Check-in FIPS 140-3 PILOT changes

Merge pull request #4551 from ejohnstown/aes-ofb
Add AES-OFB to FIPS boundary
2023-08-28 15:43:24 -07:00 · 2021-11-15 22:56:43 -06:00 · 2021-11-15 22:51:23 -06:00 · 2021-11-16 09:57:02 +09:00 · 2021-11-16 09:56:56 +09:00 · 2021-11-16 08:56:47 +10:00
512 changed files with 268679 additions and 69379 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,7 @@ rpm/spec
 stamp-h
 cyassl/options.h
 wolfssl/options.h
+.build_params
 libtool.m4
 aclocal.m4
 aminclude.am
@@ -240,6 +241,7 @@ linuxkm/modules.order
 linuxkm/wolfcrypt
 linuxkm/libwolfssl.mod
 linuxkm/libwolfssl.mod.c
+linuxkm/libwolfssl.lds
 linuxkm/module_exports.c
 linuxkm/linuxkm/get_thread_size

@@ -327,6 +329,10 @@ IDE/HEXIWEAR/wolfSSL_HW/Debug
 # Linux-SGX
 IDE/LINUX-SGX/*.a

+IDE/iotsafe/*.map
+IDE/iotsafe/*.elf
+IDE/iotsafe/*.bin
+
 # Binaries
 wolfcrypt/src/port/intel/qat_test
 /mplabx/wolfssl.X/dist/default/
@@ -369,3 +375,7 @@ IDE/XCODE/Index
 CMakeFiles/
 CMakeCache.txt
 cmake_install.cmake
+
+# GDB Settings
+\.gdbinit
+
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -28,7 +28,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
     You must delete them, or cmake will refuse to work.")
 endif()

-project(wolfssl VERSION 4.8.0 LANGUAGES C)
+project(wolfssl VERSION 5.0.1 LANGUAGES C)

 # shared library versioning
 # increment if interfaces have been added, removed or changed
@@ -271,6 +271,19 @@ else()
    list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_HARDEN")
 endif()

+set(WOLFSSL_OPENSSLEXTRA_HELP_STRING "Enable extra OpenSSL API, size+ (default: disabled)")
+add_option(WOLFSSL_OPENSSLEXTRA ${WOLFSSL_OPENSSLEXTRA_HELP_STRING} "no" "yes;no")
+
+if (WOLFSSL_OPENSSLEXTRA AND NOT WOLFSSL_OPENSSLCOEXIST)
+    list(APPEND WOLFSSL_DEFINITIONS
+      "-DOPENSSL_EXTRA"
+      "-DWOLFSSL_ALWAYS_VERIFY_CB"
+      "-DWOLFSSL_VERIFY_CB_ALL_CERTS"
+      "-DWOLFSSL_EXTRA_ALERTS"
+      "-DHAVE_EXT_CACHE"
+      "-DWOLFSSL_FORCE_CACHE_ON_TICKET")
+endif()
+
 # TODO: - IPv6 test apps

 set(WOLFSSL_SLOW_MATH "yes")
@@ -1015,8 +1028,6 @@ endif()
 #       - CRL
 #       - CRL monitor
 #       - User crypto
-#       - NTRU
-#       - QSH
 #       - Whitewood netRandom client library
 #       - SNI
 #       - Max fragment length
@@ -1027,6 +1038,31 @@ endif()
 #       - Secure renegotiation
 #       - Fallback SCSV

+set(WOLFSSL_SNI_HELP_STRING "Enable SNI (default: disabled)")
+add_option(WOLFSSL_SNI ${WOLFSSL_SNI_HELP_STRING} "no" "yes;no")
+
+if (WOLFSSL_SNI)
+   list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_TLS_EXTENSIONS" "-DHAVE_SNI")
+endif()
+
+
+set(WOLFSSL_TLSX_HELP_STRING "Enable all TLS Extensions (default: disabled)")
+add_option(WOLFSSL_TLSX ${WOLFSSL_TLSX_HELP_STRING} "no" "yes;no")
+
+if (WOLFSSL_TLSX)
+  list(APPEND WOLFSSL_DEFINITIONS
+    "-DHAVE_TLS_EXTENSIONS"
+    "-DHAVE_SNI"
+    "-DHAVE_MAX_FRAGMENT"
+    "-DHAVE_TRUNCATED_HMAC"
+    "-DHAVE_ALPN"
+    "-DHAVE_TRUSTED_CA")
+    if (WOLFSSL_ECC OR WOLFSSL_CURVE25519 OR WOLFSSL_CURVE448 OR WOLFSSL_TLS13)
+       list(APPEND WOLFSSL_DEFINITIONS  "-DHAVE_SUPPORTED_CURVES")
+    endif()
+endif()
+
+
 # Supported elliptic curves extensions
 set(WOLFSSL_SUPPORTED_CURVES_HELP_STRING "Enable Supported Elliptic Curves (default: enabled)")
 add_option("WOLFSSL_SUPPORTED_CURVES" ${WOLFSSL_SUPPORTED_CURVES_HELP_STRING} "yes" "yes;no")
@@ -1236,9 +1272,12 @@ else()
    set(CRYPT_TESTS_DEFAULT "yes")
 endif()

-set(WOLFSSL_CRYPT_TESTS_HELP_STRING "Enable Crypt Bench/Test  (default: enabled)")
+set(WOLFSSL_CRYPT_TESTS_HELP_STRING "Enable Crypt Bench/Test (default: enabled)")
 add_option("WOLFSSL_CRYPT_TESTS" ${WOLFSSL_CRYPT_TESTS_HELP_STRING} ${CRYPT_TESTS_DEFAULT} "yes;no")

+set(WOLFSSL_CRYPT_TESTS_LIBS_HELP_STRING "Build static libraries from the wolfCrypt test and benchmark sources (default: disabled)")
+add_option("WOLFSSL_CRYPT_TESTS_LIBS" ${WOLFSSL_CRYPT_TESTS_LIBS_HELP_STRING} "no" "yes;no")
+
 # TODO: - LIBZ
 #       - PKCS#11
 #       - PKCS#12
@@ -1369,35 +1408,12 @@ file(APPEND ${OPTION_FILE} "#ifdef __cplusplus\n")
 file(APPEND ${OPTION_FILE} "extern \"C\" {\n")
 file(APPEND ${OPTION_FILE} "#endif\n\n")

-list(REMOVE_DUPLICATES WOLFSSL_DEFINITIONS)
-
-foreach(DEF IN LISTS WOLFSSL_DEFINITIONS)
-    if(DEF MATCHES "^-D")
-        if(DEF MATCHES "^-D(N)?DEBUG(=.+)?")
-            message("not outputting (N)DEBUG to ${OPTION_FILE}")
-        endif()
-
-        # allow user to ignore system options
-        if(DEF MATCHES "^-D_.*")
-            file(APPEND ${OPTION_FILE} "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS\n")
-        endif()
-
-        string(REGEX REPLACE "^-D" "" DEF_NO_PREFIX ${DEF})
-        string(REGEX REPLACE "=.*$" "" DEF_NO_EQUAL_NO_VAL ${DEF_NO_PREFIX})
-        string(REPLACE "=" " " DEF_NO_EQUAL ${DEF_NO_PREFIX})
-
-        file(APPEND ${OPTION_FILE} "#undef  ${DEF_NO_EQUAL_NO_VAL}\n")
-        file(APPEND ${OPTION_FILE} "#define ${DEF_NO_EQUAL}\n")
-
-        if(DEF MATCHES "^-D_.*")
-            file(APPEND ${OPTION_FILE} "#endif\n")
-        endif()
-
-        file(APPEND ${OPTION_FILE} "\n")
-    else()
-        message("option w/o begin -D is ${DEF}, not saving to ${OPTION_FILE}")
-    endif()
-endforeach()
+add_to_options_file("${WOLFSSL_DEFINITIONS}" "${OPTION_FILE}")
+# CMAKE_C_FLAGS is just a string of space-separated flags to pass to the C
+# compiler. We need to replace those spaces with semicolons in order to treat it
+# as a CMake list.
+string(REPLACE " " ";" CMAKE_C_FLAGS_LIST "${CMAKE_C_FLAGS}")
+add_to_options_file("${CMAKE_C_FLAGS_LIST}" "${OPTION_FILE}")

 file(APPEND ${OPTION_FILE} "\n#ifdef __cplusplus\n")
 file(APPEND ${OPTION_FILE} "}\n")
@@ -1432,6 +1448,9 @@ set_target_properties(wolfssl
        VERSION ${LIBTOOL_FULL_VERSION}
 )

+target_compile_options(wolfssl PRIVATE "-DBUILDING_WOLFSSL")
+
+
 ####################################################
 # Include Directories
 ####################################################
@@ -1535,7 +1554,27 @@ if(WOLFSSL_EXAMPLES)
 endif()

 if(WOLFSSL_CRYPT_TESTS)
-    # Build wolfCrypt test
+    if(WOLFSSL_CRYPT_TESTS_LIBS)
+        # Build wolfCrypt test as a library. This will compile test.c and make
+        # its functions available as a CMake target that other CMake targets can
+        # pull in, in addition to producing the library itself. Note that this
+        # feature is not enabled by default, and the API of this library and
+        # wofcryptbench_lib should NOT be treated as stable.
+        add_library(wolfcrypttest_lib
+            ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
+        set_target_properties(wolfcrypttest_lib PROPERTIES OUTPUT_NAME "wolfcrypttest")
+        target_link_libraries(wolfcrypttest_lib wolfssl)
+        target_compile_options(wolfcrypttest_lib PRIVATE "-DNO_MAIN_DRIVER")
+
+        # Make another library for the wolfCrypt benchmark code.
+        add_library(wolfcryptbench_lib
+            ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c)
+        set_target_properties(wolfcryptbench_lib PROPERTIES OUTPUT_NAME "wolfcryptbench")
+        target_link_libraries(wolfcryptbench_lib wolfssl)
+        target_compile_options(wolfcryptbench_lib PRIVATE "-DNO_MAIN_DRIVER")
+    endif()
+
+    # Build wolfCrypt test executable.
    add_executable(wolfcrypttest
        ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
    target_link_libraries(wolfcrypttest wolfssl)
@@ -1546,7 +1585,7 @@ if(WOLFSSL_CRYPT_TESTS)
                 PROPERTY RUNTIME_OUTPUT_NAME
                 testwolfcrypt)

-    # Build wolfCrypt benchmark
+    # Build wolfCrypt benchmark executable.
    add_executable(wolfcryptbench
        ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c)
    target_include_directories(wolfcryptbench PRIVATE
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,8 +1,252 @@
+# wolfSSL Release 5.0.0 (Nov 01, 2021)
+Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### Vulnerabilities
+* [\Low\] Hang with DSA signature creation when a specific q value is used in a maliciously crafted key. If a DSA key with an invalid q value of either 1 or 0 was decoded and used for creating a signature, it would result in a hang in wolfSSL. Users that are creating signatures with DSA and are using keys supplied from an outside source are affected.
+* [\Low\] Issue with incorrectly validating a certificate that has multiple subject alternative names when given a name constraint. In the case where more than one subject alternative name is used in the certificate, previous versions of wolfSSL could incorrectly validate the certificate. Users verifying certificates with multiple alternative names and name constraints, are recommended to either use the certificate verify callback to check for this case or update the version of wolfSSL used. Thanks to Luiz Angelo Daros de Luca for the report.
+
+### New Feature Additions
+###### New Product
+* FIPS 140-3 -- currently undergoing laboratory testing, code review and ultimately CMVP validation. Targeting the latest FIPS standard.
+
+###### Ports
+* IoT-Safe with TLS demo
+* SE050 port with support for RNG, SHA, AES, ECC (sign/verify/shared secret) and ED25519
+* Support for Renesas TSIP v1.13 on RX72N
+
+###### Post Quantum
+* Support for OQS's (liboqs version 0.7.0) implementation of NIST Round 3 KEMs as TLS 1.3 groups --with-liboqs
+* Hybridizing NIST ECC groups with the OQS groups
+* Remove legacy NTRU and QSH
+* Make quantum-safe groups available to the compatibility layer
+
+###### Linux Kernel Module
+* Full support for FIPS 140-3, with in-kernel power on self test (POST) and conditional algorithm self test(s) (CAST)
+* --enable-linuxkm-pie -- position-independent in-kernel wolfCrypt container, for FIPS
+* Vectorized x86 acceleration in PK algs (RSA, ECC, DH, DSA) and AES/AES-GCM
+* Vectorized x86 acceleration in interrupt handlers
+* Support for Linux-native module signatures
+* Complete SSL/TLS and Crypto API callable from other kernel module(s)
+* Support for LTS kernel lines: 3.16, 4.4, 4.9, 5.4, 5.10
+
+###### Compatibility Layer Additions
+* Ports
+    - Add support for libssh2
+    - Add support for pyOpenSSL
+    - Add support for libimobiledevice
+    - Add support for rsyslog
+    - Add support for OpenSSH 8.5p1
+    - Add support for Python 3.8.5
+* API/Structs Added
+    - ERR_lib_error_string
+    - EVP_blake2
+    - wolfSSL_set_client_CA_list
+    - wolfSSL_EVP_sha512_224
+    - wolfSSL_EVP_sha512_256
+    - wc_Sha512_224/2256Hash
+    - wc_Sha512_224/256Hash
+    - wc_InitSha512_224/256
+    - wc_InitSha512_224/256_ex
+    - wc_Sha512_224/256Update
+    - wc_Sha512_224/256FinalRaw
+    - wc_Sha512_224/256Final
+    - wc_Sha512_224/256Free
+    - wc_Sha512_224/256GetHash
+    - wc_Sha512_224/256Copy
+    - wc_Sha512_224/256SetFlags
+    - wc_Sha512_224/256GetFlags
+    - wc_Sha512_224/256Transform
+    - EVP_MD_do_all and OBJ_NAME_do_all
+    - EVP_shake128
+    - EVP_shake256
+    - SSL_CTX_set_num_tickets
+    - SSL_CTX_get_num_tickets
+    - SSL_CIPHER_get_auth_nid
+    - SSL_CIPHER_get_cipher_nid
+    - SSL_CIPHER_get_digest_nid
+    - SSL_CIPHER_get_kx_nid
+    - SSL_CIPHER_is_aead
+    - SSL_CTX_set_msg_callback
+    - a2i_IPADDRESS
+    - GENERAL_NAME_print
+    - X509_VERIFY_PARAM_set1_ip
+    - EVP_CIPHER_CTX_set_iv_length
+    - PEM_read_bio_RSA_PUBKEY
+    - i2t_ASN1_OBJECT
+    - DH_set_length
+    - Set_tlsext_max_fragment_length
+    - AUTHORITY_iNFO_ACCESS_free
+    - EVP_PBE_scrypt
+    - ASN1_R_HEADER_TOO_LONG
+    - ERR_LIB
+    - X509_get_default_cert_file/file_env/dir/dir_env() stubs
+    - SSL_get_read_ahead/SSL_set_read_ahead()
+    - SSL_SESSION_has_ticket()
+    - SSL_SESSION_get_ticket_lifetime_hint()
+    - DIST_POINT_new
+    - DIST_POINT_free 
+    - DIST_POINTS_free
+    - CRL_DIST_POINTS_free
+    - sk_DIST_POINT_push
+    - sk_DIST_POINT_value
+    - sk_DIST_POINT_num
+    - sk_DIST_POINT_pop_free
+    - sk_DIST_POINT_free
+    - X509_get_extension_flags
+    - X509_get_key_usage
+    - X509_get_extended_key_usage
+    - ASN1_TIME_to_tm
+    - ASN1_TIME_diff
+    - PEM_read_X509_REQ
+    - ERR_load_ERR_strings
+    - BIO_ssl_shutdown
+    - BIO_get_ssl
+    - BIO_new_ssl_connect
+    - BIO_set_conn_hostname
+    - NID_pkcs9_contentType
+
+###### Misc.
+* KCAPI: add support for using libkcapi for crypto (Linux Kernel)
+* Configure option for --with-max-rsa-bits= and --with-max-ecc-bits=
+* SP ARM Thumb support for Keil and performance improvements
+* Add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
+* PKCS #11: support static linking with PKCS #11 library --enable-pkcs11=static LIBS=-l
+* Add build option --enable-wolfclu for use with wolfCLU product
+* Add support for X9.42 header i.e “BEGIN X9.42 DH PARAMETERS”
+* Add --enable-altcertchains for configuring wolfSSL with alternate certificate chains feature enabled
+* Add public API wc_RsaKeyToPublicDer_ex to allow getting RSA public key without ASN.1 header (can return only seq + n + e)
+* Add SNI and TLSx options to CMake build
+
+### Fixes
+###### PORT Fixes
+* Add return value checking for FREESCALE_RNGA
+* Fix MMCAU_SHA256 type warnings
+* Fixes for building with Microchip XC32 and ATECC
+
+###### Math Library Fixes
+* TFM check that the modulus length is valid for fixed data array size
+* TFM fp_submod_ct fix check for greater
+* Check return value of mp_grow in mp_mod_2d
+* Fix for ECC point multiply to error out on large multipliers
+* SP ECC error on multiplier larger than curve order
+
+###### TLS 1.3
+* TLS1.3 sanity check for cases where a private key is larger than the configured maximum
+* Fix early data max size handling in TLS v1.3
+* Fixes for PK callbacks with TLS v1.3
+* Check min downgrade when no extensions are sent with the ServerHello
+
+###### Misc.
+* Previously wolfSSL enum values were used as NID’s. Now only the compatibility layer NID enums are the NID values:
+    - CTC_SHAwDSA -> NID_dsaWithSHA1
+    - CTC_SHA256wDSA -> NID_dsa_with_SHA256
+    - CTC_MD2wRSA -> NID_md2WithRSAEncryption
+    - CTC_MD5wRSA -> NID_md5WithRSAEncryption
+    - CTC_SHAwRSA -> NID_sha1WithRSAEncryption
+    - CTC_SHA224wRSA -> NID_sha224WithRSAEncryption
+    - CTC_SHA256wRSA -> NID_sha256WithRSAEncryption
+    - CTC_SHA384wRSA -> NID_sha384WithRSAEncryption
+    - CTC_SHA512wRSA -> NID_sha512WithRSAEncryption
+    - CTC_SHA3_224wRSA -> NID_RSA_SHA3_224
+    - CTC_SHA3_256wRSA -> NID_RSA_SHA3_256
+    - CTC_SHA3_384wRSA -> NID_RSA_SHA3_384
+    - CTC_SHA3_512wRSA -> NID_RSA_SHA3_512
+    - CTC_SHAwECDSA -> NID_ecdsa_with_SHA1
+    - CTC_SHA224wECDSA -> NID_ecdsa_with_SHA224
+    - CTC_SHA256wECDSA -> NID_ecdsa_with_SHA256
+    - CTC_SHA384wECDSA -> NID_ecdsa_with_SHA384
+    - CTC_SHA512wECDSA -> NID_ecdsa_with_SHA512
+    - CTC_SHA3_224wECDSA -> NID_ecdsa_with_SHA3_224
+    - CTC_SHA3_256wECDSA -> NID_ecdsa_with_SHA3_256
+    - CTC_SHA3_384wECDSA -> NID_ecdsa_with_SHA3_384
+    - CTC_SHA3_512wECDSA -> NID_ecdsa_with_SHA3_512
+    - DSAk -> NID_dsa
+    - RSAk -> NID_rsaEncryption
+    - ECDSAk -> NID_X9_62_id_ecPublicKey
+    - BASIC_CA_OID -> NID_basic_constraints
+    - ALT_NAMES_OID -> NID_subject_alt_name
+    - CRL_DIST_OID -> NID_crl_distribution_points
+    - AUTH_INFO_OID -> NID_info_access
+    - AUTH_KEY_OID -> NID_authority_key_identifier
+    - SUBJ_KEY_OID -> NID_subject_key_identifier
+    - INHIBIT_ANY_OID -> NID_inhibit_any_policy
+* Fix for DES IV size used with FIPSv2
+* Fix signed comparison issue with serialSz
+* Fix missing CBIOSend and properly guard hmac in DupSSL()
+* Fix calculation of length of encoding in ssl.c
+* Fix encoding to check proper length in asn.c
+* Fix for wc_ecc_ctx_free and heap hint
+* Fix for debug messages with AF_ALG build
+* Fix for static memory with bucket size matching.
+* Fixes for SRP with heap hint.
+* Fixes for CAAM build macros and spelling for Keil build
+* Sniffer fix for possible math issue around 64-bit pointer and 32-bit unsigned int
+* Fix for sniffer TCP sequence rollover
+* wolfSSL_PEM_write_bio_PUBKEY to write only the public part
+* Fix for sending only supported groups in TLS extension
+* Fix for sniffer to better handle spurious retransmission edge case
+* SSL_set_alpn_protos and SSL_CTX_set_alpn_protos now returns 0 on successFixes issue with SSL_CTX_set1_curves_list and SSL_set1_curves_list not checking the last character of the names variable provided, non-0 on failure to better match expected return values
+* Fixes and improvements for crypto callbacks with TLS (mutual auth)
+* Fix for bad memory_mutex lock on static memory cleanup
+* Zero terminate name constraints strings when parsing certificates
+* Fix for verifying a certificate when multiple permitted name constraints are used
+* Fix typo in ifdef for HAVE_ED448
+* Fix typos in comments in SHA512
+* Add sanity check on buffer size with ED25519 key decode
+* Sanity check on PKCS7 stream amount read
+* PKCS7 fix for double free on error case and sanity check on set serial number
+* Sanity check on PKCS7 input size wc_PKCS7_ParseSignerInfo
+* Forgive a DTLS session trying to send too much at once
+
+### Improvements/Optimizations
+###### Build Options and Warnings
+* Rework of RC4 disable by default and depreciation
+* wolfSSL as a Zephyr module (without setup.sh)
+* Add include config.h to bio.c
+* Support for PKCS7 without AES CBC.
+* Fixes for building without AES CBC
+* Added WOLFSSL_DH_EXTRA to --enable-all and --enable-sniffer
+* Add a CMake option to build wolfcrypt test and bench code as libraries
+* GCC makefile: allow overriding and provide more flexibility
+
+###### Math Libraries
+* Improve performance of fp_submod_ct() and fp_addmod_ct()
+* Improve performance of sp_submod_ct() and sp_addmod_ct()
+* SP int, handle even modulus with exponentiation
+
+###### Misc.
+* Cleanups for Arduino examples and memory documentation
+* Refactor hex char to byte conversions
+* Added GCC-ARM TLS server example
+* Improvements to session locking to allow per-row
+* Improved sniffer statistics and documentation
+* EVP key support for heap hint and crypto callbacks
+* Reduced stack size for dh_generation_test and Curve ASN functions
+* Espressif README Syntax / keyword highlighting / clarifications
+* AARCH64 SHA512: implementation using crypto instructions added
+* wc_RsaPSS_CheckPadding_ex2 added for use with HEAP hint
+* wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex bound checks on input and output sizes
+* Add additional error handling to wolfSSL_BIO_get_len
+* Add code to use popen and the command 'host', useful with qemu
+* Adjustment to subject alt names order with compatibility layer to better match expected order
+* Reduce BIO compatibility layer verbosity
+* Set a default upper bound on error queue size with compatibility layer
+* WOLFSSL_CRL_ALLOW_MISSING_CDP macro for Skip CRL verification in case no CDP in peer cert
+* Fixes for scan-build LLVM-13 and expanded coverage
+* Increase the default DTLS_MTU_ADDITIONAL_READ_BUFFER and make it adjustable
+
+# wolfSSL Release 4.8.1 (July 16, 2021)
+Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
+
+### Vulnerabilities
+* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report.
+
+
 # wolfSSL Release 4.8.0 (July 09, 2021)
 Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:

 ### Vulnerabilities
-* [Low] OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer, Roee, Barak, Hila and Shoshi (from Cymotive and CARIAD) for the report.
+* [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
 * [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. 

 ### New Feature Additions
@@ -72,7 +316,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Added wolfSSL_CTX_get_TicketEncCtx getter function to return the ticket encryption ctx value
 * Added wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex APIs to accept an Aes object to use for the AES operations
 * Added implementation of AES-GCM streaming (--enable-aesgcm-stream)
-* Added deterministic generation of k with ECC following RFC6979 when the macro WOLFSL_ECDSA_DETERMINISTIC_K is defined and wc_ecc_set_deterministic function is called
+* Added deterministic generation of k with ECC following RFC6979 when the macro WOLFSSL_ECDSA_DETERMINISTIC_K is defined and wc_ecc_set_deterministic function is called
 * Implemented wc_DsaParamsDecode and wc_DsaKeyToParamsDer
 * Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
 * Added crypto callback support for Ed/Curve25519 and SHA2-512/384
@@ -1868,9 +2112,9 @@ More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html

 - No filesystem build fixes for various configurations
 - Certificate generation now supports several extensions including KeyUsage,
-    SKID, AKID, and Ceritifcate Policies
+    SKID, AKID, and Certificate Policies
 - CRLs can be loaded from buffers as well as files now
- SHA-512 Ceritifcate Signing generation
+- SHA-512 Certificate Signing generation
 - Fixes for sniffer reassembly processing

 See INSTALL file for build instructions.
--- a/IDE/ARDUINO/README.md
+++ b/IDE/ARDUINO/README.md
@@ -17,8 +17,8 @@ Step 2: Copy the directory wolfSSL that was just created to:

 Step 3: Edit `<arduino-libraries>/wolfSSL/user_settings.h`
 If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
-Add any other custom settings, for a good start see the below in wolfssl root.
-(See wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h)
+Add any other custom settings, for a good start see the examples in wolfssl root
+"/examples/configs/user_settings_*.h"

 Step 4: If you experience any issues with custom user_settings.h see the wolfssl
 porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
--- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
@@ -24,8 +24,8 @@
 #include <wolfssl/ssl.h>
 #include <Ethernet.h>

-const char host[] = "192.168.1.148"; // server to connect to
-const int port = 11111; // port on server to connect to
+const char host[] = "192.168.1.148"; /* server to connect to */
+const int port = 11111; /* port on server to connect to */

 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
@@ -51,7 +51,7 @@ void setup() {
    Serial.println("unable to get ctx");
    return;
  }
-  // initialize wolfSSL using callback functions
+  /* initialize wolfSSL using callback functions */
  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
  wolfSSL_SetIOSend(ctx, EthernetSend);
  wolfSSL_SetIORecv(ctx, EthernetReceive);
@@ -119,7 +119,10 @@ void loop() {
      if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
        
        Serial.print("Server response: ");
-        while (client.available() || wolfSSL_pending(ssl)) {
+        /* wait for data */
+        while (!client.available()) {}
+        /* read data */
+        while (wolfSSL_pending(ssl)) {
          input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
          total_input += input;
          if (input < 0) {
--- a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
+++ b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
@@ -31,7 +31,7 @@
  #error Please undefine NO_WOLFSSL_SERVER for this example
 #endif

-const int port = 11111; // port to listen on
+const int port = 11111; /* port to listen on */

 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
@@ -59,12 +59,12 @@ void setup() {
    return;
  }

-  // initialize wolfSSL using callback functions
+  /* initialize wolfSSL using callback functions */
  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
  wolfSSL_SetIOSend(ctx, EthernetSend);
  wolfSSL_SetIORecv(ctx, EthernetReceive);

-  // setup the private key and certificate
+  /* setup the private key and certificate */
  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, 
    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
  if (err != WOLFSSL_SUCCESS) {
@@ -78,7 +78,7 @@ void setup() {
    return;
  }

-  // Start the server
+  /* Start the server */
  server.begin();
  
  return;
@@ -110,7 +110,7 @@ void loop() {
  int replySz = 0;
  const char* cipherName;

-  // Listen for incoming client requests.
+  /* Listen for incoming client requests. */
  client = server.available();
  if (!client) {
    return;
@@ -142,7 +142,10 @@ void loop() {
    Serial.println(cipherName);

    Serial.print("Server Read: ");
-    while (client.available() || wolfSSL_pending(ssl)) {
+    /* wait for data */
+    while (!client.available()) {}
+    /* read data */
+    while (wolfSSL_pending(ssl)) {
      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
      if (input < 0) {
        err = wolfSSL_get_error(ssl, 0);
@@ -159,7 +162,7 @@ void loop() {
      }
    }

-    // echo data
+    /* echo data */
    if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
      err = wolfSSL_get_error(ssl, 0);
      wolfSSL_ERR_error_string(err, errBuf);
--- a/IDE/ARDUINO/wolfssl-arduino.sh
+++ b/IDE/ARDUINO/wolfssl-arduino.sh
@@ -11,20 +11,29 @@ space(){
 }

 if [ "$DIR" = "ARDUINO" ]; then
-	rm -rf wolfSSL
-	mkdir wolfSSL
+	if [ ! -d "wolfSSL" ]; then
+	    mkdir wolfSSL
+    fi

    cp ../../src/*.c ./wolfSSL
    cp ../../wolfcrypt/src/*.c ./wolfSSL

-    mkdir wolfSSL/wolfssl
+    if [ ! -d "wolfSSL/wolfssl" ]; then
+	    mkdir wolfSSL/wolfssl
+    fi
    cp ../../wolfssl/*.h ./wolfSSL/wolfssl
-    mkdir wolfSSL/wolfssl/wolfcrypt
+    if [ ! -d "wolfSSL/wolfssl/wolfcrypt" ]; then
+        mkdir wolfSSL/wolfssl/wolfcrypt
+    fi
    cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt

    # support misc.c as include in wolfcrypt/src
-    mkdir ./wolfSSL/wolfcrypt
-    mkdir ./wolfSSL/wolfcrypt/src
+    if [ ! -d "./wolfSSL/wolfcrypt" ]; then
+        mkdir ./wolfSSL/wolfcrypt
+    fi
+    if [ ! -d "./wolfSSL/wolfcrypt/src" ]; then
+        mkdir ./wolfSSL/wolfcrypt/src
+    fi
    cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src
    cp ../../wolfcrypt/src/asm.c  ./wolfSSL/wolfcrypt/src

@@ -37,31 +46,36 @@ if [ "$DIR" = "ARDUINO" ]; then
    cp ./wolfSSL/wolfssl/bio.c ./wolfSSL/wolfcrypt/src/bio.c
    
    # copy openssl compatibility headers to their appropriate location
-    mkdir ./wolfSSL/wolfssl/openssl
+    if [ ! -d "./wolfSSL/wolfssl/openssl" ]; then
+        mkdir ./wolfSSL/wolfssl/openssl
+    fi
    cp ../../wolfssl/openssl/* ./wolfSSL/wolfssl/openssl

    echo "/* Generated wolfSSL header file for Arduino */" > ./wolfSSL/wolfssl.h
+    echo "#include <user_settings.h>" >> ./wolfSSL/wolfssl.h
    echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
    echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h

-    echo "/* Generated wolfSSL user_settings.h file for Arduino */" > ./wolfSSL/user_settings.h
-    echo "#ifndef ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
-    echo "#define ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
-    space wolfSSL/user_settings.h
-    echo "/* Platform */" >> ./wolfSSL/user_settings.h
-    echo "#define WOLFSSL_ARDUINO" >> ./wolfSSL/user_settings.h
-    space wolfSSL/user_settings.h
-    echo "/* Math library (remove this to use normal math)*/" >>  ./wolfSSL/user_settings.h
-    echo "#define USE_FAST_MATH" >> ./wolfSSL/user_settings.h
-    echo "#define TFM_NO_ASM" >> ./wolfSSL/user_settings.h
-    space wolfSSL/user_settings.h
-    echo "/* RNG DEFAULT !!FOR TESTING ONLY!! */" >>  ./wolfSSL/user_settings.h
-    echo "/* comment out the error below to get started w/ bad entropy source" >>  ./wolfSSL/user_settings.h
-    echo " * This will need fixed before distribution but is OK to test with */" >>  ./wolfSSL/user_settings.h
-    echo "#error \"needs solved, see: https://www.wolfssl.com/docs/porting-guide/\"" >>  ./wolfSSL/user_settings.h
-    echo "#define WOLFSSL_GENSEED_FORTEST" >> ./wolfSSL/user_settings.h
-    space wolfSSL/user_settings.h
-    echo "#endif /* ARDUINO_USER_SETTINGS_H */" >> ./wolfSSL/user_settings.h
+    if [ ! -f "./wolfSSL/user_settings.h" ]; then
+        echo "/* Generated wolfSSL user_settings.h file for Arduino */" > ./wolfSSL/user_settings.h
+        echo "#ifndef ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
+        echo "#define ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
+        space ./wolfSSL/user_settings.h
+        echo "/* Platform */" >> ./wolfSSL/user_settings.h
+        echo "#define WOLFSSL_ARDUINO" >> ./wolfSSL/user_settings.h
+        space ./wolfSSL/user_settings.h
+        echo "/* Math library (remove this to use normal math)*/" >>  ./wolfSSL/user_settings.h
+        echo "#define USE_FAST_MATH" >> ./wolfSSL/user_settings.h
+        echo "#define TFM_NO_ASM" >> ./wolfSSL/user_settings.h
+        space ./wolfSSL/user_settings.h
+        echo "/* RNG DEFAULT !!FOR TESTING ONLY!! */" >>  ./wolfSSL/user_settings.h
+        echo "/* comment out the error below to get started w/ bad entropy source" >>  ./wolfSSL/user_settings.h
+        echo " * This will need fixed before distribution but is OK to test with */" >>  ./wolfSSL/user_settings.h
+        echo "#error \"needs solved, see: https://www.wolfssl.com/docs/porting-guide/\"" >>  ./wolfSSL/user_settings.h
+        echo "#define WOLFSSL_GENSEED_FORTEST" >> ./wolfSSL/user_settings.h
+        space ./wolfSSL/user_settings.h
+        echo "#endif /* ARDUINO_USER_SETTINGS_H */" >> ./wolfSSL/user_settings.h
+    fi

    cp wolfSSL/wolfssl/wolfcrypt/settings.h wolfSSL/wolfssl/wolfcrypt/settings.h.bak
    echo " /* wolfSSL Generated ARDUINO settings */" > ./wolfSSL/wolfssl/wolfcrypt/settings.h
--- a/IDE/Android/Android.bp
+++ b/IDE/Android/Android.bp
@@ -0,0 +1,116 @@
+cc_library_shared {
+
+    name: "libwolfssl",
+
+    arch: {
+        arm: {
+            instruction_set: "arm",
+        },
+        arm64: {
+            cflags: ["-DARM64"],
+        },
+    },
+    compile_multilib: "both",
+    export_include_dirs: ["."],
+    shared_libs: ["liblog"],
+    cflags: [
+        "-DWOLFSSL_USER_SETTINGS",
+        "-Os",
+        "-fomit-frame-pointer",
+    ],
+    include_dirs: [
+        "external/wolfssl/wolfssl",
+        "external/wolfssl",
+    ],
+
+    srcs: [
+        "./src/crl.c",
+        "./src/internal.c",
+        "./src/keys.c",
+        "./src/ocsp.c",
+        "./src/sniffer.c",
+        "./src/ssl.c",
+        "./src/tls.c",
+        "./src/tls13.c",
+        "./src/wolfio.c",
+    ] + [
+        "./wolfcrypt/src/aes.c",
+        "./wolfcrypt/src/arc4.c",
+        "./wolfcrypt/src/asm.c",
+        "./wolfcrypt/src/asn.c",
+        "./wolfcrypt/src/blake2b.c",
+        "./wolfcrypt/src/blake2s.c",
+        "./wolfcrypt/src/camellia.c",
+        "./wolfcrypt/src/chacha.c",
+        "./wolfcrypt/src/chacha20_poly1305.c",
+        "./wolfcrypt/src/cmac.c",
+        "./wolfcrypt/src/coding.c",
+        "./wolfcrypt/src/compress.c",
+        "./wolfcrypt/src/cpuid.c",
+        "./wolfcrypt/src/cryptocb.c",
+        "./wolfcrypt/src/curve25519.c",
+        "./wolfcrypt/src/curve448.c",
+        "./wolfcrypt/src/des3.c",
+        "./wolfcrypt/src/dh.c",
+        "./wolfcrypt/src/dsa.c",
+        "./wolfcrypt/src/ecc.c",
+        "./wolfcrypt/src/ecc_fp.c",
+        "./wolfcrypt/src/ed25519.c",
+        "./wolfcrypt/src/ed448.c",
+        "./wolfcrypt/src/error.c",
+        "./wolfcrypt/src/fe_448.c",
+        "./wolfcrypt/src/fe_low_mem.c",
+        "./wolfcrypt/src/fe_operations.c",
+        "./wolfcrypt/src/fips.c",
+        "./wolfcrypt/src/fips_test.c",
+        "./wolfcrypt/src/ge_448.c",
+        "./wolfcrypt/src/ge_low_mem.c",
+        "./wolfcrypt/src/ge_operations.c",
+        "./wolfcrypt/src/hash.c",
+        "./wolfcrypt/src/kdf.c",
+        "./wolfcrypt/src/hc128.c",
+        "./wolfcrypt/src/hmac.c",
+        "./wolfcrypt/src/idea.c",
+        "./wolfcrypt/src/integer.c",
+        "./wolfcrypt/src/logging.c",
+        "./wolfcrypt/src/md2.c",
+        "./wolfcrypt/src/md4.c",
+        "./wolfcrypt/src/md5.c",
+        "./wolfcrypt/src/memory.c",
+        "./wolfcrypt/src/pkcs12.c",
+        "./wolfcrypt/src/pkcs7.c",
+        "./wolfcrypt/src/poly1305.c",
+        "./wolfcrypt/src/pwdbased.c",
+        "./wolfcrypt/src/rabbit.c",
+        "./wolfcrypt/src/random.c",
+        "./wolfcrypt/src/rc2.c",
+        "./wolfcrypt/src/ripemd.c",
+        "./wolfcrypt/src/rsa.c",
+        "./wolfcrypt/src/selftest.c",
+        "./wolfcrypt/src/sha256.c",
+        "./wolfcrypt/src/sha3.c",
+        "./wolfcrypt/src/sha512.c",
+        "./wolfcrypt/src/sha.c",
+        "./wolfcrypt/src/signature.c",
+        "./wolfcrypt/src/sp_arm32.c",
+        "./wolfcrypt/src/sp_arm64.c",
+        "./wolfcrypt/src/sp_armthumb.c",
+        "./wolfcrypt/src/sp_c32.c",
+        "./wolfcrypt/src/sp_c64.c",
+        "./wolfcrypt/src/sp_cortexm.c",
+        "./wolfcrypt/src/sp_dsp32.c",
+        "./wolfcrypt/src/sp_int.c",
+        "./wolfcrypt/src/sp_x86_64.c",
+        "./wolfcrypt/src/srp.c",
+        "./wolfcrypt/src/tfm.c",
+        "./wolfcrypt/src/wc_dsp.c",
+        "./wolfcrypt/src/wc_encrypt.c",
+        "./wolfcrypt/src/wc_pkcs11.c",
+        "./wolfcrypt/src/wc_port.c",
+        "./wolfcrypt/src/wolfcrypt_first.c",
+        "./wolfcrypt/src/wolfcrypt_last.c",
+        "./wolfcrypt/src/wolfevent.c",
+        "./wolfcrypt/src/wolfmath.c",
+    ],
+
+}
--- a/IDE/Android/README.md
+++ b/IDE/Android/README.md
@@ -0,0 +1,37 @@
+# Android wolfSSL Support
+
+Tested on Android v8.1 with WPA Supplicant and KeyStore to replace BoringSSL.
+
+## Files
+
+* `Android.bp`: Template build system file for wolfSSL.
+* `user_settings.h`: Template build settings for wolfSSL
+
+## Installation
+
+1) Place the wolfSSL library into `./external/wolfssl`
+2) Copy `Android.bp` into `./external/wolfssl`
+3) Copy `user_settings.h` into `./external/wolfssl`
+4) Add `PRODUCT_PACKAGES += libwolfssl` to your device .mk.
+
+## Typical Android build instruction
+
+```sh
+source build/envsetup.sh
+lunch [num]
+mm -j8
+```
+
+## Using wolfSSL in your Application
+
+In your `Android.mk` build file for your application add the following:
+
+```makefile
+# Crypto Provider - wolfSSL
+LOCAL_CFLAGS += -DWOLFSSL_USER_SETTINGS -Iexternal/wolfssl -Iexternal/wolfssl/wolfssl
+LOCAL_SHARED_LIBRARIES += libwolfssl
+```
+
+## Support
+
+For questions please email support@wolfssl.com
--- a/IDE/Android/include.am
+++ b/IDE/Android/include.am
@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/Android/Android.bp \
+    IDE/Android/README.md \
+    IDE/Android/user_settings.h
--- a/IDE/Android/user_settings.h
+++ b/IDE/Android/user_settings.h
@@ -0,0 +1,112 @@
+/* Custom build settings for Android */
+
+#ifndef _WOLF_USER_SETTINGS_H_
+#define _WOLF_USER_SETTINGS_H_
+
+#if 0
+    #define HAVE_FIPS_VERSION 2
+    #define HAVE_FIPS
+#endif
+
+/* WPA Supplicant Support */
+#define WOLFSSL_WPAS_SMALL
+#define OPENSSL_ALL
+#define HAVE_THREAD_LS
+
+#define USE_FAST_MATH
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+#define HAVE_HASHDRBG
+
+#if 1
+    #define WOLFSSL_TLS13
+    #define WC_RSA_PSS
+#endif
+#define HAVE_SESSION_TICKET
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+#define HAVE_EXTENDED_MASTER
+#define HAVE_ENCRYPT_THEN_MAC
+#define WOLFSSL_ENCRYPTED_KEYS
+#define HAVE_KEYING_MATERIAL
+#define NO_OLD_TLS
+#define NO_CHECK_PRIVATE_KEY
+
+/* enable PK callback support for signing operations to key store */
+#define HAVE_PK_CALLBACKS
+/* crypto callback support is not in FIPS 3389 */
+#ifndef HAVE_FIPS
+    #define WOLF_CRYPTO_CB 
+#endif
+
+#define KEEP_OUR_CERT
+#define KEEP_PEER_CERT
+#define WOLFSSL_ALWAYS_VERIFY_CB
+#define WOLFSSL_ALWAYS_KEEP_SNI
+#define HAVE_EX_DATA
+#define HAVE_EXT_CACHE
+#define WOLFSSL_EITHER_SIDE
+#define WOLFSSL_PUBLIC_MP
+#define WOLFSSL_DER_LOAD
+
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_CERT_EXT
+#define WOLFSSL_CERT_REQ
+
+#define WOLFSSL_KEY_GEN
+#define WC_RSA_NO_PADDING
+
+#define HAVE_FFDHE_2048
+#define HAVE_DH_DEFAULT_PARAMS
+#ifdef HAVE_FIPS
+    #define WOLFSSL_VALIDATE_FFC_IMPORT
+    #define HAVE_FFDHE_Q
+#endif
+
+#define WOLFSSL_SHA224
+#define WOLFSSL_SHA512
+#define WOLFSSL_SHA384
+
+#define HAVE_HKDF
+#define HAVE_PKCS8
+
+#define HAVE_ECC
+#define TFM_ECC256
+#define ECC_SHAMIR
+#define HAVE_COMP_KEY
+#ifdef HAVE_FIPS
+    #define HAVE_ECC_CDH
+    #define WOLFSSL_VALIDATE_ECC_IMPORT
+#endif
+
+#define HAVE_AESGCM
+#define HAVE_AESCCM
+#define WOLFSSL_AES_DIRECT
+#define WOLFSSL_AES_COUNTER
+#define HAVE_AES_ECB
+#define WOLFSSL_CMAC
+
+#define WOLFSSL_BASE64_ENCODE
+#define HAVE_CRL
+
+#define NO_DSA
+#define NO_RC4
+#define NO_HC128
+#define NO_RABBIT
+#define NO_RC4
+#define NO_PSK
+#define WOLFSSL_NO_SHAKE256
+#define NO_MD4
+#define NO_OLD_MD5_NAME
+#define NO_OLD_SHA_NAMES
+#define NO_OLD_SHA256_NAMES
+#define NO_OLD_WC_NAMES
+
+#if 0
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_ANDROID_DEBUG
+#endif
+
+#endif /* _WOLF_USER_SETTINGS_H_ */
--- a/IDE/ECLIPSE/DEOS/deos_wolfssl/.project
+++ b/IDE/ECLIPSE/DEOS/deos_wolfssl/.project
@@ -414,6 +414,11 @@
 			<type>1</type>
 			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/ge_operations.c</locationURI>
 		</link>
+		<link>
+			<name>wolfcrypt/src/kdf.c</name>
+			<type>1</type>
+			<locationURI>WOLFSSL_ROOT/wolfcrypt/src/kdf.c</locationURI>
+		</link>
 		<link>
 			<name>wolfcrypt/src/hash.c</name>
 			<type>1</type>
--- a/IDE/Espressif/ESP-IDF/README.md
+++ b/IDE/Espressif/ESP-IDF/README.md
@@ -4,28 +4,33 @@

 Including the following examples:

-* simple tls_client/server
-* crypt test
-* crypt benchmark
+* Simple [tls_client](./examples/wolfssl_client/)/[server](./examples/wolfssl_server/)
+* Cryptographic [test](./examples/wolfssl_test/)
+* Cryptographic [benchmark](./examples/wolfssl_benchmark/)

 The *user_settings.h* file enables some of the hardened settings.

 ## Requirements
- 1. ESP-IDF development framework  
-    [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/]
+ 1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)

    Note: This expects to use Linux version.

 ## Setup for Linux
- 1. Run *setup.sh* at /path/to/wolfssl/IDE/Espressif/ESP-IDF/ to deploy files into ESP-IDF tree  
-    For Windows : Run *setup_win.bat* at \IDE\Espressif\ESP-IDF\
- 2. Find Wolfssl files at /path/to/esp-idf/components/wolfssl/
- 3. Find Example programs under /path/to/esp-idf/examples/protocols/wolfssl_xxx
- 4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h  
-    Uncomment out #define WOLFSSL_ESPWROOM32 in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
+ 1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree  
+    For Windows : Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
+    
+ 2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
+ 
+ 3. Find [Example programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
+
+ 4. Uncomment out `#define WOLFSSL_ESPIDF` in _/path/to/esp_`/esp-idf/components/wolfssl/wolfssl/wolfcrypt/settings.h`  
+    Uncomment out `#define WOLFSSL_ESPWROOM32` in _/path/to/esp_`/esp-idf/components/wolfssl/wolfssl/wolfcrypt/settings.h`
+    
+    for example the default:
+    `~/esp/esp-idf/components/wolfssl/wolfssl/wolfcrypt/settings.h`

 ## Configuration
- 1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h
+ 1. The `user_settings.h` can be found in _/path/to/esp_`/esp-idf/components/wolfssl/include/user_settings.h`

 ## Build examples
 1. See README in each example folder
@@ -34,7 +39,7 @@ Including the following examples:
 For question please email [support@wolfssl.com]

 Note: This is tested with :  
-   - OS: Ubuntu 18.04.1 LTS and Microsoft Windows 10 Pro 10.0.19041  
+   - OS: Ubuntu 18.04.1 LTS and Microsoft Windows 10 Pro 10.0.19041 and well as WSL Ubuntu
   - ESP-IDF: v4.1 and v4.0.1  
   - Module : ESP32-WROOM-32

--- a/IDE/Espressif/ESP-IDF/README_32se.md
+++ b/IDE/Espressif/ESP-IDF/README_32se.md
@@ -1,35 +1,31 @@
 # DEMO program with ATECC608A on ESP-WROOM-32SE
 ## Overview
- Running demo programs with ATECC608A on 32SE by setting *WOLFSSL_ESPWROOM32SE* definition
+ Running demo programs with ATECC608A on 32SE by setting `WOLFSSL_ESPWROOM32SE` definition

 Including the following examples:

-* simple tls_client/tls_server
+* simple `tls_client`/`tls_server`
 * crypt benchmark

- The *user_settings.h* file enables some of the hardened settings. 
- 
-## Requirements
- 1. ESP-IDF development framework  
-    [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/]
+ The `user_settings.h` file enables some of the hardened settings.
+
+## Requirements
+1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/
+
+2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib

- 2. Microchip CryptoAuthentication Library  
-    [https://github.com/MicrochipTech/cryptoauthlib]
-    
 ## Setup
- 1. wolfSSL under ESP-IDF. Please see [README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md)
- 2. CryptoAuthentication Library under ESP-IDF. Please see [README.md](https://github.com/miyazakh/cryptoauthlib_esp_idf/blob/master/README.md)
- 
- 3. Uncomment out #define WOLFSSL_ESPWROOM32SE in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
- 
-    Note : Need to enable WOLFSSL_ESPIDF  
-    Note : crypt test will fail if enabled WOLFSSL_ESPWROOM32SE
- 
+1. wolfSSL under ESP-IDF. Please see [README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md)
+2. CryptoAuthentication Library under ESP-IDF. Please see [README.md](https://github.com/miyazakh/cryptoauthlib_esp_idf/blob/master/README.md)
+3. Uncomment out `#define WOLFSSL_ESPWROOM32SE` in `/path/to/wolfssl/wolfssl/wolfcrypt/settings.h`
+    * **Note:** Need to enable `WOLFSSL_ESPIDF`
+    * **Note:** crypt test will fail if enabled `WOLFSSL_ESPWROOM32SE`
+
 ## Configuration
- 1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h
+1. The `user_settings.h` can be found in `/path/to/esp-idf/components/wolfssl/include/user_settings.h`

 ## Build examples
- 1. See README in each example folder
+1. See `README` in each example folder

 ## Benchmark
 w/o atecc608a
@@ -48,11 +44,11 @@ ECDSA    256 verify         14 ops took 1.079 sec, avg 77.071 ms, 12.975 ops/sec
 ```

 ## Support
- For question please email [support@wolfssl.com]
+For question please email [support@wolfssl.com](mailto:support@wolfssl.com)

- Note: This is tested with the following condition:
- 
- Model    : ESP32-WROOM-32SE  
- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)  
+Note: This is tested with the following condition:
+
+- Model    : ESP32-WROOM-32SE
+- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)
 - CryptAuthLib: commit hash : c6b176e
 - OS       : Ubuntu 18.04.1 LTS (Bionic Beaver)
--- a/IDE/Espressif/ESP-IDF/setup.sh
+++ b/IDE/Espressif/ESP-IDF/setup.sh
@@ -22,6 +22,20 @@ BASEDIR=`cd ${BASEDIR} && pwd -P`
 WOLFSSLLIB_TRG_DIR=${IDF_PATH}/components/wolfssl
 WOLFSSLEXP_TRG_DIR=${IDF_PATH}/examples/protocols

+if [ "$1" == "--verbose" ]; then
+  WOLFSSSL_SETUP_VERBOSE=true
+fi
+
+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo Verbose mode on!
+  echo BASEDIR=${BASEDIR}
+  echo SCRIPTDIR=${SCRIPTDIR}
+  echo WOLFSSL_ESPIDFDIR=${WOLFSSL_ESPIDFDIR}
+  echo WOLFSSLLIB_TRG_DIR=${WOLFSSLLIB_TRG_DIR}
+  echo WOLFSSLEXP_TRG_DIR=${WOLFSSLEXP_TRG_DIR}
+  echo ""
+fi
+
 if [ ! -d $IDF_PATH ]; then
    echo "ESP-IDF Development Framework doesn't exist.: $IDF_PATH"
    exit 1
@@ -31,7 +45,12 @@ fi
 pushd $IDF_PATH > /dev/null

 echo "Copy files into $IDF_PATH"
+
 # Remove/Create directories
+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo "Remove/Create directories..."
+fi
+
 ${RMDCMD} ${WOLFSSLLIB_TRG_DIR}/
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/

@@ -46,6 +65,11 @@ popd > /dev/null             # $WOLFSSL_ESPIDFDIR
 pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR

 # copying ... files in src/ into $WOLFSSLLIB_TRG_DIR/src
+
+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo "Copying ... files in src/ into \$WOLFSSLLIB_TRG_DIR/srcs ..."
+fi
+
 ${CPDCMD} ./src/*.c ${WOLFSSLLIB_TRG_DIR}/src/


@@ -56,7 +80,12 @@ ${CPDCMD} -r ./wolfcrypt/benchmark ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/

 ${CPDCMD} -r ./wolfssl/*.h ${WOLFSSLLIB_TRG_DIR}/wolfssl/
 ${CPDCMD} -r ./wolfssl/wolfcrypt ${WOLFSSLLIB_TRG_DIR}/wolfssl/
+
 # user_settings.h
+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo "Copying user_settings.h to ${WOLFSSLLIB_TRG_DIR}/include/"
+fi
+
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/user_settings.h ${WOLFSSLLIB_TRG_DIR}/include/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/dummy_config_h ${WOLFSSLLIB_TRG_DIR}/include/config.h

@@ -71,15 +100,24 @@ ${CPDCMD} ./libs/component.mk ${WOLFSSLLIB_TRG_DIR}/
 pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR

 # Benchmark program
+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo ""
+fi
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/

+${CPDCMD}    ${BASEDIR}/wolfcrypt/benchmark/benchmark.h ${BASEDIR}/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/benchmark.h
+${CPDCMD}    ${BASEDIR}/wolfcrypt/benchmark/benchmark.c ${BASEDIR}/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/benchmark.c
+
 ${CPDCMD} -r ./wolfcrypt/benchmark/benchmark.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/

 # Crypt Test program
+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo "Copying wolfssl_test to ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/"
+fi
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
@@ -89,6 +127,9 @@ ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/* ${WOLFSSLEXP_TRG_DIR}/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/

 # TLS Client program
+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo "Copying TLS Client program to ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/..."
+fi
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/main/
@@ -99,6 +140,9 @@ ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_client/main/* ${WOLFSSLEXP_TR
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_client/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/main/include/

 # TLS Server program
+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo "Copying TLS Server program to ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/..."
+fi
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_server/main/
@@ -110,4 +154,8 @@ ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_server/main/include/* ${WOLFS

 popd > /dev/null # 

+if [ "${WOLFSSSL_SETUP_VERBOSE}" == "true" ]; then
+  echo "Copy complete!"
+fi
+
 exit 1
--- a/IDE/Espressif/ESP-IDF/setup_win.bat
+++ b/IDE/Espressif/ESP-IDF/setup_win.bat
@@ -49,6 +49,10 @@ xcopy /F/Q   %WOLFSSL_ESPIDFDIR%\libs\component.mk   %WOLFSSLLIB_TRG_DIR%\
 rem Benchmark program
 rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\
 mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\main\
+
+xcopy      %BASEDIR%\wolfcrypt\benchmark\benchmark.h  %BASEDIR%\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\main\benchmark.h
+xcopy      %BASEDIR%\wolfcrypt\benchmark\benchmark.c  %BASEDIR%\IDE\Espressif\ESP-IDF\examples\wolfssl_benchmark\main\benchmark.c
+
 xcopy /F/Q %BASEDIR%\wolfcrypt\benchmark\benchmark.c %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\main\
 xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_benchmark %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\

--- a/IDE/GCC-ARM/Header/user_settings.h
+++ b/IDE/GCC-ARM/Header/user_settings.h
@@ -637,6 +637,10 @@ extern unsigned int my_rng_seed_gen(void);
 #undef  NO_SIG_WRAPPER
 //#define NO_SIG_WRAPPER

+#undef WOLFSSL_IGNORE_FILE_WARN
+#define WOLFSSL_IGNORE_FILE_WARN
+
+
 #ifdef __cplusplus
 }
 #endif
--- a/IDE/GCC-ARM/Makefile
+++ b/IDE/GCC-ARM/Makefile
@@ -1,6 +1,6 @@
 BUILD_DIR = ./Build

-all: WolfSSLStaticLib WolfCryptTest WolfCryptBench WolfSSLClient
+all: WolfSSLStaticLib WolfCryptTest WolfCryptBench WolfSSLClient WolfSSLServer

 WolfCryptTest:
 	$(MAKE) -f Makefile.test
@@ -8,6 +8,8 @@ WolfCryptBench:
 	$(MAKE) -f Makefile.bench
 WolfSSLClient:
 	$(MAKE) -f Makefile.client
+WolfSSLServer:
+	$(MAKE) -f Makefile.server
 WolfSSLStaticLib:
 	$(MAKE) -f Makefile.static

--- a/IDE/GCC-ARM/Makefile.common
+++ b/IDE/GCC-ARM/Makefile.common
@@ -6,37 +6,39 @@ BUILD_DIR = ./Build

 # Toolchain location and prefix
 #TOOLCHAIN = 
-TOOLCHAIN = /opt/gcc-arm-none-eabi/bin/arm-none-eabi-
+TOOLCHAIN ?= /opt/gcc-arm-none-eabi/bin/arm-none-eabi-

 # Tools selection
 CC = $(TOOLCHAIN)gcc
-AS = $(TOOLCHAIN)gcc
-LD = $(TOOLCHAIN)gcc
+AS = $(CC)
+LD = $(CC)
 AR = $(TOOLCHAIN)ar
 NM = $(TOOLCHAIN)nm
-OBJCOPY = $(TOOLCHAIN)objcopy
-OBJDUMP = $(TOOLCHAIN)objdump
-SIZE = $(TOOLCHAIN)size
+OBJCOPY ?= $(TOOLCHAIN)objcopy
+OBJDUMP ?= $(TOOLCHAIN)objdump
+SIZE ?= $(TOOLCHAIN)size

 # Includes
-INC = -I./Header \
-	  -I./Source \
-	  -I../..
+USER_SETTINGS_DIR ?= ./Header
+INC = -I$(USER_SETTINGS_DIR) \
+      -I../..

 # Defines
 DEF = -DWOLFSSL_USER_SETTINGS

 # Architecture
-ARCHFLAGS = -mcpu=cortex-m4 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
+ARCHFLAGS ?= -mcpu=cortex-m4 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
 #ARCHFLAGS = -mcpu=cortex-m0 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
 #ARCHFLAGS = -mcpu=cortex-r5 -mthumb -mabi=aapcs
 #ARCHFLAGS = -mcpu=cortex-a53 -mthumb -mabi=aapcs

 # Compiler and linker flags
-ASFLAGS = $(ARCHFLAGS)
-CFLAGS = $(ARCHFLAGS) -std=gnu99 -Wall -Wno-cpp
-LDFLAGS = $(ARCHFLAGS)
+ASFLAGS ?= $(ARCHFLAGS)
+CFLAGS_EXTRA ?= -Wno-cpp
+CFLAGS ?= $(ARCHFLAGS) -std=gnu99 -Wall $(CFLAGS_EXTRA)
+LDFLAGS ?= $(ARCHFLAGS)

+FIPS?=1
 # LD: Link with nosys
 LDFLAGS += --specs=nosys.specs

@@ -70,12 +72,15 @@ LDFLAGS += $(DBGFLAGS)
 # FILES

 # Port and Test/Benchmark
+ifndef NO_EXAMPLES
 SRC_C += ./Source/wolf_main.c
 SRC_C += ./Source/armtarget.c
 SRC_C += ../../wolfcrypt/test/test.c
 SRC_C += ../../wolfcrypt/benchmark/benchmark.c
+endif

 # WOLFSSL TLS FILES
+SRC_C += ../../src/bio.c
 SRC_C += ../../src/crl.c
 SRC_C += ../../src/internal.c
 SRC_C += ../../src/keys.c
@@ -87,7 +92,9 @@ SRC_C += ../../src/tls13.c
 SRC_C += ../../src/wolfio.c

 # wolfCrypt Core (FIPS)
+ifeq "$(FIPS)" "1"
 SRC_C += ../../wolfcrypt/src/wolfcrypt_first.c
+endif
 SRC_C += ../../wolfcrypt/src/aes.c
 SRC_C += ../../wolfcrypt/src/cmac.c
 SRC_C += ../../wolfcrypt/src/des3.c
@@ -100,26 +107,38 @@ SRC_C += ../../wolfcrypt/src/sha.c
 SRC_C += ../../wolfcrypt/src/sha256.c
 SRC_C += ../../wolfcrypt/src/sha512.c
 SRC_C += ../../wolfcrypt/src/sha3.c
+ifeq "$(FIPS)" "1"
 SRC_C += ../../wolfcrypt/src/fips.c
 SRC_C += ../../wolfcrypt/src/fips_test.c
 SRC_C += ../../wolfcrypt/src/wolfcrypt_last.c
+endif

 # wolfCrypt Additional
+SRC_C += ../../wolfcrypt/src/asm.c
 SRC_C += ../../wolfcrypt/src/asn.c
+SRC_C += ../../wolfcrypt/src/blake2s.c
 SRC_C += ../../wolfcrypt/src/chacha.c
-SRC_C += ../../wolfcrypt/src/cmac.c
+SRC_C += ../../wolfcrypt/src/chacha20_poly1305.c
 SRC_C += ../../wolfcrypt/src/coding.c
 SRC_C += ../../wolfcrypt/src/compress.c
 SRC_C += ../../wolfcrypt/src/cpuid.c
 SRC_C += ../../wolfcrypt/src/cryptocb.c
 SRC_C += ../../wolfcrypt/src/curve25519.c
+SRC_C += ../../wolfcrypt/src/curve448.c
+SRC_C += ../../wolfcrypt/src/ecc_fp.c
+SRC_C += ../../wolfcrypt/src/eccsi.c
 SRC_C += ../../wolfcrypt/src/ed25519.c
+SRC_C += ../../wolfcrypt/src/ed448.c
 SRC_C += ../../wolfcrypt/src/error.c
+SRC_C += ../../wolfcrypt/src/evp.c
+SRC_C += ../../wolfcrypt/src/fe_448.c
 SRC_C += ../../wolfcrypt/src/fe_low_mem.c
 SRC_C += ../../wolfcrypt/src/fe_operations.c
+SRC_C += ../../wolfcrypt/src/ge_448.c
 SRC_C += ../../wolfcrypt/src/ge_low_mem.c
 SRC_C += ../../wolfcrypt/src/ge_operations.c
 SRC_C += ../../wolfcrypt/src/hash.c
+SRC_C += ../../wolfcrypt/src/kdf.c
 SRC_C += ../../wolfcrypt/src/integer.c
 SRC_C += ../../wolfcrypt/src/logging.c
 SRC_C += ../../wolfcrypt/src/md5.c
@@ -129,6 +148,8 @@ SRC_C += ../../wolfcrypt/src/pkcs12.c
 SRC_C += ../../wolfcrypt/src/pkcs7.c
 SRC_C += ../../wolfcrypt/src/poly1305.c
 SRC_C += ../../wolfcrypt/src/pwdbased.c
+SRC_C += ../../wolfcrypt/src/rc2.c
+SRC_C += ../../wolfcrypt/src/sakke.c
 SRC_C += ../../wolfcrypt/src/signature.c
 SRC_C += ../../wolfcrypt/src/srp.c
 SRC_C += ../../wolfcrypt/src/sp_arm32.c
@@ -137,13 +158,25 @@ SRC_C += ../../wolfcrypt/src/sp_armthumb.c
 SRC_C += ../../wolfcrypt/src/sp_c32.c
 SRC_C += ../../wolfcrypt/src/sp_c64.c
 SRC_C += ../../wolfcrypt/src/sp_cortexm.c
+SRC_C += ../../wolfcrypt/src/sp_dsp32.c
 SRC_C += ../../wolfcrypt/src/sp_int.c
+SRC_C += ../../wolfcrypt/src/sp_x86_64.c
 SRC_C += ../../wolfcrypt/src/tfm.c
+SRC_C += ../../wolfcrypt/src/wc_dsp.c
 SRC_C += ../../wolfcrypt/src/wc_encrypt.c
+SRC_C += ../../wolfcrypt/src/wc_pkcs11.c
 SRC_C += ../../wolfcrypt/src/wc_port.c
 SRC_C += ../../wolfcrypt/src/wolfevent.c
 SRC_C += ../../wolfcrypt/src/wolfmath.c

+ifeq "$(ASYNC)" "1"
+SRC_C += ../../wolfcrypt/src/async.c
+endif
+
+ifeq "$(SELFTEST)" "1"
+SRC_C += ../../wolfcrypt/src/selftest.c
+endif
+
 # wolfCrypt non-standard algorithms (disabled by default)
 SRC_C += ../../wolfcrypt/src/arc4.c
 SRC_C += ../../wolfcrypt/src/blake2b.c
@@ -165,11 +198,11 @@ vpath %.c $(dir $(SRC_C))

 build_hex: $(BUILD_DIR) $(BUILD_DIR)/$(BIN).hex
 	@echo ""
-	$(CMD_ECHO) @$(SIZE) $(BUILD_DIR)/$(BIN).elf
+	$(CMD_ECHO) $(SIZE) $(BUILD_DIR)/$(BIN).elf

 build_static: $(BUILD_DIR) $(BUILD_DIR)/$(BIN).a
 	@echo ""
-	$(CMD_ECHO) @$(SIZE) $(BUILD_DIR)/$(BIN).a
+	$(CMD_ECHO) $(SIZE) $(BUILD_DIR)/$(BIN).a

 $(BUILD_DIR):
 	$(CMD_ECHO) mkdir -p $(BUILD_DIR)
--- a/IDE/GCC-ARM/Makefile.server
+++ b/IDE/GCC-ARM/Makefile.server
@@ -0,0 +1,7 @@
+# Project name
+BIN = WolfSSLServer
+SRC_C = ./Source/tls_server.c
+
+all: build_hex
+
+include Makefile.common
--- a/IDE/GCC-ARM/Source/armtarget.c
+++ b/IDE/GCC-ARM/Source/armtarget.c
@@ -71,7 +71,7 @@ void reset_handler(void)

    /* Init heap */
    __heap_start__[0] = 0;
-    __heap_start__[1] = ((uint32_t)__heap_end__ - (uint32_t)__heap_start__);
+    __heap_start__[1] = ((uintptr_t)__heap_end__ - (uintptr_t)__heap_start__);
 #endif /* USE_WOLF_ARM_STARTUP */

    /* Start main */
@@ -142,20 +142,20 @@ void HardFault_HandlerC( uint32_t *hardfault_args )
    _BFAR = (*((volatile uint32_t *)(0xE000ED38)));

    printf ("\n\nHard fault handler (all numbers in hex):\n");
-    printf ("R0 = %ux\n", stacked_r0);
-    printf ("R1 = %ux\n", stacked_r1);
-    printf ("R2 = %ux\n", stacked_r2);
-    printf ("R3 = %ux\n", stacked_r3);
-    printf ("R12 = %ux\n", stacked_r12);
-    printf ("LR [R14] = %ux  subroutine call return address\n", stacked_lr);
-    printf ("PC [R15] = %ux  program counter\n", stacked_pc);
-    printf ("PSR = %ux\n", stacked_psr);
-    printf ("CFSR = %ux\n", _CFSR);
-    printf ("HFSR = %ux\n", _HFSR);
-    printf ("DFSR = %ux\n", _DFSR);
-    printf ("AFSR = %ux\n", _AFSR);
-    printf ("MMAR = %ux\n", _MMAR);
-    printf ("BFAR = %ux\n", _BFAR);
+    printf ("R0 = %lx\n", stacked_r0);
+    printf ("R1 = %lx\n", stacked_r1);
+    printf ("R2 = %lx\n", stacked_r2);
+    printf ("R3 = %lx\n", stacked_r3);
+    printf ("R12 = %lx\n", stacked_r12);
+    printf ("LR [R14] = %lx  subroutine call return address\n", stacked_lr);
+    printf ("PC [R15] = %lx  program counter\n", stacked_pc);
+    printf ("PSR = %lx\n", stacked_psr);
+    printf ("CFSR = %lx\n", _CFSR);
+    printf ("HFSR = %lx\n", _HFSR);
+    printf ("DFSR = %lx\n", _DFSR);
+    printf ("AFSR = %lx\n", _AFSR);
+    printf ("MMAR = %lx\n", _MMAR);
+    printf ("BFAR = %lx\n", _BFAR);

    // Break into the debugger
    __asm("BKPT #0\n");
--- a/IDE/GCC-ARM/Source/tls_client.c
+++ b/IDE/GCC-ARM/Source/tls_client.c
@@ -23,7 +23,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>

-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_CLIENT)

 #include <wolfssl/ssl.h>
 #include <wolfssl/wolfcrypt/logging.h>
@@ -100,11 +100,11 @@ static int tls_client(void)
    /*---------------------*/
    /* for no peer auth:   */
    /*---------------------*/
-    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
    /*---------------------*/
    /* end peer auth option*/
    /*---------------------*/
-    if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != SSL_SUCCESS) {
+    if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) {
        wolfSSL_CTX_free(ctx);
        printf("CTXset_cipher_list failed, error: %d\n", ret);
        goto fail;
@@ -123,14 +123,14 @@ static int tls_client(void)
    }

    /* non blocking accept and connect */
-    ret = SSL_FAILURE;
+    ret = WOLFSSL_FAILURE;

-    while (ret != SSL_SUCCESS) {
+    while (ret != WOLFSSL_SUCCESS) {
        /* client connect */
        ret = wolfSSL_connect(ssl);
        error = wolfSSL_get_error(ssl, 0);
-        if (ret != SSL_SUCCESS) {
-            if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) {
+        if (ret != WOLFSSL_SUCCESS) {
+            if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
                /* Fail */
                printf("wolfSSL connect failed with return code %d\n", error);
                goto fail;
@@ -146,7 +146,7 @@ static int tls_client(void)
        ret   = wolfSSL_write(ssl, msg, msgSz);
        error = wolfSSL_get_error(ssl, 0);
        if (ret != msgSz) {
-            if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) {
+            if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
                /* Write failed */
                goto fail;
            }
@@ -159,7 +159,7 @@ static int tls_client(void)
        ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
        error = wolfSSL_get_error(ssl, 0);
        if (ret < 0) {
-            if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) {
+            if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
                /* Can put print here, the server enters a loop waiting to read
                 * a confirmation message at this point */
                // printf("client read failed\n");
@@ -186,14 +186,14 @@ fail:

    return -1;
 }
-#endif
+#endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_CLIENT */


 int main(void)
 {
    int ret;

-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_CLIENT)
    wolfSSL_Init();

    ret = tls_client();
--- a/IDE/GCC-ARM/Source/tls_server.c
+++ b/IDE/GCC-ARM/Source/tls_server.c
@@ -0,0 +1,206 @@
+/* tls_server.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER)
+
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <stdio.h>
+
+#define MAXSZ              1024
+
+/*------------------------------------------------------------------------*/
+/* TLS SERVER */
+/*------------------------------------------------------------------------*/
+static int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
+{
+    int ret = WOLFSSL_CBIO_ERR_GENERAL;
+
+    (void)ssl;
+    (void)ctx;
+
+    /* TODO: Exchange data over your own transport */
+    #warning TODO: Implement your own recv data transport
+#if 0
+    ret = usart_read_buffer_wait(&cdc_uart_module, buf, sz);
+    if (ret == STATUS_ERR_TIMEOUT)
+        return WOLFSSL_CBIO_ERR_WANT_READ;
+
+    return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL;
+#else
+    return ret;
+#endif
+}
+
+static int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx)
+{
+    int ret = WOLFSSL_CBIO_ERR_GENERAL;
+
+    (void)ssl;
+    (void)ctx;
+
+    /* TODO: Exchange data over your own transport */
+    #warning TODO: Implement your own send data transport
+#if 0
+    ret = usart_write_buffer_wait(&cdc_uart_module, buf, sz);
+    if (ret == STATUS_ERR_TIMEOUT)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
+
+    return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL;
+#else
+    return ret;
+#endif
+}
+
+static int tls_server(void)
+{
+    char reply[MAXSZ];
+    int ret, error;
+    WOLFSSL* ssl = NULL;
+    WOLFSSL_CTX* ctx = NULL;
+
+    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
+        printf("CTXnew failed.\n");
+        goto fail;
+    }
+
+    /*------------------------------------------------------------------------*/
+    /* ECDHE-ECDSA */
+    /*------------------------------------------------------------------------*/
+    /*--------------------*/
+    /* for peer auth use: */
+    /*--------------------*/
+    //    wolfSSL_CTX_load_verify_buffer(ctx, rsa_key_der_1024,
+    //                                    sizeof_rsa_key_der_1024, SSL_FILETYPE_ASN1);
+    //    wolfSSL_CTX_load_verify_buffer(ctx, server_cert_der_1024,
+    //                                    sizeof_server_cert_der_1024, SSL_FILETYPE_ASN1);
+    /*---------------------*/
+    /* for no peer auth:   */
+    /*---------------------*/
+    wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
+    /*---------------------*/
+    /* end peer auth option*/
+    /*---------------------*/
+    if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) {
+        wolfSSL_CTX_free(ctx);
+        printf("CTXset_cipher_list failed, error: %d\n", ret);
+        goto fail;
+    }
+    /*------------------------------------------------------------------------*/
+    /* END CIPHER SUITE OPTIONS */
+    /*------------------------------------------------------------------------*/
+    wolfSSL_CTX_SetIORecv(ctx, CbIORecv);
+    wolfSSL_CTX_SetIOSend(ctx, CbIOSend);
+
+    if ((ssl = wolfSSL_new(ctx)) == NULL) {
+        error = wolfSSL_get_error(ssl, 0);
+        printf("wolfSSL_new failed %d\n", error);
+        wolfSSL_CTX_free(ctx);
+        return -1;
+    }
+
+    /* non blocking accept and connect */
+    ret = WOLFSSL_FAILURE;
+
+    while (ret != WOLFSSL_SUCCESS) {
+        /* server accept */
+        ret = wolfSSL_accept(ssl);
+        error = wolfSSL_get_error(ssl, 0);
+        if (ret != WOLFSSL_SUCCESS) {
+            if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
+                /* Fail */
+                printf("wolfSSL accept failed with return code %d\n", error);
+                goto fail;
+            }
+        }
+        /* Success */
+    }
+
+    /* read and write */
+    while (1) {
+        /* server read */
+        ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+        error = wolfSSL_get_error(ssl, 0);
+        if (ret < 0) {
+            if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
+                /* Can put print here, the server enters a loop waiting to read
+                 * a confirmation message at this point */
+                // printf("server read failed\n");
+                goto fail;
+            }
+            continue;
+        }
+        else {
+            /* Can put print here, the server enters a loop waiting to read
+             * a confirmation message at this point */
+            reply[ret] = '\0';
+            // printf("Server Received Reply: %s\n", reply);
+            break;
+        }
+
+    }
+
+    while (1) {
+        /* server write / echo */
+        ret   = wolfSSL_write(ssl, reply, XSTRLEN(reply));
+        error = wolfSSL_get_error(ssl, 0);
+        if (ret != XSTRLEN(reply)) {
+            if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
+                /* Write failed */
+                goto fail;
+            }
+        }
+        /* Write succeeded */
+        break;
+    }
+
+    return 0;
+
+fail:
+    wolfSSL_shutdown(ssl);
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+
+    return -1;
+}
+#endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_SERVER */
+
+
+int main(void)
+{
+    int ret;
+
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER)
+    wolfSSL_Init();
+
+    ret = tls_server();
+
+    wolfSSL_Cleanup();
+#else
+    ret = NOT_COMPILED_IN;
+#endif
+
+	return ret;
+}
--- a/IDE/GCC-ARM/include.am
+++ b/IDE/GCC-ARM/include.am
@@ -8,11 +8,13 @@ EXTRA_DIST+= IDE/GCC-ARM/Source/wolf_main.c
 EXTRA_DIST+= IDE/GCC-ARM/Source/benchmark_main.c
 EXTRA_DIST+= IDE/GCC-ARM/Source/test_main.c
 EXTRA_DIST+= IDE/GCC-ARM/Source/tls_client.c
+EXTRA_DIST+= IDE/GCC-ARM/Source/tls_server.c
 EXTRA_DIST+= IDE/GCC-ARM/linker.ld
 EXTRA_DIST+= IDE/GCC-ARM/linker_fips.ld
 EXTRA_DIST+= IDE/GCC-ARM/Makefile
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.bench
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.client
+EXTRA_DIST+= IDE/GCC-ARM/Makefile.server
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.common
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.test
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.static
--- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
@@ -1975,6 +1975,9 @@
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\hash.c</name>
    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\kdf.c</name>
+    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\hc128.c</name>
    </file>
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewp
@@ -1956,6 +1956,9 @@
    <file>
      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hash.c</name>
    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\kdf.c</name>
+    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hmac.c</name>
    </file>
--- a/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt
+++ b/IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/wolfcrypt_lib.ewt
@@ -2346,6 +2346,9 @@
    <file>
      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hash.c</name>
    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\kdf.c</name>
+    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\..\wolfcrypt\src\hmac.c</name>
    </file>
--- a/IDE/IAR-EWARM/embOS/custom_port/README_custom_port
+++ b/IDE/IAR-EWARM/embOS/custom_port/README_custom_port
@@ -45,6 +45,7 @@ wolfssl (latest version)
 #     hmac.c                  tfm.c           #
 #     md4.c                   wc_encrypt.c    #
 #     md5.c                   wc_port.c       #
+ #     kdf.c                                   #
 #---------------------------------------------#

 5. Once those are all added go to
--- a/IDE/INTIME-RTOS/libwolfssl.vcxproj
+++ b/IDE/INTIME-RTOS/libwolfssl.vcxproj
@@ -46,6 +46,7 @@
    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
    <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
    <ClCompile Include="..\..\wolfcrypt\src\idea.c" />
--- a/IDE/INTIME-RTOS/wolfExamples.sln
+++ b/IDE/INTIME-RTOS/wolfExamples.sln
--- a/IDE/KDS/.project
+++ b/IDE/KDS/.project
@@ -165,6 +165,11 @@
 			<type>1</type>
 			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
 		</link>
+		<link>
+			<name>src/wolfcrypt-src/kdf.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/kdf.c</locationURI>
+		</link>
 		<link>
 			<name>src/wolfcrypt-src/hc128.c</name>
 			<type>1</type>
--- a/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/IDE/LINUX-SGX/sgx_t_static.mk
@@ -61,6 +61,7 @@ Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/ecc.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/error.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/hash.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/kdf.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/hc128.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/hmac.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/integer.c\
--- a/IDE/M68K/Makefile
+++ b/IDE/M68K/Makefile
@@ -20,6 +20,7 @@ CSRCS := ../../wolfcrypt/src/rsa.c \
        ../../wolfcrypt/src/memory.c \
        ../../wolfcrypt/src/coding.c \
        ../../wolfcrypt/src/hash.c \
+        ../../wolfcrypt/src/kdf.c \
        ../../wolfcrypt/src/hmac.c \
        ../../wolfcrypt/src/md5.c \
        ../../wolfcrypt/src/wc_port.c \
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
@@ -215,12 +215,6 @@
 #define BUILD_AESGCM
 #endif
 //  </e>
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //  <h>Others
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
@@ -252,12 +252,6 @@
 #define BUILD_AESGCM
 #endif
 //  </e>
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //  <h>Others
--- a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
@@ -274,12 +274,6 @@
 #define BUILD_AESGCM
 #endif
 //  </e>
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //  <h>Others
--- a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
@@ -1181,6 +1181,19 @@
      <RteFlg>0</RteFlg>
      <bShared>0</bShared>
    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>48</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\kdf.c</PathWithFileName>
+      <FilenameWithoutPath>kdf.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
  </Group>

  <Group>
--- a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj
@@ -626,6 +626,11 @@
              <FileType>1</FileType>
              <FilePath>..\..\..\wolfcrypt\src\hash.c</FilePath>
            </File>
+            <File>
+              <FileName>kdf.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\kdf.c</FilePath>
+            </File>
            <File>
              <FileName>misc.c</FileName>
              <FileType>1</FileType>
@@ -1335,6 +1340,11 @@
              <FileType>1</FileType>
              <FilePath>..\..\..\wolfcrypt\src\hash.c</FilePath>
            </File>
+            <File>
+              <FileName>kdf.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\kdf.c</FilePath>
+            </File>
            <File>
              <FileName>misc.c</FileName>
              <FileType>1</FileType>
@@ -2044,6 +2054,11 @@
              <FileType>1</FileType>
              <FilePath>..\..\..\wolfcrypt\src\hash.c</FilePath>
            </File>
+            <File>
+              <FileName>kdf.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\kdf.c</FilePath>
+            </File>
            <File>
              <FileName>misc.c</FileName>
              <FileType>1</FileType>
--- a/IDE/MDK5-ARM/Conf/user_settings.h
+++ b/IDE/MDK5-ARM/Conf/user_settings.h
@@ -360,13 +360,6 @@
 #define HAVE_PKCS7
 #endif
 //  </e>
-
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //      <e>Random Seed, for TEST Only
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/user_settings.h
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/user_settings.h
@@ -360,13 +360,6 @@
 #define HAVE_PKCS7
 #endif
 //  </e>
-
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //      <e>Random Seed, for TEST Only
--- a/IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/user_settings.h
+++ b/IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/user_settings.h
@@ -360,13 +360,6 @@
 #define HAVE_PKCS7
 #endif
 //  </e>
-
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //      <e>Random Seed, for TEST Only
--- a/IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/user_settings.h
+++ b/IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/user_settings.h
@@ -358,13 +358,6 @@
 #define HAVE_PKCS7
 #endif
 //  </e>
-
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //      <e>Random Seed, for TEST Only
--- a/IDE/MDK5-ARM/Projects/EchoServer/RTE/wolfSSL/user_settings.h
+++ b/IDE/MDK5-ARM/Projects/EchoServer/RTE/wolfSSL/user_settings.h
@@ -360,13 +360,6 @@
 #define HAVE_PKCS7
 #endif
 //  </e>
-
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //      <e>Random Seed, for TEST Only
--- a/IDE/MDK5-ARM/Projects/SimpleClient/RTE/wolfSSL/user_settings.h
+++ b/IDE/MDK5-ARM/Projects/SimpleClient/RTE/wolfSSL/user_settings.h
@@ -360,13 +360,6 @@
 #define HAVE_PKCS7
 #endif
 //  </e>
-
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //      <e>Random Seed, for TEST Only
--- a/IDE/MDK5-ARM/Projects/SimpleServer/RTE/wolfSSL/user_settings.h
+++ b/IDE/MDK5-ARM/Projects/SimpleServer/RTE/wolfSSL/user_settings.h
@@ -360,13 +360,6 @@
 #define HAVE_PKCS7
 #endif
 //  </e>
-
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //      <e>Random Seed, for TEST Only
--- a/IDE/MDK5-ARM/Projects/wolfSSL-Lib/RTE/wolfSSL/user_settings.h
+++ b/IDE/MDK5-ARM/Projects/wolfSSL-Lib/RTE/wolfSSL/user_settings.h
@@ -360,13 +360,6 @@
 #define HAVE_PKCS7
 #endif
 //  </e>
-
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
 //  </h>

 //      <e>Random Seed, for TEST Only
--- a/IDE/NETOS/Makefile.wolfcrypt.inc
+++ b/IDE/NETOS/Makefile.wolfcrypt.inc
@@ -0,0 +1,18 @@
+WOLFSSL_ROOT=wolfCrypt_v4_5_2
+APP_WOLFCRYPTOBJS = $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/wolfcrypt_first.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/aes.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/cmac.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/des3.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/dh.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/ecc.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/hmac.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/random.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/rsa.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha256.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha3.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha512.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/fips.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/fips_test.o\
+            $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/wolfcrypt_last.o
+
--- a/IDE/NETOS/README.md
+++ b/IDE/NETOS/README.md
@@ -0,0 +1,21 @@
+Developer notes about files in this directory:
+
+NOTE: These files are for use with the wolfCrypt FIPS module and are not
+      intended or designed for use in a generic NETOS use-case. Adjustments
+      to the user_settings.h will be necessary for use in non-FIPS scenarios.
+
+Makefile.wolfcrypt.inc:
+This was developed for a specific customer for inclusion by their recursive
+Makefile solution. This file is to be included by the top level Makefile and is
+used to preserve the FIPS module order when linked.
+
+user_settings.h:
+For use with cert 3389: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3389
+
+user_settings.h-cert2425:
+DEPRECATED (preserved for posterity)
+For use with expired cert 2425: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2425
+
+wolfssl_netos_custom.c:
+Functions in this file may be modified without risk of effecting the FIPS
+validation, these APIs' are external to the FIPS module boundary.
--- a/IDE/NETOS/include.am
+++ b/IDE/NETOS/include.am
@@ -0,0 +1,10 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/NETOS/Makefile.wolfcrypt.inc
+EXTRA_DIST+= IDE/NETOS/user_settings.h
+EXTRA_DIST+= IDE/NETOS/user_settings.h-cert2425
+EXTRA_DIST+= IDE/NETOS/wolfssl_netos_custom.c
+EXTRA_DIST+= IDE/NETOS/README.md
+
--- a/IDE/NETOS/user_settings.h
+++ b/IDE/NETOS/user_settings.h
@@ -0,0 +1,630 @@
+/* user_settings.h
+*
+* Copyright (C) 2006-2021 wolfSSL Inc.
+*
+* This file is part of wolfSSL.
+*
+* wolfSSL is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* wolfSSL is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+*/
+
+/* Custom wolfSSL user settings for GCC ARM */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT 4
+
+#undef THREADX
+#define THREADX
+
+#ifndef TX_TIMER_TICKS_PER_SECOND
+    #define TX_TIMER_TICKS_PER_SECOND 100
+#endif
+
+#undef NETOS
+#define NETOS
+
+#undef BIG_ENDIAN_ORDER
+#define BIG_ENDIAN_ORDER
+
+#undef WOLFSSL_SMALL_STACK
+//#define WOLFSSL_SMALL_STACK
+
+#undef WOLFSSL_USER_IO
+//#define WOLFSSL_USER_IO
+
+#undef NO_THREAD_LS
+#define NO_THREAD_LS
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#undef SIZEOF_LONG_LONG
+#define SIZEOF_LONG_LONG 8
+
+#undef SIZEOF_LONG
+#define SIZEOF_LONG 4
+
+#undef USE_FAST_MATH
+#if 1
+    #define USE_FAST_MATH
+
+    #undef TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    /* Optimizations */
+    #define TFM_ARM
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* FIPS - Requires eval or license from wolfSSL */
+/* ------------------------------------------------------------------------- */
+#undef HAVE_FIPS
+#if 1
+    #define HAVE_FIPS
+
+    #undef HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION 2
+
+    #ifdef SINGLE_THREADED
+        #undef NO_THREAD_LS
+        #define NO_THREAD_LS
+    #endif
+
+    #if 1
+        #undef NO_ATTRIBUTE_CONSTRUCTOR
+        #define NO_ATTRIBUTE_CONSTRUCTOR
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* RSA */
+#undef NO_RSA
+#if 1
+    #ifdef USE_FAST_MATH
+        /* Maximum math bits (Max RSA key bits * 2) */
+        #undef FP_MAX_BITS
+        #define FP_MAX_BITS 8192
+    #endif
+
+    /* half as much memory but twice as slow */
+    #undef RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+
+    /* Enables blinding mode, to prevent timing attacks */
+    #if 0
+        #undef WC_RSA_BLINDING
+        #define WC_RSA_BLINDING
+    #else
+        #undef WC_NO_HARDEN
+        #define WC_NO_HARDEN
+    #endif
+
+    /* RSA PSS Support */
+    #if 1
+        #define WC_RSA_PSS
+    #endif
+
+    #if 1
+        #define WC_RSA_NO_PADDING
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+/* ECC */
+#undef HAVE_ECC
+#if 1
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef ECC_USER_CURVES
+    //#define ECC_USER_CURVES
+
+    #ifdef ECC_USER_CURVES
+    /* Manual Curve Selection */
+    //#define HAVE_ECC192
+    //#define HAVE_ECC224
+    #undef NO_ECC256
+    //#define HAVE_ECC384
+    //#define HAVE_ECC521
+    #endif
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef FP_ENTRIES
+        #define FP_ENTRIES 2
+        #undef FP_LUT
+        #define FP_LUT 4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #undef ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    #ifdef HAVE_FIPS
+        #undef HAVE_ECC_CDH
+        #define HAVE_ECC_CDH /* Enable cofactor support */
+
+        #undef NO_STRICT_ECDSA_LEN
+        #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
+
+        #undef WOLFSSL_VALIDATE_ECC_IMPORT
+        #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
+    #endif
+
+    /* Compressed Key Support */
+    #undef HAVE_COMP_KEY
+    //#define HAVE_COMP_KEY
+
+    /* Use alternate ECC size for ECC math */
+    #ifdef USE_FAST_MATH
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+        #ifdef NO_RSA
+            /* Custom fastmath size if not using RSA */
+            #undef FP_MAX_BITS
+            #define FP_MAX_BITS (256 * 2)
+        #else
+            #undef ALT_ECC_SIZE
+            #define ALT_ECC_SIZE
+            /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
+            //#undef FP_MAX_BITS_ECC
+            //#define FP_MAX_BITS_ECC (256 * 2)
+        #endif
+
+        /* Speedups specific to curve */
+        #ifndef NO_ECC256
+            #undef TFM_ECC256
+            #define TFM_ECC256
+        #endif
+    #endif
+#endif
+
+/* DH */
+#undef NO_DH
+#if 1
+    /* Use table for DH instead of -lm (math) lib dependency */
+    #if 1
+        #define WOLFSSL_DH_CONST
+        #define HAVE_FFDHE_2048
+        #define HAVE_FFDHE_4096
+        //#define HAVE_FFDHE_6144
+        //#define HAVE_FFDHE_8192
+    #endif
+
+    #ifdef HAVE_FIPS
+        #define WOLFSSL_VALIDATE_FFC_IMPORT
+        #define HAVE_FFDHE_Q
+    #endif
+#else
+    #define NO_DH
+#endif
+
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef HAVE_AES_CBC
+    #define HAVE_AES_CBC
+
+    #undef HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+    // #define GCM_SMALL
+    // #define GCM_WORD32
+    #define GCM_TABLE
+
+    #undef WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT
+
+    #undef HAVE_AES_ECB
+    #define HAVE_AES_ECB
+
+    #undef WOLFSSL_AES_COUNTER
+    #define WOLFSSL_AES_COUNTER
+
+    #undef HAVE_AESCCM
+    #define HAVE_AESCCM
+#else
+    #define NO_AES
+#endif
+
+
+/* DES3 */
+#undef NO_DES3
+#if 1
+    /* No change */
+#else
+    #define NO_DES3
+#endif
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519 /* ED25519 Requires SHA512 */
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 1
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+    /* not unrolled - ~2k smaller and ~25% slower */
+    //#define USE_SLOW_SHA256
+
+    /* Sha224 */
+    #if 1
+        #define WOLFSSL_SHA224
+    #endif
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 1
+    #define WOLFSSL_SHA512
+
+    /* Sha384 */
+    #undef WOLFSSL_SHA384
+    #if 1
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA512
+#endif
+
+/* Sha3 */
+#undef WOLFSSL_SHA3
+#if 1
+    #define WOLFSSL_SHA3
+#endif
+
+/* MD5 */
+#undef NO_MD5
+#if 1
+    /* No change */
+#else
+    #define NO_MD5
+#endif
+
+/* HKDF */
+#undef HAVE_HKDF
+#if 1
+    #define HAVE_HKDF
+#endif
+
+/* CMAC */
+#undef WOLFSSL_CMAC
+#if 1
+    #define WOLFSSL_CMAC
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+
+#undef USE_CERT_BUFFERS_1024
+//#define USE_CERT_BUFFERS_1024
+
+#undef USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+#undef FORCE_BUFFER_TEST
+#define FORCE_BUFFER_TEST
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 0
+    #define DEBUG_WOLFSSL
+#else
+    #if 0
+        #define NO_ERROR_STRINGS
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Memory */
+/* ------------------------------------------------------------------------- */
+
+/* Override Memory API's */
+#if 0
+    #undef XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+
+    /* prototypes for user heap override functions */
+    /* Note: Realloc only required for normal math */
+    #include <stddef.h> /* for size_t */
+    extern void *myMalloc(size_t n, void* heap, int type);
+    extern void myFree(void *p, void* heap, int type);
+    extern void *myRealloc(void *p, size_t n, void* heap, int type);
+
+    #define XMALLOC(n, h, t) myMalloc(n, h, t)
+    #define XFREE(p, h, t) myFree(p, h, t)
+    #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
+#endif
+
+#if 0
+    /* Static memory requires fast math */
+    #define WOLFSSL_STATIC_MEMORY
+
+    /* Disable fallback malloc/free */
+    #define WOLFSSL_NO_MALLOC
+    #if 1
+    #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
+    #endif
+#endif
+
+/* Memory callbacks */
+#if 1
+    #undef USE_WOLFSSL_MEMORY
+    #define USE_WOLFSSL_MEMORY
+
+    /* Use this to measure / print heap usage */
+    #if 0
+        #undef WOLFSSL_TRACK_MEMORY
+        // #define WOLFSSL_TRACK_MEMORY
+
+        #undef WOLFSSL_DEBUG_MEMORY
+        //#define WOLFSSL_DEBUG_MEMORY
+
+        #undef WOLFSSL_DEBUG_MEMORY_PRINT
+        //#define WOLFSSL_DEBUG_MEMORY_PRINT
+    #endif
+#else
+    #ifndef WOLFSSL_STATIC_MEMORY
+        #define NO_WOLFSSL_MEMORY
+        /* Otherwise we will use stdlib malloc, free and realloc */
+    #endif
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* RNG */
+/* ------------------------------------------------------------------------- */
+
+/* Seed Source */
+/* Seed Source */
+#if 1
+    extern int my_rng_generate_seed(unsigned char* output, int sz);
+    #undef CUSTOM_RAND_GENERATE_SEED
+    #define CUSTOM_RAND_GENERATE_SEED my_rng_generate_seed
+#endif
+
+/* NETOS */
+#if 0
+    extern unsigned char get_byte_from_pool(void);
+    #define CUSTOM_RAND_GENERATE  get_byte_from_pool
+    #define CUSTOM_RAND_TYPE      unsigned char
+#endif
+
+/* Choose RNG method */
+#if 1
+    /* Use built-in P-RNG (SHA256 based) with HW RNG */
+    /* P-RNG + HW RNG (P-RNG is ~8K) */
+    //#define WOLFSSL_GENSEED_FORTEST
+    #undef HAVE_HASHDRBG
+    #define HAVE_HASHDRBG
+#else
+    #undef WC_NO_HASHDRBG
+    #define WC_NO_HASHDRBG
+
+    /* Bypass P-RNG and use only HW RNG */
+    extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
+    #undef CUSTOM_RAND_GENERATE_BLOCK
+    #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef WOLFSSL_TLS13
+#if 0
+    #define WOLFSSL_TLS13
+#endif
+
+#undef WOLFSSL_KEY_GEN
+#if 1
+    #define WOLFSSL_KEY_GEN
+#endif
+
+#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
+    #define WOLFSSL_OLD_PRIME_CHECK
+#endif
+
+#undef KEEP_PEER_CERT
+//#define KEEP_PEER_CERT
+
+#undef HAVE_COMP_KEY
+//#define HAVE_COMP_KEY
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+#undef NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+#undef WOLFCRYPT_ONLY
+//#define WOLFCRYPT_ONLY
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef NO_INLINE
+//#define NO_INLINE
+
+#undef NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef NO_WOLFSSL_DIR
+#define NO_WOLFSSL_DIR
+
+#undef NO_WRITEV
+#define NO_WRITEV
+
+#undef NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef NO_DEV_RANDOM
+#define NO_DEV_RANDOM
+
+#undef NO_DSA
+#define NO_DSA
+
+#undef NO_RC4
+#define NO_RC4
+
+#undef NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef NO_HC128
+#define NO_HC128
+
+#undef NO_RABBIT
+#define NO_RABBIT
+
+#undef NO_PSK
+#define NO_PSK
+
+#undef NO_MD4
+#define NO_MD4
+
+#undef NO_PWDBASED
+//#define NO_PWDBASED
+
+#undef NO_CODING
+//#define NO_CODING
+
+#undef NO_ASN_TIME
+//#define NO_ASN_TIME
+
+#undef NO_CERTS
+//#define NO_CERTS
+
+#undef NO_SIG_WRAPPER
+//#define NO_SIG_WRAPPER
+
+/* ACVP Testing ONLY specific settings */
+#if 0
+    #undef USE_NORMAL_PRINTF
+    #define USE_NORMAL_PRINTF
+
+    #undef USE_UART_READ_LINE
+    #define USE_UART_READ_LINE
+
+    #undef USE_SMALL_MONTE
+    #define USE_SMALL_MONTE
+
+    #undef WOLFSSL_PUBLIC_MP
+    #define WOLFSSL_PUBLIC_MP
+
+    #undef HAVE_FORCE_FIPS_FAILURE
+    #define HAVE_FORCE_FIPS_FAILURE
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
--- a/IDE/NETOS/user_settings.h-cert2425
+++ b/IDE/NETOS/user_settings.h-cert2425
@@ -0,0 +1,177 @@
+#ifndef _NETOS_USER_SETTINGS_H_
+#define _NETOS_USER_SETTINGS_H_
+
+/* Verify this is NetOS */
+/*
+#ifndef _NETOS
+#error This user_settings.h header is only designed for NetOS
+#endif
+*/
+
+/* Configurations */
+#if defined(HAVE_FIPS)
+#if defined(WOLFSSL_LIB)
+    #define HAVE_FIPS_VERSION 2
+    /* The FIPS lib */
+    #define THREADX
+    #define BIG_ENDIAN_ORDER
+    #define NO_WRITEV
+    #define NO_WOLFSSL_DIR
+#if 0
+    #define DEBUG_WOLFSSL
+#endif
+    #define NO_DEV_RANDOM
+    #define NETOS
+    #define NO_FILESYSTEM
+    #define FORCE_BUFFER_TEST
+	/* wolfSSL FIPS TESTING UPDATES : */
+	#define NO_ATTRIBUTE_CONSTRUCTOR
+    #define NO_THREAD_LS
+    #define NO_WOLFSSL_STUB
+    #define WOLFSSL_KEY_GEN
+    #define HAVE_FORCE_FIPS_FAILURE
+    #define USE_CERT_BUFFERS_1024 /* for the op-tests */
+    #define USE_CERT_BUFFERS_256 /* for the op-tests */
+    
+    #define TFM_TIMING_RESISTANT 
+    #define ECC_TIMING_RESISTANT 
+    #define WC_RSA_BLINDING 
+    #define HAVE_AESGCM 
+    #define WOLFSSL_SHA512 
+    #define WOLFSSL_SHA384 
+    #define NO_DSA 
+    #define HAVE_ECC 
+    #define TFM_ECC256 
+    #define ECC_SHAMIR 
+    #define WOLFSSL_BASE64_ENCODE 
+    #define NO_RC4 
+    #define NO_HC128 
+    #define NO_RABBIT 
+    #define HAVE_HASHDRBG 
+    #define HAVE_TLS_EXTENSIONS 
+    #define HAVE_SUPPORTED_CURVES 
+    #define HAVE_EXTENDED_MASTER 
+    #define NO_PSK 
+    #define NO_MD4 
+    #define NO_PWDBASED 
+    #define USE_FAST_MATH 
+    #define WC_NO_ASYNC_THREADING
+    
+    #define WC_RSAKEY_TYPE_DEFINED
+    #define WC_RNG_TYPE_DEFINED
+    
+    #define NO_TESTSUITE_MAIN_DRIVER
+    #define NO_MAIN_DRIVER
+
+    extern unsigned char get_byte_from_pool(void);
+    #define CUSTOM_RAND_GENERATE  get_byte_from_pool
+    #define CUSTOM_RAND_TYPE      unsigned char
+    
+    #define OPENSSL_EXTRA
+    #define HAVE_LIGHTY
+    #define WOLFSSL_AES_DIRECT
+    
+    #define WOLFSSL_MYSQL_COMPATIBLE
+#else
+    /* The FIPS apps */
+    #define HAVE_FIPS_VERSION 2
+    #define THREADX
+    #define BIG_ENDIAN_ORDER
+    #define NO_WRITEV
+    #define NO_WOLFSSL_DIR
+#if 0
+    #define DEBUG_WOLFSSL
+#endif
+    #define NO_DEV_RANDOM
+    #define NETOS
+    #define NO_FILESYSTEM
+    #define FORCE_BUFFER_TEST
+/* wolfSSL FIPS TESTING UPDATES : */
+    #define NO_ATTRIBUTE_CONSTRUCTOR
+    #define NO_THREAD_LS
+    #define NO_WOLFSSL_STUB
+    #define WOLFSSL_KEY_GEN
+    #define HAVE_FORCE_FIPS_FAILURE
+    #define USE_CERT_BUFFERS_2048 /* for the op-tests */
+    #define USE_CERT_BUFFERS_256 /* for the op-tests */
+
+    #define TFM_TIMING_RESISTANT 
+    #define ECC_TIMING_RESISTANT 
+    #define WC_RSA_BLINDING 
+    #define HAVE_AESGCM 
+    #define WOLFSSL_SHA512 
+    #define WOLFSSL_SHA384 
+    #define NO_DSA 
+    #define HAVE_ECC 
+    #define TFM_ECC256 
+    #define ECC_SHAMIR 
+    #define WOLFSSL_BASE64_ENCODE 
+    #define NO_RC4 
+    #define NO_HC128 
+    #define NO_RABBIT 
+    #define HAVE_HASHDRBG 
+    #define HAVE_TLS_EXTENSIONS 
+    #define HAVE_SUPPORTED_CURVES 
+    #define HAVE_EXTENDED_MASTER 
+    #define NO_PSK 
+    #define NO_MD4 
+    #define NO_PWDBASED 
+    #define USE_FAST_MATH 
+    #define WC_NO_ASYNC_THREADING
+    
+    #define WC_RSAKEY_TYPE_DEFINED
+    #define WC_RNG_TYPE_DEFINED
+    
+    #define NO_TESTSUITE_MAIN_DRIVER
+    #define NO_MAIN_DRIVER
+
+
+    
+    #define OPENSSL_EXTRA
+    #define HAVE_LIGHTY
+    #define WOLFSSL_AES_DIRECT
+    
+    #define WOLFSSL_MYSQL_COMPATIBLE
+#endif
+#else /* HAVE_FIPS */
+#if defined(WOLFSSL_LIB)
+    /* The NON-FIPS lib */
+    #define THREADX
+    #define BIG_ENDIAN_ORDER
+#if 0
+    #define OPENSSL_EXTRA
+#endif
+    #define WOLFSSL_RIPEMD
+    #define WOLFSSL_SHA512
+    #define NO_PSK
+    #define HAVE_EXTENDED_MASTER
+    #define WOLFSSL_SNIFFER
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SECURE_RENEGOTIATION
+    #define NO_WRITEV
+    #define NO_WOLFSSL_DIR
+    #define DEBUG_WOLFSSL
+    #define NO_DEV_RANDOM
+    #define NETOS
+    #define NO_FILESYSTEM
+#else
+    /* The NON-FIPS apps */
+    #define THREADX
+    #define BIG_ENDIAN_ORDER
+#if 0
+    #define OPENSSL_EXTRA
+#endif
+    #define NO_PSK
+    #define HAVE_EXTENDED_MASTER
+    #define WOLFSSL_SNIFFER
+    #define HAVE_SECURE_RENEGOTIATION
+    #define NO_WRITEV
+    #define NO_WOLFSSL_DIR
+    #define WOLFSSL_NO_CURRDIR
+    #define DEBUG_WOLFSSL
+    #define NETOS
+    #define NO_FILESYSTEM
+#endif
+#endif /* HAVE_FIPS */
+
+#endif /* _NETOS_USER_SETTINGS_H_ */
--- a/IDE/NETOS/wolfssl_netos_custom.c
+++ b/IDE/NETOS/wolfssl_netos_custom.c
@@ -0,0 +1,97 @@
+/* wolfssl_netos_custom.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <tx_api.h>
+#include <entropy.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/fips_test.h>
+
+int dc_log_printf(char* format, ...);
+
+#if BSP_SIGMA == 0
+int dc_log_printf(char* format, ...)
+{
+    va_list args;
+
+    va_start(args, (format));
+
+    fflush(stdout);
+    vprintf(format, args);
+    fflush(stdout);
+
+    va_end(args);
+
+    return 0;
+}
+#endif
+
+unsigned char get_byte_from_pool(void)
+{
+     unsigned char out;
+     float density;
+
+    /* Wait until pool has at least one byte */
+    /* TODO: improve this */
+     while (ent_get_byte_count() == 0)
+          tx_thread_sleep(1);
+
+    /* Stop gathering entropy to avoid race conditions */
+     ent_set_status(0);
+
+    /* Pop a single byte from the pool and continue gathering entropy */
+     ent_pop(&out, &density);
+     ent_set_status(1);
+
+     return out;
+}
+
+int my_rng_generate_seed(unsigned char* output, int sz)
+{
+    word32 i;
+    srand(get_byte_from_pool());
+
+    for (i = 0; i < sz; i++) {
+        output[i] = (unsigned char) rand();
+        srand(get_byte_from_pool());
+    }
+
+    return 0;
+}
+
+static void appFipsCb(int ok, int err, const char* hash)
+{
+    dc_log_printf("in appFipsCb Fips callback, ok = %d, err = %d\n", ok, err);
+    dc_log_printf("message = %s\n", wc_GetErrorString(err));
+    dc_log_printf("hash = %s\n", hash);
+
+    if (err == IN_CORE_FIPS_E) {
+        dc_log_printf("In core integrity hash check failure, copy above hash\n");
+        dc_log_printf("into verifyCore[] in fips_test.c and rebuild\n");
+    }
+}
+
+void setAppFipsCb(void)
+{
+    wolfCrypt_SetCb_fips(appFipsCb);
+}
--- a/IDE/QNX/CAAM-DRIVER/Makefile
+++ b/IDE/QNX/CAAM-DRIVER/Makefile
@@ -9,7 +9,7 @@ CC = qcc -Vgcc_nto$(PLATFORM)
 CXX = qcc -lang-c++ -Vgcc_nto$(PLATFORM)
 LD = $(CC)

-INCLUDES += -I../../../wolfssl/wolfcrypt/port/caam/
+INCLUDES += -I../../../ -I../../../wolfssl/wolfcrypt/port/caam/
 CCFLAGS += -O2 -Wall

 SRCS = \
--- a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
@@ -71,6 +71,7 @@
          <file file_name="../../wolfcrypt/src/ge_low_mem.c" />
          <file file_name="../../wolfcrypt/src/ge_operations.c" />
          <file file_name="../../wolfcrypt/src/hash.c" />
+          <file file_name="../../wolfcrypt/src/kdf.c" />
          <file file_name="../../wolfcrypt/src/hc128.c" />
          <file file_name="../../wolfcrypt/src/hmac.c" />
          <file file_name="../../wolfcrypt/src/idea.c" />
--- a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp
@@ -73,6 +73,7 @@
          <file file_name="../../wolfcrypt/src/ge_low_mem.c" />
          <file file_name="../../wolfcrypt/src/ge_operations.c" />
          <file file_name="../../wolfcrypt/src/hash.c" />
+          <file file_name="../../wolfcrypt/src/kdf.c" />
          <file file_name="../../wolfcrypt/src/hc128.c" />
          <file file_name="../../wolfcrypt/src/hmac.c" />
          <file file_name="../../wolfcrypt/src/idea.c" />
--- a/IDE/Renesas/cs+/Projects/wolfssl_lib/wolfssl_lib.mtpj
+++ b/IDE/Renesas/cs+/Projects/wolfssl_lib/wolfssl_lib.mtpj
@@ -301,6 +301,13 @@
      <TreeImageGuid>941832c1-fc3b-4e1b-94e8-01ea17128b42</TreeImageGuid>
      <ParentItem>2170607d-803e-45b0-80af-6507d495a8de</ParentItem>
    </Instance>
+    <Instance Guid="3e659978-d6e8-4d27-b8f7-6215eca64a09">
+      <Name>kdf.c</Name>
+      <Type>File</Type>
+      <RelativePath>..\..\..\..\..\wolfcrypt\src\kdf.c</RelativePath>
+      <ParentItem>2170607d-803e-45b0-80af-6507d495a8de</ParentItem>
+      <Property>2d70eb4e-e44a-4902-85bd-c2213863b503</Property>
+    </Instance>
    <Instance Guid="83d865e6-46a2-49da-8549-b021d2114a0e">
      <Name>logging.c</Name>
      <Type>File</Type>
--- a/IDE/Renesas/e2studio/DK-S7G2/README.md
+++ b/IDE/Renesas/e2studio/DK-S7G2/README.md
@@ -1,3 +1,10 @@
+## Project Summary
+|Item|Name/Version|
+|:--|:--|
+|Board|DK-S7G2|
+|Toolchain|GCC ARM Embedded|
+|SSP Version|1.7.0|
+

 ## Building wolfSSL For DK-S7G2

--- a/IDE/Renesas/e2studio/GR-ROSE/wolfssl/.project
+++ b/IDE/Renesas/e2studio/GR-ROSE/wolfssl/.project
@@ -214,6 +214,11 @@
 			<type>1</type>
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
 		</link>
+		<link>
+			<name>wolfcrypt/src/kdf.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/kdf.c</locationURI>
+		</link>
 		<link>
 			<name>wolfcrypt/src/hc128.c</name>
 			<type>1</type>
--- a/IDE/Renesas/e2studio/Projects/wolfssl/.project
+++ b/IDE/Renesas/e2studio/Projects/wolfssl/.project
@@ -214,6 +214,11 @@
 			<type>1</type>
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
 		</link>
+		<link>
+			<name>wolfcrypt/src/kdf.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/kdf.c</locationURI>
+		</link>
 		<link>
 			<name>wolfcrypt/src/hc128.c</name>
 			<type>1</type>
--- a/IDE/Renesas/e2studio/RA6M3/wolfssl/.project
+++ b/IDE/Renesas/e2studio/RA6M3/wolfssl/.project
@@ -215,6 +215,11 @@
 			<type>1</type>
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
 		</link>
+		<link>
+			<name>wolfcrypt/kdf.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/kdf.c</locationURI>
+		</link>
 		<link>
 			<name>wolfcrypt/hc128.c</name>
 			<type>1</type>
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/common/user_settings.h
@@ -35,10 +35,10 @@
 *  "WOLFSSL_RENESAS_TSIP_VER" takes following value:
 *      106: TSIPv1.06
 *      109: TSIPv1.09
- *      
+ *      113: TSIPv1.13
 *----------------------------------------------------------------------------*/
  #define WOLFSSL_RENESAS_TSIP
-  #define WOLFSSL_RENESAS_TSIP_VER     109
+  #define WOLFSSL_RENESAS_TSIP_VER     113


 /*-- TLS version definitions  --------------------------------------------------
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/common/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/common/wolfssl_dummy.c
@@ -21,7 +21,7 @@

 typedef unsigned long time_t;

-#define YEAR 2020
+#define YEAR 2021
 #define MON  7

 static int tick = 0;
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/smc/.cproject
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/smc/.cproject
@@ -44,18 +44,19 @@
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.40700832" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.fpu.yes" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include.1698327371" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.compiler.option.include" valueType="includePath">
 									<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_sys_time_rx/src}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_ether_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_cmt_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_driver_rx/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
 								</option>
@@ -78,7 +79,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.322327641" name="追加するオプション（すべての指定オプションの後ろに追加）&#10;" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1981032357" name="プログラムの文字コード (-euc/-sjis/-latin1/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1981032357" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
 								<inputType id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType.1925809882" name="Assembler InputType" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.inputType"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker.1186652965" name="Linker" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.linker">
@@ -102,7 +103,11 @@
 									<listOptionValue builtIn="false" value="&quot;.\smc.lib&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.702731379" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" valueType="stringList">
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx66t_rx72t_little.lib}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx65n_little.lib}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little.lib}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx231_rx23w_little.lib}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 								</option>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian.267645921" name="Library Generator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.librarian">
@@ -122,6 +127,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.1353925049" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.1953735364" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1515705145" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
 						</toolChain>
@@ -143,4 +149,4 @@
 	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
 	<storageModule moduleId="refreshScope"/>
 	<storageModule moduleId="org.eclipse.cdt.make.core.buildtargets"/>
-</cproject>
+</cproject>
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/smc/smc.scfg
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/smc/smc.scfg
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/test/.cproject
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/test/.cproject
@@ -14,7 +14,7 @@
 			</storageModule>
 			<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
 				<option id="toolchain.id" value="Renesas_RXC"/>
-				<option id="toolchain.version" value="v3.02.00"/>
+				<option id="toolchain.version" value="v3.03.00"/>
 				<option id="toolchain.enable" value="true"/>
 			</storageModule>
 			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
@@ -46,6 +46,7 @@
 									<listOptionValue builtIn="false" value="${TCINSTALL}/include"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../../../../&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/Config_TMR0}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_bsp}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_config}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx}&quot;"/>
@@ -85,7 +86,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.912893655" name="追加するオプション（すべての指定オプションの後ろに追加）&#10;" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.864537553" name="プログラムの文字コード (-euc/-sjis/-latin1/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.864537553" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1616986135" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" useByScannerDiscovery="false" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -112,11 +113,13 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList.1237940973" name="(リンク順序のリスト) (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.noneLinkageOrderList" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;.\src\benchmark.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\key_data.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/Config_TMR0\Config_TMR0.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/Config_TMR0\Config_TMR0_user.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_cg_hardware_setup.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_smc_cgc.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_smc_cgc_user.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/general\r_smc_interrupt.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx65n\hwsetup.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/board/generic_rx72n\hwsetup.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/all\dbsct.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/all\lowlvl.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/all\lowsrc.obj&quot;"/>
@@ -130,15 +133,15 @@
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/all\r_rx_intrinsic_functions.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/all\resetprg.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/all\sbrk.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_clocks.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_init.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_interrupts.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\mcu_mapped_interrupts.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx65n\vecttbl.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx72n\mcu_clocks.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx72n\mcu_init.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx72n\mcu_interrupts.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx72n\mcu_mapped_interrupts.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_bsp/mcu/rx72n\vecttbl.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_cmt_rx/src\r_cmt_rx.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_ether_rx/src/phy\phy.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_ether_rx/src\r_ether_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_ether_rx/src/targets/rx65n\r_ether_setting_rx65n.obj&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_ether_rx/src/targets/rx72n\r_ether_setting_rx72n.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_pincfg\Pin.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_pincfg\r_ether_rx_pinset.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_sys_time_rx/src\r_sys_time_rx.obj&quot;"/>
@@ -146,165 +149,6 @@
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_t4_driver_rx/src\t4_driver.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_t4_driver_rx/src\timer.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_t4_rx/src\config_tcpudp.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function000.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function001.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function002.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function003.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function004.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function005.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function006.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function007.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function008.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function009.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function010.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function011.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function022.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function023.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function025.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function030.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function050.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function051.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function052.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function053.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function054.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function100.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function101.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function102.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function103.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function200.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function202.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function205.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function206.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_function207.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p00.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p01.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p02.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p03.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p04.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p05.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p06.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p07.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p08.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0a.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0b.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0c.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0d.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0e.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p0f.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p10.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p14.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p18.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p1e.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p1f.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p20.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p21.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p22.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p23.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p26.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p29.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p2a.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p2b.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p2c.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p31.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p32.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p33.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p34.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p35.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p36.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p37.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p38.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p39.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p3a.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p3b.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p3c.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p3d.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p41.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p42.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p43.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p44.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p45.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p46.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p47.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p48.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p49.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p4a.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p4b.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p4c.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p4d.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p50.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p51.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p52.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p53.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p54.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p56.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p57.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p59.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p5a.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p5b.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p5c.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p5d.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p5e.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p60.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p62.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p63.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p6a.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p6b.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p71.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p72.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p73.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p74.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p75.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p76.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p77.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p78.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p80.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p95.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p96.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p97.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p98.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_p99.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pa0.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pa1.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pa2.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pa3.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pa4.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pa5.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pa6.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pd5.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pd9.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pda.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pdb.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pdf.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe0.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe1.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe2.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe3.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe4.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe5.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe6.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe7.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe8.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pe9.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pf0.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pf1.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pf3.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pf4.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_pfa.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_subprc01.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_subprc02.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_subprc03.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\r_tsip_rx_subprc04.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n/ip\s_flash.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_aes_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_ecc_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_kw_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_md5_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_rsa_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_rx_private.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_sha_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_tdes_rx.obj&quot;"/>
-									<listOptionValue builtIn="false" value="&quot;.\src/smc_gen/r_tsip_rx/src/targets/rx65n\r_tsip_tls_rx.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\test.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\test_main.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\src\wolf_client.obj&quot;"/>
@@ -312,10 +156,12 @@
 									<listOptionValue builtIn="false" value="&quot;.\src\wolfssl_dummy.obj&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;.\test.lib&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little_debug.lib}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile.1438206933" name="リンクするリロケータブル・ファイル、ライブラリ・ファイルおよびバイナリ・ファイル (-input/-library/-binary)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.linker.option.inputFile" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_t4_rx/lib/ccrx/T4_Library_ether_ccrx_rxv1_little_debug.lib}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_tsip_rx/lib/ccrx/r_tsip_rx72m_rx72n_rx66n_little.lib}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../wolfssl/Debug/wolfssl.lib&quot;"/>
 								</option>
 							</tool>
@@ -337,6 +183,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.289006348" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.172365501" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.318974000" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
 						</toolChain>
@@ -347,6 +194,7 @@
 				</configuration>
 			</storageModule>
 			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+			<storageModule moduleId="com.renesas.cdt.managedbuild.core.boardInfo"/>
 		</cconfiguration>
 		<cconfiguration id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.992474000">
 			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.renesas.cdt.managedbuild.renesas.ccrx.debug.configuration.992474000" moduleId="org.eclipse.cdt.core.settings" name="Debug">
@@ -430,7 +278,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter.67379527" name="追加するオプション（すべての指定オプションの後ろに追加）&#10;" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
-								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1186358257" name="プログラムの文字コード (-euc/-sjis/-latin1/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.1186358257" name="プログラムの文字コード (-euc/-sjis/-latin1/-utf8/-big5/-gb2312)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.characterCode.utf8" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include.1360045103" name="インクルード・ファイルを検索するフォルダ (-include)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.assembler.option.include" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/general}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src/smc_gen/r_pincfg}&quot;"/>
@@ -477,6 +325,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter.900284814" name="追加するオプション（すべての指定オプションの後ろに追加）" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.userAfter" useByScannerDiscovery="false" valueType="stringList">
 									<listOptionValue builtIn="false" value=""/>
 								</option>
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.376126009" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1118615463" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
 						</toolChain>
@@ -505,4 +354,4 @@
 		</configuration>
 	</storageModule>
 	<storageModule moduleId="org.eclipse.cdt.make.core.buildtargets"/>
-</cproject>
+</cproject>
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/test/src/key_data.c
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/test/src/key_data.c
@@ -72,22 +72,22 @@ const st_key_block_data_t g_key_block_data =
 /* ./ca-cert.der.sign,  */
 const unsigned char ca_cert_sig[] =
 {
-0x04,0x1C,0x4C,0x29,0x93,0x38,0x78,0x72,0x32,0x55,0x90,0x4F,0xA7,0x43,0xC8,0x00,
-0x98,0x75,0xC8,0x62,0x37,0xEC,0x8F,0xAD,0x8F,0x98,0x04,0x5B,0xC9,0x50,0xD2,0xE3,
-0xC3,0x89,0x21,0xC7,0xF4,0x43,0x27,0xFB,0xC0,0x7A,0x17,0x45,0x5C,0x10,0x23,0x1B,
-0xC0,0x63,0x2F,0x61,0xE5,0xEE,0x0B,0x89,0xF2,0x6E,0x6B,0x49,0xFB,0xD4,0xB5,0x89,
-0xED,0xB4,0x7F,0x70,0xA0,0x68,0x44,0x6F,0xE6,0x15,0x0F,0x0C,0x78,0x9D,0x4C,0xBD,
-0x1C,0x24,0x50,0xAE,0xD2,0xB4,0x53,0xA5,0x7C,0x5F,0x5D,0x8C,0x8C,0x37,0xAB,0x72,
-0x61,0x83,0x39,0xDD,0x76,0x86,0xB4,0xEC,0xCF,0x57,0x35,0xC4,0x56,0x6B,0x45,0xCE,
-0x4C,0x06,0x35,0xBE,0xF2,0x95,0x5A,0x37,0x43,0x15,0x7F,0x42,0x3A,0xBA,0x90,0xE7,
-0x01,0x37,0x10,0x46,0x5B,0x65,0x7D,0x2F,0xAF,0x9F,0xCB,0xBB,0xFF,0x0D,0x5D,0xE0,
-0xCD,0xA8,0x09,0x62,0xCA,0x38,0x10,0x09,0x1B,0x81,0x2D,0xC2,0x3E,0x15,0x9E,0x36,
-0x6B,0x10,0xF9,0xD9,0x55,0xBF,0x93,0x79,0xC0,0x0D,0x74,0x31,0x83,0xA4,0xB9,0x66,
-0x30,0x6C,0xC9,0xA9,0xE6,0x93,0xF0,0x1D,0x61,0x18,0xBD,0x95,0xA5,0xB4,0x0F,0x69,
-0xCD,0xD7,0xA3,0x4A,0x74,0x8B,0xBE,0x2D,0x90,0xA5,0x49,0x69,0x9B,0x59,0x29,0x3A,
-0x4D,0x77,0xF0,0x4F,0x37,0x42,0x89,0x67,0xE2,0x62,0x91,0xC6,0x25,0xA6,0x2B,0x35,
-0x2C,0x59,0x60,0xB4,0xAF,0x9F,0xBF,0x43,0x4E,0x32,0x11,0xCE,0x8F,0x7A,0x4C,0xA4,
-0x26,0xBF,0x3A,0x35,0x70,0xD6,0x9F,0x0C,0x76,0xC8,0xCA,0x94,0xA0,0xD4,0x0B,0x2D
+	0x0E,0xC3,0x9B,0x77,0xF8,0x58,0x08,0x9E,0x5D,0x1E,0x03,0x8D,0x60,0xD1,0xF6,0x3E,
+	0x3D,0xFF,0x89,0x4C,0x91,0x5C,0x00,0xEB,0x05,0xE5,0x65,0x62,0x17,0xFB,0xD4,0x52,
+	0x69,0x9D,0xB8,0x07,0xAF,0xA9,0x4C,0xA5,0xB9,0x8D,0x52,0xC0,0xF3,0x34,0x13,0x67,
+	0x40,0xAA,0xE1,0xA3,0x9E,0x5D,0x0F,0xCE,0x87,0xB0,0x10,0xB4,0x79,0x8F,0x84,0x21,
+	0x81,0xC2,0xF9,0xF7,0xDB,0xCB,0x8F,0xE4,0x9B,0xF5,0x85,0x9D,0x11,0x04,0xFB,0xA7,
+	0xFD,0x13,0x6F,0x02,0xA5,0xBF,0xE0,0x89,0x62,0x5E,0x24,0x95,0xF6,0x01,0x7D,0x7F,
+	0xB5,0xD1,0xDD,0xF3,0x3B,0xD5,0x04,0x54,0xE1,0x8E,0xA8,0x3D,0x30,0xB3,0x35,0x76,
+	0xAF,0xA7,0x94,0xD7,0x59,0x82,0x38,0x2C,0xD6,0x95,0x57,0xD1,0xD5,0x62,0xB1,0x69,
+	0x60,0xCD,0x3F,0x7D,0x0E,0x9F,0x00,0x21,0x04,0xFE,0x43,0xBD,0x7D,0x3D,0xA7,0x6B,
+	0xC5,0x82,0x92,0xDE,0xB7,0xA3,0xD4,0x7D,0x3C,0x14,0x46,0x28,0x50,0xCA,0x86,0x9F,
+	0x66,0x4C,0xB0,0x46,0x46,0x4D,0x31,0xD6,0x7B,0xEC,0xBA,0xED,0xA1,0xF9,0x88,0x68,
+	0xB9,0xA9,0xDA,0x88,0x63,0x01,0x95,0x5B,0x78,0x38,0x03,0xD6,0xDF,0x86,0xC4,0x3E,
+	0x3B,0xCF,0xED,0x8B,0x2A,0x41,0x49,0x65,0x3E,0x2F,0x45,0x71,0xD8,0x0B,0xF1,0xF0,
+	0xC7,0xB5,0x2E,0xBE,0xF0,0x71,0xDE,0x40,0xB0,0x54,0x25,0xD7,0x4A,0x86,0xF1,0xB9,
+	0xF6,0xAB,0x07,0x07,0x21,0x7C,0x15,0x7B,0x1F,0xCF,0xE4,0x1F,0x0B,0xEB,0x0E,0x96,
+	0xE5,0x59,0x34,0xC6,0x4B,0x1B,0xF6,0xC7,0x6C,0x4C,0x16,0x43,0x72,0xAF,0x82,0x1E
 };
 const int sizeof_ca_cert_sig = sizeof(ca_cert_sig);
 /* ./client-cert.der.sign,  */
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/test/src/wolfssl_demo.h
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/test/src/wolfssl_demo.h
@@ -26,15 +26,15 @@

 /* Enable wolfcrypt test */
 /* can be enabled with benchmark test */
-/* #define CRYPT_TEST    */
+/* #define CRYPT_TEST */

 /* Enable benchmark               */
 /* can be enabled with cyrpt test */
-/* #define BENCHMARK*/
+/*#define BENCHMARK*/

 /* Enable TLS client     */
 /* cannot enable with other definition */
-/* #define TLS_CLIENT*/
+ #define TLS_CLIENT

 /* Enable TLS server     */
 /* cannot enable with other definition */
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/test/test_HardwareDebug.launch
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/test/test_HardwareDebug.launch
@@ -1,167 +1,167 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <launchConfiguration type="com.renesas.cdt.launch.dsf.gdbremote.launchConfigurationType">
-<stringAttribute key="com.renesas.cdt.core.additionalServerArgs" value=""/>
-<stringAttribute key="com.renesas.cdt.core.initCommands" value=""/>
-<stringAttribute key="com.renesas.cdt.core.ipAddress" value="localhost"/>
-<stringAttribute key="com.renesas.cdt.core.jtagDevice" value="E2 Lite (RX)"/>
-<stringAttribute key="com.renesas.cdt.core.jtagDeviceId" value="com.renesas.hardwaredebug.rx.e2"/>
-<listAttribute key="com.renesas.cdt.core.listGDBExe">
-<listEntry value="rx-elf-gdb -rx-force-isa=v3 -rx-force-double-fpu"/>
-</listAttribute>
-<listAttribute key="com.renesas.cdt.core.listGDBLaunchName">
-<listEntry value="main"/>
-</listAttribute>
-<listAttribute key="com.renesas.cdt.core.listGDBPort">
-<listEntry value="61234"/>
-</listAttribute>
-<stringAttribute key="com.renesas.cdt.core.optionInitCommands" value="monitor set_internal_mem_overwrite 0-645&#10;"/>
-<intAttribute key="com.renesas.cdt.core.portNumber" value="61234"/>
-<stringAttribute key="com.renesas.cdt.core.runCommands" value=""/>
-<stringAttribute key="com.renesas.cdt.core.secondGDBExe" value="green_dsp-elf-gdb"/>
-<booleanAttribute key="com.renesas.cdt.core.secondGDBSupport" value="false"/>
-<intAttribute key="com.renesas.cdt.core.secondGdbPortNumber" value="61237"/>
-<stringAttribute key="com.renesas.cdt.core.serverParam" value="-g E2LITE  -t R5F572NN  -uClockSrcHoco= 0 -uInputClock= 16.0000 -uAllowClockSourceInternal= 1 -uUseFine= 1 -uFineBaudRate= 1.50 -w 0 -z 0 -uRegisterSetting= 0 -uModePin= 0 -uChangeStartupBank= 0 -uStartupBank= 0 -uDebugMode= 0 -uExecuteProgram= 0 -uIdCode= FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -uresetOnReload= 1 -n 0 -uWorkRamAddress= 1000 -uProgReWriteIRom= 0 -uProgReWriteDFlash= 0 -uhookWorkRamAddr= 0x7fb40 -uhookWorkRamSize= 0x4c0"/>
-<booleanAttribute key="com.renesas.cdt.core.startServer" value="true"/>
-<stringAttribute key="com.renesas.cdt.core.targetDevice" value="R5F572NN"/>
-<booleanAttribute key="com.renesas.cdt.core.useRemoteTarget" value="true"/>
-<booleanAttribute key="com.renesas.cdt.core.verboseMode" value="false"/>
-<stringAttribute key="com.renesas.cdt.debug.ioview.dsf.registerSelection0" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;&#13;&#10;&lt;selectedRegisterList ioFilePath=&quot;F:\Work\Renesas\e2studio\DebugComp\RX\Iofiles\RX72N.sfrx&quot;/&gt;&#13;&#10;"/>
-<stringAttribute key="com.renesas.cdt.launch.dsf.IO_MAP" value="${support_area_loc}"/>
-<booleanAttribute key="com.renesas.cdt.launch.dsf.USE_DEFAULT_IO_MAP" value="true"/>
-<listAttribute key="com.renesas.cdt.launch.dsf.downloadImages">
-<listEntry value="|true|true|true|0|true|No core"/>
-</listAttribute>
-<booleanAttribute key="com.renesas.cdt.launch.dsf.downloadImagesUpgradedV30" value="true"/>
-<stringAttribute key="com.renesas.cdt.launch.dsf.launchSeqType" value="com.renesas.cdt.launch.dsf.launchSequence.e2GdbServer"/>
-<stringAttribute key="com.renesas.cdt.launch.dsf.serverPath" value="${renesas.support.targetLoc:rx-debug}\e2-server-gdb"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.allow.change.startup_bank" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.allow.clock.source.internal" value="true"/>
-<intAttribute key="com.renesas.hardwaredebug.e1.clock_source" value="0"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.connection.mode" value="0"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.e1_pwr" value="true"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.enable.hot.plug" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.execute.program" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.external_memory" value=""/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.fine.baud.rate" value="2.00"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.flash_overwrite_blocks" value="0-581"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.hook_Stop_func" value="0x0"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.hook_enable_Stop" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.hook_enable_start" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.hook_start_func" value="0x0"/>
-<intAttribute key="com.renesas.hardwaredebug.e1.hook_work_ram_Addr" value="261584"/>
-<intAttribute key="com.renesas.hardwaredebug.e1.hook_work_ram_Size" value="560"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.id_code" value="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.inputclock" value="12.0000"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.jtag.clock.freq" value="16.5"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.jtag.or.fine" value="1"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.le" value="true"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.mode" value="0"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.mode_pin" value="0"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.prog_rewrite_dflash" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.e1.prog_rewrite_irom" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.serial_number" value=""/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.startup_bank" value="0"/>
-<stringAttribute key="com.renesas.hardwaredebug.e1.supply.voltage" value="3.3V"/>
-<intAttribute key="com.renesas.hardwaredebug.e1.timer_clock" value="0"/>
-<intAttribute key="com.renesas.hardwaredebug.e1.work_ram_start" value="4096"/>
-<booleanAttribute key="com.renesas.hardwaredebug.ez.allow.clock.source.internal" value="true"/>
-<intAttribute key="com.renesas.hardwaredebug.ez.clock_source" value="1"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.connection.mode" value="0"/>
-<booleanAttribute key="com.renesas.hardwaredebug.ez.enable.hot.plug" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.ez.execute.program" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.external_memory" value=""/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.fine.baud.rate" value="1.00"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.flash_overwrite_blocks" value="0-31"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.hook_Stop_func" value="0x0"/>
-<booleanAttribute key="com.renesas.hardwaredebug.ez.hook_enable_Stop" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.ez.hook_enable_start" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.hook_start_func" value="0x0"/>
-<intAttribute key="com.renesas.hardwaredebug.ez.hook_work_ram_Addr" value="9680"/>
-<intAttribute key="com.renesas.hardwaredebug.ez.hook_work_ram_Size" value="560"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.id_code" value="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.inputclock" value="22.0"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.jtag.clock.freq" value="16.5"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.jtag.or.fine" value="1"/>
-<booleanAttribute key="com.renesas.hardwaredebug.ez.le" value="true"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.mode" value="0"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.mode_pin" value="0"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.power.voltage" value="0.0000"/>
-<booleanAttribute key="com.renesas.hardwaredebug.ez.prog_rewrite_dflash" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.ez.prog_rewrite_irom" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.ez.serial_number" value=""/>
-<intAttribute key="com.renesas.hardwaredebug.ez.timer_clock" value="0"/>
-<intAttribute key="com.renesas.hardwaredebug.ez.work_ram_start" value="4096"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e1.E1DebugToolSettingsTree.resetAfterReload" value="true"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2.E2LiteDebugToolSettingsTree.resetAfterReload" value="true"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.allow.change.startup_bank" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.allow.clock.source.internal" value="true"/>
-<intAttribute key="com.renesas.hardwaredebug.rx.e2lite.clock_source" value="0"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.connection.mode" value="0"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.e2lite_pwr" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.enable.hot.plug" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.execute.program" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.external_memory" value=""/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.fine.baud.rate" value="1.50"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.flash_overwrite_blocks" value="0-645"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_Stop_func" value="0x0"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_enable_Stop" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_enable_start" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_start_func" value="0x0"/>
-<intAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_work_ram_Addr" value="523072"/>
-<intAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_work_ram_Size" value="1216"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.id_code" value="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.inputclock" value="16.0000"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.jtag.clock.freq" value="6.00"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.jtag.or.fine" value="1"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.le" value="true"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.mode" value="0"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.mode_pin" value="0"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.prog_rewrite_dflash" value="false"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.prog_rewrite_irom" value="false"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.serial_number" value=""/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.startup_bank" value="0"/>
-<stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.supply.voltage" value="3.3"/>
-<intAttribute key="com.renesas.hardwaredebug.rx.e2lite.timer_clock" value="0"/>
-<intAttribute key="com.renesas.hardwaredebug.rx.e2lite.work_ram_start" value="4096"/>
-<booleanAttribute key="com.renesas.hardwaredebug.rx.ez.EzDebugToolSettingsTree.resetAfterReload" value="true"/>
-<booleanAttribute key="com.renesas.hardwaredebug.timemeasurement" value="true"/>
-<intAttribute key="org.eclipse.cdt.debug.gdbjtag.core.delay" value="3"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.doHalt" value="false"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.doReset" value="false"/>
-<stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.imageFileName" value="F:\Work\RX72NEnvisionKit\IDE\Renesas\e2studio\RX72NEnvisionKit\test\HardwareDebug\test.x"/>
-<stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.imageOffset" value="0"/>
-<stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.initCommands" value=""/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.loadImage" value="true"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.loadSymbols" value="true"/>
-<stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.pcRegister" value=""/>
-<stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.runCommands" value=""/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.setPcRegister" value="false"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.setResume" value="false"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.setStopAt" value="true"/>
-<stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.stopAt" value="main"/>
-<stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.symbolsFileName" value="F:\Work\RX72NEnvisionKit\IDE\Renesas\e2studio\RX72NEnvisionKit\test\HardwareDebug\test.x"/>
-<stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.symbolsOffset" value="0"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.useFileForImage" value="false"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.useFileForSymbols" value="false"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.useProjBinaryForImage" value="true"/>
-<booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.useProjBinaryForSymbols" value="true"/>
-<stringAttribute key="org.eclipse.cdt.dsf.gdb.DEBUG_NAME" value="rx-elf-gdb -rx-force-isa=v3 -rx-force-double-fpu"/>
-<booleanAttribute key="org.eclipse.cdt.dsf.gdb.NON_STOP" value="true"/>
-<intAttribute key="org.eclipse.cdt.launch.ATTR_BUILD_BEFORE_LAUNCH_ATTR" value="2"/>
-<stringAttribute key="org.eclipse.cdt.launch.COREFILE_PATH" value=""/>
-<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_START_MODE" value="remote"/>
-<booleanAttribute key="org.eclipse.cdt.launch.DEBUGGER_STOP_AT_MAIN" value="true"/>
-<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_STOP_AT_MAIN_SYMBOL" value="main"/>
-<stringAttribute key="org.eclipse.cdt.launch.PROGRAM_NAME" value="HardwareDebug/test.x"/>
-<stringAttribute key="org.eclipse.cdt.launch.PROJECT_ATTR" value="test"/>
-<booleanAttribute key="org.eclipse.cdt.launch.PROJECT_BUILD_CONFIG_AUTO_ATTR" value="true"/>
-<stringAttribute key="org.eclipse.cdt.launch.PROJECT_BUILD_CONFIG_ID_ATTR" value="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.configuration.1378385971"/>
-<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
-<listEntry value="/test"/>
-</listAttribute>
-<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
-<listEntry value="4"/>
-</listAttribute>
-<stringAttribute key="org.eclipse.dsf.launch.MEMORY_BLOCKS" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;&#13;&#10;&lt;memoryBlockExpressionList context=&quot;reserved-for-future-use&quot;/&gt;&#13;&#10;"/>
-<stringAttribute key="process_factory_id" value="org.eclipse.cdt.dsf.gdb.GdbProcessFactory"/>
+    <stringAttribute key="com.renesas.cdt.core.additionalServerArgs" value=""/>
+    <stringAttribute key="com.renesas.cdt.core.initCommands" value=""/>
+    <stringAttribute key="com.renesas.cdt.core.ipAddress" value="localhost"/>
+    <stringAttribute key="com.renesas.cdt.core.jtagDevice" value="E2 Lite (RX)"/>
+    <stringAttribute key="com.renesas.cdt.core.jtagDeviceId" value="com.renesas.hardwaredebug.rx.e2"/>
+    <listAttribute key="com.renesas.cdt.core.listGDBExe">
+        <listEntry value="rx-elf-gdb -rx-force-isa=v3 -rx-force-double-fpu"/>
+    </listAttribute>
+    <listAttribute key="com.renesas.cdt.core.listGDBLaunchName">
+        <listEntry value="main"/>
+    </listAttribute>
+    <listAttribute key="com.renesas.cdt.core.listGDBPort">
+        <listEntry value="61234"/>
+    </listAttribute>
+    <stringAttribute key="com.renesas.cdt.core.optionInitCommands" value="monitor set_internal_mem_overwrite 0-645&#10;"/>
+    <intAttribute key="com.renesas.cdt.core.portNumber" value="61234"/>
+    <stringAttribute key="com.renesas.cdt.core.runCommands" value=""/>
+    <stringAttribute key="com.renesas.cdt.core.secondGDBExe" value="green_dsp-elf-gdb"/>
+    <booleanAttribute key="com.renesas.cdt.core.secondGDBSupport" value="false"/>
+    <intAttribute key="com.renesas.cdt.core.secondGdbPortNumber" value="61237"/>
+    <stringAttribute key="com.renesas.cdt.core.serverParam" value="-g E2LITE  -t R5F572NN  -uClockSrcHoco= 0 -uInputClock= 16.0000 -uAllowClockSourceInternal= 1 -uUseFine= 1 -uFineBaudRate= 1.50 -w 0 -z 0 -uRegisterSetting= 0 -uModePin= 0 -uChangeStartupBank= 0 -uStartupBank= 0 -uDebugMode= 0 -uExecuteProgram= 0 -uIdCode= FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF -uresetOnReload= 1 -n 0 -uWorkRamAddress= 1000 -uProgReWriteIRom= 0 -uProgReWriteDFlash= 0 -uhookWorkRamAddr= 0x7fb40 -uhookWorkRamSize= 0x4c0"/>
+    <booleanAttribute key="com.renesas.cdt.core.startServer" value="true"/>
+    <stringAttribute key="com.renesas.cdt.core.targetDevice" value="R5F572NN"/>
+    <booleanAttribute key="com.renesas.cdt.core.useRemoteTarget" value="true"/>
+    <booleanAttribute key="com.renesas.cdt.core.verboseMode" value="false"/>
+    <stringAttribute key="com.renesas.cdt.debug.ioview.dsf.registerSelection0" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;&#13;&#10;&lt;selectedRegisterList ioFilePath=&quot;C:\Users\Taka\.eclipse\com.renesas.platform_1380223289\DebugComp\RX\IoFiles\RX72N.sfrx&quot;/&gt;&#13;&#10;"/>
+    <stringAttribute key="com.renesas.cdt.launch.dsf.IO_MAP" value="${support_area_loc}"/>
+    <booleanAttribute key="com.renesas.cdt.launch.dsf.USE_DEFAULT_IO_MAP" value="true"/>
+    <listAttribute key="com.renesas.cdt.launch.dsf.downloadImages">
+        <listEntry value="|true|true|true|0|true|No core"/>
+    </listAttribute>
+    <booleanAttribute key="com.renesas.cdt.launch.dsf.downloadImagesUpgradedV30" value="true"/>
+    <stringAttribute key="com.renesas.cdt.launch.dsf.launchSeqType" value="com.renesas.cdt.launch.dsf.launchSequence.e2GdbServer"/>
+    <stringAttribute key="com.renesas.cdt.launch.dsf.serverPath" value="${renesas.support.targetLoc:rx-debug}\e2-server-gdb"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.allow.change.startup_bank" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.allow.clock.source.internal" value="true"/>
+    <intAttribute key="com.renesas.hardwaredebug.e1.clock_source" value="0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.connection.mode" value="0"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.e1_pwr" value="true"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.enable.hot.plug" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.execute.program" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.external_memory" value=""/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.fine.baud.rate" value="2.00"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.flash_overwrite_blocks" value="0-581"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.hook_Stop_func" value="0x0"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.hook_enable_Stop" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.hook_enable_start" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.hook_start_func" value="0x0"/>
+    <intAttribute key="com.renesas.hardwaredebug.e1.hook_work_ram_Addr" value="261584"/>
+    <intAttribute key="com.renesas.hardwaredebug.e1.hook_work_ram_Size" value="560"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.id_code" value="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.inputclock" value="12.0000"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.jtag.clock.freq" value="16.5"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.jtag.or.fine" value="1"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.le" value="true"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.mode" value="0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.mode_pin" value="0"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.prog_rewrite_dflash" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.e1.prog_rewrite_irom" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.serial_number" value=""/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.startup_bank" value="0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.e1.supply.voltage" value="3.3V"/>
+    <intAttribute key="com.renesas.hardwaredebug.e1.timer_clock" value="0"/>
+    <intAttribute key="com.renesas.hardwaredebug.e1.work_ram_start" value="4096"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.ez.allow.clock.source.internal" value="true"/>
+    <intAttribute key="com.renesas.hardwaredebug.ez.clock_source" value="1"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.connection.mode" value="0"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.ez.enable.hot.plug" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.ez.execute.program" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.external_memory" value=""/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.fine.baud.rate" value="1.00"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.flash_overwrite_blocks" value="0-31"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.hook_Stop_func" value="0x0"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.ez.hook_enable_Stop" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.ez.hook_enable_start" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.hook_start_func" value="0x0"/>
+    <intAttribute key="com.renesas.hardwaredebug.ez.hook_work_ram_Addr" value="9680"/>
+    <intAttribute key="com.renesas.hardwaredebug.ez.hook_work_ram_Size" value="560"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.id_code" value="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.inputclock" value="22.0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.jtag.clock.freq" value="16.5"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.jtag.or.fine" value="1"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.ez.le" value="true"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.mode" value="0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.mode_pin" value="0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.power.voltage" value="0.0000"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.ez.prog_rewrite_dflash" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.ez.prog_rewrite_irom" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.ez.serial_number" value=""/>
+    <intAttribute key="com.renesas.hardwaredebug.ez.timer_clock" value="0"/>
+    <intAttribute key="com.renesas.hardwaredebug.ez.work_ram_start" value="4096"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e1.E1DebugToolSettingsTree.resetAfterReload" value="true"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2.E2LiteDebugToolSettingsTree.resetAfterReload" value="true"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.allow.change.startup_bank" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.allow.clock.source.internal" value="true"/>
+    <intAttribute key="com.renesas.hardwaredebug.rx.e2lite.clock_source" value="0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.connection.mode" value="0"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.e2lite_pwr" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.enable.hot.plug" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.execute.program" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.external_memory" value=""/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.fine.baud.rate" value="1.50"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.flash_overwrite_blocks" value="0-645"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_Stop_func" value="0x0"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_enable_Stop" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_enable_start" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_start_func" value="0x0"/>
+    <intAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_work_ram_Addr" value="523072"/>
+    <intAttribute key="com.renesas.hardwaredebug.rx.e2lite.hook_work_ram_Size" value="1216"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.id_code" value="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.inputclock" value="16.0000"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.jtag.clock.freq" value="6.00"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.jtag.or.fine" value="1"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.le" value="true"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.mode" value="0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.mode_pin" value="0"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.prog_rewrite_dflash" value="false"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.e2lite.prog_rewrite_irom" value="false"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.serial_number" value=""/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.startup_bank" value="0"/>
+    <stringAttribute key="com.renesas.hardwaredebug.rx.e2lite.supply.voltage" value="3.3"/>
+    <intAttribute key="com.renesas.hardwaredebug.rx.e2lite.timer_clock" value="0"/>
+    <intAttribute key="com.renesas.hardwaredebug.rx.e2lite.work_ram_start" value="4096"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.rx.ez.EzDebugToolSettingsTree.resetAfterReload" value="true"/>
+    <booleanAttribute key="com.renesas.hardwaredebug.timemeasurement" value="true"/>
+    <intAttribute key="org.eclipse.cdt.debug.gdbjtag.core.delay" value="3"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.doHalt" value="false"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.doReset" value="false"/>
+    <stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.imageFileName" value="F:\Work\RX72NEnvisionKit\IDE\Renesas\e2studio\RX72NEnvisionKit\test\HardwareDebug\test.x"/>
+    <stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.imageOffset" value="0"/>
+    <stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.initCommands" value=""/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.loadImage" value="true"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.loadSymbols" value="true"/>
+    <stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.pcRegister" value=""/>
+    <stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.runCommands" value=""/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.setPcRegister" value="false"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.setResume" value="false"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.setStopAt" value="true"/>
+    <stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.stopAt" value="main"/>
+    <stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.symbolsFileName" value="F:\Work\RX72NEnvisionKit\IDE\Renesas\e2studio\RX72NEnvisionKit\test\HardwareDebug\test.x"/>
+    <stringAttribute key="org.eclipse.cdt.debug.gdbjtag.core.symbolsOffset" value="0"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.useFileForImage" value="false"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.useFileForSymbols" value="false"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.useProjBinaryForImage" value="true"/>
+    <booleanAttribute key="org.eclipse.cdt.debug.gdbjtag.core.useProjBinaryForSymbols" value="true"/>
+    <stringAttribute key="org.eclipse.cdt.dsf.gdb.DEBUG_NAME" value="rx-elf-gdb -rx-force-isa=v3 -rx-force-double-fpu"/>
+    <booleanAttribute key="org.eclipse.cdt.dsf.gdb.NON_STOP" value="true"/>
+    <intAttribute key="org.eclipse.cdt.launch.ATTR_BUILD_BEFORE_LAUNCH_ATTR" value="2"/>
+    <stringAttribute key="org.eclipse.cdt.launch.COREFILE_PATH" value=""/>
+    <stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_START_MODE" value="remote"/>
+    <booleanAttribute key="org.eclipse.cdt.launch.DEBUGGER_STOP_AT_MAIN" value="true"/>
+    <stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_STOP_AT_MAIN_SYMBOL" value="main"/>
+    <stringAttribute key="org.eclipse.cdt.launch.PROGRAM_NAME" value="HardwareDebug/test.x"/>
+    <stringAttribute key="org.eclipse.cdt.launch.PROJECT_ATTR" value="test"/>
+    <booleanAttribute key="org.eclipse.cdt.launch.PROJECT_BUILD_CONFIG_AUTO_ATTR" value="true"/>
+    <stringAttribute key="org.eclipse.cdt.launch.PROJECT_BUILD_CONFIG_ID_ATTR" value="com.renesas.cdt.managedbuild.renesas.ccrx.hardwaredebug.configuration.1378385971"/>
+    <listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
+        <listEntry value="/test"/>
+    </listAttribute>
+    <listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
+        <listEntry value="4"/>
+    </listAttribute>
+    <stringAttribute key="org.eclipse.dsf.launch.MEMORY_BLOCKS" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;&lt;memoryBlockExpressionList context=&quot;reserved-for-future-use&quot;/&gt;"/>
+    <stringAttribute key="process_factory_id" value="org.eclipse.cdt.dsf.gdb.GdbProcessFactory"/>
 </launchConfiguration>
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/wolfssl/.cproject
@@ -14,7 +14,7 @@
 			</storageModule>
 			<storageModule moduleId="com.renesas.cdt.managedbuild.core.toolchainInfo">
 				<option id="toolchain.id" value="Renesas_RXC"/>
-				<option id="toolchain.version" value="v3.02.00"/>
+				<option id="toolchain.version" value="v3.03.00"/>
 				<option id="toolchain.enable" value="true"/>
 			</storageModule>
 			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
@@ -76,7 +76,9 @@
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.1987941672" name="浮動小数点演算命令を使用する (-fpu/-nofpu)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.fpu.yes" valueType="enumerated"/>
 								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.820377223" name="標準ライブラリを生成する条件" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.librarian.option.mode.donotAddLibrary" valueType="enumerated"/>
 							</tool>
-							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.620355579" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter"/>
+							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter.620355579" name="Converter" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.converter">
+								<option id="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile.1605130132" name="出力ファイル形式 (-form)" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOfOutputFile" useByScannerDiscovery="false" value="com.renesas.cdt.managedbuild.renesas.ccrx.converter.option.typeOFOutputFile.none" valueType="enumerated"/>
+							</tool>
 							<tool id="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig.1798199560" name="RTOS Configurator" superClass="com.renesas.cdt.managedbuild.renesas.ccrx.base.rtosConfig"/>
 						</toolChain>
 					</folderInfo>
@@ -86,6 +88,7 @@
 				</configuration>
 			</storageModule>
 			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+			<storageModule moduleId="com.renesas.cdt.managedbuild.core.boardInfo"/>
 		</cconfiguration>
 	</storageModule>
 	<storageModule moduleId="cdtBuildSystem" version="4.0.0">
@@ -101,4 +104,4 @@
 			<resource resourceType="PROJECT" workspacePath="/wolfssl"/>
 		</configuration>
 	</storageModule>
-</cproject>
+</cproject>
--- a/IDE/Renesas/e2studio/RX72NEnvisionKit/wolfssl/.project
+++ b/IDE/Renesas/e2studio/RX72NEnvisionKit/wolfssl/.project
@@ -214,6 +214,11 @@
 			<type>1</type>
 			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
 		</link>
+		<link>
+			<name>wolfcrypt/src/kdf.c</name>
+			<type>1</type>
+			<locationURI>PARENT-5-PROJECT_LOC/wolfcrypt/src/kdf.c</locationURI>
+		</link>
 		<link>
 			<name>wolfcrypt/src/hc128.c</name>
 			<type>1</type>
--- a/IDE/STM32Cube/README.md
+++ b/IDE/STM32Cube/README.md
@@ -10,7 +10,67 @@ These examples use the Cube HAL for STM32.

 ## Requirements

+You need both the STM32 IDE and the STM32 initialization code generator (STM32CubeMX) tools. The STM32CubeMX tool is used to setup a project which is used by the IDE to make any required code level changes and program / debug the STM32.
+
 * STM32CubeIDE: Integrated Development Environment for STM32 [https://www.st.com/en/development-tools/stm32cubeide.html](https://www.st.com/en/development-tools/stm32cubeide.html)
+* STM32CubeMX: STM32Cube initialization code generator [https://www.st.com/en/development-tools/stm32cubemx.html](https://www.st.com/en/development-tools/stm32cubemx.html)
+
+## STM32 Cube Pack
+
+### STM32 Cube Pack Installation
+
+1. Download [wolfSSL Cube Pack](https://www.wolfssl.com/files/ide/I-CUBE-wolfSSL.pack)
+2. Run the “STM32CubeMX” tool.
+3. Under “Manage software installations” pane on the right, click “INSTALL/REMOVE” button. This can be also found by clicking "Help" -> "Managed embedded software packages"
+4. From Local and choose “I-CUBE-wolfSSL.pack”.
+5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance.
+
+### STM32 Cube Pack Usage
+
+1. Create or open a Cube Project based on your hardware. See the sections below for creating a project and finding the example projects.
+2. Under “Software Packs” choose “Select Components”.
+3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
+4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters.
+5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option.
+6. Hit the "Generate Code" button
+7. Open the project in STM32CubeIDE
+8. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
+9. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.
+
+### STM32 Cube Pack Examples
+
+In the `I-CUBE-wolfSSL.pack` pack there are pre-assembled example projects available.
+After installing the pack you can find these example projects in `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/Projects`.
+To use an example:
+
+1. Open STM32CubeIDE
+2. Choose "Import" -> "Import an Existing STM32CubeMX Configuration File (.ioc)".
+3. Browse to find the .ioc in `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/Projects` and click finish.
+
+### Creating your own STM32CubeMX configuration
+
+If none of the examples fit your STM32 type then you can create your own in STM32CubeMX by doing the following:
+
+1. Create a project with the correct STM32 model.
+2. Click on the "Software Packs" drop down near the top and choose "Select Components".
+3. Expand the "wolfSSL" pack twice and check all the components. Then exit this menu.
+4. Under "System Core" select "SYS" and changed the "Timebase Source" to TIM1.
+5. Under "Timers" select "RTC" and make sure this is enabled.
+6. Under "Connectivity" enable whichever UART/USART you have a serial I/O connected to.
+7. Under "Middleware" select "FREERTOS" and change the interface to "CMSIS_V2".
+    1. Increase the "TOTAL_HEAP_SIZE", preferably to 120000 but on smaller chips such as the F107 you may only be able to increase this to 40000.
+    2. Enable "USE_MALLOC_FAILED_HOOK".
+    3. Change "CHECK_FOR_STACK_OVERFLOW" to "Option2".
+    4. Under "Tasks and Queues" select Add for a new task.
+    5. Set the "Task Name" to "wolfCrypt".
+    6. Set the "Stack Size" to 8960 or as high as you can close to that. The "Heap Usage" will show an error if this is too high.
+    7. Set the "Entry Function" to "wolfCryptDemo".
+    8. Set the "Code Generation Option" to "As external".
+8. In "Software Packs" select "wolfSSL" and change any options as required.
+9. Go to "Clock Configuration" and set the "HCLK" as high as the tool will let you.
+10. In "Project Manager" select the "STM32CubeIDE" toolchain.
+
+When you get to the IDE make sure you edit `wolfSSL.I-CUBE-wolfSSL_conf.h` to set the `HAL_CONSOLE_UART` to the correct one for your configuration.

 ## Configuration

@@ -55,7 +115,7 @@ With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header

 If using `STM32_AESGCM_PARTIAL` with the following patch it will enable use for all AAD header sizes. The `STM32Cube_FW_F7_V1.16.0` patch is:

-```
+```diff
 diff --git a/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h b/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
 --- a/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
 +++ b/Drivers/STM32F7xx_HAL_Driver/Inc/stm32f7xx_hal_cryp.h
@@ -86,37 +146,6 @@ If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL

 The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap. This uses both a TLS client and server to test a TLS connection locally for each enabled TLS cipher suite.

-## STM32 Cube Pack
-
-### STM32 Cube Pack Installation
-
-1. Download [wolfSSL Cube Pack](https://www.wolfssl.com/files/ide/I-CUBE-wolfSSL.pack)
-2. Run the “STM32CubeMX” tool.
-3. Under “Manage software installations” click “INSTALL/REMOVE” button.
-4. From Local and choose “I-CUBE-wolfSSL.pack”.
-5. Accept the GPLv2 license. Contact wolfSSL at sales@wolfssl.com for a commercial license and support/maintenance.
-
-### STM32 Cube Pack Usage
-
-1. Create or open a Cube Project based on your hardware.
-2. Under “Software Packs” choose “Select Components”.
-3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
-4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters.
-5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option.
-6. Generate Code
-7. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
-8. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.
-
-### STM32 Cube Pack Examples
-
-In the `I-CUBE-wolfSSL.pack` pack there are pre-assembled example projects available.
-After installing the pack you can find these example projects in `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/Projects`.
-To use an example:
-
-1. Open STM32CubeIDE
-2. Choose "Import" -> "Import an Existing STM32CubeMX Configuration File (.ioc)".
-3. Browse to find the .ioc in `STM32Cube/Repository/Packs/wolfSSL/wolfSSL/[Version]/Projects` and click finish.
-
 ## Example `IDE/STM32Cube/wolfssl_example.c` Output

 ```
@@ -140,7 +169,9 @@ Note: The Benchmark example uses float. To enable go to "Project Properties" ->

 In main.c make the following changes:

-```
+This section needs to go below the `UART_HandleTypeDef` line, otherwise `wolfssl/wolfcrypt/settings.h` will error.
+
+```c
 /* Retargets the C library printf function to the USART. */
 #include <stdio.h>
 #include <wolfssl/wolfcrypt/settings.h>
@@ -164,7 +195,11 @@ int _write(int file,char *ptr, int len)
    return len;
 }
 #endif
+```

+In the `main()` function make the follow `setvbuf()` additions after `HAL_Init()`.
+
+```c
 int main(void)
 {
    /* Reset of all peripherals, Initializes the Flash interface and the Systick. */
--- a/IDE/STM32Cube/default_conf.ftl
+++ b/IDE/STM32Cube/default_conf.ftl
@@ -21,6 +21,7 @@
 extern "C" {
 #endif

+
 /* Includes ------------------------------------------------------------------*/
 [#if includes??]
 [#list includes as include]
@@ -175,7 +176,14 @@ extern ${variable.value} ${variable.name};
 /* ------------------------------------------------------------------------- */
 /* Math Configuration */
 /* ------------------------------------------------------------------------- */
-/* 1=Fast, 2=Normal, 3=SP C, 4=SP Cortex-M */
+/* 1=Fast (stack)
+ * 2=Normal (heap)
+ * 3=Single Precision C (only common curves/key sizes)
+ * 4=Single Precision ASM Cortex-M3+
+ * 5=Single Precision ASM Cortex-M0 (Generic Thumb)
+ * 6=Single Precision C all small
+ * 7=Single Precision C all big
+ */
 #if defined(WOLF_CONF_MATH) && WOLF_CONF_MATH != 2
    /* fast (stack) math */
    #define USE_FAST_MATH
@@ -185,23 +193,41 @@ extern ${variable.value} ${variable.name};
    //#define TFM_NO_ASM
    //#define TFM_ASM
 #endif
-#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH == 3 || WOLF_CONF_MATH == 4)
+#if defined(WOLF_CONF_MATH) && (WOLF_CONF_MATH >= 3)
    /* single precision only */
    #define WOLFSSL_SP
-    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
-    #define WOLFSSL_HAVE_SP_RSA
-    #define WOLFSSL_HAVE_SP_DH
-    #define WOLFSSL_HAVE_SP_ECC
-    #define WOLFSSL_SP_MATH
+    #if WOLF_CONF_MATH != 7
+        #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #endif
+    #if defined(WOLF_CONF_RSA) && WOLF_CONF_RSA == 1
+        #define WOLFSSL_HAVE_SP_RSA
+    #endif
+    #if defined(WOLF_CONF_DH) && WOLF_CONF_DH == 1
+        #define WOLFSSL_HAVE_SP_DH
+    #endif
+    #if defined(WOLF_CONF_ECC) && WOLF_CONF_ECC == 1
+        #define WOLFSSL_HAVE_SP_ECC
+    #endif
+    #if WOLF_CONF_MATH == 6 || WOLF_CONF_MATH == 7
+        #define WOLFSSL_SP_MATH    /* disable non-standard curves / key sizes */
+    #endif
    #define SP_WORD_SIZE 32

+    /* Enable to put all math on stack (no heap) */
    //#define WOLFSSL_SP_NO_MALLOC
+    /* Enable for SP cache resistance (not usually enabled for embedded micros) */
    //#define WOLFSSL_SP_CACHE_RESISTANT

-    /* single precision Cortex-M only */
-    #if WOLF_CONF_MATH == 4
+    #if WOLF_CONF_MATH == 4 || WOLF_CONF_MATH == 5
        #define WOLFSSL_SP_ASM /* required if using the ASM versions */
-        #define WOLFSSL_SP_ARM_CORTEX_M_ASM
+        #if WOLF_CONF_MATH == 4
+            /* ARM Cortex-M3+ */
+            #define WOLFSSL_SP_ARM_CORTEX_M_ASM
+        #endif
+        #if WOLF_CONF_MATH == 5
+            /* Generic ARM Thumb (Cortex-M0) Assembly */
+            #define WOLFSSL_SP_ARM_THUMB_ASM
+        #endif
    #endif
 #endif

--- a/IDE/STM32Cube/wolfssl_example.c
+++ b/IDE/STM32Cube/wolfssl_example.c
@@ -463,12 +463,7 @@ static void ShowPeer(WOLFSSL* ssl)
    printf("%s %s\n", words[0], wolfSSL_get_version(ssl));

    cipher = wolfSSL_get_current_cipher(ssl);
-#ifdef HAVE_QSH
-    printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "",
-            wolfSSL_CIPHER_get_name(cipher));
-#else
    printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher));
-#endif
 #if defined(HAVE_ECC) || !defined(NO_DH)
    if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
        printf("%s %s\n", words[2], name);
@@ -595,9 +590,9 @@ static int ClientMemSend(info_t* info, char* buf, int sz)

 #ifndef BENCH_USE_NONBLOCK
    /* check for overflow */
-    if (info->to_client.write_idx + sz > MEM_BUFFER_SZ) {
+    if (info->to_server.write_idx + sz > MEM_BUFFER_SZ) {
        printf("ClientMemSend overflow %d %d %d\n",
-            info->to_client.write_idx, sz, MEM_BUFFER_SZ);
+            info->to_server.write_idx, sz, MEM_BUFFER_SZ);
        osSemaphoreRelease(info->server.mutex);
        return -1;
    }
@@ -1501,12 +1496,15 @@ double current_time(void)
 {
 	RTC_TimeTypeDef time;
 	RTC_DateTypeDef date;
-	uint32_t subsec;
+	uint32_t subsec = 0;

 	/* must get time and date here due to STM32 HW bug */
 	HAL_RTC_GetTime(&hrtc, &time, FORMAT_BIN);
 	HAL_RTC_GetDate(&hrtc, &date, FORMAT_BIN);
+	/* Not all STM32 RTCs have subseconds in the struct */
+#ifdef RTC_ALARMSUBSECONDMASK_ALL
 	subsec = (255 - time.SubSeconds) * 1000 / 255;
+#endif

 	(void) date;

--- a/IDE/VS-ARM/wolfssl.vcxproj
+++ b/IDE/VS-ARM/wolfssl.vcxproj
@@ -63,6 +63,7 @@
    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
    <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
    <ClCompile Include="..\..\wolfcrypt\src\idea.c" />
--- a/IDE/VS-AZURE-SPHERE/wolfssl.vcxproj
+++ b/IDE/VS-AZURE-SPHERE/wolfssl.vcxproj
@@ -45,6 +45,7 @@
    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
    <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
    <ClCompile Include="..\..\wolfcrypt\src\idea.c" />
    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
@@ -132,4 +133,4 @@
  </ItemDefinitionGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
  <ImportGroup Label="ExtensionTargets" />
-</Project>
+</Project>
--- a/IDE/WIN-SGX/ReadMe.txt
+++ b/IDE/WIN-SGX/ReadMe.txt
--- a/IDE/WIN-SGX/wolfSSL_SGX.sln
+++ b/IDE/WIN-SGX/wolfSSL_SGX.sln
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -291,6 +291,7 @@
    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
    <ClCompile Include="..\..\src\internal.c" />
    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
    <ClCompile Include="..\..\src\keys.c" />
    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
--- a/IDE/WIN10/README.txt
+++ b/IDE/WIN10/README.txt
@@ -3,7 +3,7 @@
 First, if you did not get the FIPS files with your archive, you must contact
 wolfSSL to obtain them.

-The IDE/WIN10/wolfssl-fips.sln solution is for the FIPS v2 #3389 certificate or later.
+The IDE/WIN10/wolfssl-fips.sln solution is for the FIPS 140-3 certificate or later.

 # Building the wolfssl-fips project

@@ -48,25 +48,72 @@ check value when changing your application.
 The default build options should be the proper default set of options:

 * HAVE_FIPS
- * HAVE_FIPS_VERSION=2 (or 3 with WOLFSSL_FIPS_READY)
+ * HAVE_FIPS_VERSION=5
+ * HAVE_FIPS_VERSION_MINOR=1 (Also for FIPS Ready)
 * HAVE_THREAD_LS
+ * WOLFSSL_KEY_GEN
 * HAVE_AESGCM
 * HAVE_HASHDRBG
 * WOLFSSL_SHA384
 * WOLFSSL_SHA512
+ * NO_PSK
 * NO_HC128
 * NO_RC4
 * NO_RABBIT
 * NO_DSA
 * NO_MD4
+ * WOLFSSL_SHA224
+ * WOLFSSL_SHA3
+ * WC_RSA_PSS
+ * WC_RSA_NO_PADDING
+ * HAVE_ECC
+ * ECC_SHAMIR
+ * HAVE_ECC_CDH
+ * ECC_TIMING_RESISTANT
+ * TFM_TIMING_RESISTANT
+ * WOLFSSL_AES_COUNTER
+ * WOLFSSL_AES_DIRECT
+ * HAVE_AES_ECB
+ * HAVE_AESCCM
+ * WOLFSSL_CMAC
+ * HAVE_HKDF
+ * WOLFSSL_VALIDATE_ECC_IMPORT
+ * WOLFSSL_VALIDATE_FFC_IMPORT
+ * HAVE_FFDHE_Q
+ * NO_DES
+ * NO_DES3
+ * NO_MD5
+ * NO_OLD_TLS
+ * WOLFSSL_TLS13
+ * HAVE_TLS_EXTENSIONS
+ * HAVE_SUPPORTED_CURVES
+ * GCM_TABLE_4BIT
+ * WOLFSSL_NO_SHAKE256
+ * WOLFSSL_VALIDATE_ECC_KEYGEN
+ * WOLFSSL_ECDSA_SET_K
+ * WOLFSSL_WOLFSSH
+ * WOLFSSL_PUBLIC_MP
+ * WC_RNG_SEED_CB
+ * TFM_ECC256
+ * ECC_USER_CURVES
+ * HAVE_ECC192
+ * HAVE_ECC224
+ * HAVE_ECC256
+ * HAVE_ECC384
+ * HAVE_ECC521
+ * HAVE_FFDHE_2048
+ * HAVE_FFDHE_3072
+ * HAVE_FFDHE_4096
+ * HAVE_FFDHE_6144
+ * HAVE_FFDHE_8192
+ * FP_MAX_BITS 16384

 The "NO" options explicitly disable algorithms that are not allowed in
 FIPS mode.

 Additionally one may enable:

- * HAVE_ECC
+ * WOLFSSL_AESNI
 * OPENSSL_EXTRA
- * WOLFSSL_KEY_GEN

 These settings are defined in IDE/WIN10/user_settings.h.
--- a/IDE/WIN10/test.vcxproj
+++ b/IDE/WIN10/test.vcxproj
@@ -111,7 +111,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
      <PrecompiledHeader />
@@ -130,7 +130,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
      <PrecompiledHeader />
@@ -147,7 +147,7 @@
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <ClCompile>
      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
      <PrecompiledHeader />
      <WarningLevel>Level3</WarningLevel>
@@ -168,7 +168,7 @@
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <ClCompile>
      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
      <PrecompiledHeader />
      <WarningLevel>Level3</WarningLevel>
@@ -188,7 +188,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
      <PrecompiledHeader />
@@ -208,7 +208,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;CYASSL_USER_SETTINGS;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;CYASSL_USER_SETTINGS;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
      <PrecompiledHeader />
@@ -226,7 +226,7 @@
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
    <ClCompile>
      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
      <PrecompiledHeader />
      <WarningLevel>Level3</WarningLevel>
@@ -246,7 +246,7 @@
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
    <ClCompile>
      <AdditionalIncludeDirectories>.\;..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=2;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;USE_CERT_BUFFERS_2048;USE_CERT_BUFFERS_256;WOLFSSL_USER_SETTINGS;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
      <PrecompiledHeader />
      <WarningLevel>Level3</WarningLevel>
--- a/IDE/WIN10/user_settings.h
+++ b/IDE/WIN10/user_settings.h
@@ -1,11 +1,21 @@
 #ifndef _WIN_USER_SETTINGS_H_
 #define _WIN_USER_SETTINGS_H_

+/* Set the following to 1 for WCv5.0 build. */
+#if 0
+#undef HAVE_FIPS_VERSION
+#define HAVE_FIPS_VERSION 5
+#undef HAVE_FIPS_VERSION_MINOR
+#define HAVE_FIPS_VERSION_MINOR 1
+#endif
+
 /* For FIPS Ready, uncomment the following: */
 /* #define WOLFSSL_FIPS_READY */
 #ifdef WOLFSSL_FIPS_READY
    #undef HAVE_FIPS_VERSION
-    #define HAVE_FIPS_VERSION 3
+    #define HAVE_FIPS_VERSION 5
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 1
 #endif


@@ -50,10 +60,46 @@
        #define WOLFSSL_VALIDATE_ECC_IMPORT
        #define WOLFSSL_VALIDATE_FFC_IMPORT
        #define HAVE_FFDHE_Q
+        #define HAVE_PUBLIC_FFDHE
        #define WOLFSSL_AESNI
        #define HAVE_INTEL_RDSEED
        #define FORCE_FAILURE_RDSEED
    #endif /* FIPS v2 */
+    #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
+        #undef WOLFSSL_AESNI /* Comment out if using PAA */
+        #undef HAVE_INTEL_RDSEED
+        #undef FORCE_FAILURE_RDSEED
+        #undef HAVE_PUBLIC_FFDHE
+
+        #define NO_DES
+        #define NO_DES3
+        #define NO_MD5
+        #define NO_OLD_TLS
+
+        #define WOLFSSL_TLS13
+        #define HAVE_TLS_EXTENSIONS
+        #define HAVE_SUPPORTED_CURVES
+        #define GCM_TABLE_4BIT
+        #define WOLFSSL_NO_SHAKE256
+        #define WOLFSSL_VALIDATE_ECC_KEYGEN
+        #define WOLFSSL_ECDSA_SET_K
+        #define WOLFSSL_WOLFSSH
+        #define WOLFSSL_PUBLIC_MP
+        #define WC_RNG_SEED_CB
+        #define TFM_ECC256
+        #define ECC_USER_CURVES
+        #define HAVE_ECC192
+        #define HAVE_ECC224
+        #define HAVE_ECC256
+        #define HAVE_ECC384
+        #define HAVE_ECC521
+        #define HAVE_FFDHE_2048
+        #define HAVE_FFDHE_3072
+        #define HAVE_FFDHE_4096
+        #define HAVE_FFDHE_6144
+        #define HAVE_FFDHE_8192
+        #define FP_MAX_BITS 16384
+    #endif /* FIPS v5 */
 #else
    /* Enables blinding mode, to prevent timing attacks */
    #define WC_RSA_BLINDING
--- a/IDE/WIN10/wolfssl-fips.vcxproj
+++ b/IDE/WIN10/wolfssl-fips.vcxproj
@@ -121,7 +121,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
      <WarningLevel>Level4</WarningLevel>
@@ -133,7 +133,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <MinimalRebuild>true</MinimalRebuild>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -152,7 +152,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
      <WarningLevel>Level4</WarningLevel>
@@ -164,7 +164,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <MinimalRebuild>true</MinimalRebuild>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -183,7 +183,7 @@
      <Optimization>MaxSpeed</Optimization>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <WarningLevel>Level3</WarningLevel>
@@ -196,7 +196,7 @@
      <Optimization>MaxSpeed</Optimization>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <WarningLevel>Level3</WarningLevel>
@@ -213,7 +213,7 @@
      <Optimization>MaxSpeed</Optimization>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <WarningLevel>Level3</WarningLevel>
@@ -226,7 +226,7 @@
      <Optimization>MaxSpeed</Optimization>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=2;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>HAVE_FIPS;HAVE_FIPS_VERSION=5;HAVE_FIPS_VERSION_MINOR=1;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <WarningLevel>Level3</WarningLevel>
@@ -260,6 +260,7 @@
    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
    <ClCompile Include="..\..\src\internal.c" />
    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
    <ClCompile Include="..\..\src\keys.c" />
    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
@@ -276,6 +277,7 @@
    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
    <ClCompile Include="..\..\src\ssl.c" />
    <ClCompile Include="..\..\src\tls.c" />
+    <ClCompile Include="..\..\src\tls13.c" />
    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
    <ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_first.c" />
    <ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_last.c" />
@@ -287,14 +289,14 @@
    <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
-      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=2 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
-      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=2 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
-      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=2 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
-      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=2 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /DHAVE_FIPS /DHAVE_FIPS_VERSION=5 /DHAVE_FIPS_VERSION_MINOR=1 /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
    </CustomBuild>
--- a/IDE/WORKBENCH/README.md
+++ b/IDE/WORKBENCH/README.md
@@ -7,37 +7,43 @@ Project and then selecting VxWorks Image Project.
 Choose the path to the wolfSSL library here. Uncheck everything except the examples,
 src and wolfcrypt directories. Uncheck the following:

-        wolfcrypt/src/aes_asm.asm
-        wolfcrypt/src/aes_asm.s
-        examples/echoclient/
-        examples/echoserver/
-        wolfcrypt/user-crypto
-
+    ```
+    wolfcrypt/src/aes_asm.asm
+    wolfcrypt/src/aes_asm.s
+    examples/echoclient/
+    examples/echoserver/
+    wolfcrypt/user-crypto
+    ```
    Uncheck "Create top level folder". Click Finish.

 3. To include the path to the wolfSSL header files, right click on the project
 and go to Properties > Build Properties and select the "Paths" tab. Click "Add"
 then "Browse" and select:

-        <path_to_wolfssl>/
-
+    ```
+    <path_to_wolfssl>/
+    ```
    Click "OK" then "OK" again.

-4. In ```<path_to_wolfssl>/wolfssl/wolfcrypt/settings.h```, uncomment
+4. In `<path_to_wolfssl>/wolfssl/wolfcrypt/settings.h`, uncomment

-        #define WOLFSSL_VXWORKS
+    ```c
+    #define WOLFSSL_VXWORKS
+    ```

-Note: pthreads defined by default
+    **Note:** pthreads defined by default

-5. If using the VxWorks simulator add the following to EXTRA\_DEFINE:
+5. If using the VxWorks simulator add the following to `EXTRA_DEFINE`:

-        -DVXWORKS_SIM /* only if using the VxWorks simulator */
+    ```
+    -DVXWORKS_SIM /* only if using the VxWorks simulator */
+    ```

    This can be done by right clicking on the project in Project Explorer, going to
    Build Properties and selecting the "Variables" tab. Highlight EXTRA\_DEFINE and
    click "Edit". Enter the above define to the end of the line.

-6. Copy the certs folder in ```<path_to_wolfssl>/``` to the Wind River Workbench
+6. Copy the certs folder in `<path_to_wolfssl>/` to the Wind River Workbench
 workspace folder. This is where the simulator looks for the filesystem.

 7. Include Entropy:
@@ -59,83 +65,99 @@ and output the status for each as a success or failure. The benchmark applicatio

 1. Include the following at the top of usrAppInit.c:

-        #include <wolfcrypt/test/test.h>
-        #include <wolfssl/ssl.h>
-        #include <wolfssl/wolfcrypt/settings.h>
-        #include <wolfssl/test.h>
-        extern int benchmark_test(void* args);
+    ```c
+    #include <wolfcrypt/test/test.h>
+    #include <wolfssl/ssl.h>
+    #include <wolfssl/wolfcrypt/settings.h>
+    #include <wolfssl/test.h>
+    extern int benchmark_test(void* args);
+    ```
+2. In `usrAppInit.c`, make a call to the wolfCrypt test and benchmark applications
+by adding the following to the `usrAppInit()` function:

-2. In usrAppInit.c, make a call to the wolfCrypt test and benchmark applications
-by adding the following to the usrAppInit() function:
+    ```c
+    typedef struct func_args {
+        int    argc;
+        char** argv;
+        int    return_code;
+        tcp_ready* signal;
+        callback_functions *callbacks;
+    } func_args;

-        typedef struct func_args {
-	        int    argc;
-	        char** argv;
-	        int    return_code;
-	        tcp_ready* signal;
-	        callback_functions *callbacks;
-	    } func_args;
+    func_args args;

-	    func_args args;
-
-	    wolfcrypt_test(&args);
-	    benchmark_test(&args);
+    wolfcrypt_test(&args);
+    benchmark_test(&args);
+    ```

 3. Right click on the project and select "Build Project".

-4. To run the VxWorks simulator, click the dropdown list next to "VxWorks Simulator" at the top of Workbench and go to "Open Connection Details". Add the correct Kernel Image file. This will be located in ```workspace/<project_name>/default/vxWorks```. Click Apply. Start the simulator by clicking the green, "Connect 'VxWorks Simulator'" button to the right of the "VxWorks Simulator" dropdown list. Verify in the simulator terminal that all wolfCrypt tests pass.
+4. To run the VxWorks simulator, click the dropdown list next to "VxWorks Simulator" at the top of Workbench and go to "Open Connection Details". Add the correct Kernel Image file. This will be located in `workspace/<project_name>/default/vxWorks`. Click Apply. Start the simulator by clicking the green, "Connect 'VxWorks Simulator'" button to the right of the "VxWorks Simulator" dropdown list. Verify in the simulator terminal that all wolfCrypt tests pass.

 ##### 2.2 Example Client
-The wolfSSL example client.c file can be found in ```<path_to_wolfssl>/wolfssl/examples/client```.
+The wolfSSL example client.c file can be found in `<path_to_wolfssl>/wolfssl/examples/client`.

-1. Add the following include to usrAppInit.c:
+1. Add the following include to `usrAppInit.c`:

-        #include <examples/client/client.h>
+    ```c
+    #include <examples/client/client.h>
+    ```

-2. In usrAppInit.c, include the func\_args as described in the Test Application
+2. In `usrAppInit.c`, include the `func_args` as described in the Test Application
 section, and add a call to the client function:

-        client_test(&args);
+    ```c
+    client_test(&args);
+    ```

-3. The char* host in ```examples/client/client.c``` will need to be changed to the IP address to connect to. For example:
+3. The `char*` host in `examples/client/client.c` will need to be changed to the IP address to connect to. For example:

-        char* host = "192.168.15.1";
+    ```c
+    char* host = "192.168.15.1";
+    ```

 4. Right click on the project and select "Build Project".

 5. If using the VxWorks Simulator, localhost will not work. NAT should be selected in the Simulator Connection Advanced setup. To do this, click the dropdown button next to VxWorks Simulator at the top of Workbench and select "Open Connection Details". Make sure the correct kernel image file is selected for you project as stated in section 3.1 step 4. Then click Advanced and select NAT as the Network Config. Click OK and Apply.

-6. There is an example server in ```<path_to_wolfssl>``` that can be used for testing the client. wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on setting up the example server. From within ```<path_to_wolfssl>/wolfssl```, the following command can be used to run the server on the host machine:
+6. There is an example server in `<path_to_wolfssl>` that can be used for testing the client. wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on setting up the example server. From within `<path_to_wolfssl>/wolfssl`, the following command can be used to run the server on the host machine:

-        ./examples/server/server -d -b
+    ```sh
+    ./examples/server/server -d -b
+    ```

 7. Start the example client in Workbench by following step 3 in section 3.1.

 8. The following output should be expected in the simulator terminal:

-        SSL version is TLSv1.2
-        SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        Server response: I hear you fa shizzle!
+    ```
+    SSL version is TLSv1.2
+    SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+    Server response: I hear you fa shizzle!
+    ```

 ##### 2.3 Example Server
 The example server requires more configuration than the client if using the
 VxWorks simulator.

-Note: The wolfSSL example server and client cannot run at the same time on the VxWorks simulator. Either remove or comment out the ```client_test(&args);``` line.
+Note: The wolfSSL example server and client cannot run at the same time on the VxWorks simulator. Either remove or comment out the `client_test(&args);` line.

-1. Add the following include to usrAppInit.c:
+1. Add the following include to `usrAppInit.c`:

-        #include </examples/server/server.h>
+    ```c
+    #include </examples/server/server.h>
+    ```

-2. In usrAppInit.c, after the ```func_args args;``` call, add:
+2. In `usrAppInit.c`, after the `func_args args;` call, add:

-        tcp_ready ready;
-	    ready.ready = 0;
-	    ready.port = 0;
-	    args.signal = &ready;
-
-        server_test(&args);
+    ```c
+    tcp_ready ready;
+    ready.ready = 0;
+    ready.port = 0;
+    args.signal = &ready;

+    server_test(&args);
+    ```
 3. Right click on the project and select "Build Project".

 4. Start the server and complete the following:
@@ -144,39 +166,47 @@ Note: The wolfSSL example server and client cannot run at the same time on the V
    192.168.200.1 as the IP address. To connect to the server running on the VxWorks Simulator, enter these commands
    into the host machine's terminal from any directory (for Ubuntu 14.04):

-        sudo openvpn --mktun --dev tap0
+    ```sh
+    sudo openvpn --mktun --dev tap0
+    ```

-    Note: openvpn may need to be installed first.
+    **Note:** openvpn may need to be installed first.

    In Wind River directory on the host machine:

-        sudo vxworks-7/host/x86-linux2/bin/vxsimnetd
+    ```sh
+    sudo vxworks-7/host/x86-linux2/bin/vxsimnetd
+    ```

    This will start the vxsimnetd application. Leave it running in the background.

-5. There is an example client in ```<path_to_wolfssl>/wolfssl/examples``` . Again, wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on how to set up the client. From within ```<path_to_wolfssl>/wolfssl``` , the following command can be used to run the client on the host machine:
+5. There is an example client in `<path_to_wolfssl>/wolfssl/examples` . Again, wolfSSL will first need to be built. Follow the instructions [here](https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html) to do so. See the [wolfSSL manual]( https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-3-getting-started.html) for instructions on how to set up the client. From within `<path_to_wolfssl>/wolfssl` , the following command can be used to run the client on the host machine:

-        ./examples/client/client -h 192.168.200.1
+    ```sh
+    ./examples/client/client -h 192.168.200.1
+    ```

 6. The following output should be expected in the simulator terminal:

-        SSL version is TLSv1.2
-        SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        Client message: hello wolfssl!
+    ```
+    SSL version is TLSv1.2
+    SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+    Client message: hello wolfssl!
+    ```

 #### 3 Necessary Files if Using VxWorks Simulator
 The following files are required to replicate this build:
-* vxsim\_linux\_1\_0\_2\_2 (directory)
-* compilers/gnu-4.8.1.5/include/c++/4.8
-* compilers/gnu-4.8.1.5/include/c++/4.8/i586-wrs-vxworks
-* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include
-* compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include-fixed
-* vsb\_vxsim\_linux/share/h
-* vsb\_vxsim\_linux/krnl/h/system
-* vsb\_vxsim\_linux/krnl/h/public
-* vsb\_vxsim\_linux/krnl/configlette
-* vsb\_vxsim\_linux/h
+* `vxsim_linux_1_0_2_2` (directory)
+* `compilers/gnu-4.8.1.5/include/c++/4.8`
+* `compilers/gnu-4.8.1.5/include/c++/4.8/i586-wrs-vxworks`
+* `compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include`
+* `compilers/gnu-4.8.1.5/lib/gcc/i586-wrs-vxworks/4.8.1/include-fixed`
+* `vsb_vxsim_linux/share/h`
+* `vsb_vxsim_linux/krnl/h/system`
+* `vsb_vxsim_linux/krnl/h/public`
+* `vsb_vxsim_linux/krnl/configlette`
+* `vsb_vxsim_linux/h`

 Note: This project was tested with a pre-built image in the VxWorks distribution
-called vip\_vxsim\_linux\_gnu.
+called `vip_vxsim_linux_gnu`.

--- a/IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -169,6 +169,8 @@
 		522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE121B7929E70031F454 /* wc_encrypt.h */; };
 		525BE5BA1B38853E0054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5B91B38853E0054BBCD /* hash.c */; };
 		525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5BB1B3885580054BBCD /* hash.h */; };
+		6AC85136272CAFEC00F2B32A /* kdf.c in Sources */ = {isa = PBXBuildFile; fileRef = 6AC85135272CAFEC00F2B32A /* kdf.c */; };
+		6AC85137272CAFEC00F2B32A /* kdf.c in Sources */ = {isa = PBXBuildFile; fileRef = 6AC85135272CAFEC00F2B32A /* kdf.c */; };
 		A4A54DF71BC5C3E0002866CD /* wolfcrypt_first.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481B1A8AC2990062516A /* wolfcrypt_first.c */; };
 		A4A54DF81BC5C3E0002866CD /* hmac.c in Sources */ = {isa = PBXBuildFile; fileRef = 521648141A8AC2990062516A /* hmac.c */; };
 		A4A54DF91BC5C3E0002866CD /* random.c in Sources */ = {isa = PBXBuildFile; fileRef = 521648161A8AC2990062516A /* random.c */; };
@@ -786,6 +788,8 @@
 		525BE5B91B38853E0054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = "<group>"; };
 		525BE5BB1B3885580054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = "<group>"; };
 		52B1344D16F3C9E800C07B32 /* libwolfssl_fips_ios.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl_fips_ios.a; sourceTree = BUILT_PRODUCTS_DIR; };
+		6AC85135272CAFEC00F2B32A /* kdf.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = kdf.c; path = ../../wolfcrypt/src/kdf.c; sourceTree = "<group>"; };
+		6AC8513A272CB01200F2B32A /* kdf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kdf.h; path = ../../wolfssl/wolfcrypt/kdf.h; sourceTree = "<group>"; };
 		A4A54DF41BC5C380002866CD /* user_settings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = user_settings.h; sourceTree = "<group>"; };
 		A4A54EA11BC5C3E0002866CD /* libwolfssl_fips_osx.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl_fips_osx.a; sourceTree = BUILT_PRODUCTS_DIR; };
 /* End PBXFileReference section */
@@ -909,6 +913,7 @@
 				525BE5BB1B3885580054BBCD /* hash.h */,
 				5216466F1A8993770062516A /* hc128.h */,
 				521646701A8993770062516A /* hmac.h */,
+				6AC8513A272CB01200F2B32A /* kdf.h */,
 				521646721A8993770062516A /* integer.h */,
 				521646731A8993770062516A /* logging.h */,
 				521646741A8993770062516A /* md2.h */,
@@ -983,6 +988,7 @@
 				525BE5B91B38853E0054BBCD /* hash.c */,
 				5216461D1A8992CC0062516A /* hc128.c */,
 				5216461E1A8992CC0062516A /* hmac.c */,
+				6AC85135272CAFEC00F2B32A /* kdf.c */,
 				5216461F1A8992CC0062516A /* integer.c */,
 				521646201A8992CC0062516A /* logging.c */,
 				521646211A8992CC0062516A /* md2.c */,
@@ -1116,6 +1122,7 @@
 			developmentRegion = English;
 			hasScannedForEncodings = 0;
 			knownRegions = (
+				English,
 				en,
 			);
 			mainGroup = 52B1344416F3C9E800C07B32;
@@ -1177,6 +1184,7 @@
 				5216464F1A8992CC0062516A /* sha256.c in Sources */,
 				521646371A8992CC0062516A /* chacha.c in Sources */,
 				521646471A8992CC0062516A /* pkcs7.c in Sources */,
+				6AC85136272CAFEC00F2B32A /* kdf.c in Sources */,
 				5216460E1A89928E0062516A /* sniffer.c in Sources */,
 				521646421A8992CC0062516A /* md2.c in Sources */,
 				521646381A8992CC0062516A /* coding.c in Sources */,
@@ -1239,6 +1247,7 @@
 				A4A54E1F1BC5C3E0002866CD /* sha256.c in Sources */,
 				A4A54E201BC5C3E0002866CD /* chacha.c in Sources */,
 				A4A54E211BC5C3E0002866CD /* pkcs7.c in Sources */,
+				6AC85137272CAFEC00F2B32A /* kdf.c in Sources */,
 				A4A54E221BC5C3E0002866CD /* sniffer.c in Sources */,
 				A4A54E231BC5C3E0002866CD /* md2.c in Sources */,
 				A4A54E241BC5C3E0002866CD /* coding.c in Sources */,
--- a/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj
@@ -356,6 +356,9 @@
 		522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE0E1B7927290031F454 /* wc_encrypt.h */; };
 		525BE5341B3869110054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5331B3869110054BBCD /* hash.c */; };
 		525BE5361B3869780054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5351B3869430054BBCD /* hash.h */; };
+		6AC85129272CAF2E00F2B32A /* kdf.c in Sources */ = {isa = PBXBuildFile; fileRef = 6AC85128272CAF2E00F2B32A /* kdf.c */; };
+		6AC8512A272CAF2E00F2B32A /* kdf.c in Sources */ = {isa = PBXBuildFile; fileRef = 6AC85128272CAF2E00F2B32A /* kdf.c */; };
+		6AC8512B272CAF2E00F2B32A /* kdf.c in Sources */ = {isa = PBXBuildFile; fileRef = 6AC85128272CAF2E00F2B32A /* kdf.c */; };
 		A4DAE3062493F1C700CEF51F /* tls13.c in Sources */ = {isa = PBXBuildFile; fileRef = A4DAE3052493F1C700CEF51F /* tls13.c */; };
 		A4DAE3072493F1C700CEF51F /* tls13.c in Sources */ = {isa = PBXBuildFile; fileRef = A4DAE3052493F1C700CEF51F /* tls13.c */; };
 		A4DAE3082493F1C700CEF51F /* tls13.c in Sources */ = {isa = PBXBuildFile; fileRef = A4DAE3052493F1C700CEF51F /* tls13.c */; };
@@ -1187,6 +1190,8 @@
 		525BE5331B3869110054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = "<group>"; };
 		525BE5351B3869430054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = "<group>"; };
 		52B1344D16F3C9E800C07B32 /* libwolfssl_ios.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl_ios.a; sourceTree = BUILT_PRODUCTS_DIR; };
+		6AC85128272CAF2E00F2B32A /* kdf.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = kdf.c; path = ../../wolfcrypt/src/kdf.c; sourceTree = "<group>"; };
+		6AC8513B272CB04F00F2B32A /* kdf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kdf.h; path = ../../wolfssl/wolfcrypt/kdf.h; sourceTree = "<group>"; };
 		A45EA7091BC5995E00A8614A /* user_settings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = user_settings.h; sourceTree = "<group>"; };
 		A4DAE3052493F1C700CEF51F /* tls13.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = tls13.c; path = ../../src/tls13.c; sourceTree = "<group>"; };
 		A4DAE3092493F21700CEF51F /* srp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = srp.c; path = ../../wolfcrypt/src/srp.c; sourceTree = "<group>"; };
@@ -1340,6 +1345,7 @@
 				525BE5351B3869430054BBCD /* hash.h */,
 				5216466F1A8993770062516A /* hc128.h */,
 				521646701A8993770062516A /* hmac.h */,
+				6AC8513B272CB04F00F2B32A /* kdf.h */,
 				521646721A8993770062516A /* integer.h */,
 				521646731A8993770062516A /* logging.h */,
 				521646741A8993770062516A /* md2.h */,
@@ -1434,6 +1440,7 @@
 				525BE5331B3869110054BBCD /* hash.c */,
 				5216461D1A8992CC0062516A /* hc128.c */,
 				5216461E1A8992CC0062516A /* hmac.c */,
+				6AC85128272CAF2E00F2B32A /* kdf.c */,
 				A4DAE3192493F21900CEF51F /* idea.c */,
 				5216461F1A8992CC0062516A /* integer.c */,
 				521646201A8992CC0062516A /* logging.c */,
@@ -1656,6 +1663,7 @@
 				30B060681C6DDB2B00D46008 /* hash.c in Sources */,
 				A4DAE34C2493F21900CEF51F /* idea.c in Sources */,
 				30B060691C6DDB2B00D46008 /* hc128.c in Sources */,
+				6AC8512B272CAF2E00F2B32A /* kdf.c in Sources */,
 				30B0606A1C6DDB2B00D46008 /* hmac.c in Sources */,
 				A4DAE3572493F29E00CEF51F /* sp_dsp32.c in Sources */,
 				A4DAE3282493F21900CEF51F /* fe_448.c in Sources */,
@@ -1742,6 +1750,7 @@
 				520775AB2239ABBE00087711 /* sp_int.c in Sources */,
 				521646431A8992CC0062516A /* md4.c in Sources */,
 				521646321A8992CC0062516A /* aes.c in Sources */,
+				6AC85129272CAF2E00F2B32A /* kdf.c in Sources */,
 				521646391A8992CC0062516A /* des3.c in Sources */,
 				521646351A8992CC0062516A /* blake2b.c in Sources */,
 				520775AD2239ABCD00087711 /* chacha20_poly1305.c in Sources */,
@@ -1828,6 +1837,7 @@
 				A4F318701BC58B1700FDF2BB /* md2.c in Sources */,
 				A4DAE34B2493F21900CEF51F /* idea.c in Sources */,
 				A4F318651BC58B1700FDF2BB /* md4.c in Sources */,
+				6AC8512A272CAF2E00F2B32A /* kdf.c in Sources */,
 				A4F3185E1BC58B1700FDF2BB /* md5.c in Sources */,
 				A4DAE3562493F29E00CEF51F /* sp_dsp32.c in Sources */,
 				A4DAE3272493F21900CEF51F /* fe_448.c in Sources */,
--- a/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project
+++ b/IDE/XilinxSDK/2019_2/wolfCrypt_example/.project
@@ -505,6 +505,11 @@
 			<type>1</type>
 			<locationURI>PARENT-4-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
 		</link>
+		<link>
+			<name>src/wolfcrypt/src/kdf.c</name>
+			<type>1</type>
+			<locationURI>PARENT-4-PROJECT_LOC/wolfcrypt/src/kdf.c</locationURI>
+		</link>
 		<link>
 			<name>src/wolfcrypt/src/hc128.c</name>
 			<type>1</type>
--- a/IDE/include.am
+++ b/IDE/include.am
@@ -12,6 +12,7 @@ include IDE/ROWLEY-CROSSWORKS-ARM/include.am
 include IDE/TRUESTUDIO/include.am
 include IDE/ARDUINO/include.am
 include IDE/INTIME-RTOS/include.am
+include IDE/KDS/include.am
 include IDE/STM32Cube/include.am
 include IDE/VS-ARM/include.am
 include IDE/VS-AZURE-SPHERE/include.am
@@ -38,7 +39,9 @@ include IDE/XilinxSDK/include.am
 include IDE/VisualDSP/include.am
 include IDE/QNX/include.am
 include IDE/WINCE/include.am
-include IDE/zephyr/include.am
+include IDE/iotsafe/include.am
+include IDE/Android/include.am
+include IDE/NETOS/include.am

 EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
 EXTRA_DIST+= IDE/OPENSTM32/README.md
--- a/IDE/iotsafe/Makefile
+++ b/IDE/iotsafe/Makefile
@@ -0,0 +1,114 @@
+# Makefile
+#
+# Copyright (C) 2006-2021 wolfSSL Inc.
+#
+# This file is part of wolfSSL. (formerly known as CyaSSL)
+#
+#
+CROSS_COMPILE:=arm-none-eabi-
+CC:=$(CROSS_COMPILE)gcc
+LD:=$(CROSS_COMPILE)gcc
+LSCRIPT:=target.ld
+
+WOLFSSL_ROOT=$(PWD)/../..
+WOLFSSL_BUILD=build/wolfssl
+
+
+OBJCOPY:=$(CROSS_COMPILE)objcopy
+
+CFLAGS:=-mthumb -g -ggdb -Wall -Wextra -Wno-main -fsigned-char -Wstack-usage=65535 -Wno-unused -I$(WOLFSSL_ROOT) -I.
+CFLAGS+=-lc -lg -lm -Wno-pointer-sign 
+#CFLAGS+=-mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16 -lm
+CFLAGS+=-mcpu=cortex-m3
+CFLAGS+=-DWOLFSSL_USER_SETTINGS
+ASFLAGS+=-mthumb -mlittle-endian -mthumb-interwork -ggdb -ffreestanding -mcpu=cortex-m3
+LDFLAGS:=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=image.map -mthumb  -mthumb-interwork -mlittle-endian
+#LDFLAGS+=-mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16 -lm
+LDFLAGS+=-mcpu=cortex-m3
+LDFLAGS+=-lc -lg -lm
+LDFLAGS+=--specs=nosys.specs
+
+
+OBJS:=main.o startup.o devices.o memory-tls.o
+
+WOLFSSL_OBJS += 	\
+    $(WOLFSSL_BUILD)/internal.o \
+	$(WOLFSSL_BUILD)/wolfio.o \
+    $(WOLFSSL_BUILD)/keys.o \
+    $(WOLFSSL_BUILD)/crl.o \
+    $(WOLFSSL_BUILD)/ssl.o \
+    $(WOLFSSL_BUILD)/tls.o \
+	$(WOLFSSL_BUILD)/wolfcrypt/aes.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/asn.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/chacha.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/chacha20_poly1305.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/coding.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/curve25519.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/dh.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/dsa.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/error.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/ecc.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/ed25519.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/rsa.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/fe_low_mem.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/fe_operations.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/ge_low_mem.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/ge_operations.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/hash.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/hmac.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/integer.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/logging.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/md5.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/memory.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/poly1305.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/pwdbased.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/random.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/sha.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/sha256.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/sha512.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/wc_encrypt.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/wc_port.o  \
+	$(WOLFSSL_BUILD)/wolfcrypt/wolfmath.o \
+    $(WOLFSSL_BUILD)/wolfcrypt/iotsafe.o \
+    $(WOLFSSL_BUILD)/tls13.o
+	
+OBJS_SPMATH:= $(WOLFSSL_BUILD)/wolfcrypt/sp_c32.o  \
+ 		 		$(WOLFSSL_BUILD)/wolfcrypt/sp_int.o
+
+OBJS+=$(WOLFSSL_OBJS) $(OBJS_SPMATH)
+
+vpath %.c $(dir $(WOLFSSL_ROOT)/src)
+vpath %.c $(dir $(WOLFSSL_ROOT)/wolfcrypt/src)
+
+CFLAGS+=-g -ggdb3
+#CFLAGS+=-O2
+
+#all: image.bin
+
+image.bin: image.elf
+	$(OBJCOPY) -O binary $^ $@
+
+image.elf: $(WOLFSSL_BUILD)/wolfcrypt $(OBJS) $(LSCRIPT)
+	$(LD) $(LDFLAGS) $(OBJS) -o $@
+
+$(WOLFSSL_BUILD)/wolfcrypt:
+	mkdir -p $(@)
+
+%.o:%.S
+	$(CC) -c -o $(@) $(CFLAGS) $^
+
+%.o:%.c
+	$(CC) -c -o $(@) $(CFLAGS) $^
+
+$(WOLFSSL_BUILD)/%.o: $(WOLFSSL_ROOT)/src/%.c
+	$(CC) -c -o $(@) $(CFLAGS) $^
+
+$(WOLFSSL_BUILD)/wolfcrypt/%.o: $(WOLFSSL_ROOT)/wolfcrypt/src/%.c
+	$(CC) -c -o $(@) $(CFLAGS) $^
+
+$(WOLFSSL_BUILD)/wolfcrypt/iotsafe.o: $(WOLFSSL_ROOT)/wolfcrypt/src/port/iotsafe/iotsafe.c
+	$(CC) -c -o $(@) $(CFLAGS) $^
+
+clean:
+	rm -f image.bin image.elf *.o image.map
+	rm -rf build
--- a/IDE/iotsafe/README.md
+++ b/IDE/iotsafe/README.md
@@ -0,0 +1,164 @@
+## wolfSSL IoT-Safe Example
+
+
+### Evaluation Platform
+
+  * ST [P-L496G-CELL02](https://www.st.com/en/evaluation-tools/p-l496g-cell02.html)
+
+Including:
+    * STM32L496AGI6-based low-power discovery mother board
+    * STM Quectel BG96 modem, plugged into the 'STMod+' connector
+    * IoT-Safe capable SIM card
+
+Note: The BG96 was tested using firmware `BG96MAR02A08M1G_01.012.01.012`. If having issues with the demo make sure your BG96 firmware is updated.
+
+### Description
+
+This example firmware will run an example TLS 1.2 server using wolfSSL, and a 
+TLS 1.2 client, on the same host, using an IoT-safe applet supporting the
+[IoT.05-v1-IoT standard](https://www.gsma.com/iot/wp-content/uploads/2019/12/IoT.05-v1-IoT-Security-Applet-Interface-Description.pdf).
+
+The client and server routines alternate their execution in a single-threaded,
+cooperative loop.
+
+Client and server communicate to each other using memory buffers to establish a 
+TLS session without the use of TCP/IP sockets.
+
+### IoT-Safe interface
+
+In this example, the client is the IoT-safe capable endpoint. First, it creates
+a wolfSSL context `cli_ctx` normally:
+
+```c
+wolfSSL_CTX_iotsafe_enable(cli_ctx);
+```
+
+In order to activate IoT-safe support in this context, the following function is
+called:
+
+```c
+printf("Client: Enabling IoT Safe in CTX\n");
+wolfSSL_CTX_iotsafe_enable(cli_ctx);
+```
+
+
+Additionally, after the SSL session creation, shown below:
+
+```c
+printf("Creating new SSL\n");
+cli_ssl = wolfSSL_new(cli_ctx);
+```
+
+the client associates the pre-provisioned keys and the available slots in the
+IoT safe applet to the current session:
+
+
+```c
+wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID);
+```
+
+The applet that has been tested with this demo has the current configuration:
+
+   Key slot | Name | Description 
+   -------|--------|------------------
+   0x02 | `PRIVKEY_ID` | pre-provisioned with client ECC key
+   0x03 | `ECDH_KEYPAIR_ID` | can store a keypair generated in the applet, used for shared key derivation
+   0x04 | `PEER_PUBKEY_ID` | used to store the server's public key for key derivation
+   0x05 | `PEER_CERT_ID` | used to store the server's public key to authenticate the peer
+
+
+The following file is used to read the client's certificate:
+   
+  File Slot | Name | Description
+  ----------|------|------------
+  0x03 | `CRT_FILE_ID` | pre-provisioned with client certificate
+
+
+### Compiling and running
+
+From this directory, run 'make', then use your favorite flash programming
+software to upload the firmware `image.bin` to the target board.
+
+1) Using the STM32CubeProgrammer open the `image.elf` and program to flash.
+2) Using ST-Link virtual serial port connect at 115220
+3) Hit reset button. 
+4) The output should look similar to below:
+
+```
+wolfSSL IoT-SAFE demo
+Press a key to continue...
+.
+Initializing modem...
+Modem booting...
+Modem is on.
+System up and running
+Initializing wolfSSL...
+Initializing modem port
+Turning on VDDIO2
+Initializing IoTSafe I/O...
+Initializing RNG...
+Getting RND...
+Random bytes: 08ECF538192218569876EAB9D690306C
+Starting memory-tls test...
+=== SERVER step 0 ===
+Setting TLSv1.3 for SECP256R1 key share
+=== CLIENT step 0 ===
+Client: Creating new CTX
+Client: Enabling IoT Safe in CTX
+Loading CA
+Loaded Server certificate from IoT-Safe, size = 676
+Server certificate successfully imported.
+Loaded Client certificate from IoT-Safe, size = 867
+Client certificate successfully imported.
+Creating new SSL object
+Setting TLS options: turn on IoT-safe for this socket
+Setting TLSv1.3 for SECP256R1 key share
+Connecting to server...
+=== Cli->Srv: 162
+=== SERVER step 1 ===
+=== Srv RX: 5
+=== Srv RX: 157
+=== Srv-Cli: 128
+=== Srv-Cli: 28
+=== Srv-Cli: 43
+=== Srv-Cli: 712
+=== Srv-Cli: 100
+=== Srv-Cli: 58
+=== CLIENT step 1 ===
+Connecting to server...
+=== Cli RX: 5
+=== Cli RX: 123
+=== Cli RX: 5
+=== Cli RX: 23
+=== Cli RX: 5
+=== Cli RX: 38
+=== Cli RX: 5
+=== Cli RX: 707
+=== Cli RX: 5
+=== Cli RX: 95
+=== Cli RX: 5
+=== Cli RX: 53
+=== Cli->Srv: 902
+=== Cli->Srv: 101
+=== Cli->Srv: 58
+Client connected!
+Sending message: hello iot-safe wolfSSL
+=== Cli->Srv: 44
+wolfSSL client test success!
+=== SERVER step 1 ===
+=== Srv RX: 5
+=== Srv RX: 897
+=== Srv RX: 5
+=== Srv RX: 96
+=== Srv RX: 5
+=== Srv RX: 53
+wolfSSL accept success!
+=== Srv RX: 5
+=== Srv RX: 39
++++++ Server received msg from client: 'hello iot-safe wolfSSL'
+IoT-Safe TEST SUCCESSFUL
+```
+
+## Support
+
+For questions please email support@wolfssl.com
--- a/IDE/iotsafe/ca-cert.c
+++ b/IDE/iotsafe/ca-cert.c
@@ -0,0 +1,432 @@
+/* ca-cert.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/* Certificate + keys for IoT safe example */
+
+/* ./certs/ca-ecc-cert.der, ECC */
+static const unsigned char ca_ecc_cert_der_256[] =
+{
+        0x30, 0x82, 0x02, 0x8A, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x83, 0x47, 0x7C, 0x81,
+        0xD6, 0x0D, 0x1C, 0x4E, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
+        0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31,
+        0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+        0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67,
+        0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
+        0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
+        0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31,
+        0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B,
+        0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E,
+        0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+        0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+        0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+        0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32,
+        0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+        0x33, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06,
+        0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
+        0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
+        0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
+        0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
+        0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30,
+        0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F,
+        0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06,
+        0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65,
+        0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30,
+        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
+        0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
+        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
+        0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
+        0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
+        0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03,
+        0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9, 0x6E, 0xD6, 0x01, 0x8E,
+        0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5, 0xC0, 0x4C, 0xE3, 0x9E,
+        0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10, 0xD6, 0xE9, 0x09, 0x2A,
+        0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9, 0x8A, 0xBF, 0x33, 0x83,
+        0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77, 0x40, 0xB5, 0x3B, 0x43,
+        0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C, 0x37, 0x44, 0xC1, 0xCB,
+        0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA, 0xA7, 0xA3, 0x63, 0x30,
+        0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16,
+        0x04, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, 0x18,
+        0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, 0xF3,
+        0xA5, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04,
+        0x18, 0x30, 0x16, 0x80, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0,
+        0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF,
+        0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0x30, 0x0F, 0x06, 0x03, 0x55,
+        0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01,
+        0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01,
+        0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A,
+        0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
+        0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xC5, 0x83,
+        0xFF, 0x1E, 0x51, 0xF7, 0xA1, 0xE9, 0xF1, 0x42, 0xC4, 0xBE,
+        0xED, 0x38, 0xBD, 0x38, 0x32, 0x8F, 0xAE, 0x3F, 0xC7, 0x6D,
+        0x11, 0x90, 0xE9, 0x99, 0xAB, 0x61, 0xA2, 0xDB, 0xA7, 0x4B,
+        0x02, 0x20, 0x28, 0x40, 0xD9, 0xBA, 0x45, 0xCC, 0xA6, 0xEA,
+        0xFA, 0x3F, 0x3E, 0x71, 0x44, 0x8E, 0x02, 0x03, 0x2F, 0x41,
+        0x0B, 0x56, 0x78, 0x2D, 0xA6, 0xE8, 0x5E, 0xF6, 0xFF, 0xDA,
+        0x62, 0x8C, 0xF9, 0xDF
+};
+static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256);
+
+/* ./certs/ca-cert.der, 2048-bit */
+static const unsigned char ca_cert_der_2048[] =
+{
+        0x30, 0x82, 0x04, 0xE9, 0x30, 0x82, 0x03, 0xD1, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0xD3, 0x3F, 0xAC,
+        0x18, 0x0A, 0x37, 0x4D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
+        0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
+        0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+        0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
+        0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
+        0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
+        0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A,
+        0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
+        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
+        0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E,
+        0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+        0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+        0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+        0x31, 0x39, 0x34, 0x39, 0x35, 0x32, 0x5A, 0x17, 0x0D, 0x32,
+        0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+        0x32, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06,
+        0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+        0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+        0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+        0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03,
+        0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F,
+        0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+        0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C,
+        0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+        0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+        0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06,
+        0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+        0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01,
+        0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D,
+        0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A,
+        0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA,
+        0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A,
+        0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98,
+        0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE,
+        0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB,
+        0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1,
+        0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41,
+        0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70,
+        0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED,
+        0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED,
+        0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38,
+        0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C,
+        0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13,
+        0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D,
+        0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC,
+        0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D,
+        0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67,
+        0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68,
+        0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5,
+        0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17,
+        0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3,
+        0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52,
+        0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9,
+        0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED,
+        0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01,
+        0x3A, 0x30, 0x82, 0x01, 0x36, 0x30, 0x1D, 0x06, 0x03, 0x55,
+        0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11,
+        0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4,
+        0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06,
+        0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE,
+        0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D,
+        0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5,
+        0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81,
+        0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+        0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
+        0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+        0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+        0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+        0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31,
+        0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A,
+        0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67,
+        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+        0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D,
+        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+        0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
+        0x09, 0x00, 0xAA, 0xD3, 0x3F, 0xAC, 0x18, 0x0A, 0x37, 0x4D,
+        0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30,
+        0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D,
+        0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61,
+        0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04,
+        0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D,
+        0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01,
+        0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01,
+        0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
+        0x03, 0x82, 0x01, 0x01, 0x00, 0x62, 0x98, 0xC8, 0x58, 0xCF,
+        0x56, 0x03, 0x86, 0x5B, 0x1B, 0x71, 0x49, 0x7D, 0x05, 0x03,
+        0x5D, 0xE0, 0x08, 0x86, 0xAD, 0xDB, 0x4A, 0xDE, 0xAB, 0x22,
+        0x96, 0xA8, 0xC3, 0x59, 0x68, 0xC1, 0x37, 0x90, 0x40, 0xDF,
+        0xBD, 0x89, 0xD0, 0xBC, 0xDA, 0x8E, 0xEF, 0x87, 0xB2, 0xC2,
+        0x62, 0x52, 0xE1, 0x1A, 0x29, 0x17, 0x6A, 0x96, 0x99, 0xC8,
+        0x4E, 0xD8, 0x32, 0xFE, 0xB8, 0xD1, 0x5C, 0x3B, 0x0A, 0xC2,
+        0x3C, 0x5F, 0xA1, 0x1E, 0x98, 0x7F, 0xCE, 0x89, 0x26, 0x21,
+        0x1F, 0x64, 0x9C, 0x15, 0x7A, 0x9C, 0xEF, 0xFB, 0x1D, 0x85,
+        0x6A, 0xFA, 0x98, 0xCE, 0xA8, 0xA9, 0xAB, 0xC3, 0xA2, 0xC0,
+        0xEB, 0x87, 0xED, 0xBC, 0x21, 0xDF, 0xF3, 0x07, 0x5B, 0xAE,
+        0xFD, 0x40, 0xD4, 0xAE, 0x20, 0xD0, 0x76, 0x8A, 0x31, 0x0A,
+        0xA2, 0x62, 0x7C, 0x61, 0x0D, 0xCE, 0x5D, 0x9A, 0x1E, 0xE4,
+        0x20, 0x88, 0x51, 0x49, 0xFB, 0x77, 0xA9, 0xCD, 0x4D, 0xC6,
+        0xBF, 0x54, 0x99, 0x33, 0xEF, 0x4B, 0xA0, 0x73, 0x70, 0x6D,
+        0x2E, 0xD9, 0x3D, 0x08, 0xF6, 0x12, 0x39, 0x31, 0x68, 0xC6,
+        0x61, 0x5C, 0x41, 0xB5, 0x1B, 0xF4, 0x38, 0x7D, 0xFC, 0xBE,
+        0x73, 0x66, 0x2D, 0xF7, 0xCA, 0x5B, 0x2C, 0x5B, 0x31, 0xAA,
+        0xCF, 0xF6, 0x7F, 0x30, 0xE4, 0x12, 0x2C, 0x8E, 0xD6, 0x38,
+        0x51, 0xE6, 0x45, 0xEE, 0xD5, 0xDA, 0xC3, 0x83, 0xD6, 0xED,
+        0x5E, 0xEC, 0xD6, 0xB6, 0x14, 0xB3, 0x93, 0x59, 0xE1, 0x55,
+        0x4A, 0x7F, 0x04, 0xDF, 0xCE, 0x65, 0xD4, 0xDF, 0x18, 0x4F,
+        0xDD, 0xB4, 0x45, 0x7F, 0xA6, 0x56, 0x30, 0xC4, 0x05, 0x44,
+        0x98, 0x9D, 0x4F, 0x26, 0x6D, 0x84, 0x80, 0xA0, 0x5E, 0xED,
+        0x23, 0xD1, 0x48, 0x87, 0x0E, 0x05, 0x06, 0x91, 0x3B, 0xB0,
+        0x3C, 0xBB, 0x8C, 0x8F, 0x3C, 0x7B, 0x4C, 0x4F, 0xA1, 0xCA,
+        0x98
+};
+static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
+
+
+/* ./certs/ecc-key.der, ECC */
+static const unsigned char ecc_key_der_256[] =
+{
+        0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x45, 0xB6, 0x69,
+        0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38, 0x5B, 0x72, 0xE8,
+        0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA,
+        0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0,
+        0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+        0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC,
+        0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
+        0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B,
+        0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02,
+        0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97,
+        0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02,
+        0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89,
+        0xD8
+};
+static const int sizeof_ecc_key_der_256 = sizeof(ecc_key_der_256);
+
+/* ./certs/ecc-client-key.der, ECC */
+static const unsigned char ecc_clikey_der_256[] =
+{
+        0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xF8, 0xCF, 0x92,
+        0x6B, 0xBD, 0x1E, 0x28, 0xF1, 0xA8, 0xAB, 0xA1, 0x23, 0x4F,
+        0x32, 0x74, 0x18, 0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92,
+        0xF8, 0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7, 0xA0,
+        0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+        0x07, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
+        0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
+        0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
+        0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
+        0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
+        0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
+        0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
+        0xB4
+};
+static const int sizeof_ecc_clikey_der_256 = sizeof(ecc_clikey_der_256);
+
+/* ./certs/client-ecc-cert.der, ECC */
+static const unsigned char cliecc_cert_der_256[] =
+{
+        0x30, 0x82, 0x03, 0x49, 0x30, 0x82, 0x02, 0xEE, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE7, 0x4A, 0x4F, 0xE5,
+        0x56, 0x97, 0xCA, 0xC3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
+        0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31,
+        0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04,
+        0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31,
+        0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05,
+        0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06,
+        0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65,
+        0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B,
+        0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73,
+        0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+        0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+        0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30,
+        0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x32,
+        0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35,
+        0x33, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06,
+        0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F,
+        0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F,
+        0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06,
+        0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65,
+        0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A,
+        0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45,
+        0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04,
+        0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30,
+        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
+        0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
+        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
+        0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
+        0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06,
+        0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03,
+        0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A,
+        0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B,
+        0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2,
+        0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12,
+        0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01,
+        0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2,
+        0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x82, 0x01,
+        0x33, 0x30, 0x82, 0x01, 0x2F, 0x30, 0x1D, 0x06, 0x03, 0x55,
+        0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59,
+        0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89,
+        0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xC2, 0x06,
+        0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xBA, 0x30, 0x81, 0xB7,
+        0x80, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F,
+        0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C,
+        0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81,
+        0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+        0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F,
+        0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07,
+        0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30,
+        0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C,
+        0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D,
+        0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46,
+        0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+        0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+        0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+        0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x82, 0x09, 0x00, 0xE7, 0x4A, 0x4F, 0xE5, 0x56,
+        0x97, 0xCA, 0xC3, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13,
+        0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06,
+        0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
+        0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F,
+        0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06,
+        0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
+        0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08,
+        0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A,
+        0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
+        0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE3, 0xBB,
+        0xCA, 0x0E, 0x31, 0x2D, 0x39, 0x1D, 0x94, 0x25, 0x81, 0x90,
+        0xD5, 0x11, 0xF9, 0x09, 0x6D, 0x58, 0x16, 0x23, 0xBE, 0x9F,
+        0xA9, 0x18, 0x64, 0x83, 0x3C, 0x25, 0x03, 0x58, 0x58, 0x39,
+        0x02, 0x21, 0x00, 0xA4, 0xAA, 0xB3, 0xF0, 0x09, 0xC9, 0x0C,
+        0x2F, 0xF7, 0xB1, 0xD4, 0x8E, 0x9F, 0xA6, 0xB6, 0xAB, 0x1A,
+        0xC7, 0x37, 0xED, 0x70, 0x4D, 0x34, 0x04, 0xA0, 0x9B, 0x3D,
+        0x84, 0x86, 0x10, 0xA0, 0xF0
+};
+static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256);
+
+/* ./certs/server-ecc.der, ECC */
+static const unsigned char serv_ecc_der_256[] =
+{
+        0x30, 0x82, 0x02, 0xA1, 0x30, 0x82, 0x02, 0x47, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x01, 0x03, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81,
+        0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+        0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69,
+        0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06,
+        0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74,
+        0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53,
+        0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B,
+        0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D,
+        0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+        0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+        0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+        0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x32,
+        0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x33, 0x5A, 0x17,
+        0x0D, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34,
+        0x39, 0x35, 0x33, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30,
+        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+        0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F,
+        0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
+        0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31,
+        0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07,
+        0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30,
+        0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43,
+        0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+        0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+        0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
+        0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
+        0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC,
+        0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
+        0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B,
+        0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02,
+        0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97,
+        0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02,
+        0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89,
+        0xD8, 0xA3, 0x81, 0x89, 0x30, 0x81, 0x86, 0x30, 0x1D, 0x06,
+        0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D,
+        0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B,
+        0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x1F,
+        0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
+        0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, 0x18, 0xB9,
+        0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, 0xF3, 0xA5,
+        0x21, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01,
+        0xFF, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x03,
+        0xA8, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x0C,
+        0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
+        0x03, 0x01, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+        0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06,
+        0x40, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
+        0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20,
+        0x61, 0x6F, 0xE8, 0xB9, 0xAD, 0xCC, 0xC9, 0x1A, 0x81, 0x17,
+        0x02, 0x64, 0x07, 0xC3, 0x18, 0x44, 0x01, 0x81, 0x76, 0x18,
+        0x9D, 0x6D, 0x3D, 0x7D, 0xCB, 0xC1, 0x5A, 0x76, 0x4A, 0xAD,
+        0x71, 0x55, 0x02, 0x21, 0x00, 0xCD, 0x22, 0x35, 0x04, 0x19,
+        0xC2, 0x23, 0x21, 0x02, 0x88, 0x4B, 0x51, 0xDA, 0xDB, 0x51,
+        0xAB, 0x54, 0x8C, 0xCB, 0x38, 0xAC, 0x8E, 0xBB, 0xEE, 0x18,
+        0x07, 0xBF, 0x88, 0x36, 0x88, 0xFF, 0xD5
+};
+static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256);
--- a/IDE/iotsafe/devices.c
+++ b/IDE/iotsafe/devices.c
@@ -0,0 +1,459 @@
+/* devices.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Minimalist BSP for IoT-Safe example based on
+ * ST P-L596G-CELL02 + Quectel BG96 modem
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "devices.h"
+#define RTSCTS 0
+#define AUTOBR 0
+#define NVIC_UART1_IRQN          (37)
+#define NVIC_UART2_IRQN          (38)
+
+static char modem_rx_buf[256];
+static uint32_t modem_rx_idx = 0;
+static uint32_t modem_parser_idx = 0;
+
+static void usart1_init(void)
+{
+    uint32_t reg;
+
+    /* Enable PWR */
+    RCC_APB1_ENR |= PWR_APB1_CLOCK_ER_VAL;
+    /* Enable GPIOG */
+    RCC_AHB2_ENR |= GPIOG_AHB2_CLOCK_ER_VAL;
+
+
+    /* Enable VDDIO2 */
+    while ((PWR_CR2 & PWR_CR2_IOSV) == 0) {
+        PWR_CR2 |= PWR_CR2_IOSV;
+        printf("Turning on VDDIO2\n");
+        sleep_ms(1000);
+    }
+    /* Enable GPIOB */
+    RCC_AHB2_ENR |= GPIOB_AHB2_CLOCK_ER_VAL;
+    /* Set mode = AF */
+    reg = GPIO_MODE(GPIOG_BASE) & ~(0x03 << (USART1_PIN_RX * 2));
+    GPIO_MODE(GPIOG_BASE) = reg | (0x02 << (USART1_PIN_RX * 2));
+
+    reg = GPIO_MODE(GPIOB_BASE) & ~(0x03 << (USART1_PIN_TX * 2));
+    GPIO_MODE(GPIOB_BASE) = reg | (0x02 << (USART1_PIN_TX * 2));
+
+    reg = GPIO_PUPD(GPIOG_BASE) & (0x03 << (USART1_PIN_RX * 2));
+    
+    reg = GPIO_PUPD(GPIOB_BASE) & (0x03 << (USART1_PIN_TX * 2));
+    GPIO_PUPD(GPIOB_BASE) = reg | (0x01 << (USART1_PIN_TX * 2));
+    
+#if RTSCTS
+    reg = GPIO_MODE(GPIOG_BASE) & ~(0x03 << (USART1_PIN_RTS * 2));
+    GPIO_MODE(GPIOG_BASE) = reg | (0x02 << (USART1_PIN_RTS * 2));
+    GPIO_PUPD(GPIOG_BASE) &= (0x03 << (USART1_PIN_RTS * 2));
+
+    reg = GPIO_MODE(GPIOG_BASE) & ~(0x03 << (USART1_PIN_CTS * 2));
+    GPIO_MODE(GPIOG_BASE) = reg | (0x02 << (USART1_PIN_CTS * 2));
+    GPIO_PUPD(GPIOG_BASE) &= (0x03 << (USART1_PIN_CTS * 2));
+#endif
+
+    /* Set alternate functions */
+    reg = GPIO_AFH(GPIOG_BASE) & ~(0xf << ((USART1_PIN_RX - 8) * 4));
+    GPIO_AFH(GPIOG_BASE) = reg | (7 << ((USART1_PIN_RX - 8) * 4));
+    reg = GPIO_AFL(GPIOB_BASE) & ~(0xf << ((USART1_PIN_TX) * 4));
+    GPIO_AFL(GPIOB_BASE) = reg | (7 << ((USART1_PIN_TX) * 4));
+
+#if RTSCTS
+    /* RTS/CTS alt fn */
+    reg = GPIO_AFH(GPIOG_BASE) & ~(0xf << ((USART1_PIN_RTS - 8) * 4));
+    GPIO_AFH(GPIOG_BASE) = reg | (USART1_AF << ((USART1_PIN_RTS - 8) * 4));
+    reg = GPIO_AFH(GPIOG_BASE) & ~(0xf << ((USART1_PIN_CTS - 8) * 4));
+    GPIO_AFH(GPIOG_BASE) = reg | (USART1_AF << ((USART1_PIN_CTS - 8) * 4));
+#endif
+    /* Enable USART clock */
+    RCC_APB2_ENR |= USART1_APB2_CLOCK_ER_VAL;
+}
+
+static void usart2_init(void)
+{
+    uint32_t reg;
+    RCC_AHB2_ENR |= GPIOD_AHB2_CLOCK_ER_VAL | GPIOA_AHB2_CLOCK_ER_VAL;
+
+    /* Set mode = AF */
+    reg = GPIO_MODE(GPIOD_BASE) & ~(0x03 << (USART2_PIN_RX * 2));
+    GPIO_MODE(GPIOD_BASE) = reg | (0x02 << (USART2_PIN_RX * 2));
+
+    reg = GPIO_MODE(GPIOA_BASE) & ~(0x03 << (USART2_PIN_TX * 2));
+    GPIO_MODE(GPIOA_BASE) = reg | (0x02 << (USART2_PIN_TX * 2));
+
+    /* Set alternate functions */
+    reg = GPIO_AFL(GPIOD_BASE) & ~(0xf << ((USART2_PIN_RX) * 4));
+    GPIO_AFL(GPIOD_BASE) = reg | (7 << ((USART2_PIN_RX) * 4));
+    reg = GPIO_AFL(GPIOA_BASE) & ~(0xf << ((USART2_PIN_TX) * 4));
+    GPIO_AFL(GPIOA_BASE) = reg | (7 << ((USART2_PIN_TX) * 4));
+
+    /* Enable USART clock */
+    RCC_APB1_ENR |= USART2_APB1_CLOCK_ER_VAL;
+}
+
+int usart_tx(uint32_t dev, const uint8_t c)
+{
+    volatile uint32_t reg;
+    do {
+        reg = USART_ISR(dev);
+    } while ((reg & USART_ISR_TXE) == 0);
+    USART_TDR(dev) = c;
+    return 1;
+}
+
+int usart_rx(uint32_t dev, uint8_t *c)
+{
+    int ret = 0;
+    if (dev == USART1_BASE) {
+        if (modem_rx_idx > modem_parser_idx) {
+            *c = (uint8_t)(modem_rx_buf[modem_parser_idx++]);
+            if (modem_rx_idx == modem_parser_idx) {
+                modem_rx_idx = 0;
+                modem_parser_idx = 0;
+            }
+            ret = 1;
+        }
+    } else {
+        volatile uint32_t reg = USART_ISR(dev);
+        if ((reg & USART_ISR_RXNE) != 0) {
+            reg = USART_RDR(dev);
+            *c = (uint8_t)(reg & 0xff);
+            ret = 1;
+        }
+    }
+    return ret;
+}
+
+int usart_init(uint32_t dev, uint32_t bitrate, uint8_t data, char parity, uint8_t stop)
+{
+    uint32_t reg;
+    int rtscts = 0;
+
+    if (dev == USART1_BASE) {
+        usart1_init();
+#if RTSCTS
+        rtscts = 1;
+#endif
+    }
+    else if (dev == USART2_BASE)
+        usart2_init();
+    else
+        return -1;
+    /* Turn off the device */
+    USART_CR1(dev) &= ~(USART_CR1_ENABLE);
+
+    /* Configure for TX + RX */
+    USART_CR1(dev) |= (USART_CR1_TX_ENABLE | USART_CR1_RX_ENABLE);
+
+    /* Configure clock */
+    USART_BRR(dev) = CLOCK_SPEED / (bitrate);
+
+    /* Configure data bits */
+    if (data == 8)
+        USART_CR1(dev) &= ~USART_CR1_SYMBOL_LEN;
+    else
+        USART_CR1(dev) |= USART_CR1_SYMBOL_LEN;
+
+    /* Configure parity */
+    switch (parity) {
+        case 'O':
+            USART_CR1(dev) |= USART_CR1_PARITY_ODD;
+            /* fall through to enable parity */
+            /* FALL THROUGH */
+        case 'E':
+            USART_CR1(dev) |= USART_CR1_PARITY_ENABLED;
+            break;
+        default:
+            USART_CR1(dev) &= ~(USART_CR1_PARITY_ENABLED | USART_CR1_PARITY_ODD);
+    }
+    /* Set stop bits (not supported) */
+    (void)stop;
+
+    /* Set rtscts */
+    if (rtscts)
+        USART_CR3(dev) |= USART_CR3_CTSE | USART_CR3_RTSE;
+
+#if AUTOBR
+    /* Enable ABR */
+    USART_CR2(dev) |= USART_CR2_ABREN;
+#endif
+
+
+    if (dev == USART1_BASE) {
+        USART_CR1(dev) |= USART_CR1_RXNEIE | USART_CR1_PEIE;
+        USART_CR3(dev) |= USART_CR3_EIE;
+        nvic_irq_enable(NVIC_UART1_IRQN);
+        nvic_irq_setprio(NVIC_UART1_IRQN, 0);
+    }
+
+    /* Turn on uart */
+    USART_CR1(dev) |= USART_CR1_ENABLE;
+    return 0;
+}
+
+/* STDOUT on USART2 */
+int _write(void *r, uint8_t *text, int len)
+{
+    char *p = (char *)text;
+    int i;
+    (void)r;
+    while(*p && (p < (char *)(text + len))) {
+        usart_tx(USART2_BASE, *p);
+        p++;
+    }
+    return len;
+}
+
+/* newlib backend calls */
+
+extern unsigned int _start_heap;
+void * _sbrk(unsigned int incr)
+{
+    static unsigned char *heap = NULL;
+    void *old_heap = heap;
+    if (((incr >> 2) << 2) != incr)
+        incr = ((incr >> 2) + 1) << 2;
+    if (old_heap == NULL)
+        old_heap = heap = (unsigned char *)&_start_heap;
+    heap += incr;
+    return old_heap;
+}
+void * _sbrk_r(unsigned int incr)
+{
+    static unsigned char *heap = NULL;
+    void *old_heap = heap;
+    if (((incr >> 2) << 2) != incr)
+        incr = ((incr >> 2) + 1) << 2;
+    if (old_heap == NULL)
+        old_heap = heap = (unsigned char *)&_start_heap;
+    heap += incr;
+    return old_heap;
+}
+
+int _close(int fd)
+{
+    return -1;
+}
+
+int _fstat(int fd)
+{
+    return -1;
+}
+
+int _lseek(int fd, int whence, int off)
+{
+    return -1;
+}
+
+int _read(uint8_t *buf, int len)
+{
+    return -1;
+}
+
+int _isatty(int fd)
+{
+    return 1;
+}
+
+/* Clock + waitstates settings */
+
+static void flash_set_waitstates(unsigned int waitstates)
+{
+    uint32_t reg = FLASH_ACR;
+    if ((reg & FLASH_ACR_LATENCY_MASK) != waitstates)
+        FLASH_ACR |= ((reg & ~FLASH_ACR_LATENCY_MASK) | waitstates);
+}
+
+void clock_pll_on(void)
+{
+    uint32_t reg32;
+    uint32_t cpu_freq;
+    uint32_t hpre, ppre1, ppre2;
+    uint32_t flash_waitstates;
+
+    /* Select clock parameters (CPU Speed = 80MHz) */
+    cpu_freq = 80000000;
+    flash_waitstates = 4;
+    flash_set_waitstates(flash_waitstates);
+
+    /* Configure + enable internal high-speed oscillator. */
+    RCC_CR = (RCC_CR & (~RCC_CR_MSIRANGE_Msk)) | RCC_CR_MSIRANGE_6;
+    RCC_CR |= RCC_CR_MSIRGSEL;
+    RCC_CR |= RCC_CR_MSION;
+
+    DMB();
+    while ((RCC_CR & RCC_CR_MSIRDY) == 0)
+        ;
+    /* Select MSI as SYSCLK source. */
+    reg32 = RCC_CFGR;
+    reg32 &= ~(RCC_CFGR_SW_MASK);
+    RCC_CFGR = (reg32 | RCC_CFGR_SW_MSI);
+    DMB();
+    /*
+     * Set prescalers
+     */
+    hpre = RCC_PRESCALER_DIV_NONE;
+    ppre1 = RCC_PRESCALER_DIV_NONE;
+    ppre2 = RCC_PRESCALER_DIV_NONE;
+    reg32 = RCC_CFGR;
+    reg32 &= ~(RCC_CFGR_HPRE_MASK << RCC_CFGR_HPRE_SHIFT);
+    RCC_CFGR = (hpre & RCC_CFGR_HPRE_MASK) << RCC_CFGR_HPRE_SHIFT;
+    DMB();
+    reg32 = RCC_CFGR;
+    reg32 &= ~(RCC_CFGR_PPRE1_MASK << RCC_CFGR_PPRE1_SHIFT);
+    RCC_CFGR = (reg32 | (ppre1 << RCC_CFGR_PPRE1_SHIFT));
+    DMB();
+    reg32 &= ~(RCC_CFGR_PPRE2_MASK << RCC_CFGR_PPRE2_SHIFT);
+    RCC_CFGR = (reg32 | (ppre2 << RCC_CFGR_PPRE2_SHIFT));
+    DMB();
+    /* Set PLLCFGR parameter */
+    RCC_PLLCFGR = PLLCFGR_PLLM | PLLCFGR_PLLN |
+        PLLCFGR_PLLP | PLLCFGR_PLLQ |
+        PLLCFGR_PLLR | RCC_PLLCFGR_PLLP_EN |
+        RCC_PLLCFGR_PLLQ_EN | RCC_PLLCFGR_PLLR_EN |
+        RCC_PLLCFGR_PLLSRC_MSI;
+
+    /* Enable PLL oscillator and wait for it to stabilize. */
+    RCC_CR |= RCC_CR_PLLON;
+    DMB();
+    while ((RCC_CR & RCC_CR_PLLRDY) == 0)
+        ;
+
+    /* Select PLL as SYSCLK source. */
+    reg32 = RCC_CFGR;
+    reg32 &= ~(RCC_CFGR_SW_MASK);
+    RCC_CFGR = (reg32 | RCC_CFGR_SW_PLL);
+    DMB();
+    /* Wait for PLL clock to be selected (via SWS, bits 3:2) */
+    while (((RCC_CFGR >> 2) & RCC_CFGR_SW_MASK) != RCC_CFGR_SW_PLL)
+        ;
+
+    RCC_CCIPR |= (1 << 26);
+
+    PWR_CR1 |= PWR_CR1_DBP;
+}
+
+
+/* Modem via STMod+ connector */
+static int stmod_en_init = 0;
+
+static void stmod_pin_init(void)
+{
+    uint32_t reg;
+    RCC_AHB2_ENR |=
+        GPIOA_AHB2_CLOCK_ER_VAL |
+        GPIOB_AHB2_CLOCK_ER_VAL |
+        GPIOC_AHB2_CLOCK_ER_VAL |
+        GPIOD_AHB2_CLOCK_ER_VAL |
+        GPIOI_AHB2_CLOCK_ER_VAL;
+
+    /* 'enable' pin */
+    reg = GPIO_MODE(STMOD_EN_PORT) & ~(0x03 << (STMOD_EN_PIN * 2));
+    GPIO_MODE(STMOD_EN_PORT) = reg | (0x01 << (STMOD_EN_PIN * 2));
+
+    /* RST pin */
+    reg = GPIO_MODE(STMOD_MODEM_RST_PORT) & ~(0x03 << (STMOD_MODEM_RST_PIN * 2));
+    GPIO_MODE(STMOD_MODEM_RST_PORT) = reg | (0x01 << (STMOD_MODEM_RST_PIN * 2));
+    
+    /* DTR pin */
+    reg = GPIO_MODE(STMOD_MODEM_DTR_PORT) & ~(0x03 << (STMOD_MODEM_DTR_PIN * 2));
+    GPIO_MODE(STMOD_MODEM_DTR_PORT) = reg | (0x01 << (STMOD_MODEM_DTR_PIN * 2));
+
+    /* Sim select pins */
+    reg = GPIO_MODE(STMOD_SIM_SELECT0_PORT) & ~(0x03 << (STMOD_SIM_SELECT0_PIN * 2));
+    GPIO_MODE(STMOD_SIM_SELECT0_PORT) = reg | (0x01 << (STMOD_SIM_SELECT0_PIN * 2));
+    reg = GPIO_MODE(STMOD_SIM_SELECT1_PORT) & ~(0x03 << (STMOD_SIM_SELECT1_PIN * 2));
+    GPIO_MODE(STMOD_SIM_SELECT1_PORT) = reg | (0x01 << (STMOD_SIM_SELECT1_PIN * 2));
+
+}
+
+void stmod_modem_enable(void)
+{
+    if (!stmod_en_init) {
+        stmod_pin_init();
+        stmod_en_init = 1;
+    }
+
+    /* initial pin state */
+    gpio_set(STMOD_EN_PORT, STMOD_EN_PIN);
+    gpio_set(STMOD_MODEM_RST_PORT, STMOD_MODEM_RST_PIN);
+    gpio_set(STMOD_MODEM_DTR_PORT, STMOD_MODEM_DTR_PIN);
+    sleep_ms(200);
+    gpio_clear(STMOD_MODEM_RST_PORT, STMOD_MODEM_RST_PIN);
+    gpio_clear(STMOD_EN_PORT, STMOD_EN_PIN);
+    sleep_ms(2500);
+
+    /* ON/OFF sequence to clear state */
+    gpio_set(STMOD_EN_PORT, STMOD_EN_PIN);
+    sleep_ms(700);
+    gpio_clear(STMOD_EN_PORT, STMOD_EN_PIN);
+    sleep_ms(1000);
+    gpio_set(STMOD_EN_PORT, STMOD_EN_PIN);
+    sleep_ms(50);
+    gpio_clear(STMOD_EN_PORT, STMOD_EN_PIN);
+    sleep_ms(30);
+    gpio_set(STMOD_EN_PORT, STMOD_EN_PIN); /* Modem is on. */
+    printf("Modem booting...\n");
+    sleep_ms(5000);
+    printf("Modem is on.\r\n");
+
+}
+
+void stmod_modem_disable(void)
+{
+    if (!stmod_en_init) {
+        stmod_pin_init();
+        stmod_en_init = 1;
+    }
+    gpio_clear(STMOD_EN_PORT, STMOD_EN_PIN);
+}
+
+extern volatile unsigned jiffies;
+void systick_enable(void)
+{
+    SYSTICK_RVR = ((CLOCK_SPEED / 1000) - 1);
+    SYSTICK_CVR = 0;
+    SYSTICK_CSR |= 0x07;
+}
+
+void sleep_ms(unsigned ms)
+{
+    unsigned end = jiffies + ms;
+    while(jiffies < end)
+        __asm__ volatile("wfi");
+}
+
+void isr_usart1(void)
+{
+    uint32_t reg;
+    reg = USART_ISR(USART1_BASE);
+    if (reg & USART_ISR_RXNE) {
+        modem_rx_buf[modem_rx_idx++] = (char)USART_RDR(USART1_BASE);
+    } else {
+        USART_ICR(USART1_BASE) |= 2 | USART_ICR_CMCF; /* FECF + CMCF*/
+    }
+}
--- a/IDE/iotsafe/devices.h
+++ b/IDE/iotsafe/devices.h
@@ -0,0 +1,302 @@
+/* devices.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Minimalist BSP for IoT-Safe example based on
+ * ST P-L596G-CELL02 + Quectel BG96 modem
+ */
+#ifndef STM32L496_DEVICES
+#define STM32L496_DEVICES
+
+/* CPU clock speed */
+//#define CLOCK_SPEED 14200000
+//#define CLOCK_SPEED 6000000
+#define CLOCK_SPEED 40000000
+
+/* Memory mapping */
+#define USART1_BASE (0x40013800UL)
+#define USART2_BASE (0x40004400UL)
+#define GPIOA_BASE  (0x48000000UL)
+#define GPIOB_BASE  (0x48000400UL)
+#define GPIOC_BASE  (0x48000800UL)
+#define GPIOD_BASE  (0x48000C00UL)
+#define GPIOE_BASE  (0x48001000UL)
+#define GPIOF_BASE  (0x48001400UL)
+#define GPIOG_BASE  (0x48001800UL)
+#define GPIOH_BASE  (0x48001C00UL)
+#define GPIOI_BASE  (0x48002000UL)
+#define RCC_BASE    (0x40021000UL)
+#define PWR_BASE    (0x40007000UL)
+
+
+
+/* USART */
+#define USART_CR1(x) (*((volatile uint32_t *)(x + 0x00)))
+#define USART_CR2(x) (*((volatile uint32_t *)(x + 0x04)))
+#define USART_CR3(x) (*((volatile uint32_t *)(x + 0x08)))
+#define USART_BRR(x) (*((volatile uint32_t *)(x + 0x0C)))
+#define USART_ISR(x) (*((volatile uint32_t *)(x + 0x1C)))
+#define USART_ICR(x) (*((volatile uint32_t *)(x + 0x20)))
+#define USART_RDR(x) (*((volatile uint8_t *)(x + 0x24)))
+#define USART_TDR(x) (*((volatile uint8_t *)(x + 0x28)))
+
+/* GPIO */
+#define GPIO_MODE(x) (*((volatile uint32_t *)(x + 0x00)))
+#define GPIO_SPEED(x) (*((volatile uint32_t *)(x + 0x08)))
+#define GPIO_PUPD(x) (*((volatile uint32_t *)(x + 0x0C)))
+#define GPIO_AFL(x)  (*((volatile uint32_t *)(x + 0x20)))
+#define GPIO_AFH(x)  (*((volatile uint32_t *)(x + 0x24)))
+#define GPIO_BSSR(x) (*((volatile uint32_t *)(x + 0x18)))
+
+
+/* RCC */
+#define RCC_CR       (*(volatile uint32_t *)(RCC_BASE + 0x00))
+#define RCC_CFGR     (*(volatile uint32_t *)(RCC_BASE + 0x08))
+#define RCC_PLLCFGR  (*(volatile uint32_t *)(RCC_BASE + 0x0C))
+#define RCC_CCIPR    (*(volatile uint32_t *)(RCC_BASE + 0x88))
+
+#define RCC_AHB1_ENR (*(volatile uint32_t *)(RCC_BASE + 0x48))
+#define RCC_AHB2_ENR (*(volatile uint32_t *)(RCC_BASE + 0x4C))
+#define RCC_AHB3_ENR (*(volatile uint32_t *)(RCC_BASE + 0x50))
+#define RCC_APB1_ENR (*(volatile uint32_t *)(RCC_BASE + 0x58))
+#define RCC_APB2_ENR (*(volatile uint32_t *)(RCC_BASE + 0x60))
+
+/* PWR */
+#define PWR_CR1       (*(volatile uint32_t *)(PWR_BASE + 0x00))
+#define PWR_CR2       (*(volatile uint32_t *)(PWR_BASE + 0x04))
+#define PWR_SR2       (*(volatile uint32_t *)(PWR_BASE + 0x014))
+
+#define PWR_CR1_DBP (1 << 8)
+#define PWR_CR2_PVME2 (1 << 5)
+#define PWR_CR2_IOSV (1 << 9)
+#define PWR_SR2_PVMO2 (1 << 13)
+
+
+/* FLASH registers + latency mask  */
+#define FLASH_BASE 0x40022000
+#define FLASH_ACR  (*(volatile uint32_t *)(FLASH_BASE + 0x00))
+#define FLASH_ACR_LATENCY_MASK (0x03)
+
+/* RCC: Periph enable flags */
+#define USART1_APB2_CLOCK_ER_VAL 	(1 << 14)
+#define USART2_APB1_CLOCK_ER_VAL 	(1 << 17)
+#define PWR_APB1_CLOCK_ER_VAL       (1 << 28)
+#define GPIOA_AHB2_CLOCK_ER_VAL     (1 << 0)
+#define GPIOB_AHB2_CLOCK_ER_VAL     (1 << 1)
+#define GPIOC_AHB2_CLOCK_ER_VAL     (1 << 2)
+#define GPIOD_AHB2_CLOCK_ER_VAL     (1 << 3)
+#define GPIOE_AHB2_CLOCK_ER_VAL     (1 << 4)
+#define GPIOF_AHB2_CLOCK_ER_VAL     (1 << 5)
+#define GPIOG_AHB2_CLOCK_ER_VAL     (1 << 6)
+#define GPIOH_AHB2_CLOCK_ER_VAL     (1 << 7)
+#define GPIOI_AHB2_CLOCK_ER_VAL     (1 << 8)
+
+/* Pinout: USART */
+#define USART1_PIN_RX  (10)  /* PG10 */
+#define USART1_PIN_TX  (6)   /* PB6  */
+#define USART1_PIN_CTS (11)  /* PG11 */
+#define USART1_PIN_RTS (12)  /* PG12 */
+#define USART1_AF      (7)
+
+#define USART2_PIN_RX  (6)   /* PD6 */
+#define USART2_PIN_TX  (2)   /* PA2 */
+#define USART2_AF      (7)
+
+
+
+/* USART registers: flags */
+
+#define USART_CR1_ENABLE         (1 << 0)
+#define USART_CR1_TX_ENABLE      (1 << 3)
+#define USART_CR1_RX_ENABLE      (1 << 2)
+#define USART_CR1_RXNEIE         (1 << 5)
+#define USART_CR1_PEIE           (1 << 8)
+#define USART_CR1_PARITY_ODD     (1 << 9)
+#define USART_CR1_PARITY_ENABLED (1 << 10)
+#define USART_CR1_SYMBOL_LEN     (1 << 28)
+#define USART_CR2_ABREN          (1 << 20)
+#define USART_CR3_EIE            (1 << 0)
+#define USART_CR3_RTSE           (1 << 8)
+#define USART_CR3_CTSE           (1 << 9)
+#define USART_ISR_TXE            (1 << 7)
+#define USART_ISR_RXNE           (1 << 5)
+#define USART_ICR_CTSCF          (1 << 9)
+#define USART_ICR_CMCF           (1 << 17)
+
+/* RCC_CR/CFGR/PLLCFGR values */
+#define RCC_PRESCALER_DIV_NONE 0
+#define RCC_PRESCALER_DIV_2    8
+#define RCC_PRESCALER_DIV_4    9
+
+#define RCC_CR_PLLRDY                (1 << 25)
+#define RCC_CR_PLLON                 (1 << 24)
+#define RCC_CR_MSIRGSEL              (1 << 3)
+#define RCC_CR_MSIRDY                (1 << 1)
+#define RCC_CR_MSION                 (1 << 0)
+#define RCC_CR_HSIRDY                (1 << 10)
+#define RCC_CR_HSION                 (1 << 8)
+#define RCC_CR_MSIRANGE_SHIFT        4
+#define RCC_CR_MSIRANGE_9            (0x09 << 4)
+#define RCC_CR_MSIRANGE_6            (0x06 << 4)
+#define RCC_CR_MSIRANGE_Msk          (0x0F << 4)
+
+#define RCC_CFGR_HPRE_MASK            0x0F
+#define RCC_CFGR_PPRE1_MASK           0x07
+#define RCC_CFGR_PPRE2_MASK           0x07
+#define RCC_CFGR_HPRE_SHIFT           4
+#define RCC_CFGR_PPRE1_SHIFT          8
+#define RCC_CFGR_PPRE2_SHIFT          11
+#define RCC_CFGR_SW_MSI               0x0
+#define RCC_CFGR_SW_PLL               0x3
+#define RCC_CFGR_SW_MASK              0x3
+
+/* Bits 0:1 SRC */
+#define RCC_PLLCFGR_SRC_SHIFT       0
+#define RCC_PLLCFGR_PLLSRC_MSI      0x1
+#define RCC_PLLCFGR_PLLSRC_MASK     0x3
+
+/* Bits 4:6 PLLM */
+//#define PLLCFGR_PLLM                (0x4 << 4)
+#define PLLCFGR_PLLM                (0x1 << 4)
+#define RCC_PLLCFGR_PLLM_MASK       (0x7 << 4)
+
+/* Bits 8:14 PLLN */
+//#define PLLCFGR_PLLN                (71   << 8)
+#define PLLCFGR_PLLN                (40   << 8)
+#define RCC_PLLCFGR_PLLN_MASK       (0x7f << 8)
+
+/* Bits 27:31 PLLPDIV */
+#define PLLCFGR_PLLP                (2 << 27)
+#define RCC_PLLCFGR_PLLP_MASK       (0x1F << 27)
+
+/* Bits 21:22 PLLQ */
+#define PLLCFGR_PLLQ                (0 << 21)
+#define RCC_PLLCFGR_PLLQ_MASK       (0x3 << 21)
+
+/* Bits 25:26 PLLR */
+//#define PLLCFGR_PLLR                (2 << 25)
+#define PLLCFGR_PLLR                (0 << 25)
+#define RCC_PLLCFGR_PLLR_MASK       (0x3 << 25)
+
+/* Enablers */
+#define RCC_PLLCFGR_PLLP_EN         (0 << 16)
+#define RCC_PLLCFGR_PLLQ_EN         (0 << 20)
+#define RCC_PLLCFGR_PLLR_EN         (1 << 24)
+
+/* Systick */
+#define SYSTICK_BASE (0xE000E010)
+#define SYSTICK_CSR     (*(volatile uint32_t *)(SYSTICK_BASE + 0x00))
+#define SYSTICK_RVR     (*(volatile uint32_t *)(SYSTICK_BASE + 0x04))
+#define SYSTICK_CVR     (*(volatile uint32_t *)(SYSTICK_BASE + 0x08))
+#define SYSTICK_CALIB   (*(volatile uint32_t *)(SYSTICK_BASE + 0x0C))
+
+
+/* STMod+ connector pinout 
+ *
+ * Connector            STM32L4
+ * pins                 pins
+ * 
+ * 1      11            PG11    PH2
+ * 2      12            PB6     PB2
+ * 3      13            PG10    PA4
+ * 4      14            PG12    PA0
+ * 5      15            GND     5V
+ * 6      16            5V      GND
+ * 7      17            PB8     PC7
+ * 8      18            PI3     PC2
+ * 9      19            PD3     PB12
+ * 10     20            PB7     PC2
+ *
+ */
+
+#define STMOD_EN_PORT   GPIOD_BASE
+#define STMOD_EN_PIN    3
+#define STMOD_SIM_SELECT0_PORT GPIOC_BASE
+#define STMOD_SIM_SELECT0_PIN  2
+#define STMOD_SIM_SELECT1_PORT GPIOI_BASE
+#define STMOD_SIM_SELECT1_PIN  3
+#define STMOD_MODEM_RST_PORT   GPIOB_BASE
+#define STMOD_MODEM_RST_PIN    2
+#define STMOD_MODEM_DTR_PORT   GPIOA_BASE
+#define STMOD_MODEM_DTR_PIN    0
+
+void stmod_modem_enable(void);
+void stmod_modem_disable(void);
+
+/* inline functions for GPIO */
+static inline void gpio_set(uint32_t port, uint32_t pin)
+{
+    GPIO_BSSR(port) |= (1 << pin);   
+}
+
+static inline void gpio_clear(uint32_t port, uint32_t pin)
+{
+    GPIO_BSSR(port) |= (1 << (16 + pin));
+}
+
+
+/* Exported functions (from devices.c) */
+void clock_pll_on(void);
+int usart_init(uint32_t dev, uint32_t bitrate, uint8_t data, char parity, uint8_t stop);
+int usart_tx(uint32_t dev, const uint8_t c);
+int usart_rx(uint32_t dev, uint8_t *c);
+void systick_enable(void);
+void sleep_ms(unsigned ms);
+
+
+/* Assembly helpers */
+#define DMB() __asm__ volatile ("dmb")
+
+/* Nvic */
+#define NVIC_ISER_BASE (0xE000E100)
+#define NVIC_ICER_BASE (0xE000E180)
+#define NVIC_ICPR_BASE (0xE000E280)
+#define NVIC_IPRI_BASE (0xE000E400)
+
+static inline void nvic_irq_enable(uint8_t n)
+{
+    int i = n / 32;
+    volatile uint32_t *nvic_iser = ((volatile uint32_t *)(NVIC_ISER_BASE + 4 * i));
+    *nvic_iser |= (1 << (n % 32));
+}
+
+static inline void nvic_irq_disable(uint8_t n)
+{
+    int i = n / 32;
+    volatile uint32_t *nvic_icer = ((volatile uint32_t *)(NVIC_ICER_BASE + 4 * i));
+    *nvic_icer |= (1 << (n % 32));
+}
+
+static inline void nvic_irq_setprio(uint8_t n, uint8_t prio)
+{
+    volatile uint8_t *nvic_ipri = ((volatile uint8_t *)(NVIC_IPRI_BASE + n));
+    *nvic_ipri = prio;
+}
+
+
+static inline void nvic_irq_clear(uint8_t n)
+{
+    int i = n / 32;
+    volatile uint8_t *nvic_icpr = ((volatile uint8_t *)(NVIC_ICPR_BASE + 4 * i));
+    *nvic_icpr = (1 << (n % 32));
+}
+
+
+#endif /* guard */
--- a/IDE/iotsafe/include.am
+++ b/IDE/iotsafe/include.am
@@ -0,0 +1,17 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+EXTRA_DIST += IDE/iotsafe/README.md
+EXTRA_DIST += IDE/iotsafe/Makefile
+EXTRA_DIST += IDE/iotsafe/target.ld
+
+EXTRA_DIST += IDE/iotsafe/main.c
+EXTRA_DIST += IDE/iotsafe/startup.c
+EXTRA_DIST += IDE/iotsafe/startup.c
+EXTRA_DIST += IDE/iotsafe/memory-tls.c
+EXTRA_DIST += IDE/iotsafe/devices.c
+EXTRA_DIST += IDE/iotsafe/ca-cert.c
+EXTRA_DIST += IDE/iotsafe/devices.h
+EXTRA_DIST += IDE/iotsafe/user_settings.h
+
+DISTCLEANFILES+= IDE/iotsafe/build
--- a/IDE/iotsafe/main.c
+++ b/IDE/iotsafe/main.c
@@ -0,0 +1,142 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* IoT-safe example
+ * main for STM32L4
+ */
+
+#include <stdio.h>
+#include "devices.h"
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/port/iotsafe/iotsafe.h>
+
+#define STDIO USART2_BASE
+#define MODEM  USART1_BASE
+
+#define RX_TIMEOUT 100
+
+
+extern volatile unsigned long jiffies;
+
+
+int usart1_read(char *buf, int len)
+{
+    int i = 0;
+    char c;
+    int ret;
+    volatile unsigned long start = jiffies;
+    memset(buf, 0, len);
+    do {
+        ret = usart_rx(MODEM, &c);
+        if (ret > 0) {
+            buf[i++] = c;
+            if (c == '\n') {
+                return i;
+            }
+        } else {
+            __asm__ volatile("wfi");
+        }
+
+    } while(((jiffies - start) < RX_TIMEOUT) && (i < len));
+    if (i == 0) {
+        return 0;
+    }
+    return i;
+}
+
+int usart1_write(const char *buf, int len)
+{
+    int i = 0;
+    do {
+        usart_tx(MODEM, buf[i++]);
+    } while(i < len);
+    return len;
+}
+
+extern int memory_tls_test(void);
+
+void main(void)
+{
+    uint32_t last_mark = 0;
+    int i;
+    char randombytes[16];
+    int ret;
+    char c;
+    WC_RNG rng;
+    clock_pll_on();
+    systick_enable();
+    if (usart_init(STDIO, 115200, 8, 'N', 1) < 0)
+        while(1)
+            ;
+    printf("wolfSSL IoT-SAFE demo\n");
+
+    printf("Press a key to continue...\n");
+    do {
+        ret = usart_rx(STDIO, &c);
+    } while (ret <= 0);
+    printf("%c\n", c);
+
+    printf("Initializing modem...\n");
+    stmod_modem_enable();
+    sleep_ms(1000);
+    printf("System up and running\r\n");
+    sleep_ms(1000);
+
+    printf("Initializing wolfSSL...\n");
+    wolfSSL_Init();
+    wolfSSL_Debugging_ON();
+
+    printf("Initializing modem port\n");
+    if(usart_init(MODEM, 115200, 8, 'N', 1) < 0)
+        while(1)
+            ;
+    printf("Initializing IoTSafe I/O...\n");
+    wolfIoTSafe_SetCSIM_read_cb(usart1_read);
+    wolfIoTSafe_SetCSIM_write_cb(usart1_write);
+
+    /* IoT-Safe system up and running. */
+    printf("Initializing RNG...\n");
+    wc_InitRng(&rng);
+
+    printf("Getting RND...\n");
+    wc_RNG_GenerateBlock(&rng, randombytes, 16);
+    wc_FreeRng(&rng);
+    printf("Random bytes: ");
+    for (i = 0; i < 16; i++) {
+        printf("%02X", randombytes[i]);
+    }
+    printf("\n");
+
+    memory_tls_test();
+
+    while(1) {
+        if (usart_rx(STDIO, &c)) {
+            usart_tx(MODEM, c);
+            usart_tx(STDIO, c);
+        }
+        if (usart_rx(MODEM, &c)) {
+            usart_tx(STDIO, c);
+        }
+        __asm__ volatile("wfi");
+    }
+}
--- a/IDE/iotsafe/memory-tls.c
+++ b/IDE/iotsafe/memory-tls.c
@@ -0,0 +1,412 @@
+/* memory-tls.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* IoT-safe client side demo
+    - server uses software crypto and buffers
+    - client uses IoT-Safe
+
+    Client and server communicates in a cooperative
+    scheduling mechanism within the same thread.
+    Two buffers in memory are used for client<=>server communication.
+*/
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/error-ssl.h>
+#include <wolfssl/wolfcrypt/port/iotsafe/iotsafe.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "ca-cert.c"
+
+/* IoTSAFE Certificate slots */
+
+/* File Slot '03' is pre-provisioned with
+ * local certificate.
+ */
+#define CRT_CLIENT_FILE_ID 0x03     /* pre-provisioned */
+
+/* File Slot '04' is pre-provisioned with the
+ * server's EC public key certificate
+ */
+#define CRT_SERVER_FILE_ID 0x04
+
+/* IoTSAFE Key slots */
+
+/* Key slot '02' is pre-provisioned with
+ * the client private key.
+ */
+#define PRIVKEY_ID      0x02 /* pre-provisioned */
+
+/* Key slot '03' is used by wolfSSL to generate
+ * the ECDH key that will be used during the TLS
+ * session.
+ */
+#define ECDH_KEYPAIR_ID 0x03
+
+/* Key slot '04' is used to store the public key
+ * received from the peer.
+ */
+#define PEER_PUBKEY_ID  0x04
+
+/* Key slot '05' is used to store a public key
+ * used for ecc verification
+ */
+#define PEER_CERT_ID    0x05
+
+/* The following define
+ * activates mutual authentication */
+#define CLIENT_AUTH
+
+#define CLIENT_IOTSAFE
+#define CA_ECC
+
+
+static int client_state = 0;
+static int server_state = 0;
+
+static uint8_t cert_buffer[2048];
+static uint32_t cert_buffer_size;
+
+static WOLFSSL_CTX* srv_ctx = NULL;
+static WOLFSSL* srv_ssl = NULL;
+static WOLFSSL_CTX *cli_ctx = NULL;
+static WOLFSSL *cli_ssl = NULL;
+
+
+/* client messages to server in memory */
+#define TLS_BUFFERS_SZ (1024 * 8)
+static unsigned char to_server[TLS_BUFFERS_SZ];
+static int server_bytes;
+static int server_write_idx;
+static int server_read_idx;
+
+/* server messages to client in memory */
+static unsigned char to_client[TLS_BUFFERS_SZ];
+static int client_bytes;
+static int client_write_idx;
+static int client_read_idx;
+
+
+/* server send callback */
+int ServerSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    if (client_write_idx + sz > TLS_BUFFERS_SZ) {
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
+    }
+    printf("=== Srv-Cli: %d\n", sz);
+    XMEMCPY(&to_client[client_write_idx], buf, sz);
+    client_write_idx += sz;
+    client_bytes += sz;
+    return sz;
+}
+
+
+/* server recv callback */
+int ServerRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    if (server_bytes - server_read_idx < sz) {
+        return WOLFSSL_CBIO_ERR_WANT_READ;
+    }
+    XMEMCPY(buf, &to_server[server_read_idx], sz);
+    server_read_idx += sz;
+
+    if (server_read_idx == server_write_idx) {
+        server_read_idx = server_write_idx = 0;
+        server_bytes = 0;
+    }
+    printf("=== Srv RX: %d\n", sz);
+    return sz;
+}
+
+
+/* client send callback */
+int ClientSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    if (server_write_idx + sz > TLS_BUFFERS_SZ)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
+
+    printf("=== Cli->Srv: %d\n", sz);
+    XMEMCPY(&to_server[server_write_idx], buf, sz);
+    server_write_idx += sz;
+    server_bytes += sz;
+
+    return sz;
+}
+
+
+/* client recv callback */
+int ClientRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    if (client_bytes - client_read_idx < sz) {
+        return WOLFSSL_CBIO_ERR_WANT_READ;
+    }
+
+    XMEMCPY(buf, &to_client[client_read_idx], sz);
+    client_read_idx += sz;
+
+    if (client_read_idx == client_write_idx) {
+        client_read_idx = client_write_idx = 0;
+        client_bytes = 0;
+    }
+    printf("=== Cli RX: %d\n", sz);
+    return sz;
+}
+
+/* wolfSSL Client loop */
+static int client_loop(void)
+{
+    /* set up client */
+    int ret;
+    const char* helloStr = "hello iot-safe wolfSSL";
+
+    printf("=== CLIENT step %d ===\n", client_state);
+    if (client_state == 0) {
+        printf("Client: Creating new CTX\n");
+    #ifdef WOLFSSL_TLS13
+        cli_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+    #else
+        cli_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
+    #endif
+        if (cli_ctx == NULL) {
+            printf("Bad client ctx new");
+            return 0;
+        }
+        printf("Client: Enabling IoT Safe in CTX\n");
+        wolfSSL_CTX_iotsafe_enable(cli_ctx);
+
+        printf("Loading CA\n");
+        ret = wolfSSL_CTX_load_verify_buffer(cli_ctx, ca_ecc_cert_der_256,
+                sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1);
+        if (ret != WOLFSSL_SUCCESS) {
+            printf("Bad CA\n");
+            return -1;
+        }
+
+        cert_buffer_size = wolfIoTSafe_GetCert(CRT_SERVER_FILE_ID, cert_buffer,
+            sizeof(cert_buffer));
+        if (cert_buffer_size < 1) {
+            printf("Bad server cert\n");
+            return -1;
+        }
+        printf("Loaded Server certificate from IoT-Safe, size = %lu\n",
+                cert_buffer_size);
+        if (wolfSSL_CTX_load_verify_buffer(cli_ctx, cert_buffer, cert_buffer_size,
+                    WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("Cannot load server cert\n");
+            return -1;
+        }
+        printf("Server certificate successfully imported.\n");
+        wolfSSL_CTX_set_verify(cli_ctx, WOLFSSL_VERIFY_PEER, NULL);
+
+#ifdef CLIENT_AUTH
+        cert_buffer_size = wolfIoTSafe_GetCert(CRT_CLIENT_FILE_ID, cert_buffer,
+            sizeof(cert_buffer));
+        if (cert_buffer_size < 1) {
+            printf("Bad client cert\n");
+            return -1;
+        }
+        printf("Loaded Client certificate from IoT-Safe, size = %lu\n",
+            cert_buffer_size);
+        if (wolfSSL_CTX_use_certificate_buffer(cli_ctx, cert_buffer,
+                  cert_buffer_size, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("Cannot load client cert\n");
+            return -1;
+        }
+        printf("Client certificate successfully imported.\n");
+#endif
+
+        /* Setting IO Send/Receive functions to local memory-based message
+         * passing (ClientSend, ClientRecv) */
+        wolfSSL_CTX_SetIOSend(cli_ctx, ClientSend);
+        wolfSSL_CTX_SetIORecv(cli_ctx, ClientRecv);
+
+        printf("Creating new SSL object\n");
+        cli_ssl = wolfSSL_new(cli_ctx);
+        if (cli_ssl == NULL)  {
+            printf("bad client new");
+            return 0;
+        }
+
+        printf("Setting TLS options: turn on IoT-safe for this socket\n");
+        wolfSSL_iotsafe_on(cli_ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID,
+            PEER_PUBKEY_ID, PEER_CERT_ID);
+
+    #ifdef WOLFSSL_TLS13
+        printf("Setting TLSv1.3 for SECP256R1 key share\n");
+        wolfSSL_UseKeyShare(cli_ssl, WOLFSSL_ECC_SECP256R1);
+    #endif
+
+        client_state++;
+    }
+
+    if (client_state == 1) {
+        printf("Connecting to server...\n");
+        ret = wolfSSL_connect(cli_ssl);
+        if (ret != WOLFSSL_SUCCESS) {
+            if (wolfSSL_want_read(cli_ssl) || wolfSSL_want_write(cli_ssl)) {
+                return 0;
+            }
+            printf("Error in client tls connect: %d\n",
+                wolfSSL_get_error(cli_ssl, ret));
+            client_state = 0;
+            return -1;
+        }
+        printf("Client connected!\n");
+        client_state++;
+    }
+
+    if (client_state == 2) {
+        printf("Sending message: %s\n", helloStr);
+        ret = wolfSSL_write(cli_ssl, helloStr, XSTRLEN(helloStr));
+        if (ret >= 0) {
+            printf("wolfSSL client test success!\n");
+
+            wolfSSL_free(cli_ssl); cli_ssl = NULL;
+            wolfSSL_CTX_free(cli_ctx); cli_ctx = NULL;
+            client_state = 0;
+        }
+        else if (wolfSSL_get_error(cli_ssl, ret) != WOLFSSL_ERROR_WANT_WRITE) {
+            printf("Error in client tls write");
+            client_state = 0;
+            return -1;
+        }
+    }
+
+    return ret;
+}
+
+/* wolfSSL Server Loop */
+static int server_loop(void)
+{
+    int ret;
+    unsigned char buf[80];
+
+    printf("=== SERVER step %d ===\n", server_state);
+
+    if (server_state == 0) {
+    #ifdef WOLFSSL_TLS13
+        srv_ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
+    #else
+        srv_ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
+    #endif
+        if (srv_ctx == NULL) {
+            printf("bad server ctx new");
+            return -1;
+        }
+#ifdef CLIENT_AUTH
+        ret = wolfSSL_CTX_load_verify_buffer(srv_ctx, ca_ecc_cert_der_256,
+            sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1);
+        if (ret != WOLFSSL_SUCCESS) {
+            printf("Bad CA load: %d\n", ret);
+        }
+        ret = wolfSSL_CTX_load_verify_buffer(srv_ctx, cliecc_cert_der_256,
+            sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1);
+        if (ret != WOLFSSL_SUCCESS) {
+            printf("Bad Client cert load: %d\n", ret);
+        }
+        wolfSSL_CTX_set_verify(srv_ctx, WOLFSSL_VERIFY_PEER, NULL);
+#endif
+
+        if (wolfSSL_CTX_use_PrivateKey_buffer(srv_ctx, ecc_key_der_256,
+            sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("Cannot load server private key\n");
+        }
+        if (wolfSSL_CTX_use_certificate_buffer(srv_ctx, serv_ecc_der_256,
+           sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("Cannot load server cert\n");
+        }
+        wolfSSL_CTX_SetIOSend(srv_ctx, ServerSend);
+        wolfSSL_CTX_SetIORecv(srv_ctx, ServerRecv);
+
+        srv_ssl = wolfSSL_new(srv_ctx);
+        if (srv_ssl == NULL) {
+            printf("bad server new");
+            return -1;
+        }
+
+    #ifdef WOLFSSL_TLS13
+        printf("Setting TLSv1.3 for SECP256R1 key share\n");
+        wolfSSL_UseKeyShare(srv_ssl, WOLFSSL_ECC_SECP256R1);
+    #endif
+        server_state++;
+    }
+
+    if (server_state == 1) {
+        /* accept tls connection without tcp sockets */
+        ret = wolfSSL_accept(srv_ssl);
+        if (ret != WOLFSSL_SUCCESS) {
+            if (wolfSSL_want_read(srv_ssl) || wolfSSL_want_write(srv_ssl)) {
+                return 0;
+            }
+            printf("Error in server tls accept: %d\n",
+                wolfSSL_get_error(srv_ssl, ret));
+            server_state = 0;
+            return -1;
+        }
+        printf("wolfSSL accept success!\n");
+        server_state++;
+    }
+
+    if (server_state == 2) {
+        ret = wolfSSL_read(srv_ssl, buf, sizeof(buf)-1);
+        if (wolfSSL_get_error(srv_ssl, ret) == WOLFSSL_ERROR_WANT_READ) {
+            return 0;
+        }
+        if (ret < 0) {
+            printf("SERVER READ ERROR: %d\n", wolfSSL_get_error(srv_ssl, ret));
+            return -1;
+        }
+        if (ret > 0) {
+            printf("++++++ Server received msg from client: '%s'\n", buf);
+            printf("IoT-Safe TEST SUCCESSFUL\n");
+
+            wolfSSL_free(srv_ssl); srv_ssl = NULL;
+            wolfSSL_CTX_free(srv_ctx); srv_ctx = NULL;
+
+            server_state = 0;
+            return -1; /* exit test loop, so it doesn't keep running forever */
+        }
+    }
+
+    return 0;
+}
+
+
+int memory_tls_test(void)
+{
+    int ret_s, ret_c;
+
+    printf("Starting memory-tls test...\n");
+    do {
+        ret_s = server_loop();
+        ret_c = client_loop();
+    } while ((ret_s >= 0) && (ret_c >= 0));
+
+    /* clean up */
+    wolfSSL_free(cli_ssl);
+    wolfSSL_CTX_free(cli_ctx);
+    wolfSSL_free(srv_ssl);
+    wolfSSL_CTX_free(srv_ctx);
+
+    return 0;
+}
--- a/IDE/iotsafe/startup.c
+++ b/IDE/iotsafe/startup.c
@@ -0,0 +1,227 @@
+/* startup.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Startup routines for STM32L596G bare-metal example */
+
+extern unsigned int _stored_data;
+extern unsigned int _start_data;
+extern unsigned int _end_data;
+extern unsigned int _start_bss;
+extern unsigned int _end_bss;
+extern unsigned int _end_stack;
+extern unsigned int _start_heap;
+
+//#define STACK_PAINTING
+
+static volatile unsigned int avail_mem = 0;
+
+#ifdef STACK_PAINTING
+static unsigned int stack_ptr;
+#endif
+
+extern void isr_usart1(void);
+
+extern void main(void);
+
+void isr_reset(void) {
+    register unsigned int *src, *dst;
+    src = (unsigned int *) &_stored_data;
+    dst = (unsigned int *) &_start_data;
+    /* Copy the .data section from flash to RAM. */
+    while (dst < (unsigned int *)&_end_data) {
+        *dst = *src;
+        dst++;
+        src++;
+    }
+
+    /* Initialize the BSS section to 0 */
+    dst = &_start_bss;
+    while (dst < (unsigned int *)&_end_bss) {
+        *dst = 0U;
+        dst++;
+    }
+
+    /* Paint the stack. */
+    avail_mem = &_end_stack - &_start_heap;
+#ifdef STACK_PAINTING
+    {
+        asm volatile("mrs %0, msp" : "=r"(stack_ptr));
+        dst = ((unsigned int *)(&_end_stack)) - (8192 / sizeof(unsigned int)); ;
+        while ((unsigned int)dst < stack_ptr) {
+            *dst = 0xDEADC0DE;
+            dst++;
+        }
+    }
+#endif
+    /* Run the program! */
+    main();
+}
+
+void isr_fault(void)
+{
+    /* Panic. */
+    while(1) ;;
+}
+
+
+void isr_memfault(void)
+{
+    /* Panic. */
+    while(1) ;;
+}
+
+void isr_busfault(void)
+{
+    /* Panic. */
+    while(1) ;;
+}
+
+void isr_usagefault(void)
+{
+    /* Panic. */
+    while(1) ;;
+}
+        
+
+void isr_empty(void)
+{
+    /* Ignore the event and continue */
+}
+
+
+volatile unsigned jiffies = 0;
+void isr_systick(void)
+{
+    jiffies++;
+}
+
+
+
+__attribute__ ((section(".isr_vector")))
+void (* const IV[])(void) =
+{
+	(void (*)(void))(&_end_stack),
+	isr_reset,                   // Reset
+	isr_fault,                   // NMI
+	isr_fault,                   // HardFault
+	isr_memfault,                // MemFault
+	isr_busfault,                // BusFault
+	isr_usagefault,              // UsageFault
+	0, 0, 0, 0,                  // 4x reserved
+	isr_empty,                   // SVC
+	isr_empty,                   // DebugMonitor
+	0,                           // reserved
+	isr_empty,                   // PendSV
+	isr_systick,                 // SysTick
+    
+    isr_empty,              // NVIC_WWDG_IRQ 0
+    isr_empty,              // PVD_IRQ 1
+    isr_empty,              // TAMP_STAMP_IRQ 2
+    isr_empty,              // RTC_WKUP_IRQ 3
+    isr_empty,              // FLASH_IRQ 4
+    isr_empty,              // RCC_IRQ 5
+    isr_empty,             // EXTI0_IRQ 6
+    isr_empty,              // EXTI1_IRQ 7
+    isr_empty,              // EXTI2_IRQ 8
+    isr_empty,              // EXTI3_IRQ 9
+    isr_empty,              // EXTI4_IRQ 10
+    isr_empty,              // DMA1_STREAM0_IRQ 11
+    isr_empty,              // DMA1_STREAM1_IRQ 12
+    isr_empty,              // DMA1_STREAM2_IRQ 13
+    isr_empty,              // DMA1_STREAM3_IRQ 14
+    isr_empty,              // DMA1_STREAM4_IRQ 15
+    isr_empty,              // DMA1_STREAM5_IRQ 16
+    isr_empty,              // DMA1_STREAM6_IRQ 17
+    isr_empty,              // ADC_IRQ 18
+    isr_empty,              // CAN1_TX_IRQ 19
+    isr_empty,              // CAN1_RX0_IRQ 20
+    isr_empty,              // CAN1_RX1_IRQ 21
+    isr_empty,              // CAN1_SCE_IRQ 22
+    isr_empty,               // EXTI9_5_IRQ 23
+    isr_empty,              // TIM1_BRK_TIM9_IRQ 24
+    isr_empty,              // TIM1_UP_TIM10_IRQ 25
+    isr_empty,              // TIM1_TRG_COM_TIM11_IRQ 26
+    isr_empty,              // TIM1_CC_IRQ 27
+    isr_empty,              // TIM2_IRQ 28
+    isr_empty,              // TIM3_IRQ 29
+    isr_empty,              // TIM4_IRQ 30
+    isr_empty,              // I2C1_EV_IRQ 31
+    isr_empty,              // I2C1_ER_IRQ 32
+    isr_empty,              // I2C2_EV_IRQ 33
+    isr_empty,              // I2C2_ER_IRQ 34
+    isr_empty,              // SPI1_IRQ 35
+    isr_empty,              // SPI2_IRQ 36
+    isr_usart1,             // USART1_IRQ 37
+    isr_empty,              // USART2_IRQ 38
+    isr_empty,              // USART3_IRQ 39
+    isr_empty,               // EXTI15_10_IRQ 40
+    isr_empty,              // RTC_ALARM_IRQ 41
+    isr_empty,              // USB_FS_WKUP_IRQ 42
+    isr_empty,              // TIM8_BRK_TIM12_IRQ 43
+    isr_empty,              // TIM8_UP_TIM13_IRQ 44
+    isr_empty,              // TIM8_TRG_COM_TIM14_IRQ 45
+    isr_empty,              // TIM8_CC_IRQ 46
+    isr_empty,              // DMA1_STREAM7_IRQ 47
+    isr_empty,              // FSMC_IRQ
+    isr_empty,              // SDIO_IRQ
+    isr_empty,              // TIM5_IRQ
+    isr_empty,              // SPI3_IRQ
+    isr_empty,              // UART4_IRQ
+    isr_empty,              // UART5_IRQ
+    isr_empty,              // TIM6_DAC_IRQ
+    isr_empty,              // TIM7_IRQ
+    isr_empty,              // DMA2_STREAM0_IRQ
+    isr_empty,              // DMA2_STREAM1_IRQ
+    isr_empty,              // DMA2_STREAM2_IRQ
+    isr_empty,              // DMA2_STREAM3_IRQ
+    isr_empty,              // DMA2_STREAM4_IRQ
+    isr_empty,              // ETH_IRQ
+    isr_empty,              // ETH_WKUP_IRQ
+    isr_empty,              // CAN2_TX_IRQ
+    isr_empty,              // CAN2_RX0_IRQ
+    isr_empty,              // CAN2_RX1_IRQ
+    isr_empty,              // CAN2_SCE_IRQ
+    isr_empty,             // OTG_FS_IRQ
+    isr_empty,              // DMA2_STREAM5_IRQ
+    isr_empty,              // DMA2_STREAM6_IRQ
+    isr_empty,              // DMA2_STREAM7_IRQ
+    isr_empty,              // USART6_IRQ
+    isr_empty,              // I2C3_EV_IRQ
+    isr_empty,              // I2C3_ER_IRQ
+    isr_empty,              // OTG_HS_EP1_OUT_IRQ
+    isr_empty,              // OTG_HS_EP1_IN_IRQ
+    isr_empty,              // OTG_HS_WKUP_IRQ
+    isr_empty,              // OTG_HS_IRQ
+    isr_empty,              // DCMI_IRQ
+    isr_empty,              // CRYP_IRQ
+    isr_empty,              // HASH_RNG_IRQ
+    isr_empty,              // FPU_IRQ
+    isr_empty,              // UART7_IRQ
+    isr_empty,              // UART8_IRQ
+    isr_empty,              // SPI4_IRQ
+    isr_empty,              // SPI5_IRQ
+    isr_empty,              // SPI6_IRQ
+    isr_empty,              // SAI1_IRQ
+    isr_empty,              // LCD_TFT_IRQ
+    isr_empty,              // LCD_TFT_ERR_IRQ
+    isr_empty,              // DMA2D_IRQ
+
+};
--- a/IDE/iotsafe/target.ld
+++ b/IDE/iotsafe/target.ld
@@ -0,0 +1,76 @@
+/* target.ld
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* IoT-safe example
+ * Linker script for STM32L4
+ */
+
+
+MEMORY
+{
+    FLASH (rx) : ORIGIN = 0x08000000, LENGTH = 1M
+    SRAM1_STACK (rw) : ORIGIN = 0x20000000, LENGTH = 16K
+    SRAM1(rw) : ORIGIN = 0x20000000 + 16K, LENGTH = 256K - 16K
+    SRAM2 (rw) : ORIGIN = 0x20040000, LENGTH = 64K
+}
+
+SECTIONS
+{
+    .text :
+    {
+        _start_text = .;
+        KEEP(*(.isr_vector))
+        *(.text*)
+        *(.rodata*)
+        . = ALIGN(4);
+        _end_text = .;
+    } > FLASH
+
+    .edidx :
+    {
+        . = ALIGN(4);
+        *(.ARM.exidx*)
+    } > FLASH
+
+    _stored_data = .;
+
+    .data : AT (_stored_data)
+    {
+        _start_data = .;
+        *(.data*)
+        . = ALIGN(4);
+        _end_data = .;
+    } > SRAM1
+
+    .bss :
+    {
+        _start_bss = .;
+        *(.bss*)
+        *(COMMON)
+        . = ALIGN(4);
+        _end_bss = .;
+        _end = .;
+    } > SRAM1 
+
+}
+
+PROVIDE(_start_heap = ORIGIN(SRAM2));
+PROVIDE(_end_stack  = ORIGIN(SRAM1_STACK) + LENGTH(SRAM1_STACK));
--- a/IDE/iotsafe/user_settings.h
+++ b/IDE/iotsafe/user_settings.h
@@ -0,0 +1,133 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Example 'user_settings.h' for IoT-Safe demo */
+
+#ifndef IOTSAFE_EXAMPLE_USER_SETTINGS_H
+#define IOTSAFE_EXAMPLE_USER_SETTINGS_H
+
+#include <stdint.h>
+
+/* Platform */
+#define WOLFSSL_IOTSAFE
+#define WOLFSSL_SMALL_STACK
+#define WOLFSSL_GENERAL_ALIGNMENT 4
+#define SINGLE_THREADED
+#define WOLFSSL_USER_IO
+
+/* Debugging */
+#define WOLFSSL_LOG_PRINTF
+#if 0
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_DEBUG_TLS
+    #define DEBUG_IOTSAFE
+#endif
+
+/* Features */
+#define HAVE_PK_CALLBACKS /* Connect IoT-safe with PK_CALLBACKS */
+#define SMALL_SESSION_CACHE
+#define USE_CERT_BUFFERS_256
+
+/* RNG */
+#define HAVE_IOTSAFE_HWRNG
+#define HAVE_HASHDRBG
+#define NO_OLD_RNGNAME
+
+/* Time porting */
+#define TIME_OVERRIDES
+extern volatile unsigned long jiffies;
+static inline long XTIME(long *x) { return jiffies;}
+#define WOLFSSL_USER_CURRTIME
+#define NO_ASN_TIME
+
+/* Math */
+#define TFM_TIMING_RESISTANT
+#define TFM_ARM
+#define WOLFSSL_SP_MATH
+#define WOLFSSL_SP_MATH_ALL
+#define WOLFSSL_SP_SMALL
+#define WOLFSSL_HAVE_SP_DH
+#define WOLFSSL_HAVE_SP_ECC
+#define SP_WORD_SIZE 32
+
+/* ECC */
+#define HAVE_ECC
+#define ECC_ALT_SIZE
+#define ECC_TIMING_RESISTANT
+
+/* RSA */
+#define RSA_LOW_MEM
+#define WC_RSA_BLINDING
+#define WC_RSA_PSS
+
+/* DH - on by default */
+#define WOLFSSL_DH_CONST
+#define HAVE_FFDHE_2048
+
+/* AES */
+#define HAVE_AES_DECRYPT
+#define HAVE_AESGCM
+#define GCM_SMALL
+#define HAVE_AESCCM
+#define WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_DIRECT
+
+/* Hashing */
+#define HAVE_SHA384
+#define HAVE_SHA512
+#define HAVE_HKDF
+
+/* TLS */
+#if 0
+    /* TLS v1.3 only */
+    #define WOLFSSL_TLS13
+    #define WOLFSSL_NO_TLS12
+#else
+    /* TLS v1.2 only */
+#endif
+#define NO_OLD_TLS
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_SUPPORTED_CURVES
+
+/* Disable Features */
+#define NO_WRITEV
+#define NO_FILESYSTEM
+#define NO_MAIN_DRIVER
+//#define NO_ERROR_STRINGS
+
+/* Disable Algorithms */
+#define NO_DES3
+#define NO_DSA
+#define NO_RC4
+#define NO_MD4
+#define NO_MD5
+#define NO_SHA
+#define NO_HC128
+#define NO_RABBIT
+#define NO_PKCS12
+
+/* helpers */
+#define htons(x) __builtin_bswap16(x)
+#define ntohs(x) __builtin_bswap16(x)
+#define ntohl(x) __builtin_bswap32(x)
+#define htonl(x) __builtin_bswap32(x)
+
+#endif /* !IOTSAFE_EXAMPLE_USER_SETTINGS_H */
--- a/IDE/zephyr/README.md
+++ b/IDE/zephyr/README.md
@@ -1,41 +0,0 @@
-Zephyr Project Port
-===================
-
-## Overview
-
-This port is for Zephyr Project available [here](https://www.zephyrproject.org/).
-
-It provides the following zephyr code.
-
- modules/crypto/wolfssl
-    - wolfssl library code
- zephyr/modules/crypto/wolfssl
-    - Configuration and make files for wolfSSL
- zephyr/samples/modules/wolfssl_test
-    - wolfcrypt unit test application
- zephyr/samples/modules/wolfssl_tls_sock
-    - socket based sample of TLS
- zephyr/samples/modules/wolfssl_tls_thread
-    - socket based sample of TLS using threads
-
-## How to setup
-
-### deploy wolfssl source to zephyr project
-Specify the path of the zephyr project and execute  `wolfssl/IDE/zephyr/setup.sh`.
-
-```bash
-./IDE/zephyr/setup.sh　/path/to/zephyrproject
-```
-
-This script will deploy wolfssl's library code, configuration and samples as described in the Overview to the zephyr project.
-
-## build & test
-
-build and execute wolfssl_test
-
-```
-cd [zephyrproject]
-west build -p auto -b qemu_x86 zephyr/samples/modules/wolfssl_test
-west build -t run
-```
-
--- a/IDE/zephyr/include.am
+++ b/IDE/zephyr/include.am
@@ -1,33 +0,0 @@
-# vim:ft=automake
-# included from Top Level Makefile.am
-# All paths should be given relative to the root
-
-EXTRA_DIST+= IDE/zephyr/lib/settings/user_settings-tls-generic.h
-EXTRA_DIST+= IDE/zephyr/lib/zephyr/module.yml
-EXTRA_DIST+= IDE/zephyr/lib/install_lib.sh
-EXTRA_DIST+= IDE/zephyr/lib/README
-EXTRA_DIST+= IDE/zephyr/lib/user_settings.h
-EXTRA_DIST+= IDE/zephyr/module/CMakeLists.txt
-EXTRA_DIST+= IDE/zephyr/module/install_module.sh
-EXTRA_DIST+= IDE/zephyr/module/Kconfig
-EXTRA_DIST+= IDE/zephyr/module/Kconfig.tls-generic
-EXTRA_DIST+= IDE/zephyr/module/zephyr_init.c
-EXTRA_DIST+= IDE/zephyr/wolfssl_test/CMakeLists.txt
-EXTRA_DIST+= IDE/zephyr/wolfssl_test/install_test.sh
-EXTRA_DIST+= IDE/zephyr/wolfssl_test/prj.conf
-EXTRA_DIST+= IDE/zephyr/wolfssl_test/README
-EXTRA_DIST+= IDE/zephyr/wolfssl_test/sample.yaml
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/CMakeLists.txt
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/install_sample.sh
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/prj.conf
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/README
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_sock/sample.yaml
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/src/tls_threaded.c
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/CMakeLists.txt
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/install_sample.sh
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/prj.conf
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/README
-EXTRA_DIST+= IDE/zephyr/wolfssl_tls_thread/sample.yaml
-EXTRA_DIST+= IDE/zephyr/README.md
-EXTRA_DIST+= IDE/zephyr/setup.sh
--- a/Show More
+++ b/Show More