_mul(const char* strZ, const char* strX, const char* strY, int verbose)
 {
     int ret = 0;
-    char* buf;
-    char* bufZ;
+    char* buf = NULL;
+    char* bufZ = NULL;
     int radixX_size;
     int radixZ_size;
     int radixY_size;
@@ -335,10 +335,10 @@ int mp_unitest_mul(const char* strZ, const char* strX, const char* strY, int ver
     }
 
     mp_radix_size(&z, 16, &radixZ_size);
-    bufZ = (char*)XMALLOC(radixZ_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    bufZ = (char*)XMALLOC(radixZ_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if(bufZ != NULL) {
         mp_toradix(&z, bufZ, 16);
-        bufZ[radixZ_size] ='\0';
+        bufZ[radixZ_size-1] ='\0';
     }
 
     if(verbose) {
@@ -350,14 +350,14 @@ int mp_unitest_mul(const char* strZ, const char* strX, const char* strY, int ver
         mp_radix_size(&y, 16, &radixY_size);
         radixX_size = max(radixX_size, radixY_size);
 
-        buf = (char*)XMALLOC(radixX_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        buf = (char*)XMALLOC(radixX_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if(buf != NULL) {
             mp_toradix(&x, buf, 16);
-            buf[radixX_size] ='\0';
+            buf[radixX_size-1] ='\0';
             printf("X : %s ", buf);
 
             mp_toradix(&y, buf, 16);
-            buf[radixY_size] ='\0';
+            buf[radixY_size-1] ='\0';
             printf("Y : %s ", buf);
         }
         if(bufZ != NULL) {
@@ -410,10 +410,10 @@ int mp_unitest_mulmod(const char* strZ, const char* strX, const char* strY,
     }
 
     mp_radix_size(&z, 16, &radixZ_size);
-    bufZ = (char*)XMALLOC(radixZ_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    bufZ = (char*)XMALLOC(radixZ_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if(bufZ != NULL) {
         mp_toradix(&z, bufZ, 16);
-        bufZ[radixZ_size] ='\0';
+        bufZ[radixZ_size-1] ='\0';
     }
 
     if(verbose) {
@@ -427,18 +427,18 @@ int mp_unitest_mulmod(const char* strZ, const char* strX, const char* strY,
         mp_radix_size(&m, 16, &radixM_size);
         radixX_size = max(radixX_size, max(radixY_size, radixM_size));
 
-        buf = (char*)XMALLOC(radixX_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        buf = (char*)XMALLOC(radixX_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if(buf != NULL) {
             mp_toradix(&x, buf, 16);
-            buf[radixX_size] ='\0';
+            buf[radixX_size-1] ='\0';
             printf("X : %s ", buf);
 
             mp_toradix(&y, buf, 16);
-            buf[radixY_size] ='\0';
+            buf[radixY_size-1] ='\0';
             printf("Y : %s ", buf);
 
             mp_toradix(&m, buf, 16);
-            buf[radixM_size] ='\0';
+            buf[radixM_size-1] ='\0';
             printf("M : %s ", buf);
         }
         if(bufZ != NULL) {
@@ -459,8 +459,8 @@ int mp_unitest_exptmod(const char* strZ, const char* strX, const char* strY,
                const char* strM, int verbose)
 {
     int ret = 0;
-    char* buf;
-    char* bufZ;
+    char* buf = NULL;
+    char* bufZ = NULL;
     int radixX_size;
     int radixZ_size;
     int radixY_size;
@@ -491,10 +491,10 @@ int mp_unitest_exptmod(const char* strZ, const char* strX, const char* strY,
     }
 
     mp_radix_size(&z, 16, &radixZ_size);
-    bufZ = (char*)XMALLOC(radixZ_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    bufZ = (char*)XMALLOC(radixZ_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if(bufZ != NULL) {
         mp_toradix(&z, bufZ, 16);
-        bufZ[radixZ_size] ='\0';
+        bufZ[radixZ_size-1] ='\0';
     }
 
     if(verbose) {
@@ -508,18 +508,18 @@ int mp_unitest_exptmod(const char* strZ, const char* strX, const char* strY,
         mp_radix_size(&m, 16, &radixM_size);
         radixX_size = max(radixX_size, max(radixY_size, radixM_size));
 
-        buf = (char*)XMALLOC(radixX_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        buf = (char*)XMALLOC(radixX_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if(buf != NULL) {
             mp_toradix(&x, buf, 16);
-            buf[radixX_size] ='\0';
+            buf[radixX_size-1] ='\0';
             printf("X : %s ", buf);
 
             mp_toradix(&y, buf, 16);
-            buf[radixY_size] ='\0';
+            buf[radixY_size-1] ='\0';
             printf("Y : %s ", buf);
 
             mp_toradix(&m, buf, 16);
-            buf[radixM_size] ='\0';
+            buf[radixM_size-1] ='\0';
             printf("M : %s ", buf);
         }
         if(bufZ != NULL) {
@@ -562,7 +562,7 @@ TEST_CASE("wolfssl mp exptmod test"   , "[wolfssl]")
 TEST_CASE("wolfssl mp mulmod test"   , "[wolfssl]")
 {
     ESP_LOGI(TAG, "mp test");
-    int verbose = 0;
+    int verbose = 1;
     /*                                      Z    X    Y    M */
     TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("02", "5", "1", "3", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("01", "-5", "1", "3", verbose));
@@ -602,7 +602,7 @@ TEST_CASE("wolfssl mp mulmod test"   , "[wolfssl]")
 TEST_CASE("wolfssl mp mul test"   , "[wolfssl]")
 {
     ESP_LOGI(TAG, "mp test");
-    int verbose = 0;
+    int verbose = 1;
 
     TEST_ASSERT_EQUAL(0, mp_unitest_mul("0A", "5", "2", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_mul("-0A", "-5", "2", verbose));

IDE/Espressif/ESP-IDF/user_settings.h

@@ -43,6 +43,15 @@
 #define CURVE25519_SMALL
 #define HAVE_ED25519
 
+/* when you want to use pkcs7 */
+/* #define HAVE_PKCS7 */
+
+#if defined(HAVE_PKCS7)
+    #define HAVE_AES_KEYWRAP
+    #define HAVE_X963_KDF
+    #define WOLFSSL_AES_DIRECT
+#endif
+
 /* when you want to use aes counter mode */
 /* #define WOLFSSL_AES_DIRECT */
 /* #define WOLFSSL_AES_COUNTER */

IDE/GCC-ARM/Header/user_settings.h

@@ -70,13 +70,15 @@ extern "C" {
     #define WOLFSSL_HAVE_SP_RSA
     #define WOLFSSL_HAVE_SP_DH
     #define WOLFSSL_HAVE_SP_ECC
-    #define WOLFSSL_SP_CACHE_RESISTANT
-    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
+    //#define WOLFSSL_SP_CACHE_RESISTANT
+    #define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
 
-    /* 64 or 32 bit version */
-    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
+    /* SP Assembly Speedups */
+    #define WOLFSSL_SP_ASM      /* required if using the ASM versions */
     //#define WOLFSSL_SP_ARM32_ASM
     //#define WOLFSSL_SP_ARM64_ASM
+    //#define WOLFSSL_SP_ARM_THUMB_ASM
+    #define WOLFSSL_SP_ARM_CORTEX_M_ASM
 #endif
 
 /* ------------------------------------------------------------------------- */

IDE/GCC-ARM/Makefile.common

@@ -27,7 +27,8 @@ INC = -I./Header \
 DEF = -DWOLFSSL_USER_SETTINGS
 
 # Architecture
-ARCHFLAGS = -mcpu=cortex-m0 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
+ARCHFLAGS = -mcpu=cortex-m4 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
+#ARCHFLAGS = -mcpu=cortex-m0 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
 #ARCHFLAGS = -mcpu=cortex-r5 -mthumb -mabi=aapcs
 #ARCHFLAGS = -mcpu=cortex-a53 -mthumb -mabi=aapcs
 
@@ -132,7 +133,10 @@ SRC_C += ../../wolfcrypt/src/signature.c
 SRC_C += ../../wolfcrypt/src/srp.c
 SRC_C += ../../wolfcrypt/src/sp_arm32.c
 SRC_C += ../../wolfcrypt/src/sp_arm64.c
+SRC_C += ../../wolfcrypt/src/sp_armthumb.c
 SRC_C += ../../wolfcrypt/src/sp_c32.c
+SRC_C += ../../wolfcrypt/src/sp_c64.c
+SRC_C += ../../wolfcrypt/src/sp_cortexm.c
 SRC_C += ../../wolfcrypt/src/sp_int.c
 SRC_C += ../../wolfcrypt/src/tfm.c
 SRC_C += ../../wolfcrypt/src/wc_encrypt.c

IDE/GCC-ARM/Source/wolf_main.c

@@ -59,12 +59,12 @@ unsigned int LowResTimer(void)
 /* This is used by wolfCrypt benchmark tool only */
 double current_time(int reset)
 {
-    double time;
-	int timeMs = gTimeMs;
+    double timeNow;
+    int timeMs = gTimeMs;
     (void)reset;
-    time = (timeMs / 1000); // sec
-    time += (double)(timeMs % 1000) / 1000; // ms
-    return time;
+    timeNow = (timeMs / 1000); // sec
+    timeNow += (double)(timeMs % 1000) / 1000; // ms
+    return timeNow;
 }
 #endif
 

IDE/MQX/Makefile

@@ -0,0 +1,153 @@
+WOLF_ROOT = ../..
+MQX_ROOT = $(WOLF_ROOT)/../../../Freescale/Freescale_MQX_4_1/
+CC       = arm-none-eabi-gcc
+AR		 = arm-none-eabi-ar
+
+WOLFLIB  = ./libwolfssl.a
+MQXLIB   =
+
+OPTIMIZE = -O2
+
+WORNING  = \
+ -Wno-int-to-pointer-cast\
+ -Wno-incompatible-pointer-types\
+ -Wno-discarded-qualifiers\
+ -Wno-int-conversion\
+ -Wno-implicit-function-declaration\
+ -Wno-pointer-to-int-cast
+
+USER_SETTINGS_H = -I./ -DWOLFSSL_USER_SETTINGS
+CFLAGS   = $(OPTIMIZE) -I$(WOLF_ROOT)/. $(USER_SETTINGS_H) $(MQX_INCLUDE) $(WORNING)
+
+MQX_INCLUDE = -I$(MQX_ROOT)/mqx/source/include\
+-I$(MQX_ROOT)/mqx/source/psp/cortex_m\
+-I$(MQX_ROOT)/mqx/source/psp/cortex_a/compiler/gcc_arm\
+-I$(MQX_ROOT)/mqx/source/psp/cortex_m/cpu\
+-I$(MQX_ROOT)/mfs/source/include\
+-I$(MQX_ROOT)/mqx/source/bsp/twrk70f120m\
+-I$(MQX_ROOT)/mqx/source/io/cm\
+-I$(MQX_ROOT)/mqx/source/io/lpm\
+-I$(MQX_ROOT)/mqx/source/io/serial\
+-I$(MQX_ROOT)/mqx/source/io/dma\
+-I$(MQX_ROOT)/mqx/source/io/spi\
+-I$(MQX_ROOT)/mqx/source/io/i2c\
+-I$(MQX_ROOT)/mqx/source/io/io_mem\
+-I$(MQX_ROOT)/mqx/source/io/io_null\
+-I$(MQX_ROOT)/mqx/source/io/enet\
+-I$(MQX_ROOT)/mqx/source/io/enet/macnet\
+-I$(MQX_ROOT)/mqx/source/io/lwgpio\
+-I$(MQX_ROOT)/mqx/source/io/gpio\
+-I$(MQX_ROOT)/mqx/source/io/gpio/kgpio\
+-I$(MQX_ROOT)/mqx/source/io/esdhc\
+-I$(MQX_ROOT)/mqx/source/io/sdcard\
+-I$(MQX_ROOT)/mqx/source/io/sdcard/sdcard_spi\
+-I$(MQX_ROOT)/mqx/source/io/sdcard/sdcard_esdhc\
+-I$(MQX_ROOT)/mqx/source/io/pccard\
+-I$(MQX_ROOT)/mqx/source/io/pcflash\
+-I$(MQX_ROOT)/mqx/source/io/adc/kadc\
+-I$(MQX_ROOT)/mqx/source/io/adc\
+-I$(MQX_ROOT)/mqx/source/io/lwadc\
+-I$(MQX_ROOT)/mqx/source/io/flashx\
+-I$(MQX_ROOT)/mqx/source/io/flashx/freescale\
+-I$(MQX_ROOT)/mqx/source/io/hwtimer\
+-I$(MQX_ROOT)/mqx/source/io/rtc\
+-I$(MQX_ROOT)/mqx/source/io/debug\
+-I$(MQX_ROOT)/mqx/source/io/tchres\
+-I$(MQX_ROOT)/mqx/source/io/nandflash\
+-I$(MQX_ROOT)/mqx/source/io/timer\
+-I$(MQX_ROOT)/mqx/source/io/usb\
+-I$(MQX_ROOT)/mqx/source/io/hmi\
+-I$(MQX_ROOT)/mqx/source/io/sai\
+-I$(MQX_ROOT)/mqx/source/io/rtcs\
+-I$(MQX_ROOT)/rtcs/source/include
+
+OBJ =\
+$(WOLF_ROOT)/src/crl.o\
+$(WOLF_ROOT)/src/internal.o\
+$(WOLF_ROOT)/src/keys.o\
+$(WOLF_ROOT)/src/ocsp.o\
+$(WOLF_ROOT)/src/sniffer.o\
+$(WOLF_ROOT)/src/ssl.o\
+$(WOLF_ROOT)/src/tls13.o\
+$(WOLF_ROOT)/src/tls.o\
+$(WOLF_ROOT)/src/wolfio.o\
+$(WOLF_ROOT)/wolfcrypt/src/aes.o\
+$(WOLF_ROOT)/wolfcrypt/src/arc4.o\
+$(WOLF_ROOT)/wolfcrypt/src/asm.o\
+$(WOLF_ROOT)/wolfcrypt/src/asn.o\
+$(WOLF_ROOT)/wolfcrypt/src/blake2b.o\
+$(WOLF_ROOT)/wolfcrypt/src/blake2s.o\
+$(WOLF_ROOT)/wolfcrypt/src/camellia.o\
+$(WOLF_ROOT)/wolfcrypt/src/chacha20_poly1305.o\
+$(WOLF_ROOT)/wolfcrypt/src/chacha.o\
+$(WOLF_ROOT)/wolfcrypt/src/cmac.o\
+$(WOLF_ROOT)/wolfcrypt/src/coding.o\
+$(WOLF_ROOT)/wolfcrypt/src/compress.o\
+$(WOLF_ROOT)/wolfcrypt/src/cpuid.o\
+$(WOLF_ROOT)/wolfcrypt/src/cryptocb.o\
+$(WOLF_ROOT)/wolfcrypt/src/curve25519.o\
+$(WOLF_ROOT)/wolfcrypt/src/des3.o\
+$(WOLF_ROOT)/wolfcrypt/src/dh.o\
+$(WOLF_ROOT)/wolfcrypt/src/dsa.o\
+$(WOLF_ROOT)/wolfcrypt/src/ecc.o\
+$(WOLF_ROOT)/wolfcrypt/src/ecc_fp.o\
+$(WOLF_ROOT)/wolfcrypt/src/ed25519.o\
+$(WOLF_ROOT)/wolfcrypt/src/error.o\
+$(WOLF_ROOT)/wolfcrypt/src/fe_low_mem.o\
+$(WOLF_ROOT)/wolfcrypt/src/fe_operations.o\
+$(WOLF_ROOT)/wolfcrypt/src/ge_low_mem.o\
+$(WOLF_ROOT)/wolfcrypt/src/ge_operations.o\
+$(WOLF_ROOT)/wolfcrypt/src/hash.o\
+$(WOLF_ROOT)/wolfcrypt/src/hc128.o\
+$(WOLF_ROOT)/wolfcrypt/src/hmac.o\
+$(WOLF_ROOT)/wolfcrypt/src/idea.o\
+$(WOLF_ROOT)/wolfcrypt/src/integer.o\
+$(WOLF_ROOT)/wolfcrypt/src/logging.o\
+$(WOLF_ROOT)/wolfcrypt/src/md2.o\
+$(WOLF_ROOT)/wolfcrypt/src/md4.o\
+$(WOLF_ROOT)/wolfcrypt/src/md5.o\
+$(WOLF_ROOT)/wolfcrypt/src/memory.o\
+$(WOLF_ROOT)/wolfcrypt/src/pkcs12.o\
+$(WOLF_ROOT)/wolfcrypt/src/pkcs7.o\
+$(WOLF_ROOT)/wolfcrypt/src/poly1305.o\
+$(WOLF_ROOT)/wolfcrypt/src/pwdbased.o\
+$(WOLF_ROOT)/wolfcrypt/src/rabbit.o\
+$(WOLF_ROOT)/wolfcrypt/src/random.o\
+$(WOLF_ROOT)/wolfcrypt/src/ripemd.o\
+$(WOLF_ROOT)/wolfcrypt/src/rsa.o\
+$(WOLF_ROOT)/wolfcrypt/src/sha256.o\
+$(WOLF_ROOT)/wolfcrypt/src/sha3.o\
+$(WOLF_ROOT)/wolfcrypt/src/sha512.o\
+$(WOLF_ROOT)/wolfcrypt/src/sha.o\
+$(WOLF_ROOT)/wolfcrypt/src/signature.o\
+$(WOLF_ROOT)/wolfcrypt/src/sp_arm32.o\
+$(WOLF_ROOT)/wolfcrypt/src/sp_arm64.o\
+$(WOLF_ROOT)/wolfcrypt/src/sp_armthumb.o\
+$(WOLF_ROOT)/wolfcrypt/src/sp_c32.o\
+$(WOLF_ROOT)/wolfcrypt/src/sp_c64.o\
+$(WOLF_ROOT)/wolfcrypt/src/sp_cortexm.o\
+$(WOLF_ROOT)/wolfcrypt/src/sp_int.o\
+$(WOLF_ROOT)/wolfcrypt/src/sp_x86_64.o\
+$(WOLF_ROOT)/wolfcrypt/src/srp.o\
+$(WOLF_ROOT)/wolfcrypt/src/tfm.o\
+$(WOLF_ROOT)/wolfcrypt/src/wc_encrypt.o\
+$(WOLF_ROOT)/wolfcrypt/src/wc_pkcs11.o\
+$(WOLF_ROOT)/wolfcrypt/src/wc_port.o\
+$(WOLF_ROOT)/wolfcrypt/src/wolfevent.o\
+$(WOLF_ROOT)/wolfcrypt/src/wolfmath.o
+
+
+all	: wolfssllib client server test benchmark
+
+wolfssllib	: $(OBJ)
+	$(AR) r $(WOLFLIB) $(OBJ)
+test	: wolfssllib ./user_settings.h
+	$(CC) -o test $(CFLAGS) $(WOLF_ROOT)/wolfcrypt/test/test.c $(WOLFLIB) $(MQXLIB)
+benchmark	: wolfssllib ./user_settings.h
+	$(CC)  -o benchmark $(CFLAGS)  $(WOLF_ROOT)/wolfcrypt/benchmark/benchmark.c $(WOLFLIB) $(WOLFLIB) $(MQXLIB)
+server	:  wolfssllib ./user_settings.h
+	$(CC)  -o server $(CFLAGS)  $(WOLF_ROOT)/IDE/MQX/server-tls.c $(WOLFLIB) $(MQXLIB)
+client  :  wolfssllib ./user_settings.h
+	$(CC)  -o client $(CFLAGS) $(WOLF_ROOT)/IDE/MQX/client-tls.c $(WOLFLIB) $(MQXLIB)
+clean	: 
+	rm $(OBJ) $(WOLFLIB)

IDE/MQX/README-jp.md

@@ -0,0 +1,29 @@
+# MQX向けビルド方法
+## 概要
+このMakefileはwolfSSLライブラリーとサンプルプログラムをMQX向けにビルドするためのものです。
+以下のターゲットを含んでいます。
+ - wolfssllib: wolfSSL静的ライブラリー
+ - test: 暗号アルゴリズムのテスト
+ - benchmark: 暗号アルゴリズムのベンチマーク
+ - client: TLS クライアントサンプルプログラム
+ - server: TLS サーバサンプルプログラム
+
+
+## 準備
+- 事前にGCCをインストールしておいてください。
+  GNU Arm Embedded Toolchain, https://developer.arm.com
+- 事前にMQXをインストールしておいてください。
+  Freescale MQX RTOS 4.1以降, https://www.nxp.com/
+  Freescale_MQX_4_1/doc/MQX_Getting_Started.pdfをご参照ください。
+
+## 設定
+- wolfSSL コンフィグレーションオプション
+　<wolfSSL-root>/IDE/MQX/user_settings.hファイルに必要なオプションを追加または削除してください。
+
+- Makefileの設定
+  MQX_ROOT: MQX のインストールパス
+  MQXLIB:   リンクするMQX ライブラリのパス
+  CC:       コンパイラコマンド
+  AR:       ARコマンド
+  WOLF_ROOT: Makefileの格納位置を変える場合はこの定義を変更してください
+  

IDE/MQX/README.md

@@ -0,0 +1,27 @@
+#How to build with MQX
+## Overview
+This Makefile is for building wolfSSL library and sample programs running with MQX.
+It has following targets.
+ - wolfssllib: wolfSSL static library (libwolfssl.a)
+ - test: crypt test
+ - benchmark: cypher benchmark
+ - client: TLS client example
+ - server: TLS server example
+
+## Prerequisites
+- Installed GCC
+  Download from GNU Arm Embedded Toolchain at https://developer.arm.com/
+- Installed MQX
+  Download Freescale MQX RTOS 4.1 or later at https://www.nxp.com/
+  Follow Freescale_MQX_4_1/doc/MQX_Getting_Started.pdf
+
+## Setup
+- wolfSSL configuration parameters
+  You can add or remove configuration options in <wolfSSL-root>/IDE/MQX/user_settings.h.
+
+- Setup Makefile
+  MQX_ROOT: MQX source code installed path
+  MQXLIB:   MQX library path to like with
+  CC:       compiler
+  AR:       archiver
+  WOLF_ROOT: change this if you move this Makefile location

IDE/MQX/client-tls.c

@@ -0,0 +1,163 @@
+/* client-tls.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+#define DEFAULT_PORT 11111
+
+#define CERT_FILE "../certs/ca-cert.pem"
+
+
+
+int main(int argc, char** argv)
+{
+    int                sockfd;
+    struct sockaddr_in servAddr;
+    char               buff[256];
+    size_t             len;
+    int                ret;
+
+    /* declare wolfSSL objects */
+    WOLFSSL_CTX* ctx;
+    WOLFSSL*     ssl;
+
+
+
+    /* Check for proper calling convention */
+    if (argc != 2) {
+        printf("usage: %s <IPv4 address>\n", argv[0]);
+        return 0;
+    }
+
+    /* Create a socket that uses an internet IPv4 address,
+     * Sets the socket to be stream based (TCP),
+     * 0 means choose the default protocol. */
+    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
+        fprintf(stderr, "ERROR: failed to create the socket\n");
+        ret = -1;
+        goto end;
+    }
+
+    /* Initialize the server address struct with zeros */
+    memset(&servAddr, 0, sizeof(servAddr));
+
+    /* Fill in the server address */
+    servAddr.sin_family = AF_INET;             /* using IPv4      */
+    servAddr.sin_port   = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
+
+    /* Get the server IPv4 address from the command line call */
+    if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr, sizeof(servAddr.sin_addr)) != 1) {
+        fprintf(stderr, "ERROR: invalid address\n");
+        ret = -1;
+        goto end;
+    }
+
+    /* Connect to the server */
+    if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)))
+         == -1) {
+        fprintf(stderr, "ERROR: failed to connect\n");
+        goto end;
+    }
+
+    /*---------------------------------*/
+    /* Start of security */
+    /*---------------------------------*/
+    /* Initialize wolfSSL */
+    if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) {
+        fprintf(stderr, "ERROR: Failed to initialize the library\n");
+        goto socket_cleanup;
+    }
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
+        fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+        goto socket_cleanup;
+    }
+
+    /* Load client certificates into WOLFSSL_CTX */
+    if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL))
+         != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
+                CERT_FILE);
+        goto ctx_cleanup;
+    }
+
+    /* Create a WOLFSSL object */
+    if ((ssl = wolfSSL_new(ctx)) == NULL) {
+        fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
+        ret = -1;
+        goto ctx_cleanup;
+    }
+
+    /* Attach wolfSSL to the socket */
+    if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) {
+        fprintf(stderr, "ERROR: Failed to set the file descriptor\n");
+        goto cleanup;
+    }
+
+    /* Connect to wolfSSL on the server side */
+    if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to connect to wolfSSL\n");
+        goto cleanup;
+    }
+
+    /* Get a message for the server from stdin */
+    printf("Message for server: ");
+    memset(buff, 0, sizeof(buff));
+    if (fgets(buff, sizeof(buff), stdin) == NULL) {
+        fprintf(stderr, "ERROR: failed to get message for server\n");
+        ret = -1;
+        goto cleanup;
+    }
+    len = strnlen(buff, sizeof(buff));
+
+    /* Send the message to the server */
+    if ((ret = wolfSSL_write(ssl, buff, len)) != len) {
+        fprintf(stderr, "ERROR: failed to write entire message\n");
+        fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len);
+        goto cleanup;
+    }
+
+    /* Read the server data into our buff array */
+    memset(buff, 0, sizeof(buff));
+    if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) {
+        fprintf(stderr, "ERROR: failed to read\n");
+        goto cleanup;
+    }
+
+    /* Print to stdout any data the server sends */
+    printf("Server: %s\n", buff);
+
+    /* Cleanup and return */
+cleanup:
+    wolfSSL_free(ssl);      /* Free the wolfSSL object                  */
+ctx_cleanup:
+    wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
+    wolfSSL_Cleanup();      /* Cleanup the wolfSSL environment          */
+socket_cleanup:
+    close(sockfd);          /* Close the connection to the server       */
+end:
+    return ret;               /* Return reporting a success               */
+}

IDE/MQX/include.am

@@ -0,0 +1,11 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/MQX/client-tls.c
+EXTRA_DIST+= IDE/MQX/Makefile
+EXTRA_DIST+= IDE/MQX/README-jp.md
+EXTRA_DIST+= IDE/MQX/README.md
+EXTRA_DIST+= IDE/MQX/server-tls.c
+EXTRA_DIST+= IDE/MQX/user_config.h
+EXTRA_DIST+= IDE/MQX/user_settings.h

IDE/MQX/server-tls.c

@@ -0,0 +1,194 @@
+/* server-tls.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* wolfSSL */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <addrinfo.h>
+
+#define DEFAULT_PORT 11111
+
+#define CERT_FILE "../certs/server-cert.pem"
+#define KEY_FILE  "../certs/server-key.pem"
+
+
+
+int main()
+{
+    int                sockfd;
+    int                connd;
+    struct sockaddr_in servAddr;
+    struct sockaddr_in clientAddr;
+    socklen_t          size = sizeof(clientAddr);
+    char               buff[256];
+    size_t             len;
+    int                shutdown = 0;
+    int                ret;
+    const char*        reply = "I hear ya fa shizzle!\n";
+
+    /* declare wolfSSL objects */
+    WOLFSSL_CTX* ctx;
+    WOLFSSL*     ssl;
+
+
+
+    /* Initialize wolfSSL */
+    wolfSSL_Init();
+
+
+
+    /* Create a socket that uses an internet IPv4 address,
+     * Sets the socket to be stream based (TCP),
+     * 0 means choose the default protocol. */
+    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
+        fprintf(stderr, "ERROR: failed to create the socket\n");
+        return -1;
+    }
+
+
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
+        fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
+        return -1;
+    }
+
+    /* Load server certificates into WOLFSSL_CTX */
+    if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)
+        != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
+                CERT_FILE);
+        return -1;
+    }
+
+    /* Load server key into WOLFSSL_CTX */
+    if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
+        != SSL_SUCCESS) {
+        fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
+                KEY_FILE);
+        return -1;
+    }
+
+
+
+    /* Initialize the server address struct with zeros */
+    memset(&servAddr, 0, sizeof(servAddr));
+
+    /* Fill in the server address */
+    servAddr.sin_family      = AF_INET;             /* using IPv4      */
+    servAddr.sin_port        = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
+    servAddr.sin_addr.s_addr = INADDR_ANY;          /* from anywhere   */
+
+
+
+    /* Bind the server socket to our port */
+    if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
+        fprintf(stderr, "ERROR: failed to bind\n");
+        return -1;
+    }
+
+    /* Listen for a new connection, allow 5 pending connections */
+    if (listen(sockfd, 5) == -1) {
+        fprintf(stderr, "ERROR: failed to listen\n");
+        return -1;
+    }
+
+
+
+    /* Continue to accept clients until shutdown is issued */
+    while (!shutdown) {
+        printf("Waiting for a connection...\n");
+
+        /* Accept client connections */
+        if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
+            == -1) {
+            fprintf(stderr, "ERROR: failed to accept the connection\n\n");
+            return -1;
+        }
+
+        /* Create a WOLFSSL object */
+        if ((ssl = wolfSSL_new(ctx)) == NULL) {
+            fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
+            return -1;
+        }
+
+        /* Attach wolfSSL to the socket */
+        wolfSSL_set_fd(ssl, connd);
+
+        /* Establish TLS connection */
+        ret = wolfSSL_accept(ssl);
+        if (ret != SSL_SUCCESS) {
+            fprintf(stderr, "wolfSSL_accept error = %d\n",
+                wolfSSL_get_error(ssl, ret));
+            return -1;
+        }
+
+
+        printf("Client connected successfully\n");
+
+
+
+        /* Read the client data into our buff array */
+        memset(buff, 0, sizeof(buff));
+        if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
+            fprintf(stderr, "ERROR: failed to read\n");
+            return -1;
+        }
+
+        /* Print to stdout any data the client sends */
+        printf("Client: %s\n", buff);
+
+        /* Check for server shutdown command */
+        if (strncmp(buff, "shutdown", 8) == 0) {
+            printf("Shutdown command issued!\n");
+            shutdown = 1;
+        }
+
+
+
+        /* Write our reply into buff */
+        memset(buff, 0, sizeof(buff));
+        memcpy(buff, reply, strlen(reply));
+        len = strnlen(buff, sizeof(buff));
+
+        /* Reply back to the client */
+        if (wolfSSL_write(ssl, buff, len) != len) {
+            fprintf(stderr, "ERROR: failed to write\n");
+            return -1;
+        }
+
+
+
+        /* Cleanup after this connection */
+        wolfSSL_free(ssl);      /* Free the wolfSSL object              */
+        close(connd);           /* Close the connection to the client   */
+    }
+
+    printf("Shutdown complete\n");
+
+
+
+    /* Cleanup and return */
+    wolfSSL_CTX_free(ctx);  /* Free the wolfSSL context object          */
+    wolfSSL_Cleanup();      /* Cleanup the wolfSSL environment          */
+    close(sockfd);          /* Close the socket listening for clients   */
+    return 0;               /* Return reporting a success               */
+}

IDE/MQX/user_config.h

@@ -0,0 +1 @@
+#define MQX_CPU                 PSP_CPU_MK60DN512Z

IDE/MQX/user_settings.h

@@ -0,0 +1,63 @@
+
+/* wolfSSH */
+#define WOLFSSL_PUBLIC_MP
+
+/* TLS1.3 */
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_FFDHE_2048
+#define HAVE_THREAD_LS
+
+/* SP optimization */
+#define WOLFSSL_HAVE_SP_RSA
+#define WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_SP_4096
+#define WOLFSSL_HAVE_SP_ECC
+#define HAVE_ECC384
+#define WOLFSSL_SP_384
+
+/* Hardening */
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+/* Default Cyphers */
+#define HAVE_AESGCM
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA384
+#define HAVE_HKDF
+#define NO_DSA
+#define HAVE_ECC
+#define TFM_ECC256
+#define ECC_SHAMIR
+#define WC_RSA_PSS
+#define WOLFSSL_BASE64_ENCODE
+#define NO_RC4
+#define NO_HC128
+#define NO_RABBIT
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA3
+#define WOLFSSL_SHAKE256
+#define HAVE_POLY1305
+#define HAVE_ONE_TIME_AUTH
+#define HAVE_CHACHA
+#define HAVE_HASHDRBG
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_EXTENDED_MASTER
+#define NO_RC4
+#define HAVE_ENCRYPT_THEN_MAC
+#define NO_PSK
+#define NO_MD4
+#define NO_PWDBASED
+#define USE_FAST_MATH
+#define WC_NO_ASYNC_THREADING
+#define HAVE_DH_DEFAULT_PARAMS
+#define NO_DES
+#define WOLFSSL_DH_CONST
+
+/* MQX */
+#define FREESCALE_MQX
+#define FREESCALE_NO_RNG
+

IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h

@@ -24,6 +24,7 @@ extern "C" {
 #undef  WOLFSSL_SMALL_STACK_CACHE
 //#define WOLFSSL_SMALL_STACK_CACHE
 
+#define WOLFSSL_IGNORE_FILE_WARN
 
 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
@@ -44,6 +45,25 @@ extern "C" {
 #undef  WOLFSSL_DEBUG_MATH
 //#define WOLFSSL_DEBUG_MATH
 
+/* Wolf Single Precision Math */
+#undef WOLFSSL_SP
+#if 0
+    #define WOLFSSL_SP
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_DH
+    #define WOLFSSL_HAVE_SP_ECC
+    //#define WOLFSSL_SP_CACHE_RESISTANT
+    #define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
+
+    /* SP Assembly Speedups */
+    #define WOLFSSL_SP_ASM      /* required if using the ASM versions */
+    //#define WOLFSSL_SP_ARM32_ASM
+    //#define WOLFSSL_SP_ARM64_ASM
+    //#define WOLFSSL_SP_ARM_THUMB_ASM
+    #define WOLFSSL_SP_ARM_CORTEX_M_ASM
+#endif
+
 
 /* ------------------------------------------------------------------------- */
 /* Crypto */

IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp

@@ -104,6 +104,9 @@
           <file file_name="../../wolfcrypt/src/wc_port.c" />
           <file file_name="../../wolfcrypt/src/wolfmath.c" />
           <file file_name="../../wolfcrypt/src/wolfevent.c" />
+          <file file_name="../../wolfcrypt/src/sp_c32.c" />
+          <file file_name="../../wolfcrypt/src/sp_cortexm.c" />
+          <file file_name="../../wolfcrypt/src/sp_int.c" />
         </folder>
         <folder Name="test">
           <file file_name="../../wolfcrypt/test/include.am" />

IDE/Renesas/e2studio/RA6M3/README.md

@@ -4,7 +4,7 @@ wolfSSL for Renesas RA Evaluation Kit (EK-RA6M3G)
 ## Description
 
 This directory contains e2studio projects targeted at the Renesas RA 32-bit MCUs.\
-The example projects include a wolfSSL TLS 1.2 client and server.\
+The example projects include a wolfSSL TLS client and server.\
 They also include benchmark and cryptography tests for the wolfCrypt library.
 
 The wolfssl project contains both the wolfSSL and wolfCrypt libraries.\
@@ -15,28 +15,31 @@ The other projects (benchmark, client, server and test) are built as a\
 `Renesas RA C Project Using RA Library`, where the RA library is the wolfssl project.\
 The wolfssl Project Summary is listed below and is relevant for every project.
 
-#### Project Summary
+### Project Summary
+|Item|Name/Version|
+|:--|:--|
+|Board|EK-RA6M3G|
+|Device|R7FA6M3AH3CFC|
+|Toolchain|GCC ARM Embedded|
+|FSP Version|0.8.0|
 
-`Board:   EK-RA6M3G`\
-`Device:  R7FA6M3AH3CFC`\
-`Toolchain:   GCC ARM Embedded`\
-`FSP Version:   0.8.0`
+#### Selected software components
 
-##### Selected software components
-
-`Board Support Package Common Files   v0.8.0`\
-`Arm CMSIS Version 5 - Core (M)   v5.5.1`\
-`Amazon FreeRTOS   v0.8.0`\
-`RA6M3G-EK Board Support Files   v0.8.0`\
-`Board support package for R7FA6M3AH3CFC   v0.8.0`\
-`Board support package for RA6M3   v0.8.0`\
-`Board support package for RA6M3   v0.8.0`\
-`Amazon FreeRTOS - Memory Management - Heap 4   v0.8.0`\
-`r_ether to FreeRTOS+TCP Wrapper   v0.8.0`\
-`Ethernet       v0.8.0`\
-`Ethernet PHY   v0.8.0`\
-`FreeRTOS+TCP   v0.8.0`\
-`Amazon FreeRTOS - Buffer Allocation 2   v0.8.0`
+|Components|Version|
+|:--|:--|
+|Board Support Package Common Files|v0.8.0`|
+|Arm CMSIS Version 5 - Core (M)|v5.5.1|
+|Amazon FreeRTOS|v0.8.0|
+|RA6M3G-EK Board Support Files|v0.8.0|
+|Board support package for R7FA6M3AH3CFC|v0.8.0|
+|Board support package for RA6M3|v0.8.0|
+|Board support package for RA6M3|v0.8.0|
+|Amazon FreeRTOS - Memory Management - Heap 4|v0.8.0|
+|r_ether to FreeRTOS+TCP Wrapper|v0.8.0|
+|Ethernet|v0.8.0|
+|Ethernet PHY|v0.8.0|
+|FreeRTOS+TCP|v0.8.0|
+|Amazon FreeRTOS - Buffer Allocation 2|v0.8.0|
 
 
 ## Setup Steps
@@ -46,55 +49,64 @@ These files can be generated when creating a new Renesas RA Project.\
 The following steps explain how to generate the missing files and where to place them.
 
 1.) Create a 'dummy' Renesas RA C Library Project.
-   + Click File->New->`RA C/C++ Project`
-   + Click `Renesas RA C Library Project`. Click Next
-   + Enter `dummy_library` as the project name. Click Next.
-   + Under `Board: Custom User Board`, select `EK-RA6M3G`.
-   + Under `RTOS: No RTOS`, select `Amazon FreeRTOS`.
-   + Click Next. Select `Amazon FreeRTOS - Minimal - Static Allocation`
-   + Click Finish.
+
++ Click File->New->`RA C/C++ Project`
++ Click `Renesas RA C Library Project`. Click Next
++ Enter `dummy_library` as the project name. Click Next.
++ Under `Board: Custom User Board`, select `EK-RA6M3G`.
++ Under `RTOS: No RTOS`, select `Amazon FreeRTOS`.
++ Click Next. Select `Amazon FreeRTOS - Minimal - Static Allocation`
++ Click Finish.
 
 2.) Create a 'dummy' Renesas RA C Project Using RA Library.
-   + Click File->New->`RA C/C++ Project`
-   + Click `Renesas RA C Project Using RA Library`. Click Next
-   + Enter `dummy_app` as the project name. Click Next.
-   + Under `RA library project`, select `dummy_library`.
-   + Click Finish.
+
++ Click File->New->`RA C/C++ Project`
++ Click `Renesas RA C Project Using RA Library`. Click Next
++ Enter `dummy_app` as the project name. Click Next.
++ Under `RA library project`, select `dummy_library`.
++ Click Finish.
 
 3.) Import all the wolfSSL Projects into e2studio workspace.
-   + Click File->`Open Projects from File System`
-   + Click `Directory...` to the right of Import source
-   + Select the RA6M3G folder location that contains the projects\
-      example path: wolfssl/IDE/Renesas/e2studio/RA6M3
-   + Deselect the Non-Eclipse project, RA6M3G, by clicking the checkbox\
-      Only the folders with 'Eclipse project' under 'Import as' need to be selected.
-  + Click Finish.
+
++ Click File->`Open Projects from File System`
++ Click `Directory...` to the right of Import source
++ Select the RA6M3G folder location that contains the projects\
+   example path: wolfssl/IDE/Renesas/e2studio/RA6M3
++ Deselect the Non-Eclipse project, RA6M3G, by clicking the checkbox\
+   Only the folders with 'Eclipse project' under 'Import as' need to be selected.
++ Click Finish.
 
 4.) Copy files from `dummy_library` into `wolfSSL_RA6M3G`
-   + Expand the dummy_library and wolfSSL_RA6M3G projects\
-     (Click the drop-down arrow to the left of the project name.)
-   + Select and Copy the following folders/files inside dummy_library\
-`       ra/`\
-`       ra_gen/`\
-`       ra_cfg/`\
-`       script/`\
-`       R7FA6M3AH3CFC.pincfg`\
-`       RA6M3G-EK.pingcfg`
-   + Paste the copied folders/files into wolfSSL_RA6M3G
-   + The `dummy_library` project can now be deleted.
-   + Generate Project Content.
-     + Click `Open RA Configuration` in the top bar (Grey Settings Cog)
-     + Click `Generate Project Content` at top right (Green Icon)
-   + Build wolfSSL_RA6M3G.
+
++ Expand the dummy_library and wolfSSL_RA6M3G projects\
+  (Click the drop-down arrow to the left of the project name.)
++ Select and Copy the following folders/files inside dummy_library\
+
+  `ra/`\
+  `ra_gen/`\
+  `ra_cfg/`\
+  `script/`\
+  `R7FA6M3AH3CFC.pincfg`\
+  `RA6M3G-EK.pingcfg`
+
++ Paste the copied folders/files into wolfSSL_RA6M3G
++ The `dummy_library` project can now be deleted.
++ Generate Project Content.
+  + Click `Open RA Configuration` in the top bar (Grey Settings Cog)
+  + Click `Generate Project Content` at top right (Green Icon)
++ Build wolfSSL_RA6M3G.
 
 5.) Copy files from `dummy_app` into `./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`\
     **NOTE:** This may need to be done outside of the e2studio environment (e.g. File Explorer).
-   + Select and Copy the followng folder inside dummy_app\
-`         src/`\
-`         script/`
-   + Paste the copied folders into `./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`\
-`     (The test, benchmark, client and server projects link to this folder.)`
-   + The `dummy_app` project can now be deleted.
+
++ Select and Copy the followng folder inside dummy_app\
+  
+  `src/`\
+  `script/`
+
++ Paste the copied folders into `./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`\
+  `(The test, benchmark, client and server projects link to this folder.)`
++ The `dummy_app` project can now be deleted.
 
 6.) Setup Network Environment
 
@@ -112,12 +124,14 @@ The following steps explain how to generate the missing files and where to place
 Right-Click each Project and select Build.
 
 ### Run wolfCrypt Test and Benchmark
+
 1.) Right-Click the Project name.\
 2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`\
 3.) Select J-Link ARM. Click OK.\
 4.) Select R7Fa6M3AH. Click OK.
 
 ### Run the wolfSSL TLS Server Example.
+
 1.) Right-Click the Project name.\
 2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`\
 3.) Select J-Link ARM. Click OK.\
@@ -125,34 +139,35 @@ Right-Click each Project and select Build.
 5.) Run the following wolfSSL example client command inside the base of the wolfssl directory.
 
 ```
-./examples/client/client -h "ucIPAddress" -p 11111 -A ./certs/1024/ca-cert.pem
+./examples/client/client -v 4 -h "ucIPAddress" -p 11111 -A ./certs/1024/ca-cert.pem
 ```
+
 **NOTE:** "ucIPAddress" is "192.168.1.241" by default. (See wolfssl_thread_entry.h)
 
 ### Run the wolfSSL TLS Client Example.
+
  1.) Run the following wolfSSL example server command inside the base of the wolfssl directory.
 
 ```
-./examples/server/server -b -d -p 11111 -c ./certs/1024/server-cert.pem -k ./certs/1024/server-key.pem
+./examples/server/server -v 4 -b -d -p 11111 -c ./certs/1024/server-cert.pem -k ./certs/1024/server-key.pem
 ```
-**NOTE:** The port 11111 is the DEFAULT_PORT inside wolfssl_thread_entry.h.\
-If DEFAULT_PORT was changed then the above command will need to match it.
+
+  **NOTE:** The port 11111 is the DEFAULT_PORT inside wolfssl_thread_entry.h.\
 
  2.) Right-Click the Project name.\
  3.) Select `Debug As` -> `Renesas GDB Hardware Debugging`\
  4.) Select J-Link ARM. Click OK.\
  5.) Select R7Fa6M3AH. Click OK.
 
-
 ## Troubleshooting
 
-* The commands for the example client/server assumes it is being run from the
++ The commands for the example client/server assumes it is being run from the
   base directory of wolfssl.
 
-* Enter "#define DEBUG_WOLFSSL" inside user_settings.h or wolfssl_thread_entry.c\
++ Enter "#define DEBUG_WOLFSSL" inside user_settings.h or wolfssl_thread_entry.c\
    to enable wolfssl debug messages to the Renesas Virtual Debug Console.
-   
-* Some linking errors can be caused by the e2studio project files needing to be rebuilt and freshened.
+
++ Some linking errors can be caused by the e2studio project files needing to be rebuilt and freshened.
 Right-Click a project, select Index, click Rebuild and then click Freshen Files. Repeat for each project.
 
 [Support Forum](https://www.wolfssl.com/forums/)

IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md

@@ -0,0 +1,198 @@
+wolfSSL for Alpha Project AP-RA6M-0A Setup Guide
+=================================================
+
+## Description
+
+This directory contains e2studio projects targeted at the Alpha Project AP-RA6M-0A board including the Renesas RA 32-bit MCUs.
+The example projects include a wolfSSL TLS client and server. They also include benchmark and cryptography tests for the wolfCrypt library.
+
+The wolfssl project contains both the wolfSSL and wolfCrypt libraries. It is built as a `Renesas RA C Library Project` and contains the Renesas RA configuration.
+
+The other projects (benchmark, client, server and test) are built as a `Renesas RA C Project Using RA Library`, where the RA library is the wolfssl project.
+The wolfssl Project Summary is listed below and is relevant for every project.
+
+### Project Summary
+|Item|Name/Version|
+|:--|:----|
+|e2studio|2020-07|
+|Board    |AP-RA6M-0A   |
+|Device   |R7FA6M3AH3CFC|
+|Toolchain|GCC ARM Embedded
+|FSP Version|1.3.0|
+
+### Selected software components
+|Component|Version|
+|:--|:---|
+|Board Support Package Common Files|v1.3.0|
+|Arm CMSIS Version 5 - Core (M) |v5.7.0|
+|Board support package for R7FA6M3AH3CFC |v1.3.0|
+|Board support package for RA6M3|v1.3.0  |
+|Board support package for RA6M3 - FSP Data|v1.3.0|
+|FreeRTOS|v1.3.0|
+|FreeRTOS - Buffer Allocation 2 |v1.3.0|
+|FreeRTOS+TCP|v1.3.0|
+|r_ether to FreeRTOS+TCP Wrapper|v1.3.0|
+|Ethernet |v1.3.0   |
+|Ethernet PHY|v1.3.0|
+|I/O Port|v1.3.0    |
+|BSP-Board|v1.2.0   |
+
+## Setup Steps
+
+The project directories are missing files necessary to build the project.\
+These files can be generated when creating a new Renesas RA Project.\
+The following steps explain how to generate the missing files and where to place them.
+
+1.) Download Alpha project example program from [Alpha Project Home Page](https://www.apnet.co.jp/product/ra/ap-ra6m-0a.html)
+
++ Unzip the downloaded example project
+
+2.) Create a 'dummy' Renesas RA C Library Project on e2studio
+
++ Click File->New->`RA C/C++ Project`
++ Enter `dummy_library` as the project name. Click Next.
++ Select `Board: Custom User Board`.
++ Select `R7FA6M3AH3CFC
++ Under `RTOS: No RTOS`, select `FreeRTOS`.
++ Click Next. Select `FreeRTOS - Minimal - Static Allocation`
++ Click `Renesas RA C Library Project`. Click Next
++ Click Finish.
+
+3.) Create a 'dummy' Renesas RA C Project Using RA Library  on e2studio
+
++ Click File->New->`RA C/C++ Project`
++ Enter `dummy_app` as the project name. Click Next.
++ Under `RA library project`, select `dummy_library`.
++ Click `Executable Using an RA Static Library`. Click Next
++ Click Finish.
++ Enter `dummy_app` as Project name
++ Select RA library project `dummy_library`
+
+4.) Import all the wolfSSL Projects into e2studio workspace.
+
++ Click File->`Open Projects from File System`
++ Click `Directory...` to the right of Import source
++ Select the RA6M3G folder location that contains the projects
+   example path: wolfssl/IDE/Renesas/e2studio/RA6M3
++ Deselect the Non-Eclipse project, RA6M3G, by clicking the checkbox
+   Only the folders with 'Eclipse project' under 'Import as' need to be selected.
++ Click Finish.
+
+5.) Copy files from `dummy_library` into `wolfSSL_RA6M3G`
+
++ Expand the dummy_library and wolfSSL_RA6M3G projects
+  (Click the drop-down arrow to the left of the project name.)
++ Select and Copy the following folders/files inside dummy_library
+
+    `ra/`  
+    `ra_gen/`  
+    `ra_cfg/`  
+    `script/`
+
++ Paste the copied folders/files into wolfSSL_RA6M3G
++ The `dummy_library` project can now be deleted.
++ Copy `APRA6M0A.pincfg` from ap_ra6m_0a_sample\sample\ap_ra6m_0a_ether_sample to wolfSSL_RA6M3G
++ Delete `R7FA6M3AH3CFC.pincfg` from wolfSSL_RA6M3G
++ Generate Project Content.
+
+  + Click `Open RA Configuration` in the top bar (Grey Settings Cog)
+  + Go to `BSP` tab and import CMSIS pack file, AP.APRA6M0A.x.x.x.pack, from ap_ra6m_0a_sample\sample folder
+  + Select APRA6M0A as Board
+  + Go to `Pins` tab and select APRA6M0A.pincfg
+  + Go to `Stacks` tab and add Heap 4 stack from New Stack(+ Icon)
+  + Click `Generate Project Content` at top right (Green Icon)
++ Build wolfSSL_RA6M3G.
+
+6.) Copy files from `dummy_app` into `./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`
+    **NOTE:** This may need to be done outside of the e2studio environment (e.g. File Explorer).
+
++ Select and Copy the followng folder inside dummy_app
+
+    `src/`  
+    `script/`
+
++ Paste the copied folders into `./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`
+`(The test, benchmark, client and server projects link to this folder.)`
++ The `dummy_app` project can now be deleted.
+
+7.) Setup Network Environment
+
+        The client and server projects have defines inside their wolfssl_thread_entry.h.
+        These defines (ucIPAddress ... ucDNSServerAddress) may need to be changed
+        based on your internal network environment.  The g_ether0_mac_address is the default
+        mac address found inside the RA configuration inside the wolfssl project.
+        The client wolfssl_thread_entry.h has defines (SERVER_IP and DEFAULT_PORT) that
+        will need to be changed based on the server you're trying to connect to over
+        the ethernet connection.
+
+## Build and Run
+
+### Build Each Project
+Right-Click each Project and select Build.
+
+### Run wolfCrypt Test and Benchmark
+
+1.) Right-Click the Project name.  
+2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`  
+3.) Select J-Link ARM. Click OK.  
+4.) Select R7Fa6M3AH. Click OK.
+
+### Run the wolfSSL TLS Server Example.
+
+1.) Right-Click the Project name.  
+2.) Select `Debug As` -> `Renesas GDB Hardware Debugging`  
+3.) Select J-Link ARM. Click OK.  
+4.) Select R7Fa6M3AH. Click OK.  
+5.) Run the following wolfSSL example client command inside the base of the wolfssl directory.
+
+```
+./examples/client/client -v 4 -h "ucIPAddress" -p 11111 -A ./certs/1024/ca-cert.pem
+```
+
+**NOTE:** "ucIPAddress" is "192.168.1.241" by default. (See wolfssl_thread_entry.h)
+
+### Run the wolfSSL TLS Client Example.
+
+ 1.) Run the following wolfSSL example server command inside the base of the wolfssl directory.
+
+```
+./examples/server/server -v 4 -b -d -p 11111 -c ./certs/1024/server-cert.pem -k ./certs/1024/server-key.pem
+```
+
+   **NOTE:** The port 11111 is the DEFAULT_PORT inside wolfssl_thread_entry.h.
+   If DEFAULT_PORT was changed then the above command will need to match it.
+
+ 2.) Right-Click the Project name.\
+ 3.) Select `Debug As` -> `Renesas GDB Hardware Debugging`\
+ 4.) Select J-Link ARM. Click OK.\
+ 5.) Select R7Fa6M3AH. Click OK.
+
+## Troubleshooting
+
++ The commands for the example client/server assumes it is being run from the
+  base directory of wolfssl.
+
++ Enter "#define DEBUG_WOLFSSL" inside user_settings.h or wolfssl_thread_entry.c
+   to enable wolfssl debug messages to the Renesas Virtual Debug Console.
+
++ Some linking errors can be caused by the e2studio project files needing to be rebuilt and freshened.
+Right-Click a project, select Index, click Rebuild and then click Freshen Files. Repeat for each project.
+
+[Support Forum](https://www.wolfssl.com/forums/)
+
+Support Email: support@wolfssl.com
+
+
+## Resources
+
+[wolfSSL Website](https://www.wolfssl.com/)
+
+[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
+
+[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
+
+[wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
+
+[wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
+
+[TLS 1.3](https://www.wolfssl.com/docs/tls13/)

IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md

@@ -0,0 +1,197 @@
+wolfSSL/AlphaProject AP-RA6M-0A ボードデモ　セットアップガイド
+=================================================
+
+## はじめに
+
+このフォルダにはルネサス社製 RA 32-bit MCU を搭載するアルファプロジェクト製 AP-RA6M-0A で wolfSSL を動作させるための手順です。
+サンプルプログラムには、暗号テスト、ベンチマーク、及びクライアント・サーバーを含んでいます。
+
+wolfSSL のプロジェクトファイルは、wolfSSL と wolfCrypt の両方で構成され、Renesas RA のコンフィグレーションを含む`Renesas RA C/C++ Library Project`としてビルドされます。
+その他、ベンチマーク、暗号テスト、及びクライアント・サーバーのサンプルプログラムは、`Renesas RA C Project Using RA Library`としてビルドされます。
+
+プロジェクトの概要と全ての関連するソフトウェアコンポーネントに関する情報を下記になります。
+
+### プロジェクトの概要
+|要素|名前/バージョン|
+|:--|:--|
+|e2studio|2020-07|
+|Board|AP-RA6M-0A|
+|Device|R7FA6M3AH3CFC|
+|Toolchain|GCC ARM Embedded|
+|FSP Version|1.3.0|
+
+#### 必要なソフトウェアコンポーネント
+|コンポーネント|バージョン|
+|:--|:--|
+|Board Support Package Common Files|v1.3.0|
+|Arm CMSIS Version 5 - Core (M) |v5.7.0|
+|Board support package for R7FA6M3AH3CFC |v1.3.0|
+|Board support package for RA6M3|v1.3.0  |
+|Board support package for RA6M3 - FSP Data|v1.3.0|
+|FreeRTOS|v1.3.0|
+|FreeRTOS - Buffer Allocation 2 |v1.3.0|
+|FreeRTOS+TCP|v1.3.0|
+|r_ether to FreeRTOS+TCP Wrapper|v1.3.0|
+|Ethernet |v1.3.0   |
+|Ethernet PHY|v1.3.0|
+|I/O Port|v1.3.0    |
+|BSP-Board|v1.2.0   |
+
+## セットアップ手順
+
+プロジェクトのフォルダーには、ビルドに必要なファイルが不足しています。そららのファイルをダミーのプロジェクトを作成し補います。
+
+次に続くステップは、不足しているファイルを作成し、それらを必要としているプロジェクトにコピーする手順です。
+
+1.) [アルファプロジェクト社のホームページ](https://www.apnet.co.jp/product/ra/ap-ra6m-0a.html)からサンプルプログラムをダウンロード
+
++ ダウンロードしたサンプルプログラムを適当なフォルダーへ解凍
+
+2.) e2Studio で'ダミー' Renesas RA C Library プロジェクトを作成
+
++ ファイル→新規→`RA C/C++ Project`をクリック
++ `Renesas RA C/C++ Library Project`を選択し、次へをクリック
++ 'dummy_library` とプロジェクト名を入力します。
++ `Board:` ドロップダウンから `EK-RA6M3T`を選択します
++ `RTOS: No TROS` を `FreeRTOS` を選択します。
++ `Build Artifact Selection` の `Static Library`を選択し、次へをクリック
++ `FreeRTOS - Minimal - Static Allocation` を選択し、終了をクリック
+
+3.) e2Studio で 'ダミー'の Renesas RA C/C++ Project Using RA Library を作成
+
++ ファイル→新規→`RA C/C++ Project`をクリック
++ `Renesas RA C/C++ Library Project`を選択し、次へをクリック
++ 'dummy_app` とプロジェクト名を入力します。
++ `Board:` ドロップダウンから `EK-RA6M3T`を選択します
++ `RTOS: No TROS` を `FreeRTOS` を選択しまし、次へをクリック
++ `Build Artifact Selection` の `Executable Using an RA Static Library`を選択し、終了をクリック
++ 'dummy_app` とプロジェクト名を入力し、次へクリック
++ `RA library project`の `Select RA Library`から, `dummy_library`を選択し、終了をクリック
+
+4.) 全ての wolfSSL e2studio プロジェクトをインポート
+
++ メニューの「ファイル」→「ファイル・システムからプロジェクトを開く」をクリック
++ インポート元の `ディレクトリー...` をクリック
++ RA6M3 フォルダーを選択。wolfssl/IDE/Renesas/e2studio/RA6M3
++ Eclipseのプロジェクトではない、RA6M3を除外します。
+   その他、ベンチマーク、暗号テスト、クライアント・サーバーの各プロジェクトは選択しておく。
++ 終了をクリック
+
+5.) `dummy_library`からwolfSSL_RA6M3Gへ必要なファイルをコピー
+
++ `dummy_library` と `wolfSSL_RA6M3G` プロジェクトを開く
+  プロジェクト名横にある矢印マークをクリック
++ `dummy_library` の以下のフォルダーとファイルを選択
+
+    `ra/`  
+    `ra_gen/`  
+    `ra_cfg/`  
+    `script/`
+
++ 選択したフォルダーとファイルを `wolfSSL_RA6M3G`プロジェクトに貼り付け
++ `dummy_library`プロジェクトは削除しても構いません
++ `APRA6M0A.pincfg` を解凍した ap_ra6m_0a_sample\sample\ap_ra6m_0a_ether_sample から `wolfSSL_RA6M3G`プロジェクトへコピー
++ `wolfSSL_RA6M3G`フォルダー内の `R7FA6M3AH3CFC.pincfg` は削除します。
++ プロジェクトに必要なファイルを生成します。
++ `Open RA Configuration`(上部のアイコンバーにある灰色歯車ボタン)をクリック
+
+  + `BSP`　タブに移動し、CMSIS Pack のインポートボタンをクリック
+  + インポート画面で、CMSIS pack ファイルを指定
+   ステップ 1で解凍したap_ra6m_0a_sample\sampleフォルダー中の AP.APRA6M0A.x.x.x.pack を指定します。
+  + `APRA6M0A` を Board として指定
+  + `Pins`タブに移動し、`APRA6M0A.pincfg`を選択
+  + `Stacks`タブに移動し、Heap 4 stack を New Stack から追加
+  + `Generate Project Content`（右上部にある緑色アイコン）をクリックし、ファイルを生成
++ `wolfSSL_RA6M3G`をビルド
+
+6.) `dummy_app` から必要なファイルを`./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`へコピー
+
+    **NOTE:** この作業は、e2studio ではなく、Explorer などを使用します。
+
++ `dummy_app`の以下のフォルダーをコピー
+
+    `src/`  
+    `script/`
+
++ 選択したフォルダーを`./IDE/Renesas/e2studio/RA6M3/common/ra6m3g/`へコピー
+`(暗号テスト、ベンチマーク、クライアント・サーバーの各プロジェクトはこのフォルダーを参照)`
++ `dummy_app`プロジェクトは削除しても構いません
+
+7.) ネットワーク環境について
+
+        クライアント・サーバーのプロジェクト内のwolfssl_thread_entry.hにネットワーク設定があります。
+        それらの設定（ucIPAddress ... ucDNSServerAddress)は、ご使用のネットワーク環境に合わせて変更して
+        してください。g_ether0_mac_address は、`wolfSSL_RA6M3G`プロジェクト内の RA configuration
+        で定義されているデフォルトのMACアドレスです。クライアントのwolfssl_thread_entry.h は
+        ターゲットのサーバーのSERVER_IP と DEFAULT_PORTの定義を持ちます。それらはご使用のサーバーの
+        の設定に応じて変更してください。
+
+## ビルドと実行
+
+### 各プロジェクトをビルド
+各プロジェクトで右クリックし、ビルドを選択
+
+### 暗号テストとベンチマークを実行
+
+1.) プロジェクト名を選択し、右クリック\
+2.) `デバック` → `Renesas GDB Hardware Debugging`\
+3.) `J-Link ARM`を選択し、OK をクリック\
+4.) `R7FA6M3AH`を選択し、OK をクリック
+
+### wolfSSL TLS サンプルサーバーを実行
+
+1.) プロジェクト名を選択し、右クリック\
+2.) `デバック` → `Renesas GDB Hardware Debugging`\
+3.) `J-Link ARM`を選択し、OK をクリック\
+4.) `R7FA6M3AH`を選択し、OK をクリック\
+5.)以下のサンプルのクライアントプログラムを実行
+
+```
+./examples/client/client -v 4 -h "ucIPAddress" -p 11111 -A ./certs/1024/ca-cert.pem
+```
+
+**NOTE:** "ucIPAddress" はデフォルトでは "192.168.1.241"  (参照： wolfssl_thread_entry.h)
+
+### wolfSSL TLS サンプルクライアントを実行
+1.)以下のサンプルのサーバープログラムを実行
+
+```
+./examples/server/server -b -d -p 11111 -c ./certs/1024/server-cert.pem -k ./certs/1024/server-key.pem
+```
+
+TLS 1.3 で接続する際には、引数に "-v 4" を追加します。
+```
+./examples/server/server -v 4 -b -d -p 11111 -c ./certs/1024/server-cert.pem -k ./certs/1024/server-key.pem
+```
+**NOTE:** wolfssl_thread_entry.h中にデフォルトのポート番号 11111 定義(DEFAULT_PORT)
+もし、DEFAULT_PORTを変更している場合、、上記のコマンドの "-p" の値は対応するポート番号に要変更
+
+2.) プロジェクト名を選択し、右クリック\
+3.) `デバック` → `Renesas GDB Hardware Debugging`\
+4.) `J-Link ARM`を選択し、OK をクリック\
+5.) `R7FA6M3AH`を選択し、OK をクリック
+
+## トラブルシューティング
+
++ サンプルのクライアント・サーバープログラムは、wolfSSL のルートディレクトリから実行する必要があります。
++ user_settings.h の #define DEBUG_WOLFSSL を有効にすることで、デバックメッセージを\
+  `Renesas Virtual Debug Console`へ出力します。
++ プロジェクトのビルドでリンクエラーが出た場合、リビルドしリフレッシュすることで解決することがあります。
+
+[Support Forum](https://www.wolfssl.com/forums/)
+
+Support Email: support@wolfssl.com
+
+## 参考リンク
+
+[wolfSSL Website](https://www.wolfssl.com/)
+
+[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
+
+[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
+
+[wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
+
+[wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
+
+[TLS 1.3](https://www.wolfssl.com/docs/tls13/)

IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c

@@ -95,7 +95,7 @@ void wolfssl_thread_entry(void *pvParameters) {
     wolfSSL_Init();
 
     /* Create and initialize WOLFSSL_CTX */
-    ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
+    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method_ex((void *)NULL));
     if (ctx == NULL) {
         printf("Error: wolfSSL_CTX_new.\n");
         util_inf_loop(xClientSocket, ctx, ssl);

IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h

@@ -24,11 +24,12 @@
 #include <errno.h>
 #include <wolfssl/certs_test.h>
 
+extern uint8_t g_ether0_mac_address[6];
+
 static const byte ucIPAddress[4]          = { 192, 168, 1, 241 };
 static const byte ucNetMask[4]            = { 255, 255, 255, 0 };
 static const byte ucGatewayAddress[4]     = { 192, 168, 1, 1 };
 static const byte ucDNSServerAddress[4]   = { 192, 168, 1, 1 };
-static const byte g_ether0_mac_address[6] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 };
 
 /* Client connects to the server with these details. */
 #define SERVER_IP    "192.168.1.240"

IDE/Renesas/e2studio/RA6M3/common/user_settings.h

@@ -21,10 +21,16 @@
 #ifndef USER_SETTINGS_H_
 #define USER_SETTINGS_H_
 
+
 /* Temporary defines. Not suitable for production. */
 #define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
 /* End temporary defines */
 
+/* TLS 1.3 */
+#define WOLFSSL_TLS13
+#define HAVE_HKDF
+#define WC_RSA_PSS
+
 /* Operating Environment and Threading */
 #define FREERTOS
 #define FREERTOS_TCP
@@ -73,5 +79,6 @@
 
 void wolfssl_thread_entry(void *pvParameters);
 extern void initialise_monitor_handles(void);
+int strncasecmp(const char *s1, const char * s2, unsigned int sz);
 
 #endif /* USER_SETTINGS_H_ */

IDE/Renesas/e2studio/RA6M3/include.am

@@ -31,3 +31,6 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M3/wolfssl/configuration.xml
 
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M3/README.md
 EXTRA_DIST+= IDE/Renesas/e2studio/RA6M3G/README.md
+
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M3/README_APRA6M_en.md
+EXTRA_DIST+= IDE/Renesas/e2studio/RA6M3/README_APRA6M_jp.md

IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c

@@ -96,7 +96,7 @@ void wolfssl_thread_entry(void *pvParameters) {
         configASSERT(xConnectedSocket != FREERTOS_INVALID_SOCKET);
 
         /* Create WOLFSSL_CTX object */
-        ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
+        ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex((void *)NULL));
 
         /* Load server certificates into WOLFSSL_CTX */
         if (ctx == NULL) {
@@ -142,7 +142,6 @@ void wolfssl_thread_entry(void *pvParameters) {
         }
         memset(buff, 0, sizeof(buff));
         ret = wolfSSL_read(ssl, buff, sizeof(buff) - 1);
-
         if (ret < 0)
             break;
 
@@ -156,6 +155,8 @@ void wolfssl_thread_entry(void *pvParameters) {
 
         /* Reply back to the client */
         ret = wolfSSL_write(ssl, buff, (int) strlen(buff));
+        if (ret < 0)
+            break;
 
         /* Cleanup after this connection */
         util_Cleanup(xConnectedSocket, ctx, ssl);

IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h

@@ -23,11 +23,12 @@
 
 #include <wolfssl/certs_test.h>
 
+extern uint8_t g_ether0_mac_address[6];
+
 static const byte ucIPAddress[4]          = { 192, 168, 1, 241 };
 static const byte ucNetMask[4]            = { 255, 255, 255, 0 };
 static const byte ucGatewayAddress[4]     = { 192, 168, 1, 1 };
 static const byte ucDNSServerAddress[4]   = { 192, 168, 1, 1 };
-static const byte g_ether0_mac_address[6] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55 };
 
 /* Server Cert and Key */
 #define CERT_BUF        server_cert_der_1024

IDE/Renesas/e2studio/RA6M3/wolfssl/.project

@@ -30,11 +30,6 @@
 		<nature>com.renesas.cdt.ra.contentgen.raNature</nature>
 	</natures>
 	<linkedResources>
-		<link>
-			<name>src/bio.c</name>
-			<type>1</type>
-			<locationURI>PARENT-5-PROJECT_LOC/src/bio.c</locationURI>
-		</link>
 		<link>
 			<name>src/crl.c</name>
 			<type>1</type>
@@ -195,11 +190,6 @@
 			<type>1</type>
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/error.c</locationURI>
 		</link>
-		<link>
-			<name>wolfcrypt/evp.c</name>
-			<type>1</type>
-			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/evp.c</locationURI>
-		</link>
 		<link>
 			<name>wolfcrypt/fe_low_mem.c</name>
 			<type>1</type>
@@ -275,11 +265,6 @@
 			<type>1</type>
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/memory.c</locationURI>
 		</link>
-		<link>
-			<name>wolfcrypt/misc.c</name>
-			<type>1</type>
-			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/misc.c</locationURI>
-		</link>
 		<link>
 			<name>wolfcrypt/pkcs12.c</name>
 			<type>1</type>

IDE/STM32Cube/README.md

@@ -14,8 +14,13 @@ These examples use the Cube HAL for STM32.
 
 ## Configuration
 
-The settings for the wolfSTM32 project are located in `<wolfssl-root>/IDE/STM32Cube/wolfSSL.wolfSSL_conf.h`. The section for "Hardware platform" may need to be adjusted depending on your processor and board:
+The settings for the wolfSSL CubeMX pack are in the generated `wolfSSL.I-CUBE-wolfSSL_conf.h` file. An example of this is located in `IDE/STM32Cube/wolfSSL_conf.h` (renamed to avoid possible conflicts with generated file).
 
+The template used for generation is `IDE/STM32Cube/default_conf.ftl` which can be updated at `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/CubeMX/templates/default_conf.ftl`.
+
+The section for "Hardware platform" may need to be adjusted depending on your processor and board:
+
+* To enable STM32F1 support define `WOLFSSL_STM32F1`.
 * To enable STM32F2 support define `WOLFSSL_STM32F2`.
 * To enable STM32F4 support define `WOLFSSL_STM32F4`.
 * To enable STM32F7 support define `WOLFSSL_STM32F7`.
@@ -37,18 +42,50 @@ To enable the latest Cube HAL support please define `STM32_HAL_V2`.
 
 If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM32_CUBEMX`.
 
+With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header, which must be a multiple of 4 bytes.
+
+If using `STM32_AESGCM_PARTIAL` with the following patch it will enable use for all AAD header sizes. The `STM32Cube_FW_F7_V1.16.0` patch is:
+
+```
+diff --git a/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h b/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
+--- a/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
++++ b/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
+@@ -63,6 +63,7 @@ typedef struct
+                                         GCM : also known as Additional Authentication Data
+                                         CCM : named B1 composed of the associated data length and Associated Data. */
+   uint32_t HeaderSize;                /*!< The size of header buffer in word  */
++  uint32_t HeaderPadSize;             /*!< <PATCH> The size of padding in bytes added to actual header data to pad it to a multiple of 32 bits </PATCH>  */
+   uint32_t *B0;                       /*!< B0 is first authentication block used only  in AES CCM mode */
+   uint32_t DataWidthUnit;              /*!< Data With Unit, this parameter can be value of @ref CRYP_Data_Width_Unit*/
+   uint32_t KeyIVConfigSkip;            /*!< CRYP peripheral Key and IV configuration skip, to config Key and Initialization
+
+diff --git a/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c b/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c
+--- a/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c
++++ b/Drivers/STM32F7xx_HAL_Driver/Src/stm32f7xx_hal_cryp_ex.c
+@@ -132,6 +132,8 @@ HAL_StatusTypeDef HAL_CRYPEx_AESGCM_GenerateAuthTAG(CRYP_HandleTypeDef *hcryp, u
+   uint64_t inputlength = (uint64_t)hcryp->SizesSum * 8U; /* input length in bits */
+   uint32_t tagaddr = (uint32_t)AuthTag;
+ 
++  headerlength -= ((uint64_t)(hcryp->Init.HeaderPadSize) * 8U); /* <PATCH> Decrement the header size removing the pad size </PATCH> */  
++
+   if (hcryp->State == HAL_CRYP_STATE_READY)
+   {
+     /* Process locked */
+```
+
 If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL_HEAP_SIZE` increased.
 
-The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap.
+The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. This uses both a TLS client and server to test a TLS connection locally for each enabled TLS cipher suite.
 
 ## STM32 Cube Pack
 
 ### STM32 Cube Pack Installation
 
-1. Download [wolfSSL Cube Pack](https://www.wolfssl.com/files/ide/I-CUBE-WOLFSSL-WOLFSSL.pack)
+1. Download [wolfSSL Cube Pack](https://www.wolfssl.com/files/ide/I-CUBE-wolfSSL.pack)
 2. Run the “STM32CubeMX” tool.
 3. Under “Manage software installations” click “INSTALL/REMOVE” button.
-4. From Local and choose “I-CUBE-WOLFSSL-WOLFSSL.pack”.
+4. From Local and choose “I-CUBE-wolfSSL.pack”.
+5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance.
 
 ### STM32 Cube Pack Usage
 
@@ -56,13 +93,14 @@ The TLS client/server benchmark example requires about 76 KB for allocated tasks
 2. Under “Software Packs” choose “Select Components”.
 3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
 4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters.
-5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math”
+5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option.
 6. Generate Code
 7. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
+8. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.
 
 ### STM32 Cube Pack Examples
 
-In the `I-CUBE-WOLFSSL-WOLFSSL.pack` pack there are pre-assembled example projects available.
+In the `I-CUBE-wolfSSL.pack` pack there are pre-assembled example projects available.
 After installing the pack you can find these example projects in `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/Projects`.
 To use an example:
 
@@ -87,6 +125,49 @@ Please select one of the above options:
 
 See [STM32_Benchmarks.md](STM32_Benchmarks.md).
 
+Note: The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
+
+## STM32 Printf
+
+In main.c make the following changes:
+
+```
+/* Retargets the C library printf function to the USART. */
+#include <stdio.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#ifdef __GNUC__
+int __io_putchar(int ch)
+#else
+int fputc(int ch, FILE *f)
+#endif
+{
+    HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF);
+
+    return ch;
+}
+#ifdef __GNUC__
+int _write(int file,char *ptr, int len)
+{
+    int DataIdx;
+    for (DataIdx= 0; DataIdx< len; DataIdx++) {
+        __io_putchar(*ptr++);
+    }
+    return len;
+}
+#endif
+
+int main(void)
+{
+    /* Reset of all peripherals, Initializes the Flash interface and the Systick. */
+    HAL_Init();
+
+    /* Turn off buffers, so I/O occurs immediately */
+    setvbuf(stdin, NULL, _IONBF, 0);
+    setvbuf(stdout, NULL, _IONBF, 0);
+    setvbuf(stderr, NULL, _IONBF, 0);
+
+```
+
 ## Support
 
 For questions please email [support@wolfssl.com](mailto:support@wolfssl.com)

IDE/STM32Cube/default_conf.ftl

@@ -0,0 +1,539 @@
+[#ftl]
+/**
+  ******************************************************************************
+  * File Name          : ${name}
+  * Description        : This file provides code for the configuration
+  *                      of the ${name} instances.
+  ******************************************************************************
+[@common.optinclude name=mxTmpFolder+"/license.tmp"/][#--include License text --]
+  ******************************************************************************
+  */
+[#assign s = name]
+[#assign toto = s?replace(".","_")]
+[#assign toto = toto?replace("/","")]
+[#assign toto = toto?replace("-","_")]
+[#assign inclusion_protection = toto?upper_case]
+/* Define to prevent recursive inclusion -------------------------------------*/
+#ifndef __${inclusion_protection}__
+#define __${inclusion_protection}__
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+/* Includes ------------------------------------------------------------------*/
+[#if includes??]
+[#list includes as include]
+#include "${include}"
+[/#list]
+[/#if]
+
+[#-- SWIPdatas is a list of SWIPconfigModel --]  
+[#list SWIPdatas as SWIP]  
+[#-- Global variables --]
+[#if SWIP.variables??]
+	[#list SWIP.variables as variable]
+extern ${variable.value} ${variable.name};
+	[/#list]
+[/#if]
+
+[#-- Global variables --]
+
+[#assign instName = SWIP.ipName]   
+[#assign fileName = SWIP.fileName]   
+[#assign version = SWIP.version]   
+
+/**
+	MiddleWare name : ${instName}
+	MiddleWare fileName : ${fileName}
+	MiddleWare version : ${version}
+*/
+[#if SWIP.defines??]
+	[#list SWIP.defines as definition]	
+/*---------- [#if definition.comments??]${definition.comments}[/#if] -----------*/
+#define ${definition.name} #t#t ${definition.value} 
+[#if definition.description??]${definition.description} [/#if]
+	[/#list]
+[/#if]
+
+
+
+[/#list]
+
+/* ------------------------------------------------------------------------- */
+/* Hardware platform */
+/* ------------------------------------------------------------------------- */
+#define NO_STM32_HASH
+#define NO_STM32_CRYPTO
+
+#if defined(STM32WB55xx)
+    #define WOLFSSL_STM32WB
+    #define WOLFSSL_STM32_PKA
+    #undef  NO_STM32_CRYPTO
+    #define HAL_CONSOLE_UART huart1
+#elif defined(STM32F407xx)
+    #define WOLFSSL_STM32F4
+    #define HAL_CONSOLE_UART huart2
+#elif defined(STM32F437xx)
+    #define WOLFSSL_STM32F4
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define STM32_HAL_V2
+    #define HAL_CONSOLE_UART huart4
+#elif defined(STM32F777xx)
+    #define WOLFSSL_STM32F7
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define STM32_HAL_V2
+    #define HAL_CONSOLE_UART huart2
+    #define STM32_AESGCM_PARTIAL /* allow partial blocks and add auth info (header) */
+#elif defined(STM32H753xx)
+    #define WOLFSSL_STM32H7
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define HAL_CONSOLE_UART huart3
+#elif defined(STM32L4A6xx)
+    #define WOLFSSL_STM32L4
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define HAL_CONSOLE_UART hlpuart1
+#elif defined(STM32L475xx)
+    #define WOLFSSL_STM32L4
+    #define HAL_CONSOLE_UART huart1
+#elif defined(STM32L562xx)
+    #define WOLFSSL_STM32L5
+    #define WOLFSSL_STM32_PKA
+    #undef  NO_STM32_HASH
+    #undef  NO_STM32_CRYPTO
+    #define HAL_CONSOLE_UART huart1
+#elif defined(STM32L552xx)
+    #define WOLFSSL_STM32L5
+    #undef  NO_STM32_HASH
+    #define HAL_CONSOLE_UART hlpuart1
+#elif defined(STM32F207xx)
+    #define WOLFSSL_STM32F2
+    #define HAL_CONSOLE_UART huart3
+#elif defined(STM32F107xC)
+    #define WOLFSSL_STM32F1
+    #define HAL_CONSOLE_UART huart4
+    #define NO_STM32_RNG
+#elif defined(STM32F401xE)
+    #define WOLFSSL_STM32F4
+    #define HAL_CONSOLE_UART huart2
+    #define NO_STM32_RNG
+    #define WOLFSSL_GENSEED_FORTEST
+#else
+    #warning Please define a hardware platform!
+    /* This means there is not a pre-defined platform for your board/CPU */
+    /* You need to define a CPU type, HW crypto and debug UART */
+    /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4, 
+        WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4 and WOLFSSL_STM32L5 */
+    #define WOLFSSL_STM32F4
+
+    /* Debug UART used for printf */
+    /* The UART interface number varies for each board/CPU */
+    /* Typically this is the UART attached to the ST-Link USB CDC UART port */
+    #define HAL_CONSOLE_UART huart4
+
+    /* Hardware Crypto - uncomment as available on hardware */
+    //#define WOLFSSL_STM32_PKA
+    //#define NO_STM32_RNG
+    //#undef  NO_STM32_HASH
+    //#undef  NO_STM32_CRYPTO
+    //#define WOLFSSL_GENSEED_FORTEST
+    //#define STM32_HAL_V2
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#define SIZEOF_LONG_LONG 8
+#define WOLFSSL_GENERAL_ALIGNMENT 4
+#define WOLFSSL_STM32_CUBEMX
+#define WOLFSSL_SMALL_STACK
+#define WOLFSSL_USER_IO
+#define WOLFSSL_NO_SOCK
+#define WOLFSSL_IGNORE_FILE_WARN
+
+
+/* ------------------------------------------------------------------------- */
+/* Operating System */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
+    #define FREERTOS
+#else
+    #define SINGLE_THREADED
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+/* 1=Fast, 2=Normal, 3=SP C, 4=SP Cortex-M */
+#if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2
+    /* fast (stack) math */
+    #define USE_FAST_MATH
+    #define TFM_TIMING_RESISTANT
+
+    /* Optimizations (TFM_ARM, TFM_ASM or none) */
+    //#define TFM_NO_ASM
+    //#define TFM_ASM
+#endif
+#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH == 3 || WOLF_CONF_MATH == 4)
+    /* single precision only */
+    #define WOLFSSL_SP
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_DH
+    #define WOLFSSL_HAVE_SP_ECC
+    #define WOLFSSL_SP_MATH
+    #define SP_WORD_SIZE 32
+
+    //#define WOLFSSL_SP_NO_MALLOC
+    //#define WOLFSSL_SP_CACHE_RESISTANT
+
+    /* single precision Cortex-M only */
+    #if WOLF_CONF_MATH == 4
+        #define WOLFSSL_SP_ASM /* required if using the ASM versions */
+        #define WOLFSSL_SP_ARM_CORTEX_M_ASM
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+/* Required for TLS */
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_ENCRYPT_THEN_MAC
+#define HAVE_EXTENDED_MASTER
+
+#if defined(WOLF_CONF_TLS13) && WOLF_CONF_TLS13 == 1
+    #define WOLFSSL_TLS13
+    #define HAVE_HKDF
+#endif
+#if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
+    #define WOLFSSL_DTLS
+#endif
+#if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
+    #define NO_PSK
+#endif
+#if defined(WOLF_CONF_PWDBASED) && WOLF_CONF_PWDBASED == 0
+    #define NO_PWDBASED
+#endif
+#if defined(WOLF_CONF_KEEP_PEER_CERT) && WOLF_CONF_KEEP_PEER_CERT == 1
+    #define KEEP_PEER_CERT
+#endif
+#if defined(WOLF_CONF_BASE64_ENCODE) && WOLF_CONF_BASE64_ENCODE == 1
+    #define WOLFSSL_BASE64_ENCODE
+#endif
+#if defined(WOLF_CONF_OPENSSL_EXTRA) && WOLF_CONF_OPENSSL_EXTRA == 1
+    #define OPENSSL_EXTRA
+#endif
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* RSA */
+#undef NO_RSA
+#if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
+    #ifdef USE_FAST_MATH
+        /* Maximum math bits (Max RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+
+    /* Enables blinding mode, to prevent timing attacks */
+    #undef  WC_RSA_BLINDING
+    #define WC_RSA_BLINDING
+
+    /* RSA PSS Support (required for TLS v1.3) */
+    #ifdef WOLFSSL_TLS13
+        #define WC_RSA_PSS
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+/* ECC */
+#undef HAVE_ECC
+#if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #define ECC_USER_CURVES
+
+    //#define HAVE_ECC192
+    //#define HAVE_ECC224
+    #undef NO_ECC256
+    //#define HAVE_ECC384
+    //#define HAVE_ECC521
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #define ECC_TIMING_RESISTANT
+
+    /* Compressed ECC key support */
+    //#define HAVE_COMP_KEY
+
+    #ifdef USE_FAST_MATH
+        #ifdef NO_RSA
+            /* Custom fastmath size if not using RSA */
+            /* MAX = ROUND32(ECC BITS) * 2 */
+            #define FP_MAX_BITS     (256 * 2)
+        #else
+            #define ALT_ECC_SIZE
+        #endif
+
+        /* Enable TFM optimizations for ECC */
+        //#define TFM_ECC192
+        //#define TFM_ECC224
+        //#define TFM_ECC256
+        //#define TFM_ECC384
+        //#define TFM_ECC521
+    #endif
+#endif
+
+/* DH */
+#undef NO_DH
+#if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
+    #define HAVE_DH /* freeRTOS settings.h requires this */
+    #define HAVE_FFDHE_2048
+    #define HAVE_DH_DEFAULT_PARAMS
+#else
+    #define NO_DH
+#endif
+
+/* AES */
+#if defined(WOLF_CONF_AESGCM) && WOLF_CONF_AESGCM == 1
+    #define HAVE_AESGCM
+    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    /* GCM_TABLE is about 4K larger and 3x faster */
+    #define GCM_SMALL
+    #define HAVE_AES_DECRYPT
+#endif
+
+#if defined(WOLF_CONF_AESCBC) && WOLF_CONF_AESCBC == 1
+    #define HAVE_AES_CBC
+    #define HAVE_AES_DECRYPT
+#endif
+
+/* Other possible AES modes */    
+//#define WOLFSSL_AES_COUNTER
+//#define HAVE_AESCCM
+//#define WOLFSSL_AES_XTS
+//#define WOLFSSL_AES_DIRECT
+//#define HAVE_AES_ECB
+//#define HAVE_AES_KEYWRAP
+//#define AES_MAX_KEY_SIZE 256
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if defined(WOLF_CONF_CHAPOLY) && WOLF_CONF_CHAPOLY == 1
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if defined(WOLF_CONF_EDCURVE25519) && WOLF_CONF_EDCURVE25519 == 1
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #define CURVED25519_SMALL
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha1 */
+#undef NO_SHA
+#if defined(WOLF_CONF_SHA1) && WOLF_CONF_SHA1 == 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha2-256 */
+#undef NO_SHA256
+#if defined(WOLF_CONF_SHA2_256) && WOLF_CONF_SHA2_256 == 1
+    /* not unrolled - ~2k smaller and ~25% slower */
+    //#define USE_SLOW_SHA256
+
+    //#define WOLFSSL_SHAKE256
+
+    /* Sha2-224 */
+    #if defined(WOLF_CONF_SHA2_224) && WOLF_CONF_SHA2_224 == 1
+        #define WOLFSSL_SHA224
+    #endif
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha2-512 */
+#undef WOLFSSL_SHA512
+#if defined(WOLF_CONF_SHA2_512) && WOLF_CONF_SHA2_512 == 1
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA512
+
+    #define WOLFSSL_SHA512
+    #define HAVE_SHA512 /* freeRTOS settings.h requires this */
+#endif
+
+/* Sha2-384 */
+#undef WOLFSSL_SHA384
+#if defined(WOLF_CONF_SHA2_384) && WOLF_CONF_SHA2_384 == 1
+    #define WOLFSSL_SHA384
+#endif
+
+/* Sha3 */
+#undef WOLFSSL_SHA3
+#if defined(WOLF_CONF_SHA3) && WOLF_CONF_SHA3 == 1
+	#define WOLFSSL_SHA3
+#endif
+
+/* MD5 */
+#if defined(WOLF_CONF_MD5) && WOLF_CONF_MD5 == 1
+	/* enabled */
+#else
+    #define NO_MD5
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#define BENCH_EMBEDDED
+#define USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_DEBUG) && WOLF_CONF_DEBUG == 1
+    #define DEBUG_WOLFSSL
+
+    /* Use this to measure / print heap usage */
+    #if 0
+        #define USE_WOLFSSL_MEMORY
+        #define WOLFSSL_TRACK_MEMORY
+  		  #define WOLFSSL_DEBUG_MEMORY
+	  	  #define WOLFSSL_DEBUG_MEMORY_PRINT
+    #endif
+#else
+    //#define NO_WOLFSSL_MEMORY
+    //#define NO_ERROR_STRINGS
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Port */
+/* ------------------------------------------------------------------------- */
+
+/* Override Current Time */
+/* Allows custom "custom_time()" function to be used for benchmark */
+#define WOLFSSL_USER_CURRTIME
+
+
+/* ------------------------------------------------------------------------- */
+/* RNG */
+/* ------------------------------------------------------------------------- */
+#define NO_OLD_RNGNAME /* conflicts with STM RNG macro */
+#define HAVE_HASHDRBG
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#if defined(WOLF_CONF_TLS12) && WOLF_CONF_TLS12 == 0
+    #define WOLFSSL_NO_TLS12
+#endif
+#if defined(WOLF_CONF_WOLFCRYPT_ONLY) && WOLF_CONF_WOLFCRYPT_ONLY == 1
+    #define WOLFCRYPT_ONLY
+#endif
+//#define NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_CLIENT
+
+#if defined(WOLF_CONF_TEST) && WOLF_CONF_TEST == 0
+    #define NO_CRYPT_TEST
+    #define NO_CRYPT_BENCHMARK
+#endif
+
+#define NO_FILESYSTEM
+#define NO_WRITEV
+#define NO_MAIN_DRIVER
+#define NO_DEV_RANDOM
+#define NO_OLD_TLS
+#define WOLFSSL_NO_CLIENT_AUTH /* disable client auth for Ed25519/Ed448 */
+
+#define NO_DSA
+#define NO_RC4
+#define NO_HC128
+#define NO_RABBIT
+#define NO_MD4
+#define NO_DES3
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+//#define NO_INLINE
+
+/* Base16 / Base64 encoding */
+//#define NO_CODING
+
+/* bypass certificate date checking, due to lack of properly configured RTC source */
+#ifndef HAL_RTC_MODULE_ENABLED
+    #define NO_ASN_TIME
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* ${inclusion_protection}_H */
+
+/**
+  * @}
+  */
+
+/*****END OF FILE****/

IDE/STM32Cube/include.am

@@ -5,6 +5,7 @@
 EXTRA_DIST+= IDE/STM32Cube/README.md
 EXTRA_DIST+= IDE/STM32Cube/main.c
 EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.c
-EXTRA_DIST+= IDE/STM32Cube/wolfSSL.wolfSSL_conf.h
+EXTRA_DIST+= IDE/STM32Cube/wolfSSL_conf.h
 EXTRA_DIST+= IDE/STM32Cube/wolfssl_example.h
 EXTRA_DIST+= IDE/STM32Cube/STM32_Benchmarks.md
+EXTRA_DIST+= IDE/STM32Cube/default_conf.ftl

IDE/STM32Cube/main.c

@@ -25,6 +25,7 @@
 
 /* Includes ------------------------------------------------------------------*/
 #include "wolfssl_example.h"
+#include "wolfssl/wolfcrypt/settings.h"
 
 /* Private variables ---------------------------------------------------------*/
 CRYP_HandleTypeDef hcryp;
@@ -66,7 +67,7 @@ int __io_putchar(int ch)
 int fputc(int ch, FILE *f)
 #endif
 {
-    HAL_UART_Transmit(&huart4, (uint8_t *)&ch, 1, 0xFFFF);
+    HAL_UART_Transmit(&HAL_CONSOLE_UART, (uint8_t *)&ch, 1, 0xFFFF);
 
     return ch;
 }

IDE/STM32Cube/wolfSSL_conf.h

@@ -1,4 +1,4 @@
-/* wolfSSL.wolfSSL_conf.h
+/* wolfSSL_conf.h (example of generated wolfSSL.I-CUBE-wolfSSL_conf.h)
  *
  * Copyright (C) 2006-2020 wolfSSL Inc.
  *
@@ -19,99 +19,102 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-/* STM32 Cube Configuration File 
+/* STM32 Cube Sample Configuration File 
+ * Generated automatically using `default_conf.ftl` template
+ *
  * Included automatically when USE_HAL_DRIVER is defined 
  * (and not WOLFSSL_USER_SETTINGS or HAVE_CONF_H).
  */
 
-#ifndef __WOLFSSL_WOLFSSL_CONF_H__
-#define __WOLFSSL_WOLFSSL_CONF_H__
+#ifndef __WOLFSSL_I_CUBE_WOLFSSL_CONF_H__
+#define __WOLFSSL_I_CUBE_WOLFSSL_CONF_H__
 
-#ifdef __cplusplus
-extern "C" {
-#endif
+/**
+	MiddleWare name : wolfSSL.I-CUBE-wolfSSL.4.6.0
+	MiddleWare fileName : ./wolfSSL.I-CUBE-wolfSSL_conf.h
+	MiddleWare version :
+*/
 
-/*---------- Debug Support -----------*/
-#define WOLF_CONF_DEBUG      0 
- 
-/*---------- wolfCrypt Only -----------*/
-#define WOLF_CONF_WOLFCRYPT_ONLY      0 
- 
-/*---------- TLS v1.3 -----------*/
-#define WOLF_CONF_TLS13      1 
- 
-/*---------- TLS v1.2 -----------*/
-#define WOLF_CONF_TLS12      1 
- 
-/*---------- DTLS Support -----------*/
-#define WOLF_CONF_DTLS      0 
- 
-/*---------- Math Configuration -----------*/
-#define WOLF_CONF_MATH      4 
- 
-/*---------- RTOS -----------*/
-#define WOLF_CONF_RTOS      2 
- 
-/*---------- RSA Support -----------*/
-#define WOLF_CONF_RSA      1 
- 
-/*---------- ECC Support -----------*/
-#define WOLF_CONF_ECC      1 
- 
-/*---------- DH (Diffie–Hellman) Support -----------*/
-#define WOLF_CONF_DH      1 
- 
-/*---------- AES GCM Support -----------*/
-#define WOLF_CONF_AESGCM      1 
- 
-/*---------- AES CBC Support -----------*/
-#define WOLF_CONF_AESCBC      0 
- 
-/*---------- ChaCha20 / Poly1305 Support -----------*/
-#define WOLF_CONF_CHAPOLY      1 
- 
-/*---------- Ed25519 / Curve25519 Support -----------*/
-#define WOLF_CONF_EDCURVE25519      0 
- 
-/*---------- MD5 Support -----------*/
-#define WOLF_CONF_MD5      0 
- 
-/*---------- SHA1 Support -----------*/
-#define WOLF_CONF_SHA1      0 
- 
-/*---------- SHA2-224 Support -----------*/
-#define WOLF_CONF_SHA2_224      0 
- 
-/*---------- SHA2-256 Support -----------*/
-#define WOLF_CONF_SHA2_256      1 
- 
-/*---------- SHA2-384 Support -----------*/
-#define WOLF_CONF_SHA2_384      0 
- 
-/*---------- SHA2-512 Support -----------*/
-#define WOLF_CONF_SHA2_512      0 
- 
-/*---------- SHA3 Support -----------*/
-#define WOLF_CONF_SHA3      0 
- 
-/*---------- Pre-Shared-Key Support -----------*/
-#define WOLF_CONF_PSK      0 
- 
-/*---------- Pwd Based Key Derivation Support -----------*/
-#define WOLF_CONF_PWDBASED      0 
- 
-/*---------- Keep Peer Cert Support -----------*/
-#define WOLF_CONF_KEEP_PEER_CERT      0 
- 
-/*---------- Base64 Encode Support -----------*/
-#define WOLF_CONF_BASE64_ENCODE      0 
- 
-/*---------- OpenSSL Extra Support -----------*/
-#define WOLF_CONF_OPENSSL_EXTRA      0 
- 
-/*---------- wolfCrypt test/benchmark -----------*/
-#define WOLF_CONF_TEST      1 
- 
+/*---------- WOLF_CONF_DEBUG -----------*/
+#define WOLF_CONF_DEBUG      0
+
+/*---------- WOLF_CONF_WOLFCRYPT_ONLY -----------*/
+#define WOLF_CONF_WOLFCRYPT_ONLY      0
+
+/*---------- WOLF_CONF_TLS13 -----------*/
+#define WOLF_CONF_TLS13      1
+
+/*---------- WOLF_CONF_TLS12 -----------*/
+#define WOLF_CONF_TLS12      1
+
+/*---------- WOLF_CONF_DTLS -----------*/
+#define WOLF_CONF_DTLS      0
+
+/*---------- WOLF_CONF_MATH -----------*/
+#define WOLF_CONF_MATH      4
+
+/*---------- WOLF_CONF_RTOS -----------*/
+#define WOLF_CONF_RTOS      2
+
+/*---------- WOLF_CONF_RSA -----------*/
+#define WOLF_CONF_RSA      1
+
+/*---------- WOLF_CONF_ECC -----------*/
+#define WOLF_CONF_ECC      1
+
+/*---------- WOLF_CONF_DH -----------*/
+#define WOLF_CONF_DH      1
+
+/*---------- WOLF_CONF_AESGCM -----------*/
+#define WOLF_CONF_AESGCM      1
+
+/*---------- WOLF_CONF_AESCBC -----------*/
+#define WOLF_CONF_AESCBC      0
+
+/*---------- WOLF_CONF_CHAPOLY -----------*/
+#define WOLF_CONF_CHAPOLY      1
+
+/*---------- WOLF_CONF_EDCURVE25519 -----------*/
+#define WOLF_CONF_EDCURVE25519      0
+
+/*---------- WOLF_CONF_MD5 -----------*/
+#define WOLF_CONF_MD5      0
+
+/*---------- WOLF_CONF_SHA1 -----------*/
+#define WOLF_CONF_SHA1      0
+
+/*---------- WOLF_CONF_SHA2_224 -----------*/
+#define WOLF_CONF_SHA2_224      0
+
+/*---------- WOLF_CONF_SHA2_256 -----------*/
+#define WOLF_CONF_SHA2_256      1
+
+/*---------- WOLF_CONF_SHA2_384 -----------*/
+#define WOLF_CONF_SHA2_384      0
+
+/*---------- WOLF_CONF_SHA2_512 -----------*/
+#define WOLF_CONF_SHA2_512      0
+
+/*---------- WOLF_CONF_SHA3 -----------*/
+#define WOLF_CONF_SHA3      0
+
+/*---------- WOLF_CONF_PSK -----------*/
+#define WOLF_CONF_PSK      0
+
+/*---------- WOLF_CONF_PWDBASED -----------*/
+#define WOLF_CONF_PWDBASED      0
+
+/*---------- WOLF_CONF_KEEP_PEER_CERT -----------*/
+#define WOLF_CONF_KEEP_PEER_CERT      0
+
+/*---------- WOLF_CONF_BASE64_ENCODE -----------*/
+#define WOLF_CONF_BASE64_ENCODE      0
+
+/*---------- WOLF_CONF_OPENSSL_EXTRA -----------*/
+#define WOLF_CONF_OPENSSL_EXTRA      0
+
+/*---------- WOLF_CONF_TEST -----------*/
+#define WOLF_CONF_TEST      1
 
 /* ------------------------------------------------------------------------- */
 /* Hardware platform */
@@ -169,10 +172,31 @@ extern "C" {
     #define WOLFSSL_STM32F1
     #define HAL_CONSOLE_UART huart4
     #define NO_STM32_RNG
+#elif defined(STM32F401xE)
+    #define WOLFSSL_STM32F4
+    #define HAL_CONSOLE_UART huart2
+    #define NO_STM32_RNG
+    #define WOLFSSL_GENSEED_FORTEST
 #else
-	#warning Please define a hardware platform!
-    #define WOLFSSL_STM32F4 /* default */
+    #warning Please define a hardware platform!
+    /* This means there is not a pre-defined platform for your board/CPU */
+    /* You need to define a CPU type, HW crypto and debug UART */
+    /* CPU Type: WOLFSSL_STM32F1, WOLFSSL_STM32F2, WOLFSSL_STM32F4,
+        WOLFSSL_STM32F7, WOLFSSL_STM32H7, WOLFSSL_STM32L4 and WOLFSSL_STM32L5 */
+    #define WOLFSSL_STM32F4
+
+    /* Debug UART used for printf */
+    /* The UART interface number varies for each board/CPU */
+    /* Typically this is the UART attached to the ST-Link USB CDC UART port */
     #define HAL_CONSOLE_UART huart4
+
+    /* Hardware Crypto - uncomment as available on hardware */
+    //#define WOLFSSL_STM32_PKA
+    //#define NO_STM32_RNG
+    //#undef  NO_STM32_HASH
+    //#undef  NO_STM32_CRYPTO
+    //#define WOLFSSL_GENSEED_FORTEST
+    //#define STM32_HAL_V2
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -250,7 +274,7 @@ extern "C" {
 #if defined(WOLF_CONF_PWDBASED) && WOLF_CONF_PWDBASED == 0
     #define NO_PWDBASED
 #endif
-#if defined(WOLF_CONF_KEEPPEERCERT) && WOLF_CONF_KEEPPEERCERT == 1
+#if defined(WOLF_CONF_KEEP_PEER_CERT) && WOLF_CONF_KEEP_PEER_CERT == 1
     #define KEEP_PEER_CERT
 #endif
 #if defined(WOLF_CONF_BASE64_ENCODE) && WOLF_CONF_BASE64_ENCODE == 1
@@ -373,7 +397,7 @@ extern "C" {
     #define HAVE_AES_DECRYPT
 #endif
 
-/* Other possible AES modes */    
+/* Other possible AES modes */
 //#define WOLFSSL_AES_COUNTER
 //#define HAVE_AESCCM
 //#define WOLFSSL_AES_XTS
@@ -551,4 +575,4 @@ extern "C" {
 }
 #endif
 
-#endif /*__WOLFSSL_WOLFSSL_CONF_H__ */
+#endif /* __WOLFSSL_I_CUBE_WOLFSSL_CONF_H__ */

IDE/STM32Cube/wolfssl_example.c

@@ -64,7 +64,7 @@
 	#undef  MEM_BUFFER_SZ
 	#define MEM_BUFFER_SZ 2048
 #endif
-#define SHOW_VERBOSE         0 /* Default output is tab delimited format */
+#define SHOW_VERBOSE         0 /* 0=tab del (minimal), 1=info, 2=debug, 3=debug w/wolf logs */
 #ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE
 #define WOLFSSL_CIPHER_LIST_MAX_SIZE 2048
 #endif
@@ -77,7 +77,7 @@
     #define BENCH_USE_NONBLOCK
 #endif
 #ifndef RECV_WAIT_TIMEOUT
-    #define RECV_WAIT_TIMEOUT 4000
+    #define RECV_WAIT_TIMEOUT 10000
 #endif
 
 /*****************************************************************************
@@ -510,6 +510,8 @@ static int ServerMemSend(info_t* info, char* buf, int sz)
         sz = MEM_BUFFER_SZ - info->to_client.write_idx;
 #endif
 
+    if (info->showVerbose >= 2)
+        printf("Server Send: %d\n", sz);
     XMEMCPY(&info->to_client.buf[info->to_client.write_idx], buf, sz);
     info->to_client.write_idx += sz;
     info->to_client.write_bytes += sz;
@@ -543,11 +545,13 @@ static int ServerMemRecv(info_t* info, char* buf, int sz)
         osSemaphoreRelease(info->server.mutex);
 #ifdef CMSIS_OS2_H_
         if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) {
+        	printf("Server Recv: Timeout!\n");
         	return WOLFSSL_CBIO_ERR_TIMEOUT;
         }
         osSemaphoreAcquire(info->server.mutex, osWaitForever);
 #else
         if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) {
+        	printf("Server Recv: Timeout!\n");
             return WOLFSSL_CBIO_ERR_TIMEOUT;
         }
         osSemaphoreWait(info->server.mutex, osWaitForever);
@@ -567,9 +571,12 @@ static int ServerMemRecv(info_t* info, char* buf, int sz)
         info->to_server.read_bytes = info->to_server.read_idx = 0;
         info->to_server.write_bytes = info->to_server.write_idx = 0;
     }
+    if (info->showVerbose >= 2)
+        printf("Server Recv: %d\n", sz);
 
     osSemaphoreRelease(info->server.mutex);
 
+
 #ifdef BENCH_USE_NONBLOCK
     if (sz == 0)
         return WOLFSSL_CBIO_ERR_WANT_READ;
@@ -599,6 +606,8 @@ static int ClientMemSend(info_t* info, char* buf, int sz)
         sz = MEM_BUFFER_SZ - info->to_server.write_idx;
 #endif
 
+    if (info->showVerbose >= 2)
+        printf("Client Send: %d\n", sz);
     XMEMCPY(&info->to_server.buf[info->to_server.write_idx], buf, sz);
     info->to_server.write_idx += sz;
     info->to_server.write_bytes += sz;
@@ -632,11 +641,13 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
         osSemaphoreRelease(info->client.mutex);
 #ifdef CMSIS_OS2_H_
         if (osThreadFlagsWait(1, osFlagsWaitAny, RECV_WAIT_TIMEOUT) == osFlagsErrorTimeout) {
+        	printf("Client Recv: Timeout!\n");
         	return WOLFSSL_CBIO_ERR_TIMEOUT;
         }
         osSemaphoreAcquire(info->client.mutex, osWaitForever);
 #else
         if (osSignalWait(1, RECV_WAIT_TIMEOUT) == osEventTimeout) {
+        	printf("Client Recv: Timeout!\n");
         	return WOLFSSL_CBIO_ERR_TIMEOUT;
         }
         osSemaphoreWait(info->client.mutex, osWaitForever);
@@ -656,6 +667,8 @@ static int ClientMemRecv(info_t* info, char* buf, int sz)
         info->to_client.read_bytes = info->to_client.read_idx = 0;
         info->to_client.write_bytes = info->to_client.write_idx = 0;
     }
+    if (info->showVerbose >= 2)
+        printf("Client Recv: %d\n", sz);
 
     osSemaphoreRelease(info->client.mutex);
 
@@ -1277,7 +1290,7 @@ int bench_tls(void* args)
     int argShowPeerInfo = BENCH_SHOW_PEER_INFO;
 
 #ifdef DEBUG_WOLFSSL
-    if (argShowVerbose) {
+    if (argShowVerbose >= 3) {
         wolfSSL_Debugging_ON();
     }
     else {

IDE/VisualDSP/include.am

@@ -0,0 +1,6 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/VisualDSP/user_settings.h
+EXTRA_DIST+= IDE/VisualDSP/wolf_tasks.c

IDE/VisualDSP/user_settings.h

@@ -0,0 +1,752 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Custom wolfSSL user settings for FIPS VALIDATION START */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "fusioncfg.h"
+
+/* Previously was included in ssl.c but for the sake of portability and existing
+ * projects, moved to IDE specific user_settings.h (stdarg.h include)
+ */
+#include <stdarg.h>
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+
+#undef  WOLFSSL_SMALL_STACK
+//#define WOLFSSL_SMALL_STACK
+
+#undef  WOLFSSL_USER_IO
+// #define WOLFSSL_USER_IO
+
+#define HAVE_PKCS8
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#undef  SIZEOF_LONG_LONG
+#define SIZEOF_LONG_LONG 8
+
+#undef USE_FAST_MATH
+#if 1
+    #define USE_FAST_MATH
+
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    /* Optimizations */
+    //#define TFM_ARM
+#endif
+
+/* Wolf Single Precision Math */
+#undef WOLFSSL_SP
+#if 0
+    #define WOLFSSL_SP
+    //#define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_DH
+    #define WOLFSSL_HAVE_SP_ECC
+    #define WOLFSSL_SP_CACHE_RESISTANT
+    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
+
+    /* 64 or 32 bit version */
+    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
+    //#define WOLFSSL_SP_ARM32_ASM
+    //#define WOLFSSL_SP_ARM64_ASM
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* FIPS - Requires eval or license from wolfSSL */
+/* ------------------------------------------------------------------------- */
+#undef  HAVE_FIPS
+#if 1
+    #define HAVE_FIPS
+
+    #undef  HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION 2
+
+    #ifdef SINGLE_THREADED
+        #undef  NO_THREAD_LS
+        #define NO_THREAD_LS
+    #endif
+
+    #define NO_ATTRIBUTE_CONSTRUCTOR /* Required on ADSP BLACKFIN where memory
+                                      * is zeroized after
+                                      * __attribute__((constructor)) and before
+                                      * main();
+                                      */
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* RSA */
+#undef NO_RSA
+#if 1
+    #ifdef USE_FAST_MATH
+        /* Maximum math bits (Max RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     8192
+    #endif
+
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+
+    /* Enables blinding mode, to prevent timing attacks */
+    #if 1
+        #undef  WC_RSA_BLINDING
+        #define WC_RSA_BLINDING
+    #else
+        #undef  WC_NO_HARDEN
+        #define WC_NO_HARDEN
+    #endif
+
+    /* RSA PSS Support */
+    #if 1
+        #define WC_RSA_PSS
+    #endif
+
+    #if 1
+        #define WC_RSA_NO_PADDING
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+/* ECC */
+#undef HAVE_ECC
+#if 1
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    //#define ECC_USER_CURVES
+
+    #ifdef ECC_USER_CURVES
+        /* Manual Curve Selection */
+        //#define HAVE_ECC192
+        //#define HAVE_ECC224
+        #undef NO_ECC256
+        //#define HAVE_ECC384
+        //#define HAVE_ECC521
+    #endif
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    /* Enable cofactor support */
+    #ifdef HAVE_FIPS
+        #undef  HAVE_ECC_CDH
+        #define HAVE_ECC_CDH
+
+        #define NO_STRICT_ECDSA_LEN
+    #endif
+
+    /* Validate import */
+    #ifdef HAVE_FIPS
+        #undef  WOLFSSL_VALIDATE_ECC_IMPORT
+        #define WOLFSSL_VALIDATE_ECC_IMPORT
+    #endif
+
+    /* Compressed Key Support */
+    #undef  HAVE_COMP_KEY
+    //#define HAVE_COMP_KEY
+
+    /* Use alternate ECC size for ECC math */
+    #ifdef USE_FAST_MATH
+        #ifdef NO_RSA
+            /* Custom fastmath size if not using RSA */
+            /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
+            #undef  FP_MAX_BITS
+            #define FP_MAX_BITS     (256 + 32)
+        #else
+            #undef  ALT_ECC_SIZE
+            #define ALT_ECC_SIZE
+        #endif
+
+        /* Speedups specific to curve */
+        #ifndef NO_ECC256
+            #undef  TFM_ECC256
+            #define TFM_ECC256
+        #endif
+    #endif
+#endif
+
+/* DH */
+#undef  NO_DH
+#if 1
+    /* Use table for DH instead of -lm (math) lib dependency */
+    #if 0
+        #define WOLFSSL_DH_CONST
+        #define HAVE_FFDHE_2048
+        #define HAVE_FFDHE_4096
+        #define HAVE_DH_DEFAULT_PARAMS
+        //#define HAVE_FFDHE_6144
+        //#define HAVE_FFDHE_8192
+    #endif
+
+    #ifdef HAVE_FIPS
+        #define WOLFSSL_VALIDATE_FFC_IMPORT
+        #define HAVE_FFDHE_Q
+    #endif
+#else
+    #define NO_DH
+#endif
+
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_CBC
+    #define HAVE_AES_CBC
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    #define GCM_SMALL
+
+    #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT
+
+    #undef  HAVE_AES_ECB
+    #define HAVE_AES_ECB
+
+    #undef  WOLFSSL_AES_COUNTER
+    #define WOLFSSL_AES_COUNTER
+
+    #undef  HAVE_AESCCM
+    #define HAVE_AESCCM
+#else
+    #define NO_AES
+#endif
+
+
+/* DES3 */
+#undef NO_DES3
+#if 1
+#else
+    #define NO_DES3
+#endif
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519 /* ED25519 Requires SHA512 */
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 1
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+    /* not unrolled - ~2k smaller and ~25% slower */
+    //#define USE_SLOW_SHA256
+
+    /* Sha224 */
+    #if 1
+        #define WOLFSSL_SHA224
+    #endif
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 1
+    #define WOLFSSL_SHA512
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 1
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA512
+#endif
+
+/* Sha3 */
+#undef WOLFSSL_SHA3
+#if 1
+    #define WOLFSSL_SHA3
+    #ifdef HAVE_FIPS
+        #define WOLFSSL_NO_SHAKE256
+    #endif
+#endif
+
+/* MD5 */
+#undef  NO_MD5
+#if 1
+
+#else
+    #define NO_MD5
+#endif
+
+/* HKDF */
+#undef HAVE_HKDF
+#if 1
+    #define HAVE_HKDF
+#endif
+
+/* CMAC */
+#undef WOLFSSL_CMAC
+#if 1
+    #define WOLFSSL_CMAC
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef  USE_CERT_BUFFERS_2048
+//#define USE_CERT_BUFFERS_2048
+
+//#undef  USE_CERT_BUFFERS_1024
+//#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+//#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 1 //for debug wolfssl_init.
+    #define DEBUG_WOLFSSL
+#else
+    #if 0
+        #define NO_ERROR_STRINGS
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Memory */
+/* ------------------------------------------------------------------------- */
+
+/* Override Memory API's */
+#if 1
+    #undef  XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+
+    #include <fclstdlib.h>
+
+    #define XMALLOC(n, h, t)     FCL_MALLOC(n)
+    #define XFREE(p, h, t)       FCL_FREE(p)
+    #define XREALLOC(p, n, h, t) FCL_REALLOC(p, n)
+
+    #define XATOI(s)     FCL_ATOI(s)
+#endif
+
+#if 0
+    /* Static memory requires fast math */
+    #define WOLFSSL_STATIC_MEMORY
+
+    /* Disable fallback malloc/free */
+    #define WOLFSSL_NO_MALLOC
+    #if 0
+        #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
+    #endif
+#endif
+
+/* Memory callbacks */
+#if 0
+    #undef  USE_WOLFSSL_MEMORY
+    #define USE_WOLFSSL_MEMORY
+
+    /* Use this to measure / print heap usage */
+    #if 0
+        #undef  WOLFSSL_TRACK_MEMORY
+        #define WOLFSSL_TRACK_MEMORY
+
+        #undef  WOLFSSL_DEBUG_MEMORY
+        #define WOLFSSL_DEBUG_MEMORY
+    #endif
+#else
+    #ifndef WOLFSSL_STATIC_MEMORY
+        #define NO_WOLFSSL_MEMORY
+        /* Otherwise we will use stdlib malloc, free and realloc */
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Port */
+/* ------------------------------------------------------------------------- */
+
+/* Override Current Time */
+/* Allows custom "custom_time()" function to be used for benchmark */
+//#define WOLFSSL_USER_CURRTIME
+//#define WOLFSSL_GMTIME
+//#define USER_TICKS
+//extern unsigned long my_time(unsigned long* timer);
+//#define XTIME my_time
+#if 1
+    #include "fcltime.h"
+    #define time_t fclTime_t
+    #define USER_TIME
+    time_t fclTime( time_t* tod );
+    #define XTIME fclTime
+    #define XCTIME fclCtime
+    #define HAVE_TIME_T_TYPE
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* RNG */
+/* ------------------------------------------------------------------------- */
+
+/* Seed Source */
+/* Size of returned HW RNG value */
+#if 0   
+    #define CUSTOM_RAND_TYPE      unsigned int
+    extern unsigned int my_rng_seed_gen(void);
+    #undef  CUSTOM_RAND_GENERATE
+    #define CUSTOM_RAND_GENERATE  my_rng_seed_gen
+#endif
+
+/* Choose RNG method */
+#if 1
+    /* Use built-in P-RNG (SHA256 based) with HW RNG */
+    /* P-RNG + HW RNG (P-RNG is ~8K) */
+    #undef  HAVE_HASHDRBG
+    #define HAVE_HASHDRBG
+#else
+    #undef  WC_NO_HASHDRBG
+    #define WC_NO_HASHDRBG
+    /* Bypass P-RNG and use only HW RNG */
+    extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
+    #undef  CUSTOM_RAND_GENERATE_BLOCK
+    #define CUSTOM_RAND_GENERATE_BLOCK  my_rng_gen_block
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Custom Standard Lib */
+/* ------------------------------------------------------------------------- */
+/* Allows override of all standard library functions */
+#undef STRING_USER
+#if 1
+    #define STRING_USER
+
+    #include <fclstring.h>
+
+    #undef  USE_WOLF_STRSEP
+    #define USE_WOLF_STRSEP
+    #define XSTRSEP(s1,d)     wc_strsep((s1),(d))
+
+    #undef  USE_WOLF_STRTOK
+    #define USE_WOLF_STRTOK
+    #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+
+    #define XSTRNSTR(s1,s2,n) FCL_STRSTR((s1),(s2))
+
+    #define XMEMCPY(d,s,l)    FCL_MEMCPY((d),(s),(l))
+    #define XMEMSET(b,c,l)    FCL_MEMSET((b),(c),(l))
+    #define XMEMCMP(s1,s2,n)  FCL_MEMCMP((s1),(s2),(n))
+    #define XMEMMOVE(d,s,l)   FCL_MEMMOVE((d),(s),(l))
+
+    #define XSTRLEN(s1)       FCL_STRLEN((s1))
+    #define XSTRNCPY(s1,s2,n) FCL_STRNCPY((s1),(s2),(n))
+    #define XSTRSTR(s1,s2)    FCL_STRSTR((s1),(s2))
+
+    #define XSTRNCMP(s1,s2,n)     FCL_STRNCMP((s1),(s2),(n))
+    #define XSTRNCAT(s1,s2,n)     FCL_STRNCAT((s1),(s2),(n))
+    #define XSTRNCASECMP(s1,s2,n) FCL_STRNCASECMP((s1),(s2),(n))
+
+    #define XSNPRINTF FCL_SNPRINTF
+#endif
+
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef WOLFSSL_TLS13
+#if 0
+    #define WOLFSSL_TLS13
+#endif
+
+#undef WOLFSSL_KEY_GEN
+#if 1
+    #define WOLFSSL_KEY_GEN
+#endif
+
+#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
+    #define WOLFSSL_OLD_PRIME_CHECK
+#endif
+
+#undef  KEEP_PEER_CERT
+//#define KEEP_PEER_CERT
+
+#undef  HAVE_COMP_KEY
+//#define HAVE_COMP_KEY
+
+#undef  HAVE_TLS_EXTENSIONS
+//#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+ //   #define NO_SESSION_CACHE
+#endif
+
+
+#undef WOLFSSL_ALLOW_SSLV3
+#define WOLFSSL_ALLOW_SSLV3
+
+#undef WOLFSSL_ALLOW_TLSV10
+#define WOLFSSL_ALLOW_TLSV10
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+#undef  WOLFCRYPT_ONLY
+//#define WOLFCRYPT_ONLY
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+//#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+//#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef  NO_DEV_RANDOM
+//#define NO_DEV_RANDOM
+
+#undef  NO_DSA
+//#define NO_DSA
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+//#define NO_OLD_TLS
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+//#define NO_PWDBASED
+
+#undef  NO_CODING
+//#define NO_CODING
+
+#undef  NO_ASN_TIME
+//#define NO_ASN_TIME
+
+#undef  NO_CERTS
+//#define NO_CERTS
+
+#undef  NO_SIG_WRAPPER
+//#define NO_SIG_WRAPPER
+
+#undef NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef BLACKFIN_BUILD
+#define BLACKFIN_BUILD
+
+#ifdef BLACKFIN_BUILD
+
+    #include <builtins.h>
+
+    #undef WOLFSSL_HAVE_MAX
+    #define WOLFSSL_HAVE_MAX
+
+    #undef WOLFSSL_HAVE_MIN
+    #define WOLFSSL_HAVE_MIN
+
+    #include <fss_telnet_shell.h>
+
+    #define XMALLOC_OVERRIDE /* Need to use FCL stdlib instead of stdlib.h */
+
+    extern void *          fclMalloc   (unsigned int size);
+    extern void            fclFree     (void * memoryPointer);
+    extern void *          fclRealloc  (void * memoryPointer, unsigned int size);
+    #define XMALLOC(a, b, c) fclMalloc(a)
+    #define XFREE(a, b, c) fclFree(a)
+    #define XREALLOC(a, b, c, d) fclRealloc(a, b)
+
+    /*************************************************************
+     * wolfSSL testing
+     */
+
+    typedef struct wolfArgs {
+        int argc;
+        char** argv;
+        int return_code;
+        struct fssShellInfo* info;  
+    } wolfArgs;
+
+    #define printf FCL_PRINTF
+
+    #define WOLFSSL_BASE16
+
+    extern int aes_test_for_fips_hash(void);
+    int wolfcrypt_test_taskEnter(void *args);
+    int wolfcrypt_harness_taskEnter(void *args);
+    int wolf_task_start(void* voidinfo, char* argline);
+    int wolf_task_results(void* voidinfo, char* argline);
+    void wolfFIPS_Module_start(void);
+
+    /* For op testing */
+   #define USE_CERT_BUFFERS_2048
+   #define USE_CERT_BUFFERS_256
+   //#define NO_FILESYSTEM
+
+   #define OPENSSL_EXTRA
+   #define OPENSSL_ALL
+   #define HAVE_EX_DATA
+   #define WOLFSSL_EVP_DECRYPT_LEGACY
+
+
+   /* TLS 1.3 support */
+   #define WOLFSSL_TLS13
+   #define HAVE_TLS_EXTENSIONS
+   #define HAVE_SUPPORTED_CURVES
+   #define HAVE_ECC
+   #define HAVE_HKDF
+   #define HAVE_FFDHE_4096
+   #define WC_RSA_PSS
+
+   /* for static ciphers */
+   #define WOLFSSL_STATIC_RSA
+   #define WOLFSSL_STATIC_PSK
+   #define WOLFSSL_STATIC_EPHEMERAL
+   #define WOLFSSL_SNIFFER
+
+   /* TEMPORARY */
+   #define USING_JTAG
+#endif /* BLACKFIN_BUILD */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
+

IDE/VisualDSP/wolf_tasks.c

@@ -0,0 +1,117 @@
+/* wolf-tasks.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/test/test.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/fips_test.h>
+#ifdef FUSION_RTOS
+#include <fcl_os.h>
+
+#define RESULT_BUF_SIZE  1024
+
+typedef struct {
+   int   isRunning;
+   u8    buf[RESULT_BUF_SIZE];
+   int   len;
+} wolf_result_t;
+
+static wolf_result_t _result = {0};
+
+static void myFipsCb(int ok, int err, const char* hash);
+
+static void myFipsCb(int ok, int err, const char* hash)
+{
+
+    FCL_PRINTF("in my Fips callback, ok = %d, err = %d\n", ok, err);
+    FCL_PRINTF("message = %s\n", wc_GetErrorString(err));
+    FCL_PRINTF("hash = %s\n", hash);
+
+    if (err == IN_CORE_FIPS_E) {
+        FCL_PRINTF("In core integrity hash check failure, copy above hash\n");
+        FCL_PRINTF("into verifyCore[] in fips_test.c and rebuild\n");
+    }
+}
+
+static fclThreadHandle _task = NULL;
+#define WOLF_TASK_STACK_SIZE (1024 * 100)
+fclThreadPriority WOLF_TASK_PRIORITY = (fclThreadPriority) (FCL_THREAD_PRIORITY_TIME_CRITICAL+1);
+
+int wolfcrypt_test_taskEnter(void *args)
+{
+    int ret;
+
+    wolfCrypt_SetCb_fips(myFipsCb);
+
+    ret = wolfcrypt_test(args);
+
+    printf("Result of test was %d\n", ret);
+
+    _result.isRunning = 0;
+    fosTaskDelete(_task);
+    return 0;
+}
+
+/* Was only needed for CAVP testing purposes, not required for release.
+int wolfcrypt_harness_taskEnter(void *args)
+{
+    wolfCrypt_SetCb_fips(myFipsCb);
+    wolfcrypt_harness(args);
+    _result.isRunning = 0;
+    fosTaskDelete(_task);
+    return 0;
+}
+*/
+
+int wolf_task_start(void* voidinfo, char* argline)
+{
+    char optionA[] = "wolfcrypt_test";
+    fssShellInfo *info = (fssShellInfo*)voidinfo;
+    struct wolfArgs args;
+
+    if (_result.isRunning) {
+        fssShellPuts(info, "previous task still running\r\n");
+        return 1;
+    }
+
+    _result.isRunning = 1;
+
+    if (FCL_STRNCMP(argline, optionA, FCL_STRLEN(optionA)) == 0) {
+         _task = fclThreadCreate(wolfcrypt_test_taskEnter,
+                                 &args,
+                                 WOLF_TASK_STACK_SIZE,
+                                 WOLF_TASK_PRIORITY);
+    } else if (FCL_STRNCMP(argline, optionB, FCL_STRLEN(optionB)) == 0) {
+        _task = fclThreadCreate(wolfcrypt_harness_taskEnter,
+                                &args,
+                                WOLF_TASK_STACK_SIZE,
+                                WOLF_TASK_PRIORITY);
+    } else {
+        printf("Invalid input: %s\n", argline);
+        printf("Please try with either wolfcrypt_test or wolfcrypt_harness\n");
+        return -1;
+    }
+
+    FCL_ASSERT(_task != FCL_THREAD_HANDLE_INVALID);
+
+    return 0;
+}
+#endif /* FUSION_RTOS */

IDE/WIN/README.txt

@@ -3,6 +3,8 @@
 First, if you did not get the FIPS files with your archive, you must contact
 wolfSSL to obtain them.
 
+The IDE/WIN/wolfssl-fips.sln solution is for the original FIPS #2425 certificate. 
+See IDE/WIN10/wolfssl-fips.sln for the FIPS v2 #3389 or later Visual Studio solution.
 
 # Building the wolfssl-fips project
 

IDE/WIN10/README.txt

@@ -3,6 +3,7 @@
 First, if you did not get the FIPS files with your archive, you must contact
 wolfSSL to obtain them.
 
+The IDE/WIN10/wolfssl-fips.sln solution is for the FIPS v2 #3389 certificate or later.
 
 # Building the wolfssl-fips project
 
@@ -47,6 +48,7 @@ check value when changing your application.
 The default build options should be the proper default set of options:
 
  * HAVE_FIPS
+ * HAVE_FIPS_VERSION=2 (or 3 with WOLFSSL_FIPS_READY)
  * HAVE_THREAD_LS
  * HAVE_AESGCM
  * HAVE_HASHDRBG
@@ -67,4 +69,4 @@ Additionally one may enable:
  * OPENSSL_EXTRA
  * WOLFSSL_KEY_GEN
 
-These settings are defined in IDE/WIN/user_settings.h.
+These settings are defined in IDE/WIN10/user_settings.h.

IDE/WIN10/user_settings.h

@@ -1,6 +1,14 @@
 #ifndef _WIN_USER_SETTINGS_H_
 #define _WIN_USER_SETTINGS_H_
 
+/* For FIPS Ready, uncomment the following: */
+/* #define WOLFSSL_FIPS_READY */
+#ifdef WOLFSSL_FIPS_READY
+    #undef HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION 3
+#endif
+
+
 /* Verify this is Windows */
 #ifndef _WIN32
 #error This user_settings.h header is only designed for Windows

IDE/XilinxSDK/README.md

@@ -1,6 +1,6 @@
 # Common Gotcha's
 
-- If compiling all code togther (ie no sperate wolfssl library) than the -fPIC compiler flag should be used. Without using -fPIC in this build setup there could be unexpected failures.
+- If compiling all code together (ie no separate wolfssl library) than the -fPIC compiler flag should be used. Without using -fPIC in this build setup there could be unexpected failures.
 - If building with ARMv8 crypto extensions then the compiler flags "-mstrict-align -mcpu=generic+crypto" must be used.
 - Check that enough stack and heap memory is set for the operations if a crash or stall happens.
 
@@ -20,14 +20,14 @@ To use this example project:
    - File->New->Platform Project
    - Setting "Project name" to standalone_bsp_0, then click "Next"
    - Select the "Create from hardware specification" radius and click "Next"
-   - "Browse..." to the desired XSA file for the hardare
+   - "Browse..." to the desired XSA file for the hardware
    - (optional) change Processor to R5 now
    - click "Finish"
 3. (optional) If building for TLS support than expand the standalone_bsp_0 project, double click on platform_spr, Expand the cpu (i.e psu_cortexa53_0), click on Board Support Package, select the "Modify BSP Settings..." box and click on lwip211. Note that the api_mode should be changed from RAW API to SOCKET API.
 4. Right click on the standalone_bsp_0 project and click on "Build Project"
 5. Import the wolfcrypt example project "File->Import->Eclipse workspace or zip file"
 6. Uncheck "Copy projects into workspace"
-7. Select the root directory of wolfssl/IDE/XilinxSDK/2019_2, and select wolfCrypt_example and wolfCrypt_example_system. Then click "Finish"
+7. Select the root directory of `wolfssl/IDE/XilinxSDK/2019_2`, and select `wolfCrypt_example` and `wolfCrypt_example_system`. Then click "Finish"
 
 
 # Steps For Creating Project From Scratch
@@ -37,7 +37,7 @@ To use this example project:
    - File->New->Platform Project
    - Setting "Project name" to standalone_bsp_0, then click "Next"
    - Select the "Create from hardware specification" radius and click "Next"
-   - "Browse..." to the desired XSA file for the hardare
+   - "Browse..." to the desired XSA file for the hardware
    - (optional) change Processor to R5 now
    - click "Finish"
 3. (optional) If building for TLS support than expand the standalone_bsp_0 project, double click on platform_spr, Expand the cpu (i.e psu_cortexa53_0), click on Board Support Package, select the "Modify BSP Settings..." box and click on lwip211. Note that the api_mode should be changed from RAW API to SOCKET API.
@@ -49,10 +49,10 @@ To use this example project:
 9. Expand the wolfCrypt_example project and right click on the folder "src".
 10. Select "Import Sources" and set the "From directory" to be the wolfssl root directory.
 11. Select the folders to import as ./src, ./IDE/XilinxSDK, ./wolfcrypt/benchmark, ./wolfcrypt/test, ./wolfcrypt/src
-12. (optional) Expand the Advanced tabe and select "Create links in workspace"
+12. (optional) Expand the Advanced table and select "Create links in workspace"
 13. Click on "Finish"
-14. Expand the wolfcrypt/src directory and exlude all .S files from the build
-15. Right click on the wolfCrypt_example project and got to Properties. Set the macro WOLFSSL_USER_SETTINGS in C/C++ Build->Settings->ARM v8 gcc compiler->Symbols
+14. Expand the wolfcrypt/src directory and exclude all .S files from the build
+15. Right click on the wolfCrypt_example project and got to Properties. Set the macro `WOLFSSL_USER_SETTINGS` in C/C++ Build->Settings->ARM v8 gcc compiler->Symbols
 16. Set the include path for finding user_settings.h by going to the Properties and setting it in C/C++ Build->Settings->ARM v8 gcc compiler->Directories. This is to the directory wolfssl/IDE/XilinxSDK
 17. Set the include path for finding wolfSSL headers. To the root directory wolfssl
 18. Add compiler flags "-fPIC -mstrict-align -mcpu=generic+crypto" to the project properties. C/C++ Build->Settings->ARM v8 gcc compiler->Miscellaneous

IDE/include.am

@@ -20,6 +20,8 @@ include IDE/CSBENCH/include.am
 include IDE/ECLIPSE/DEOS/include.am
 include IDE/ECLIPSE/MICRIUM/include.am
 include IDE/ECLIPSE/SIFIVE/include.am
+include IDE/MQX/include.am
+include IDE/ECLIPSE/RTTHREAD/include.am
 include IDE/mynewt/include.am
 include IDE/Renesas/e2studio/DK-S7G2/include.am
 include IDE/Renesas/cs+/Projects/include.am
@@ -33,6 +35,8 @@ include IDE/M68K/include.am
 include IDE/HEXAGON/include.am
 include IDE/RISCV/include.am
 include IDE/XilinxSDK/include.am
+include IDE/VisualDSP/include.am
 
 EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif IDE/zephyr
 EXTRA_DIST+= IDE/OPENSTM32/README.md
+EXTRA_DIST+= IDE/Espressif/ESP-IDF/setup_win.bat

INSTALL

@@ -17,44 +17,48 @@
     Use on the xcode project in IDE/iOS/wolfssl.xcodeproj
     There is a README in IDE/iOS with more information
 
-3. Building on Windows
+3. Building for Apple ARM64
+
+    When building for an Apple ARM64 platform, ensure the host CPU type is detected as "aarch64" during configure, if not, pass --host=aarch64-apple-darwin to configure.
+
+4. Building on Windows
 
     Use the 32bit Visual Studio Solution wolfssl.sln
     For a 64bit solution please use wolfssl64.sln
 
-4. Building with IAR
+5. Building with IAR
 
     Please see the README in IDE/IAR-EWARM for detailed instructions
 
-5. Building with Keil
+6. Building with Keil
 
     Please see the Keil Projects in IDE/MDK5-ARM/Projects
 
-6. Building with Microchip tools
+7. Building with Microchip tools
 
     Please see the README in mplabx
 
-7. Building with Freescale MQX
+8. Building with Freescale MQX
 
     Please see the README in mqx
 
-8. Building with Rowley CrossWorks for ARM
+9. Building with Rowley CrossWorks for ARM
 
     Use the CrossWorks project in IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
     There is a README.md in IDE/ROWLEY-CROSSWORKS-ARM with more information
 
-9. Building with Arduino
+10. Building with Arduino
 
     Use the script IDE/ARDUINO/wolfssl-arduino.sh to reformat the wolfSSL
     library for compatibility with the Arduino IDE. There is a README.md in
     IDE/ARDUINO for detailed instructions.
 
-10. Building for Android with Visual Studio 2017
+11. Building for Android with Visual Studio 2017
 
     Please see the README in IDE/VS-ARM.
     Use the Visual Studio solution IDE/VS-ARM/wolfssl.sln.
 
-11. Building for Yocto Project or OpenEmbedded
+12. Building for Yocto Project or OpenEmbedded
 
     Please see the README in the "meta-wolfssl" repository. This repository
     holds wolfSSL's Yocto and OpenEmbedded layer, which contains recipes
@@ -68,35 +72,67 @@
 
     https://github.com/openembedded/meta-openembedded
 
-12. Porting to a new platform
+13. Porting to a new platform
 
     Please see section 2.4 in the manual:
     http://www.wolfssl.com/yaSSL/Docs-cyassl-manual-2-building-cyassl.html
 
-13. Building with CMake
-    Note: Primary development uses automake (./configure). The support for CMake is minimal.
+14. Building with CMake
+    Note: Primary development uses automake (./configure). The support for CMake
+    is still under development.
 
-    Internally cmake is setup to do the following:
-    1. Uses the ./configure generated wolfssl/options.h as the build options by coping it to the build directory as user_settings.h.
-    2. Builds wolfSSL as library.
-    3. Builds the examples.
+    For configuring wolfssl using CMake, we recommend downloading the CMake
+    GUI (https://cmake.org/download/). This tool allows you to see all of
+    wolfssl's configuration variables, set them, and view their descriptions.
+    Looking at the GUI or CMakeCache.txt (generated after running cmake once) is
+    the best way to find out what configuration options are available and what
+    they do. You can also invoke CMake from the GUI, which is described in the
+    Windows instructions below. For Unix-based systems, we describe the command
+    line work flow. Regardless of your chosen workflow, cmake will generate
+    a header options.h in the wolfssl directory that contains the options used
+    to configure the build.
 
-    Build Steps:
-    $ mkdir build
-    $ cd build
-    $ cmake ..
-    $ cmake --build .
-    $ cmake --install .
+    Unix-based Platforms
+    ---
+    1) Navigate to the wolfssl root directory containing "CMakeLists.txt".
+    2) Create a directory called "build" and change into it. This is where
+       CMake will store build files.
+    3) Run `cmake ..` to generate the target build files (e.g. UNIX Makefiles).
+       To enable or disable features, set them using -D<option>=[yes/no]. For
+       example, to disable TLS 1.3 support, run cmake .. -DWOLFSSL_TLS13=no
+       (autoconf equivalent: ./configure --disable-tls13) To enable DSA, run
+       cmake .. -DWOLFSSL_DSA=yes (autoconf equivalent: ./configure
+       --enable-dsa). Again, you can find a list of these options and their
+       descriptions either using the CMake GUI or by looking at CMakeCache.txt.
+    5) The build directory should now contain the generated build files. Build
+       with `cmake --build .`. Under the hood, this runs the target build tool
+       (by default, make). You can also invoke the target build tool directly
+       (e.g. make).
 
-    To build library only and not build examples and test apps use:
-    $ cmake .. -DBUILD_TESTS=NO
+       To build with debugging use: `cmake .. -DCMAKE_BUILD_TYPE=Debug`.
 
-    To build with debugging use:
-    $ cmake .. -DCMAKE_BUILD_TYPE=Debug
+    Windows (Visual Studio)
+    ---
+    1) Go to this page, download the appropriate Windows installer, and install
+       to get the CMake GUI: https://cmake.org/download/ Native CMake support in
+       Visual Studio 16 2019 (and possibly older versions) has proven buggy. We
+       recommend using the CMake GUI in concert with Visual Studio, as described
+    in these steps.
+    2) Open CMake.
+    3) Where is the soure code: <root directory of wolfssl containing
+       CMakeLists.txt>
+    4) Where to build the binaries: <build directory, e.g. wolfssl/build>
+    5) Hit Configure. CMake runs the code in CMakeLists.txt and builds up an
+       internal representation of the project.
+    6) Hit Generate. CMake generates the build files. For Windows, this will
+       be Visual Studio project (.vcxproj) and solution (.sln) files.
+    7) Open Visual Studio and select "Open a project or solution".
+    8) Navigate to the build directory and select wolfssl.sln to load the
+       project.
 
-    Make sure and run the built examples and test from the wolfssl-root to properly find the ./certs directory.
-
-    CMake on Windows with Visual Studio
-    1. Open Command Prompt
-    2. Run the Visual Studio batch to setup command line variables: Example: C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat
-    3. Then use steps above
+    Windows (command line)
+    ---
+    1) Open Command Prompt
+    2) Run the Visual Studio batch to setup command line variables, e.g. C:\Program Files (x86)\Microsoft Visual   
+       Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat
+    3) Follow steps in "Unix-based Platforms" above.

Makefile.am

@@ -19,12 +19,17 @@ dist_doc_DATA=
 dist_noinst_SCRIPTS =
 noinst_SCRIPTS =
 check_SCRIPTS =
+noinst_DATA =
+SUBDIRS_OPT =
+DIST_SUBDIRS_OPT =
 
 #includes additional rules from aminclude.am
 @INC_AMINCLUDE@
 DISTCLEANFILES+= aminclude.am
 
-CLEANFILES+= cert.der \
+CLEANFILES+= ecc-key.der \
+             ecc-public-key.der \
+             cert.der \
              cert.pem \
              certecc.der \
              certecc.pem \
@@ -149,6 +154,7 @@ EXTRA_DIST+= LPCExpresso.project
 EXTRA_DIST+= resource.h wolfssl.rc
 EXTRA_DIST+= CMakeLists.txt
 
+include cmake/include.am
 include wrapper/include.am
 include cyassl/include.am
 include wolfssl/include.am
@@ -167,6 +173,7 @@ include testsuite/include.am
 include tests/include.am
 include sslSniffer/sslSnifferTest/include.am
 include rpm/include.am
+include linuxkm/include.am
 
 # Exclude references to non-DFSG sources from build files
 if !BUILD_DISTRO
@@ -189,6 +196,31 @@ include IDE/include.am
 endif
 include scripts/include.am
 
+if BUILD_LINUXKM
+    # rather than setting $SUBDIRS here directly, we set an auxiliary variable.
+    # autotools see the SUBDIRS assignment here even if BUILD_LINUXKM is false,
+    # at least for purposes of recursing for "make distdir", which we don't want to happen.
+    SUBDIRS_OPT += linuxkm
+    DIST_SUBDIRS_OPT += linuxkm
+
+    export KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS AM_CFLAGS CFLAGS AM_CCASFLAGS CCASFLAGS \
+        src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_ASM CFLAGS_FPU_DISABLE \
+        CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \
+        CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \
+        ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE \
+        ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE
+
+module:
+	+make -C linuxkm libwolfssl.ko
+
+clean_module:
+	+make -C linuxkm clean
+
+install_module modules_install:
+	+make -C linuxkm modules_install
+
+endif
+
 if USE_VALGRIND
 TESTS_ENVIRONMENT=./valgrind-error.sh
 endif
@@ -201,10 +233,14 @@ TESTS += $(check_SCRIPTS)
 
 test: check
 tests/unit.log: testsuite/testsuite.log
+scripts/unit.log: testsuite/testsuite.log
 
 DISTCLEANFILES+= cyassl-config
 DISTCLEANFILES+= wolfssl-config
 
+SUBDIRS=$(SUBDIRS_OPT)
+DIST_SUBDIRS=$(DIST_SUBDIRS_OPT)
+
 maintainer-clean-local:
 	-rm Makefile.in
 	-rm aclocal.m4

README

@@ -73,138 +73,56 @@ should be used for the enum name.
 *** end Notes ***
 
 
-# wolfSSL Release 4.5.0 (August 19, 2020)
+# wolfSSL Release 4.7.0 (February 16, 2021)
+Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
-If you have questions about this release, feel free to contact us on our
-info@ address.
+### New Feature Additions
+* Compatibility Layer expansion SSL_get_verify_mode, X509_VERIFY_PARAM API, X509_STORE_CTX API added
+* WOLFSSL_PSK_IDENTITY_ALERT macro added for enabling a subset of TLS alerts
+* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
+* Implement RFC 5705: Keying Material Exporters for TLS
+* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
 
-Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
+### Fixes
+* Fix to free mutex when cert manager is free’d
+* Compatibility layer EVP function to return the correct block size and type
+* DTLS secure renegotiation fixes including resetting timeout and retransmit on duplicate HelloRequest
+* Fix for edge case with shrink buffer and secure renegotiation
+* Compile fix for type used with curve448 and PPC64
+* Fixes for SP math all with PPC64 and other embedded compilers
+* SP math all fix when performing montgomery reduction on one word modulus
+* Fixes to SP math all to better support digit size of 8-bit
+* Fix for results of edge case with SP integer square operation
+* Stop non-ct mod inv from using register x29 with SP ARM64 build
+* Fix edge case when generating z value of ECC with SP code
+* Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
+* Fix for compiling builds with RSA verify and public only
+* Fix for PKCS11 not properly exporting the public key due to a missing key type field
+* Call certificate callback with certificate depth issues
+* Fix for out-of-bounds read in TLSX_CSR_Parse()
+* Fix incorrect AES-GCM tag generation in the EVP layer
+* Fix for out of bounds write with SP math all enabled and an edge case of calling sp_tohex on the result of sp_mont_norm
+* Fix for parameter check in sp_rand_prime to handle 0 length values
+* Fix for edge case of failing malloc resulting in an out of bounds write with SHA256/SHA512 when small stack is enabled
 
-## New Feature Additions
 
-* Added Xilinx Vitis 2019.2 example and README updates
-* TLS v1.3 is now enabled by default
-* Building FIPS 140-2 code and test on Solaris
-* Secure renegotiation with DTLS 1.2
-* Update RSA calls for hardware acceleration with Xilsecure
-* Additional OpenSSL compatibility layer functions added
-* Cypress PSoC6 wolfCrypt driver added
-* Added STM32CubeIDE support
-* Added certificate parsing and inspection to C# wrapper layer
-* TLS v1.3 sniffer support added
-* TSIP v1.09 for target board GR-ROSE support added
-* Added support for the "X72N Envision Kit" evaluation board
-* Support for ECC nonblocking using the configure options
-  "--enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS=-DWOLFSSL_PUBLIC_MP"
-* Added wc_curve25519_make_pub function to generate a public key given the
-  private one
+### Improvements/Optimizations
+* Added --enable-wolftpm option for easily building wolfSSL to be used with wolfTPM
+* DTLS macro WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT added for resending flight only after a timeout
+* Update linux kernel module to use kvmalloc and kvfree
+* Add user settings option to cmake build
+* Added support for AES GCM session ticket encryption
+* Thread protection for global RNG used by wolfSSL_RAND_bytes function calls
+* Sanity check on FIPs configure flag used against the version of FIPs bundle
+* --enable-aesgcm=table now is compatible with --enable-linuxkm
+* Increase output buffer size that wolfSSL_RAND_bytes can handle
+* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
 
-## Fixes
+### Vulnerabilities
+* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
+* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
+* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
 
-* PIC32MZ hardware cache and large hashes fix
-* AES-GCM use with EVP layer in compatibility layer code
-* Fix for RSA_LOW_MEM with ARM build of SP code
-* Sanity check on tag length with AES-CCM to conform with RFC 3610
-* Fixes for 32 and 64 bit software implementations of SP code when
-  WOLFSSL_SP_CACHE_RESISTANT is defined
-* GCC warning fixes for GCC 9 and later
-* Sanity check on HKDF expand length to conform with RFC 5869
-* Fixes for STM32 CubeMX HAL with AES-GCM
-* Fixed point cache look up table (LUT) implementation fixes
-* Fix for ARM 32bit SP code when calling div word
-* Fix for potential out of bounds read when parsing CRLs
-* Fix for potential out of bounds read with RSA unpadding
-* AES-CCM optimized counter fix
-* Updates to Xcode projects for new files and features
-* Fix for adding CRL’s to a WOLFSSL_X509_STORE structure
-* FIPSv2 build with opensslall build fixes
-* Fixes for CryptoCell use with ECC and signature wrappers
-* Fix for mod calculation with SP code dealing with 3072 bit keys
-* Fix for handling certificates with multiple OU’s in name
-* Fix for SP math implementation of sp_add_d and add a sanity check on
-  rshb range
-* Fix for sanity check on padding with DES3 conversion of PEM to DER
-* Sanity check for potential out of bounds read with fp_read_radix_16
-* Additional checking of ECC scalars.
-* Fixing the FIPS Ready build w.r.t. ecc.c.
-* When processing certificate names with OpenSSL compatibility layer
-  enabled, unknown name item types were getting handled as having NID 0,
-  and failing. Added a couple more items to what is handled correctly,
-  and ignoring anything that is an unknown type.
-
-## Improvements/Optimizations
-
-* TLS 1.3 certificate verify update to handle 8192 bit RSA keys
-* wpa_supplicant support with reduced code size option
-* TLS 1.3 alerts encrypted when possible
-* Many minor coverity fixes added
-* Error checking when parsing PKCS12 DER
-* IAR warning in test.c resolved
-* ATECC608A improvements for use with Harmony 3 and PIC32 MZ
-* Support for AES-GCM and wc_SignatureVerifyHash with static memory and no
-  malloc’s
-* Enable SNI by default with JNI/JSSE builds
-* NetBSD GCC compiler warnings resolved
-* Additional test cases and code coverage added including curve25519 and
-  curve448 tests
-* Option for user defined mutexes with WOLFSSL_USER_MUTEX
-* Sniffer API’s for loading buffer directly
-* Fixes and improvements from going through the DO-178 process were added
-* Doxygen updates and fixes for auto documentation generation
-* Changed the configure option for FIPS Ready builds to be
-  `--enable-fips=ready`.
-
-## This release of wolfSSL includes fixes for 6 security vulnerabilities.
-
-wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
-2 side channel attack mitigations, 1 fix for a potential private key leak
-in a specific use case, 1 fix for DTLS.
-
-* In earlier versions of wolfSSL there exists a potential man in the middle
-  attack on TLS 1.3 clients. Malicious attackers with a privileged network
-  position can impersonate TLS 1.3 servers and bypass authentication. Users
-  that have applications with client side code and have TLS 1.3 turned on,
-  should update to the latest version of wolfSSL. Users that do not have
-  TLS 1.3 turned on, or that are server side only, are NOT affected by this
-  report. Thanks to Gerald Doussot from NCC group for the report.
-* Denial of service attack on TLS 1.3 servers from repetitively sending
-  ChangeCipherSpecs messages. This denial of service results from the
-  relatively low effort of sending a ChangeCipherSpecs message versus the
-  effort of the server to process that message. Users with TLS 1.3 servers are
-  recommended to update to the most recent version of wolfSSL which limits the
-  number of TLS 1.3 ChangeCipherSpecs that can be received in order to avoid
-  this DoS attack. CVE-2020-12457 was reserved for the report. Thanks to
-  Lenny Wang of Tencent Security Xuanwu LAB.
-* Potential cache timing attacks on public key operations in builds that are
-  not using SP (single precision). Users that have a system where malicious
-  agents could execute code on the system, are not using the SP build with
-  wolfSSL, and are doing private key operations on the system (such as signing
-  with a private key) are recommended to regenerate private keys and update to
-  the most recent version of wolfSSL. CVE-2020-15309 is reserved for this
-  issue. Thanks to Ida Bruhns from Universität zu Lübeck for the report.
-* When using SGX with EC scalar multiplication the possibility of side-channel
-  attacks are present. To mitigate the risk of side channel attacks wolfSSL’s
-  single precision EC operations should be used instead. Release 4.5.0 turns
-  this on be default now with SGX builds and in previous versions of wolfSSL
-  this can be turned on by using the WOLFSSL_SP macros. Thank you to
-  Alejandro Cabrera Aldaya, Cesar Pereida García and Billy Bob Brumley from
-  the Network and Information Security Group (NISEC) at Tampere University for
-  the report.
-* Leak of private key in the case that PEM format private keys are bundled in
-  with PEM certificates into a single file. This is due to the
-  misclassification of certificate type versus private key type when parsing
-  through the PEM file. To be affected, wolfSSL would need to have been built
-  with OPENSSL_EXTRA (--enable-opensslextra). Some build variants such as
-  --enable-all and --enable-opensslall also turn on this code path, checking
-  wolfssl/options.h for OPENSSL_EXTRA will show if the macro was used with the
-  build. If having built with the opensslextra enable option and having placed
-  PEM certificates with PEM private keys in the same file when loading up the
-  certificate file, then we recommend updating wolfSSL for this use case and
-  also recommend regenerating any private keys in the file.
-* During the handshake, clear application_data messages in epoch 0 are
-  processed and returned to the application. Fixed by dropping received
-  application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
-  University and Robert Merget of Ruhr-University Bochum for the report.
 
 For additional vulnerability information visit the vulnerability page at
 https://www.wolfssl.com/docs/security-vulnerabilities/

README.md

@@ -1,210 +1,131 @@
-*** Description ***
+<a href="https://repology.org/project/wolfssl/versions">
+    <img src="https://repology.org/badge/vertical-allrepos/wolfssl.svg" alt="Packaging status" align="right">
+</a>
 
-The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS
-library written in ANSI C and targeted for embedded, RTOS, and
-resource-constrained environments - primarily because of its small size, speed,
-and feature set.  It is commonly used in standard operating environments as well
-because of its royalty-free pricing and excellent cross platform support.
-wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2
-levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers
-such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback
-reports dramatically better performance when using wolfSSL over OpenSSL.
+# wolfSSL Embedded SSL/TLS Library
 
-wolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt
-cryptography library have been FIPS 140-2 validated (Certificate #2425 and
-certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ
-(https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com
+The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) 
+(formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and
+targeted for embedded, RTOS, and resource-constrained environments - primarily
+because of its small size, speed, and feature set.  It is commonly used in
+standard operating environments as well because of its royalty-free pricing
+and excellent cross platform support. wolfSSL supports industry standards up
+to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.2, is up to
+20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20,
+Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports
+dramatically better performance when using wolfSSL over OpenSSL.
 
-*** Why choose wolfSSL? ***
+wolfSSL is powered by the wolfCrypt cryptography library. Two versions of
+wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and
+certificate #3389). FIPS 140-3 validation is in progress. For additional
+information, visit the [wolfCrypt FIPS FAQ](https://www.wolfssl.com/license/fips/)
+or contact fips@wolfssl.com.
 
-There are many reasons to choose wolfSSL as your embedded SSL solution. Some of
-the top reasons include size (typical footprint sizes range from 20-100 kB),
-support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3,
-DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including
-stream ciphers), multi-platform, royalty free, and an OpenSSL compatibility API
-to ease porting into existing applications which have previously used the
-OpenSSL package. For a complete feature list, see chapter 4 of the wolfSSL
-manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/)
+## Why Choose wolfSSL?
 
-*** Notes, Please read ***
+There are many reasons to choose wolfSSL as your embedded, desktop, mobile, or
+enterprise SSL/TLS solution. Some of the top reasons include size (typical
+footprint sizes range from 20-100 kB), support for the newest standards
+(SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, and DTLS 1.2), current
+and progressive cipher support (including stream ciphers), multi-platform,
+royalty free, and an OpenSSL compatibility API to ease porting into existing
+applications which have previously used the OpenSSL package. For a complete
+feature list, see [Chapter 4](https://www.wolfssl.com/docs/wolfssl-manual/ch4/)
+of the wolfSSL manual.
 
-Note 1)
+## Notes, Please Read
+
+**Note 1)**
 wolfSSL as of 3.6.6 no longer enables SSLv3 by default.  wolfSSL also no longer
 supports static key cipher suites with PSK, RSA, or ECDH. This means if you
 plan to use TLS cipher suites you must enable DH (DH is on by default), or
 enable ECC (ECC is on by default), or you must enable static key cipher suites
-with
+with one or more of the following defines:
 
     WOLFSSL_STATIC_DH
     WOLFSSL_STATIC_RSA
-      or
     WOLFSSL_STATIC_PSK
 
-though static key cipher suites are deprecated and will be removed from future
+Though static key cipher suites are deprecated and will be removed from future
 versions of TLS.  They also lower your security by removing PFS.  Since current
-NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
-used in order to build with NTRU suites.
+NTRU suites available do not use ephemeral keys, ```WOLFSSL_STATIC_RSA``` needs
+to be used in order to build with NTRU suites.
 
 When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher
 suites are available. You can remove this error by defining
-WOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not
-using TLS cipher suites.
+```WOLFSSL_ALLOW_NO_SUITES``` in the event that you desire that, i.e., you're
+not using TLS cipher suites.
 
-Note 2)
+**Note 2)**
 wolfSSL takes a different approach to certificate verification than OpenSSL
 does. The default policy for the client is to verify the server, this means
 that if you don't load CAs to verify the server you'll get a connect error,
 no signer error to confirm failure (-188).
 
-If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
+If you want to mimic OpenSSL behavior of having SSL\_connect succeed even if
 verifying the server fails and reducing security you can do this by calling:
 
     wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 
-before calling wolfSSL_new();. Though it's not recommended.
+before calling wolfSSL\_new();. Though it's not recommended.
 
-Note 3)
+**Note 3)**
 The enum values SHA, SHA256, SHA384, SHA512 are no longer available when
-wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro
-NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call
-hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512
-should be used for the enum name.
+wolfSSL is built with --enable-opensslextra (```OPENSSL_EXTRA```) or with the
+macro ```NO_OLD_SHA_NAMES```. These names get mapped to the OpenSSL API for a
+single call hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and
+WC_SHA512 should be used for the enum name.
 
-*** end Notes ***
+# wolfSSL Release 4.7.0 (February 16, 2021)
+Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### New Feature Additions
+* Compatibility Layer expansion SSL_get_verify_mode, X509_VERIFY_PARAM API, X509_STORE_CTX API added
+* WOLFSSL_PSK_IDENTITY_ALERT macro added for enabling a subset of TLS alerts
+* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
+* Implement RFC 5705: Keying Material Exporters for TLS
+* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
+
+### Fixes
+* Fix to free mutex when cert manager is free’d
+* Compatibility layer EVP function to return the correct block size and type
+* DTLS secure renegotiation fixes including resetting timeout and retransmit on duplicate HelloRequest
+* Fix for edge case with shrink buffer and secure renegotiation
+* Compile fix for type used with curve448 and PPC64
+* Fixes for SP math all with PPC64 and other embedded compilers
+* SP math all fix when performing montgomery reduction on one word modulus
+* Fixes to SP math all to better support digit size of 8-bit
+* Fix for results of edge case with SP integer square operation
+* Stop non-ct mod inv from using register x29 with SP ARM64 build
+* Fix edge case when generating z value of ECC with SP code
+* Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
+* Fix for compiling builds with RSA verify and public only
+* Fix for PKCS11 not properly exporting the public key due to a missing key type field
+* Call certificate callback with certificate depth issues
+* Fix for out-of-bounds read in TLSX_CSR_Parse()
+* Fix incorrect AES-GCM tag generation in the EVP layer
+* Fix for out of bounds write with SP math all enabled and an edge case of calling sp_tohex on the result of sp_mont_norm
+* Fix for parameter check in sp_rand_prime to handle 0 length values
+* Fix for edge case of failing malloc resulting in an out of bounds write with SHA256/SHA512 when small stack is enabled
 
 
-# wolfSSL Release 4.5.0 (August 19, 2020)
+### Improvements/Optimizations
+* Added --enable-wolftpm option for easily building wolfSSL to be used with wolfTPM
+* DTLS macro WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT added for resending flight only after a timeout
+* Update linux kernel module to use kvmalloc and kvfree
+* Add user settings option to cmake build
+* Added support for AES GCM session ticket encryption
+* Thread protection for global RNG used by wolfSSL_RAND_bytes function calls
+* Sanity check on FIPs configure flag used against the version of FIPs bundle
+* --enable-aesgcm=table now is compatible with --enable-linuxkm
+* Increase output buffer size that wolfSSL_RAND_bytes can handle
+* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
 
-If you have questions about this release, feel free to contact us on our
-info@ address.
+### Vulnerabilities
+* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
+* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
+* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
 
-Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
-
-## New Feature Additions
-
-* Added Xilinx Vitis 2019.2 example and README updates
-* TLS v1.3 is now enabled by default
-* Building FIPS 140-2 code and test on Solaris
-* Secure renegotiation with DTLS 1.2
-* Update RSA calls for hardware acceleration with Xilsecure
-* Additional OpenSSL compatibility layer functions added
-* Cypress PSoC6 wolfCrypt driver added
-* Added STM32CubeIDE support
-* Added certificate parsing and inspection to C# wrapper layer
-* TLS v1.3 sniffer support added
-* TSIP v1.09 for target board GR-ROSE support added
-* Added support for the "X72N Envision Kit" evaluation board
-* Support for ECC nonblocking using the configure options
-  "--enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS=-DWOLFSSL_PUBLIC_MP"
-* Added wc_curve25519_make_pub function to generate a public key given the
-  private one
-
-## Fixes
-
-* PIC32MZ hardware cache and large hashes fix
-* AES-GCM use with EVP layer in compatibility layer code
-* Fix for RSA_LOW_MEM with ARM build of SP code
-* Sanity check on tag length with AES-CCM to conform with RFC 3610
-* Fixes for 32 and 64 bit software implementations of SP code when
-  WOLFSSL_SP_CACHE_RESISTANT is defined
-* GCC warning fixes for GCC 9 and later
-* Sanity check on HKDF expand length to conform with RFC 5869
-* Fixes for STM32 CubeMX HAL with AES-GCM
-* Fixed point cache look up table (LUT) implementation fixes
-* Fix for ARM 32bit SP code when calling div word
-* Fix for potential out of bounds read when parsing CRLs
-* Fix for potential out of bounds read with RSA unpadding
-* AES-CCM optimized counter fix
-* Updates to Xcode projects for new files and features
-* Fix for adding CRL’s to a WOLFSSL_X509_STORE structure
-* FIPSv2 build with opensslall build fixes
-* Fixes for CryptoCell use with ECC and signature wrappers
-* Fix for mod calculation with SP code dealing with 3072 bit keys
-* Fix for handling certificates with multiple OU’s in name
-* Fix for SP math implementation of sp_add_d and add a sanity check on
-  rshb range
-* Fix for sanity check on padding with DES3 conversion of PEM to DER
-* Sanity check for potential out of bounds read with fp_read_radix_16
-* Additional checking of ECC scalars.
-* Fixing the FIPS Ready build w.r.t. ecc.c.
-* When processing certificate names with OpenSSL compatibility layer
-  enabled, unknown name item types were getting handled as having NID 0,
-  and failing. Added a couple more items to what is handled correctly,
-  and ignoring anything that is an unknown type.
-
-## Improvements/Optimizations
-
-* TLS 1.3 certificate verify update to handle 8192 bit RSA keys
-* wpa_supplicant support with reduced code size option
-* TLS 1.3 alerts encrypted when possible
-* Many minor coverity fixes added
-* Error checking when parsing PKCS12 DER
-* IAR warning in test.c resolved
-* ATECC608A improvements for use with Harmony 3 and PIC32 MZ
-* Support for AES-GCM and wc_SignatureVerifyHash with static memory and no
-  malloc’s
-* Enable SNI by default with JNI/JSSE builds
-* NetBSD GCC compiler warnings resolved
-* Additional test cases and code coverage added including curve25519 and
-  curve448 tests
-* Option for user defined mutexes with WOLFSSL_USER_MUTEX
-* Sniffer API’s for loading buffer directly
-* Fixes and improvements from going through the DO-178 process were added
-* Doxygen updates and fixes for auto documentation generation
-* Changed the configure option for FIPS Ready builds to be
-  `--enable-fips=ready`.
-
-## This release of wolfSSL includes fixes for 6 security vulnerabilities.
-
-wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
-2 side channel attack mitigations, 1 fix for a potential private key leak
-in a specific use case, 1 fix for DTLS.
-
-* In earlier versions of wolfSSL there exists a potential man in the middle
-  attack on TLS 1.3 clients. Malicious attackers with a privileged network
-  position can impersonate TLS 1.3 servers and bypass authentication. Users
-  that have applications with client side code and have TLS 1.3 turned on,
-  should update to the latest version of wolfSSL. Users that do not have
-  TLS 1.3 turned on, or that are server side only, are NOT affected by this
-  report. Thanks to Gerald Doussot from NCC group for the report.
-* Denial of service attack on TLS 1.3 servers from repetitively sending
-  ChangeCipherSpecs messages. This denial of service results from the
-  relatively low effort of sending a ChangeCipherSpecs message versus the
-  effort of the server to process that message. Users with TLS 1.3 servers are
-  recommended to update to the most recent version of wolfSSL which limits the
-  number of TLS 1.3 ChangeCipherSpecs that can be received in order to avoid
-  this DoS attack. CVE-2020-12457 was reserved for the report. Thanks to
-  Lenny Wang of Tencent Security Xuanwu LAB.
-* Potential cache timing attacks on public key operations in builds that are
-  not using SP (single precision). Users that have a system where malicious
-  agents could execute code on the system, are not using the SP build with
-  wolfSSL, and are doing private key operations on the system (such as signing
-  with a private key) are recommended to regenerate private keys and update to
-  the most recent version of wolfSSL. CVE-2020-15309 is reserved for this
-  issue. Thanks to Ida Bruhns from Universität zu Lübeck for the report.
-* When using SGX with EC scalar multiplication the possibility of side-channel
-  attacks are present. To mitigate the risk of side channel attacks wolfSSL’s
-  single precision EC operations should be used instead. Release 4.5.0 turns
-  this on be default now with SGX builds and in previous versions of wolfSSL
-  this can be turned on by using the WOLFSSL_SP macros. Thank you to
-  Alejandro Cabrera Aldaya, Cesar Pereida García and Billy Bob Brumley from
-  the Network and Information Security Group (NISEC) at Tampere University for
-  the report.
-* Leak of private key in the case that PEM format private keys are bundled in
-  with PEM certificates into a single file. This is due to the
-  misclassification of certificate type versus private key type when parsing
-  through the PEM file. To be affected, wolfSSL would need to have been built
-  with OPENSSL_EXTRA (--enable-opensslextra). Some build variants such as
-  --enable-all and --enable-opensslall also turn on this code path, checking
-  wolfssl/options.h for OPENSSL_EXTRA will show if the macro was used with the
-  build. If having built with the opensslextra enable option and having placed
-  PEM certificates with PEM private keys in the same file when loading up the
-  certificate file, then we recommend updating wolfSSL for this use case and
-  also recommend regenerating any private keys in the file.
-* During the handshake, clear application_data messages in epoch 0 are
-  processed and returned to the application. Fixed by dropping received
-  application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
-  University and Robert Merget of Ruhr-University Bochum for the report.
 
 For additional vulnerability information visit the vulnerability page at
 https://www.wolfssl.com/docs/security-vulnerabilities/
@@ -214,26 +135,22 @@ More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
 
 
 
-*** Resources ***
-
+# Resources
 
 [wolfSSL Website](https://www.wolfssl.com/)
 
 [wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
 
-[FIPS FAQ](https://wolfssl.com/license/fips)
+[FIPS 140-2/140-3 FAQ](https://wolfssl.com/license/fips)
 
-[wolfSSL Documents](https://wolfssl.com/wolfSSL/Docs.html)
+[wolfSSL Documentation](https://wolfssl.com/wolfSSL/Docs.html)
 
 [wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
 
-[wolfSSL API Reference]
-(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
+[wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
 
-[wolfCrypt API Reference]
-(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
+[wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
 
 [TLS 1.3](https://www.wolfssl.com/docs/tls13/)
 
-[wolfSSL Vulnerabilities]
-(https://www.wolfssl.com/docs/security-vulnerabilities/)
+[wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/)

certs/1024/ca-cert.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            31:42:b4:2b:87:ef:4b:66:93:af:44:de:45:80:d8:8e:7e:e3:b5:07
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 10888915626055724693 (0x971d3311e8406e95)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:53 2021 GMT
+            Not After : Nov  7 19:49:53 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:cd:ac:dd:47:ec:be:b7:24:c3:63:1b:54:98:79:
                     e1:c7:31:16:59:d6:9d:77:9d:8d:e2:8b:ed:04:17:
@@ -29,7 +28,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:31:42:B4:2B:87:EF:4B:66:93:AF:44:DE:45:80:D8:8E:7E:E3:B5:07
+                serial:97:1D:33:11:E8:40:6E:95
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -38,35 +37,35 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         32:ed:94:35:3d:4a:76:d7:6e:a9:75:e9:f5:7a:7f:64:31:50:
-         6a:28:d5:92:21:d5:88:d2:51:82:c5:bb:1a:f9:26:fa:d8:4b:
-         83:b6:09:d4:62:19:e0:55:84:97:55:ba:5d:21:48:27:10:f0:
-         f3:5c:33:b8:38:9b:fb:57:4c:d8:1c:5b:ab:d3:1c:21:ee:3e:
-         2e:b8:c6:3a:92:5c:38:3c:25:40:2f:05:c6:c9:85:ff:27:f3:
-         ee:fa:10:58:db:5c:a6:8e:e0:d9:70:93:cd:be:7e:68:33:08:
-         c2:28:d6:5c:b3:15:19:af:0c:f7:ba:f0:bc:a1:cf:30:4e:38:
-         e6:4d
+         4e:b1:39:6a:23:a3:65:17:14:b6:52:2e:86:46:d5:4f:7c:d5:
+         6c:bb:fa:66:b1:71:54:a1:ad:0e:a2:b7:ba:59:65:8b:d5:87:
+         5d:51:d0:65:de:74:04:80:7c:da:3a:52:57:7a:1d:5d:46:7a:
+         06:79:75:e5:31:dd:1d:f6:54:77:fc:40:13:a1:5b:fd:9e:7d:
+         1c:fd:04:4f:7c:ee:92:a2:80:55:3c:3f:2a:1c:bd:3a:37:12:
+         0e:fd:52:60:66:19:d5:4b:f6:35:50:a3:59:d3:7f:6d:95:d7:
+         56:10:c6:86:28:f4:6e:6d:da:4e:1c:b4:e9:0b:4c:ed:62:0f:
+         64:06
 -----BEGIN CERTIFICATE-----
-MIIECTCCA3KgAwIBAgIUMUK0K4fvS2aTr0TeRYDYjn7jtQcwDQYJKoZIhvcNAQEL
-BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
+MIID8zCCA1ygAwIBAgIJAJcdMxHoQG6VMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE
+AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTIxMDIxMDE5NDk1M1oXDTIzMTEwNzE5NDk1M1owgZkxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
+DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2s3Ufsvrckw2MbVJh54ccxFlnW
+nXedjeKL7QQXssbr5JuRvjFQYpdYtX8p3rNxJAu/lwl/Jtwt7KgusmQreis1GS2i
+gMuZ/ZRxGyONVNsuYo2BCC30JHInbPnJjttMdbqbAfg/GPTmf/tXlJLMiMS0AMKq
+1OWIGLMRL3PA1ikJAgMBAAGjggE/MIIBOzAdBgNVHQ4EFgQU0yKPKCzgBe7T7cNx
+PcmyNjodv6gwgc4GA1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+k
+gZwwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
 MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20wHhcNMjAwNjE5MTMyMzQxWhcNMjMwMzE2MTMyMzQxWjCB
-mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
-YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
-GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzazdR+y+tyTD
-YxtUmHnhxzEWWdadd52N4ovtBBeyxuvkm5G+MVBil1i1fynes3EkC7+XCX8m3C3s
-qC6yZCt6KzUZLaKAy5n9lHEbI41U2y5ijYEILfQkcids+cmO20x1upsB+D8Y9OZ/
-+1eUksyIxLQAwqrU5YgYsxEvc8DWKQkCAwEAAaOCAUowggFGMB0GA1UdDgQWBBTT
-Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
-ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
-EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
-b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUMUK0K4fvS2aTr0TeRYDYjn7jtQcw
-DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAMu2U
-NT1KdtduqXXp9Xp/ZDFQaijVkiHViNJRgsW7Gvkm+thLg7YJ1GIZ4FWEl1W6XSFI
-JxDw81wzuDib+1dM2Bxbq9McIe4+LrjGOpJcODwlQC8FxsmF/yfz7voQWNtcpo7g
-2XCTzb5+aDMIwijWXLMVGa8M97rwvKHPME445k0=
+Zm9Ad29sZnNzbC5jb22CCQCXHTMR6EBulTAMBgNVHRMEBTADAQH/MBwGA1UdEQQV
+MBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+BQcDAjANBgkqhkiG9w0BAQsFAAOBgQBOsTlqI6NlFxS2Ui6GRtVPfNVsu/pmsXFU
+oa0Oore6WWWL1YddUdBl3nQEgHzaOlJXeh1dRnoGeXXlMd0d9lR3/EAToVv9nn0c
+/QRPfO6SooBVPD8qHL06NxIO/VJgZhnVS/Y1UKNZ039tlddWEMaGKPRubdpOHLTp
+C0ztYg9kBg==
 -----END CERTIFICATE-----

certs/1024/client-cert.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            77:1a:0f:b4:d6:66:91:f9:eb:d6:69:e9:5e:55:74:f3:4b:d7:74:8a
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_1024, OU = Programming-1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 14202541924425994169 (0xc51990a1c9010fb9)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_1024, OU = Programming-1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:52 2021 GMT
+            Not After : Nov  7 19:49:52 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:
                     99:21:f9:c8:ec:b3:6d:48:e5:35:35:75:77:37:ec:
@@ -29,7 +28,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:77:1A:0F:B4:D6:66:91:F9:EB:D6:69:E9:5E:55:74:F3:4B:D7:74:8A
+                serial:C5:19:90:A1:C9:01:0F:B9
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -38,35 +37,35 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         a8:13:2c:fc:43:e9:db:59:c7:7e:32:8b:32:ba:a3:5c:2f:60:
-         ab:a1:ef:9a:64:36:4e:ce:05:6d:bc:63:b0:8f:91:f7:76:bb:
-         92:b4:b6:78:db:2e:7f:7f:9c:e7:58:4b:73:89:0f:d1:13:61:
-         a4:2a:2f:6e:c7:b1:19:bb:14:00:d7:0e:dd:7e:2f:66:e7:5f:
-         f9:0f:39:90:f6:6b:d3:84:1e:d0:09:23:22:27:f5:c9:96:ed:
-         45:d7:78:3c:eb:a7:d5:8a:f5:f4:dd:99:27:d2:4c:86:6e:63:
-         7d:a8:93:62:71:c1:cb:93:f4:81:3e:95:b3:a8:e5:a6:23:51:
-         4a:b5
+         30:ce:46:43:6d:70:e1:6d:bb:8f:4a:05:64:f7:2c:8d:0e:d6:
+         f9:1e:b6:2a:8e:ed:52:e1:7c:44:bf:59:54:da:2d:31:4d:e6:
+         79:d2:d0:d8:b4:cf:5b:16:0a:16:a1:be:62:9f:6c:24:46:7b:
+         b8:dd:b8:8d:7f:fe:f1:ac:62:94:e0:34:ce:4c:59:3a:c5:5a:
+         e6:40:d5:60:7e:20:5d:ed:43:92:d3:f3:ea:e0:d1:57:c8:ce:
+         41:79:db:81:41:c6:f0:0e:35:d4:6f:92:58:2d:d6:b2:ec:f1:
+         88:ff:6d:ca:63:d6:4a:8d:10:a6:23:06:77:9a:d5:ab:9d:64:
+         46:02
 -----BEGIN CERTIFICATE-----
-MIIEGDCCA4GgAwIBAgIUdxoPtNZmkfnr1mnpXlV080vXdIowDQYJKoZIhvcNAQEL
-BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzEwMjQxGTAXBgNVBAsMEFByb2dyYW1t
-aW5nLTEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMDA2MTkxMzIzNDFaFw0yMzAzMTYxMzIz
-NDFaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFt
-bWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALxzDqhJ83Siqe8YpdpVmSH5yOyzbUjlNTV1dzfs0WGQXz7Z5NXflMrBqdcZ2obJ
-6E3EYTaC/qutfnclu40RpbxiOqg4zDmiBGa09/fzqtpNAg67Xo1pSNx3ySgOIulr
-pCa6TOjB/UpvKx/viq72kGLlZB7rKzxnyNwnAPaRaGWpAgMBAAGjggFPMIIBSzAd
-BgNVHQ4EFgQUgWkP+N/dzzQp1Wd1cYXHdRBpWewwgd4GA1UdIwSB1jCB04AUgWkP
-+N/dzzQp1Wd1cYXHdRBpWeyhgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
-DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzEw
-MjQxGTAXBgNVBAsMEFByb2dyYW1taW5nLTEwMjQxGDAWBgNVBAMMD3d3dy53b2xm
-c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUdxoPtNZm
-kfnr1mnpXlV080vXdIowDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
-LmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI
-hvcNAQELBQADgYEAqBMs/EPp21nHfjKLMrqjXC9gq6HvmmQ2Ts4FbbxjsI+R93a7
-krS2eNsuf3+c51hLc4kP0RNhpCovbsexGbsUANcO3X4vZudf+Q85kPZr04Qe0Akj
-Iif1yZbtRdd4POun1Yr19N2ZJ9JMhm5jfaiTYnHBy5P0gT6Vs6jlpiNRSrU=
+MIIEAjCCA2ugAwIBAgIJAMUZkKHJAQ+5MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjEwMjEwMTk0OTUyWhcNMjMxMTA3MTk0OTUyWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8cw6oSfN0oqnv
+GKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV35TKwanXGdqGyehNxGE2gv6rrX53
+JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16NaUjcd8koDiLpa6Qmukzowf1Kbysf
+74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQABo4IBRDCCAUAwHQYDVR0OBBYEFIFp
+D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF
+x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
+MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL
+DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
+BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDFGZChyQEPuTAMBgNVHRME
+BTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOBgQAwzkZDbXDhbbuP
+SgVk9yyNDtb5HrYqju1S4XxEv1lU2i0xTeZ50tDYtM9bFgoWob5in2wkRnu43biN
+f/7xrGKU4DTOTFk6xVrmQNVgfiBd7UOS0/Pq4NFXyM5BeduBQcbwDjXUb5JYLday
+7PGI/23KY9ZKjRCmIwZ3mtWrnWRGAg==
 -----END CERTIFICATE-----

certs/1024/server-cert.pem

@@ -2,15 +2,15 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:53 2021 GMT
+            Not After : Nov  7 19:49:53 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:aa:3e:a5:9c:d3:17:49:65:43:de:d0:f3:4b:1c:
                     db:49:0c:fc:7a:65:05:6d:de:6a:c4:e4:73:2c:8a:
@@ -28,7 +28,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:31:42:B4:2B:87:EF:4B:66:93:AF:44:DE:45:80:D8:8E:7E:E3:B5:07
+                serial:97:1D:33:11:E8:40:6E:95
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -37,52 +37,50 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         56:14:19:1a:4f:09:91:cd:f5:a7:c5:69:e4:ea:1a:fd:56:c3:
-         55:fe:c8:cc:ed:56:a8:5f:86:fb:ab:9f:76:8a:db:b3:cc:68:
-         ce:99:fb:a4:5e:70:a8:3c:a8:b6:85:7c:cb:31:fe:4b:01:0c:
-         ac:f0:19:04:98:d0:e7:a5:a2:51:e2:52:a3:f7:42:d4:e2:2d:
-         f2:72:b5:e7:95:d0:b4:e3:d3:c1:34:a4:2f:7c:3c:ef:f0:45:
-         14:32:2f:c8:bf:9f:da:97:6a:da:cb:3f:ef:1f:ca:dc:7a:13:
-         1b:5a:45:41:f8:f0:34:49:9d:58:23:85:3d:99:ab:34:de:51:
-         32:76
+         27:0a:4e:08:8c:ba:73:d0:05:f2:ea:f9:51:8c:7e:29:14:23:
+         8e:9e:9a:fc:46:6f:10:68:59:d9:a0:ea:53:19:bd:28:89:e1:
+         97:1e:4c:b8:1e:be:0f:4d:9d:1d:76:57:17:31:95:c2:80:be:
+         04:d0:c2:e9:5c:e0:f4:81:3f:c4:b0:c5:86:ae:58:68:b9:ae:
+         0f:88:e8:63:6f:b9:08:f1:1b:56:90:fb:1f:2e:cc:e5:69:1f:
+         7c:02:4f:ed:b0:45:7c:2d:a8:59:11:a5:95:51:c7:50:d8:89:
+         c2:90:63:68:a8:41:6f:d0:37:26:6f:c8:0e:b5:a0:15:9d:a5:
+         e6:d2
 -----BEGIN CERTIFICATE-----
-MIID8jCCA1ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
+MIID5zCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53
 b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
-MDA2MTkxMzIzNDFaFw0yMzAzMTYxMzIzNDFaMIGVMQswCQYDVQQGEwJVUzEQMA4G
+MTAyMTAxOTQ5NTNaFw0yMzExMDcxOTQ5NTNaMIGVMQswCQYDVQQGEwJVUzEQMA4G
 A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT
 TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
 b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN
 AQEBBQADgY0AMIGJAoGBAKo+pZzTF0llQ97Q80sc20kM/HplBW3easTkcyyKloKP
 I6UGcRwGPi+SjQspNEVZ6am8YdckN121xDeNumey7wMn+sG0zWsAZrTWc3AfCDrM
 d63p+TTU86AtqedYqcBhhLbsPQqt/VyGc6prR9iLLlhLaRKCJlXmFL9VcIj++XXh
-AgMBAAGjggFKMIIBRjAdBgNVHQ4EFgQU2Tw16nQOI76c/PopkAnB54QWn3wwgdkG
-A1UdIwSB0TCBzoAU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+kgZwwgZkxCzAJBgNV
+AgMBAAGjggE/MIIBOzAdBgNVHQ4EFgQU2Tw16nQOI76c/PopkAnB54QWn3wwgc4G
+A1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+kgZwwgZkxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD
 VQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQD
 DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
-b22CFDFCtCuH70tmk69E3kWA2I5+47UHMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUw
-E4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
-BwMCMA0GCSqGSIb3DQEBCwUAA4GBAFYUGRpPCZHN9afFaeTqGv1Ww1X+yMztVqhf
-hvurn3aK27PMaM6Z+6RecKg8qLaFfMsx/ksBDKzwGQSY0OelolHiUqP3QtTiLfJy
-teeV0LTj08E0pC98PO/wRRQyL8i/n9qXatrLP+8fytx6ExtaRUH48DRJnVgjhT2Z
-qzTeUTJ2
+b22CCQCXHTMR6EBulTAMBgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUu
+Y29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG
+9w0BAQsFAAOBgQAnCk4IjLpz0AXy6vlRjH4pFCOOnpr8Rm8QaFnZoOpTGb0oieGX
+Hky4Hr4PTZ0ddlcXMZXCgL4E0MLpXOD0gT/EsMWGrlhoua4PiOhjb7kI8RtWkPsf
+LszlaR98Ak/tsEV8LahZEaWVUcdQ2InCkGNoqEFv0Dcmb8gOtaAVnaXm0g==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            31:42:b4:2b:87:ef:4b:66:93:af:44:de:45:80:d8:8e:7e:e3:b5:07
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 10888915626055724693 (0x971d3311e8406e95)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:53 2021 GMT
+            Not After : Nov  7 19:49:53 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting_1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                Public-Key: (1024 bit)
                 Modulus:
                     00:cd:ac:dd:47:ec:be:b7:24:c3:63:1b:54:98:79:
                     e1:c7:31:16:59:d6:9d:77:9d:8d:e2:8b:ed:04:17:
@@ -100,7 +98,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:31:42:B4:2B:87:EF:4B:66:93:AF:44:DE:45:80:D8:8E:7E:E3:B5:07
+                serial:97:1D:33:11:E8:40:6E:95
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -109,35 +107,35 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         32:ed:94:35:3d:4a:76:d7:6e:a9:75:e9:f5:7a:7f:64:31:50:
-         6a:28:d5:92:21:d5:88:d2:51:82:c5:bb:1a:f9:26:fa:d8:4b:
-         83:b6:09:d4:62:19:e0:55:84:97:55:ba:5d:21:48:27:10:f0:
-         f3:5c:33:b8:38:9b:fb:57:4c:d8:1c:5b:ab:d3:1c:21:ee:3e:
-         2e:b8:c6:3a:92:5c:38:3c:25:40:2f:05:c6:c9:85:ff:27:f3:
-         ee:fa:10:58:db:5c:a6:8e:e0:d9:70:93:cd:be:7e:68:33:08:
-         c2:28:d6:5c:b3:15:19:af:0c:f7:ba:f0:bc:a1:cf:30:4e:38:
-         e6:4d
+         4e:b1:39:6a:23:a3:65:17:14:b6:52:2e:86:46:d5:4f:7c:d5:
+         6c:bb:fa:66:b1:71:54:a1:ad:0e:a2:b7:ba:59:65:8b:d5:87:
+         5d:51:d0:65:de:74:04:80:7c:da:3a:52:57:7a:1d:5d:46:7a:
+         06:79:75:e5:31:dd:1d:f6:54:77:fc:40:13:a1:5b:fd:9e:7d:
+         1c:fd:04:4f:7c:ee:92:a2:80:55:3c:3f:2a:1c:bd:3a:37:12:
+         0e:fd:52:60:66:19:d5:4b:f6:35:50:a3:59:d3:7f:6d:95:d7:
+         56:10:c6:86:28:f4:6e:6d:da:4e:1c:b4:e9:0b:4c:ed:62:0f:
+         64:06
 -----BEGIN CERTIFICATE-----
-MIIECTCCA3KgAwIBAgIUMUK0K4fvS2aTr0TeRYDYjn7jtQcwDQYJKoZIhvcNAQEL
-BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
+MIID8zCCA1ygAwIBAgIJAJcdMxHoQG6VMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxGDAWBgNVBAsMD0NvbnN1bHRpbmdfMTAyNDEYMBYGA1UE
+AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
+Y29tMB4XDTIxMDIxMDE5NDk1M1oXDTIzMTEwNzE5NDk1M1owgZkxCzAJBgNVBAYT
+AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQK
+DAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQDDA93
+d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2s3Ufsvrckw2MbVJh54ccxFlnW
+nXedjeKL7QQXssbr5JuRvjFQYpdYtX8p3rNxJAu/lwl/Jtwt7KgusmQreis1GS2i
+gMuZ/ZRxGyONVNsuYo2BCC30JHInbPnJjttMdbqbAfg/GPTmf/tXlJLMiMS0AMKq
+1OWIGLMRL3PA1ikJAgMBAAGjggE/MIIBOzAdBgNVHQ4EFgQU0yKPKCzgBe7T7cNx
+PcmyNjodv6gwgc4GA1UdIwSBxjCBw4AU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+k
+gZwwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
 MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
-Zm9Ad29sZnNzbC5jb20wHhcNMjAwNjE5MTMyMzQxWhcNMjMwMzE2MTMyMzQxWjCB
-mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
-YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
-GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
-b2xmc3NsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzazdR+y+tyTD
-YxtUmHnhxzEWWdadd52N4ovtBBeyxuvkm5G+MVBil1i1fynes3EkC7+XCX8m3C3s
-qC6yZCt6KzUZLaKAy5n9lHEbI41U2y5ijYEILfQkcids+cmO20x1upsB+D8Y9OZ/
-+1eUksyIxLQAwqrU5YgYsxEvc8DWKQkCAwEAAaOCAUowggFGMB0GA1UdDgQWBBTT
-Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
-ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
-EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
-b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUMUK0K4fvS2aTr0TeRYDYjn7jtQcw
-DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAMu2U
-NT1KdtduqXXp9Xp/ZDFQaijVkiHViNJRgsW7Gvkm+thLg7YJ1GIZ4FWEl1W6XSFI
-JxDw81wzuDib+1dM2Bxbq9McIe4+LrjGOpJcODwlQC8FxsmF/yfz7voQWNtcpo7g
-2XCTzb5+aDMIwijWXLMVGa8M97rwvKHPME445k0=
+Zm9Ad29sZnNzbC5jb22CCQCXHTMR6EBulTAMBgNVHRMEBTADAQH/MBwGA1UdEQQV
+MBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+BQcDAjANBgkqhkiG9w0BAQsFAAOBgQBOsTlqI6NlFxS2Ui6GRtVPfNVsu/pmsXFU
+oa0Oore6WWWL1YddUdBl3nQEgHzaOlJXeh1dRnoGeXXlMd0d9lR3/EAToVv9nn0c
+/QRPfO6SooBVPD8qHL06NxIO/VJgZhnVS/Y1UKNZ039tlddWEMaGKPRubdpOHLTp
+C0ztYg9kBg==
 -----END CERTIFICATE-----

certs/3072/client-cert.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            53:82:30:49:e8:be:64:59:2e:35:41:ac:31:0d:4d:25:21:54:90:a4
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 11880683778350266762 (0xa4e0aaf32950398a)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_3072, OU=Programming-3072, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:52 2021 GMT
+            Not After : Nov  7 19:49:52 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_3072, OU=Programming-3072, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (3072 bit)
+                Public-Key: (3072 bit)
                 Modulus:
                     00:ac:39:50:68:8f:78:f8:10:9b:68:96:d3:e1:9c:
                     56:68:5a:41:62:e3:b3:41:b0:55:80:17:b0:88:16:
@@ -46,7 +45,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:3D:D1:84:C2:AF:B0:20:49:BC:74:87:41:38:AB:BA:D2:D4:0C:A3:A8
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:53:82:30:49:E8:BE:64:59:2E:35:41:AC:31:0D:4D:25:21:54:90:A4
+                serial:A4:E0:AA:F3:29:50:39:8A
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -55,60 +54,60 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         9e:c9:99:b8:8c:c1:a2:db:cb:78:73:5a:8a:8d:3b:f3:0a:2a:
-         2f:ef:30:09:18:49:e1:f7:9f:8a:a2:33:ce:7c:ec:88:a3:3d:
-         81:50:76:4b:2c:20:82:bc:99:30:82:7f:0e:33:9c:c8:02:9b:
-         3c:de:3e:65:78:2d:6e:27:39:4f:c4:18:d3:96:23:a3:2d:91:
-         57:90:52:bd:7d:12:3d:bf:7d:b1:35:2e:a6:be:26:95:3c:04:
-         5c:20:6c:d8:e5:36:b2:e1:7b:0f:a1:2c:1f:28:3c:19:cb:c4:
-         69:bb:59:b4:99:13:f2:e5:f5:6c:23:d3:69:3b:01:b7:5a:a1:
-         be:f6:70:00:6c:9c:2e:2f:22:ea:4c:7c:72:e3:99:21:a9:dd:
-         ba:8d:16:5c:88:f7:c0:99:c2:8e:83:10:3d:ea:c8:11:77:6a:
-         e5:78:47:92:33:ec:aa:35:8c:13:f0:4c:9d:dd:35:56:42:35:
-         36:ce:d8:46:d8:d7:d4:84:a1:17:bc:57:09:cb:da:56:d2:76:
-         ac:6a:c0:b3:71:a3:1c:d3:2c:ea:f6:4c:9a:4d:dd:3a:ce:10:
-         33:f0:82:34:70:71:5d:6f:77:8f:ec:a2:77:7d:1c:9e:7f:55:
-         6b:e5:d3:29:49:3d:77:fd:5f:bb:ca:7a:b9:80:b5:81:69:a3:
-         38:a3:c6:96:d2:21:1d:85:08:47:59:a9:d4:92:8e:94:3f:5a:
-         a1:36:d7:92:b7:2f:ce:f0:a8:40:50:ae:3f:d0:20:39:86:a6:
-         a1:7c:4f:23:5c:9c:5f:da:93:75:d6:93:b1:5f:30:25:76:6c:
-         77:8f:f8:8e:15:ae:66:5b:7d:ee:d3:49:ae:c6:1c:b0:90:96:
-         5d:36:9e:12:4c:98:4a:f1:d1:6b:a4:7f:76:cb:51:f9:f2:52:
-         07:e4:60:6f:67:6f:e3:a3:84:c0:43:0d:fd:f6:25:9e:3c:d3:
-         41:e9:44:c5:f7:b9:11:3b:0f:dc:9c:e3:dd:f2:ac:06:b3:20:
-         14:2d:6c:db:8e:78
+         57:21:c0:ad:6e:16:74:d5:b1:8b:19:55:49:7a:a4:5e:d6:18:
+         f9:03:80:4b:c2:71:d1:04:47:9c:b3:73:9c:4f:62:4a:3a:9a:
+         d4:48:e4:81:db:8d:15:df:5d:0f:08:13:28:28:d7:05:44:c1:
+         b9:6d:f1:75:60:74:d0:44:ae:91:0f:3a:7c:f4:ee:ea:6f:06:
+         3a:41:ae:6b:5c:8a:0d:85:6b:b3:fb:b1:5f:70:f7:9b:32:57:
+         fb:c4:6b:ce:90:86:0c:96:8a:41:4e:61:f3:a1:3f:55:e8:94:
+         56:12:6d:9e:46:2c:31:bd:3f:8a:70:c8:20:a4:fb:fa:c6:53:
+         58:bb:05:28:ba:89:0c:b1:5f:21:ac:1e:f1:35:fd:6b:14:c1:
+         69:08:e9:37:14:d8:76:50:2a:fc:aa:94:7f:39:52:3a:a7:3c:
+         0a:53:5e:e0:13:1a:00:ca:ac:aa:7e:f7:09:68:78:60:11:73:
+         ab:7d:58:fe:03:9f:e6:84:ea:51:58:40:82:a5:ff:a7:2c:ea:
+         42:a5:4c:b6:3b:5c:6b:ab:cf:56:8a:8c:ec:3c:f0:ae:d3:ca:
+         0e:09:71:cf:79:96:72:63:4b:24:7a:f3:79:ca:69:75:c9:b2:
+         a4:54:b8:84:40:2b:8f:24:27:6a:ed:8f:53:e0:55:9b:35:91:
+         18:11:cf:b0:3b:b8:65:3c:c6:ef:b0:78:7c:43:26:f1:12:84:
+         6b:2b:f0:7d:3c:7f:dc:67:a4:17:89:75:00:86:1a:ea:cd:1a:
+         cf:da:11:64:cc:bd:10:26:ef:6b:1b:93:b3:37:14:7f:12:80:
+         81:b6:fd:8a:8a:d8:95:5f:f9:1e:a5:1e:65:5f:75:8d:90:2a:
+         0d:b1:ab:26:16:31:b2:06:64:6f:2b:7e:4a:f4:de:e9:7a:ec:
+         67:35:f3:40:71:75:37:b3:e1:1d:ef:7d:e2:92:ec:d5:e5:bb:
+         99:79:50:11:b2:8a:57:1b:30:2e:b7:16:4c:c8:a6:99:b1:01:
+         34:08:9d:d8:df:af
 -----BEGIN CERTIFICATE-----
-MIIGHTCCBIWgAwIBAgIUU4IwSei+ZFkuNUGsMQ1NJSFUkKQwDQYJKoZIhvcNAQEL
-BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1t
-aW5nLTMwNzIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMDA2MTkxMzIzNDFaFw0yMzAzMTYxMzIz
-NDFaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFt
-bWluZy0zMDcyMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
-AoIBgQCsOVBoj3j4EJtoltPhnFZoWkFi47NBsFWAF7CIFpvgl3RfQnlzQt+T86qd
-7i1vqrwnkITAXcfsSepcZh1wnFNcuqGzWMk+jptyPW4CAgCcZVaCoyK0CF8q79+a
-0OcxWSZbCxxjYf/VaTIZBn4PQDx6Hsj8WGxkrhA9qCP/jhrKaoLi+QFkLJegGomg
-dNO2BRHyYgZIKvdmzsGF4dIn6soSpZGXPvyUBllRwOcTtod7X9LAVi9eHQLDESzf
-9wHavYVUNTJfxcj5ep+J9wMOfnldBII1EP5tm7+47uJihyZeL1AveAzoc0+IatYm
-pMn8+h6KsPQyz1fNoViKSQ+7qR2Gq7mPjVcZslp+pOrMt5Z6OzjN3uBh/MkGj5Na
-zq0q4y0+OV1BgwEfD+F/dsco2lbvv9wmNUC+rcc4raQGrMroUevA+GgCLJuhFLz4
-YYbXVtdz9Ku7aiHTiCK0529/keUOxghJ3uoTWHKgqjr5NgNFV16H0nNlxIyj7snW
-c3yWQZMCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBQ90YTCr7AgSbx0h0E4q7rS1Ayj
-qDCB3gYDVR0jBIHWMIHTgBQ90YTCr7AgSbx0h0E4q7rS1AyjqKGBpKSBoTCBnjEL
-MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
-FTATBgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3
-MjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
-QHdvbGZzc2wuY29tghRTgjBJ6L5kWS41QawxDU0lIVSQpDAMBgNVHRMEBTADAQH/
-MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUF
-BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAYEAnsmZuIzBotvLeHNaio07
-8woqL+8wCRhJ4fefiqIzznzsiKM9gVB2SywggryZMIJ/DjOcyAKbPN4+ZXgtbic5
-T8QY05Yjoy2RV5BSvX0SPb99sTUupr4mlTwEXCBs2OU2suF7D6EsHyg8GcvEabtZ
-tJkT8uX1bCPTaTsBt1qhvvZwAGycLi8i6kx8cuOZIanduo0WXIj3wJnCjoMQPerI
-EXdq5XhHkjPsqjWME/BMnd01VkI1Ns7YRtjX1IShF7xXCcvaVtJ2rGrAs3GjHNMs
-6vZMmk3dOs4QM/CCNHBxXW93j+yid30cnn9Va+XTKUk9d/1fu8p6uYC1gWmjOKPG
-ltIhHYUIR1mp1JKOlD9aoTbXkrcvzvCoQFCuP9AgOYamoXxPI1ycX9qTddaTsV8w
-JXZsd4/4jhWuZlt97tNJrsYcsJCWXTaeEkyYSvHRa6R/dstR+fJSB+Rgb2dv46OE
-wEMN/fYlnjzTQelExfe5ETsP3Jzj3fKsBrMgFC1s2454
+MIIGBzCCBG+gAwIBAgIJAKTgqvMpUDmKMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFtbWluZy0zMDcyMRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjEwMjEwMTk0OTUyWhcNMjMxMTA3MTk0OTUyWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3MjEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArDlQaI94
++BCbaJbT4ZxWaFpBYuOzQbBVgBewiBab4Jd0X0J5c0Lfk/Oqne4tb6q8J5CEwF3H
+7EnqXGYdcJxTXLqhs1jJPo6bcj1uAgIAnGVWgqMitAhfKu/fmtDnMVkmWwscY2H/
+1WkyGQZ+D0A8eh7I/FhsZK4QPagj/44aymqC4vkBZCyXoBqJoHTTtgUR8mIGSCr3
+Zs7BheHSJ+rKEqWRlz78lAZZUcDnE7aHe1/SwFYvXh0CwxEs3/cB2r2FVDUyX8XI
++XqfifcDDn55XQSCNRD+bZu/uO7iYocmXi9QL3gM6HNPiGrWJqTJ/PoeirD0Ms9X
+zaFYikkPu6kdhqu5j41XGbJafqTqzLeWejs4zd7gYfzJBo+TWs6tKuMtPjldQYMB
+Hw/hf3bHKNpW77/cJjVAvq3HOK2kBqzK6FHrwPhoAiyboRS8+GGG11bXc/Sru2oh
+04gitOdvf5HlDsYISd7qE1hyoKo6+TYDRVdeh9JzZcSMo+7J1nN8lkGTAgMBAAGj
+ggFEMIIBQDAdBgNVHQ4EFgQUPdGEwq+wIEm8dIdBOKu60tQMo6gwgdMGA1UdIwSB
+yzCByIAUPdGEwq+wIEm8dIdBOKu60tQMo6ihgaSkgaEwgZ4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3
+b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1taW5nLTMwNzIxGDAWBgNVBAMM
+D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bYIJAKTgqvMpUDmKMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5j
+b22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3
+DQEBCwUAA4IBgQBXIcCtbhZ01bGLGVVJeqRe1hj5A4BLwnHRBEecs3OcT2JKOprU
+SOSB240V310PCBMoKNcFRMG5bfF1YHTQRK6RDzp89O7qbwY6Qa5rXIoNhWuz+7Ff
+cPebMlf7xGvOkIYMlopBTmHzoT9V6JRWEm2eRiwxvT+KcMggpPv6xlNYuwUouokM
+sV8hrB7xNf1rFMFpCOk3FNh2UCr8qpR/OVI6pzwKU17gExoAyqyqfvcJaHhgEXOr
+fVj+A5/mhOpRWECCpf+nLOpCpUy2O1xrq89WiozsPPCu08oOCXHPeZZyY0skevN5
+yml1ybKkVLiEQCuPJCdq7Y9T4FWbNZEYEc+wO7hlPMbvsHh8QybxEoRrK/B9PH/c
+Z6QXiXUAhhrqzRrP2hFkzL0QJu9rG5OzNxR/EoCBtv2KitiVX/kepR5lX3WNkCoN
+sasmFjGyBmRvK35K9N7peuxnNfNAcXU3s+Ed733ikuzV5buZeVARsopXGzAutxZM
+yKaZsQE0CJ3Y368=
 -----END CERTIFICATE-----

certs/4096/client-cert.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            36:8a:a6:8a:3d:0a:72:ff:dd:e4:4f:56:bd:89:24:23:3c:0b:b6:40
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_4096, OU = Programming-4096, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 11546908179272725132 (0xa03edbcf979a728c)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_4096, OU=Programming-4096, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_4096, OU = Programming-4096, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:52 2021 GMT
+            Not After : Nov  7 19:49:52 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_4096, OU=Programming-4096, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (4096 bit)
+                Public-Key: (4096 bit)
                 Modulus:
                     00:f5:d0:31:e4:71:59:58:b3:07:50:dd:16:79:fc:
                     c6:95:50:fc:46:0e:57:12:86:71:8d:e3:9b:4a:33:
@@ -55,7 +54,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:FA:54:89:67:E5:5F:B7:31:40:EA:FD:E7:F6:A3:C6:5A:56:16:A5:6E
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_4096/OU=Programming-4096/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:36:8A:A6:8A:3D:0A:72:FF:DD:E4:4F:56:BD:89:24:23:3C:0B:B6:40
+                serial:A0:3E:DB:CF:97:9A:72:8C
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -64,73 +63,72 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         64:d8:59:19:c0:b5:79:9e:58:63:ae:8b:28:64:81:d9:d2:cd:
-         e8:26:1f:04:09:7b:52:0a:7a:16:70:ee:37:8a:6d:7c:74:67:
-         51:2f:cf:97:a1:d6:54:a2:a3:93:dd:2b:63:5e:9f:13:56:7f:
-         8c:e5:9b:49:19:78:db:3d:75:fe:b7:b8:57:92:58:ff:84:8b:
-         d1:2f:f4:b0:22:d2:f9:bb:00:dd:3b:d2:7a:b9:d9:50:e5:90:
-         70:2d:77:f2:74:c2:40:2f:39:25:5d:8e:de:11:e1:cf:a7:8f:
-         8e:bd:2a:aa:2e:a1:14:3d:06:70:c7:c9:58:86:9e:4c:86:65:
-         9e:69:62:3e:30:22:eb:d5:00:d1:1e:8c:ba:f2:7b:a3:39:77:
-         fe:90:42:b7:a4:98:28:d7:82:4a:54:1b:27:c9:cf:09:b5:60:
-         b6:09:37:40:e9:a5:cd:3e:80:84:c4:c4:b6:63:06:ea:5c:63:
-         f2:2b:ee:00:31:52:d8:6c:cd:6a:d2:57:a0:6b:d5:a7:6e:4c:
-         ce:3b:ff:44:7d:99:a5:e3:fb:23:91:99:8c:19:ce:1f:c1:a1:
-         89:e3:bc:e8:74:2c:3d:80:bc:0c:6c:6a:39:a6:50:4c:d1:25:
-         1e:a6:96:f4:54:fd:2a:ce:3c:59:aa:1c:05:df:df:10:9a:2b:
-         52:9c:f1:a8:19:ac:56:03:56:1f:c9:a5:e4:aa:bc:e2:90:c1:
-         c9:ad:f5:94:1b:72:a7:c9:9e:90:26:2e:70:48:41:b5:2f:6c:
-         35:ca:30:e3:ca:71:5b:97:96:15:6f:b5:4d:43:d1:5a:02:d0:
-         21:48:ee:2b:c7:8d:e1:60:92:86:8c:5e:8d:9c:a1:6a:99:c0:
-         d0:3d:3a:8c:7e:c3:87:b2:81:8b:e9:bd:b0:d3:f3:6f:f2:89:
-         40:b9:d1:5c:d0:1c:9d:bf:80:fc:75:0a:66:c6:5a:d1:41:15:
-         31:07:55:f8:00:96:77:b4:a7:dc:d7:62:15:ed:75:7a:3e:cd:
-         b9:e0:56:7d:38:4c:2e:ec:ef:00:70:93:12:0d:25:5a:e7:f8:
-         02:37:e8:dd:bb:7e:61:9f:b2:a8:70:da:7f:94:7b:29:e0:a4:
-         58:01:8d:43:f1:25:16:59:fe:d5:21:42:ee:ab:a8:03:3e:ee:
-         1f:74:1c:43:2d:37:0f:05:14:29:0d:ac:e8:c7:72:0e:10:b5:
-         9e:f8:80:41:d0:a2:aa:6c:94:26:49:91:c7:2c:30:04:2a:91:
-         f0:e6:7f:76:71:80:09:07:00:98:b7:f1:1f:3c:0c:db:98:0a:
-         22:cc:af:6f:e5:c7:0d:26:a1:65:b3:5d:37:04:de:f4:61:91:
-         06:06:a4:9a:65:51:8b:3e
+         17:ab:22:61:05:6d:3a:c0:0d:6b:d9:15:82:11:cf:e7:f8:65:
+         da:c7:ef:da:0f:50:75:bd:55:cf:3d:50:dd:d4:0d:2c:04:48:
+         a8:25:3a:b9:c4:ce:48:7e:b8:63:cd:cd:ce:bc:50:26:dc:6d:
+         c2:1e:d1:71:3a:2f:db:e5:03:6b:73:55:23:70:76:1e:08:2a:
+         92:7b:d6:6a:ef:17:a0:f3:8c:ea:eb:c4:2e:cb:d4:d9:d5:ab:
+         f7:e6:8d:ec:d9:97:a1:56:a7:0b:5d:e5:3f:1f:5e:6a:7a:a4:
+         64:d7:b2:42:1a:1e:49:37:93:bc:be:13:a8:fb:b1:93:7b:a8:
+         2b:49:90:43:84:24:60:44:fc:32:74:85:0e:1b:f8:3a:92:3d:
+         aa:25:1b:9f:97:31:95:97:c5:3d:51:dd:b6:d5:4a:7e:41:b3:
+         90:83:7c:98:fa:cb:22:33:a5:f4:32:74:bd:3e:b1:3b:34:f9:
+         c3:3f:be:db:0e:d9:2f:1a:f9:d2:4f:14:53:63:f2:21:a3:e9:
+         c3:ad:04:6e:e7:ad:1f:6b:ce:4e:35:4a:61:84:b9:61:65:1d:
+         a2:d7:a1:e6:74:08:15:38:75:b0:23:70:22:15:59:2c:48:f0:
+         da:9a:99:d4:2b:83:df:9a:93:78:45:b9:84:5c:7e:71:90:da:
+         56:1c:9f:57:ed:76:f7:17:e5:d2:01:90:99:5f:4c:07:49:07:
+         82:75:92:44:7a:fe:9b:a7:4d:ec:c8:dc:46:67:28:04:8b:08:
+         17:94:13:e9:a0:d2:b2:26:56:27:60:94:5a:50:5c:cf:34:4d:
+         3f:35:e7:12:5d:c5:32:00:2f:e0:1d:09:e5:36:8d:77:93:f6:
+         e5:62:b4:a3:9b:c6:7c:e6:3d:d5:38:33:5f:23:5b:81:2e:24:
+         26:9e:98:a8:af:04:3d:65:3f:71:88:48:44:5c:1a:11:0e:1b:
+         e1:81:b1:b6:66:e6:3c:13:67:d6:6b:a3:f3:b7:f6:9f:14:a6:
+         87:7f:2b:14:31:22:7a:f5:0d:44:e6:a3:1a:d6:d2:dc:88:71:
+         37:28:11:6c:ef:95:ab:1d:c5:c3:9a:ef:1a:54:11:92:8e:89:
+         43:03:26:d0:e9:63:33:fe:79:4c:a6:6f:c4:58:58:2e:b6:ab:
+         57:a0:39:4d:ff:88:c0:23:2c:3b:e3:9a:df:48:d3:17:45:5d:
+         36:4e:00:58:72:c3:ef:e7:76:0b:f8:19:a8:5f:f6:53:98:49:
+         2b:52:b5:8e:a5:d8:73:6e:3c:23:23:06:86:25:6b:0d:3b:f2:
+         9a:17:33:a4:4e:f5:6b:de:b3:64:20:58:c6:6d:22:a9:ae:f4:
+         09:9d:0d:6e:9f:96:2a:9e
 -----BEGIN CERTIFICATE-----
-MIIHHTCCBQWgAwIBAgIUNoqmij0Kcv/d5E9WvYkkIzwLtkAwDQYJKoZIhvcNAQEL
-BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzQwOTYxGTAXBgNVBAsMEFByb2dyYW1t
-aW5nLTQwOTYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMDA2MTkxMzIzNDFaFw0yMzAzMTYxMzIz
-NDFaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF80MDk2MRkwFwYDVQQLDBBQcm9ncmFt
-bWluZy00MDk2MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQD10DHkcVlYswdQ3RZ5/MaVUPxGDlcShnGN45tKM+pP2RcTbUhp31kRCAKd
-ryvHML4M3IfUWhIJI13hdlpiN0Z07wMFux5tKXVsLp2HDY+HyxSVm74Xa1HRTNrX
-kWbFNuvgBxp2TbD7wfVeBdu6yyXZmRMcwDXcQOk2zcTVekFwDzbrpU4XBdV1G2Ri
-ej8NKEhq46ycqI/p7ffNJKCxoAOs4wP1P9GW/yp+CLHT4BgU7GU3UEPCaoz0W/7E
-y40/gQL3wt3kwY6ADAQlLYBaLg8iNUr0he1R2Kttj6I7JABugeIedtasMRLb844H
-od6JSjlgd8Wq8VHmBvGVVirhjpIwn/5YRKxG8v2a/KgdodNVN0qL/Jwz+KdhSEF8
-nHc/9YAjfUO01YgKyXXXRBlNd2wLCkmqHC/WWkSmR03lNpZAmSxWJrHykjFZ1yzU
-tCHWZRMLPvv/BOu5hbnY2ChPXBeWo1G+/n0LG0hAJXaU3EH7v3N22uuzYufByFRq
-k+GNMeg+Pt+8hwIwIlfE4Bh6067kApuqvU5JR3LpjRMtVJsAp5FhccnMSE/u314b
-Gt9n0yDmREWYfucOYxaDySZdkMHlKlxFVBOygRgGIC4uZlq1e27WDE6JAVZwu67e
-6Zle0bk6t2wXtgOpCN2c9BTJyVk5ctR+AjcxzQ6nPfjyz2sVqwIDAQABo4IBTzCC
-AUswHQYDVR0OBBYEFPpUiWflX7cxQOr95/ajxlpWFqVuMIHeBgNVHSMEgdYwgdOA
-FPpUiWflX7cxQOr95/ajxlpWFqVuoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4G
-A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNT
-TF80MDk2MRkwFwYDVQQLDBBQcm9ncmFtbWluZy00MDk2MRgwFgYDVQQDDA93d3cu
-d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDaK
-poo9CnL/3eRPVr2JJCM8C7ZAMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhh
-bXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0G
-CSqGSIb3DQEBCwUAA4ICAQBk2FkZwLV5nlhjrosoZIHZ0s3oJh8ECXtSCnoWcO43
-im18dGdRL8+XodZUoqOT3StjXp8TVn+M5ZtJGXjbPXX+t7hXklj/hIvRL/SwItL5
-uwDdO9J6udlQ5ZBwLXfydMJALzklXY7eEeHPp4+OvSqqLqEUPQZwx8lYhp5MhmWe
-aWI+MCLr1QDRHoy68nujOXf+kEK3pJgo14JKVBsnyc8JtWC2CTdA6aXNPoCExMS2
-YwbqXGPyK+4AMVLYbM1q0lega9WnbkzOO/9EfZml4/sjkZmMGc4fwaGJ47zodCw9
-gLwMbGo5plBM0SUeppb0VP0qzjxZqhwF398QmitSnPGoGaxWA1YfyaXkqrzikMHJ
-rfWUG3KnyZ6QJi5wSEG1L2w1yjDjynFbl5YVb7VNQ9FaAtAhSO4rx43hYJKGjF6N
-nKFqmcDQPTqMfsOHsoGL6b2w0/Nv8olAudFc0Bydv4D8dQpmxlrRQRUxB1X4AJZ3
-tKfc12IV7XV6Ps254FZ9OEwu7O8AcJMSDSVa5/gCN+jdu35hn7KocNp/lHsp4KRY
-AY1D8SUWWf7VIULuq6gDPu4fdBxDLTcPBRQpDazox3IOELWe+IBB0KKqbJQmSZHH
-LDAEKpHw5n92cYAJBwCYt/EfPAzbmAoizK9v5ccNJqFls103BN70YZEGBqSaZVGL
-Pg==
+MIIHBzCCBO+gAwIBAgIJAKA+28+XmnKMMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF80MDk2MRkwFwYDVQQLDBBQcm9ncmFtbWluZy00MDk2MRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjEwMjEwMTk0OTUyWhcNMjMxMTA3MTk0OTUyWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfNDA5NjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctNDA5NjEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9dAx5HFZ
+WLMHUN0WefzGlVD8Rg5XEoZxjeObSjPqT9kXE21Iad9ZEQgCna8rxzC+DNyH1FoS
+CSNd4XZaYjdGdO8DBbsebSl1bC6dhw2Ph8sUlZu+F2tR0Uza15FmxTbr4Acadk2w
++8H1XgXbussl2ZkTHMA13EDpNs3E1XpBcA8266VOFwXVdRtkYno/DShIauOsnKiP
+6e33zSSgsaADrOMD9T/Rlv8qfgix0+AYFOxlN1BDwmqM9Fv+xMuNP4EC98Ld5MGO
+gAwEJS2AWi4PIjVK9IXtUdirbY+iOyQAboHiHnbWrDES2/OOB6HeiUo5YHfFqvFR
+5gbxlVYq4Y6SMJ/+WESsRvL9mvyoHaHTVTdKi/ycM/inYUhBfJx3P/WAI31DtNWI
+Csl110QZTXdsCwpJqhwv1lpEpkdN5TaWQJksViax8pIxWdcs1LQh1mUTCz77/wTr
+uYW52NgoT1wXlqNRvv59CxtIQCV2lNxB+79zdtrrs2LnwchUapPhjTHoPj7fvIcC
+MCJXxOAYetOu5AKbqr1OSUdy6Y0TLVSbAKeRYXHJzEhP7t9eGxrfZ9Mg5kRFmH7n
+DmMWg8kmXZDB5SpcRVQTsoEYBiAuLmZatXtu1gxOiQFWcLuu3umZXtG5OrdsF7YD
+qQjdnPQUyclZOXLUfgI3Mc0Opz348s9rFasCAwEAAaOCAUQwggFAMB0GA1UdDgQW
+BBT6VIln5V+3MUDq/ef2o8ZaVhalbjCB0wYDVR0jBIHLMIHIgBT6VIln5V+3MUDq
+/ef2o8ZaVhalbqGBpKSBoTCBnjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
+bmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfNDA5NjEZMBcG
+A1UECwwQUHJvZ3JhbW1pbmctNDA5NjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAoD7bz5eacowwDAYD
+VR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNVHSUE
+FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggIBABerImEF
+bTrADWvZFYIRz+f4ZdrH79oPUHW9Vc89UN3UDSwESKglOrnEzkh+uGPNzc68UCbc
+bcIe0XE6L9vlA2tzVSNwdh4IKpJ71mrvF6DzjOrrxC7L1NnVq/fmjezZl6FWpwtd
+5T8fXmp6pGTXskIaHkk3k7y+E6j7sZN7qCtJkEOEJGBE/DJ0hQ4b+DqSPaolG5+X
+MZWXxT1R3bbVSn5Bs5CDfJj6yyIzpfQydL0+sTs0+cM/vtsO2S8a+dJPFFNj8iGj
+6cOtBG7nrR9rzk41SmGEuWFlHaLXoeZ0CBU4dbAjcCIVWSxI8NqamdQrg9+ak3hF
+uYRcfnGQ2lYcn1ftdvcX5dIBkJlfTAdJB4J1kkR6/punTezI3EZnKASLCBeUE+mg
+0rImVidglFpQXM80TT815xJdxTIAL+AdCeU2jXeT9uVitKObxnzmPdU4M18jW4Eu
+JCaemKivBD1lP3GISERcGhEOG+GBsbZm5jwTZ9Zro/O39p8Upod/KxQxInr1DUTm
+oxrW0tyIcTcoEWzvlasdxcOa7xpUEZKOiUMDJtDpYzP+eUymb8RYWC62q1egOU3/
+iMAjLDvjmt9I0xdFXTZOAFhyw+/ndgv4Gahf9lOYSStStY6l2HNuPCMjBoYlaw07
+8poXM6RO9Wves2QgWMZtIqmu9AmdDW6fliqe
 -----END CERTIFICATE-----

certs/ca-cert.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            5e:ba:a4:f4:b1:f7:48:25:e3:5f:9b:da:a1:13:ed:d5:2b:03:67:15
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 12309252214903945037 (0xaad33fac180a374d)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:52 2021 GMT
+            Not After : Nov  7 19:49:52 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
@@ -38,7 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:5E:BA:A4:F4:B1:F7:48:25:E3:5F:9B:DA:A1:13:ED:D5:2B:03:67:15
+                serial:AA:D3:3F:AC:18:0A:37:4D
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -47,47 +46,47 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         b9:ed:94:3e:00:73:2d:a5:d1:04:b3:fb:dc:f0:b7:0d:3d:ad:
-         96:74:4c:92:67:ad:6d:7c:e2:99:6a:33:ca:b2:0f:04:5a:a5:
-         67:f8:e3:0b:3d:f5:d0:5b:1e:20:52:12:92:28:ea:31:a3:51:
-         9e:8b:d2:39:e4:25:ea:61:61:41:16:2d:54:50:d3:fb:d0:34:
-         00:10:f1:7b:bc:f0:08:a7:f5:27:5e:7e:40:9d:99:b0:d3:31:
-         11:c3:9d:a9:51:a0:17:cf:83:2c:55:84:e0:d5:92:a0:05:3a:
-         9f:b8:75:f8:1b:e5:f7:a4:6c:e9:aa:25:8b:19:93:46:1f:3f:
-         33:af:47:29:cf:7b:8b:59:27:eb:d7:4f:cb:33:19:fa:5f:ee:
-         d8:13:e9:0c:07:ad:3b:c0:7f:10:d7:e4:ed:e8:db:16:e1:1f:
-         a4:7f:16:3c:bd:d7:11:f2:d4:3a:a9:9b:95:e1:39:51:99:eb:
-         5b:65:46:ef:63:84:73:95:23:b8:bf:b5:f6:4d:12:71:f7:ff:
-         33:aa:4a:8c:65:73:73:89:69:df:a6:dc:a4:91:ff:ae:c7:28:
-         93:b5:1a:de:a9:8f:2b:30:85:83:8b:99:82:ca:b3:7c:11:10:
-         88:9d:8e:6c:2c:f3:05:6f:cb:80:85:16:b7:ed:e4:68:fb:b6:
-         b6:31:8a:7d
+         62:98:c8:58:cf:56:03:86:5b:1b:71:49:7d:05:03:5d:e0:08:
+         86:ad:db:4a:de:ab:22:96:a8:c3:59:68:c1:37:90:40:df:bd:
+         89:d0:bc:da:8e:ef:87:b2:c2:62:52:e1:1a:29:17:6a:96:99:
+         c8:4e:d8:32:fe:b8:d1:5c:3b:0a:c2:3c:5f:a1:1e:98:7f:ce:
+         89:26:21:1f:64:9c:15:7a:9c:ef:fb:1d:85:6a:fa:98:ce:a8:
+         a9:ab:c3:a2:c0:eb:87:ed:bc:21:df:f3:07:5b:ae:fd:40:d4:
+         ae:20:d0:76:8a:31:0a:a2:62:7c:61:0d:ce:5d:9a:1e:e4:20:
+         88:51:49:fb:77:a9:cd:4d:c6:bf:54:99:33:ef:4b:a0:73:70:
+         6d:2e:d9:3d:08:f6:12:39:31:68:c6:61:5c:41:b5:1b:f4:38:
+         7d:fc:be:73:66:2d:f7:ca:5b:2c:5b:31:aa:cf:f6:7f:30:e4:
+         12:2c:8e:d6:38:51:e6:45:ee:d5:da:c3:83:d6:ed:5e:ec:d6:
+         b6:14:b3:93:59:e1:55:4a:7f:04:df:ce:65:d4:df:18:4f:dd:
+         b4:45:7f:a6:56:30:c4:05:44:98:9d:4f:26:6d:84:80:a0:5e:
+         ed:23:d1:48:87:0e:05:06:91:3b:b0:3c:bb:8c:8f:3c:7b:4c:
+         4f:a1:ca:98
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUXrqk9LH3SCXjX5vaoRPt1SsDZxUwDQYJKoZIhvcNAQEL
-BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
-MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIwMDYxOTEzMjM0MVoXDTIzMDMxNjEzMjM0MVowgZQxCzAJ
-BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
-DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
-d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ry
-TXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQ
-u2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkc
-rMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfa
-QG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+j
-JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02
-eQIDAQABo4IBRTCCAUEwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHU
-BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
+MIIE6TCCA9GgAwIBAgIJAKrTP6wYCjdNMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
-dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-Xrqk9LH3SCXjX5vaoRPt1SsDZxUwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
-eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBALntlD4Acy2l0QSz+9zwtw09rZZ0TJJnrW184plq
-M8qyDwRapWf44ws99dBbHiBSEpIo6jGjUZ6L0jnkJephYUEWLVRQ0/vQNAAQ8Xu8
-8Ain9SdefkCdmbDTMRHDnalRoBfPgyxVhODVkqAFOp+4dfgb5fekbOmqJYsZk0Yf
-PzOvRynPe4tZJ+vXT8szGfpf7tgT6QwHrTvAfxDX5O3o2xbhH6R/Fjy91xHy1Dqp
-m5XhOVGZ61tlRu9jhHOVI7i/tfZNEnH3/zOqSoxlc3OJad+m3KSR/67HKJO1Gt6p
-jyswhYOLmYLKs3wREIidjmws8wVvy4CFFrft5Gj7trYxin0=
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0yMTAyMTAxOTQ5NTJaFw0yMzExMDcxOTQ5NTJaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOCATow
+ggE2MB0GA1UdDgQWBBQnjmcRdMMmHT/tM2OzpNgdMOXo1TCByQYDVR0jBIHBMIG+
+gBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAO
+BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rv
+b3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5j
+b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQCq0z+sGAo3TTAM
+BgNVHRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1Ud
+JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAYpjI
+WM9WA4ZbG3FJfQUDXeAIhq3bSt6rIpaow1lowTeQQN+9idC82o7vh7LCYlLhGikX
+apaZyE7YMv640Vw7CsI8X6EemH/OiSYhH2ScFXqc7/sdhWr6mM6oqavDosDrh+28
+Id/zB1uu/UDUriDQdooxCqJifGENzl2aHuQgiFFJ+3epzU3Gv1SZM+9LoHNwbS7Z
+PQj2EjkxaMZhXEG1G/Q4ffy+c2Yt98pbLFsxqs/2fzDkEiyO1jhR5kXu1drDg9bt
+XuzWthSzk1nhVUp/BN/OZdTfGE/dtEV/plYwxAVEmJ1PJm2EgKBe7SPRSIcOBQaR
+O7A8u4yPPHtMT6HKmA==
 -----END CERTIFICATE-----

certs/ca-ecc-cert.pem

@@ -1,18 +1,17 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            7e:bd:d9:c1:a5:b2:60:a4:ba:f4:86:cf:13:ac:77:84:be:ac:07:e7
-        Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 9459666439398825038 (0x83477c81d60d1c4e)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:53 2021 GMT
+            Not After : Nov  7 19:49:53 2023 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
-                pub:
+                pub: 
                     04:02:d3:d9:6e:d6:01:8e:45:c8:b9:90:31:e5:c0:
                     4c:e3:9e:ad:29:38:98:ba:10:d6:e9:09:2a:80:a9:
                     2e:17:2a:b9:8a:bf:33:83:46:e3:95:0b:e4:77:40:
@@ -31,23 +30,23 @@ Certificate:
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:06:c3:0a:69:01:57:31:17:09:3f:21:95:4f:3f:
-         c5:20:e3:21:86:75:47:5e:87:f7:48:8a:1e:01:fa:d2:67:c8:
-         02:20:7d:c8:e9:2d:5b:74:28:87:71:db:a3:0e:19:84:cc:b3:
-         a6:83:35:75:f8:05:dd:fc:5e:51:2b:18:98:c4:ac:95
+         30:45:02:21:00:c5:83:ff:1e:51:f7:a1:e9:f1:42:c4:be:ed:
+         38:bd:38:32:8f:ae:3f:c7:6d:11:90:e9:99:ab:61:a2:db:a7:
+         4b:02:20:28:40:d9:ba:45:cc:a6:ea:fa:3f:3e:71:44:8e:02:
+         03:2f:41:0b:56:78:2d:a6:e8:5e:f6:ff:da:62:8c:f9:df
 -----BEGIN CERTIFICATE-----
-MIIClDCCAjugAwIBAgIUfr3ZwaWyYKS69IbPE6x3hL6sB+cwCgYIKoZIzj0EAwIw
-gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
-ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
-MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIwMDYxOTEzMjM0MVoXDTIzMDMxNjEzMjM0MVowgZcxCzAJ
-BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
-MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
-AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t
-KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj
-MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO
-msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMAoGCCqGSM49BAMCA0cAMEQCIAbDCmkBVzEXCT8hlU8/xSDjIYZ1R16H90iK
-HgH60mfIAiB9yOktW3Qoh3Hbow4ZhMyzpoM1dfgF3fxeUSsYmMSslQ==
+MIICijCCAjCgAwIBAgIJAINHfIHWDRxOMAoGCCqGSM49BAMCMIGXMQswCQYDVQQG
+EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
+A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0yMTAyMTAxOTQ5NTNaFw0yMzExMDcxOTQ5NTNaMIGXMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH
+d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABALT2W7WAY5FyLmQMeXATOOerSk4mLoQ1ukJKoCp
+LhcquYq/M4NG45UL5HdAtTtDRTMPYVN8N0TBy/yAyuhD6qejYzBhMB0GA1UdDgQW
+BBRWjprD8ELeGLlFVW75k8/qw/OlITAfBgNVHSMEGDAWgBRWjprD8ELeGLlFVW75
+k8/qw/OlITAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjO
+PQQDAgNIADBFAiEAxYP/HlH3oenxQsS+7Ti9ODKPrj/HbRGQ6ZmrYaLbp0sCIChA
+2bpFzKbq+j8+cUSOAgMvQQtWeC2m6F72/9pijPnf
 -----END CERTIFICATE-----

certs/ca-ecc384-cert.pem

@@ -1,18 +1,17 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            20:da:85:3f:78:c9:83:3b:ae:aa:5a:67:49:27:78:ba:90:de:66:6e
-        Signature Algorithm: ecdsa-with-SHA384
-        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 12132976075216541034 (0xa860fd750798556a)
+    Signature Algorithm: ecdsa-with-SHA384
+        Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:53 2021 GMT
+            Not After : Nov  7 19:49:53 2023 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
-                pub:
+                pub: 
                     04:ee:82:d4:39:9a:b1:27:82:f4:d7:ea:c6:bc:03:
                     1d:4d:83:61:f4:03:ae:7e:bd:d8:5a:a5:b9:f0:8e:
                     a2:a5:da:ce:87:3b:5a:ab:44:16:9c:f5:9f:62:dd:
@@ -33,27 +32,26 @@ Certificate:
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA384
-         30:66:02:31:00:d2:4e:24:af:70:3e:93:0b:2e:d5:7c:71:f3:
-         61:3e:8e:71:6d:2e:60:de:fb:ef:3f:be:02:b6:14:45:9b:0a:
-         12:af:af:41:d6:bb:79:ab:d1:4e:8d:9d:dc:98:25:4e:aa:02:
-         31:00:cf:2f:b7:32:70:e7:85:69:17:df:53:75:2b:36:74:d6:
-         1b:a2:62:f9:80:19:c1:3a:ea:9a:05:80:b6:c5:f8:a2:a2:ff:
-         f6:3d:aa:34:d6:e1:1f:e3:93:66:e7:91:4d:fa
+         30:65:02:30:47:a2:36:33:f4:27:bd:d0:5c:e6:8d:3e:31:a9:
+         4e:51:57:a9:93:28:72:0a:72:ab:6e:f9:56:c0:f5:70:02:9f:
+         9c:b2:4a:9c:3e:9f:fb:c5:64:26:7a:88:dc:4a:2a:25:02:31:
+         00:88:f8:e2:d5:20:82:f2:de:7b:cb:13:ac:cd:ff:e8:1e:4e:
+         84:3d:9c:af:5d:f9:01:e7:4f:d4:03:09:84:3d:7b:2b:83:e2:
+         ae:08:68:2e:5b:85:6f:43:f5:41:e0:c7:c9
 -----BEGIN CERTIFICATE-----
-MIIC0zCCAligAwIBAgIUINqFP3jJgzuuqlpnSSd4upDeZm4wCgYIKoZIzj0EAwMw
-gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
-ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
-MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIwMDYxOTEzMjM0MVoXDTIzMDMxNjEzMjM0MVowgZcxCzAJ
-BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
-MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
-AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7oLUOZqxJ4L01+rGvAMdTYNh9AOu
-fr3YWqW58I6ipdrOhztaq0QWnPWfYt32IM2cdjxAsT+XF99Z9s3ezUY1wO1eLki2
-ZpFxdLcMP7mat4O9kz9fUC1wP941JeGQO4bgo2MwYTAdBgNVHQ4EFgQUq+DDJkwY
-1HK70oSMnAoFkoASU1IwHwYDVR0jBBgwFoAUq+DDJkwY1HK70oSMnAoFkoASU1Iw
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaQAw
-ZgIxANJOJK9wPpMLLtV8cfNhPo5xbS5g3vvvP74CthRFmwoSr69B1rt5q9FOjZ3c
-mCVOqgIxAM8vtzJw54VpF99TdSs2dNYbomL5gBnBOuqaBYC2xfiiov/2Pao01uEf
-45Nm55FN+g==
+MIICxzCCAk2gAwIBAgIJAKhg/XUHmFVqMAoGCCqGSM49BAMDMIGXMQswCQYDVQQG
+EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
+A1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0yMTAyMTAxOTQ5NTNaFw0yMzExMDcxOTQ5NTNaMIGXMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwH
+d29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGDAWBgNVBAMMD3d3dy53b2xm
+c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTB2MBAGByqG
+SM49AgEGBSuBBAAiA2IABO6C1DmasSeC9NfqxrwDHU2DYfQDrn692FqlufCOoqXa
+zoc7WqtEFpz1n2Ld9iDNnHY8QLE/lxffWfbN3s1GNcDtXi5ItmaRcXS3DD+5mreD
+vZM/X1AtcD/eNSXhkDuG4KNjMGEwHQYDVR0OBBYEFKvgwyZMGNRyu9KEjJwKBZKA
+ElNSMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKAElNSMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMEeiNjP0J73Q
+XOaNPjGpTlFXqZMocgpyq275VsD1cAKfnLJKnD6f+8VkJnqI3EoqJQIxAIj44tUg
+gvLee8sTrM3/6B5OhD2cr135AedP1AMJhD17K4PirghoLluFb0P1QeDHyQ==
 -----END CERTIFICATE-----

certs/check_dates.sh

@@ -0,0 +1,143 @@
+#!/bin/sh
+
+# Whether a certificate or CRLs needs updating
+expired=0
+# Default to checking expiry within 6 months
+offset="+6 months"
+
+# First command line argument is the new expiry time
+if [ "$1" != "" ]
+then
+    offset=$1
+fi
+
+# Certificates that are expired and are intentionally or irrelevantly so.
+exp_expired="\
+/test/crit-cert.pem \
+/test/expired/expired-cert.pem \
+/test/expired/expired-ca.pem \
+/test/expired/expired-cert.der \
+/test/expired/expired-ca.der \
+/certeccrsa.pem \
+/certeccrsa.der
+"
+
+# Files that are not certificates or CRLs put get matched anyway
+ignore="\
+/test/cert-ext-ns.der \
+/rsa3072.der \
+/rsa2048.der \
+/1024/rsa1024.der \
+"
+
+# Get the date offset from now - earliest expiry - in seconds
+earliest=`date -d "$offset" +%s`
+
+# Compare the date with earliest allowed expiry.
+#
+# $1  Name of file being checked.
+# $2  Expiry date in file (notAfter or nextUpdate).
+check_expiry() {
+    # Convert date to a number of seconds
+    expiry=`date -d "$2" +%s`
+
+    # Check expiry is not too soon
+    if [ $expiry -lt $earliest ]
+    then
+        # Reset result
+        result=expired
+        # Ignore files that are expected to be expired
+        for exp in $exp_expired
+        do
+            case $1 in
+            *$exp)
+                result=ignore
+                break
+                ;;
+            esac
+        done
+        # Report any unexpected expiries
+        if [ "$result" = "expired" ]
+        then
+            echo "$1 expires at:"
+            echo "    '$2' (< $offset)"
+            expired=1
+        fi
+    fi
+}
+
+# Check file expiry.
+#
+# The file is of any format.
+# Try to guess from name what it is.
+#
+# $1       Name of file to check
+# $inform  Command line argument to use with openssl for input file format
+check_file() {
+    # Check file is not in list of files to ignore
+    for i in $ignore
+    do
+        case $1 in
+        *$i)
+            return
+            ;;
+        esac
+    done
+
+    # Use pattern matching to guess format
+    case $1 in
+    *key*) ;;
+    *dh*) ;;
+    *params*) ;;
+    *priv*) ;;
+    *pub*) ;;
+    *dsa*) ;;
+    *crl*)
+        # Get the nextUpdate field from the CRL
+        next_update=`openssl crl -in $file $inform -noout -nextupdate 2>&1`
+        if [ "$?" != "0" ]
+        then
+            # Didn't work so report failure
+            echo "$file not a crl"
+        else
+            # Get the date after the equal sign and check file
+            next_update="${next_update#*=}"
+            check_expiry $file "$next_update"
+        fi
+        ;;
+    *)
+        # Get the notAfter field from the certificate
+        not_after=`openssl x509 -in $file $inform -noout -enddate 2>&1`
+        if [ "$?" != "0" ]
+        then
+            # Didn't work, maybe wasn't a certificate, so report failure
+            echo "$file not a certificate"
+        else
+            # Get the date after the equal sign and check file
+            not_after="${not_after#*=}"
+            check_expiry $file "$not_after"
+        fi
+        ;;
+    esac
+}
+
+# Check all PEM files
+inform="-inform PEM"
+pem_files=`find . -name '*.pem'`
+for file in $pem_files
+do
+    check_file $file
+done
+
+# Check all DER files
+inform="-inform DER"
+der_files=`find . -name '*.der'`
+for file in $der_files
+do
+    check_file $file
+done
+
+# Return result of check
+# 0 on success
+# 1 on failure
+return $expired

certs/client-ca.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            45:45:81:82:e6:3a:bd:a2:e3:06:0e:ba:2c:45:74:4b:be:c0:39:11
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 17391944375755183620 (0xf15c9943663d9604)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:52 2021 GMT
+            Not After : Nov  7 19:49:52 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,7 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:45:45:81:82:E6:3A:BD:A2:E3:06:0E:BA:2C:45:74:4B:BE:C0:39:11
+                serial:F1:5C:99:43:66:3D:96:04
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -47,66 +46,64 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         c1:06:39:c8:ce:f5:81:49:55:e1:3a:55:aa:91:5d:64:f1:4b:
-         dc:33:1e:31:15:e7:10:71:16:0d:b5:00:dc:bb:22:0d:81:d9:
-         12:5c:0c:dd:61:e1:af:b5:e2:f7:7d:8b:e6:61:fd:ca:45:3a:
-         61:e7:18:56:2c:26:f2:df:14:f1:e0:3d:7f:62:12:5f:d8:04:
-         44:06:0c:72:b1:8a:50:72:67:77:74:01:ff:79:64:11:6e:b3:
-         84:51:19:22:b6:43:10:06:0d:39:46:5a:c6:57:0a:43:a1:94:
-         02:28:0a:12:38:85:04:0e:78:52:48:28:7e:6c:d9:f0:4b:04:
-         55:7c:39:01:c1:b4:5f:50:06:cf:da:6f:20:b8:94:f7:51:1a:
-         23:cb:30:e3:21:b4:a3:73:ad:48:fb:96:69:ef:2e:50:b6:67:
-         bc:64:ee:27:76:43:7a:34:59:8e:b4:57:53:7d:95:7e:50:7e:
-         64:4c:29:68:fe:81:4f:73:21:24:b5:a9:a2:49:5f:54:7f:0d:
-         c2:96:c7:f5:36:81:8e:c0:00:af:b4:10:6b:0e:bc:1a:3a:f1:
-         a6:dd:fd:8e:63:21:33:d4:32:31:1f:be:a3:7c:52:85:26:c8:
-         6e:50:6c:ac:3d:2e:c0:f9:50:ed:c8:4d:cd:13:50:ce:5e:de:
-         15:89:d1:fb
+         ba:2b:48:d1:a8:e3:c2:84:42:96:a1:7c:e5:f1:46:ba:4c:f7:
+         87:57:c7:78:c8:c1:32:c4:69:ff:85:bb:5d:6a:dd:c9:87:7e:
+         fe:bb:f4:fd:15:0a:4c:94:95:80:30:90:45:03:f8:33:87:ca:
+         5f:74:38:a4:d0:5a:c7:65:38:c3:b0:e8:87:b1:49:32:b9:ac:
+         e9:fb:d3:08:1d:a4:51:7b:d7:d9:4b:79:35:a2:3a:0b:e4:0c:
+         a0:02:9c:a1:68:e1:5d:6c:8e:2e:3a:24:de:bb:d6:1c:a7:ac:
+         2e:cd:57:44:48:f6:72:e0:c7:5b:93:dc:7d:5b:64:0e:17:84:
+         68:2c:95:1d:2c:86:d6:b0:74:67:51:6e:7b:f4:d5:61:38:51:
+         b3:18:e3:10:16:73:4b:36:8a:8a:62:05:f5:56:8a:be:21:e1:
+         78:7d:bf:ad:45:f9:0b:f5:af:a0:62:01:fd:3f:49:df:39:3c:
+         ff:46:e8:0a:fe:5c:6b:bb:41:a5:64:f1:5c:9b:51:4c:bc:6d:
+         9f:a3:20:ed:e9:48:e1:a9:be:08:2d:85:42:59:d6:43:7d:47:
+         22:a5:fa:1f:a2:58:76:0b:70:1c:1d:59:1d:aa:be:5d:2d:25:
+         7c:b1:06:b6:c0:aa:28:aa:93:7c:d0:bd:43:ad:91:50:1c:7b:
+         4d:f3:e4:d7
 -----BEGIN CERTIFICATE-----
-MIIFHTCCBAWgAwIBAgIURUWBguY6vaLjBg66LEV0S77AOREwDQYJKoZIhvcNAQEL
-BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
-aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMDA2MTkxMzIzNDFaFw0yMzAzMTYxMzIz
-NDFaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
-bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDDA9Er/jmkMkU7U8iEKyp8dJq9qipSB0fWpjayBzKO0Lppe8bDRJ7UgUj9
-LWiii2e7oXXINixK0hv3i7rPDfnv7PGBHnubA0eav2XMf2UkaaboFIlb5DT3xbAU
-k/Vnezp6eOEBVlaRphNCjdI8QJxM79GG3zdRGwyhO/Xxo0o15OHOlt8bfr9Ol9AQ
-6KgIMIGvIAtDFMV0Z7Qygm+NhsKIQJk2g7oeQHIiF9dSZSRzsM7vGc2u/3hse8AS
-A9ROcg1QbTujO6OZXp3I2QyFs9mK2VQm2236rLv/JUzE0Xn0cdOGQBgTsGO1ck4w
-xJeEhi1WL9cV93/ArvX8W+X7obrTAgMBAAGjggFPMIIBSzAdBgNVHQ4EFgQUM9hF
-Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
-JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
-DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
-EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIURUWBguY6vaLjBg66LEV0S77A
-OREwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB
-AMEGOcjO9YFJVeE6VaqRXWTxS9wzHjEV5xBxFg21ANy7Ig2B2RJcDN1h4a+14vd9
-i+Zh/cpFOmHnGFYsJvLfFPHgPX9iEl/YBEQGDHKxilByZ3d0Af95ZBFus4RRGSK2
-QxAGDTlGWsZXCkOhlAIoChI4hQQOeFJIKH5s2fBLBFV8OQHBtF9QBs/abyC4lPdR
-GiPLMOMhtKNzrUj7lmnvLlC2Z7xk7id2Q3o0WY60V1N9lX5QfmRMKWj+gU9zISS1
-qaJJX1R/DcKWx/U2gY7AAK+0EGsOvBo68abd/Y5jITPUMjEfvqN8UoUmyG5QbKw9
-LsD5UO3ITc0TUM5e3hWJ0fs=
+MIIFBzCCA++gAwIBAgIJAPFcmUNmPZYEMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjEwMjEwMTk0OTUyWhcNMjMxMTA3MTk0OTUyWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45
+pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs
+StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW
+kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF
+dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj
+mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/
+wK71/Fvl+6G60wIDAQABo4IBRDCCAUAwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR
+xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh
+MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
+ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu
+Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW
+EGluZm9Ad29sZnNzbC5jb22CCQDxXJlDZj2WBDAMBgNVHRMEBTADAQH/MBwGA1Ud
+EQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
+BgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAuitI0ajjwoRClqF85fFGukz3h1fH
+eMjBMsRp/4W7XWrdyYd+/rv0/RUKTJSVgDCQRQP4M4fKX3Q4pNBax2U4w7Doh7FJ
+Mrms6fvTCB2kUXvX2Ut5NaI6C+QMoAKcoWjhXWyOLjok3rvWHKesLs1XREj2cuDH
+W5PcfVtkDheEaCyVHSyG1rB0Z1Fue/TVYThRsxjjEBZzSzaKimIF9VaKviHheH2/
+rUX5C/WvoGIB/T9J3zk8/0boCv5ca7tBpWTxXJtRTLxtn6Mg7elI4am+CC2FQlnW
+Q31HIqX6H6JYdgtwHB1ZHaq+XS0lfLEGtsCqKKqTfNC9Q62RUBx7TfPk1w==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            61:b3:1e:59:f3:68:6c:a4:79:42:83:2f:1a:50:71:03:be:32:aa:2c
-        Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 16666221217456835267 (0xe74a4fe55697cac3)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:53 2021 GMT
+            Not After : Nov  7 19:49:53 2023 GMT
+        Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
-                pub:
+                pub: 
                     04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
                     f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
                     62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
@@ -120,7 +117,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
                 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:61:B3:1E:59:F3:68:6C:A4:79:42:83:2F:1A:50:71:03:BE:32:AA:2C
+                serial:E7:4A:4F:E5:56:97:CA:C3
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -129,28 +126,27 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:46:02:21:00:e4:a0:23:26:2b:0b:42:0f:97:37:6d:cb:14:
-         23:c3:c3:e6:44:cf:5f:4c:26:a3:72:64:7a:9c:cb:64:ab:a6:
-         be:02:21:00:aa:c5:a3:50:f6:f1:a5:db:05:e0:75:d2:f7:ba:
-         49:5f:8f:7d:1c:44:b1:6e:df:c8:da:10:48:2d:53:08:a8:b4
+         30:46:02:21:00:e3:bb:ca:0e:31:2d:39:1d:94:25:81:90:d5:
+         11:f9:09:6d:58:16:23:be:9f:a9:18:64:83:3c:25:03:58:58:
+         39:02:21:00:a4:aa:b3:f0:09:c9:0c:2f:f7:b1:d4:8e:9f:a6:
+         b6:ab:1a:c7:37:ed:70:4d:34:04:a0:9b:3d:84:86:10:a0:f0
 -----BEGIN CERTIFICATE-----
-MIIDXzCCAwSgAwIBAgIUYbMeWfNobKR5QoMvGlBxA74yqiwwCgYIKoZIzj0EAwIw
-gY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBVNhbGVt
-MRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0MRgwFgYDVQQDDA93
-d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjAwNjE5MTMyMzQxWhcNMjMwMzE2MTMyMzQxWjCBjTELMAkGA1UEBhMCVVMx
-DzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVu
-dCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
-MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqG
-SM49AwEHA0IABFW/9A9EUJo9zpu38MVN9XB71OwkjhmA7FpMoiQDYiyb2u+iNRJD
-hHYWxlaVBswBqb32dRpC972psjYiX8ddf7SjggE+MIIBOjAdBgNVHQ4EFgQU69RL
-WWuVYT9RV7YETYlBiERcq/Iwgc0GA1UdIwSBxTCBwoAU69RLWWuVYT9RV7YETYlB
-iERcq/KhgZOkgZAwgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAM
-BgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0
-MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb22CFGGzHlnzaGykeUKDLxpQcQO+MqosMAwGA1UdEwQFMAMBAf8w
-HAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0kAMEYCIQDkoCMmKwtCD5c3bcsUI8PD
-5kTPX0wmo3JkepzLZKumvgIhAKrFo1D28aXbBeB10ve6SV+PfRxEsW7fyNoQSC1T
-CKi0
+MIIDSTCCAu6gAwIBAgIJAOdKT+VWl8rDMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG
+EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK
+Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDIxMDE5
+NDk1M1oXDTIzMTEwNzE5NDk1M1owgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP
+cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD
+VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
+CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV
+v/QPRFCaPc6bt/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam9
+9nUaQve9qbI2Il/HXX+0o4IBMzCCAS8wHQYDVR0OBBYEFOvUS1lrlWE/UVe2BE2J
+QYhEXKvyMIHCBgNVHSMEgbowgbeAFOvUS1lrlWE/UVe2BE2JQYhEXKvyoYGTpIGQ
+MIGNMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxl
+bTETMBEGA1UECgwKQ2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+ggkA50pP5VaXysMwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNv
+bYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0E
+AwIDSQAwRgIhAOO7yg4xLTkdlCWBkNUR+QltWBYjvp+pGGSDPCUDWFg5AiEApKqz
+8AnJDC/3sdSOn6a2qxrHN+1wTTQEoJs9hIYQoPA=
 -----END CERTIFICATE-----

certs/client-cert.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            45:45:81:82:e6:3a:bd:a2:e3:06:0e:ba:2c:45:74:4b:be:c0:39:11
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 17391944375755183620 (0xf15c9943663d9604)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:52 2021 GMT
+            Not After : Nov  7 19:49:52 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,7 +37,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:45:45:81:82:E6:3A:BD:A2:E3:06:0E:BA:2C:45:74:4B:BE:C0:39:11
+                serial:F1:5C:99:43:66:3D:96:04
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -47,48 +46,47 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         c1:06:39:c8:ce:f5:81:49:55:e1:3a:55:aa:91:5d:64:f1:4b:
-         dc:33:1e:31:15:e7:10:71:16:0d:b5:00:dc:bb:22:0d:81:d9:
-         12:5c:0c:dd:61:e1:af:b5:e2:f7:7d:8b:e6:61:fd:ca:45:3a:
-         61:e7:18:56:2c:26:f2:df:14:f1:e0:3d:7f:62:12:5f:d8:04:
-         44:06:0c:72:b1:8a:50:72:67:77:74:01:ff:79:64:11:6e:b3:
-         84:51:19:22:b6:43:10:06:0d:39:46:5a:c6:57:0a:43:a1:94:
-         02:28:0a:12:38:85:04:0e:78:52:48:28:7e:6c:d9:f0:4b:04:
-         55:7c:39:01:c1:b4:5f:50:06:cf:da:6f:20:b8:94:f7:51:1a:
-         23:cb:30:e3:21:b4:a3:73:ad:48:fb:96:69:ef:2e:50:b6:67:
-         bc:64:ee:27:76:43:7a:34:59:8e:b4:57:53:7d:95:7e:50:7e:
-         64:4c:29:68:fe:81:4f:73:21:24:b5:a9:a2:49:5f:54:7f:0d:
-         c2:96:c7:f5:36:81:8e:c0:00:af:b4:10:6b:0e:bc:1a:3a:f1:
-         a6:dd:fd:8e:63:21:33:d4:32:31:1f:be:a3:7c:52:85:26:c8:
-         6e:50:6c:ac:3d:2e:c0:f9:50:ed:c8:4d:cd:13:50:ce:5e:de:
-         15:89:d1:fb
+         ba:2b:48:d1:a8:e3:c2:84:42:96:a1:7c:e5:f1:46:ba:4c:f7:
+         87:57:c7:78:c8:c1:32:c4:69:ff:85:bb:5d:6a:dd:c9:87:7e:
+         fe:bb:f4:fd:15:0a:4c:94:95:80:30:90:45:03:f8:33:87:ca:
+         5f:74:38:a4:d0:5a:c7:65:38:c3:b0:e8:87:b1:49:32:b9:ac:
+         e9:fb:d3:08:1d:a4:51:7b:d7:d9:4b:79:35:a2:3a:0b:e4:0c:
+         a0:02:9c:a1:68:e1:5d:6c:8e:2e:3a:24:de:bb:d6:1c:a7:ac:
+         2e:cd:57:44:48:f6:72:e0:c7:5b:93:dc:7d:5b:64:0e:17:84:
+         68:2c:95:1d:2c:86:d6:b0:74:67:51:6e:7b:f4:d5:61:38:51:
+         b3:18:e3:10:16:73:4b:36:8a:8a:62:05:f5:56:8a:be:21:e1:
+         78:7d:bf:ad:45:f9:0b:f5:af:a0:62:01:fd:3f:49:df:39:3c:
+         ff:46:e8:0a:fe:5c:6b:bb:41:a5:64:f1:5c:9b:51:4c:bc:6d:
+         9f:a3:20:ed:e9:48:e1:a9:be:08:2d:85:42:59:d6:43:7d:47:
+         22:a5:fa:1f:a2:58:76:0b:70:1c:1d:59:1d:aa:be:5d:2d:25:
+         7c:b1:06:b6:c0:aa:28:aa:93:7c:d0:bd:43:ad:91:50:1c:7b:
+         4d:f3:e4:d7
 -----BEGIN CERTIFICATE-----
-MIIFHTCCBAWgAwIBAgIURUWBguY6vaLjBg66LEV0S77AOREwDQYJKoZIhvcNAQEL
-BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsMEFByb2dyYW1t
-aW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
-ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMDA2MTkxMzIzNDFaFw0yMzAzMTYxMzIz
-NDFaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFt
-bWluZy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
-CQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDDA9Er/jmkMkU7U8iEKyp8dJq9qipSB0fWpjayBzKO0Lppe8bDRJ7UgUj9
-LWiii2e7oXXINixK0hv3i7rPDfnv7PGBHnubA0eav2XMf2UkaaboFIlb5DT3xbAU
-k/Vnezp6eOEBVlaRphNCjdI8QJxM79GG3zdRGwyhO/Xxo0o15OHOlt8bfr9Ol9AQ
-6KgIMIGvIAtDFMV0Z7Qygm+NhsKIQJk2g7oeQHIiF9dSZSRzsM7vGc2u/3hse8AS
-A9ROcg1QbTujO6OZXp3I2QyFs9mK2VQm2236rLv/JUzE0Xn0cdOGQBgTsGO1ck4w
-xJeEhi1WL9cV93/ArvX8W+X7obrTAgMBAAGjggFPMIIBSzAdBgNVHQ4EFgQUM9hF
-Ztdohxh+VA1wJ5HHJteFZcAwgd4GA1UdIwSB1jCB04AUM9hFZtdohxh+VA1wJ5HH
-JteFZcChgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
-DgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxGTAXBgNVBAsM
-EFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIURUWBguY6vaLjBg66LEV0S77A
-OREwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEB
-AMEGOcjO9YFJVeE6VaqRXWTxS9wzHjEV5xBxFg21ANy7Ig2B2RJcDN1h4a+14vd9
-i+Zh/cpFOmHnGFYsJvLfFPHgPX9iEl/YBEQGDHKxilByZ3d0Af95ZBFus4RRGSK2
-QxAGDTlGWsZXCkOhlAIoChI4hQQOeFJIKH5s2fBLBFV8OQHBtF9QBs/abyC4lPdR
-GiPLMOMhtKNzrUj7lmnvLlC2Z7xk7id2Q3o0WY60V1N9lX5QfmRMKWj+gU9zISS1
-qaJJX1R/DcKWx/U2gY7AAK+0EGsOvBo68abd/Y5jITPUMjEfvqN8UoUmyG5QbKw9
-LsD5UO3ITc0TUM5e3hWJ0fs=
+MIIFBzCCA++gAwIBAgIJAPFcmUNmPZYEMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMjEwMjEwMTk0OTUyWhcNMjMxMTA3MTk0OTUyWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45
+pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs
+StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW
+kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF
+dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj
+mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/
+wK71/Fvl+6G60wIDAQABo4IBRDCCAUAwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR
+xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh
+MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
+ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu
+Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW
+EGluZm9Ad29sZnNzbC5jb22CCQDxXJlDZj2WBDAMBgNVHRMEBTADAQH/MBwGA1Ud
+EQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
+BgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAuitI0ajjwoRClqF85fFGukz3h1fH
+eMjBMsRp/4W7XWrdyYd+/rv0/RUKTJSVgDCQRQP4M4fKX3Q4pNBax2U4w7Doh7FJ
+Mrms6fvTCB2kUXvX2Ut5NaI6C+QMoAKcoWjhXWyOLjok3rvWHKesLs1XREj2cuDH
+W5PcfVtkDheEaCyVHSyG1rB0Z1Fue/TVYThRsxjjEBZzSzaKimIF9VaKviHheH2/
+rUX5C/WvoGIB/T9J3zk8/0boCv5ca7tBpWTxXJtRTLxtn6Mg7elI4am+CC2FQlnW
+Q31HIqX6H6JYdgtwHB1ZHaq+XS0lfLEGtsCqKKqTfNC9Q62RUBx7TfPk1w==
 -----END CERTIFICATE-----

certs/client-ecc-cert.pem

@@ -1,18 +1,17 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            61:b3:1e:59:f3:68:6c:a4:79:42:83:2f:1a:50:71:03:be:32:aa:2c
-        Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 16666221217456835267 (0xe74a4fe55697cac3)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:53 2021 GMT
+            Not After : Nov  7 19:49:53 2023 GMT
+        Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
-                pub:
+                pub: 
                     04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
                     f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
                     62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
@@ -26,7 +25,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
                 DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:61:B3:1E:59:F3:68:6C:A4:79:42:83:2F:1A:50:71:03:BE:32:AA:2C
+                serial:E7:4A:4F:E5:56:97:CA:C3
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -35,28 +34,27 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: ecdsa-with-SHA256
-         30:46:02:21:00:e4:a0:23:26:2b:0b:42:0f:97:37:6d:cb:14:
-         23:c3:c3:e6:44:cf:5f:4c:26:a3:72:64:7a:9c:cb:64:ab:a6:
-         be:02:21:00:aa:c5:a3:50:f6:f1:a5:db:05:e0:75:d2:f7:ba:
-         49:5f:8f:7d:1c:44:b1:6e:df:c8:da:10:48:2d:53:08:a8:b4
+         30:46:02:21:00:e3:bb:ca:0e:31:2d:39:1d:94:25:81:90:d5:
+         11:f9:09:6d:58:16:23:be:9f:a9:18:64:83:3c:25:03:58:58:
+         39:02:21:00:a4:aa:b3:f0:09:c9:0c:2f:f7:b1:d4:8e:9f:a6:
+         b6:ab:1a:c7:37:ed:70:4d:34:04:a0:9b:3d:84:86:10:a0:f0
 -----BEGIN CERTIFICATE-----
-MIIDXzCCAwSgAwIBAgIUYbMeWfNobKR5QoMvGlBxA74yqiwwCgYIKoZIzj0EAwIw
-gY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBVNhbGVt
-MRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0MRgwFgYDVQQDDA93
-d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
-HhcNMjAwNjE5MTMyMzQxWhcNMjMwMzE2MTMyMzQxWjCBjTELMAkGA1UEBhMCVVMx
-DzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVu
-dCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
-MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqG
-SM49AwEHA0IABFW/9A9EUJo9zpu38MVN9XB71OwkjhmA7FpMoiQDYiyb2u+iNRJD
-hHYWxlaVBswBqb32dRpC972psjYiX8ddf7SjggE+MIIBOjAdBgNVHQ4EFgQU69RL
-WWuVYT9RV7YETYlBiERcq/Iwgc0GA1UdIwSBxTCBwoAU69RLWWuVYT9RV7YETYlB
-iERcq/KhgZOkgZAwgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAM
-BgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYDVQQLDARGYXN0
-MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
-d29sZnNzbC5jb22CFGGzHlnzaGykeUKDLxpQcQO+MqosMAwGA1UdEwQFMAMBAf8w
-HAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUH
-AwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0kAMEYCIQDkoCMmKwtCD5c3bcsUI8PD
-5kTPX0wmo3JkepzLZKumvgIhAKrFo1D28aXbBeB10ve6SV+PfRxEsW7fyNoQSC1T
-CKi0
+MIIDSTCCAu6gAwIBAgIJAOdKT+VWl8rDMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG
+EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK
+Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIxMDIxMDE5
+NDk1M1oXDTIzMTEwNzE5NDk1M1owgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP
+cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD
+VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
+CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV
+v/QPRFCaPc6bt/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam9
+9nUaQve9qbI2Il/HXX+0o4IBMzCCAS8wHQYDVR0OBBYEFOvUS1lrlWE/UVe2BE2J
+QYhEXKvyMIHCBgNVHSMEgbowgbeAFOvUS1lrlWE/UVe2BE2JQYhEXKvyoYGTpIGQ
+MIGNMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxl
+bTETMBEGA1UECgwKQ2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwP
+d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
+ggkA50pP5VaXysMwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNv
+bYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCgYIKoZIzj0E
+AwIDSQAwRgIhAOO7yg4xLTkdlCWBkNUR+QltWBYjvp+pGGSDPCUDWFg5AiEApKqz
+8AnJDC/3sdSOn6a2qxrHN+1wTTQEoJs9hIYQoPA=
 -----END CERTIFICATE-----

certs/client-relative-uri.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            31:a3:17:40:4e:fb:ba:fe:19:56:3a:3d:f3:f1:e4:0d:d9:9b:66:7e
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = RELATIVE_URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 10273515510344552519 (0x8e92dbecdc8d9047)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=RELATIVE_URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = RELATIVE_URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:52 2021 GMT
+            Not After : Nov  7 19:49:52 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=RELATIVE_URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,54 +37,54 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=RELATIVE_URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:31:A3:17:40:4E:FB:BA:FE:19:56:3A:3D:F3:F1:E4:0D:D9:9B:66:7E
+                serial:8E:92:DB:EC:DC:8D:90:47
 
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Alternative Name: 
                 URI:../relative/page.html
     Signature Algorithm: sha256WithRSAEncryption
-         43:41:a6:92:63:52:da:bc:83:90:02:b4:a0:9b:be:4c:1e:bf:
-         b5:33:67:81:6d:4c:69:6b:d2:d0:50:50:69:85:56:ab:67:0d:
-         3e:5e:21:9a:f5:ff:f6:5c:e1:7d:c5:e8:63:c1:11:e5:d0:31:
-         44:4d:d1:bd:14:e9:2d:a8:3d:b5:db:50:88:ef:9f:2a:25:94:
-         df:41:b3:b6:84:93:36:13:cd:17:46:18:c7:44:01:d7:20:42:
-         66:0e:42:e1:91:7c:61:f6:3a:e1:c5:69:cc:da:3b:51:58:2a:
-         8c:3d:d4:66:d2:eb:77:b1:4b:ae:24:d5:99:c3:5f:49:92:9f:
-         86:11:5a:c6:b6:81:2d:b7:31:b4:65:55:69:2c:cf:b2:b8:57:
-         6b:46:9f:fe:f7:d8:06:b6:b3:8e:1c:24:dc:f8:e3:e8:69:39:
-         e1:c9:97:06:5f:92:27:fa:ac:d6:ae:d3:a0:08:e5:76:ff:5a:
-         e0:4c:be:40:c8:5b:d8:65:c4:43:06:a1:3f:71:b0:ee:f2:0d:
-         85:cb:0f:f6:10:93:62:64:26:09:ad:a8:ff:3d:39:61:4c:0b:
-         2e:6f:cf:c8:00:59:8e:13:17:3a:f1:ff:30:21:71:ac:7a:ee:
-         52:e8:0e:82:1f:75:41:ed:36:4e:1e:5b:4a:95:ce:38:4b:7f:
-         20:ca:d7:86
+         b4:68:57:4f:dd:9b:14:4e:61:2e:7d:96:88:cc:bb:b9:9d:46:
+         70:48:ee:f3:ce:6e:cd:0a:06:5d:95:80:28:f5:e7:9c:50:8f:
+         a9:3a:6b:32:b1:33:92:87:13:6f:f6:ce:82:ef:5f:e7:a5:97:
+         23:1f:12:ff:a9:f3:33:54:4a:c9:92:68:47:12:51:89:84:48:
+         45:60:2e:9e:45:ca:3d:05:91:0f:dc:ef:0f:0e:3c:cb:95:f0:
+         68:f0:db:66:c6:06:35:88:8e:cd:18:94:2e:2c:7f:e8:b8:17:
+         fa:e8:31:2c:84:5a:f2:2d:92:47:e3:fa:8a:d2:5e:9a:16:ba:
+         fd:5f:75:cd:17:12:bd:e8:5f:61:93:ea:09:8b:da:ef:a1:9e:
+         4c:03:da:55:75:4e:b3:88:bb:a2:3a:5c:0b:90:41:60:63:84:
+         40:cf:c4:dd:87:6f:77:29:7b:00:c7:56:41:ce:04:5d:46:4e:
+         c1:6c:b0:75:dc:f2:b1:fd:35:68:79:b5:7e:9f:5d:00:b0:be:
+         b6:b6:19:71:44:bb:d3:41:1f:54:16:90:fb:32:41:0a:44:35:
+         59:0c:cc:a3:40:ff:02:fb:a1:e4:97:08:3a:e2:93:ed:6d:cf:
+         c8:a0:42:61:19:72:ee:e6:e4:30:af:5d:3b:76:e1:5c:7f:ca:
+         06:d5:20:0d
 -----BEGIN CERTIFICATE-----
-MIIE8zCCA9ugAwIBAgIUMaMXQE77uv4ZVjo98/HkDdmbZn4wDQYJKoZIhvcNAQEL
-BQAwgZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDFJFTEFUSVZF
-X1VSSTEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBp
-bmZvQHdvbGZzc2wuY29tMB4XDTIwMDYxOTEzMjM0MVoXDTIzMDMxNjEzMjM0MVow
-gZoxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl
-bWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxFTATBgNVBAsMDFJFTEFUSVZFX1VS
-STEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
-QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPR
-K/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1
-yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjh
-AVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryAL
-QxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07
-ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/X
-Ffd/wK71/Fvl+6G60wIDAQABo4IBLTCCASkwHQYDVR0OBBYEFDPYRWbXaIcYflQN
-cCeRxybXhWXAMIHaBgNVHSMEgdIwgc+AFDPYRWbXaIcYflQNcCeRxybXhWXAoYGg
-pIGdMIGaMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
-Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElW
-RV9VUkkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQ
-aW5mb0B3b2xmc3NsLmNvbYIUMaMXQE77uv4ZVjo98/HkDdmbZn4wCQYDVR0TBAIw
-ADAgBgNVHREEGTAXhhUuLi9yZWxhdGl2ZS9wYWdlLmh0bWwwDQYJKoZIhvcNAQEL
-BQADggEBAENBppJjUtq8g5ACtKCbvkwev7UzZ4FtTGlr0tBQUGmFVqtnDT5eIZr1
-//Zc4X3F6GPBEeXQMURN0b0U6S2oPbXbUIjvnyollN9Bs7aEkzYTzRdGGMdEAdcg
-QmYOQuGRfGH2OuHFaczaO1FYKow91GbS63exS64k1ZnDX0mSn4YRWsa2gS23MbRl
-VWksz7K4V2tGn/732Aa2s44cJNz44+hpOeHJlwZfkif6rNau06AI5Xb/WuBMvkDI
-W9hlxEMGoT9xsO7yDYXLD/YQk2JkJgmtqP89OWFMCy5vz8gAWY4TFzrx/zAhcax6
-7lLoDoIfdUHtNk4eW0qVzjhLfyDK14Y=
+MIIE3TCCA8WgAwIBAgIJAI6S2+zcjZBHMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElWRV9VUkkxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbTAeFw0yMTAyMTAxOTQ5NTJaFw0yMzExMDcxOTQ5NTJaMIGaMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UE
+CgwMd29sZlNTTF8yMDQ4MRUwEwYDVQQLDAxSRUxBVElWRV9VUkkxGDAWBgNVBAMM
+D3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr
+Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N
++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA
+nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G
+wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz
+2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh
+utMCAwEAAaOCASIwggEeMB0GA1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCB
+zwYDVR0jBIHHMIHEgBQz2EVm12iHGH5UDXAnkccm14VlwKGBoKSBnTCBmjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMjA0ODEVMBMGA1UECwwMUkVMQVRJVkVfVVJJMRgwFgYD
+VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
+bC5jb22CCQCOktvs3I2QRzAJBgNVHRMEAjAAMCAGA1UdEQQZMBeGFS4uL3JlbGF0
+aXZlL3BhZ2UuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAtGhXT92bFE5hLn2WiMy7
+uZ1GcEju885uzQoGXZWAKPXnnFCPqTprMrEzkocTb/bOgu9f56WXIx8S/6nzM1RK
+yZJoRxJRiYRIRWAunkXKPQWRD9zvDw48y5XwaPDbZsYGNYiOzRiULix/6LgX+ugx
+LIRa8i2SR+P6itJemha6/V91zRcSvehfYZPqCYva76GeTAPaVXVOs4i7ojpcC5BB
+YGOEQM/E3Ydvdyl7AMdWQc4EXUZOwWywddzysf01aHm1fp9dALC+trYZcUS700Ef
+VBaQ+zJBCkQ1WQzMo0D/Avuh5JcIOuKT7W3PyKBCYRly7ubkMK9dO3bhXH/KBtUg
+DQ==
 -----END CERTIFICATE-----

certs/client-uri-cert.pem

@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            23:a1:03:97:86:ca:57:02:1c:21:00:25:07:d8:b9:89:1c:1e:df:f2
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Serial Number: 14951923003315625164 (0xcf7fe6c0b99e9ccc)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jun 19 13:23:41 2020 GMT
-            Not After : Mar 16 13:23:41 2023 GMT
-        Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = URI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Feb 10 19:49:52 2021 GMT
+            Not After : Nov  7 19:49:52 2023 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=URI, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
                     00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
                     2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
@@ -38,53 +37,53 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
                 DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=URI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:23:A1:03:97:86:CA:57:02:1C:21:00:25:07:D8:B9:89:1C:1E:DF:F2
+                serial:CF:7F:E6:C0:B9:9E:9C:CC
 
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Alternative Name: 
                 URI:https://www.wolfssl.com
     Signature Algorithm: sha256WithRSAEncryption
-         08:27:81:4b:56:bb:e4:06:57:3c:b6:83:e4:34:8a:65:33:76:
-         a7:55:c7:e9:eb:e4:7d:12:b7:24:b0:88:ad:fb:28:7d:36:0f:
-         2d:5c:09:98:62:4d:fe:73:25:ff:f2:79:e4:2c:85:38:44:44:
-         2a:9f:6d:35:ff:95:d5:b2:48:4f:40:6b:d7:a6:fd:a1:f4:e8:
-         46:69:68:a9:c1:97:68:a1:fb:ab:b8:f2:c0:58:71:6a:4e:f3:
-         ae:96:b5:9e:22:61:ca:d6:bc:3c:a9:bc:30:6c:1d:73:dc:e6:
-         a0:cd:a1:d5:e6:6f:9d:9c:56:a3:dd:56:27:cc:42:52:4a:6b:
-         48:b7:d2:b6:45:83:23:03:94:c2:1e:9d:d2:a4:86:9a:8f:2e:
-         65:49:a4:07:40:90:45:04:48:a0:f8:67:f0:5f:d8:02:34:1f:
-         4b:5f:b6:ab:80:a2:33:c6:0d:04:a7:ff:b4:45:ed:c2:07:00:
-         c4:58:2a:b9:cf:40:23:d2:b5:5d:e5:d7:00:1a:81:91:d8:ca:
-         da:fe:87:7c:91:77:72:2d:cc:ad:72:a4:5f:1b:19:62:57:f4:
-         47:c0:47:a8:7e:c4:ed:6f:52:c1:ff:7f:22:fa:ca:2d:d8:1d:
-         73:b3:3b:09:aa:08:b6:67:e9:fd:73:92:73:e4:0f:dd:40:25:
-         5a:1a:61:43
+         4b:f2:ec:8e:47:35:a9:fc:3c:36:98:48:b4:64:6c:3e:65:bd:
+         c9:d4:a7:38:3f:33:e2:60:ee:7f:aa:16:70:3f:c8:28:02:3e:
+         5c:d2:fe:a1:a7:d2:fb:e8:f6:6d:9f:c4:a4:b1:81:f4:6e:80:
+         3d:bc:27:f6:6e:d8:93:85:5e:cc:dd:5d:87:16:b3:75:85:72:
+         76:dd:9a:32:93:df:01:fa:4d:d2:d3:a4:27:fc:e3:bd:7a:f1:
+         9d:3d:08:2e:e7:1f:e3:b8:96:9e:11:0d:88:3b:ba:1f:b5:d8:
+         c7:67:9e:74:56:27:5b:55:88:5b:79:dc:2c:56:64:a0:71:72:
+         1a:06:d8:d4:0f:41:bf:9d:f3:3e:59:9e:b1:e5:41:6d:4a:a0:
+         44:e2:7a:d2:0b:3f:3a:45:14:ff:d5:42:8f:aa:8b:7d:ff:38:
+         e7:a9:c2:92:b0:4e:dc:c6:13:35:8c:25:ef:49:c1:06:c2:3b:
+         21:91:de:0f:14:0c:79:7d:3c:d6:14:57:ce:eb:9b:49:3f:c5:
+         ff:5c:5a:a8:81:cf:ba:0f:51:ec:01:82:56:0a:de:98:41:6f:
+         ec:43:47:6d:45:a4:92:67:f2:08:c0:65:d3:8c:47:9c:73:0e:
+         de:27:b7:44:33:44:eb:51:d5:ad:80:00:e1:f2:e3:ef:04:8c:
+         05:94:af:f6
 -----BEGIN CERTIFICATE-----
-MIIE2jCCA8KgAwIBAgIUI6EDl4bKVwIcIQAlB9i5iRwe3/IwDQYJKoZIhvcNAQEL
-BQAwgZExCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
-b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIwNDgxDDAKBgNVBAsMA1VSSTEYMBYG
-A1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz
-c2wuY29tMB4XDTIwMDYxOTEzMjM0MVoXDTIzMDMxNjEzMjM0MVowgZExCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYD
-VQQKDAx3b2xmU1NMXzIwNDgxDDAKBgNVBAsMA1VSSTEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoq
-UgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57
-mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83
-URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6
-HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt
-+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQAB
-o4IBJjCCASIwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeRxybXhWXAMIHRBgNVHSME
-gckwgcaAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGXpIGUMIGRMQswCQYDVQQGEwJV
-UzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwM
-d29sZlNTTF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUI6EDl4bKVwIc
-IQAlB9i5iRwe3/IwCQYDVR0TBAIwADAiBgNVHREEGzAZhhdodHRwczovL3d3dy53
-b2xmc3NsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEACCeBS1a75AZXPLaD5DSKZTN2
-p1XH6evkfRK3JLCIrfsofTYPLVwJmGJN/nMl//J55CyFOEREKp9tNf+V1bJIT0Br
-16b9ofToRmloqcGXaKH7q7jywFhxak7zrpa1niJhyta8PKm8MGwdc9zmoM2h1eZv
-nZxWo91WJ8xCUkprSLfStkWDIwOUwh6d0qSGmo8uZUmkB0CQRQRIoPhn8F/YAjQf
-S1+2q4CiM8YNBKf/tEXtwgcAxFgquc9AI9K1XeXXABqBkdjK2v6HfJF3ci3MrXKk
-XxsZYlf0R8BHqH7E7W9Swf9/IvrKLdgdc7M7CaoItmfp/XOSc+QP3UAlWhphQw==
+MIIExDCCA6ygAwIBAgIJAM9/5sC5npzMMA0GCSqGSIb3DQEBCwUAMIGRMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53
+b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
+MTAyMTAxOTQ5NTJaFw0yMzExMDcxOTQ5NTJaMIGRMQswCQYDVQQGEwJVUzEQMA4G
+A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNT
+TF8yMDQ4MQwwCgYDVQQLDANVUkkxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEf
+MB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Q
+uml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRp
+pugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk
+4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOw
+zu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx
+04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOCARswggEXMB0G
+A1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCBxgYDVR0jBIG+MIG7gBQz2EVm
+12iHGH5UDXAnkccm14VlwKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xfMjA0
+ODEMMAoGA1UECwwDVVJJMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq
+hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDPf+bAuZ6czDAJBgNVHRMEAjAA
+MCIGA1UdEQQbMBmGF2h0dHBzOi8vd3d3LndvbGZzc2wuY29tMA0GCSqGSIb3DQEB
+CwUAA4IBAQBL8uyORzWp/Dw2mEi0ZGw+Zb3J1Kc4PzPiYO5/qhZwP8goAj5c0v6h
+p9L76PZtn8SksYH0boA9vCf2btiThV7M3V2HFrN1hXJ23Zoyk98B+k3S06Qn/OO9
+evGdPQgu5x/juJaeEQ2IO7oftdjHZ550VidbVYhbedwsVmSgcXIaBtjUD0G/nfM+
+WZ6x5UFtSqBE4nrSCz86RRT/1UKPqot9/zjnqcKSsE7cxhM1jCXvScEGwjshkd4P
+FAx5fTzWFFfO65tJP8X/XFqogc+6D1HsAYJWCt6YQW/sQ0dtRaSSZ/IIwGXTjEec
+cw7eJ7dEM0TrUdWtgADh8uPvBIwFlK/2
 -----END CERTIFICATE-----

certs/crl/caEcc384Crl.pem

@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBcTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBcjCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIwMDYxOTEzMjM0MloX
-DTIzMDMxNjEzMjM0MlqgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
-ElNSMAoGA1UdFAQDAgEKMAoGCCqGSM49BAMCA2gAMGUCMQCYv4i35bniugAZXLqH
-BICnycG4Dh+1lOT9XKADStPOwqwrY2C2HWq9mRbXQibBCaQCME3fI9B1B1BKBphF
-23RPNfyv/8J0Ipwvz3SlxnyIQ/XxgyruB4F3mZEYMwBpiiwbpg==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIxMDIxMDE5NDk1NVoX
+DTIzMTEwNzE5NDk1NVqgLzAtMB8GA1UdIwQYMBaAFKvgwyZMGNRyu9KEjJwKBZKA
+ElNSMAoGA1UdFAQDAgEKMAoGCCqGSM49BAMCA2kAMGYCMQDZ3syfCgdSX34hw/9W
+Vsh2Upsk5XetKwJ/t7YNniRF2xwPpWyNCB0Ib9ysoOKx+5wCMQDwHLLznMcFfY2p
+QkEWT1XRcJ3WANZmtx/m4XjvgIjw6dkPQBqdHy7MSjvVds1nQ80=
 -----END X509 CRL-----

certs/crl/caEccCrl.pem

@@ -1,10 +1,10 @@
 -----BEGIN X509 CRL-----
-MIIBUDCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+MIIBUTCB+AIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wx
 FDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIwMDYxOTEzMjM0MloX
-DTIzMDMxNjEzMjM0MlqgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
-86UhMAoGA1UdFAQDAgEJMAoGCCqGSM49BAMCA0cAMEQCIC7AFXZO+5wTzQPqLaVl
-IFqqhiMpTGhEHwSd+7+HuO1jAiA1lLz5UVpDUqXyoC22UgrrbjlClkNGiGPDoU/a
-bjjgKg==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIxMDIxMDE5NDk1NVoX
+DTIzMTEwNzE5NDk1NVqgLzAtMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD
+86UhMAoGA1UdFAQDAgEJMAoGCCqGSM49BAMCA0gAMEUCIGl4TP2PbJhqSSZN/0f6
+4RWJhFwI1flAnFJPVBLBj+e7AiEAiGRDT35HS237kRWw4qlvQM57Gbaflq/aZ8SM
+MIqTs0E=
 -----END X509 CRL-----

certs/crl/cliCrl.pem

@@ -1,42 +1,42 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jun 19 13:23:42 2020 GMT
-        Next Update: Mar 16 13:23:42 2023 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: Feb 10 19:49:55 2021 GMT
+        Next Update: Nov  7 19:49:55 2023 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 6
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jun 19 13:23:42 2020 GMT
+        Revocation Date: Feb 10 19:49:55 2021 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         b2:ef:5c:b7:4d:69:54:de:fc:c1:bf:2e:0e:59:e1:ac:e1:a2:
-         a7:64:bd:77:ac:83:9d:1e:b9:66:74:ee:d4:79:75:79:a6:5e:
-         d9:a5:80:8a:47:6d:bc:2e:c7:60:5a:f1:39:8c:ff:63:f8:c8:
-         b9:dd:8e:44:93:44:24:1c:82:fd:1b:47:da:a0:d4:85:c9:5b:
-         46:5f:c9:47:93:fb:e1:9c:e0:16:4a:cd:90:bd:06:72:db:d7:
-         2f:ef:10:88:ce:b2:38:65:97:03:02:c7:b2:33:ac:d3:46:97:
-         62:b2:03:07:8f:72:43:ba:7c:f6:bb:79:77:d1:00:3b:82:ee:
-         ea:0b:0d:a3:a1:b6:9c:3d:13:42:14:eb:a7:fb:3a:86:a3:4f:
-         cb:bd:82:f4:e3:60:ae:9c:3b:55:6e:6e:9d:20:f0:18:39:a6:
-         a9:73:ef:85:bd:06:cd:d5:c5:64:35:a8:2a:ca:d5:bb:17:0c:
-         c5:38:12:b6:97:85:00:ae:c6:1c:a0:94:65:e9:cb:72:e3:6b:
-         27:3d:c1:6a:78:dd:41:22:bc:74:cc:6c:e3:15:d5:04:b2:fb:
-         12:13:6b:65:90:23:16:42:83:d5:84:56:d7:0b:c4:b7:3b:0d:
-         ec:25:23:9e:a9:93:b8:16:e1:21:49:29:0e:78:56:29:16:24:
-         e6:c1:f0:d3
+         a3:e5:bd:db:95:29:72:ae:b1:e9:1a:69:1e:7b:9c:ec:8e:e7:
+         1d:54:1e:22:b7:11:44:0b:20:3e:e4:ed:59:38:a7:81:07:6f:
+         bf:4d:f3:e0:5b:5e:46:3d:4e:04:7e:de:50:90:28:38:43:7e:
+         2b:3b:20:6b:c9:ac:fc:7b:e6:48:67:03:6a:24:82:52:97:ce:
+         82:0e:42:b8:0c:60:ac:3d:a5:bc:2b:39:cf:40:b4:c1:39:a9:
+         e9:af:84:9c:c4:87:74:e5:dc:c3:28:6e:f2:93:48:8a:6d:e2:
+         59:ae:f8:ed:16:77:46:4d:61:2a:7b:ec:bf:ae:8b:76:6e:3d:
+         13:b5:7e:68:af:41:7e:ee:ec:4f:ab:19:45:e3:72:94:1c:db:
+         5e:97:1a:24:4e:42:94:e4:b7:dc:5e:ba:6c:b0:1f:36:e7:63:
+         d3:4f:5d:53:4a:48:8c:91:8e:bb:51:c0:28:ed:0b:5c:a9:f7:
+         d7:ab:39:21:57:22:42:83:08:34:86:38:ca:3a:96:fc:6a:f0:
+         86:5e:0b:64:84:30:28:49:fe:62:43:1b:a5:f3:f4:e7:b6:30:
+         f4:ae:68:5a:82:9a:e1:00:2d:74:0e:60:b4:40:fe:f3:fe:b6:
+         f8:c9:21:79:7d:f1:ee:78:e4:8c:2d:96:69:13:c3:a8:53:d5:
+         af:5c:e9:0c
 -----BEGIN X509 CRL-----
 MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMDA2
-MTkxMzIzNDJaFw0yMzAzMTYxMzIzNDJaMBQwEgIBAhcNMjAwNjE5MTMyMzQyWqAO
-MAwwCgYDVR0UBAMCAQYwDQYJKoZIhvcNAQELBQADggEBALLvXLdNaVTe/MG/Lg5Z
-4azhoqdkvXesg50euWZ07tR5dXmmXtmlgIpHbbwux2Ba8TmM/2P4yLndjkSTRCQc
-gv0bR9qg1IXJW0ZfyUeT++Gc4BZKzZC9BnLb1y/vEIjOsjhllwMCx7IzrNNGl2Ky
-AwePckO6fPa7eXfRADuC7uoLDaOhtpw9E0IU66f7OoajT8u9gvTjYK6cO1Vubp0g
-8Bg5pqlz74W9Bs3VxWQ1qCrK1bsXDMU4EraXhQCuxhyglGXpy3Ljayc9wWp43UEi
-vHTMbOMV1QSy+xITa2WQIxZCg9WEVtcLxLc7DewlI56pk7gW4SFJKQ54VikWJObB
-8NM=
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMTAy
+MTAxOTQ5NTVaFw0yMzExMDcxOTQ5NTVaMBQwEgIBAhcNMjEwMjEwMTk0OTU1WqAO
+MAwwCgYDVR0UBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKPlvduVKXKusekaaR57
+nOyO5x1UHiK3EUQLID7k7Vk4p4EHb79N8+BbXkY9TgR+3lCQKDhDfis7IGvJrPx7
+5khnA2okglKXzoIOQrgMYKw9pbwrOc9AtME5qemvhJzEh3Tl3MMobvKTSIpt4lmu
++O0Wd0ZNYSp77L+ui3ZuPRO1fmivQX7u7E+rGUXjcpQc216XGiROQpTkt9xeumyw
+HzbnY9NPXVNKSIyRjrtRwCjtC1yp99erOSFXIkKDCDSGOMo6lvxq8IZeC2SEMChJ
+/mJDG6Xz9Oe2MPSuaFqCmuEALXQOYLRA/vP+tvjJIXl98e545IwtlmkTw6hT1a9c
+6Qw=
 -----END X509 CRL-----

certs/crl/crl.pem

@@ -1,41 +1,41 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jun 19 13:23:42 2020 GMT
-        Next Update: Mar 16 13:23:42 2023 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: Feb 10 19:49:55 2021 GMT
+        Next Update: Nov  7 19:49:55 2023 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jun 19 13:23:42 2020 GMT
+        Revocation Date: Feb 10 19:49:55 2021 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         79:05:2c:9d:74:45:10:4d:f9:77:49:7e:d3:d3:97:69:b8:72:
-         56:de:cd:81:a8:f3:5d:db:f7:eb:1f:02:a9:f0:25:02:43:7f:
-         b0:2c:df:c5:24:57:03:48:93:c3:f4:16:37:dd:e3:32:6a:61:
-         92:37:64:95:59:72:d8:1a:36:fa:d5:88:da:47:ac:c1:9a:93:
-         bd:6e:68:4d:85:5c:24:63:fa:4a:d3:89:72:28:e4:b6:98:e6:
-         47:26:82:82:cb:28:47:5d:b4:b4:50:48:ef:a8:50:80:e8:0b:
-         ca:d0:e4:af:e5:1e:a7:49:34:d8:10:76:6b:7e:14:a3:63:9a:
-         d2:54:a8:ff:5b:26:02:30:23:cf:db:e8:f3:f2:5f:68:90:bf:
-         aa:a8:0a:f9:a6:bc:9c:ec:b1:26:9b:fc:fd:7a:d6:af:6d:fc:
-         e2:2b:d8:62:c4:50:f0:8b:27:e9:9e:e0:44:4b:a2:32:21:06:
-         b6:89:b8:d3:2f:04:7d:c9:95:d7:a1:d1:b7:bb:9b:75:16:a7:
-         70:15:b1:2e:14:99:53:9c:cb:50:c8:00:5c:36:af:41:bf:a5:
-         f2:3b:67:9c:50:5b:ad:2c:50:cb:a3:c4:1f:09:c1:8d:b5:64:
-         8f:85:32:2e:04:8e:42:59:32:ec:3d:24:ec:7b:a4:01:59:bc:
-         55:c3:1f:b9
+         64:70:f6:a5:21:76:7d:3b:38:fd:42:a2:91:be:6a:54:05:7a:
+         a5:ce:4d:4c:57:db:d9:7b:5e:3c:86:8f:e8:d7:02:d7:7e:87:
+         9b:f2:0f:35:f3:62:c4:2a:5e:5e:f5:26:40:b1:d4:9a:8d:dc:
+         65:35:76:7e:e7:68:5a:57:66:48:d6:0b:bf:ac:d1:d3:5e:50:
+         40:14:ae:3f:3b:e7:5a:c2:c4:c2:41:ba:77:1d:b2:46:29:f8:
+         42:44:5c:3d:2a:92:87:18:fd:9d:54:11:5d:7b:82:0a:f0:46:
+         d0:c1:56:72:53:9d:85:ac:21:95:ff:65:8e:41:49:d3:be:c4:
+         b8:d0:f3:61:fb:eb:0a:a6:d9:f3:09:13:a9:74:01:2b:6c:8a:
+         08:59:ce:37:52:c4:0e:74:d0:52:56:9d:e1:22:42:13:1e:31:
+         cf:25:be:3e:df:c0:52:26:bf:f9:5b:c9:88:3f:29:4f:2f:80:
+         f9:90:97:cc:29:c8:28:4d:06:e9:d9:8e:a9:6c:1f:92:89:36:
+         67:c2:03:dc:02:99:4e:40:28:be:79:ef:ed:75:86:75:a2:06:
+         47:cd:a6:93:b0:8c:74:3c:97:3a:d2:b8:e2:b5:fb:b4:76:eb:
+         87:9f:97:f3:35:78:ee:d0:49:84:38:f1:2b:5c:5e:12:a1:c6:
+         69:7a:ff:85
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIwMDYxOTEzMjM0MloX
-DTIzMDMxNjEzMjM0MlowFDASAgECFw0yMDA2MTkxMzIzNDJaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAeQUsnXRFEE35d0l+09OXabhyVt7Ngajz
-Xdv36x8CqfAlAkN/sCzfxSRXA0iTw/QWN93jMmphkjdklVly2Bo2+tWI2keswZqT
-vW5oTYVcJGP6StOJcijktpjmRyaCgssoR120tFBI76hQgOgLytDkr+Uep0k02BB2
-a34Uo2Oa0lSo/1smAjAjz9vo8/JfaJC/qqgK+aa8nOyxJpv8/XrWr2384ivYYsRQ
-8Isn6Z7gREuiMiEGtom40y8EfcmV16HRt7ubdRancBWxLhSZU5zLUMgAXDavQb+l
-8jtnnFBbrSxQy6PEHwnBjbVkj4UyLgSOQlky7D0k7HukAVm8VcMfuQ==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIxMDIxMDE5NDk1NVoX
+DTIzMTEwNzE5NDk1NVowFDASAgECFw0yMTAyMTAxOTQ5NTVaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAZHD2pSF2fTs4/UKikb5qVAV6pc5NTFfb
+2XtePIaP6NcC136Hm/IPNfNixCpeXvUmQLHUmo3cZTV2fudoWldmSNYLv6zR015Q
+QBSuPzvnWsLEwkG6dx2yRin4QkRcPSqShxj9nVQRXXuCCvBG0MFWclOdhawhlf9l
+jkFJ077EuNDzYfvrCqbZ8wkTqXQBK2yKCFnON1LEDnTQUlad4SJCEx4xzyW+Pt/A
+Uia/+VvJiD8pTy+A+ZCXzCnIKE0G6dmOqWwfkok2Z8ID3AKZTkAovnnv7XWGdaIG
+R82mk7CMdDyXOtK44rX7tHbrh5+X8zV47tBJhDjxK1xeEqHGaXr/hQ==
 -----END X509 CRL-----

certs/crl/crl.revoked

@@ -1,44 +1,44 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jun 19 13:23:42 2020 GMT
-        Next Update: Mar 16 13:23:42 2023 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: Feb 10 19:49:55 2021 GMT
+        Next Update: Nov  7 19:49:55 2023 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 3
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: Jun 19 13:23:42 2020 GMT
+        Revocation Date: Feb 10 19:49:55 2021 GMT
     Serial Number: 02
-        Revocation Date: Jun 19 13:23:42 2020 GMT
+        Revocation Date: Feb 10 19:49:55 2021 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         30:44:69:cd:7f:61:ac:6a:a0:fe:28:46:97:1c:0a:3c:c2:f9:
-         ad:77:d4:37:18:d7:49:d0:1f:56:d8:44:2c:4f:e2:a9:3d:2a:
-         b5:31:82:5d:38:bd:3a:1f:ab:9e:a0:3c:c4:61:27:46:6b:ee:
-         ff:87:72:02:a5:a2:e8:e4:87:c6:37:0c:2c:58:92:4f:28:9d:
-         4a:9a:59:f0:b9:c7:b1:2d:1e:a3:f4:51:ad:cd:92:1f:f9:96:
-         aa:75:3c:1d:af:2a:34:b0:f3:b3:b8:63:f2:50:14:95:0e:f4:
-         89:19:c3:b3:2b:f1:26:11:23:eb:a6:94:a5:67:10:54:3d:e6:
-         aa:57:9a:82:9c:21:0b:f7:4a:24:f6:b9:8b:33:1d:30:fd:cc:
-         4c:be:61:22:76:32:f6:dc:0a:8f:bf:4b:3e:db:39:84:79:30:
-         a1:54:3a:5e:a7:b9:c4:39:0a:dc:29:ed:90:8b:a2:46:4f:1b:
-         54:1c:03:c4:a9:00:ca:f8:d0:dd:4c:5c:36:18:d9:2e:b0:1c:
-         ed:e7:3a:88:7a:9e:6b:81:7c:4f:95:bf:24:2a:1b:30:40:0f:
-         e9:44:d8:21:8b:65:24:f4:b7:9c:61:f6:f1:17:f7:79:6d:03:
-         24:4f:c0:c5:db:09:85:91:8f:38:a0:20:af:66:56:3a:05:6f:
-         57:51:1e:2c
+         8e:c0:a9:05:07:8f:c0:f0:e8:54:63:86:8b:0b:65:80:fc:d5:
+         b8:97:48:2f:c3:43:02:df:63:65:53:bb:cf:4c:d6:90:28:3c:
+         15:be:48:b4:1a:39:5e:0f:73:a6:f0:39:b5:ca:82:99:98:d8:
+         8f:94:d9:3a:9a:ed:54:50:8c:20:8d:90:ce:02:f8:f6:2d:5d:
+         d2:48:99:4d:15:8f:c5:61:95:35:31:83:80:9a:4a:19:01:5e:
+         d2:fd:9c:2e:ee:b6:d8:c0:fa:38:7d:cc:6c:ce:c5:62:dc:95:
+         70:79:3e:09:89:14:11:f9:8a:06:b1:1a:ab:52:25:a9:e6:01:
+         96:9d:ea:b8:aa:81:14:6c:d0:75:a2:03:41:e0:24:06:44:b5:
+         ff:95:50:7f:e4:50:78:03:24:f1:2c:4f:f9:ae:72:b4:3b:a2:
+         1b:cb:ab:cd:86:2f:9a:3f:81:4e:c3:a9:34:2f:e0:55:66:90:
+         55:d1:ee:37:d6:25:a0:b2:ae:d6:6b:2a:1b:21:aa:d8:2b:36:
+         c1:30:05:88:dd:a9:58:09:65:eb:29:0a:e8:c3:b7:dc:39:51:
+         2f:34:6d:3a:07:99:cd:b0:80:4e:82:1e:c2:8e:f4:64:15:54:
+         a1:25:95:95:65:ba:46:a5:6d:ac:f6:57:f9:ae:26:5e:80:51:
+         c2:79:21:d7
 -----BEGIN X509 CRL-----
 MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMDA2MTkxMzIzNDJa
-Fw0yMzAzMTYxMzIzNDJaMCgwEgIBARcNMjAwNjE5MTMyMzQyWjASAgECFw0yMDA2
-MTkxMzIzNDJaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAMERp
-zX9hrGqg/ihGlxwKPML5rXfUNxjXSdAfVthELE/iqT0qtTGCXTi9Oh+rnqA8xGEn
-Rmvu/4dyAqWi6OSHxjcMLFiSTyidSppZ8LnHsS0eo/RRrc2SH/mWqnU8Ha8qNLDz
-s7hj8lAUlQ70iRnDsyvxJhEj66aUpWcQVD3mqleagpwhC/dKJPa5izMdMP3MTL5h
-InYy9twKj79LPts5hHkwoVQ6Xqe5xDkK3CntkIuiRk8bVBwDxKkAyvjQ3UxcNhjZ
-LrAc7ec6iHqea4F8T5W/JCobMEAP6UTYIYtlJPS3nGH28Rf3eW0DJE/AxdsJhZGP
-OKAgr2ZWOgVvV1EeLA==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMTAyMTAxOTQ5NTVa
+Fw0yMzExMDcxOTQ5NTVaMCgwEgIBARcNMjEwMjEwMTk0OTU1WjASAgECFw0yMTAy
+MTAxOTQ5NTVaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG9w0BAQsFAAOCAQEAjsCp
+BQePwPDoVGOGiwtlgPzVuJdIL8NDAt9jZVO7z0zWkCg8Fb5ItBo5Xg9zpvA5tcqC
+mZjYj5TZOprtVFCMII2QzgL49i1d0kiZTRWPxWGVNTGDgJpKGQFe0v2cLu622MD6
+OH3MbM7FYtyVcHk+CYkUEfmKBrEaq1IlqeYBlp3quKqBFGzQdaIDQeAkBkS1/5VQ
+f+RQeAMk8SxP+a5ytDuiG8urzYYvmj+BTsOpNC/gVWaQVdHuN9YloLKu1msqGyGq
+2Cs2wTAFiN2pWAll6ykK6MO33DlRLzRtOgeZzbCAToIewo70ZBVUoSWVlWW6RqVt
+rPZX+a4mXoBRwnkh1w==
 -----END X509 CRL-----

certs/crl/crl2.pem

@@ -1,80 +1,80 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jun 19 13:23:42 2020 GMT
-        Next Update: Mar 16 13:23:42 2023 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: Feb 10 19:49:55 2021 GMT
+        Next Update: Nov  7 19:49:55 2023 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jun 19 13:23:42 2020 GMT
+        Revocation Date: Feb 10 19:49:55 2021 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         79:05:2c:9d:74:45:10:4d:f9:77:49:7e:d3:d3:97:69:b8:72:
-         56:de:cd:81:a8:f3:5d:db:f7:eb:1f:02:a9:f0:25:02:43:7f:
-         b0:2c:df:c5:24:57:03:48:93:c3:f4:16:37:dd:e3:32:6a:61:
-         92:37:64:95:59:72:d8:1a:36:fa:d5:88:da:47:ac:c1:9a:93:
-         bd:6e:68:4d:85:5c:24:63:fa:4a:d3:89:72:28:e4:b6:98:e6:
-         47:26:82:82:cb:28:47:5d:b4:b4:50:48:ef:a8:50:80:e8:0b:
-         ca:d0:e4:af:e5:1e:a7:49:34:d8:10:76:6b:7e:14:a3:63:9a:
-         d2:54:a8:ff:5b:26:02:30:23:cf:db:e8:f3:f2:5f:68:90:bf:
-         aa:a8:0a:f9:a6:bc:9c:ec:b1:26:9b:fc:fd:7a:d6:af:6d:fc:
-         e2:2b:d8:62:c4:50:f0:8b:27:e9:9e:e0:44:4b:a2:32:21:06:
-         b6:89:b8:d3:2f:04:7d:c9:95:d7:a1:d1:b7:bb:9b:75:16:a7:
-         70:15:b1:2e:14:99:53:9c:cb:50:c8:00:5c:36:af:41:bf:a5:
-         f2:3b:67:9c:50:5b:ad:2c:50:cb:a3:c4:1f:09:c1:8d:b5:64:
-         8f:85:32:2e:04:8e:42:59:32:ec:3d:24:ec:7b:a4:01:59:bc:
-         55:c3:1f:b9
+         64:70:f6:a5:21:76:7d:3b:38:fd:42:a2:91:be:6a:54:05:7a:
+         a5:ce:4d:4c:57:db:d9:7b:5e:3c:86:8f:e8:d7:02:d7:7e:87:
+         9b:f2:0f:35:f3:62:c4:2a:5e:5e:f5:26:40:b1:d4:9a:8d:dc:
+         65:35:76:7e:e7:68:5a:57:66:48:d6:0b:bf:ac:d1:d3:5e:50:
+         40:14:ae:3f:3b:e7:5a:c2:c4:c2:41:ba:77:1d:b2:46:29:f8:
+         42:44:5c:3d:2a:92:87:18:fd:9d:54:11:5d:7b:82:0a:f0:46:
+         d0:c1:56:72:53:9d:85:ac:21:95:ff:65:8e:41:49:d3:be:c4:
+         b8:d0:f3:61:fb:eb:0a:a6:d9:f3:09:13:a9:74:01:2b:6c:8a:
+         08:59:ce:37:52:c4:0e:74:d0:52:56:9d:e1:22:42:13:1e:31:
+         cf:25:be:3e:df:c0:52:26:bf:f9:5b:c9:88:3f:29:4f:2f:80:
+         f9:90:97:cc:29:c8:28:4d:06:e9:d9:8e:a9:6c:1f:92:89:36:
+         67:c2:03:dc:02:99:4e:40:28:be:79:ef:ed:75:86:75:a2:06:
+         47:cd:a6:93:b0:8c:74:3c:97:3a:d2:b8:e2:b5:fb:b4:76:eb:
+         87:9f:97:f3:35:78:ee:d0:49:84:38:f1:2b:5c:5e:12:a1:c6:
+         69:7a:ff:85
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIwMDYxOTEzMjM0MloX
-DTIzMDMxNjEzMjM0MlowFDASAgECFw0yMDA2MTkxMzIzNDJaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAeQUsnXRFEE35d0l+09OXabhyVt7Ngajz
-Xdv36x8CqfAlAkN/sCzfxSRXA0iTw/QWN93jMmphkjdklVly2Bo2+tWI2keswZqT
-vW5oTYVcJGP6StOJcijktpjmRyaCgssoR120tFBI76hQgOgLytDkr+Uep0k02BB2
-a34Uo2Oa0lSo/1smAjAjz9vo8/JfaJC/qqgK+aa8nOyxJpv8/XrWr2384ivYYsRQ
-8Isn6Z7gREuiMiEGtom40y8EfcmV16HRt7ubdRancBWxLhSZU5zLUMgAXDavQb+l
-8jtnnFBbrSxQy6PEHwnBjbVkj4UyLgSOQlky7D0k7HukAVm8VcMfuQ==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTIxMDIxMDE5NDk1NVoX
+DTIzMTEwNzE5NDk1NVowFDASAgECFw0yMTAyMTAxOTQ5NTVaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAZHD2pSF2fTs4/UKikb5qVAV6pc5NTFfb
+2XtePIaP6NcC136Hm/IPNfNixCpeXvUmQLHUmo3cZTV2fudoWldmSNYLv6zR015Q
+QBSuPzvnWsLEwkG6dx2yRin4QkRcPSqShxj9nVQRXXuCCvBG0MFWclOdhawhlf9l
+jkFJ077EuNDzYfvrCqbZ8wkTqXQBK2yKCFnON1LEDnTQUlad4SJCEx4xzyW+Pt/A
+Uia/+VvJiD8pTy+A+ZCXzCnIKE0G6dmOqWwfkok2Z8ID3AKZTkAovnnv7XWGdaIG
+R82mk7CMdDyXOtK44rX7tHbrh5+X8zV47tBJhDjxK1xeEqHGaXr/hQ==
 -----END X509 CRL-----
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jun 19 13:23:42 2020 GMT
-        Next Update: Mar 16 13:23:42 2023 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: Feb 10 19:49:55 2021 GMT
+        Next Update: Nov  7 19:49:55 2023 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
     Signature Algorithm: sha256WithRSAEncryption
-         41:8a:3f:6d:b2:f9:50:c3:cb:d6:18:09:f6:ed:c5:96:8b:3a:
-         5f:7c:52:e7:74:7e:64:ec:3e:b8:34:c2:46:72:76:4a:24:c3:
-         72:06:26:a7:49:1c:12:6a:99:db:d2:ad:55:a8:40:ef:33:f2:
-         4c:fc:af:d8:46:1c:18:82:39:7c:0b:fb:b3:66:a1:64:eb:47:
-         59:e7:3a:e1:5e:e6:e4:e9:18:69:96:90:64:85:74:97:33:ff:
-         91:38:78:e4:fa:fd:50:56:dc:0a:3b:68:b4:dc:6c:8c:65:04:
-         d8:e5:cf:f7:71:a9:d6:cb:18:c8:91:cb:6f:3d:ec:45:18:7b:
-         50:10:45:3b:00:91:88:e5:b6:1c:6f:26:ce:f6:3b:66:45:f7:
-         72:25:59:62:ec:15:29:26:25:f8:f0:0d:30:49:a3:0e:71:9e:
-         af:2d:30:62:2a:a5:8e:c3:ce:c0:cc:cb:5b:33:70:71:0d:0c:
-         85:37:6d:fd:50:65:8f:3a:07:21:a6:98:f8:cc:18:df:2b:48:
-         71:cb:25:62:e4:ab:20:b2:64:6d:68:e8:7c:8a:40:f4:0c:a9:
-         36:b7:a9:45:66:37:b1:10:6a:c7:c1:aa:87:8d:f9:0f:e9:39:
-         80:ef:9c:11:87:58:35:99:4d:af:92:3f:81:d7:33:78:1d:9b:
-         93:c8:eb:11
+         06:4d:a9:9b:4a:4c:b9:57:02:ff:06:89:d7:1b:39:3a:0a:64:
+         53:e1:15:93:77:f0:9c:69:f9:66:6d:76:67:2b:12:da:c6:9a:
+         9c:53:c1:3c:e5:17:d3:97:9f:bd:c7:d4:a3:6b:0d:e3:4b:f5:
+         ae:f2:63:58:70:28:e0:ab:09:5f:d1:b1:95:b3:4f:6a:7c:b7:
+         2c:a8:07:ef:d4:39:47:be:6d:31:a0:8f:f3:e9:0e:8a:3a:5f:
+         da:cd:7e:60:1e:cb:53:d9:18:31:7c:dc:d1:2f:ec:26:c8:f5:
+         e0:31:eb:f0:83:71:08:e7:05:bd:79:61:cb:7b:17:70:70:1a:
+         fa:f8:0b:a4:d0:b3:d5:53:ce:b7:88:7f:4d:96:0a:96:0d:28:
+         a3:4e:2c:8b:bb:d6:27:a0:12:b3:cd:78:79:8f:61:29:8a:e6:
+         d0:c6:a5:10:1e:f5:f8:a2:c2:cb:cd:a0:b5:6f:44:62:25:e8:
+         47:63:9f:5c:c3:d9:88:70:e8:a8:12:f5:7e:ba:99:ef:3c:73:
+         02:46:72:60:ea:80:d4:f0:98:2f:47:3f:e5:04:82:51:79:ae:
+         09:2c:60:2c:1d:8d:00:8b:60:27:e1:58:46:ac:48:4c:c6:bc:
+         26:43:72:08:4d:1d:c2:c9:e6:21:e6:0d:e9:19:ac:cb:65:f2:
+         96:9e:ff:d5
 -----BEGIN X509 CRL-----
 MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
 MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMDA2
-MTkxMzIzNDJaFw0yMzAzMTYxMzIzNDJaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
-9w0BAQsFAAOCAQEAQYo/bbL5UMPL1hgJ9u3Flos6X3xS53R+ZOw+uDTCRnJ2SiTD
-cgYmp0kcEmqZ29KtVahA7zPyTPyv2EYcGII5fAv7s2ahZOtHWec64V7m5OkYaZaQ
-ZIV0lzP/kTh45Pr9UFbcCjtotNxsjGUE2OXP93Gp1ssYyJHLbz3sRRh7UBBFOwCR
-iOW2HG8mzvY7ZkX3ciVZYuwVKSYl+PANMEmjDnGery0wYiqljsPOwMzLWzNwcQ0M
-hTdt/VBljzoHIaaY+MwY3ytIccslYuSrILJkbWjofIpA9AypNrepRWY3sRBqx8Gq
-h435D+k5gO+cEYdYNZlNr5I/gdczeB2bk8jrEQ==
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMTAy
+MTAxOTQ5NTVaFw0yMzExMDcxOTQ5NTVaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEABk2pm0pMuVcC/waJ1xs5OgpkU+EVk3fwnGn5Zm12ZysS2saa
+nFPBPOUX05efvcfUo2sN40v1rvJjWHAo4KsJX9GxlbNPany3LKgH79Q5R75tMaCP
+8+kOijpf2s1+YB7LU9kYMXzc0S/sJsj14DHr8INxCOcFvXlhy3sXcHAa+vgLpNCz
+1VPOt4h/TZYKlg0oo04si7vWJ6ASs814eY9hKYrm0MalEB71+KLCy82gtW9EYiXo
+R2OfXMPZiHDoqBL1frqZ7zxzAkZyYOqA1PCYL0c/5QSCUXmuCSxgLB2NAItgJ+FY
+RqxITMa8JkNyCE0dwsnmIeYN6Rmsy2Xylp7/1Q==
 -----END X509 CRL-----

certs/crl/eccCliCRL.pem

@@ -1,26 +1,26 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-        Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jun 19 13:23:42 2020 GMT
-        Next Update: Mar 16 13:23:42 2023 GMT
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: Feb 10 19:49:55 2021 GMT
+        Next Update: Nov  7 19:49:55 2023 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 7
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jun 19 13:23:42 2020 GMT
+        Revocation Date: Feb 10 19:49:55 2021 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:1f:f9:3b:df:b9:ad:68:58:fb:48:d7:57:16:06:
-         6b:13:6f:81:53:a8:bc:ed:2b:ee:8f:0e:1f:a6:25:bd:c5:1d:
-         02:20:0b:49:18:aa:20:34:4b:45:b4:da:f8:34:d7:3d:86:d7:
-         00:1f:fa:93:49:f4:00:d4:5b:de:27:ea:c9:9d:7d:b2
+         30:45:02:20:65:84:ba:e0:1c:9d:4b:be:e8:90:61:64:b6:0e:
+         c6:75:77:9e:dd:ed:08:59:93:7e:86:a9:02:98:b4:01:57:4c:
+         02:21:00:84:76:4a:98:1b:ae:ff:2e:6c:a5:65:3d:25:8f:5c:
+         20:6a:6c:bb:52:02:11:1f:f6:2f:d4:c9:aa:d6:2f:ab:65
 -----BEGIN X509 CRL-----
-MIIBOzCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
+MIIBPDCB4wIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
 Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
 BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
-DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjAwNjE5MTMyMzQyWhcNMjMwMzE2MTMy
-MzQyWjAUMBICAQIXDTIwMDYxOTEzMjM0MlqgDjAMMAoGA1UdFAQDAgEHMAoGCCqG
-SM49BAMCA0cAMEQCIB/5O9+5rWhY+0jXVxYGaxNvgVOovO0r7o8OH6YlvcUdAiAL
-SRiqIDRLRbTa+DTXPYbXAB/6k0n0ANRb3ifqyZ19sg==
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMjEwMjEwMTk0OTU1WhcNMjMxMTA3MTk0
+OTU1WjAUMBICAQIXDTIxMDIxMDE5NDk1NVqgDjAMMAoGA1UdFAQDAgEHMAoGCCqG
+SM49BAMCA0gAMEUCIGWEuuAcnUu+6JBhZLYOxnV3nt3tCFmTfoapApi0AVdMAiEA
+hHZKmBuu/y5spWU9JY9cIGpsu1ICER/2L9TJqtYvq2U=
 -----END X509 CRL-----

certs/crl/eccSrvCRL.pem

@@ -1,26 +1,26 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-        Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
-        Last Update: Jun 19 13:23:42 2020 GMT
-        Next Update: Mar 16 13:23:42 2023 GMT
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: Feb 10 19:49:55 2021 GMT
+        Next Update: Nov  7 19:49:55 2023 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 8
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jun 19 13:23:42 2020 GMT
+        Revocation Date: Feb 10 19:49:55 2021 GMT
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:62:31:0a:f2:44:8f:53:6a:c9:c4:ee:81:b4:2b:
-         ef:a0:6d:ca:b1:81:ff:59:f8:b8:d2:de:2b:85:39:56:05:5c:
-         02:20:3b:b2:62:0b:50:8a:3b:40:49:9d:07:ed:3f:b3:69:38:
-         66:92:f6:1c:59:07:fe:d3:33:3e:bc:d2:f7:20:36:8c
+         30:44:02:20:54:0d:dc:8e:be:14:0c:d9:ce:6e:46:67:b9:5e:
+         86:9a:e7:b4:1f:b2:e1:8a:66:90:0f:48:50:ae:49:0c:32:21:
+         02:20:5a:ef:02:db:83:cf:9e:df:d4:d7:9d:60:a5:7a:56:7d:
+         b3:c8:8c:5d:01:33:0f:bd:5e:d0:da:8a:59:e6:e0:42
 -----BEGIN X509 CRL-----
 MIIBPTCB5QIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
 Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
 DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
-hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMDA2MTkxMzIzNDJaFw0yMzAzMTYx
-MzIzNDJaMBQwEgIBAhcNMjAwNjE5MTMyMzQyWqAOMAwwCgYDVR0UBAMCAQgwCgYI
-KoZIzj0EAwIDRwAwRAIgYjEK8kSPU2rJxO6BtCvvoG3KsYH/Wfi40t4rhTlWBVwC
-IDuyYgtQijtASZ0H7T+zaThmkvYcWQf+0zM+vNL3IDaM
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yMTAyMTAxOTQ5NTVaFw0yMzExMDcx
+OTQ5NTVaMBQwEgIBAhcNMjEwMjEwMTk0OTU1WqAOMAwwCgYDVR0UBAMCAQgwCgYI
+KoZIzj0EAwIDRwAwRAIgVA3cjr4UDNnObkZnuV6Gmue0H7LhimaQD0hQrkkMMiEC
+IFrvAtuDz57f1NedYKV6Vn2zyIxdATMPvV7Q2opZ5uBC
 -----END X509 CRL-----

certs/csr.dsa.pem

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICSjCCAgcCAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAbcwggEsBgcqhkjO
+OAQBMIIBHwKBgQDN3iVogFMN5XfW0pA5P5CiPzOUbuhPK2OrMKsVuhHqil2NzLjU
+odXBR51ac2piSdEGB2f2L6M5vU4NtNMiI4TskyZaSe58iUhmTejo2FD7pXGfIhjl
+5gtGh2buUo9GT7UDzu3jvuW1gdJZ6cCtTdBNJve6UOjJj/4kGT0up1I8bQIVAPtH
+++yBIMgc6Uq6BG8Zm5TugmfTAoGBAJuVu4XFWEoynKpEhdZo3D4U9M5to0k46tZh
+SJJaQJVJOKrhOSloWEeKSwHhLo5sY29AylA/jAuZ5HJCuLHCJkjxnIPGNy5arhEJ
+2fOtH2+trVDjeDLm3o6qv9EAn7MCEhmiFewUGFwOJs75rsx7tdEm/IX+FJO2nX12
+4zWXHt7EA4GEAAKBgHFJ1dk2HPSn5Nh8tybEFs1iP/NE9Pa+2Qmea/Z/uRToZ2Uv
+dM1qRagMyJfEco8fLcL1mkFH+U+HYt5Y7/rK5bD1zCYklqvMgckgHv4tRO9FKhpo
+3EDe9oMz3325wzakq69O5ZfvCD4PDA3crrZaGc0ahXF7nYnNErdyhYrNkPgJoAAw
+CwYJYIZIAWUDBAMCAzAAMC0CFQCLSYH6QBDBF2c0ii0bvXXzM5qJIwIUUlCx5kp7
+/DnfWP/hdw9xNrbD4jc=
+-----END CERTIFICATE REQUEST-----