From 16ce8e077abc35d1f373f460af5b16ee45933d09 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 16 Dec 2020 12:06:35 -0700
Subject: [PATCH 1/5] only call wolfSSL_UseKeyShare() in example client with
 TLS 1.3

---
 examples/client/client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index ed26429e8..a4b6261e1 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2898,7 +2898,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
-    if (!helloRetry) {
+    if (!helloRetry && version >= 4) {
     #if defined(WOLFSSL_TLS13) && (!defined(NO_DH) || defined(HAVE_ECC) || \
                              defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))
         if (onlyKeyShare == 0 || onlyKeyShare == 2) {

From f375cff685ed2b14a73fccce280c1332cc69812f Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 16 Dec 2020 12:44:01 -0700
Subject: [PATCH 2/5] enable AES-CTR for libsignal build

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 45842cd3d..fae884703 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3963,7 +3963,7 @@ fi
 
 if test "$ENABLED_SIGNAL" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
     # Requires opensslextra make sure on
     if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
     then

From 502e471cde814dc8132e68a67e72d5af444f7094 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 16 Dec 2020 13:08:32 -0700
Subject: [PATCH 3/5] fix spelling of Nitrox in configure option summary

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index fae884703..905b2f5a4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6286,7 +6286,7 @@ fi
 echo "   * Async Crypto:               $ENABLED_ASYNCCRYPT"
 echo "   * PKCS#11:                    $ENABLED_PKCS11"
 echo "   * PKCS#12:                    $ENABLED_PKCS12"
-echo "   * Cavium Nitox:               $ENABLED_CAVIUM"
+echo "   * Cavium Nitrox:              $ENABLED_CAVIUM"
 echo "   * Cavium Octeon (Sync):       $ENABLED_OCTEON_SYNC"
 echo "   * Intel Quick Assist:         $ENABLED_INTEL_QA"
 echo "   * ARM ASM:                    $ENABLED_ARMASM"

From 6d9cf6b31e45ab0e533122df774b91b5a887b3b8 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 16 Dec 2020 16:38:38 -0700
Subject: [PATCH 4/5] fix for wc_AesFeedbackCFB8() on big endian platforms

---
 wolfcrypt/src/aes.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index f00743468..6cae25544 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -8588,6 +8588,9 @@ static int wc_AesFeedbackCFB8(Aes* aes, byte* out, const byte* in,
         }
 
         /* MSB + XOR */
+    #ifdef BIG_ENDIAN_ORDER
+        ByteReverseWords(aes->tmp, aes->tmp, AES_BLOCK_SIZE);
+    #endif
         out[0] = aes->tmp[0] ^ in[0];
         if (dir == AES_ENCRYPTION) {
             pt = (byte*)aes->reg;

From e8785666c4143e802e92332a184c4bcd5961a81a Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Thu, 17 Dec 2020 09:50:18 -0700
Subject: [PATCH 5/5] fix NXP LTC build with wc_curve25519_generic(), only
 supports single basepoint

---
 wolfcrypt/src/curve25519.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index 2d952c75e..24910df89 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -110,6 +110,12 @@ int wc_curve25519_generic(int public_size, byte* pub,
                           int basepoint_size, const byte* basepoint) {
     int ret;
 
+#ifdef FREESCALE_LTC_ECC
+    /* unsupported with NXP LTC, onlly supports single basepoint with
+     * nxp_ltc_curve25519_GetBasePoint() */
+    return WC_HW_E;
+#endif
+
     if ((public_size != CURVE25519_KEYSIZE) ||
         (private_size != CURVE25519_KEYSIZE) ||
         (basepoint_size != CURVE25519_KEYSIZE)) {
@@ -124,14 +130,6 @@ int wc_curve25519_generic(int public_size, byte* pub,
         return ECC_BAD_ARG_E;
     }
 
-#ifdef FREESCALE_LTC_ECC
-    {
-        ECPoint wc_pub;
-        ret = nxp_ltc_curve25519(&wc_pub, priv, basepoint, basepoint);
-        if (ret == 0)
-            XMEMCPY(pub, wc_pub.point, CURVE25519_KEYSIZE);
-    }
-#else
     fe_init();
 
     #if defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_ARMASM)
@@ -143,7 +141,6 @@ int wc_curve25519_generic(int public_size, byte* pub,
     #if defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_ARMASM)
         RESTORE_VECTOR_REGISTERS();
     #endif
-#endif
 
     return ret;
 }