Add guard around ECC PCT for builds without validate keygen.

1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.

.gitignore

@@ -5,18 +5,21 @@ ctaocrypt/src/src/
 *.o
 *.patch
 *.deps
+*.d
 *.libs
 *.cache
 .dirstamp
 *.user
 configure
 config.*
+!cmake/config.in
 *Debug/
 *Release/
 *.ncb
 *.suo
 *.sdf
 *.opensdf
+*.cmd
 ipch/
 build-aux/
 rpm/spec
@@ -78,6 +81,7 @@ tests/unit
 testsuite/testsuite.test
 tests/unit.test
 tests/bio_write_test.txt
+tests/test-log-dump-to-file.txt
 test-write-dhparams.pem
 testsuite/*.der
 testsuite/*.pem
@@ -226,6 +230,21 @@ IDE/MDK-ARM/LPC43xx/LPC43xx/
 *.gcno
 *.gcda
 *.gcov
+!linuxkm/Makefile
+/Kbuild
+linuxkm/*.ko
+linuxkm/Module.symvers
+linuxkm/built-in.a
+linuxkm/modules.order
+linuxkm/wolfcrypt
+linuxkm/libwolfssl.mod
+linuxkm/libwolfssl.mod.c
+linuxkm/module_exports.c
+linuxkm/linuxkm/get_thread_size
+
+# autotools generated
+scripts/unit.test
+wolfcrypt/test/test_paths.h
 
 # MPLAB Generated Files (OS X)
 mcapi/wolfcrypt_mcapi.X/nbproject/Makefile-*
@@ -335,3 +354,17 @@ IDE/XCODE/Index
 /IDE/Renesas/e2studio/Projects/test/trash
 /IDE/Renesas/e2studio/Projects/test/*.launch
 /IDE/Renesas/e2studio/Projects/test/*.scfg
+
+# QNX CAAM
+/IDE/QNX/example-server/server-tls
+/IDE/QNX/example-client/client-tls
+/IDE/QNX/example-cmac/cmac-test
+/IDE/QNX/CAAM-DRIVER/wolfCrypt
+
+# Emacs
+*~
+
+# CMake
+CMakeFiles/
+CMakeCache.txt
+cmake_install.cmake

ChangeLog.md

@@ -1,3 +1,468 @@
+# wolfSSL Release 4.7.0 (February 16, 2021)
+Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### New Feature Additions
+* Compatibility Layer expansion SSL_get_verify_mode, X509_VERIFY_PARAM API, X509_STORE_CTX API added
+* WOLFSSL_PSK_IDENTITY_ALERT macro added for enabling a subset of TLS alerts
+* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
+* Implement RFC 5705: Keying Material Exporters for TLS
+* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
+* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
+
+### Fixes
+* Fix to free mutex when cert manager is free’d
+* Compatibility layer EVP function to return the correct block size and type
+* DTLS secure renegotiation fixes including resetting timeout and retransmit on duplicate HelloRequest
+* Fix for edge case with shrink buffer and secure renegotiation
+* Compile fix for type used with curve448 and PPC64
+* Fixes for SP math all with PPC64 and other embedded compilers
+* SP math all fix when performing montgomery reduction on one word modulus
+* Fixes to SP math all to better support digit size of 8-bit
+* Fix for results of edge case with SP integer square operation
+* Stop non-ct mod inv from using register x29 with SP ARM64 build
+* Fix edge case when generating z value of ECC with SP code
+* Fixes for PKCS7 with crypto callback (devId) with RSA and RNG
+* Fix for compiling builds with RSA verify and public only
+* Fix for PKCS11 not properly exporting the public key due to a missing key type field
+* Call certificate callback with certificate depth issues
+* Fix for out-of-bounds read in TLSX_CSR_Parse()
+* Fix incorrect AES-GCM tag generation in the EVP layer
+* Fix for out of bounds write with SP math all enabled and an edge case of calling sp_tohex on the result of sp_mont_norm
+* Fix for parameter check in sp_rand_prime to handle 0 length values
+* Fix for edge case of failing malloc resulting in an out of bounds write with SHA256/SHA512 when small stack is enabled
+
+
+### Improvements/Optimizations
+* Added --enable-wolftpm option for easily building wolfSSL to be used with wolfTPM
+* DTLS macro WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT added for resending flight only after a timeout
+* Update linux kernel module to use kvmalloc and kvfree
+* Add user settings option to cmake build
+* Added support for AES GCM session ticket encryption
+* Thread protection for global RNG used by wolfSSL_RAND_bytes function calls
+* Sanity check on FIPs configure flag used against the version of FIPs bundle
+* --enable-aesgcm=table now is compatible with --enable-linuxkm
+* Increase output buffer size that wolfSSL_RAND_bytes can handle
+* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
+
+### Vulnerabilities
+* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
+* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
+* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
+
+# wolfSSL Release 4.6.0 (December 22, 2020)
+Release 4.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+### New Feature Additions
+###### New Build Options
+* wolfSSL now enables linux kernel module support. Big news for Linux kernel module developers with crypto requirements! wolfCrypt and wolfSSL are now loadable as modules in the Linux kernel, providing the entire libwolfssl API natively to other kernel modules. For the first time on Linux, the entire TLS protocol stack can be loaded as a module, allowing fully kernel-resident TLS/DTLS endpoints with in-kernel handshaking.  (--enable-linuxkm, --enable-linuxkm-defaults, --with-linux-source) (https://www.wolfssl.com/loading-wolfssl-into-the-linux-kernel/)
+* Build tests and updated instructions for use with Apple’s A12Z chipset  (https://www.wolfssl.com/preliminary-cryptographic-benchmarks-on-new-apple-a12z-bionic-platform/)
+* Expansion of wolfSSL SP math implementation and addition of --enable-sp-math-all build option
+* Apache httpd w/TLS 1.3 support added
+* Sniffer support for TLS 1.3 and AES CCM
+* Support small memory footprint build with only TLS 1.3 and PSK without code for (EC)DHE and certificates
+
+###### New Hardware Acceleration
+* Added support for NXP DCP (i.MX RT1060/1062) crypto co-processor
+* Add Silicon Labs hardware acceleration using [SL SE Manager](https://docs.silabs.com/gecko-platform/latest/service/api/group-sl-se-manager)
+
+###### New Algorithms
+* RC2 ECB/CBC added for use with PKCS#12 bundles
+* XChaCha and the XChaCha20-Poly1305 AEAD algorithm support added
+
+###### Misc
+* Added support for 802.11Q VLAN frames to sniffer
+* Added OCSP function wolfSSL_get_ocsp_producedDate
+* Added API to set CPU ID flags cpuid_select_flags, cpuid_set_flag, cpuid_clear_flag
+* New DTLS/TLS non-blocking Secure Renegotiation example added to server.c and client.c
+
+### Fixes
+###### Math Library
+* Fix mp_to_unsigned_bin_len out of bounds read with buffers longer than maximum MP
+* Fix for fp_read_radix_16 out of bounds read
+* Fix to add wrapper for new timing resistant wc_ecc_mulmod_ex2 function version in HW ECC acceleration
+* Handle an edge case with RSA-PSS encoding message to hash
+
+###### Compatibility Layer Fixes
+* Fix for setting serial number wolfSSL_X509_set_serialNumber
+* Fix for setting ASN1 time not before / not after with WOLFSSL_X509
+* Fix for order of components in issuer name when using X509_sign
+* Fix for compatibility layer API DH_compute_key
+* EVP fix incorrect block size for GCM and buffer up AAD for encryption/decryption
+* EVP fix for AES-XTS key length return value and fix for string compare calls
+* Fix for mutex freeing during RNG failure case with EVP_KEY creation
+* Non blocking use with compatibility layer BIOs in TLS connections
+
+###### Build Configuration
+* Fix for custom build with WOLFSSL_USER_MALLOC defined
+* ED448 compiler warning on Intel 32bit systems
+* CURVE448_SMALL build fix for 32bit systems with Curve448
+* Fix to build SP math with IAR
+* CMake fix to only set ranlib arguments for Mac, and for stray typo of , -> ;
+* Build with --enable-wpas=small fix
+* Fix for building fips ready using openssl extra
+* Fixes for building with Microchip (min/max and undef SHA_BLOCK_SIZE)
+* FIx for NO_FILESYSTEM build on Windows
+* Fixed SHA256 support for IMX-RT1060
+* Fix for ECC key gen with NO_TFM_64BIT
+
+###### Sniffer
+* Fixes for sniffer when using static ECC keys. Adds back TLS v1.2 static ECC key fallback detection and fixes new ECC RNG requirement for timing resistance
+* Fix for sniffer with SNI enabled to properly handle WOLFSSL_SUCCESS error code in ProcessClientHello
+* Fix for sniffer using HAVE_MAX_FRAGMENT in "certificate" type message
+* Fix build error with unused "ret" when building with WOLFSSL_SNIFFER_WATCH.
+* Fix to not treat cert/key not found as error in myWatchCb and WOLFSSL_SNIFFER_WATCH.
+* Sniffer fixes for handling TCP `out-of-range sequence number`
+* Fixes SSLv3 use of ECDH in sniffer
+
+###### PKCS
+* PKCS#11 fix to generate ECC key for decrypt/sign or derive
+* Fix for resetting internal variables when parsing a malformed PKCS#7 bundle with PKCS7_VerifySignedData()
+* Verify the extracted public key in wc_PKCS7_InitWithCert
+* Fix for internal buffer size when using decompression with PKCS#7
+
+###### Misc
+* Pin the C# verify callback function to keep from garbage collection
+* DH fixes for when public key is owned and free’d after a handshake
+* Fix for TLS 1.3 early data packets
+* Fix for STM32 issue with some Cube HAL versions and STM32 example timeout
+* Fix mmCAU and LTC hardware mutex locking to prevent double lock
+* Fix potential race condition with CRL monitor
+* Fix for possible malformed encrypted key with 3DES causing negative length
+* AES-CTR performance fixed with AES-NI
+
+### Improvements/Optimizations
+##### SP and Math
+* mp_radix_size adjustment for leading 0
+* Resolve implicit cast warnings with SP build
+* Change mp_sqr to return an error if the result won't fit into the fixed length dp
+* ARM64 assembly with clang improvements, clang doesn't always handle use of x29 (FP or Frame Pointer) in inline assembly code correctly - reworked sp_2048_sqr_8 to not use x29
+* SP mod exp changed to support exponents of different lengths
+* TFM div: fix initial value of size in q so clamping doesn't OOB read
+* Numerous stack depth improvements with --enable-smallstack
+* Improve cache resistance with Base64 operations
+
+###### TLS 1.3
+* TLS 1.3 wolfSSL_peek want read return addition
+* TLS 1.3: Fix P-521 algorithm matching
+
+###### PKCS
+* Improvements and refactoring to PKCS#11 key look up
+* PKCS #11 changes for signing and loading RSA public key from private
+* check PKCS#7 SignedData private key is valid before using it
+* check PKCS#7 VerifySignedData content length against total bundle size to avoid large malloc
+
+###### Compatibility Layer
+* EVP add block size for more ciphers in wolfSSL_EVP_CIPHER_block_size()
+* Return long names instead of short names in wolfSSL_OBJ_obj2txt()
+* Add additional OpenSSL compatibility functions to update the version of Apache httpd supported
+* add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
+
+###### Builds
+* Cortex-M SP ASM support for IAR 6.70
+* STM Cube pack support (IDE/STM32Cube)
+* Build option --enable-aesgcm=4bit added for AES-GCM GMULT using 4 bit table
+* Xilinx IDE updates to allow XTIME override for Xilinx, spelling fixes in Xilinx README.md, and add Xilinx SDK printf support
+* Added ED448 to the "all" options and ED448 check key null argument sanity check
+* Added ARC4, 3DES, nullcipher, BLAKE2, BLAKE2s, XChaCha, MD2, and MD4 to the “all” options
+* Added an --enable-all-crypto option, to enable only the wolfCrypt features of --enable-all, combinable with --enable-cryptonly
+* Added the ability to selectively remove features from --enable-all and --enable-all-crypto using specific --disable-<feature> options
+* Use Intel intrinsics with Windows for RDSEED and RDRAND (thanks to dr-m from MariaDB)
+* Add option to build with WOLFSSL_NO_CLIENT_AUTH
+* Updated build requirements for wolfSSH use to be less restrictive
+* lighttpd support update for v1.4.56
+* Added batch file to copy files to ESP-IDF folders and resolved warnings when using v4.0 ESP-IDF
+* Added --enable-stacksize=verbose, showing at a glance the stack high water mark for each subtest in testwolfcrypt
+
+###### ECC
+* Performance increase for ECC verify only, using non constant time SP modinv
+* During ECC verify add validation of r and s before any use
+* Always use safe add and dbl with ECC
+* Timing resistant scalar multiplication updated with use of Joye double-add ladder
+* Update mp_jacobi function to reduce stack and increase performance for base ECC build
+* Reduce heap memory use with wc_EccPrivateKeyDecode, Improvement to ECC wc_ecc_sig_to_rs and wc_ecc_rs_raw_to_sig to reduce memory use (avoid the mp_int)
+* Improve StoreECC_DSA_Sig bounds checking
+
+###### OCSP
+* OCSP improvement to handle extensions in singleResponse
+* support for OCSP request/response for multiple certificates
+* OCSP Must Staple option added to require OCSP stapling response
+* Add support for id-pkix-ocsp-nocheck extension
+
+###### Misc
+* Additional code coverage added for ECC and RSA, PKCS#7, 3DES, EVP and Blake2b operations
+* DTLS MTU: check MTU on write
+* Refactor hash sig selection and add the macros WOLFSSL_STRONGEST_HASH_SIG (picks the strongest hash) and WOLFSSL_ECDSA_MATCH_HASH (will pick the hash to match the ECC curve)
+* Strict certificate version allowed from client, TLS 1.2 / 1.3 can not accept client certificates lower than version 3
+* wolfSSL_get_ciphers_compat(), skip the fake indicator ciphers like the renegotiation indication and the quantum-safe hybrid
+* When parsing session ticket, check TLS version to see whether they are version compatible
+* Additional sanity check for invalid ASN1 padding on integer type
+* Adding in ChaCha20 streaming feature with Mac and Intel assembly build
+* Sniffer build with --enable-oldtls option on
+
+# wolfSSL Release 4.5.0 (August 19, 2020)
+
+If you have questions about this release, feel free to contact us on our
+info@ address.
+
+Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+## New Feature Additions
+
+* Added Xilinx Vitis 2019.2 example and README updates
+* TLS v1.3 is now enabled by default
+* Building FIPS 140-2 code and test on Solaris
+* Secure renegotiation with DTLS 1.2
+* Update RSA calls for hardware acceleration with Xilsecure
+* Additional OpenSSL compatibility layer functions added
+* Cypress PSoC6 wolfCrypt driver added
+* Added STM32CubeIDE support
+* Added certificate parsing and inspection to C# wrapper layer
+* TLS v1.3 sniffer support added
+* TSIP v1.09 for target board GR-ROSE support added
+* Added support for the "X72N Envision Kit" evaluation board
+* Support for ECC nonblocking using the configure options
+  "--enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS=-DWOLFSSL_PUBLIC_MP"
+* Added wc_curve25519_make_pub function to generate a public key given the
+  private one
+
+## Fixes
+
+* PIC32MZ hardware cache and large hashes fix
+* AES-GCM use with EVP layer in compatibility layer code
+* Fix for RSA_LOW_MEM with ARM build of SP code
+* Sanity check on tag length with AES-CCM to conform with RFC 3610
+* Fixes for 32 and 64 bit software implementations of SP code when
+  WOLFSSL_SP_CACHE_RESISTANT is defined
+* GCC warning fixes for GCC 9 and later
+* Sanity check on HKDF expand length to conform with RFC 5869
+* Fixes for STM32 CubeMX HAL with AES-GCM
+* Fixed point cache look up table (LUT) implementation fixes
+* Fix for ARM 32bit SP code when calling div word
+* Fix for potential out of bounds read when parsing CRLs
+* Fix for potential out of bounds read with RSA unpadding
+* AES-CCM optimized counter fix
+* Updates to Xcode projects for new files and features
+* Fix for adding CRL’s to a WOLFSSL_X509_STORE structure
+* FIPSv2 build with opensslall build fixes
+* Fixes for CryptoCell use with ECC and signature wrappers
+* Fix for mod calculation with SP code dealing with 3072 bit keys
+* Fix for handling certificates with multiple OU’s in name
+* Fix for SP math implementation of sp_add_d and add a sanity check on
+  rshb range
+* Fix for sanity check on padding with DES3 conversion of PEM to DER
+* Sanity check for potential out of bounds read with fp_read_radix_16
+* Additional checking of ECC scalars.
+* Fixing the FIPS Ready build w.r.t. ecc.c.
+* When processing certificate names with OpenSSL compatibility layer
+  enabled, unknown name item types were getting handled as having NID 0,
+  and failing. Added a couple more items to what is handled correctly,
+  and ignoring anything that is an unknown type.
+
+## Improvements/Optimizations
+
+* TLS 1.3 certificate verify update to handle 8192 bit RSA keys
+* wpa_supplicant support with reduced code size option
+* TLS 1.3 alerts encrypted when possible
+* Many minor coverity fixes added
+* Error checking when parsing PKCS12 DER
+* IAR warning in test.c resolved
+* ATECC608A improvements for use with Harmony 3 and PIC32 MZ
+* Support for AES-GCM and wc_SignatureVerifyHash with static memory and no
+  malloc’s
+* Enable SNI by default with JNI/JSSE builds
+* NetBSD GCC compiler warnings resolved
+* Additional test cases and code coverage added including curve25519 and
+  curve448 tests
+* Option for user defined mutexes with WOLFSSL_USER_MUTEX
+* Sniffer API’s for loading buffer directly
+* Fixes and improvements from going through the DO-178 process were added
+* Doxygen updates and fixes for auto documentation generation
+* Changed the configure option for FIPS Ready builds to be
+  `--enable-fips=ready`.
+
+## This release of wolfSSL includes fixes for 6 security vulnerabilities.
+
+wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
+2 side channel attack mitigations, 1 fix for a potential private key leak
+in a specific use case, 1 fix for DTLS.
+
+* In earlier versions of wolfSSL there exists a potential man in the middle
+  attack on TLS 1.3 clients. Malicious attackers with a privileged network
+  position can impersonate TLS 1.3 servers and bypass authentication. Users
+  that have applications with client side code and have TLS 1.3 turned on,
+  should update to the latest version of wolfSSL. Users that do not have
+  TLS 1.3 turned on, or that are server side only, are NOT affected by this
+  report. Thanks to Gerald Doussot from NCC group for the report.
+* Denial of service attack on TLS 1.3 servers from repetitively sending
+  ChangeCipherSpecs messages. This denial of service results from the
+  relatively low effort of sending a ChangeCipherSpecs message versus the
+  effort of the server to process that message. Users with TLS 1.3 servers are
+  recommended to update to the most recent version of wolfSSL which limits the
+  number of TLS 1.3 ChangeCipherSpecs that can be received in order to avoid
+  this DoS attack. CVE-2020-12457 was reserved for the report. Thanks to
+  Lenny Wang of Tencent Security Xuanwu LAB.
+* Potential cache timing attacks on public key operations in builds that are
+  not using SP (single precision). Users that have a system where malicious
+  agents could execute code on the system, are not using the SP build with
+  wolfSSL, and are doing private key operations on the system (such as signing
+  with a private key) are recommended to regenerate private keys and update to
+  the most recent version of wolfSSL. CVE-2020-15309 is reserved for this
+  issue. Thanks to Ida Bruhns from Universität zu Lübeck and Samira Briongos
+  from NEC Laboratories Europe for the report.
+* When using SGX with EC scalar multiplication the possibility of side-channel
+  attacks are present. To mitigate the risk of side channel attacks wolfSSL’s
+  single precision EC operations should be used instead. Release 4.5.0 turns
+  this on be default now with SGX builds and in previous versions of wolfSSL
+  this can be turned on by using the WOLFSSL_SP macros. Thank you to
+  Alejandro Cabrera Aldaya, Cesar Pereida García and Billy Bob Brumley from
+  the Network and Information Security Group (NISEC) at Tampere University for
+  the report.
+* Leak of private key in the case that PEM format private keys are bundled in
+  with PEM certificates into a single file. This is due to the
+  misclassification of certificate type versus private key type when parsing
+  through the PEM file. To be affected, wolfSSL would need to have been built
+  with OPENSSL_EXTRA (--enable-opensslextra). Some build variants such as
+  --enable-all and --enable-opensslall also turn on this code path, checking
+  wolfssl/options.h for OPENSSL_EXTRA will show if the macro was used with the
+  build. If having built with the opensslextra enable option and having placed
+  PEM certificates with PEM private keys in the same file when loading up the
+  certificate file, then we recommend updating wolfSSL for this use case and
+  also recommend regenerating any private keys in the file.
+* During the handshake, clear application_data messages in epoch 0 are
+  processed and returned to the application. Fixed by dropping received
+  application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
+  University and Robert Merget of Ruhr-University Bochum for the report.
+
+For additional vulnerability information visit the vulnerability page at
+https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
+
+
+# wolfSSL Release 4.4.0 (04/22/2020)
+
+If you have questions about this release, then feel free to contact us on our
+info@ address.
+
+Release 4.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+## New Feature Additions
+
+* Hexagon support.
+* DSP builds to offload ECC verify operations.
+* Certificate Manager callback support.
+* New APIs for running updates to ChaCha20/Poly1305 AEAD.
+* Support for use with Apache.
+* Add support for IBM s390x.
+* PKCS8 support for ED25519.
+* OpenVPN support.
+* Add P384 curve support to SP.
+* Add BIO and EVP API.
+* Add AES-OFB mode.
+* Add AES-CFB mode.
+* Add Curve448, X448, and Ed448.
+* Add Renesas Synergy S7G2 build and hardware acceleration.
+
+## Fixes
+
+* Fix for RSA public encrypt / private sign with RSA key sizes over 2048-bit.
+* Correct misspellings.
+* Secure renegotiation fix.
+* Fix memory leak when using ATECC and non-SECP256R1 curves for sign, verify,
+  or shared secret.
+* Fix for K64 MMCAU with `WOLFSSL_SMALL_STACK_CACHE`.
+* Fix the RSA verify only build.
+* Fix in SP C implementation for small stack.
+* Fix using the auth key id extension is set, hash might not be present.
+* Fix when flattening certificate structure to include the subject alt names.
+* Fixes for building with ECC sign/verify only.
+* Fix for ECC and no cache resistance.
+* Fix memory leak in DSA.
+* Fix build on minGW.
+* Fix `PemToDer()` call in `ProcessBuffer()` to set more than ECC.
+* Fix for using RSA without SHA-512.
+* Add some close tags to the echoserver HTTP example output.
+* Miscellaneous fixes and updates for static analysis reports.
+* Fixes for time structure support.
+* Fixes for VxWorks support.
+* Fixes for Async crypto support.
+* Fix cache resist compile to work with SP C code.
+* Fixes for Curve25519 x64 asm.
+* Fix for SP x64 div.
+* Fix for DTLS edge case where CCS and Finished come out of order and the
+  retransmit pool gets flushed.
+* Fix for infinite loop in SHA-1 with small inputs. Thanks to Peter W.
+* Fix for FIPS Hmac where `wc_HmacInit()` isn't used. `wc_HmacSetKey()` needs
+  to initialize the Hmac structure. Type is set to NONE, and checked against
+  NONE, not 0.
+* Fixes for SP RSA private operations.
+* Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
+* Fix leak when building with HAVE_AESGCM and NO_AES_DECRYPT. Thanks G.G.
+* Fixes for building ECC without ASN.
+* Fix for async TLSv1.3 issues.
+* Fix `wc_KeyPemToDer()` with PKCS1 and empty key.
+* Omit `-fomit-frame-pointer` from CFLAGS in configure.ac.
+
+## Improvements/Optimizations
+
+* Qt 5.12 and 5.13 support.
+* Added more digest types to Cryptocell RSA sign/verify.
+* Some memory usage improvements.
+* Speed improvements for mp_rand.
+* Improvements to CRL and OCSP support.
+* Refactor Poly1305 AEAD/MAC to reduce duplicate code.
+* Add blinding to RSA key gen.
+* Improvements to blinding.
+* Improvement and expansion of OpenSSL Compatibility Layer.
+* Improvements to ChaCha20.
+* Improvements to X.509 processing.
+* Improvements to ECC support.
+* Improvement in detecting 64-bit support.
+* Refactor to combine duplicate ECC parameter parsing code.
+* Improve keyFormat to be set by algId and let later key parsing produce fail.
+* Add test cases for 3072-bit and 4096-bit RSA keys.
+* Improve signature wrapper and DH test cases.
+* Improvements to the configure.ac script.
+* Added constant time RSA q modinv p.
+* Improve performance of SP Intel 64-bit asm.
+* Added a few more functions to the ABI list.
+* Improve TLS bidirectional shutdown behavior.
+* OpenSSH 8.1 support.
+* Improve performance of RSA/DH operations on x64.
+* Add support for PKCS7/CMS Enveloped data with fragmented encrypted content.
+* Example linker description for FIPS builds to enforce object ordering.
+* C# wrapper improvements. Added TLS client example and TLSv1.3 methods.
+* Allow setting MTU in DTLS.
+* Improve PKCS12 create for outputting encrypted bundles.
+* Constant time EC map to affine for private operations.
+* Improve performance of RSA public key ops with TFM.
+* Smaller table version of AES encrypt/decrypt.
+* Support IAR with position independent code (ROPI).
+* Improve speed of AArch64 assembly.
+* Support AES-CTR on esp32.
+* Add a no malloc option for small SP math.
+
+## This release of wolfSSL includes fixes for 2 security vulnerabilities.
+
+* For fast math, use a constant time modular inverse when mapping to affine
+  when operation involves a private key - keygen, calc shared secret, sign.
+  Thank you to Alejandro Cabrera Aldaya, Cesar Pereida García and
+  Billy Bob Brumley from the Network and Information Security Group (NISEC)
+  at Tampere University for the report.
+
+* Change constant time and cache resistant ECC mulmod. Ensure points being
+  operated on change to make constant time. Thank you to Pietro Borrello at
+  Sapienza University of Rome.
+
+For additional vulnerability information visit the vulnerability page at
+https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
+
+
+
 # wolfSSL Release 4.3.0 (12/20/2019)
 
 If you have questions about this release, then feel free to contact us on our info@ address.
@@ -72,13 +537,13 @@ Release 4.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Update to allow compiling for pwdbased/PBKDF2 with having NO_ASN defined
 * Modify KeyShare and PreSharedKey TLS 1.3 extension linked list advancement to be easier for compilers to handle
 * Optimization to parsing certificate extension name strings
-* Adjustment to example server -x runtime behavior when encountering an unrecoverable error case 
+* Adjustment to example server -x runtime behavior when encountering an unrecoverable error case
 * Remove Blake2b support from HMAC
 * Adds new hash wrapper init wc_HashInit_ex and Adds new PBKDF2 API wc_PBKDF2_ex for using heap hints for custom memory pools
 * Adding script to cleanup generated test files,  scripts/cleanup_testfiles.sh
 * Support 20-byte serial numbers and disallow 0
 * sp_div improved to handle when a has less digits than d (--enable-sp-math build)
-* When decoding a policy OID and turning it into a human readable string use snprintf() 
+* When decoding a policy OID and turning it into a human readable string use snprintf()
 * set the IV length of EVP AES GCM to 96-bits by default
 * Allow adding CAs for root CA's over the wire that do not have the extended key usage cert_sign set
 * Added logging messages for SendAlert call and update to send alert after verify certificate callback
@@ -142,13 +607,13 @@ Release 4.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Addition to configure.ac for FIPS wolfRand builds
 * Adding the flag WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY for ignoring certificate date checks with the functions wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex
 * Support for PKCS8 keys added to the function wolfSSL_CTX_use_PrivateKey_buffer
-* Support for KECCAK hashing. Build with macro WOLFSSL_HASH_FLAGS and call wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256) before the first SHA3 update 
+* Support for KECCAK hashing. Build with macro WOLFSSL_HASH_FLAGS and call wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256) before the first SHA3 update
 * Addition of setting secure renegotiation at CTX level
 * Addition of KDS (NXP Kinetis Design Studio) example project to directory IDE/KDS/
 * Support for Encrypt-Then-MAC to TLS 1.2 and below
-* Added a new build option for a TITAN session cache that can hold just over 2 million session entries (--enable-titancache)  
+* Added a new build option for a TITAN session cache that can hold just over 2 million session entries (--enable-titancache)
 * Synchronous Quick Assist Support for Sniffer
-* Added Support for SiFive HiFive Unleashed board 
+* Added Support for SiFive HiFive Unleashed board
 * Support for Google WebRTC added in to compatibility layer build
 * Additional Sniffer features; IPv6 sniffer support, Fragment chain input, Data store callback, Various statistics tweaks and other Sniffer fixes
 
@@ -183,7 +648,7 @@ Release 4.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
 * Optimization to SP math, changing variables to const where possible. Thanks to Yair Poleg (yair.poleg@ayyeka.com) of Ayyeka for proposing static declaration of global constant variables in SP code
 * Additional fuzz testing and fixes for TLS 1.3 use, including additional TLS 1.3 alert messages (PR#2440 for more information)
 * Additional sanity check that ciphersuite from client hello is used in server hello response (check can be removed with the macro WOLFSSL_NO_STRICT_CIPHER_SUITE)
-* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78% 
+* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78%
 * By default, disallow SHA-2 cipher suites from being used in TLS 1.0 and 1.1 handshakes (can be ignored with macro WOLFSSL_OLDTLS_SHA2_CIPHERSUITES)
 * Optimization of export session buffer size with enable option --enable-sessionexport=nopeer
 * Spelling fixes in comments and some cast warnings resolved
@@ -723,7 +1188,7 @@ This release includes many performance improvements with Intel ASM (AVX/AVX2) an
 * Fixes to allow custom serial number during certificate generation
 * Add method to get WOLFSSL_CTX certificate manager
 * Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object
-* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. 
+* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's.
 * Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA).
 * Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence.
 * Fixes for HAVE_INTEL_MULX
@@ -843,7 +1308,7 @@ More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
 - Added support for HAproxy load balancer
 - Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
 - Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
-- Fix to not send session ID on server side if session cache is off unless we're echoing 
+- Fix to not send session ID on server side if session cache is off unless we're echoing
 session ID as part of session tickets
 - Fixes for ensuring all default ciphers are setup correctly (see PR #830)
 - Added NXP Hexiwear example in `IDE/HEXIWEAR`.
@@ -851,7 +1316,7 @@ session ID as part of session tickets
 - Fixes for TLS elliptic curve selection on private key import.
 - Fixes for RNG with Intel rdrand and rdseed speedups.
 - Improved performance with Intel rdrand to use full 64-bit output
-- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source 
+- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
 - Removed RNG ARC4 support
 - Added ECC helpers to get size and id from curve name.
 - Added ECC Cofactor DH (ECC-CDH) support
@@ -1020,7 +1485,7 @@ More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
 - Add helper functions for static memory option to allow getting optimum buffer
   sizes.
 - Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now.
-- Update fp_isprime function from libtom enchancement/cleanup repository.
+- Update fp_isprime function from libtom enhancement/cleanup repository.
 - Update sanity checks on inputs and return values for AES-CMAC.
 - Update wolfSSL for use with MYSQL v5.6.30.
 - Update LPCXpresso eclipse project to not include misc.c when not needed.
@@ -1347,7 +1812,7 @@ More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
   the Prosecco team at INRIA Paris-Rocquencourt for the report.
 - FIPS version submitted
 - Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED
-- User can set mimimum downgrade version with CyaSSL_SetMinVersion()
+- User can set minimum downgrade version with CyaSSL_SetMinVersion()
 - Small stack improvements at TLS/SSL layer
 - TLS Master Secret generation and Key Expansion are now exposed
 - Adds client side Secure Renegotiation, * not recommended *
@@ -1474,7 +1939,7 @@ and comments about the new features please check the manual.
   handling and reduce memory fragmentation on I/O large sizes
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1485,7 +1950,7 @@ and comments about the new features please check the manual.
 - Freescale Kinetis mmCAU support
 - TLS Hello extensions
   - ECC
-  - Secure Renegotiation (null) 
+  - Secure Renegotiation (null)
   - Truncated HMAC
 - SCEP support
   - PKCS #7 Enveloped data and signed data
@@ -1532,7 +1997,7 @@ http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf
 
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1558,7 +2023,7 @@ and comments about the new features please check the manual.
 
 When compiling with Mingw, libtool may give the following warning due to
 path conversion errors:
- 
+
 ```
 libtool: link: Could not determine host file name corresponding to **
 libtool: link: Continuing, but uninstalled executables may not work.
@@ -1568,7 +2033,7 @@ If so, examples and testsuite will have problems when run, showing an
 error while loading shared libraries. To resolve, please run "make install".
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1590,7 +2055,7 @@ and comments about the new features please check the manual.
       13 bytes DTLS headers, but every effort is now made to align with the
       CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement
 - NO_64BIT flag to turn off 64bit data type accumulators in public key code
-    * Note, some systems are faster with 32bit accumulators 
+    * Note, some systems are faster with 32bit accumulators
 - --enable-stacksize for example client/server stack use
     * Note, modern desktop Operating Systems may add bytes to each stack frame
 - Updated compression/decompression with direct crypto access
@@ -1611,19 +2076,19 @@ and comments about the new features please check the manual.
     * dh
     * dsa
     * md5
-    * sha 
+    * sha
     * arc4
     * null    (allow NULL ciphers)
     * oldtls  (only use TLS 1.2)
     * asn     (no certs or public keys allowed)
-- ./configure generates cyassl/options.h which allows a header the user can 
+- ./configure generates cyassl/options.h which allows a header the user can
   include in their app to make sure the same options are set at the app and
   CyaSSL level.
 - autoconf no longer needs serial-tests which lowers version requirements of
   automake to 1.11 and autoconf to 2.63
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1641,7 +2106,7 @@ and comments about the new features please check the manual.
 - Camellia crypto and cipher suites
 - Bumped minimum autoconf version to 2.65, automake version to 1.12
 - Addition of OCSP callbacks
-- STM32F2 support with hardware crypto and RNG 
+- STM32F2 support with hardware crypto and RNG
 - Cavium NITROX support
 
 CTaoCrypt now has support for the Microchip PIC32 and has been tested with
@@ -1654,7 +2119,7 @@ To add Cavium NITROX support do:
 ./configure --with-cavium=/home/user/cavium/software
 
 pointing to your licensed cavium/software directory.  Since Cavium doesn't
-build a library we pull in the cavium_common.o file which gives a libtool 
+build a library we pull in the cavium_common.o file which gives a libtool
 warning about the portability of this.  Also, if you're using the github source
 tree you'll need to remove the -Wredundant-decls warning from the generated
 Makefile because the cavium headers don't conform to this warning.  Currently
@@ -1667,11 +2132,11 @@ test and benchmark.  Please see the HAVE_CAVIUM define.
 CyaSSL is able to use the STM32F2 hardware-based cryptography and random number
 generator through the STM32F2 Standard Peripheral Library. For necessary
 defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the
-STM32F2 Standard Peripheral Library can be found in the following document: 
+STM32F2 Standard Peripheral Library can be found in the following document:
 http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1699,7 +2164,7 @@ K70 Sub-Family Reference Manual:
 http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1711,7 +2176,7 @@ and comments about the new features please check the manual.
 - Updated build process
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1730,7 +2195,7 @@ and comments about the new features please check the manual.
 - DTLS Cookie support, reliability coming soon
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1743,13 +2208,13 @@ and comments about the new features please check the manual.
 - Add static ECDH suites
 - SHA-384 support
 - ECC client certificate support
-- Add medium session cache size (1055 sessions) 
+- Add medium session cache size (1055 sessions)
 - Updated unit tests
 - Protection against mutex reinitialization
 
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1766,7 +2231,7 @@ and comments about the new features please check the manual.
 
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1785,7 +2250,7 @@ and comments about the new features please check the manual.
 - Export Base64_Encode for general use
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1802,7 +2267,7 @@ and comments about the new features please check the manual.
 - Microchip pic32 support
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 
@@ -1826,7 +2291,7 @@ changes are required.
 Special Thanks to Brian Aker for his autoconf, install, and header patches.
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 # CyaSSL Release 2.0.0rc2 (6/6/2011)
@@ -1845,21 +2310,21 @@ This is the 2nd and perhaps final release candidate for version 2.
 Please send any comments or questions to support@yassl.com.
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 # CyaSSL Release 2.0.0rc1 (5/2/2011)
 
 #### Release 2.0.0rc1 for CyaSSL has many new features including:
 - bug fixes
-- SHA-256 cipher suites 
-- Root Certificate Verification (instead of needing all certs in the chain) 
-- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) 
-- Serial number retrieval for x509 
-- PBKDF2 and PKCS #12 PBKDF 
-- UID parsing for x509 
-- SHA-256 certificate signatures 
-- Client and server can send chains (SSL_CTX_use_certificate_chain_file) 
+- SHA-256 cipher suites
+- Root Certificate Verification (instead of needing all certs in the chain)
+- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12)
+- Serial number retrieval for x509
+- PBKDF2 and PKCS #12 PBKDF
+- UID parsing for x509
+- SHA-256 certificate signatures
+- Client and server can send chains (SSL_CTX_use_certificate_chain_file)
 - CA loading can now parse multiple certificates per file
 - Dynamic memory runtime hooks
 - Runtime hooks for logging
@@ -1878,7 +2343,7 @@ options that CyaSSL allows, there may be some configuration fixes needed.
 Please send any comments or questions to support@yassl.com.
 
 The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions
 and comments about the new features please check the manual.
 
 # CyaSSL Release 1.9.0 (3/2/2011)
@@ -1906,13 +2371,13 @@ build instructions and comments about the new features please check the manual.
 Please send any comments or questions to support@yassl.com.
 
 Happy Holidays.
- 
+
 
 # CyaSSL Release 1.6.5 (9/9/2010)
 
 Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate
 generation.
- 
+
 For general build instructions see doc/Building_CyaSSL.pdf.
 
 To enable certificate generation support add this option to ./configure
@@ -1925,7 +2390,7 @@ in doc/CyaSSL_Extensions_Reference.pdf item 11.
 
 Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key
 generation.
- 
+
 For general build instructions see doc/Building_CyaSSL.pdf.
 
 To add RIPEMD-160 support add this option to ./configure
@@ -1948,7 +2413,7 @@ CyaSSL.
 
 Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider,
 and a fix for GCC builds on some systems.
- 
+
 For general build instructions see doc/Building_CyaSSL.pdf.
 
 To add AES-NI support add this option to ./configure
@@ -1958,9 +2423,9 @@ You'll need GCC 4.4.3 or later to make use of the assembly.
 
 # CyaSSL Release 1.5.4 (7/7/2010)
 
-Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed 
+Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed
 improvements from loop unrolling, and support for the Mongoose Web Server.
- 
+
 For general build instructions see doc/Building_CyaSSL.pdf.
 
 To add AES-NI support add this option to ./configure
@@ -1992,7 +2457,7 @@ please send questions or comments to support@yassl.com.
 When doing load testing with CyaSSL, on the echoserver example say, the client
 machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT
 queue, and can't be reused by default.  There are generally two ways to fix
-this. 
+this.
 
 1. Reduce the length sockets remain on the TIME_WAIT queue OR
 2. Allow items on the TIME_WAIT queue to be reused.
@@ -2014,7 +2479,7 @@ works but seems to remove sockets from  TIME_WAIT entirely?
 
 `sudo sysctl -w net.ipv4.tcp_fin_timeout=1`
 
-doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
+doesn't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
 
 
 # CyaSSL Release 1.4.0 (2/18/2010)
@@ -2050,7 +2515,7 @@ SSL_METHOD *TLSv1_2_server_method(void);
 SSL_METHOD *TLSv1_2_client_method(void);
 ```
 
-CyaSSL was tested against lighttpd 1.4.23.  To build CyaSSL for use with 
+CyaSSL was tested against lighttpd 1.4.23.  To build CyaSSL for use with
 lighttpd use the following commands from the CyaSSL install dir <CyaSSLDir>:
 
 ```
@@ -2235,7 +2700,7 @@ This gives warnings for some symbols but seems to work.
     ./configure
     make
 
-    from the ./testsuite/ directory run ./testsuite 
+    from the ./testsuite/ directory run ./testsuite
 
 #### To make a debug build:
 
@@ -2254,7 +2719,7 @@ Run the testsuite program
 
 
 
-# CyaSSL version 0.9.9 (7/25/2008) 
+# CyaSSL version 0.9.9 (7/25/2008)
 
 This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory
 handling, and optionally TomsFastMath.  Thanks to Moisés Guimarães for the
@@ -2274,7 +2739,7 @@ yet use -m64 because of GCCs inability to do 128bit division.
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.9.8 (5/7/2008) 
+# CyaSSL version 0.9.8 (5/7/2008)
 
 This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better
 socket handling.
@@ -2282,7 +2747,7 @@ socket handling.
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.9.6 (1/31/2008) 
+# CyaSSL version 0.9.6 (1/31/2008)
 
 This release of CyaSSL adds bug fixes, increased session management, and a fix
 for gnutls.
@@ -2290,15 +2755,15 @@ for gnutls.
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.9.0 (10/15/2007) 
+# CyaSSL version 0.9.0 (10/15/2007)
 
-This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, 
+This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support,
 IPV6 support and test, and new test certificates.
 
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.8.0 (1/10/2007) 
+# CyaSSL version 0.8.0 (1/10/2007)
 
 This release of CyaSSL adds increased socket support, for non-blocking writes,
 connects, and interrupted system calls.
@@ -2306,7 +2771,7 @@ connects, and interrupted system calls.
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.6.3 (10/30/2006) 
+# CyaSSL version 0.6.3 (10/30/2006)
 
 This release of CyaSSL adds debug logging to stderr to aid in the debugging of
 CyaSSL on systems that may not provide the best support.
@@ -2324,19 +2789,19 @@ To turn logging back off call CyaSSL_Debugging_OFF()
 See notes below (0.2.0) for complete build instructions.
 
 
-# CyaSSL version 0.6.2 (10/29/2006) 
+# CyaSSL version 0.6.2 (10/29/2006)
 
 This release of CyaSSL adds TLS 1.1.
 
 Note that CyaSSL has certificate verification on by default, unlike OpenSSL.
 To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with
-SSL_VERIFY_NONE.  In order to have full security you should never do this, 
+SSL_VERIFY_NONE.  In order to have full security you should never do this,
 provide CyaSSL with the proper certificates to eliminate impostors and call
 CyaSSL_check_domain_name() to prevent man in the middle attacks.
 
 See notes below (0.2.0) for build instructions.
 
-# CyaSSL version 0.6.0 (10/25/2006) 
+# CyaSSL version 0.6.0 (10/25/2006)
 
 This release of CyaSSL adds more SSL functions, better autoconf, nonblocking
 I/O for accept, connect, and read.  There is now an --enable-small configure
@@ -2346,7 +2811,7 @@ for the defines.  Note that TLS requires HMAC and AES requires TLS.
 See notes below (0.2.0) for build instructions.
 
 
-# CyaSSL version 0.5.5 (09/27/2006) 
+# CyaSSL version 0.5.5 (09/27/2006)
 
 This mini release of CyaSSL adds better input processing through buffered input
 and big message support.  Added SSL_pending() and some sanity checks on user
@@ -2355,23 +2820,23 @@ settings.
 See notes below (0.2.0) for build instructions.
 
 
-# CyaSSL version 0.5.0 (03/27/2006) 
+# CyaSSL version 0.5.0 (03/27/2006)
 
-This release of CyaSSL adds AES support and minor bug fixes. 
+This release of CyaSSL adds AES support and minor bug fixes.
 
 See notes below (0.2.0) for build instructions.
 
 
 # CyaSSL version 0.4.0 (03/15/2006)
 
-This release of CyaSSL adds TLSv1 client/server support and libtool. 
+This release of CyaSSL adds TLSv1 client/server support and libtool.
 
 See notes below for build instructions.
 
 
 # CyaSSL version 0.3.0 (02/26/2006)
 
-This release of CyaSSL adds SSLv3 server support and session resumption. 
+This release of CyaSSL adds SSLv3 server support and session resumption.
 
 See notes below for build instructions.
 
@@ -2397,7 +2862,7 @@ with support for SHA-1 and MD5 digests.  Ciphers include 3DES and RC4.
     ./configure
     make
 
-    from the ./testsuite/ directory run ./testsuite 
+    from the ./testsuite/ directory run ./testsuite
 
 #### to make a debug build:
 

IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino

@@ -1,6 +1,6 @@
 /* wolfssl_client.ino
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino

@@ -1,6 +1,6 @@
 /* wolfssl_server.ino
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ARDUINO/wolfssl-arduino.sh

@@ -32,6 +32,14 @@ if [ "$DIR" = "ARDUINO" ]; then
     mv ./wolfSSL/bio.c ./wolfSSL/wolfssl
 	mv ./wolfSSL/evp.c ./wolfSSL/wolfssl
 
+    # make a copy of evp.c and bio.c for ssl.c to include inline
+    cp ./wolfSSL/wolfssl/evp.c ./wolfSSL/wolfcrypt/src/evp.c
+    cp ./wolfSSL/wolfssl/bio.c ./wolfSSL/wolfcrypt/src/bio.c
+    
+    # copy openssl compatibility headers to their appropriate location
+    mkdir ./wolfSSL/wolfssl/openssl
+    cp ../../wolfssl/openssl/* ./wolfSSL/wolfssl/openssl
+
     echo "/* Generated wolfSSL header file for Arduino */" > ./wolfSSL/wolfssl.h
     echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
     echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h

IDE/CRYPTOCELL/README.md

@@ -22,13 +22,15 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s
 - SHA-256
 - AES CBC
 - CryptoCell 310 RNG
-- RSA sign/verify and RSA key gen
+- RSA sign/verify and RSA key gen (2048 bit in PKCSv1.5 padding mode)
 - RSA encrypt/decrypt
 - ECC sign/verify/shared secret
 - ECC key import/export and key gen pairs
 - Hardware RNG
 - RTC for benchmark timing source
 
+Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible with key pairs generated with Cryptocell because the importing/exporting Cryptocell keys has not been implemented yet.
+
 ## Setup
 ### Setting up Nordic SDK with wolfSSL
 1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source.

IDE/CRYPTOCELL/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -18,6 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfcrypt/test/test.h>
 #include <wolfcrypt/benchmark/benchmark.h>

IDE/CRYPTOCELL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -41,6 +41,7 @@ extern "C" {
 #endif
 
 #if defined(WOLFSSL_CRYPTOCELL)
+    /* see SASI_AES_KEY_MAX_SIZE_IN_BYTES in the nRF5 SDK */
     #define AES_MAX_KEY_SIZE    128
 #endif /* WOLFSSL_CRYPTOCELL*/
 
@@ -137,6 +138,9 @@ extern "C" {
 #if 1
     #define HAVE_ECC
 
+    #include <strings.h>
+    /* strings.h required for strncasecmp */
+
     /* Manually define enabled curves */
     #undef  ECC_USER_CURVES
     #define ECC_USER_CURVES

IDE/ECLIPSE/DEOS/deos_malloc.c

@@ -1,6 +1,6 @@
 /* deos_malloc.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/tls_wolfssl.c

@@ -1,6 +1,6 @@
 /* tls_wolfssl.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -380,10 +380,7 @@ void wolfssl_server_test(uintData_t statusPtr)
     int  socketAddrLen=sizeof(sockaddr);
     char rx_buf[RX_BUF_SIZE];
     char tx_buf[TX_BUF_SIZE];
-    unsigned  char attempt_conn;
     clientConnectionHandleType TCPserverHandle;
-    void * sendBuffer;
-    DWORD bufferSizeInBytes;
 
     WOLFSSL * ssl;
     WOLFSSL_CTX * ctx;
@@ -572,7 +569,6 @@ int  wolfsslRunTests (void)
 {
     thread_handle_t TCPhandle;
     threadStatus ts;
-    int ret;
 
     #if !defined(NO_CRYPT_TEST)
         wolfcrypt_test(NULL);

IDE/ECLIPSE/DEOS/tls_wolfssl.h

@@ -1,6 +1,6 @@
 /* tls_wolfssl.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/DEOS/user_settings.h

@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/README.md

@@ -1,7 +1,7 @@
 
 # Micrium μC/OS-III Port
 ## Overview
-You can enable the wolfSSL support for Micrium μC/OS-III RTOS available [here](http://www.micriums.com/) using the define `MICRIUM`.
+You can enable the wolfSSL support for Micrium μC/OS-III RTOS available [here](http://www.micrium.com/) using the define `MICRIUM`.
 
 ## Usage
 
@@ -72,7 +72,7 @@ The test results below were collected from the NXP Kinetis K70 (Freescale TWR-K7
 
 - IAR Embedded Workbench IDE - ARM 8.32.1 (IAR ELF Linker V8.32.1.169/W32 for ARM)
 
-- The starting project is based on an IAR EWARM project from Micrium download center at [micrium_twr-k70f120m-os3/](https://www.micrium.com/download/micrium_twr-k70f120m-os3/) but the K70X_FLASH.icf linker script file was slightly modified to configure the stack and heap sizes to 16KB and 20KB. The test was run on a 1 MBytes of program flash and 128 KBytes of static RAM.
+- The starting project is based on an IAR EWARM project from Micrium download center at [micrium_twr-k70f120m-os3/](https://www.micrium.com/download/micrium_twr-k70f120m-os3/) but the K70X_FLASH.icf linker script file was slightly modified to configure the stack and heap sizes to 16KB and 20KB. The test was run on a 1 MBytes of program flash and 128 KBytes of static RAM. ([Similar TCP version](https://www.micrium.com/download/twr-k70f120m_os3-tcpip-wifi-lib/))
 
 - wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
 

IDE/ECLIPSE/MICRIUM/client_wolfssl.c

@@ -1,6 +1,6 @@
 /* client_wolfssl.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/client_wolfssl.h

@@ -1,6 +1,6 @@
 /* client_wolfssl.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/server_wolfssl.c

@@ -1,6 +1,6 @@
 /* server_wolfssl.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/server_wolfssl.h

@@ -1,6 +1,6 @@
 /* server_wolfssl.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/user_settings.h

@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c

@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/RTTHREAD/README.md

@@ -0,0 +1,175 @@
+# RT-Thread Port
+## Overview
+You can enable the wolfSSL support for RT-Thread available [here](https://www.rt-thread.io) using the define `RTTHREAD`.
+
+## Usage
+
+wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/RTTHREAD/user_settings.h` file.
+
+The `wolfssl_test.c` example application provides a simple function to run the test and benchmark.
+
+1. Open your IDE-based example project for RT-Thread.
+
+2. Create the following folder and sub-folders structures in your project.
+```
+wolfssl
+   |src
+   |wolfcrypt
+          |benchmark
+          |src
+          |test
+   |wolfssl
+          |openssl
+          |wolfcrypt
+   |example
+```
+The folder hierarchy is the same as the wolfSSL folders with an exception of the example folder.
+
+3. Add or link all of the header and source files in `IDE/ECLIPSE/RTTHREAD/` folder into the example folder.
+
+4. Add or link all the source code in the corresponding folder in wolfSSL.
+
+5. Remove non-C platform dependent files from your build.
+
+6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths.
+Here's an example of the paths that must be added.
+
+```
+$PROJ_DIR$\...
+$PROJ_DIR$\...\wolfcrypt
+$PROJ_DIR$\...\wolfssl
+$PROJ_DIR$\...\IDE\ECLIPSE\RTTHREAD
+```
+
+7. In your C/C++ compiler preprocessor settings, define the WOLFSSL_USER_SETTINGS symbol to add user_settings.h file in your project.
+
+8. Add a call to `wolfssl_test()` from your startup task. Here's an example:
+
+```c
+static void test_task (void *p_arg)
+{
+    ...
+    while (1) {
+           wolfssl_test();
+           rt_thread_mdelay(500);
+        }
+}
+```
+9. Rebuild all your project.
+
+10. Now you are ready to download and debug your image on the board.
+
+
+The test results below were collected from the RT-Thread ART-Pi with the following software and tool chains:
+
+- STM32H750XBH6
+
+- RT-Thread Studio (Version: 2.0.0)
+
+- GNU ARM Cross C Compiler (Optimization level: -O0)
+
+- The starting project is based on [RT-Thread ART-Pi SDK](https://github.com/RT-Thread-Studio/sdk-bsp-stm32h750-realthread-artpi) (./projects/art_pi_wifi)
+
+- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
+
+
+### `WOLFSSL_WOLFCRYPT_TEST` output of wolfcrypt_test()
+```
+error    test passed!
+MEMORY   test passed!
+base64   test passed!
+asn      test passed!
+RANDOM   test passed!
+MD5      test passed!
+MD4      test passed!
+SHA      test passed!
+SHA-256  test passed!
+SHA-512  test passed!
+Hash     test passed!
+HMAC-MD5 test passed!
+HMAC-SHA test passed!
+HMAC-SHA256 test passed!
+HMAC-SHA512 test passed!
+X963-KDF    test passed!
+GMAC     test passed!
+ARC4     test passed!
+HC-128   test passed!
+Rabbit   test passed!
+DES      test passed!
+DES3     test passed!
+AES      test passed!
+AES192   test passed!
+AES256   test passed!
+AES-GCM  test passed!
+AES Key Wrap test passed!
+RSA      test passed!
+DH       test passed!
+DSA      test passed!
+PWDBASED test passed!
+ECC      test passed!
+ECC buffer test passed!
+CURVE25519 test passed!
+ED25519  test passed!
+PKCS7encrypted  test passed!
+PKCS7signed     test passed!
+PKCS7enveloped  test passed!
+PKCS7authenveloped  test passed!
+logging  test passed!
+mutex    test passed!
+memcb    test passed!
+```
+### `WOLFSSL_BENCHMARK_TEST` output of benchmark_test()
+```
+------------------------------------------------------------------------------
+ wolfSSL version 4.5.0
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                 50 KB took 1.000 seconds,   50.000 KB/s
+AES-128-CBC-enc      2 MB took 1.000 seconds,    2.075 MB/s
+AES-128-CBC-dec      2 MB took 1.000 seconds,    1.611 MB/s
+AES-192-CBC-enc      2 MB took 1.000 seconds,    2.002 MB/s
+AES-192-CBC-dec      2 MB took 1.000 seconds,    1.514 MB/s
+AES-256-CBC-enc      2 MB took 1.000 seconds,    1.855 MB/s
+AES-256-CBC-dec      1 MB took 1.000 seconds,    1.465 MB/s
+AES-128-GCM-enc    700 KB took 1.000 seconds,  700.000 KB/s
+AES-128-GCM-dec    675 KB took 1.000 seconds,  675.000 KB/s
+AES-192-GCM-enc    675 KB took 1.000 seconds,  675.000 KB/s
+AES-192-GCM-dec    675 KB took 1.000 seconds,  675.000 KB/s
+AES-256-GCM-enc    650 KB took 1.000 seconds,  650.000 KB/s
+AES-256-GCM-dec    650 KB took 1.000 seconds,  650.000 KB/s
+AES-128-ECB-enc      2 MB took 1.000 seconds,    1.902 MB/s
+AES-128-ECB-dec      2 MB took 1.000 seconds,    1.521 MB/s
+AES-192-ECB-enc      2 MB took 1.000 seconds,    1.780 MB/s
+AES-192-ECB-dec      1 MB took 1.000 seconds,    1.433 MB/s
+AES-256-ECB-enc      2 MB took 1.000 seconds,    1.638 MB/s
+AES-256-ECB-dec      1 MB took 1.000 seconds,    1.405 MB/s
+ARC4                 5 MB took 1.000 seconds,    4.956 MB/s
+RABBIT               6 MB took 1.000 seconds,    6.470 MB/s
+3DES               750 KB took 1.000 seconds,  750.000 KB/s
+MD5                 12 MB took 1.000 seconds,   12.061 MB/s
+SHA                  4 MB took 1.000 seconds,    3.979 MB/s
+SHA-256              2 MB took 1.000 seconds,    1.782 MB/s
+SHA-512              1 MB took 1.000 seconds,    1.001 MB/s
+HMAC-MD5            12 MB took 1.000 seconds,   12.329 MB/s
+HMAC-SHA             4 MB took 1.000 seconds,    3.662 MB/s
+HMAC-SHA256          2 MB took 1.000 seconds,    1.758 MB/s
+HMAC-SHA512          1 MB took 1.000 seconds,    1.001 MB/s
+PBKDF2             224 bytes took 1.000 seconds,  224.000 bytes/s
+RSA     2048 public         20 ops took 1.000 sec, avg 50.000 ms, 20.000 ops/sec
+RSA     2048 private         2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
+DH      2048 key gen         4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+DH      2048 agree           4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+ECC      256 key gen         6 ops took 1.000 sec, avg 166.667 ms, 6.000 ops/sec
+ECDHE    256 agree           6 ops took 1.000 sec, avg 166.667 ms, 6.000 ops/sec
+ECDSA    256 sign            6 ops took 1.000 sec, avg 166.667 ms, 6.000 ops/sec
+ECDSA    256 verify          4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+CURVE  25519 key gen         4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+CURVE  25519 agree           2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
+ED     25519 key gen         4 ops took 1.000 sec, avg 250.000 ms, 4.000 ops/sec
+ED     25519 sign            2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
+ED     25519 verify          2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
+```
+
+## References
+
+For more information please contact info@wolfssl.com.

IDE/ECLIPSE/RTTHREAD/include.am

@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/ECLIPSE/RTTHREAD/README.md \
+    IDE/ECLIPSE/RTTHREAD/user_settings.h \
+    IDE/ECLIPSE/RTTHREAD/wolfssl_test.c

IDE/ECLIPSE/RTTHREAD/user_settings.h

@@ -0,0 +1,81 @@
+/* user_setting.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_USER_SETTINGS_H_
+#define WOLFSSL_USER_SETTINGS_H_
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#define RTTHREAD
+
+/* You can select one or all of the following tests */
+#define WOLFSSL_WOLFCRYPT_TEST
+#define WOLFSSL_BENCHMARK_TEST
+#define WOLFSSL_CLIENT_TEST
+#define WOLFSSL_SERVER_TEST
+#define USE_TEST_GENSEED
+#define NO_DEV_RANDOM
+#define HAVE_PKCS7
+#define HAVE_AES_KEYWRAP
+#define HAVE_X963_KDF
+#define WOLFSSL_AES_DIRECT
+/* adjust CURRENT_UNIX_TS to seconds since Jan 01 1970. (UTC)
+You can get the current time from https://www.unixtimestamp.com/
+*/
+#define CURRENT_UNIX_TS 1542605837UL
+
+/* When using Windows simulator, you must define USE_WINDOWS_API for test.h to build */
+#ifdef _WIN32
+#define USE_WINDOWS_API
+#endif
+
+#define NO_FILESYSTEM
+#define SIZEOF_LONG_LONG 8
+
+/* prevents from including multiple definition of main() */
+#define NO_MAIN_DRIVER
+#define NO_TESTSUITE_MAIN_DRIVER
+
+/* includes certificate test buffers via header files */
+#define USE_CERT_BUFFERS_2048
+/*use kB instead of mB for embedded benchmarking*/
+#define BENCH_EMBEDDED
+
+#define NO_WRITE_TEMP_FILES
+
+#define XSNPRINTF snprintf
+#define NO_WRITEV
+
+#define HAVE_AESGCM
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519
+#define ED25519_SMALL
+
+#ifdef __cplusplus
+    }   /* extern "C" */
+#endif
+
+#endif

IDE/ECLIPSE/RTTHREAD/wolfssl_test.c

@@ -0,0 +1,33 @@
+/* wolfsslRunTests.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <stdint.h>
+#include <wolfcrypt/test/test.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
+int wolfssl_test(void) {
+#if !defined(NO_CRYPT_TEST)
+    wolfcrypt_test(NULL);
+#endif
+#if !defined(NO_CRYPT_BENCHMARK)
+    benchmark_test(NULL);
+#endif
+    return 0;
+}

IDE/Espressif/ESP-IDF/README.md

@@ -16,8 +16,9 @@ Including the following examples:
 
     Note: This expects to use Linux version.
 
-## Setup
- 1. Run *setup.sh* to deploy files into ESP-IDF tree
+## Setup for Linux
+ 1. Run *setup.sh* at /path/to/wolfssl/IDE/Espressif/ESP-IDF/ to deploy files into ESP-IDF tree  
+    For Windows : Run *setup_win.bat* at \IDE\Espressif\ESP-IDF\
  2. Find Wolfssl files at /path/to/esp-idf/components/wolfssl/
  3. Find Example programs under /path/to/esp-idf/examples/protocols/wolfssl_xxx
  4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h  
@@ -32,4 +33,8 @@ Including the following examples:
 ## Support
  For question please email [support@wolfssl.com]
 
- Note: This is tested with "Ubuntu 18.04.1 LTS" and ESP32-WROOM-32.
+ Note: This is tested with :  
+   - OS: Ubuntu 18.04.1 LTS and Microsoft Windows 10 Pro 10.0.19041  
+   - ESP-IDF: v4.1 and v4.0.1  
+   - Module : ESP32-WROOM-32
+

IDE/Espressif/ESP-IDF/dummy_config_h

@@ -1,6 +1,6 @@
 /* config.h - dummy
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c

@@ -1,6 +1,6 @@
 /* helper.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults

@@ -1,5 +1,5 @@
 CONFIG_BENCH_ARGV="-lng 0"
-CONFIG_MAIN_TASK_STACK_SIZE=7000
+CONFIG_MAIN_TASK_STACK_SIZE=7500
 CONFIG_FREERTOS_HZ=1000
 CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=
 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

@@ -1,6 +1,6 @@
 /* client-tls-callback.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,7 +24,7 @@
 #include "esp_idf_version.h"
 #include "esp_log.h"
 #include "esp_wifi.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "esp_event.h"
 #else
 #include "esp_event_loop.h"

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #include "lwip/netdb.h"
 #include "lwip/apps/sntp.h"
 #include "nvs_flash.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "protocol_examples_common.h"
 #endif
 
@@ -53,7 +53,8 @@ static void set_time()
     char strftime_buf[64];
     /* please update the time if seeing unknown failure. */
     /* this could cause TLS communication failure due to time expiration */
-    utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */
+    /* incleasing 31536000 seconds is close to spend 356 days.           */
+    utctime.tv_sec = 1598661910; /* dummy time: Fri Aug 29 09:45:00 2020 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;
@@ -92,7 +93,7 @@ static void tls_smp_client_init(void)
         ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_CLIENT_TASK_NAME);
     }
 }
-/* event hander for wifi events */
+/* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
     switch (event->event_id)
@@ -122,11 +123,14 @@ void app_main(void)
     ESP_ERROR_CHECK(nvs_flash_init());
 
     ESP_LOGI(TAG, "Initialize wifi");
-    /* TCP/IP adapter initialization */
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+    esp_netif_init();
+#else
     tcpip_adapter_init();
+#endif
 
     /* */
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
     (void) wifi_event_handler;
    ESP_ERROR_CHECK(esp_event_loop_create_default());
    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* wifi_connect.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -24,7 +24,7 @@
 #include "esp_idf_version.h"
 #include "esp_log.h"
 #include "esp_wifi.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "esp_event.h"
 #else
 #include "esp_event_loop.h"

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c

@@ -1,6 +1,6 @@
 /* server-tls-callback.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -64,7 +64,7 @@ static void ShowCiphers(void)
 #include "wolfssl/wolfcrypt/port/atmel/atmel.h"
 
 /* when you want to use a custom slot allocation */
-/* enable the difinition CUSTOM_SLOT_ALLOCATION. */
+/* enable the definition CUSTOM_SLOT_ALLOCATION. */
 
 #if defined(CUSTOM_SLOT_ALLOCATION)
 

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c 
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,7 +27,7 @@
 #include "lwip/netdb.h"
 #include "lwip/apps/sntp.h"
 #include "nvs_flash.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "protocol_examples_common.h"
 #endif
 
@@ -35,7 +35,7 @@ const static int CONNECTED_BIT = BIT0;
 static EventGroupHandle_t wifi_event_group;
 /* prefix for logging */
 const static char *TAG = "tls_server";
-/* proto-type difinition */
+/* proto-type definition */
 extern void tls_smp_server_task();
 static void tls_smp_server_init();
 
@@ -50,7 +50,8 @@ static void set_time()
     char strftime_buf[64];
     /* please update the time if seeing unknown failure. */
     /* this could cause TLS communication failure due to time expiration */
-    utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */
+    /* incleasing 31536000 seconds is close to spend 356 days.           */
+    utctime.tv_sec = 1598661910; /* dummy time: Fri Aug 29 09:45:00 2020 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;
@@ -89,7 +90,7 @@ static void tls_smp_server_init(void)
         ESP_LOGI(TAG, "create thread %s failed", TLS_SMP_SERVER_TASK_NAME);
     }
 }
-/* event hander for wifi events */
+/* event handler for wifi events */
 static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
 {
     switch (event->event_id)
@@ -98,8 +99,13 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
         esp_wifi_connect();
         break;
     case SYSTEM_EVENT_STA_GOT_IP:
+#if ESP_IDF_VERSION_MAJOR >= 4
+        ESP_LOGI(TAG, "got ip:" IPSTR "\n",
+                 IP2STR(&event->event_info.got_ip.ip_info.ip));
+#else
         ESP_LOGI(TAG, "got ip:%s",
                  ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
+#endif
         /* http://esp32.info/docs/esp_idf/html/dd/d08/group__xEventGroupSetBits.html */
         xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
         break;
@@ -120,10 +126,13 @@ void app_main(void)
 
     ESP_LOGI(TAG, "Initialize wifi");
     /* TCP/IP adapter initialization */
-    tcpip_adapter_init();
-
-    /* */
 #if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+    esp_netif_init();
+#else
+    tcpip_adapter_init();
+#endif
+    /* */
+#if ESP_IDF_VERSION_MAJOR >= 4
     (void) wifi_event_handler;
    ESP_ERROR_CHECK(esp_event_loop_create_default());
    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.

IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults

@@ -1,2 +1,2 @@
-CONFIG_MAIN_TASK_STACK_SIZE=9000
+CONFIG_MAIN_TASK_STACK_SIZE=11000
 CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=

IDE/Espressif/ESP-IDF/setup_win.bat

@@ -0,0 +1,73 @@
+@echo off
+REM Expect the script at /path/to/wolfssl/IDE/Espressif/ESP-IDF/
+
+if NOT EXIST "setup.sh" ( 
+  echo "Please run this script at /path/to/wolfssl/IDE/Espressif/ESP-IDF/
+  goto exit
+)
+
+if "%IDF_PATH%" == "" (
+  echo "Please launch the script from ESP-IDF command prompt."
+  goto exit
+)
+
+set SCRIPTDIR=%CD%
+set BASEDIR=%SCRIPTDIR%\..\..\..\
+set WOLFSSL_ESPIDFDIR=%BASEDIR%\IDE\Espressif\ESP-IDF
+set WOLFSSLLIB_TRG_DIR=%IDF_PATH%\components\wolfssl
+set WOLFSSLEXP_TRG_DIR=%IDF_PATH%\examples\protocols
+
+echo Copy files into $IDF_PATH%
+rem Remove/Create directories
+rmdir /S/Q %WOLFSSLLIB_TRG_DIR%
+mkdir      %WOLFSSLLIB_TRG_DIR%
+mkdir      %WOLFSSLLIB_TRG_DIR%\src
+mkdir      %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src
+mkdir      %WOLFSSLLIB_TRG_DIR%\wolfssl
+mkdir      %WOLFSSLLIB_TRG_DIR%\test
+mkdir      %WOLFSSLLIB_TRG_DIR%\include
+
+rem copying ... files in src/ into $WOLFSSLLIB_TRG_DIR%/src
+xcopy /Y/Q %BASEDIR%\src\*.c %WOLFSSLLIB_TRG_DIR%\src\
+xcopy /Y/Q %BASEDIR%\wolfcrypt\src\*.c %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src
+xcopy /Y/Q %BASEDIR%\wolfcrypt\src\*.i %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src
+xcopy /E/Y/Q %BASEDIR%\wolfcrypt\src\port %WOLFSSLLIB_TRG_DIR%\wolfcrypt\src\port\
+xcopy /E/Y/Q %BASEDIR%\wolfcrypt\test\ %WOLFSSLLIB_TRG_DIR%\wolfcrypt\test\
+xcopy /E/Y/Q %BASEDIR%\wolfcrypt\benchmark\ %WOLFSSLLIB_TRG_DIR%\wolfcrypt\benchmark\
+xcopy /Y/Q %BASEDIR%\wolfssl\*.h %WOLFSSLLIB_TRG_DIR%\wolfssl\
+xcopy /E/Y/Q %BASEDIR%\wolfssl\wolfcrypt\ %WOLFSSLLIB_TRG_DIR%\wolfssl\wolfcrypt\
+
+rem user_settings.h
+xcopy /F/Q %WOLFSSL_ESPIDFDIR%\user_settings.h %WOLFSSLLIB_TRG_DIR%\include\
+echo F |xcopy /F/Q %WOLFSSL_ESPIDFDIR%\dummy_config_h %WOLFSSLLIB_TRG_DIR%\include\config.h
+
+rem unit test app
+xcopy /E/Y/Q %WOLFSSL_ESPIDFDIR%\test %WOLFSSLLIB_TRG_DIR%\test\
+xcopy /F/Q   %WOLFSSL_ESPIDFDIR%\libs\CMakeLists.txt %WOLFSSLLIB_TRG_DIR%\
+xcopy /F/Q   %WOLFSSL_ESPIDFDIR%\libs\component.mk   %WOLFSSLLIB_TRG_DIR%\
+
+rem Benchmark program
+rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\
+mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\main\
+xcopy /F/Q %BASEDIR%\wolfcrypt\benchmark\benchmark.c %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\main\
+xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_benchmark %WOLFSSLEXP_TRG_DIR%\wolfssl_benchmark\
+
+rem Crypt Test program
+rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_test\
+mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_test\main\
+xcopy /F/Q %BASEDIR%\wolfcrypt\test\test.c %WOLFSSLEXP_TRG_DIR%\wolfssl_test\main\
+xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_test %WOLFSSLEXP_TRG_DIR%\wolfssl_test\
+
+rem TLS Client program
+rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_client\
+mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_client\main\
+xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_client %WOLFSSLEXP_TRG_DIR%\wolfssl_client\
+
+rem TLS Server program
+rmdir /S/Q %WOLFSSLEXP_TRG_DIR%\wolfssl_server\
+mkdir      %WOLFSSLEXP_TRG_DIR%\wolfssl_server\main\
+xcopy /E/F/Q %WOLFSSL_ESPIDFDIR%\examples\wolfssl_server %WOLFSSLEXP_TRG_DIR%\wolfssl_server\
+
+:exit
+ echo completed
+

IDE/Espressif/ESP-IDF/test/CMakeLists.txt

@@ -1,4 +1,6 @@
-set(COMPONENT_SRCDIRS ".")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DNO_MAIN_DRIVER -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "test_wolfssl.c" "../wolfcrypt/test/test.c")
 set(COMPONENT_ADD_INCLUDEDIRS ".")
 
 set(COMPONENT_REQUIRES unity test_utils wolfssl)

IDE/Espressif/ESP-IDF/test/README.md

@@ -3,9 +3,8 @@
 The test contains of wolfSSL unit-test app on Unity.
 
 When you want to run the app  
-1. Copy *test.c* file at /path/to/esp-idf/components/wolfssl/wolfcrypt/test/ folder to the  wolfssl/test folder  
-2. Go to /esp-idf/tools/unit-test-app/ folder  
-3. "make menuconfig" to configure unit test app.  
-4. "make TEST_COMPONENTS=wolfssl" to build wolfssl unit test app.  
+1. Go to /esp-idf/tools/unit-test-app/ folder  
+2. "idf.py menuconfig" to configure unit test app.  
+3. "idf.py -T wolfssl build" to build wolfssl unit test app.  
 
 See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.

IDE/Espressif/ESP-IDF/test/test_wolfssl.c

@@ -171,7 +171,7 @@ static void tskAes256_Test(void *pvParam)
 }
 #endif
 
-#if !defined(NO_RSA) || defined(HAVE_ECC)
+#if (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(WC_NO_RNG)
 
 int mp_performance_check(int mul, int mulmod, int exptmod)
 {
@@ -280,13 +280,13 @@ int mp_performance_check(int mul, int mulmod, int exptmod)
                 printf("(%d,%d) Xbits = %d, Ybits = %d Pbits = %d",
                                                         i , j, Xbits, Ybits, Pbits);
                 if(mul) {
-                    printf(" mul = %llu (us)", elapsedTime1);
+                    printf(" mul = %llu (us)", (unsigned long long)elapsedTime1);
                 }
                 if(mulmod) {
-                    printf(" mulmod = %llu (us)\n", elapsedTime2);
+                    printf(" mulmod = %llu (us)\n", (unsigned long long)elapsedTime2);
                 }
                 if(exptmod) {
-                    printf(" exptmod = %llu (ms)\n", elapsedTime3);
+                    printf(" exptmod = %llu (ms)\n", (unsigned long long)elapsedTime3);
                 }
             }
         }
@@ -308,8 +308,8 @@ int mp_performance_check(int mul, int mulmod, int exptmod)
 int mp_unitest_mul(const char* strZ, const char* strX, const char* strY, int verbose)
 {
     int ret = 0;
-    char* buf;
-    char* bufZ;
+    char* buf = NULL;
+    char* bufZ = NULL;
     int radixX_size;
     int radixZ_size;
     int radixY_size;
@@ -335,10 +335,10 @@ int mp_unitest_mul(const char* strZ, const char* strX, const char* strY, int ver
     }
 
     mp_radix_size(&z, 16, &radixZ_size);
-    bufZ = (char*)XMALLOC(radixZ_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    bufZ = (char*)XMALLOC(radixZ_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if(bufZ != NULL) {
         mp_toradix(&z, bufZ, 16);
-        bufZ[radixZ_size] ='\0';
+        bufZ[radixZ_size-1] ='\0';
     }
 
     if(verbose) {
@@ -350,14 +350,14 @@ int mp_unitest_mul(const char* strZ, const char* strX, const char* strY, int ver
         mp_radix_size(&y, 16, &radixY_size);
         radixX_size = max(radixX_size, radixY_size);
 
-        buf = (char*)XMALLOC(radixX_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        buf = (char*)XMALLOC(radixX_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if(buf != NULL) {
             mp_toradix(&x, buf, 16);
-            buf[radixX_size] ='\0';
+            buf[radixX_size-1] ='\0';
             printf("X : %s ", buf);
 
             mp_toradix(&y, buf, 16);
-            buf[radixY_size] ='\0';
+            buf[radixY_size-1] ='\0';
             printf("Y : %s ", buf);
         }
         if(bufZ != NULL) {
@@ -410,10 +410,10 @@ int mp_unitest_mulmod(const char* strZ, const char* strX, const char* strY,
     }
 
     mp_radix_size(&z, 16, &radixZ_size);
-    bufZ = (char*)XMALLOC(radixZ_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    bufZ = (char*)XMALLOC(radixZ_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if(bufZ != NULL) {
         mp_toradix(&z, bufZ, 16);
-        bufZ[radixZ_size] ='\0';
+        bufZ[radixZ_size-1] ='\0';
     }
 
     if(verbose) {
@@ -427,18 +427,18 @@ int mp_unitest_mulmod(const char* strZ, const char* strX, const char* strY,
         mp_radix_size(&m, 16, &radixM_size);
         radixX_size = max(radixX_size, max(radixY_size, radixM_size));
 
-        buf = (char*)XMALLOC(radixX_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        buf = (char*)XMALLOC(radixX_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if(buf != NULL) {
             mp_toradix(&x, buf, 16);
-            buf[radixX_size] ='\0';
+            buf[radixX_size-1] ='\0';
             printf("X : %s ", buf);
 
             mp_toradix(&y, buf, 16);
-            buf[radixY_size] ='\0';
+            buf[radixY_size-1] ='\0';
             printf("Y : %s ", buf);
 
             mp_toradix(&m, buf, 16);
-            buf[radixM_size] ='\0';
+            buf[radixM_size-1] ='\0';
             printf("M : %s ", buf);
         }
         if(bufZ != NULL) {
@@ -459,8 +459,8 @@ int mp_unitest_exptmod(const char* strZ, const char* strX, const char* strY,
                const char* strM, int verbose)
 {
     int ret = 0;
-    char* buf;
-    char* bufZ;
+    char* buf = NULL;
+    char* bufZ = NULL;
     int radixX_size;
     int radixZ_size;
     int radixY_size;
@@ -491,10 +491,10 @@ int mp_unitest_exptmod(const char* strZ, const char* strX, const char* strY,
     }
 
     mp_radix_size(&z, 16, &radixZ_size);
-    bufZ = (char*)XMALLOC(radixZ_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    bufZ = (char*)XMALLOC(radixZ_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if(bufZ != NULL) {
         mp_toradix(&z, bufZ, 16);
-        bufZ[radixZ_size] ='\0';
+        bufZ[radixZ_size-1] ='\0';
     }
 
     if(verbose) {
@@ -508,18 +508,18 @@ int mp_unitest_exptmod(const char* strZ, const char* strX, const char* strY,
         mp_radix_size(&m, 16, &radixM_size);
         radixX_size = max(radixX_size, max(radixY_size, radixM_size));
 
-        buf = (char*)XMALLOC(radixX_size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        buf = (char*)XMALLOC(radixX_size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if(buf != NULL) {
             mp_toradix(&x, buf, 16);
-            buf[radixX_size] ='\0';
+            buf[radixX_size-1] ='\0';
             printf("X : %s ", buf);
 
             mp_toradix(&y, buf, 16);
-            buf[radixY_size] ='\0';
+            buf[radixY_size-1] ='\0';
             printf("Y : %s ", buf);
 
             mp_toradix(&m, buf, 16);
-            buf[radixM_size] ='\0';
+            buf[radixM_size-1] ='\0';
             printf("M : %s ", buf);
         }
         if(bufZ != NULL) {
@@ -539,20 +539,20 @@ int mp_unitest_exptmod(const char* strZ, const char* strX, const char* strY,
 TEST_CASE("wolfssl mp exptmod test"   , "[wolfssl]")
 {
     ESP_LOGI(TAG, "mp test");
-    int verbose = 0;
+    int verbose = 1;
 
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("2", "5", "1", "3", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("1", "-5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("02", "5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("01", "-5", "1", "3", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("CE331E6D30A77A57", "1234", "A",
                            "FFFFFFFFFFFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("1000000", "1000", "2", "FFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("1000000", "2", "128",
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("01000000", "1000", "2", "FFFFFFF", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("01000000", "2", "128",
                             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("14B5A90", "1234", "2", "FFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("1234321", "1111", "2", "FFFFFFFF", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("2", "5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("014B5A90", "1234", "2", "FFFFFFF", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("01234321", "1111", "2", "FFFFFFFF", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("02", "5", "1", "3", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("22", "55", "1", "33", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("222", "555", "1", "333", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("0222", "555", "1", "333", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("2222", "5555", "1", "3333", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("11", "5555", "1", "33", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_exptmod("55", "1111", "1", "77", verbose));
@@ -562,16 +562,16 @@ TEST_CASE("wolfssl mp exptmod test"   , "[wolfssl]")
 TEST_CASE("wolfssl mp mulmod test"   , "[wolfssl]")
 {
     ESP_LOGI(TAG, "mp test");
-    int verbose = 0;
+    int verbose = 1;
     /*                                      Z    X    Y    M */
-    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("2", "5", "1", "3", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("1", "-5", "1", "3", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("2", "-64", "A", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("02", "5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("01", "-5", "1", "3", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("02", "-64", "A", "3", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("74C3AC", "123456", "55555", "AAAAA1", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_mulmod("73A068", "123456", "55555", "AAAAA3", verbose));
 
     mp_unitest_mulmod(
-    "10C530243ADE5EA7C557E9A2FF5B4573195665A89CB921F573267B15CD2BCB6467E925235AA752CC2D08B07D31497B497744CA3685A46E76247439826628589DD814AC9EEE9EF8B4B44BEE2DB6065BE3C51B788E4ECFF39FB28C3D8EBE10FC9989D97CDC6624E32EBD222E222A2E93085FC2D05E4EB73375F7FC7B11E9B3024",
+    "010C530243ADE5EA7C557E9A2FF5B4573195665A89CB921F573267B15CD2BCB6467E925235AA752CC2D08B07D31497B497744CA3685A46E76247439826628589DD814AC9EEE9EF8B4B44BEE2DB6065BE3C51B788E4ECFF39FB28C3D8EBE10FC9989D97CDC6624E32EBD222E222A2E93085FC2D05E4EB73375F7FC7B11E9B3024",
     "A4F780E83C3FAC34878787D4876BA7582E48C7637A26C6E720974FC7416150A3865D44F6D08E3DA38EB4296928C564D9A0008D8A0D63E0B8EF54D14D54FBEAB540E43D2ED6BE54806D9150C1944437CC3D8B2486A1FB932A6691B529E0E2A46524CB0825BA4F4E1B9C24554DB1913169E5373173A3B7CBBF77C3403C8C7AE86A",
     "6520379E44C1A2C359342010E1038F8C3644D9A47A9346A80C92B48A6986872D74C3BDDB49B2D93C554B588D4A4448614FADBC066CC10F3EB20A2422EA857B7DD0BF60C9CB7D733B12761BD785BCD122D97ECA0A8F1D0F705BC094B66EE5C96712AE3B14B5AA6AD9E50C6A3020BA01DA4FB94E3934527ADCDB3DE51C368B37C2",
     "BE7070B80418E528FE66D89088E0F1B7C3D0D23EE64B9474B0FFB0F763A5AB7EAFB62BB738161A50BFF1CA873AD5B0DAF8437A15B97EEA2A80D251B035AF07F3F25D243A4B8756481B3C249ADA7080BD3C8B034A0C8371DEE30370A2B760091B5EC73DA06460E3A9068DD3FF42BB0A94272D57420DB02DE0BA182560921192F3",
@@ -602,13 +602,13 @@ TEST_CASE("wolfssl mp mulmod test"   , "[wolfssl]")
 TEST_CASE("wolfssl mp mul test"   , "[wolfssl]")
 {
     ESP_LOGI(TAG, "mp test");
-    int verbose = 0;
+    int verbose = 1;
 
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("A", "5", "2", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("-A", "-5", "2", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("A", "-5", "-2", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("6260060", "1234", "5678", verbose));
-    TEST_ASSERT_EQUAL(0, mp_unitest_mul("38E83", "123", "321", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("0A", "5", "2", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("-0A", "-5", "2", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("0A", "-5", "-2", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("06260060", "1234", "5678", verbose));
+    TEST_ASSERT_EQUAL(0, mp_unitest_mul("038E83", "123", "321", verbose));
     TEST_ASSERT_EQUAL(0, mp_unitest_mul("75CD7FCBBC", "123456", "6789A", verbose));
 
     TEST_ASSERT_EQUAL(0, mp_unitest_mul(
@@ -618,7 +618,7 @@ TEST_CASE("wolfssl mp mul test"   , "[wolfssl]")
     verbose));
 
     TEST_ASSERT_EQUAL(0, mp_unitest_mul(
-    "33676FE7B625BF0759F7E8932B6B50D5F45E16E1C670AD20F1CDA5DFFA433685937CA8422A9CB916CC8",
+    "033676FE7B625BF0759F7E8932B6B50D5F45E16E1C670AD20F1CDA5DFFA433685937CA8422A9CB916CC8",
     "165196BA298CD54975DC483C4D21A51EA0A146783CFB41522E76E50C",
     "24D9D5CA7D9CCC06F5E70F1963E6",
     verbose));
@@ -636,7 +636,7 @@ TEST_CASE("wolfssl mp mul performance test"   , "[wolfssl]")
 
     TEST_ASSERT_EQUAL(0, mp_performance_check(mul, mulmod, exptmod));
 }
-#endif/* !NO_RSA || HAVE_ECC */
+#endif/* (!NO_RSA || HAVE_ECC) && !WC_NO_RNG */
 
 TEST_CASE("wolfssl aes test"  , "[wolfssl]")
 {

IDE/Espressif/ESP-IDF/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -43,6 +43,19 @@
 #define CURVE25519_SMALL
 #define HAVE_ED25519
 
+/* when you want to use pkcs7 */
+/* #define HAVE_PKCS7 */
+
+#if defined(HAVE_PKCS7)
+    #define HAVE_AES_KEYWRAP
+    #define HAVE_X963_KDF
+    #define WOLFSSL_AES_DIRECT
+#endif
+
+/* when you want to use aes counter mode */
+/* #define WOLFSSL_AES_DIRECT */
+/* #define WOLFSSL_AES_COUNTER */
+
 /* esp32-wroom-32se specific definition */
 #if defined(WOLFSSL_ESPWROOM32SE)
     #define WOLFSSL_ATECC508A

IDE/GCC-ARM/Header/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -70,13 +70,15 @@ extern "C" {
     #define WOLFSSL_HAVE_SP_RSA
     #define WOLFSSL_HAVE_SP_DH
     #define WOLFSSL_HAVE_SP_ECC
-    #define WOLFSSL_SP_CACHE_RESISTANT
-    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
+    //#define WOLFSSL_SP_CACHE_RESISTANT
+    #define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
 
-    /* 64 or 32 bit version */
-    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
+    /* SP Assembly Speedups */
+    #define WOLFSSL_SP_ASM      /* required if using the ASM versions */
     //#define WOLFSSL_SP_ARM32_ASM
     //#define WOLFSSL_SP_ARM64_ASM
+    //#define WOLFSSL_SP_ARM_THUMB_ASM
+    #define WOLFSSL_SP_ARM_CORTEX_M_ASM
 #endif
 
 /* ------------------------------------------------------------------------- */
@@ -171,16 +173,15 @@ extern "C" {
     #undef  ECC_TIMING_RESISTANT
     #define ECC_TIMING_RESISTANT
 
-    /* Enable cofactor support */
     #ifdef HAVE_FIPS
         #undef  HAVE_ECC_CDH
-        #define HAVE_ECC_CDH
-    #endif
+        #define HAVE_ECC_CDH /* Enable cofactor support */
+
+        #undef NO_STRICT_ECDSA_LEN
+        #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
 
-    /* Validate import */
-    #ifdef HAVE_FIPS
         #undef  WOLFSSL_VALIDATE_ECC_IMPORT
-        #define WOLFSSL_VALIDATE_ECC_IMPORT
+        #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
     #endif
 
     /* Compressed Key Support */
@@ -189,14 +190,17 @@ extern "C" {
 
     /* Use alternate ECC size for ECC math */
     #ifdef USE_FAST_MATH
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
         #ifdef NO_RSA
             /* Custom fastmath size if not using RSA */
-            /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
             #undef  FP_MAX_BITS
-            #define FP_MAX_BITS     (256 + 32)
+            #define FP_MAX_BITS     (256 * 2)
         #else
             #undef  ALT_ECC_SIZE
             #define ALT_ECC_SIZE
+            /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
+            //#undef  FP_MAX_BITS_ECC
+            //#define FP_MAX_BITS_ECC (256 * 2)
         #endif
 
         /* Speedups specific to curve */

IDE/GCC-ARM/Makefile.common

@@ -27,7 +27,8 @@ INC = -I./Header \
 DEF = -DWOLFSSL_USER_SETTINGS
 
 # Architecture
-ARCHFLAGS = -mcpu=cortex-m0 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
+ARCHFLAGS = -mcpu=cortex-m4 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
+#ARCHFLAGS = -mcpu=cortex-m0 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP
 #ARCHFLAGS = -mcpu=cortex-r5 -mthumb -mabi=aapcs
 #ARCHFLAGS = -mcpu=cortex-a53 -mthumb -mabi=aapcs
 
@@ -132,7 +133,10 @@ SRC_C += ../../wolfcrypt/src/signature.c
 SRC_C += ../../wolfcrypt/src/srp.c
 SRC_C += ../../wolfcrypt/src/sp_arm32.c
 SRC_C += ../../wolfcrypt/src/sp_arm64.c
+SRC_C += ../../wolfcrypt/src/sp_armthumb.c
 SRC_C += ../../wolfcrypt/src/sp_c32.c
+SRC_C += ../../wolfcrypt/src/sp_c64.c
+SRC_C += ../../wolfcrypt/src/sp_cortexm.c
 SRC_C += ../../wolfcrypt/src/sp_int.c
 SRC_C += ../../wolfcrypt/src/tfm.c
 SRC_C += ../../wolfcrypt/src/wc_encrypt.c

IDE/GCC-ARM/Source/armtarget.c

@@ -1,6 +1,6 @@
 /* armtarget.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -142,20 +142,20 @@ void HardFault_HandlerC( uint32_t *hardfault_args )
     _BFAR = (*((volatile uint32_t *)(0xE000ED38)));
 
     printf ("\n\nHard fault handler (all numbers in hex):\n");
-    printf ("R0 = %lx\n", stacked_r0);
-    printf ("R1 = %lx\n", stacked_r1);
-    printf ("R2 = %lx\n", stacked_r2);
-    printf ("R3 = %lx\n", stacked_r3);
-    printf ("R12 = %lx\n", stacked_r12);
-    printf ("LR [R14] = %lx  subroutine call return address\n", stacked_lr);
-    printf ("PC [R15] = %lx  program counter\n", stacked_pc);
-    printf ("PSR = %lx\n", stacked_psr);
-    printf ("CFSR = %lx\n", _CFSR);
-    printf ("HFSR = %lx\n", _HFSR);
-    printf ("DFSR = %lx\n", _DFSR);
-    printf ("AFSR = %lx\n", _AFSR);
-    printf ("MMAR = %lx\n", _MMAR);
-    printf ("BFAR = %lx\n", _BFAR);
+    printf ("R0 = %ux\n", stacked_r0);
+    printf ("R1 = %ux\n", stacked_r1);
+    printf ("R2 = %ux\n", stacked_r2);
+    printf ("R3 = %ux\n", stacked_r3);
+    printf ("R12 = %ux\n", stacked_r12);
+    printf ("LR [R14] = %ux  subroutine call return address\n", stacked_lr);
+    printf ("PC [R15] = %ux  program counter\n", stacked_pc);
+    printf ("PSR = %ux\n", stacked_psr);
+    printf ("CFSR = %ux\n", _CFSR);
+    printf ("HFSR = %ux\n", _HFSR);
+    printf ("DFSR = %ux\n", _DFSR);
+    printf ("AFSR = %ux\n", _AFSR);
+    printf ("MMAR = %ux\n", _MMAR);
+    printf ("BFAR = %ux\n", _BFAR);
 
     // Break into the debugger
     __asm("BKPT #0\n");

IDE/GCC-ARM/Source/benchmark_main.c

@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/test_main.c

@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/tls_client.c

@@ -1,6 +1,6 @@
 /* tls_client.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/wolf_main.c

@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -59,12 +59,12 @@ unsigned int LowResTimer(void)
 /* This is used by wolfCrypt benchmark tool only */
 double current_time(int reset)
 {
-    double time;
-	int timeMs = gTimeMs;
+    double timeNow;
+    int timeMs = gTimeMs;
     (void)reset;
-    time = (timeMs / 1000); // sec
-    time += (double)(timeMs % 1000) / 1000; // ms
-    return time;
+    timeNow = (timeMs / 1000); // sec
+    timeNow += (double)(timeMs % 1000) / 1000; // ms
+    return timeNow;
 }
 #endif
 

IDE/GCC-ARM/include.am

@@ -9,6 +9,7 @@ EXTRA_DIST+= IDE/GCC-ARM/Source/benchmark_main.c
 EXTRA_DIST+= IDE/GCC-ARM/Source/test_main.c
 EXTRA_DIST+= IDE/GCC-ARM/Source/tls_client.c
 EXTRA_DIST+= IDE/GCC-ARM/linker.ld
+EXTRA_DIST+= IDE/GCC-ARM/linker_fips.ld
 EXTRA_DIST+= IDE/GCC-ARM/Makefile
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.bench
 EXTRA_DIST+= IDE/GCC-ARM/Makefile.client

IDE/GCC-ARM/linker_fips.ld

@@ -0,0 +1,92 @@
+MEMORY
+{
+  FLASH (wx) : ORIGIN = 0x00000000, LENGTH = 256K
+  RAM   (wx) : ORIGIN = 0x20000000, LENGTH = 64K
+}
+
+SECTIONS
+{
+    __vectors_start__ = .;
+    .vectors : { *(.vectors) } > FLASH
+    __vectors_end__ = __vectors_start__ + 0x400;
+
+    /* Custom section for wolfCrypt FIPS module */
+    .wolfCryptFIPSModule_text :
+    {
+        . = ALIGN(4);
+        KEEP(wolfcrypt_first.o (.text .text* ))
+        KEEP(aes.o(.text .text* ))
+        KEEP(cmac.o (.text .text* ))
+        KEEP(des3.o (.text .text* ))
+        KEEP(dh.o (.text .text* ))
+        KEEP(ecc.o (.text .text* ))
+        KEEP(fips.o (.text .text* ))
+        KEEP(fips_test.o (.text .text* ))
+        KEEP(hmac.o (.text .text* ))
+        KEEP(random.o(.text .text* ))
+        KEEP(rsa.o (.text .text* ))
+        KEEP(sha.o (.text .text* ))
+        KEEP(sha256.o (.text .text* ))
+        KEEP(sha3.o (.text .text* ))
+        KEEP(sha512.o (.text .text* ))
+        KEEP(wolfcrypt_last.o(.text .text*))
+        . = ALIGN(4);
+    } > FLASH
+    .wolfCryptFIPSModule_rodata :
+    {
+        . = ALIGN(4);
+        KEEP(wolfcrypt_first.o (.rodata .rodata*))
+        KEEP(aes.o(.rodata .rodata*))
+        KEEP(cmac.o(.rodata .rodata*))
+        KEEP(des3.o(.rodata .rodata*))
+        KEEP(dh.o(.rodata .rodata*))
+        KEEP(ecc.o(.rodata .rodata*))
+        KEEP(fips.o(.rodata .rodata*))
+        KEEP(fips_test.o(.rodata .rodata*))
+        KEEP(hmac.o(.rodata .rodata*))
+        KEEP(random.o(.rodata .rodata*))
+        KEEP(rsa.o(.rodata .rodata*))
+        KEEP(sha.o(.rodata .rodata*))
+        KEEP(sha256.o(.rodata .rodata*))
+        KEEP(sha3.o(.rodata .rodata*))
+        KEEP(sha512.o(.rodata .rodata*))
+        KEEP(wolfcrypt_last.o(.rodata .rodata*))
+        . = ALIGN(4);
+    } > FLASH
+
+    /* Custom section for wolfCrypt and LibC to prevent FIPS hash from changing 
+        when application code changes are made */
+    .wolfCryptNonFIPS_text :
+    {
+        . = ALIGN(4);
+        KEEP(*wolf*src*.o(.text .text*))
+        lib_a* ( .text .text*)
+        . = ALIGN(4);
+    } > FLASH
+    .wolfCryptNonFIPS_rodata :
+    {
+        . = ALIGN(4);
+        KEEP(*wolf*src*.o(.rodata .rodata*))
+        lib_a* (.rodata .rodata*)
+        . = ALIGN(4);
+    } > FLASH
+    
+	.sys    : { *(.sys*) }    > FLASH
+    .text   : { *(.text*) }   > FLASH
+    .rodata : { *(.text*) }   > FLASH
+
+	__data_load_start__ = .;
+    __data_start__ = .;
+    .data   : { *(.data*) }   > RAM
+    __data_end__ = __data_start__ + SIZEOF(.data);
+
+    __bss_start__ = .;
+    .bss    : { *(.bss*)  }   > RAM
+    __bss_end__   = __bss_start__ + SIZEOF(.bss);
+
+    __heap_start__ = .;
+    .heap   : { *(.heap*)  }   > RAM
+    __heap_end__ = __heap_start__ + SIZEOF(.heap);
+
+    end = .;
+}

IDE/HEXAGON/DSP/Makefile

@@ -0,0 +1,111 @@
+# Makefile
+#
+# Copyright (C) 2006-2021 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#/
+
+ENVI=hexagon
+
+# default to hexagon v65 Release build
+ifndef V
+V=hexagon_Release_dynamic_toolv83_v65
+endif
+
+SUPPORTED_VS = $(default_VS)
+
+DEPENDENCIES = \
+  ATOMIC \
+  RPCMEM \
+  TEST_MAIN \
+  TEST_UTIL
+ATOMIC_DIR = $(HEXAGON_SDK_ROOT)/libs/common/atomic
+RPCMEM_DIR = $(HEXAGON_SDK_ROOT)/libs/common/rpcmem
+TEST_MAIN_DIR = $(HEXAGON_SDK_ROOT)/test/common/test_main
+TEST_UTIL_DIR = $(HEXAGON_SDK_ROOT)/test/common/test_util
+
+include $(HEXAGON_SDK_ROOT)/build/make.d/$(ENVI)_vs.min
+include $(HEXAGON_SDK_ROOT)/build/defines.min
+
+QURT = $(HEXAGON_SDK_ROOT)/libs/common/qurt
+QAIC_FLAGS += -I../../../
+CC_FLAGS += -I../../../
+CC_FLAGS += -I $(QURT)/computev65/include/posix/
+CC_FLAGS += -I $(QURT)/computev65/include/qurt/
+CC_FLAGS += -I../
+CC_FLAGS += -DWOLFSSL_USER_SETTINGS
+CC_FLAGS += -DWOLFSSL_DSP_BUILD
+CC_FLAGS += -DWC_NO_RNG
+#CC_FLAGS += -O3
+
+C_FLAGS += $(MHVX_DOUBLE_FLAG) -mllvm -hexagon-eif=0
+CC_FLAGS += $(MHVX_DOUBLE_FLAG) -mllvm -hexagon-eif=0
+
+# stub library
+BUILD_LIBS += libwolfssl_dsp_skel
+ifeq (1,$(V_dynamic))
+BUILD_DLLS += libwolfssl_dsp_skel
+endif
+libwolfssl_dsp_skel_QAICIDLS += wolfssl_dsp
+libwolfssl_dsp_skel_C_SRCS += $V/wolfSSL_skel
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/sp_dsp32.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/sp_int.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/wc_port.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/logging.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/memory.c
+libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/wolfmath.c
+#libsp_dsp_skel_DLLS += libdspCV_skel
+
+# quality test
+#BUILD_QEXES += eccverify_q
+#eccverify_q_QAICIDLS = wolfssl_dsp
+#eccverify_q_C_SRCS = ../ecc-verify
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wc_dsp.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sp_dsp32.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sp_int.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wc_port.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wc_encrypt.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/pwdbased.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/hash.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/arc4.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/hmac.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/md5.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/coding.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/aes.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/des3.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/random.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/logging.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/ecc.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/memory.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sha256.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sha.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/asn.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wolfmath.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sp_c32.c
+#eccverify_q.C_SRCS += ../../../wolfcrypt/src/sp_c64.c
+#eccverify_q_LIBS = rtld rpcmem test_util atomic test_main
+
+BUILD_COPIES = \
+   $(DLLS) \
+   $(EXES) \
+   $(LIBS) \
+   $(SHIP_DIR)/ ;
+
+
+include $(RULES_MIN)
+
+

IDE/HEXAGON/DSP/wolfssl_dsp.idl

@@ -0,0 +1,13 @@
+#ifndef WOLFSSL_DSP_INC
+#define WOLFSSL_DSP_INC
+
+#include "AEEStdDef.idl"
+#include "remote.idl"
+
+interface wolfSSL: remote_handle64{
+
+	/* ecc operations */
+	long DSP_ECC_Verify_256(inrout sequence<int32>  hash, inrout sequence<int32> pX, inrout sequence<int32> pY,
+		inrout sequence<int32> pZ, inrout sequence<int32> r, inrout sequence<int32> sm, inrout long res);
+};
+#endif

IDE/HEXAGON/Makefile

@@ -0,0 +1,190 @@
+# Makefile
+#
+# Copyright (C) 2006-2021 wolfSSL Inc.
+#
+# This file is part of wolfSSL.
+#
+# wolfSSL is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# wolfSSL is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+#/
+
+ENVI=UbuntuARM
+
+# default to Ubuntu Release build
+ifndef V
+V=UbuntuARM_Release_aarch64
+endif
+
+SUPPORTED_VS = $(default_VS)
+include $(HEXAGON_SDK_ROOT)/build/make.d/$(ENVI)_vs.min
+include $(HEXAGON_SDK_ROOT)/build/defines.min
+
+ifeq ($(CDSP_FLAG), 1) 
+	LIB_DSPRPC = libcdsprpc
+else ifeq ($(MDSP_FLAG), 1) 
+	LIB_DSPRPC = libmdsprpc
+else ifeq ($(SLPI_FLAG), 1) 
+	LIB_DSPRPC = libsdsprpc
+else
+	LIB_DSPRPC = libadsprpc
+endif
+$(info ************  LIB=$(LIB_DSPRPC) ************)
+# include files
+CC_FLAGS += -I../../
+CC_FLAGS += -I./
+CC_FLAGS += -DWOLFSSL_USER_SETTINGS
+CC_FLAGS += -mcpu=generic+crypto
+#CC_FLAGS += -O3
+
+DEPENDENCIES = \
+  ATOMIC \
+  RPCMEM 
+ATOMIC_DIR = $(HEXAGON_SDK_ROOT)/libs/common/atomic
+RPCMEM_DIR = $(HEXAGON_SDK_ROOT)/libs/common/rpcmem
+
+# stub library
+BUILD_DLLS += libwolfssl
+libwolfssl_QAICIDLS += DSP/wolfssl_dsp
+libwolfssl_C_SRCS += $V/wolfSSL_stub
+libwolfssl_DLLS += $(LIB_DSPRPC)
+libwolfssl_C_SRCS += ../../wolfcrypt/src/wc_dsp
+libwolfssl_LIBS += rpcmem
+libwolfssl_LD_FLAGS += -ldl
+
+# wolfSSL crypto source files
+libwolfssl_C_SRCS += \
+	../../wolfcrypt/src/aes \
+	../../wolfcrypt/src/md2 \
+	../../wolfcrypt/src/arc4 \
+	../../wolfcrypt/src/md4 \
+	../../wolfcrypt/src/asm \
+	../../wolfcrypt/src/md5 \
+	../../wolfcrypt/src/asn \
+	../../wolfcrypt/src/memory \
+	../../wolfcrypt/src/async \
+	../../wolfcrypt/src/blake2b \
+	../../wolfcrypt/src/pkcs12 \
+	../../wolfcrypt/src/blake2s \
+	../../wolfcrypt/src/pkcs7 \
+	../../wolfcrypt/src/camellia \
+	../../wolfcrypt/src/poly1305 \
+	../../wolfcrypt/src/chacha20_poly1305 \
+	../../wolfcrypt/src/pwdbased \
+	../../wolfcrypt/src/chacha \
+	../../wolfcrypt/src/rabbit \
+	../../wolfcrypt/src/cmac \
+	../../wolfcrypt/src/random \
+	../../wolfcrypt/src/coding \
+	../../wolfcrypt/src/ripemd \
+	../../wolfcrypt/src/compress \
+	../../wolfcrypt/src/rsa \
+	../../wolfcrypt/src/cpuid \
+	../../wolfcrypt/src/selftest \
+	../../wolfcrypt/src/cryptocb \
+	../../wolfcrypt/src/sha256 \
+	../../wolfcrypt/src/curve25519 \
+	../../wolfcrypt/src/sha3 \
+	../../wolfcrypt/src/des3 \
+	../../wolfcrypt/src/sha512 \
+	../../wolfcrypt/src/dh \
+	../../wolfcrypt/src/sha \
+	../../wolfcrypt/src/signature \
+	../../wolfcrypt/src/ecc \
+	../../wolfcrypt/src/ecc_fp \
+	../../wolfcrypt/src/ed25519 \
+	../../wolfcrypt/src/sp_armthumb \
+	../../wolfcrypt/src/error \
+	../../wolfcrypt/src/sp_int \
+	../../wolfcrypt/src/fe_low_mem \
+	../../wolfcrypt/src/sp_cortexm \
+	../../wolfcrypt/src/fe_operations \
+	../../wolfcrypt/src/fips \
+	../../wolfcrypt/src/sp_x86_64 \
+	../../wolfcrypt/src/fips_test \
+	../../wolfcrypt/src/srp \
+	../../wolfcrypt/src/ge_low_mem \
+	../../wolfcrypt/src/ge_operations \
+	../../wolfcrypt/src/wc_encrypt \
+	../../wolfcrypt/src/hash \
+	../../wolfcrypt/src/wc_pkcs11 \
+	../../wolfcrypt/src/hc128 \
+	../../wolfcrypt/src/wc_port \
+	../../wolfcrypt/src/hmac \
+	../../wolfcrypt/src/wolfcrypt_first \
+	../../wolfcrypt/src/idea \
+	../../wolfcrypt/src/wolfcrypt_last \
+	../../wolfcrypt/src/wolfevent \
+	../../wolfcrypt/src/logging \
+	../../wolfcrypt/src/sp_c32 \
+	../../wolfcrypt/src/sp_c64 \
+	../../wolfcrypt/src/sp_arm32 \
+	../../wolfcrypt/src/sp_arm64 \
+	../../wolfcrypt/src/wolfmath
+
+
+# wolfSSL TLS source files
+libwolfssl_C_SRCS += \
+	../../src/ocsp \
+	../../src/tls \
+	../../src/crl \
+	../../src/sniffer \
+	../../src/wolfio \
+	../../src/internal \
+	../../src/ssl \
+	../../src/keys \
+	../../src/tls13
+
+# build benchmark app
+BUILD_EXES += benchmark
+benchmark_C_SRCS += ../../wolfcrypt/benchmark/benchmark
+benchmark_LD_FLAGS += -ldl
+benchmark_LD_FLAGS += -lpthread
+benchmark_DLLS += libwolfssl
+benchmark_LIBS += rpcmem
+benchmark_DLLS += $(LIB_DSPRPC) 
+
+# build test app
+BUILD_EXES += testwolfcrypt 
+testwolfcrypt_C_SRCS += ../../wolfcrypt/test/test
+testwolfcrypt_DLLS += libwolfssl
+testwolfcrypt_LD_FLAGS += -ldl
+testwolfcrypt_LIBS += rpcmem
+testwolfcrypt_DLLS += $(LIB_DSPRPC) 
+
+# build ecc verify test app
+BUILD_EXES += eccverify 
+eccverify_C_SRCS += ecc-verify
+eccverify_DLLS += libwolfssl
+eccverify_LD_FLAGS += -ldl
+eccverify_LIBS += rpcmem
+eccverify_DLLS += $(LIB_DSPRPC) 
+
+# build ecc verify test app
+BUILD_EXES += eccbenchmark
+eccbenchmark_C_SRCS += ecc-verify-benchmark
+eccbenchmark_DLLS += libwolfssl
+eccbenchmark_LD_FLAGS += -lpthread
+eccbenchmark_LD_FLAGS += -ldl
+eccbenchmark_LIBS += rpcmem
+eccbenchmark_DLLS += $(LIB_DSPRPC) 
+
+BUILD_COPIES = \
+   $(DLLS) \
+   $(EXES) \
+   $(LIBS) \
+   $(SHIP_DIR)/ ;
+
+
+include $(RULES_MIN)
+

IDE/HEXAGON/README.md

@@ -0,0 +1,75 @@
+# Building wolfSSL with DSP Use
+
+## Intro
+This directory is to help with building wolfSSL for use with DSP. It assumes that the Hexagon SDK has been setup on the machine and that the environment variables have been set by calling (source ~/Qualcomm/Hexagon_SDK/3.4.3/setup_sdk_env.source). Currently offloading ECC 256 verify operations to the DSP is supported. When WOLFSSL_DSP is defined ECC verify operations are offloaded to the aDSP by default. When not in SINGLE_THREADED mode a call back function must be set for getting the handle or a handle must be set in the ecc_key structure for the operation to make use of multiple threads when offloading to the DSP. This is because creating new handles for new threads must be done.
+
+
+## Building
+The directory is divided up into a build for the CPU portion in IDE/HEXAGON and a build for use on the DSP located in IDE/HEXAGON/DSP. Each section has their own Makefile. The Makefile default to an Ubuntu + hexagon v65 release build but can be changed by using V=<build type>. An example of building both would be:
+
+```
+cd IDE/HEXAGON
+make V=UbuntuARM_Release_aarch64
+cd DSP
+make V=hexagon_Release_dynamic_toolv83_v65
+```
+
+The results from each build will be placed into the ship directories of each, for example ./UbuntuARM_Release_aarch64/ship/* and ./DSP/hexagon_Release_dynamic_toolv83_v65/ship/*.
+The Makefile creates a DSP library libwolfssl_dsp_skel.so, library libwolfssl.so, executable benchmark, example ecc-verify, example ecc-verify-benchmark and executable testwolfcrypt.
+These then need pushed to the device in order to run. An example of pushing the results to the device would be:
+
+```
+cd IDE/HEXAGON
+adb push DSP/hexagon_Release_dynamic_toolv83_v65/ship/libwolfssl_dsp_skel.so /data/rfsa/adsp/
+adb push UbuntuARM_Release_aarch64/ship/libwolfssl.so /data/
+adb push UbuntuARM_Release_aarch64/ship/benchmark /data/
+adb push UbuntuARM_Release_aarch64/ship/eccverify /data/
+adb push UbuntuARM_Release_aarch64/ship/eccbenchmark /data/
+```
+
+To change the settings wolfSSL is built with macros can be set in IDE/HEXAGON/user_settings.h. It contains a default setting at this point that was used for collecting benchmark values. The macro necessary to turn on use of the DSP is WOLFSSL_DSP.
+
+
+The script IDE/HEXAGON/build.sh was added to help speed up building and testing. An example of using the script would be:
+
+```
+cd IDE/HEXAGON
+./build.sh Release
+```
+
+This will delete the previous build and rebuild for Release mode. Then it will try to push the resulting library and some of the executables to the device.
+
+
+For increased performance uncomment the -O3 flag in IDE/HEXAGON/Makefile and IDE/HEXAGON/DSP/Makefile.
+
+## Use
+
+A default handle is created with the call to wolfCrypt_Init() and is set to use the aDSP. A default mutex is locked for each use of the handle to make the library stable when multiple threads are calling to DSP supported operations.
+To use wolfSSL with a user created handle it can be done by calling wc_ecc_set_handle or by setting a callback function using wolfSSL_SetHandleCb(). This should be set in the case of multithreaded applications to account for having a handle for each thread being used.
+
+
+#### wolfSSL_SetHandleCb
+The API wolfSSL_SetHandleCb takes a function pointer of type "int (*wolfSSL_DSP_Handle_cb)(remote_handle64 *handle, int finished void *ctx);". This callback is executed right before the operation is handed off to the DSP (finished set to 0) and right after done with the handle (finished set to 1). With ECC this would be after the ECC verify function has been called but before the information is passed on to the DSP and once again with the finished flag set after the result is returned.
+
+The callback set should return 0 on successfully setting the input handle. The ctx argument is for future custom context to be passed in and is currently not used.
+
+#### Expected Performance
+This is the expected results from running ./eccbenchmark using the -O3 flag
+
+benchmarking using default (locks on handle for aDSP)
+5000 verifies on 1 threads took 17.481616 seconds
+10000 verifies on 2 threads took 35.324308 seconds
+
+benchmarking using software (+NEON if built in)
+5000 verifies on 1 threads took 1.398336 seconds
+10000 verifies on 2 threads took 1.383992 seconds
+
+benchmarking using threads on aDSP
+5000 verifies on 1 threads took 17.616811 seconds
+10000 verifies on 2 threads took 19.215413 seconds
+15000 verifies on 3 threads took 20.410200 seconds
+20000 verifies on 4 threads took 23.261446 seconds
+
+benchmarking 1 thread on cDSP
+5000 verifies on 1 threads took 18.560995 seconds 
+

IDE/HEXAGON/build.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+if [ -z $1 ]; then
+	echo "./build <Debug | Release>"
+	exit -1
+fi
+
+printf "Erasing previous hexagon_$1_dynamic_toolv83_v65 and UbuntuARM_$1_aarch64\n"
+rm -rf hexagon_$1_dynamic_toolv83_v65 &> /dev/null
+rm -rf UbuntuARM_$1_aarch64 &> /dev/null
+cd ./DSP &> /dev/null
+rm -rf hexagon_$1_dynamic_toolv83_v65 &> /dev/null
+
+printf "Building hexagon_$1_dynamic_toolv83_v65 ..."
+make V=hexagon_$1_dynamic_toolv83_v65 &> /dev/null
+if [ $? != 0 ]; then
+     printf "failed\n"
+else
+     printf "done\n"
+fi
+
+cd ../ &> /dev/null
+printf "Building UbuntuARM_$1_aarch64 ..."
+make V=UbuntuARM_$1_aarch64 &> /dev/null
+if [ $? != 0 ]; then
+     printf "failed\n"
+else
+     printf "done\n"
+fi
+
+printf "Trying to push libwolfssl_Dsp_skel.so, libwolfssl.so, benchmark, eccverify, eccbenchmark\n"
+adb push DSP/hexagon_$1_dynamic_toolv83_v65/ship/libwolfssl_dsp_skel.so /data/rfsa/adsp/
+adb push UbuntuARM_$1_aarch64/ship/libwolfssl.so /data/
+adb push UbuntuARM_$1_aarch64/ship/benchmark /data/
+adb push UbuntuARM_$1_aarch64/ship/eccverify /data/
+adb push UbuntuARM_$1_aarch64/ship/eccbenchmark /data/
+#adb push UbuntuARM_$1_aarch64/ship/testwolfcrypt /data/wolfcrypt/test/
+printf "done\n"
+exit 0

IDE/HEXAGON/ecc-verify-benchmark.c

@@ -0,0 +1,185 @@
+/* ecc-verify-benchmark.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
+#include <pthread.h>
+
+#define USE_CERT_BUFFERS_256
+#include <wolfssl/certs_test.h>
+
+#define MAX_TIMES 5000
+#define MAX_BLOCK_SIZE 1024
+
+#include <sys/time.h>                                                       
+
+static double get_time()                                              
+{                                                                           
+    struct timeval tv;                                                      
+    gettimeofday(&tv, 0);                                                   
+    return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;                
+} 
+
+
+/* software version */
+void* hash_firmware_verify(void* key)
+{
+    int ret, i;
+    int verify;
+    const byte hash[] = {
+0XFB, 0XBA, 0XB2, 0X89, 0XF7, 0XF9, 0X4B, 0X25, 0X73, 0X6C, 0X58, 0XBE, 0X46, 0XA9, 0X94, 0XC4, 0X41, 0XFD, 0X02, 0X55, 0X2C, 0XC6, 0X02, 0X23, 0X52, 0XE3, 0XD8, 0X6D, 0X2F, 0XAB, 0X7C, 0X83
+};
+    const byte sigBuf[] = {
+0X30, 0X44, 0X02, 0X20, 0X05, 0X38, 0XBC, 0X16, 0XC7, 0X67, 0X18, 0XEC, 0XE6, 0X1E, 0X43, 0X7B, 0X29, 0X8F, 0X85, 0X01, 0X33, 0XA8, 0X9B, 0XDD, 0X91, 0X32, 0X1F, 0XEC, 0XF7, 0X91, 0X18, 0X72, 0X9C, 0XE2, 0X6F, 0X31, 0X02, 0X20, 0X3E, 0X31, 0XD6, 0X40, 0XF7, 0X38, 0X3C, 0X1B, 0X6D, 0XAD, 0XE3, 0X93, 0X20, 0XE8, 0XB1, 0XBD, 0X3C, 0X59, 0XF2, 0XD2, 0X7C, 0X46, 0X1B, 0XE5, 0XE1, 0XE3, 0XAB, 0X5E, 0X76, 0X73, 0X6F, 0XFB
+    };
+    word32 sigLen = (word32)sizeof(sigBuf);
+    word32 hashLen = (word32)sizeof(hash);
+
+    for (i = 0; i < MAX_TIMES; i++) {
+        ret = wc_ecc_verify_hash((byte*)sigBuf, sigLen, hash, hashLen, &verify, (ecc_key*)key);
+        if (ret < 0 || verify != 1) {
+            printf("failed on try %d\n", i);
+            break;
+        }
+    }
+
+    if (ret < 0 || verify != 1) {
+	printf("unable to verify, ret = %d verify = %d\n", ret, verify);
+    }
+
+    return NULL;
+}
+
+
+/* when flag is set then try to use software only if DSP is built in */
+static int hash_firmware_verify_default(int numThreads)
+{
+    int ret, i;
+    word32 idx;
+    double t;
+    pthread_t threads[numThreads];
+    ecc_key eccKey[numThreads];
+
+    for (i = 0; i < numThreads; i++) {
+        wc_ecc_init(&(eccKey[i]));
+        idx = 0;
+        ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &(eccKey[i]), sizeof_ecc_clikey_der_256);
+        if (ret < 0)
+            return ret;
+
+    }
+
+    t = get_time();
+    for (i = 0; i < numThreads; i++) {
+        pthread_create(&threads[i], NULL, hash_firmware_verify, (void*)&(eccKey[i]));
+    }
+
+    for (i = 0; i < numThreads; i++) {
+        pthread_join(threads[i], NULL);
+    }
+    t = get_time() - t;
+    printf("%d verifies on %d threads took %f seconds\n", MAX_TIMES * numThreads, numThreads, t);
+
+    return 0;
+}
+
+#ifdef WOLFSSL_DSP
+/* domain 0 = cDSP 1 = aDSP */
+static int hash_firmware_verify_dsp(int numThreads, int domain)
+{
+    int ret, i;
+    word32 idx;
+    double t;
+    remote_handle64 handle[numThreads];
+    char *sp_URI_value;
+    pthread_t threads[numThreads];
+    ecc_key eccKey[numThreads];
+
+    if (domain == 0) {
+        sp_URI_value = wolfSSL_URI "&_dom=cdsp";
+    }
+    else {
+        sp_URI_value = wolfSSL_URI "&_dom=adsp";
+    }
+
+    for (i = 0; i < numThreads; i++) {
+        wc_ecc_init(&(eccKey[i]));
+        idx = 0;
+        ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &(eccKey[i]), sizeof_ecc_clikey_der_256);
+        if (ret < 0)
+            return ret;
+
+        ret = wolfSSL_open(sp_URI_value, &(handle[i]));
+        if (ret != 0) {
+            printf("unable to open CDSP? retVal = %d\n", ret);
+	    return -1;
+        }
+        wc_ecc_set_handle(&(eccKey[i]), handle[i]);
+    }
+
+    t = get_time();
+    for (i = 0; i < numThreads; i++) {
+        pthread_create(&threads[i], NULL, hash_firmware_verify, (void*)&(eccKey[i]));
+    }
+
+    for (i = 0; i < numThreads; i++) {
+        pthread_join(threads[i], NULL);
+        wolfSSL_close(handle[i]);
+    }
+    t = get_time() - t;
+    printf("%d verifies on %d threads took %f seconds\n", MAX_TIMES * numThreads, numThreads, t);
+
+    return 0;
+}
+#endif /* WOLFSSL_DSP */
+
+
+int main(int argc, char* argv[])
+{
+    wolfCrypt_Init();
+
+    printf("benchmarking using default (locks on handle for aDSP)\n");
+    hash_firmware_verify_default(1);
+    hash_firmware_verify_default(2);
+
+    printf("\nbenchmarking using software (+NEON if built in)\n");
+#ifdef WOLFSSL_DSP
+    wolfSSL_SetHandleCb(NULL); /* remove calls to DSP by default */
+#endif
+    hash_firmware_verify_default(1);
+    hash_firmware_verify_default(2);
+
+#ifdef WOLFSSL_DSP
+    printf("\nbenchmarking using threads on aDSP\n");
+    hash_firmware_verify_dsp(1, 1);
+    hash_firmware_verify_dsp(2, 1);
+    hash_firmware_verify_dsp(3, 1);
+    hash_firmware_verify_dsp(4, 1);
+
+    printf("\nbenchmarking 1 thread on cDSP\n");
+    hash_firmware_verify_dsp(1, 0);
+#endif /* WOLFSSL_DSP */
+    wolfCrypt_Cleanup();
+    return 0;
+}

IDE/HEXAGON/ecc-verify.c

@@ -0,0 +1,91 @@
+/* ecc-verify.c
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
+
+#define USE_CERT_BUFFERS_256
+#include <wolfssl/certs_test.h>
+
+#define MAX_BLOCK_SIZE 1024
+
+#ifdef WOLFSSL_DSP
+static char *sp_URI_value = wolfSSL_URI "&_dom=cdsp";
+
+int hash_firmware_verify(const byte* hash, word32 hashLen, const byte* sigBuf, word32 sigLen)
+{
+    int ret;
+    ecc_key eccKey;
+    word32 idx;
+    int verify;
+    remote_handle64 handle = -1;
+
+    idx = 0;
+    ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &eccKey, sizeof_ecc_clikey_der_256);
+    if (ret < 0)
+        goto exit;
+
+    int retVal = wolfSSL_open(sp_URI_value, &handle);
+    if (retVal != 0) {
+        printf("unable to open CDSP? retVal = %d\n", retVal);
+        ret = -1;
+        goto exit;
+    }
+    wc_ecc_set_handle(&eccKey, handle);
+
+    ret = wc_ecc_verify_hash((byte*)sigBuf, sigLen, hash, hashLen, &verify, &eccKey);
+    printf("verify = %d\n", verify);
+    if (ret < 0)
+        goto exit;
+
+    wolfSSL_close(handle);
+exit:
+
+    return ret;
+}
+
+int main(void)
+{
+    int ret;
+    const byte hash[] = {
+0XFB, 0XBA, 0XB2, 0X89, 0XF7, 0XF9, 0X4B, 0X25, 0X73, 0X6C, 0X58, 0XBE, 0X46, 0XA9, 0X94, 0XC4, 0X41, 0XFD, 0X02, 0X55, 0X2C, 0XC6, 0X02, 0X23, 0X52, 0XE3, 0XD8, 0X6D, 0X2F, 0XAB, 0X7C, 0X83
+};
+    const byte sigBuf[] = {
+0X30, 0X44, 0X02, 0X20, 0X05, 0X38, 0XBC, 0X16, 0XC7, 0X67, 0X18, 0XEC, 0XE6, 0X1E, 0X43, 0X7B, 0X29, 0X8F, 0X85, 0X01, 0X33, 0XA8, 0X9B, 0XDD, 0X91, 0X32, 0X1F, 0XEC, 0XF7, 0X91, 0X18, 0X72, 0X9C, 0XE2, 0X6F, 0X31, 0X02, 0X20, 0X3E, 0X31, 0XD6, 0X40, 0XF7, 0X38, 0X3C, 0X1B, 0X6D, 0XAD, 0XE3, 0X93, 0X20, 0XE8, 0XB1, 0XBD, 0X3C, 0X59, 0XF2, 0XD2, 0X7C, 0X46, 0X1B, 0XE5, 0XE1, 0XE3, 0XAB, 0X5E, 0X76, 0X73, 0X6F, 0XFB
+    };
+    word32 sigLen = (word32)sizeof(sigBuf);
+
+    wolfCrypt_Init();
+    ret = hash_firmware_verify(hash, sizeof(hash), sigBuf, sigLen);
+    printf("hash_firmware_verify: %d\n", ret);
+    wolfCrypt_Cleanup();
+    return 0;
+}
+#else
+int main()
+{
+	printf("WOLFSSL_DSP expected to be defined when building\n");
+	return 0;
+}
+#endif /* WOLFSSL_DSP */

IDE/HEXAGON/include.am

@@ -0,0 +1,14 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/HEXAGON/Makefile
+EXTRA_DIST+= IDE/HEXAGON/user_settings.h
+EXTRA_DIST+= IDE/HEXAGON/README.md
+EXTRA_DIST+= IDE/HEXAGON/build.sh
+EXTRA_DIST+= IDE/HEXAGON/ecc-verify.c
+EXTRA_DIST+= IDE/HEXAGON/ecc-verify-benchmark.c
+
+EXTRA_DIST+= IDE/HEXAGON/DSP/Makefile
+EXTRA_DIST+= IDE/HEXAGON/DSP/wolfssl_dsp.idl
+

IDE/HEXAGON/user_settings.h

@@ -0,0 +1,37 @@
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#define WOLFCRYPT_ONLY
+#define HAVE_ECC
+#define FP_ECC
+//#define FP_ENTRIES 1
+#define NO_DSA
+#define NO_DH
+#define NO_RSA
+//#define DEBUG_WOLFSSL
+
+#define USE_FAST_MATH
+#define TFM_TIMING_RESISTANT
+#ifdef HAVE_ECC
+	#define ECC_TIMING_RESISTANT
+#endif
+#ifndef NO_RSA
+	#define WC_RSA_BLINDING
+#endif
+
+#if 1
+	#define WOLFSSL_HAVE_SP_RSA
+	#define WOLFSSL_HAVE_SP_ECC
+	#define WOLFSSL_SP_MATH
+
+	#if 1
+		/* ARM NEON instructions */
+		#define WOLFSSL_SP_ARM64_ASM
+	#endif
+	#if 1
+		/* Use DSP */
+		#define WOLFSSL_DSP
+	#endif
+#endif
+
+#endif

IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c

@@ -1,6 +1,6 @@
 /* benchmark-main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/benchmark/current_time.c

@@ -1,6 +1,6 @@
 /* current-time.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -44,7 +44,7 @@ void InitTimer(void) {
                                        SYSCTL_USE_PLL |
                                        SYSCTL_CFG_VCO_480), 120000000);
 
-    printf("Clock=%dMHz\n", ui32SysClock/1000000) ;
+    printf("Clock=%dMHz\n", (int)(ui32SysClock/1000000));
     ROM_SysCtlPeripheralEnable(SYSCTL_PERIPH_TIMER0);
     ROM_TimerConfigure(TIMER0_BASE, TIMER_CFG_PERIODIC);
     ROM_TimerLoadSet(TIMER0_BASE, TIMER_A, -1);
@@ -64,10 +64,10 @@ double current_time(int reset)
 
 /* dummy */
 double current_time(int reset) {
-    static double t; 
-    t += 1.0; /* for avoid infinit loop of waiting time */
+    static double t;
+    t += 1.0; /* for avoid infinite loop of waiting time */
     if(reset)t = 0.0;
-    return t ; 
-} 
+    return t ;
+}
 
-#endif
+#endif

IDE/IAR-EWARM/Projects/common/minimum-startup.c

@@ -1,6 +1,6 @@
 /* minimum-startup.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp

@@ -343,7 +343,7 @@
         </option>
         <option>
           <name>CCPosIndRopi</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CCPosIndRwpi</name>

IDE/IAR-EWARM/Projects/test/test-main.c

@@ -1,6 +1,6 @@
 /* test-main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings.h

@@ -34,11 +34,11 @@
     #undef ECC_USER_CURVES
     #define ECC_USER_CURVES
 
-    #undef ECC_ALT_SIZE
-    #define ECC_ALT_SIZE
+    #undef ALT_ECC_SIZE
+    #define ALT_ECC_SIZE
 
     #undef FP_MAX_BITS_ECC
-    #define FP_MAX_BITS_ECC 528
+    #define FP_MAX_BITS_ECC (256 * 2)
 
     #undef TFM_TIMING_RESISTANT
     #define TFM_TIMING_RESISTANT

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_verbose_example.h

@@ -84,11 +84,13 @@
     #define ECC_TIMING_RESISTANT
 
     #ifdef USE_FAST_MATH
-        /* Max ECC bits (curve size * 8). ECC521 is (66*8) = 528. */
         #undef  ALT_ECC_SIZE
         #define ALT_ECC_SIZE
-        #undef  FP_MAX_BITS_ECC
-        #define FP_MAX_BITS_ECC     528
+
+        /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+        //#undef  FP_MAX_BITS_ECC
+        //#define FP_MAX_BITS_ECC (528 * 2)
 
         /* Enable TFM optimizations for ECC */
         #define TFM_ECC192

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_benchmark_SAMV71_XULT/README_wolfcrypt_benchmark

@@ -6,7 +6,7 @@ embOS v4.16 (for Cortex-M and IAR compiler)
 wolfssl (latest version)
 
 Required items (Hardware) for this guide:
-Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board)
+Atmel SAM V71 Xplained Ultra (Or equivalent Cortex-M Evaluation Board)
     Note: Must have J-Trace adapter (SWD or SWD + ETM)
 j-Trace for ARM Cortex-M Processors
     Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_lib_SAMV71_XULT/README_wolfcrypt_lib

@@ -6,7 +6,7 @@ embOS v4.16 (for Cortex-M and IAR compiler)
 wolfssl (latest version)
 
 Required items (Hardware) for this guide:
-Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board)
+Atmel SAM V71 Xplained Ultra (Or equivalent Cortex-M Evaluation Board)
     Note: Must have J-Trace adapter (SWD or SWD + ETM)
 j-Trace for ARM Cortex-M Processors
     Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_wolfcrypt_test_SAMV71_XULT/README_wolfcrypt_test

@@ -6,7 +6,7 @@ embOS v4.16 (for Cortex-M and IAR compiler)
 wolfssl (latest version)
 
 Required items (Hardware) for this guide:
-Atmel SAM V71 Xplained Ultra (Or equivelent Cortex-M Evaluation Board)
+Atmel SAM V71 Xplained Ultra (Or equivalent Cortex-M Evaluation Board)
     Note: Must have J-Trace adapter (SWD or SWD + ETM)
 j-Trace for ARM Cortex-M Processors
     Note: You can see here: https://www.segger.com/j-trace-for-cortex-m.html

IDE/IAR-EWARM/embOS/custom_port/README_custom_port

@@ -109,7 +109,7 @@ We are now set to link to this library in the evaluation project
         #---------------------------------------------
 
 5. Go to Project -> Options -> Linker -> Library (Tab)
-    Add to the field "Additonal libraries:"
+    Add to the field "Additional libraries:"
     $PROJ_DIR$\..\embOS_wolfcrypt_lib_SAMV71_XULT\Debug\Exe\wolfcrypt_lib.a
     $PROJ_DIR$\..\..\extract_trial_here\Start\Lib\os7m_tlv_dp.a
 

IDE/IAR-EWARM/embOS/custom_port/custom_port_user_settings/user_settings.h

@@ -31,11 +31,11 @@
     #undef ECC_USER_CURVES
     #define ECC_USER_CURVES
 
-    #undef ECC_ALT_SIZE
-    #define ECC_ALT_SIZE
+    #undef ALT_ECC_SIZE
+    #define ALT_ECC_SIZE
 
     #undef FP_MAX_BITS_ECC
-    #define FP_MAX_BITS_ECC 528
+    #define FP_MAX_BITS_ECC (256 * 2)
 
     #undef TFM_TIMING_RESISTANT
     #define TFM_TIMING_RESISTANT

IDE/INTIME-RTOS/wolfExamples.c

@@ -55,7 +55,7 @@ int wolfExample_TLSClient(const char* ip, int port)
     int          ret = 0;
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL*     ssl = NULL;        /* create WOLFSSL object */
-    int                sockFd = -1; /* socket file descriptor */
+    int                sockFd;      /* socket file descriptor */
     struct sockaddr_in servAddr;    /* struct for server address */
     char sendBuff[TLS_MAXDATASIZE], rcvBuff[TLS_MAXDATASIZE];
 
@@ -144,13 +144,13 @@ int wolfExample_TLSServer(int port)
     int ret = 0;
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
-    int sockFd = -1, clientFd = -1;
+    int sockFd, clientFd = -1;
     struct sockaddr_in serverAddr = {0}, clientAddr = {0};
     const char reply[]  = "I hear ya fa shizzle!\n";
     int addrSize        = sizeof(clientAddr);
     char buff[256];
 
-	sockFd = socket(AF_INET, SOCK_STREAM, 0);
+    sockFd = socket(AF_INET, SOCK_STREAM, 0);
     if (sockFd < 0) {
         printf("Failed to create socket. Error: %d\n", errno);
         return errno;

IDE/LINUX-SGX/README.md

@@ -1,10 +1,14 @@
 # Static Library: Building libwolfssl.sgx.static.lib.a for use with SGX Enclaves
 
 ### Requirements:
-This code was created to use Intel's SGX hardware. It is expected that the user has gone through the steps of both turning on the hardware in bios if needed and has installed the necesary software from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have not been done then it is expected that the user is familure with simulation software being used in place of hardware.
+This code was created to use Intel's SGX hardware. It is expected that the user has gone through the steps of both turning on the hardware in bios if needed and has installed the necessary software from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have not been done then it is expected that the user is familiar with simulation software being used in place of hardware.
+
+### Security:
+If not already in use, it is recommended that SP (single precision) RSA and ECC code is used. This will help mitigate potential side channel attacks. To use SP code check that wolfcrypt/src/sp_c32.c and wolfcrypt/src/sp_c64.c are compiled and add HAVE_WOLFSSL_SP=1 to the build command to define the necessary macros.
 
 ### Overview and Build:
 This project creates a static library to then link with Enclaves. A simple example of an Enclave linking to the created wolfSSL library can be found in wolfssl-examples on github. This project has been tested with gcc 5.4.0 on Ubuntu 16.04.
+When building with tests the file wolfssl/options.h is expected, in downloaded bundles from wolfssl.com this file exists but when building from a cloned version of wolfSSL from GitHub then the file needs created. This is done either through cd wolfssl && ./autogen.sh && ./configure && ./config.status or by cd wolfssl && touch wolfssl/options.h.
 
 To create the static library, simply call make:
 
@@ -20,9 +24,10 @@ This will create a local static library, libwolfssl.sgx.static.lib.a, that can b
     To enable wolfssl debug, add CFLAGS=-DDEBUG_WOLFSSL.
     To enable wolfssl benchmark tests with enclave, specify: HAVE_WOLFSSL_BENCHMARK at build
     To enable wolfcrypt testsuite with enclave, specify: HAVE_WOLFSSL_TEST at build
+    To enable SP code, specify: HAVE_WOLFSSL_SP at build
 
-For example, to enable all three:
-`make -f sgx_t_static.mk CFLAGS=-DDEBUG_WOLFSSL HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1`
+For example:
+`make -f sgx_t_static.mk CFLAGS=-DDEBUG_WOLFSSL HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1`
 
 NOTE: This more customized step has been provided for easier execution in the
       script `build.sh`

IDE/LINUX-SGX/build.sh

@@ -5,5 +5,5 @@ CFLAGS_NEW="-DDEBUG_WOLFSSL"
 export CFLAGS="${CFLAGS} ${CFLAGS_NEW}"
 echo ${CFLAGS}
 
-make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1
+make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1
 

IDE/LINUX-SGX/sgx_t_static.mk

@@ -45,6 +45,7 @@ endif
 Crypto_Library_Name := sgx_tcrypto
 
 Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
+
 Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/asn.c\
@@ -86,6 +87,8 @@ Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sha256.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sha512.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c\
 					$(WOLFSSL_ROOT)/src/ssl.c\
 					$(WOLFSSL_ROOT)/src/tls.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c\
@@ -105,6 +108,11 @@ ifeq ($(HAVE_WOLFSSL_BENCHMARK), 1)
 	Wolfssl_Include_Paths += -I$(WOLFSSL_ROOT)/wolfcrypt/benchmark/
 endif
 
+ifeq ($(HAVE_WOLFSSL_SP), 1)
+    Wolfssl_C_Extra_Flags += -DWOLFSSL_HAVE_SP_RSA \
+                             -DWOLFSSL_HAVE_SP_DH  \
+                             -DWOLFSSL_HAVE_SP_ECC
+endif
 
 
 Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11

IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c

@@ -1,6 +1,6 @@
 /* lpc_18xx_port.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/LPCXPRESSO/lib_wolfssl/user_settings.h

@@ -22,7 +22,8 @@
 
 #define FP_LUT                   4
 #define FP_MAX_BITS              2048 /* 4096 */
-#define FP_MAX_BITS_ECC          512
+#define ECC_USER_CURVES /* Disables P-112, P-128, P-160, P-192, P-224, P-384, P-521 but leaves P-256 enabled */
+#define FP_MAX_BITS_ECC          (256 * 2)
 #define ALT_ECC_SIZE
 #define USE_FAST_MATH
 #define SMALL_SESSION_CACHE
@@ -52,7 +53,6 @@
 #define NO_64BIT
 #define NO_WOLFSSL_SERVER
 #define NO_OLD_TLS
-#define ECC_USER_CURVES /* Disables P-112, P-128, P-160, P-192, P-224, P-384, P-521 but leaves P-256 enabled */
 #define NO_DES3
 #define NO_MD5
 #define NO_RC4

IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c

@@ -1,6 +1,6 @@
 /* lpc_18xx_startup.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/M68K/README.md

@@ -3,7 +3,7 @@ toolchain and example benchmark/testwolfcrypt application linking to it. The
 examples and default builds where made to support a MCF5441X board.
 
 Macros to define for use:
-WOLFSSL_MCF5441X /* arch settings i.e. sizeof long and endianess */
+WOLFSSL_MCF5441X /* arch settings i.e. sizeof long and endianness */
 WOLFSSL_NETBURNER /* for use of NetBurner headers and RNG seed */
 
 
@@ -17,7 +17,7 @@ wolfssl-root/wolfssl/wolfcrypt/settings.h sets the sizeof long and long long
 along with big endian macro.
 
 The configuration for the build is located in wolfssl-root/IDE/M68K/user_settings.h
-Along with the defualt build there is 2 others BUILD_B (smaller resource use),
+Along with the default build there is 2 others BUILD_B (smaller resource use),
 and BUILD_C (faster runtime with more resource use).
 
 RSA speeds of the builds

IDE/M68K/benchmark/main.cpp

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/M68K/testwolfcrypt/main.cpp

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/LPC43xx/time-LCP43xx.c

@@ -1,6 +1,6 @@
 /* time.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c

@@ -1,6 +1,6 @@
 /* certs_test.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h

@@ -1,6 +1,6 @@
 /* config-BEREFOOT.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h

@@ -1,6 +1,6 @@
 /* config-FS.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h

@@ -1,6 +1,6 @@
 /* config-RTX-TCP-FS.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h

@@ -1,6 +1,6 @@
 /* config.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c

@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -214,7 +214,7 @@ static struct {
     "stack", stack_comm,        /* On/Off check stack size */
     "for", for_command,         /* iterate next command X times */
     "debug", dbg_comm,          /* On/Off debug message  */
-    "help", help_comm,          /* Breif description about the commands */
+    "help", help_comm,          /* Brief description about the commands */
 
     /** short name **/
     "ec", echoclient_test,
@@ -436,7 +436,7 @@ static void for_command(void *args)
 {
     if( args == NULL || ((func_args *)args)->argc == 1) {
         printf("For %d times\n", for_iteration) ;
-    } else if( args == NULL || ((func_args *)args)->argc == 2) {
+    } else if(((func_args *)args)->argc == 2) {
         for_iteration = atoi(((func_args *)args)->argv[1]) ;
     } else printf("Invalid argument\n") ;
 }
@@ -483,7 +483,7 @@ static char command_stack[COMMAND_STACK_SIZE] ;
 static   wolfSSL_Mutex command_mutex ;
 #endif
 
-/***********    Invoke Forground Command  *********************/
+/***********    Invoke Foreground Command  *********************/
 static void command_invoke(void *args)
 {
     void (*func)(void * ) ;

IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c

@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c

@@ -1,6 +1,6 @@
 /* time-dummy.c.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c

@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -69,7 +69,7 @@ char *inet_ntoa(struct in_addr in)
 unsigned long inet_addr(const char *cp)
 {
     unsigned int a[4] ; unsigned long ret ;
-    sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
+    sscanf(cp, "%u.%u.%u.%u", &a[0], &a[1], &a[2], &a[3]) ;
     ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
     return(ret) ;
 }

IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h

@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c

@@ -1,6 +1,6 @@
 /* time-STM32F2xx.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Conf/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h

@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_ARM.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/CryptBenchmark/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,10 +55,10 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS<4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet<9=>MQX
+//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2
 //         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Projects/CryptBenchmark/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/CryptTest/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>CMSIS RTOSv2<16=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 15
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -247,7 +247,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -516,4 +516,3 @@
 //  </e>
 
 //</h>
-

IDE/MDK5-ARM/Projects/CryptTest/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK5-ARM/Projects/EchoClient/RTE/wolfSSL/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2019 wolfSSL Inc.
+ * Copyright (C) 2006-2021 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -55,11 +55,11 @@
 #define STM32F7xx
 #endif
 
-//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <2=>SafeRTOS<3=>Windows
-//         <4=>PThread <5=>ThreadX<6=> ThreadX/NetX
-//         <7=>Micrium <8=>EBSnet<9=>MQX 
-//         <10=>T-RTOS <11=>uITRON4<12=>uTKERNEL2 
-//         <13=>Frosted <14=>CMSIS RTOS<15=>Others
+//        <o> Thread/RTOS<0=>Single Threaded <1=>FreeRTOS <3=>SafeRTOS <4=>Windows
+//         <5=>PThread <6=>ThreadX
+//         <7=>Micrium <8=>EBSnet <9=>MQX
+//         <10=>T-RTOS <11=>uITRON4 <12=>uTKERNEL2
+//         <13=>Frosted <14=>CMSIS RTOS <15=>CMSIS RTOSv2 <16=>Others
 #define MDK_CONF_THREAD 14
 #if MDK_CONF_THREAD== 0
 #define SINGLE_THREADED
@@ -245,7 +245,7 @@
 
 //      <e>HC128
 #define MDK_CONF_HC128 1
-#if MDK_CONF_AESGCM == 0
+#if MDK_CONF_HC128 == 0
 #define NO_HC128
 #endif
 //  </e>
@@ -514,4 +514,3 @@
 //  </e>
 
 //</h>
-