Fixes compilation, I have no idea if it still does what it should

prepare for release v4.3.0

.gitignore

@@ -78,6 +78,7 @@ tests/unit
 testsuite/testsuite.test
 tests/unit.test
 tests/bio_write_test.txt
+test-write-dhparams.pem
 testsuite/*.der
 testsuite/*.pem
 testsuite/*.raw
@@ -295,6 +296,7 @@ Backup
 UpgradeLog.htm
 *.aps
 *.VC.db
+*.filters
 
 IDE/INTIME-RTOS/Debug_*
 IDE/VS-ARM/.vs
@@ -318,3 +320,18 @@ scripts/memtest.txt
 doc/doxygen_warnings
 doc/html
 doc/pdf
+
+# XCODE Index
+IDE/XCODE/Index
+
+# ARM DS-5 && Eclipse
+\.settings/
+\.cproject
+\.project
+\.autotools
+
+# Renesas e2studio
+/IDE/Renesas/e2studio/Projects/test/src/smc_gen
+/IDE/Renesas/e2studio/Projects/test/trash
+/IDE/Renesas/e2studio/Projects/test/*.launch
+/IDE/Renesas/e2studio/Projects/test/*.scfg

ChangeLog.md

@@ -1,3 +1,417 @@
+# wolfSSL Release 4.3.0 (12/20/2019)
+
+If you have questions about this release, then feel free to contact us on our info@ address.
+
+Release 4.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+##### New Feature Additions
+* Add --enable-libwebsockets option for support of libwebsockets build
+* Updated support for NGINX 1.15.0 and added support for 1.16.1
+* Add wc_scrypt_ex API which can take in iterations rather than cost
+* Updates to RSA-PSS salt lengths. Macro WOLFSSL_PSS_SALT_LEN_DISCOVER allows for discovering the salt length. Passing RSA_PSS_SALT_LEN_DISCOVER value into wc_RsaPSS_Verify_ex attempts to discover salt length and can use larger salt lengths
+* Additional OpenSSL compatibility API wolfSSL_CertManagerGetCerts and wolfSSL_X509_STORE_GetCerts for retrieving certificates
+* Add support for 4096-bit RSA/DH operations to SP (single precision) build
+* Update support for Google WebRTC to branch m79
+* Adds new FREESCALE_MQX_5_0 macro for MQX 5.0 support
+* Adds a CMS/PKCS#7 callback for signing SignedData raw digests enabled with macro HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK and call to function wc_PKCS7_SetRsaSignRawDigestCb
+* Add --disable-errorqueue feature to disable adding debug nodes to queue with --enable-opensslextra build
+* After defining WOLFSSL_SHUTDOWNONCE macro the function wolfSSL_shutdown will return a specific error code of SSL_SHUTDOWN_ALREADY_DONE_E, to indicate to the application that the shutdown has already occurred
+* Add AES-CCM decryption to benchmarking app bundled with wolfSSL
+
+
+##### Fixes
+* Fixes IAR warnings with IAR-EWARM 7.50.2
+* Alignment fixes for mmCAU with AES and hashing algorithms
+* Fix check for plaintext length when using Encrypt-Then-MAC
+* Fix for unit tests with NGINX and debug mode
+* Fix for macro names in test cases (WOLFSSL_PUBLIC_MP) and pkcs7.c (HAVE_AESCCM)
+* Fix for Apache want read case with BIO retry flag
+* Fix for PKCS7 streaming mode that would error rather than verify bundle
+* Fix for freeing mutex for X509 and wolfSSL_EVP_PKEY_free, applies to OPENSSL_EXTRA / --enable-opensslextra builds
+* Fix for encrypt then MAC when re-handshaking, encrypted handshakes change over to ETM now
+* Fix for curve25519 assembly optimizations with GCC + AVX2
+* Fix to hang onto certificate for retrieval if using secure renegotiation and session resumption
+* Fixes case where the heap hint is created before WOLFSSL_CTX, when calling wc_LoadStaticMemory instead of wolfSSL_CTX_load_static_memory
+* Fix for setting correct return value in PKCS12 parse error case
+* Reset certificate extension policy count
+* Fix for memcpy with TLS I/O buffers when using staticmemory pools and loading memory as WOLFMEM_IO_POOL_FIXED
+* Fixes and updates for STM32 port, including additional mutex protection, AES-GCM decrypt auth tag, AES-CTR mode with CubeMX, update to OpenSTM32 project
+* Fix for EVP CipherUpdate decrypt and add a test case
+* DTLS fixes including; some DTLS sequence number issues in general where the sequence was incremented twice for each record and some offset values in the DTLS window checking
+* Fix sp_add to handle carries properly (--enable-sp-math build)
+* Additional sanity check on OCSP response decoder
+* Fix for vasprintf with Solaris and AIX builds
+* Fix for missing variable declaration with --enable-scep --with-libz build
+* Fix for certificate date check with async build
+* Sanity check on “out” length with Base64_Decode added
+* Decode X.509 name - check input length for jurisdiction
+* Additional sanity check on variable out index with DecodePolicyOID
+* Fix for PKCS#12 PBKDF buffer size for buffer overflow
+* TLS supported curve extension check curve name is in range before checking for disabled
+* Sanity check for non TLS 1.3 cipher suite with TLS 1.3 connection
+* Poly1305 AVX2 assembly optimization fix for carry with large input values
+* Fixes for coverity report including null termination of test case strings and initialization of PKCS7 variables
+* Fix for API visibility of wc_ed25519_check_key which resolves a wolfcrypt-py install issue
+* Sanity check on max ALPN length accepted
+* Additional sanity check when parsing CRL’s for copying the structure, fix for bounds checking
+* Additional checks on error string length for debug mode and check for null termination
+* ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
+* Clear the top bit when generating a serial number
+* Sanity check that ASN date characters are valid ASCII characters
+* Fix to add deterministic ECDSA and fix corner cases for add point.
+* When getting the DH public key, initialize the P, G, and Pub pointers to NULL, then set that we own the DH parameters flag. This allows FreeSSL to correctly clean up the DH key.
+
+##### Improvements/Optimizations
+* Added configure error report with using invalid build of --enable-opensslextra and --enable-opensslcoexist together
+* Update PKCS11 for determining key type given the private key type
+* Update DoVerifyCallback to check verify param hostName and ipasc (--enable-opensslextra builds)
+* additional null sanity checks on input arguments with QSH and Cryptocell builds
+* Additional checks on RSA key added to the function wc_CheckRsaKey
+* Updates for EBSNET support, including fseek, revised macros in settings.h, and realloc support
+* MISRA-C updates for SP math code
+* Update to allow compiling for pwdbased/PBKDF2 with having NO_ASN defined
+* Modify KeyShare and PreSharedKey TLS 1.3 extension linked list advancement to be easier for compilers to handle
+* Optimization to parsing certificate extension name strings
+* Adjustment to example server -x runtime behavior when encountering an unrecoverable error case 
+* Remove Blake2b support from HMAC
+* Adds new hash wrapper init wc_HashInit_ex and Adds new PBKDF2 API wc_PBKDF2_ex for using heap hints for custom memory pools
+* Adding script to cleanup generated test files,  scripts/cleanup_testfiles.sh
+* Support 20-byte serial numbers and disallow 0
+* sp_div improved to handle when a has less digits than d (--enable-sp-math build)
+* When decoding a policy OID and turning it into a human readable string use snprintf() 
+* set the IV length of EVP AES GCM to 96-bits by default
+* Allow adding CAs for root CA's over the wire that do not have the extended key usage cert_sign set
+* Added logging messages for SendAlert call and update to send alert after verify certificate callback
+* updates for synchronous OCTEON support in the Sniffer
+* Rework BER to DER functions to not be recursive
+* Updates to find CRL by AuthKeyId
+* Add a check for subject name hash after matching AKID
+* Enhancement to mp_invmod/fp_exptmod/sp_exptmod to handle more inputs
+* Remove requirement for macro NO_SKID when CRL use is enabled
+* Improvements on XFTELL return code and MAX_WOLFSSL_FILE_SIZE checking
+* When checking if value is prime return NO in the case of the value 1
+* Improve Cortex-M RSA/DH assembly code performance
+* Additional sanity checks on arrays and buffers with OCSP
+
+
+##### This release of wolfSSL includes a fix for 6 security vulnerabilities.
+
+
+A fix for having an additional sanity check when parsing certificate domain names was added. This fix checks that the domain name location index is not past the maximum value before setting it. The reported issue affects users that are parsing certificates and have --enable-opensslextra (macro OPENSSL_EXTRA), or build options that turn this on such as --enable-all, when building wolfSSL. The CVE associated with the fix is CVE-2019-18840.
+
+Fix to set a limit on the maximum size of DTLS handshake messages. By default the RFC allows for handshake message sizes of up to 2^24-1 bytes long but in typical field use cases the handshake messages are not this large. Setting a maximum size limit on the handshake message helps avoid a potential DoS attack due to memory being malloc’d. The new default max size is set to handle a certificate chain length of approximately 9, 2048 bit RSA certificates. This only effects builds that have DTLS turned on and have applications that are using DTLS.
+
+Fix for a potential hang when ECC caching is enabled (off by default) and --enable-fastmath is used. ECC caching is off by default and is turned on in builds that are using --enable-all or --enable-fpecc. This issue does not affect builds that are using the macro WOLFSSL_VALIDATE_ECC_IMPORT which turns on validating all ECC keys that are imported. To fix this potential hang case a sanity check on the input values to the internal invmod function was added.
+
+
+To fix a potential fault injection attack on a wrapper function for wolfCrypt RSA signature generations an additional sanity check verifying the signature after it’s creation was added. This check is already done automatically in current versions of wolfSSL with TLS connections (internal function call of VerifyRsaSign during TLS state machine). The report only affects users making calls to the wolfCrypt function wc_SignatureGenerateHash and does not affect current TLS use cases. Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
+
+
+Blinding was added for DSA signing operations. The DSA signing uses the BEEA algorithm during modular inversion of the nonce which can potentially leak the nonce through side channels such as cache and power fluctuations. The fix of adding in blinding makes the DSA signing operation more resistant to side channel attacks. Users who have turned on DSA (disabled by default) and are performing signing operations should update. Note that DSA is not used in any TLS connections. Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
+
+
+Fix to add additional side channel cache attack resistance to the internal ECC function wc_ecc_mulmod_ex. This function by default is used with ECDSA signing operations. Users should update if performing ECDSA singing operations (server side ECC TLS connections, mutual authentication on client side) or calling wolfCrypt ECC sign functions and have the potential for outside users to perform sophisticated monitoring of the cache.Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
+
+
+For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
+# wolfSSL Release 4.2.0 (10/22/2019)
+
+If you have questions about this release, then feel free to contact us on our info@ address.
+
+Release 4.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+
+##### New Feature Additions
+* Over 198 OpenSSL compatibility API’s added
+* Apache port added for compiling with wolfSSL using --enable-apachehttpd
+* Port for using wolfSSL with OpenVSwitch
+* Port for Renesas TSIP added
+* Visual Studio Solution for Azure Sphere Devices (MT3620 and MT3620-mini) added to the directory IDE/VS-AZURE-SPHERE
+* Addition of Coldfire MCF5441X NetBurner example to the directory IDE/M68K/
+* Added support for prime checking to SP math build
+* Addition of DYNAMIC_TYPE_BIGINT type for tracking mp_int allocations
+* Addition of wc_ecc_get_curve_params API for getting ecc_set_type params for a curve
+* Adding in TLS_SHA256_SHA256 and TLS_SHA384_SHA384 TLS1.3 cipher suites (null ciphers)
+* Added in PKCS7 decryption callbacks for CMS operations
+* Added handling for optional ECC parameters with PKCS7 KARI
+* Addition to configure.ac for FIPS wolfRand builds
+* Adding the flag WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY for ignoring certificate date checks with the functions wolfSSL_CTX_load_verify_buffer_ex and wolfSSL_CTX_load_verify_locations_ex
+* Support for PKCS8 keys added to the function wolfSSL_CTX_use_PrivateKey_buffer
+* Support for KECCAK hashing. Build with macro WOLFSSL_HASH_FLAGS and call wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256) before the first SHA3 update 
+* Addition of setting secure renegotiation at CTX level
+* Addition of KDS (NXP Kinetis Design Studio) example project to directory IDE/KDS/
+* Support for Encrypt-Then-MAC to TLS 1.2 and below
+* Added a new build option for a TITAN session cache that can hold just over 2 million session entries (--enable-titancache)  
+* Synchronous Quick Assist Support for Sniffer
+* Added Support for SiFive HiFive Unleashed board 
+* Support for Google WebRTC added in to compatibility layer build
+* Additional Sniffer features; IPv6 sniffer support, Fragment chain input, Data store callback, Various statistics tweaks and other Sniffer fixes
+
+
+##### Fixes
+* Addition of internal content digest checks for PKCS7 SignedData message types that also have signed attributes present. Users could previously check the content digest against the messageDigest attribute, but this adds a default internal check. It’s advised that if users are not doing their own checks that they update wolfSSL version.
+* A fix for BIO and base64 encoding/decoding
+* A fix for memory management of CTX / WOLFSSL_METHOD pointer with staticmemory build
+* A fix for detection of AES-NI support to read bit 25 from ECX
+* A fix a DTLS handshake message retransmit bug corner case
+* Additional fixes to coding style and uninitialized values using cppcheck tool
+* Fixes for failing IAR builds, thanks to Joseph C. for the report
+* Fixes for ARMv8 Poly1305 inline assembly code to compile with clang 3.5
+* Fixes for esp-idf build warnings
+* A fix for XSNPRINTF with mingw32 builds
+* Fixes for strncpy warnings when compiling with newer versions of GCC
+* A fix for using IV of all 0’s as default case with AES-NI when no IV passed in
+* Fixes for types with 16 bit systems, thanks to Ralf Schlatterbeck
+* Fixes for build with devcrypto/afalg and aesccm, thanks to GitHub user cotequeiroz for the report
+* Fixes for addressing handling of pathLen constraint when parsing certificate chains
+* A DTLS fix for alert packet injection at end of handshake
+* Fixes for Poly1305 AArch64 assembly code
+* A fix for memory management in error cases when adding a CA, this resolves a coverity report
+* A fix for SP math for precomputation tables to not include infinity field
+* Fixes for checks on defines with AVX2 and Poly1305 build
+* Fixes for CubeMX HAL v1.15 with STM32F7
+* A fix for TLS 1.3 to always send Key Share extension
+* A fix for a potential buffer over read in TLS 1.3 DoTls13SupportedVersions, thanks to Artem for the report
+
+
+##### Improvements/Optimizations
+* Optimization to SP math, changing variables to const where possible. Thanks to Yair Poleg (yair.poleg@ayyeka.com) of Ayyeka for proposing static declaration of global constant variables in SP code
+* Additional fuzz testing and fixes for TLS 1.3 use, including additional TLS 1.3 alert messages (PR#2440 for more information)
+* Additional sanity check that ciphersuite from client hello is used in server hello response (check can be removed with the macro WOLFSSL_NO_STRICT_CIPHER_SUITE)
+* Improved MMCAU performance: SHA-1 by 35%, SHA-256 by 20% and MD5 by 78% 
+* By default, disallow SHA-2 cipher suites from being used in TLS 1.0 and 1.1 handshakes (can be ignored with macro WOLFSSL_OLDTLS_SHA2_CIPHERSUITES)
+* Optimization of export session buffer size with enable option --enable-sessionexport=nopeer
+* Spelling fixes in comments and some cast warnings resolved
+* Updates to abstract atoi to XATOI when used, this allows for better portability when making calls to the system function atoi for converting strings to integers
+* Improvements to the STSAFE-A100 error code handling, providing better debug information
+* Adding a sanity check on TLS 1.3 ticket encrypt callback
+* Specialized implementations of mod exp when base is 2
+
+
+
+##### This release of wolfSSL includes a fix for 5 security vulnerabilities.
+
+Fix for sanity check on reading TLS 1.3 pre-shared key extension. This fixes a potential for an invalid read when TLS 1.3 and pre-shared keys is enabled. Users without TLS 1.3 enabled are unaffected. Users with TLS 1.3 enabled and HAVE_SESSION_TICKET defined or NO_PSK not defined should update wolfSSL versions. Thanks to Robert Hoerr for the report.
+
+Fix for potential program hang when ocspstapling2 is enabled. This is a moderate level fix that affects users who have ocspstapling2 enabled(off by default) and are on the server side. In parsing a CSR2 (Certificate Status Request v2 ) on the server side, there was the potential for a malformed extension to cause a program hang. Thanks to Robert Hoerr for the report.
+
+Two moderate level fixes involving an ASN.1 over read by one byte. CVE-2019-15651 is for a fix that is due to a potential one byte over read when decoding certificate extensions. CVE-2019-16748 is for a fix on a potential one byte overread with checking certificate signatures. This affects builds that do certificate parsing and do not have the macro NO_SKID defined.Thanks to Yan Jia and the researcher team  from Institute of Software, Chinese Academy of Sciences for the report.
+
+High level fix for DSA operations involving an attack on recovering DSA private keys. This fix affects users that have DSA enabled and are performing DSA operations (off by default). All users that have DSA enabled and are using DSA keys are advised to regenerate DSA keys and update wolfSSL version. ECDSA is NOT affected by this and TLS code is NOT affected by this issue. Thanks to Ján Jančár for the report.
+
+
+For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
+
+# wolfSSL Release 4.1.0 (07/22/2019)
+
+Release 4.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+* A fix for the check on return value when verifying PKCS7 bundle signatures, all users with applications using the function wc_PKCS7_VerifySignedData should update
+* Adding the function wc_PKCS7_GetSignerSID for PKCS7 firmware bundles as a getter function for the signers SID
+* PKCS7 callback functions for unwrapping of CEK and for decryption
+* Adding the error value PKCS7_SIGNEEDS_CHECK when no certificates are available in a PKCS7 bundle to verify the signature
+* TLS 1.3 fixes including if major version is TLS Draft then it is now ignored and if version negotiation occurs but none were matched then an alert is now sent
+* Addition of the WOLFSSL_PSK_ONE_ID macro for indicating that only one identity in TLS 1.3 PSK is available and will be cached
+* Adding sanity checks on length of PSK identity from a TLS 1.3 pre-shared key extension
+* Additional sanity checks and alert messages added for TLS 1.3
+* Adding XTIME_MS macro to simplify the tls13.c time requirement
+* Improvements and refactoring of code related to parsing and creating TLS 1.3 client hello packets
+* TLS 1.3 version renegotiation now happens before interpreting ClientHello message
+* Chacha20 algorithm optimizations on the ARM architecture for performance increase
+* Poly1305 algorithm performance enhancements for the ARM architecture using the SIMD NEON extension
+* Curve25519 and Ed25519 optimized for ARM architecture for performance increase
+* SHA-512/384 optimizations for performance with ARM architecture using the SIMD NEON extension
+* Sniffer updates including adding support for the null cipher and static ECDH key exchange and new SSLWatchCb callback
+* Cipher suite TLS_RSA_WITH_NULL_MD5 for use with the sniffer (off by default)
+* Sniffer statistic print outs with the macro WOLFSSL_SNIFFER_STATS defined
+* A fix for wolfSSL_DH_generate_key when WOLFSSL_SMALL_STACK is defined
+* wolfSSL_BN_Init implementation for opensslextra builds
+* Updates to the function wolfSSL_i2d_RSAPrivateKey and additional automated tests
+* Fixes for EVP_CipherFinal edge cases to match behavior desired
+* Check for appropriate private vs public flag with ECC key decode in wolfSSL_EC_KEY_LoadDer_ex, thanks to Eric Miller for the report
+* Implementation of the function wolfSSL_PEM_write_DHparams
+* wolfSSL_RAND_seed is called in wolfSSL_Init now when opensslextra is enabled
+* CryptoCell-310 support on nRF52840 added
+* Fixes for atmel_ecc_create_pms to free the used slot.
+* Fixes for building ATECC with ATCAPRINTF or WOLFSSL_PUBLIC_MP
+* Cortex-M code changes to support IAR compiler
+* Improvements to STM32 AES-GCM performance
+* Fixes for 16-bit systems including PK callbacks, ATECC and LowResTimer function ptoto.
+* IAR-EWARM compiler warning fix
+* Clean up of user_settings for CS+ port
+* Updating Renesas example projects to the latest version
+* Micrium updates adjusting STATIC macro name and added inline flag
+* Fixes for building with WOLFSSL_CUSTOM_CURVES on Windows
+* Updates and refactor to the default build settings with Arduino
+* Fixes for visibility tags with Cygwin build
+* STSAFE Improvements to support wolfSSL Crypto Callbacks
+* Improvements to NetBSD builds and mutex use in test case
+* Updating TI hardware offload with WOLFSSL_TI_CRYPT build
+* Maintaining Xilinx FreeRTOS port by adjusting time.h include in wolfSSL
+* SiFive HiFive E31 RISC‐V core family port
+* Port for Telit IoT AppZone SDK
+* OCSP Response signed by issuer with identical SKID fix
+* Fix for sending revoked certificate with OCSP
+* Honor the status sent over connection with peers and do not perform an internal OCSP lookup
+* Adding the build flag `--enable-ecccustcurves=all` to enable all curve types
+* Support add for Ed25519ctx and Ed25519ph sign/verify algorithms as per RFC 8032
+* Addition of the macro WOLFSSL_NO_SIGALG to disable signature algorithms extension
+* wc_AesCtrEncrypt in place addition, where input and output buffer can be the same buffer
+* Single shot API added for SHA3; wc_Sha3_224Hash, wc_Sha3_256Hash, wc_Sha3_384Hash, wc_Sha3_512Hash
+* Function additions for JSSE support some of which are wolfSSL_get_ciphers_iana and wolfSSL_X509_verify along with expansion of the --enable-jni option
+* Macro guards for more modular SHA3 build (i.e. support for 384 size only)
+* Benchmarking -thread <num> argument support for asynchronous crypto
+* Blake2s support (--enable-blake2s), which provides 32-bit Blake2 support
+* Macro SHA256_MANY_REGISTERS addition to potentially speed up SHA256 depending on architecture
+* Additional TLS alert messages sent with the macro WOLFSSL_EXTRA_ALERTS defined
+* Feature to fail resumption of a session if the session’s cipher suite is not in the client’s list, this can be overridden by defining the macro NO_RESUME_SUITE_CHECK
+* Fallback SCSV (Signaling Cipher Suite Value) support on Server only (--enable-fallback-scsv)
+* DTLS export state only (wolfSSL_dtls_export_state_only) which is a subset of the information exported from previous DTLS export function
+* Function wc_DhCheckPubValue added to perform simple validity checks on DH keys
+* Support for RSA SHA-224 signatures with TLS added
+* Additional option “-print” to the benchmark app for printing out a brief summary after benchmarks are complete
+*  Adding (--disable-pkcs12) option and improvements for disabled sections in pwdbased.c, asn.c, rsa.c, pkcs12.c and wc_encrypt
+* Added DES3 support to the wolfSSL crypto callbacks
+* Compile time fixes for build case with SP math and RSA only
+* Fixes for Coverity static analysis report including explicit initialization of reported stack variables some additional Coverity fixes added thanks to Martin
+* Fixes for scan build warnings (i.e possible null dereference in ecc.c)
+* Resetting verify send value with a call to wolfSSL_clear function
+* Fix for extern with sp_ModExp_2048 when building with --cpp option
+* Fix for typo issue with --enable-sp=cortexm
+* Adding #pragma warning disable 4127 for tfm.c when building with Visual Studio
+* Improvements to the maximum ECC signature calculations
+* Improvements to TLS write handling in error cases which helps user application not go through with a wolfSSL_write attempt after a wolfSSL_read failure
+* Fix for read directory functions with Windows (wc_ReadDirFirst and wc_ReadDirNext)
+* Sanity check on index before accessing domain component buffer in call to wolfSSL_X509_NAME_get_entry
+* Sending fatal alert from client side on version error
+* Fix for static RSA cipher suite with PK callback and no loaded private key
+* Fix for potential memory leak in error case with the function wc_DsaKeyToDer, thanks to Chris H. for the report
+* Adjusting STRING_USER macro to remove includes of standard lib <string.h> or <stdio.h>
+* Bug fix for checking wrong allocation assignment in the function wc_PBKDF2 and handling potential leak on allocation failure. This case is only hit when the specific call to malloc fails in the function wc_PBKDF2. Thanks to Robert Altnoeder (Linbit) for the report
+* Improved length checks when parsing ASN.1 certificates
+* extern "C" additions to header files that were missing them
+* Improved checking of return values with TLS extension functions and error codes
+* Removing redundant calls to the generate function when instantiating and reseeding DRBG
+* Refactoring and improvements to autoconf code with consolidating AM_CONDITIONAL statements
+* Improvements for handling error return codes when reading input from transport layer
+* Improvements to efficiency of SNI extension parsing and error checking with ALPN parsing
+* Macro WOLFSSL_DEBUG_TLS addition for printing out extension data being parsed during a TLS connection
+* Adjustment of prime testing with --disable-fastmath builds
+
+
+This release of wolfSSL includes a fix for 2 security vulnerabilities.
+
+There is a fix for a potential buffer overflow case with the TLSv1.3 PSK extension parsing. This affects users that are enabling TLSv1.3 (--enable-tls13). Thanks to Robert Hoerr for the report. The CVE associated with the report is CVE-2019-11873.
+
+There is a fix for the potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack against previous wolfSSL versions. ECC operations with --enable-sp and --enable-sp-asm are not affected, users with private ECC keys in other builds that are performing ECDSA signing operations should update versions of wolfSSL along with private ECC keys. Thanks to Ján Jančár from Masaryk University for the report.
+
+
+# wolfSSL Release 4.0.0 (03/20/2019)
+
+Release 4.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+* Support for wolfCrypt FIPS v4.0.0, certificate #3389
+* FIPS Ready Initiative
+* Compatibility fixes for secure renegotiation with Chrome
+* Better size check for TLS record fragment reassembly
+* Improvements to non-blocking and handshake message retry support for DTLS
+* Improvements to OCSP with ECDSA signers
+* Added TLS server side secure renegotiation
+* Added TLS Trusted CA extension
+* Add support for the Deos Safety Critical RTOS
+* OCSP fixes for memory management and initializations
+* Fixes for EVP Cipher decryption padding checks
+* Removal of null terminators on `wolfSSL_X509_print` substrings
+* `wolfSSL_sk_ASN1_OBJCET_pop` function renamed to `wolfSSL_sk_ASN1_OBJECT_pop`
+* Adjustment to include path in compatibility layer for evp.h and objects.h
+* Fixes for decoding BER encoded PKCS7 contents
+* TLS handshake now supports using PKCS #11 for private keys
+* PKCS #11 support of HMAC, AES-CBC and random seeding/generation
+* Support for named FFDHE parameters in TLS 1.2 (RFC 7919)
+* Port to Zephyr Project
+* Move the TLS PRF to wolfCrypt.
+* Update to CMS KARI support
+* Added ESP32 WROOM support
+* Fixes and additions to the OpenSSL compatibility layer
+* Added WICED Studio Support
+* MDK CMSIS RTOS v2
+* Xcode project file update
+* Fixes for ATECC508A/ATECC608A
+* Fixes issue with CA path length for self signed root CA's
+* Fixes for Single Precision (SP) ASM when building sources directly
+* Fixes for STM32 AES GCM
+* Fixes for ECC sign with hardware to ensure the input is truncated
+* Fixes for proper detection of PKCS7 buffer overflow case
+* Fixes to handle degenerate PKCS 7 with BER encoding
+* Fixes for TLS v1.3 handling of 6144 and 8192 bit keys
+* Fixes for possible build issues with SafeRTOS
+* Added `ECC_PUBLICKEY_TYPE` to the support PEM header types
+* Added strict checking of the ECDSA signature DER encoding length
+* Added ECDSA option to limit sig/algos in client_hello to key size with
+  `USE_ECDSA_KEYSZ_HASH_ALGO`
+* Added Cortex-M support for Single Precision (SP) math
+* Added wolfCrypt RSA non-blocking time support
+* Added 16-bit compiler support using --enable-16bit option
+* Improved Arduino sketch example
+* Improved crypto callback features
+* Improved TLS benchmark tool
+* Added new wrapper for snprintf for use with certain Visual Studio builds,
+  thanks to David Parnell (Cambridge Consultants)
+
+This release of wolfSSL includes a fix for 1 security vulnerability.
+
+* Fixed a bug in tls_bench.c example test application unrelated to the crypto
+  or TLS portions of the library. (CVE-2019-6439)
+
+
+# wolfSSL Release 3.15.7 (12/26/2018)
+
+Release 3.15.7 of wolfSSL embedded TLS has bug fixes and new features including:
+
+* Support for Espressif ESP-IDF development framework
+* Fix for XCode build with iPhone simulator on i386
+* PKCS7 support for generating and verify bundles using a detached signature
+* Fix for build disabling AES-CBC and enabling opensslextra compatibility layer
+* Updates to sniffer for showing session information and handling split messages across records
+* Port update for Micrium uC/OS-III
+* Feature to adjust max fragment size post handshake when compiled with the macro WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
+* Adding the macro NO_MULTIBYTE_PRINT for compiling out special characters that embedded devices may have problems with
+* Updates for Doxygen documentation, including PKCS #11 API and more
+* Adding Intel QuickAssist v1.7 driver support for asynchronous crypto
+* Adding Intel QuickAssist RSA key generation and SHA-3 support
+* RSA verify only (--enable-rsavfy) and RSA public only (--enable-rsapub) builds added
+* Enhancements to test cases for increased code coverage
+* Updates to VxWorks port for use with Mongoose, including updates to the OpenSSL compatibility layer
+* Yocto Project ease of use improvements along with many updates and build instructions added to the INSTALL file
+* Maximum ticket nonce size was increased to 8
+* Updating --enable-armasm build for ease of use with autotools
+* Updates to internal code checking TLS 1.3 version with a connection
+* Removing unnecessary extended master secret from ServerHello if using TLS 1.3
+* Fix for TLS v1.3 HelloRetryRequest to be sent immediately and not grouped
+
+
+
+This release of wolfSSL includes a fix for 1 security vulnerability.
+
+Medium level fix for potential cache attack with a variant of Bleichenbacher’s attack. Earlier versions of wolfSSL leaked PKCS #1 v1.5 padding information during private key decryption that could lead to a potential padding oracle attack. It is recommended that users update to the latest version of wolfSSL if they have RSA cipher suites enabled and have the potential for malicious software to be ran on the same system that is performing RSA operations. Users that have only ECC cipher suites enabled and are not performing RSA PKCS #1 v1.5 Decryption operations are not vulnerable. Also users with TLS 1.3 only connections are not vulnerable to this attack. Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for the report.
+
+The paper for further reading on the attack details can be found at http://cat.eyalro.net/cat.pdf.
+
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 # wolfSSL Release 3.15.5 (11/07/2018)
 
 Release 3.15.5 of wolfSSL embedded TLS has bug fixes and new features including:

IDE/ARDUINO/README.md

@@ -12,15 +12,26 @@ wolfssl/IDE/ARDUINO directory:
 
         `./wolfssl-arduino.sh`
 
+Step 2: Copy the directory wolfSSL that was just created to:
+`~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it.
 
-Step 2: Edit `<wolfssl-root>/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO`
-If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`.
+Step 3: Edit `<arduino-libraries>/wolfSSL/user_settings.h`
+If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
+Add any other custom settings, for a good start see the below in wolfssl root.
+(See wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h)
 
-#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
+Step 4: If you experience any issues with custom user_settings.h see the wolfssl
+porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
+
+Step 5: If you still have any issues contact support@wolfssl.com for more help.
+
+##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
 
 1. In the Arduino IDE:
     - In `Sketch -> Include Library -> Add .ZIP Library...` and choose the
         `IDE/ARDUNIO/wolfSSL` folder.
     - In `Sketch -> Include Library` choose wolfSSL.
 
-An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino`
+2. Open an example Arduino sketch for wolfSSL:
+	- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
+	- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`

IDE/ARDUINO/include.am

@@ -4,5 +4,5 @@
 
 EXTRA_DIST+= IDE/ARDUINO/README.md
 EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
+EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
 EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh
-

IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino

@@ -1,6 +1,6 @@
 /* wolfssl_client.ino
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -25,7 +25,7 @@
 #include <Ethernet.h>
 
 const char host[] = "192.168.1.148"; // server to connect to
-int port = 11111; // port on server to connect to
+const int port = 11111; // port on server to connect to
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
@@ -33,11 +33,12 @@ int reconnect = 10;
 
 EthernetClient client;
 
-WOLFSSL_CTX* ctx = 0;
-WOLFSSL* ssl = 0;
-WOLFSSL_METHOD* method = 0;
+WOLFSSL_CTX* ctx = NULL;
+WOLFSSL* ssl = NULL;
 
 void setup() {
+  WOLFSSL_METHOD* method;
+
   Serial.begin(9600);
 
   method = wolfTLSv1_2_client_method();
@@ -79,65 +80,76 @@ int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
 void loop() {
   int err            = 0;
   int input          = 0;
-  int sent           = 0;
   int total_input    = 0;
   char msg[32]       = "hello wolfssl!";
   int msgSz          = (int)strlen(msg);
   char errBuf[80];
   char reply[80];
-  WOLFSSL_CIPHER* cipher;
+  const char* cipherName;
     
   if (reconnect) {
     reconnect--;
+    
     if (client.connect(host, port)) {
 
       Serial.print("Connected to ");
       Serial.println(host);
+
       ssl = wolfSSL_new(ctx);
       if (ssl == NULL) {
+        Serial.println("Unable to allocate SSL object");
+        return;
+      }
+
+      err = wolfSSL_connect(ssl);
+      if (err != WOLFSSL_SUCCESS) {
         err = wolfSSL_get_error(ssl, 0);
         wolfSSL_ERR_error_string(err, errBuf);
-        Serial.print("Unable to get SSL object. Error = ");
+        Serial.print("TLS Connect Error: ");
         Serial.println(errBuf);
       }
-      
+
       Serial.print("SSL version is ");
       Serial.println(wolfSSL_get_version(ssl));
       
-
-      
-      if ((wolfSSL_write(ssl, msg, strlen(msg))) == msgSz) {
-      cipher = wolfSSL_get_current_cipher(ssl);
+      cipherName = wolfSSL_get_cipher(ssl);
       Serial.print("SSL cipher suite is ");
-      Serial.println(wolfSSL_CIPHER_get_name(cipher));                
+      Serial.println(cipherName);
+
+      if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
+        
         Serial.print("Server response: ");
         while (client.available() || wolfSSL_pending(ssl)) {
           input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
           total_input += input;
-          if ( input > 0 ) {
-            reply[input] = '\0';
-            Serial.print(reply);
-          } else if (input < 0) {
+          if (input < 0) {
             err = wolfSSL_get_error(ssl, 0);
             wolfSSL_ERR_error_string(err, errBuf);
-            Serial.print("wolfSSL_read failed. Error: ");
+            Serial.print("TLS Read Error: ");
             Serial.println(errBuf);
+            break;
+          } else if (input > 0) {
+            reply[input] = '\0';
+            Serial.print(reply);
           } else {
             Serial.println();
           }
         } 
       } else {
-        Serial.println("SSL_write failed");
+        err = wolfSSL_get_error(ssl, 0);
+        wolfSSL_ERR_error_string(err, errBuf);
+        Serial.print("TLS Write Error: ");
+        Serial.println(errBuf);
       }
       
-      if (ssl != NULL) 
-        wolfSSL_free(ssl);
+      wolfSSL_shutdown(ssl);
+      wolfSSL_free(ssl);
 
       client.stop();
       Serial.println("Connection complete.");
       reconnect = 0;
     } else {
-      Serial.println("Trying to reconnect...");       
+      Serial.println("Trying to reconnect...");
     }
   }
   delay(1000);

IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino

@@ -0,0 +1,176 @@
+/* wolfssl_server.ino
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#include <wolfssl.h>
+#include <wolfssl/ssl.h>
+#include <Ethernet.h>
+
+#define USE_CERT_BUFFERS_256
+#include <wolfssl/certs_test.h>
+
+#ifdef NO_WOLFSSL_SERVER
+  #error Please undefine NO_WOLFSSL_SERVER for this example
+#endif
+
+const int port = 11111; // port to listen on
+
+int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
+
+EthernetServer server(port);
+EthernetClient client;
+
+WOLFSSL_CTX* ctx = NULL;
+WOLFSSL* ssl = NULL;
+
+void setup() {
+  int err;
+  WOLFSSL_METHOD* method;
+
+  Serial.begin(9600);
+
+  method = wolfTLSv1_2_server_method();
+  if (method == NULL) {
+    Serial.println("unable to get method");
+    return;
+  }
+  ctx = wolfSSL_CTX_new(method);
+  if (ctx == NULL) {
+    Serial.println("unable to get ctx");
+    return;
+  }
+
+  // initialize wolfSSL using callback functions
+  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+  wolfSSL_SetIOSend(ctx, EthernetSend);
+  wolfSSL_SetIORecv(ctx, EthernetReceive);
+
+  // setup the private key and certificate
+  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, 
+    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+  if (err != WOLFSSL_SUCCESS) {
+    Serial.println("error setting key");
+    return;
+  }
+  err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256, 
+    sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+  if (err != WOLFSSL_SUCCESS) {
+    Serial.println("error setting certificate");
+    return;
+  }
+
+  // Start the server
+  server.begin();
+  
+  return;
+}
+
+int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
+  int sent = 0;
+
+  sent = client.write((byte*)msg, sz);
+
+  return sent;
+}
+
+int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
+  int ret = 0;
+
+  while (client.available() > 0 && ret < sz) {
+    reply[ret++] = client.read();
+  }
+
+  return ret;
+}
+
+void loop() {
+  int err = 0;
+  int input = 0;
+  char errBuf[80];
+  char reply[80];
+  int replySz = 0;
+  const char* cipherName;
+
+  // Listen for incoming client requests.
+  client = server.available();
+  if (!client) {
+    return;
+  }
+
+  if (client.connected()) {
+
+    Serial.println("Client connected");
+
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+      Serial.println("Unable to allocate SSL object");
+      return;
+    }
+
+    err = wolfSSL_accept(ssl);
+    if (err != WOLFSSL_SUCCESS) {
+      err = wolfSSL_get_error(ssl, 0);
+      wolfSSL_ERR_error_string(err, errBuf);
+      Serial.print("TLS Accept Error: ");
+      Serial.println(errBuf);
+    }
+
+    Serial.print("SSL version is ");
+    Serial.println(wolfSSL_get_version(ssl));
+    
+    cipherName = wolfSSL_get_cipher(ssl);
+    Serial.print("SSL cipher suite is ");
+    Serial.println(cipherName);
+
+    Serial.print("Server Read: ");
+    while (client.available() || wolfSSL_pending(ssl)) {
+      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
+      if (input < 0) {
+        err = wolfSSL_get_error(ssl, 0);
+        wolfSSL_ERR_error_string(err, errBuf);
+        Serial.print("TLS Read Error: ");
+        Serial.println(errBuf);
+        break;
+      } else if (input > 0) {
+        replySz = input;
+        reply[input] = '\0';
+        Serial.print(reply);
+      } else {
+        Serial.println();
+      }
+    }
+
+    // echo data
+    if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
+      err = wolfSSL_get_error(ssl, 0);
+      wolfSSL_ERR_error_string(err, errBuf);
+      Serial.print("TLS Write Error: ");
+      Serial.println(errBuf);
+    }
+    
+    wolfSSL_shutdown(ssl);
+    wolfSSL_free(ssl);
+  }
+
+  client.stop();
+  Serial.println("Connection complete");
+}

IDE/ARDUINO/wolfssl-arduino.sh

@@ -6,6 +6,10 @@
 
 DIR=${PWD##*/}
 
+space(){
+    echo "" >> "$1"
+}
+
 if [ "$DIR" = "ARDUINO" ]; then
 	rm -rf wolfSSL
 	mkdir wolfSSL
@@ -22,14 +26,43 @@ if [ "$DIR" = "ARDUINO" ]; then
     mkdir ./wolfSSL/wolfcrypt
     mkdir ./wolfSSL/wolfcrypt/src
     cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src
+    cp ../../wolfcrypt/src/asm.c  ./wolfSSL/wolfcrypt/src
 
     # put bio and evp as includes
     mv ./wolfSSL/bio.c ./wolfSSL/wolfssl
 	mv ./wolfSSL/evp.c ./wolfSSL/wolfssl
 
-    echo "/* Generated wolfSSL header file for Arduino */" >> ./wolfSSL/wolfssl.h
+    echo "/* Generated wolfSSL header file for Arduino */" > ./wolfSSL/wolfssl.h
     echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
     echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h
+
+    echo "/* Generated wolfSSL user_settings.h file for Arduino */" > ./wolfSSL/user_settings.h
+    echo "#ifndef ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
+    echo "#define ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
+    space wolfSSL/user_settings.h
+    echo "/* Platform */" >> ./wolfSSL/user_settings.h
+    echo "#define WOLFSSL_ARDUINO" >> ./wolfSSL/user_settings.h
+    space wolfSSL/user_settings.h
+    echo "/* Math library (remove this to use normal math)*/" >>  ./wolfSSL/user_settings.h
+    echo "#define USE_FAST_MATH" >> ./wolfSSL/user_settings.h
+    echo "#define TFM_NO_ASM" >> ./wolfSSL/user_settings.h
+    space wolfSSL/user_settings.h
+    echo "/* RNG DEFAULT !!FOR TESTING ONLY!! */" >>  ./wolfSSL/user_settings.h
+    echo "/* comment out the error below to get started w/ bad entropy source" >>  ./wolfSSL/user_settings.h
+    echo " * This will need fixed before distribution but is OK to test with */" >>  ./wolfSSL/user_settings.h
+    echo "#error \"needs solved, see: https://www.wolfssl.com/docs/porting-guide/\"" >>  ./wolfSSL/user_settings.h
+    echo "#define WOLFSSL_GENSEED_FORTEST" >> ./wolfSSL/user_settings.h
+    space wolfSSL/user_settings.h
+    echo "#endif /* ARDUINO_USER_SETTINGS_H */" >> ./wolfSSL/user_settings.h
+
+    cp wolfSSL/wolfssl/wolfcrypt/settings.h wolfSSL/wolfssl/wolfcrypt/settings.h.bak
+    echo " /* wolfSSL Generated ARDUINO settings */" > ./wolfSSL/wolfssl/wolfcrypt/settings.h
+    echo "#ifndef WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
+    echo "    #define WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
+    echo "#endif /* WOLFSSL_USER_SETTINGS */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
+    echo " /* wolfSSL Generated ARDUINO settings: END */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
+    cat ./wolfSSL/wolfssl/wolfcrypt/settings.h.bak >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
+
 else
     echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
 fi

IDE/CRYPTOCELL/README.md

@@ -0,0 +1,116 @@
+# ARM® TrustZone® CryptoCell 310 Port
+## Overview
+ARM® TrustZone® CryptoCell 310 is a security subsystem which provides root of trust (RoT) and cryptographic services for a device.
+You can enable the wolfSSL support for ARM CryptoCell using the `#define WOLFSSL_CRYPTOCELL`, The CryptoCell APIs are distributed as part of the Nordic nRF5 SDKs [here](https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v15.0.0%2Fgroup__cryptocell__api.html) .
+
+## Prerequisites
+1. Follow the Nordic website [here](https://www.nordicsemi.com/Software-and-Tools/Software/nRF5-SDK) to download the Nordic nRF5-SDK and software tools.
+2. Install the SEGGER Embedded Studio IDE.
+3. Run a simple blinky application on your Nordic nRF52840 (PCA10056) development board to confirm that your board functions as expected and the communication between your computer and the board works.
+
+## Usage
+You can start with a wolfcrypt SEGGER embedded studio (ses) example project to integrate the wolfSSL source code.
+wolfSSL supports a compile-time user configurable options in the `IDE/CRYPTOCELL/user_settings.h` file.
+
+The `IDE/CRYPTOCELL/main.c` example application provides a function to run the selected examples at compile time through the following two #defines in user_settings.h. You can define these macro options to disable the test run.
+```
+- #undef NO_CRYPT_TEST
+- #undef NO_CRYPT_BENCHMARK
+```
+
+## Supported features
+- SHA-256
+- AES CBC
+- CryptoCell 310 RNG
+- RSA sign/verify and RSA key gen
+- RSA encrypt/decrypt
+- ECC sign/verify/shared secret
+- ECC key import/export and key gen pairs
+- Hardware RNG
+- RTC for benchmark timing source
+
+## Setup
+### Setting up Nordic SDK with wolfSSL
+1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source.
+```
+  For example,
+
+  $cd ~/nRF5_SDK_15.2.0_9412b96/external
+  $git clone --depth=1 https://github.com/wolfSSL/wolfssl.git
+
+  Or, assuming you have already cloned the wolfSSL source code under ~/wolfssl.
+
+  $cd ~/nRF5_SDK_15.2.0_9412b96/external
+  $ln -s  ~/wolfssl wolfssl
+```
+2. Copy the example project from [here](https://github.com/tmael/nRF5_SDK/tree/master/examples/crypto/nrf_cc310/wolfcrypt) into your `nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310/` directory.
+```
+  $git clone https://github.com/tmael/nRF5_SDK.git
+  $cd ~/nRF5_SDK_15.2.0_9412b96/examples/crypto/nrf_cc310
+
+  $cp -rf ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt .
+  OR
+  $ln -s ~/nRF5_SDK/examples/crypto/nrf_cc310/wolfcrypt wolfcrypt
+```
+3. Launch the SEGGER Embedded Studio IDE
+4. In the main menu, go to File >Open Solutions to open the example solution. Browse to the location containing the wolfcrypt code `/examples/crypto/nrf_cc310/wolfcrypt/pca10056/blank/ses/wolfcrypt_pca10056.emProject` and choose Open.
+
+## Building and Running
+In the main menu, go to Build > Rebuild your project, then load and run your image on your nRF52840 target platform. Review the test results on the console output.
+
+### `wolfcrypt_test()`
+wolfcrypt_test() prints a message on the target console similar to the following output:
+```
+wolfCrypt Test Started
+error    test passed!
+base64   test passed!
+asn      test passed!
+SHA      test passed!
+SHA-256  test passed!
+Hash     test passed!
+HMAC-SHA test passed!
+HMAC-SHA256 test passed!
+AES      test passed!
+RANDOM   test passed!
+RSA      test passed!
+ECC      test passed!
+ECC buffer test passed!
+logging  test passed!
+mutex    test passed!
+wolfCrypt Test Completed
+```
+### `benchmark_test()`
+benchmark_test() prints a message on the target console similar to the following output.
+```
+Benchmark Test Started
+------------------------------------------------------------------------------
+ wolfSSL version 3.15.7
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG                  5 MB took 1.000 seconds,    4.858 MB/s
+AES-128-CBC-enc     17 MB took 1.001 seconds,   17.341 MB/s
+AES-128-CBC-dec     17 MB took 1.000 seconds,   17.285 MB/s
+SHA                425 KB took 1.040 seconds,  408.654 KB/s
+SHA-256             26 MB took 1.000 seconds,   25.903 MB/s
+HMAC-SHA           425 KB took 1.049 seconds,  405.148 KB/s
+HMAC-SHA256         24 MB took 1.000 seconds,   23.877 MB/s
+RSA     1024 key gen         2 ops took 1.579 sec, avg 789.500 ms, 1.267 ops/sec
+RSA     2048 key gen         1 ops took 9.695 sec, avg 9695.000 ms, 0.103 ops/sec
+RSA     2048 public        328 ops took 1.001 sec, avg 3.052 ms, 327.672 ops/sec
+RSA     2048 private         4 ops took 1.713 sec, avg 428.250 ms, 2.335 ops/sec
+ECC      256 key gen        55 ops took 1.017 sec, avg 18.491 ms, 54.081 ops/sec
+ECDHE    256 agree          56 ops took 1.017 sec, avg 18.161 ms, 55.064 ops/sec
+ECDSA    256 sign           50 ops took 1.004 sec, avg 20.080 ms, 49.801 ops/sec
+ECDSA    256 verify         48 ops took 1.028 sec, avg 21.417 ms, 46.693 ops/sec
+Benchmark Test Completed
+```
+
+## References
+The test results were collected from an nRF52840 reference platform target with the following software and tool chains:
+- Nordic nRF52840 development board (PCA10056 1.0.0 2018.49 683529999).
+- nRF5_SDK_15.2.0_9412b96
+- SEGGER Embedded Studio for ARM, Release 4.12  Build 2018112601.37855 Linux x64Segger J-Link software
+- gcc-arm-none-eabi-8-2018-q4-major
+- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
+
+For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)

IDE/CRYPTOCELL/include.am

@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/CRYPTOCELL/README.md \
+    IDE/CRYPTOCELL/main.c \
+    IDE/CRYPTOCELL/user_settings.h

IDE/CRYPTOCELL/main.c

@@ -0,0 +1,64 @@
+/* main.c
+ *
+ * Copyright (C) 2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/test/test.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
+/* wolfCrypt_Init/wolfCrypt_Cleanup to turn CryptoCell hardware on/off */
+#include <wolfssl/wolfcrypt/wc_port.h>
+
+/* SEGGER_RTT_Init, you can potential replace it with other serial terminal */
+#include "SEGGER_RTT.h"
+
+int main(void)
+{
+    int ret;
+
+    SEGGER_RTT_Init();
+
+    if ((ret = wolfCrypt_Init()) != 0) {
+        printf("wolfCrypt_Init failed %d\n", ret);
+        return -1;
+    }
+
+#ifndef NO_CRYPT_TEST
+    printf("\nwolfCrypt Test Started\n");
+    wolfcrypt_test(NULL);
+    printf("\nwolfCrypt Test Completed\n");
+#endif
+
+#ifndef NO_CRYPT_BENCHMARK
+    printf("\nBenchmark Test Started\n");
+    benchmark_test(NULL);
+    printf("\nBenchmark Test Completed\n");
+#endif
+
+    if ((ret = wolfCrypt_Cleanup()) != 0) {
+        printf("wolfCrypt_Cleanup failed %d\n", ret);
+        return -1;
+    }
+    while(1) {
+        __WFI();
+    }
+
+    return 0;
+}
+

IDE/CRYPTOCELL/user_settings.h

@@ -0,0 +1,589 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Example Settings for CryptoCell */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* CryptoCell */
+/* ------------------------------------------------------------------------- */
+#if 1
+    #define WOLFSSL_CRYPTOCELL
+    #define WOLFSSL_nRF5x_SDK_15_2 /* for benchmark timer */
+    #define WOLFSSL_CRYPTOCELL_AES /* only CBC mode is supported */
+#else
+    /* run without CryptoCell,
+    include IDE/GCC-ARM/Source/wolf_main.c for current_time(). */
+#endif
+
+#if defined(WOLFSSL_CRYPTOCELL)
+    #define AES_MAX_KEY_SIZE    128
+#endif /* WOLFSSL_CRYPTOCELL*/
+
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+#undef  SINGLE_THREADED
+#define SINGLE_THREADED
+
+#undef  WOLFSSL_SMALL_STACK
+#define WOLFSSL_SMALL_STACK
+
+#undef  WOLFSSL_USER_IO
+#define WOLFSSL_USER_IO
+
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#undef  SIZEOF_LONG_LONG
+#define SIZEOF_LONG_LONG 8
+
+#undef USE_FAST_MATH
+#if 1
+    #define USE_FAST_MATH
+
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    /* Optimizations */
+    //#define TFM_ARM
+#endif
+
+/* Wolf Single Precision Math */
+#undef WOLFSSL_SP
+#if 0
+    #define WOLFSSL_SP
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    #define WOLFSSL_HAVE_SP_RSA
+    #define WOLFSSL_HAVE_SP_DH
+    #define WOLFSSL_HAVE_SP_ECC
+    #define WOLFSSL_SP_CACHE_RESISTANT
+    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
+
+    /* Assembly */
+    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
+    //#define WOLFSSL_SP_ARM_CORTEX_M_ASM
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* RSA */
+#undef NO_RSA
+#if 1
+    #ifdef USE_FAST_MATH
+        /* Maximum math bits (Max RSA key bits * 2) */
+        #undef  FP_MAX_BITS
+        #define FP_MAX_BITS     4096
+    #endif
+
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+
+    /* Enables blinding mode, to prevent timing attacks */
+    #if 1
+        #undef  WC_RSA_BLINDING
+        #define WC_RSA_BLINDING
+    #else
+        #undef  WC_NO_HARDEN
+        #define WC_NO_HARDEN
+    #endif
+
+    /* RSA PSS Support */
+    #if 0
+        #define WC_RSA_PSS
+    #endif
+
+    #if 0
+        #define WC_RSA_NO_PADDING
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+/* ECC */
+#undef HAVE_ECC
+#if 1
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    #define ECC_USER_CURVES
+
+    #ifdef ECC_USER_CURVES
+        /* Manual Curve Selection */
+        //#define HAVE_ECC192
+        //#define HAVE_ECC224
+        #undef NO_ECC256
+        #define HAVE_ECC384
+        //#define HAVE_ECC521
+    #endif
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    /* Enable cofactor support */
+    #undef  HAVE_ECC_CDH
+    //#define HAVE_ECC_CDH
+
+    /* Validate import */
+    #undef  WOLFSSL_VALIDATE_ECC_IMPORT
+    //#define WOLFSSL_VALIDATE_ECC_IMPORT
+
+    /* Compressed Key Support */
+    #undef  HAVE_COMP_KEY
+    //#define HAVE_COMP_KEY
+
+    /* Use alternate ECC size for ECC math */
+    #ifdef USE_FAST_MATH
+        #ifdef NO_RSA
+            /* Custom fastmath size if not using RSA */
+            /* MAX = ROUND32(ECC BITS 384) + SIZE_OF_MP_DIGIT(32) */
+            #undef  FP_MAX_BITS
+            #define FP_MAX_BITS     (384 + 32)
+        #else
+            #undef  ALT_ECC_SIZE
+            #define ALT_ECC_SIZE
+        #endif
+
+        /* Speedups specific to curve */
+        #ifndef NO_ECC256
+            #undef  TFM_ECC256
+            #define TFM_ECC256
+        #endif
+        #ifndef HAVE_ECC384
+            #undef  TFM_ECC384
+            #define TFM_ECC384
+        #endif
+    #endif
+#endif
+
+/* DH */
+#undef  NO_DH
+#if 0
+    /* Use table for DH instead of -lm (math) lib dependency */
+    #if 0
+        #define WOLFSSL_DH_CONST
+    #endif
+
+    #define HAVE_FFDHE_2048
+    //#define HAVE_FFDHE_4096
+    //#define HAVE_FFDHE_6144
+    //#define HAVE_FFDHE_8192
+#else
+    #define NO_DH
+#endif
+
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_CBC
+    #define HAVE_AES_CBC
+
+    /* If you need other than AES-CBC mode, you must undefine WOLFSSL_CRYPTOCELL_AES */
+    #if !defined(WOLFSSL_CRYPTOCELL_AES)
+        #undef  HAVE_AESGCM
+        #define HAVE_AESGCM
+
+        /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
+        #define GCM_SMALL
+
+        #undef  WOLFSSL_AES_DIRECT
+        //#define WOLFSSL_AES_DIRECT
+
+        #undef  HAVE_AES_ECB
+        //#define HAVE_AES_ECB
+
+        #undef  WOLFSSL_AES_COUNTER
+        //#define WOLFSSL_AES_COUNTER
+
+        #undef  HAVE_AESCCM
+        //#define HAVE_AESCCM
+    #endif
+#else
+    #define NO_AES
+#endif
+
+
+/* DES3 */
+#undef NO_DES3
+#if 0
+#else
+    #define NO_DES3
+#endif
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519 /* ED25519 Requires SHA512 */
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 1
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+    /* not unrolled - ~2k smaller and ~25% slower */
+    //#define USE_SLOW_SHA256
+
+    /* Sha224 */
+    #if 0
+        #define WOLFSSL_SHA224
+    #endif
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 0
+    #define WOLFSSL_SHA512
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 0
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA512
+#endif
+
+/* Sha3 */
+#undef WOLFSSL_SHA3
+#if 0
+    #define WOLFSSL_SHA3
+#endif
+
+/* MD5 */
+#undef  NO_MD5
+#if 0
+
+#else
+    #define NO_MD5
+#endif
+
+/* HKDF */
+#undef HAVE_HKDF
+#if 0
+    #define HAVE_HKDF
+#endif
+
+/* CMAC */
+#undef WOLFSSL_CMAC
+#if 0
+    #define WOLFSSL_CMAC
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef  USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+
+//#undef  USE_CERT_BUFFERS_1024
+//#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 0
+    #define DEBUG_WOLFSSL
+#else
+    #if 0
+        #define NO_ERROR_STRINGS
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Memory */
+/* ------------------------------------------------------------------------- */
+
+/* Override Memory API's */
+#if 0
+    #undef  XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+
+    /* prototypes for user heap override functions */
+    /* Note: Realloc only required for normal math */
+    #include <stddef.h>  /* for size_t */
+    extern void *myMalloc(size_t n, void* heap, int type);
+    extern void myFree(void *p, void* heap, int type);
+    extern void *myRealloc(void *p, size_t n, void* heap, int type);
+
+    #define XMALLOC(n, h, t)     myMalloc(n, h, t)
+    #define XFREE(p, h, t)       myFree(p, h, t)
+    #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
+#endif
+
+#if 0
+    /* Static memory requires fast math */
+    #define WOLFSSL_STATIC_MEMORY
+
+    /* Disable fallback malloc/free */
+    #define WOLFSSL_NO_MALLOC
+    #if 1
+        #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
+    #endif
+#endif
+
+/* Memory callbacks */
+#if 0
+    #undef  USE_WOLFSSL_MEMORY
+    #define USE_WOLFSSL_MEMORY
+
+    /* Use this to measure / print heap usage */
+    #if 1
+        #undef  WOLFSSL_TRACK_MEMORY
+        #define WOLFSSL_TRACK_MEMORY
+
+        #undef  WOLFSSL_DEBUG_MEMORY
+        #define WOLFSSL_DEBUG_MEMORY
+    #endif
+#else
+    #ifndef WOLFSSL_STATIC_MEMORY
+        #define NO_WOLFSSL_MEMORY
+        /* Otherwise we will use stdlib malloc, free and realloc */
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Port */
+/* ------------------------------------------------------------------------- */
+
+/* Override Current Time */
+/* Allows custom "custom_time()" function to be used for benchmark */
+#define WOLFSSL_USER_CURRTIME
+#define WOLFSSL_GMTIME
+#define USER_TICKS
+
+#if !defined(WOLFSSL_CRYPTOCELL)
+// extern unsigned long my_time(unsigned long* timer);
+// #define XTIME my_time
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* RNG */
+/* ------------------------------------------------------------------------- */
+
+#if defined(WOLFSSL_CRYPTOCELL)
+// /* Override P-RNG with HW RNG */
+    #undef  CUSTOM_RAND_GENERATE_BLOCK
+    #define CUSTOM_RAND_GENERATE_BLOCK  cc310_random_generate
+    //#define CUSTOM_RAND_GENERATE_BLOCK  nrf_random_generate
+    //#define WOLFSSL_GENSEED_FORTEST /* for software RNG*/
+#else
+    #define WOLFSSL_GENSEED_FORTEST
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef WOLFSSL_TLS13
+#if 0
+    #define WOLFSSL_TLS13
+#endif
+
+#undef WOLFSSL_KEY_GEN
+#if 1
+    #define WOLFSSL_KEY_GEN
+#endif
+
+/* reduce DH test time */
+#define WOLFSSL_OLD_PRIME_CHECK
+
+#undef  KEEP_PEER_CERT
+//#define KEEP_PEER_CERT
+
+#undef  HAVE_COMP_KEY
+//#define HAVE_COMP_KEY
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+#undef  WOLFCRYPT_ONLY
+//#define WOLFCRYPT_ONLY
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+//#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef  NO_DEV_RANDOM
+#define NO_DEV_RANDOM
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef  NO_HC128
+#define NO_HC128
+
+#undef  NO_RABBIT
+#define NO_RABBIT
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+#define NO_PWDBASED
+
+#undef  NO_CODING
+//#define NO_CODING
+
+#undef  NO_ASN_TIME
+//#define NO_ASN_TIME
+
+#undef  NO_CERTS
+//#define NO_CERTS
+
+#undef  NO_SIG_WRAPPER
+//#define NO_SIG_WRAPPER
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
+

IDE/ECLIPSE/DEOS/README.md

@@ -0,0 +1,225 @@
+
+
+# Deos Port
+## Overview
+You can enable the wolfSSL support for Deos RTOS available [here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using the `#define WOLFSSL_DEOS`.
+Deos is a time & space partitioned, multi-core enabled, DO-178C DAL A certifiable RTOS.
+## Usage
+
+You can start with your OpenArbor IDE-based example project for Deos with the network stack (lwip) to integrate wolfSSL source code.
+
+wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/DEOS/user_settings.h` file.
+
+The `tls_wolfssl.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. You can undefine any of these macro options to run a test.
+```
+       1. #undef NO_CRYPT_TEST
+       2. #undef NO_CRYPT_BENCHMARK
+       3. #undef NO_WOLFSSL_CLIENT
+       4. #undef NO_WOLFSSL_SERVER
+```
+Do one of the following steps for building and running wolfSSL with the Deos kernel examples, which are included in the DDS release:
+If you want to create a project from scratch, skip the Importing the project section and follow the steps in the other sections.
+
+If you want to use an pre-configured example project, go to the Importing the project section, skip the other sections and follow the Building and Running section.
+
+#### Importing the project
+In this section you will import a pre-configured example project.
+1. Launch the OpenArbor IDE as an administrator
+2. In the Workspace Launcher dialog, in the Workspace field, enter your
+workspace
+3. Right-click in the Project Explorer view and select Import
+4. In the Import dialog, select General > Existing Projects into Workspace, then click Next.
+5. In the Import Projects dialog, select Select archive file, then browse to `IDE/ECLIPSE/DEOS/` and double-click `deosWolfssl.zip` file
+6. In the Import Projects dialog, click Finish
+
+
+#### Setting up a Deos project with wolfSSL
+ 1. Download the wolfSSL source code or a zip file from GitHub. You can remove all of the files except for these folders and its contents. The top folder for this example is wolfsslPort.
+```
+wolfsslPort
+      |-- IDE
+          | -- ECLIPSE
+               | -- DEOS
+      |-- src
+      |-- wolfcrypt
+          | -- benchmark
+          | -- src
+          | -- test
+      |-- wolfssl
+          |-- openssl
+          |-- wolfcrypt
+              |-- port
+```
+ 2. Remove these two platform specific assembly source files:
+    -   wolfsslPort/wolfcrypt/src/aes_asm.asm
+    -   wolfsslPort/wolfcrypt/src/aes_asm.S
+
+ 3. Launch the OpenArbor IDE as an administrator
+ 4. Create a DDC-I Deos example project. In the main menu, go to File >DDC-I Deos example project > socket > udp-vs-tcp
+ 5. Import the `wolfSSLPort` source code into your project.
+    -   Right-click the ` udp-vs-tcp` project and choose File -> Import.
+    -   Expand the General folder and select File System, then click Next. You should now see the Import File system dialog.
+    -   Browse to the location containing the wolfSSL code and choose OK. Select the `wolfsslPort` folder and check the `Create top-level folder` button, then select Finish. You should see the folder hierarchy the same as wolfSSL folder structures.
+6. Review the configuration in $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h
+
+7.  Review the custom malloc/realloc/free configuration $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/deos_malloc.c . Memory allocated with malloc() is never freed.
+
+#### Configuring the Deos Project
+ 1. Customize your config/udp-vs-tcp.pd.xml with the following changes:
+```
+<processTemplate
+     mutexQuota = "5"
+   >
+
+   <logicalMemoryPools>
+           pagesNeeded = "500"
+      ></pool>
+   </logicalMemoryPools>
+
+   <threadTemplate
+      stackSizeInPages = "20"
+    ></threadTemplate>
+
+   <mutexTemplates>
+      <mutexTemplate
+           name = "protectWolfSSLTemp"
+           lockTimeInUsec = "40"
+           priority = "fastest"
+      ></mutexTemplate>
+   </mutexTemplates>
+
+</processTemplate>
+```
+Depending on your configuration, wolfSSL uses upto four mutexes. You also need to configure enough memory for the stack of each threads and the process logical memory pool.
+
+
+ 2. Right click on the `udp-vs-tcp` project, select properties and add the following macros in the DDC-I Options > C Compile > Preprocessor
+      -   DEOS_ALLOW_OBSOLETE_DEFINITIONS
+      -   WOLFSSL_USER_SETTINGS
+ 3.  Add the following directory paths in the DDC-I Options > C Compile > Directories and in the DDC-I Options > C++ Compile > Directories
+      -   $(PROJECT_DIR)/wolfsslPort
+      -   $(PROJECT_DIR)/wolfsslPort/wolfssl
+      -   $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS
+      -   $(PROJECT_DIR.printx)/code
+ 4.  Change the optimization level in the DDC-I Options > C Compile > Code Generation > Optimization level:g
+      -   g
+ 5.  Add the following library dependencies in the DDC-I Options > Deos > Dependencies
+      -   math
+      -   dart
+      -   ansi
+      -   printx
+          - You must add printx into your workspace, File >DDC-I Deos example project > training > printx
+ 6.  Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to customize your configuration. For example, you can undef or define these tests.
+      -   #undef NO_CRYPT_TEST
+      -   #undef NO_CRYPT_BENCHMARK
+      -   #undef NO_WOLFSSL_CLIENT
+      -   #undef NO_WOLFSSL_SERVER
+ 7.  Edit your application source file where main() thread is defined and add the following:
+      -   #include "printx.h"
+      -   #include "tls_wolfssl.h"
+      -   and a call to `wolfsslRunTests()`
+Here's an example:
+```
+#include <deos.h>
+#include <printx.h>
+#include <tls_wolfssl.h>
+#include <user_settings.h>
+
+int main(void)
+{
+  initPrintx("");
+  printf("TLS wolfssl example!\n");
+
+  (void) waitUntilNextPeriod();
+   wolfsslRunTests();
+
+  deleteThread(currentThreadHandle());
+}
+
+```
+ 8.  Review $(PROJECT_DIR)/udp-vs-tcp/mailbox-transport.config configuration.
+```
+transportConfigurationId
+2                              # Client thread quota - for client and server TCP
+2                              # Client connection quota - one for client and one for server
+0                              # Server startup quota
+0                              # Server connection quota
+transportMemoryObject          # Name of memory object used for managing connections
+/
+
+connectionId1                  # TCP client connection
+Network                        # Server process name
+defaultMailbox                 # Server connection request mailbox name
+0                              # Server connection mailbox queue size (unused by Network process)
+userServiceThread              # Server thread template name
+*                              # Error timeout
+1                              # Client connection mailbox queue size
+/
+
+connectionId2                  # TCP connection
+Network                        # Server process name
+defaultMailbox                 # Server connection request mailbox name
+0                              # Server connection mailbox queue size (unused by Network process)
+userServiceThread              # Server thread template name
+*                              # Error timeout
+1                              # Client connection mailbox queue size
+/
+```
+
+   #### Building and Running
+ 1.  Build your project, then load and run your image on a target platform. Review the test results on the console output.
+
+
+### `wolfcrypt_test()`
+wolfcrypt_test() prints a message on the target console similar to the following output:
+```
+error    test passed!
+base64   test passed!
+asn      test passed!
+...
+```
+This example doesn't show the whole output.
+
+### `benchmark_test()`
+benchmark_test() prints a message on the target console similar to the following output.
+
+```
+------------------------------------------------------------------------------
+ wolfSSL version 3.15.5
+------------------------------------------------------------------------------
+wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
+RNG               225 KB tooks 1.026 seconds,  219.313 KB/s
+AES-128-CBC-enc    250 KB toks 1.105 seconds  226.210 KB/s
+AES-128-CBC-dec    225 KB tooks 1.005 seconds,  223.922 KB/s
+...
+```
+This example doesn't show the whole output.
+
+### `wolfssl_client_test()`
+
+You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros in the `tls_wolfssl.c` file to configure the host address and port. You will also need to define the server certificate. The example client uses the GET request to get a web resource from the server at https://google.com.
+
+### `wolfssl_server_test()`
+
+You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to configure the port number to listen on a local-host.
+Once you start the TLS server and `Listening for client connection` displays on the serial console, the server is ready to accept client connections.
+
+You can connect to the server using the wolfssl TLS client example from your Linux or Windows host as follows:
+```
+$ ./examples/client/client.exe -h TLS_SERVER_IP_ADDRESS
+
+The client outputs messages similar to the following:
+
+SSL version is TLSv1.2
+SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+SSL curve name is SECP256R1
+I hear ya fa shizzle!
+```
+
+## References
+
+The test results were collected from the qemu-x86 reference platform target with the following software and tool chains:
+- OpenArbor, eclipse based IDE, toolVersion = "3.31.0"
+- wolfssl [latest version](https://github.com/wolfSSL/wolfssl)
+
+For more information or questions, please email [support@wolfssl.com](mailto:support@wolfssl.com)

IDE/ECLIPSE/DEOS/deos_malloc.c

@@ -0,0 +1,108 @@
+/* deos_malloc.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+
+#define ROUND_UP(x, align)  (((int) (x) + (align - 1)) & ~(align - 1))
+#define SIZEOF_HEADER sizeof(size_t)  /* tracks size of allocated block */
+
+#define HEAP_SIZE_MAX   (1*1024*1024)
+
+static size_t allocatedMemory = 0;
+
+size_t getMemAllocatedSize_deos(size_t* size){
+
+    if (size)
+        *size = allocatedMemory;
+
+    return allocatedMemory;
+}
+
+/* Simply returns without freeing any memory. */
+
+void free_deos(void *ptr) {
+    //printf("fake free_deos()\n");
+    return;
+}
+
+void *realloc_deos(void *ptr, size_t size) {
+    void *newptr;
+
+    if (size == 0)
+        return ptr;
+    newptr = malloc_deos(size);
+
+    if (ptr != NULL && newptr != NULL) {
+
+        if ( *((char *)ptr - SIZEOF_HEADER) < *((char *)newptr - SIZEOF_HEADER))
+            size = *((char *)ptr - SIZEOF_HEADER);
+
+        XMEMCPY((char *) newptr, (const char *) ptr, size);
+        free_deos(ptr);
+    }
+
+    return newptr;
+}
+
+void *malloc_deos(size_t size) {
+    PDEOS_SYSTEM_INFO systemInfoPtr;
+    static VirtualAddressTYP heapAddr = NULL;
+    static VirtualAddressTYP freeAddr = NULL;
+    VirtualAddressTYP retAddr = NULL;
+    DWORD allocationSize = 0;
+    static int initialized = 0;
+
+    if (size <= 0)
+        return NULL;
+
+    if (!initialized) {
+        systemInfoPtr = (PDEOS_SYSTEM_INFO)getSystemInfoDEOS();
+        freeAddr = (VirtualAddressTYP)getNextLibraryStartAddress();
+        allocationSize = (((HEAP_SIZE_MAX - 1) / systemInfoPtr->dwPageSize) + 1) *
+                         systemInfoPtr->dwPageSize;
+
+        if (virtualAllocDEOS(freeAddr, allocationSize) != allocSuccess){
+            printf("ERROR: virtualAllocDEOS failed\n");
+            return NULL;
+        }
+
+        setNextLibraryStartAddress(freeAddr + allocationSize);
+        heapAddr = freeAddr;
+
+        initialized = 1;
+    }
+
+    size = ROUND_UP(size, sizeof(size_t));
+
+    if ((size + SIZEOF_HEADER) > (HEAP_SIZE_MAX - (freeAddr - heapAddr))){
+        printf("ERROR: malloc_deos cannot allocate from heap memory anymore\n");
+        return NULL;
+    }
+
+    *freeAddr = size;
+    freeAddr += SIZEOF_HEADER;
+    retAddr = freeAddr;
+    XMEMSET(retAddr, 0, size);
+    freeAddr += size;
+    allocatedMemory += size;
+
+    return retAddr;
+}

IDE/ECLIPSE/DEOS/include.am

@@ -0,0 +1,10 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/ECLIPSE/DEOS/README.md \
+    IDE/ECLIPSE/DEOS/user_settings.h \
+    IDE/ECLIPSE/DEOS/tls_wolfssl.h \
+    IDE/ECLIPSE/DEOS/tls_wolfssl.c \
+    IDE/ECLIPSE/DEOS/deos_malloc.c

IDE/ECLIPSE/DEOS/tls_wolfssl.c

@@ -0,0 +1,599 @@
+/* tls_wolfssl.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/ssl.h>
+#include <wolfcrypt/test/test.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+#include <wolfssl/wolfcrypt/logging.h> /* to use WOLFSSL_MSG */
+#include <tls_wolfssl.h>
+
+
+int setupTransport(clientConnectionHandleType* connectionHandle,
+                   char* connectionId) {
+    int ret, error;
+    void * sendBuffer;
+    DWORD bufferSizeInBytes;
+
+    if ((ret = socketTransportInitialize("mailbox-transport.config",
+                                         "transportConfigurationId",
+                                         (DWORD)waitIndefinitely,&error)) != transportSuccess)
+        printf("Initialize 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportClientInitialize((DWORD)waitIndefinitely,
+                                                    &error)) != transportSuccess)
+        printf("ClientInitialize 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportCreateConnection(connectionId,
+                                                    (DWORD)waitIndefinitely,
+                                                    COMPATIBILITY_ID_2,
+                                                    connectionHandle,
+                                                    &sendBuffer,
+                                                    &bufferSizeInBytes,
+                                                    &error)) != transportSuccess)
+        printf("CreateConnection 0x%x, error=%d\n", ret, error);
+
+    else if ((ret = socketTransportSetConnectionForThread(currentThreadHandle(),
+                                                          *connectionHandle,
+                                                          (DWORD)waitIndefinitely,
+                                                          &error)) != transportSuccess)
+        printf("SetConnectionForThread 0x%x, error=%d\n", ret, error);
+
+    return ret;
+}
+
+#if !defined(NO_WOLFSSL_CLIENT )
+
+/* 172.217.3.174 is the IP address of https://www.google.com */
+#define TCP_SERVER_IP_ADDR "172.217.3.174"
+#define TCP_SERVER_DOMAIN_NAME "www.google.com"
+#define TCP_SERVER_PORT 443
+
+#define TX_BUF_SIZE 64
+#define RX_BUF_SIZE 1024
+
+#define TX_MSG "GET /index.html HTTP/1.0\n\n"
+#define TX_MSG_SIZE sizeof(TX_MSG)
+
+static const unsigned char google_certs_ca[]="\n\
+## Google Internet Authority G3 \n\
+-----BEGIN CERTIFICATE-----\n\
+MIIEXDCCA0SgAwIBAgINAeOpMBz8cgY4P5pTHTANBgkqhkiG9w0BAQsFADBMMSAw\n\
+HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs\n\
+U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy\n\
+MTUwMDAwNDJaMFQxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg\n\
+U2VydmljZXMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzMw\n\
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUkvqHv/OJGuo2nIYaNVW\n\
+XQ5IWi01CXZaz6TIHLGp/lOJ+600/4hbn7vn6AAB3DVzdQOts7G5pH0rJnnOFUAK\n\
+71G4nzKMfHCGUksW/mona+Y2emJQ2N+aicwJKetPKRSIgAuPOB6Aahh8Hb2XO3h9\n\
+RUk2T0HNouB2VzxoMXlkyW7XUR5mw6JkLHnA52XDVoRTWkNty5oCINLvGmnRsJ1z\n\
+ouAqYGVQMc/7sy+/EYhALrVJEA8KbtyX+r8snwU5C1hUrwaW6MWOARa8qBpNQcWT\n\
+kaIeoYvy/sGIJEmjR0vFEwHdp1cSaWIr6/4g72n7OqXwfinu7ZYW97EfoOSQJeAz\n\
+AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH\n\
+AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHfCuFCa\n\
+Z3Z2sS3ChtCDoH6mfrpLMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYu\n\
+MDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdv\n\
+b2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dz\n\
+cjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYc\n\
+aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA\n\
+HLeJluRT7bvs26gyAZ8so81trUISd7O45skDUmAge1cnxhG1P2cNmSxbWsoiCt2e\n\
+ux9LSD+PAj2LIYRFHW31/6xoic1k4tbWXkDCjir37xTTNqRAMPUyFRWSdvt+nlPq\n\
+wnb8Oa2I/maSJukcxDjNSfpDh/Bd1lZNgdd/8cLdsE3+wypufJ9uXO1iQpnh9zbu\n\
+FIwsIONGl1p3A8CgxkqI/UAih3JaGOqcpcdaCIzkBaR9uYQ1X4k2Vg5APRLouzVy\n\
+7a8IVk6wuy6pm+T7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZV\n\
+c7o835DLAFshEWfC7TIe3g==\n\
+-----END CERTIFICATE-----\n\
+## Google Trust Services- GlobalSign Root CA-R2\n\
+-----BEGIN CERTIFICATE-----\n\
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G\n\
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp\n\
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1\n\
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG\n\
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\n\
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL\n\
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8\n\
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq\n\
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd\n\
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa\n\
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB\n\
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH\n\
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n\n\
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG\n\
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs\n\
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO\n\
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS\n\
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7\n\
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n\
+-----END CERTIFICATE-----\n\
+";
+
+void wolfssl_client_test(uintData_t statusPtr) {
+    int sock;
+    char rx_buf[RX_BUF_SIZE];
+    char tx_buf[TX_BUF_SIZE];
+    int ret = 0, error = 0;
+
+    sockaddr_in server_addr;
+    clientConnectionHandleType TCPclientHandle;
+
+    WOLFSSL* ssl;
+    WOLFSSL_CTX* ctx;
+
+    /* set up the mailbox transport */
+
+    if (setupTransport(&TCPclientHandle, (char*)"connectionId1") != transportSuccess){
+        printf("TCP transport set up failed \n");
+        return;
+      }
+
+    printf("Creating a network socket...\n");
+
+    sock = socket(AF_INET, SOCK_STREAM, 0);
+
+    if (sock == SOCKET_ERROR) {
+        printf("ERROR: Failed to create socket, err = %d\n", errno);
+        return;
+    }
+
+    printf("Clearing memory for server_addr struct\n");
+
+    XMEMSET((char *) &server_addr, 0u, sizeof(server_addr));
+
+    printf("Connecting to server IP address: %s, port: %d\n",
+                    TCP_SERVER_IP_ADDR, TCP_SERVER_PORT);
+
+    server_addr.sin_family = AF_INET;
+    server_addr.sin_addr = inet_addr(TCP_SERVER_IP_ADDR);
+    server_addr.sin_port = htons(TCP_SERVER_PORT);
+
+    printf("Calling connect on socket\n");
+    if (connect(sock, (sockaddr *) &server_addr, sizeof(server_addr)) < 0 ) {
+        printf("ERROR: connect, err = %d\n", errno);
+        closesocket(sock);
+        return;
+    }
+
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* wolfSSL INIT and CTX SETUP */
+
+    wolfSSL_Init();
+
+    /* chooses the highest possible TLS version */
+
+    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+
+    /* SET UP NETWORK SOCKET */
+    if (ctx == 0) {
+        printf("ERROR: wolfSSL_CTX_new failed\n");
+        closesocket(sock);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_CTX_new done");
+
+    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+
+    ret = wolfSSL_CTX_load_verify_buffer(ctx,
+                                         google_certs_ca,
+                                         sizeof(google_certs_ca),
+                                         SSL_FILETYPE_PEM);
+
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_load_verify_buffer() failed\n");
+        closesocket(sock);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+        printf("ERROR: wolfSSL_new() failed\n");
+        closesocket(sock);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_new done");
+    ret = wolfSSL_set_fd(ssl, sock);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_set_fd() failed\n");
+        closesocket(sock);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    WOLFSSL_MSG("wolfSSL_set_fd done");
+    do {
+        error = 0; /* reset error */
+        ret = wolfSSL_connect(ssl);
+        if (ret != SSL_SUCCESS) {
+            error = wolfSSL_get_error(ssl, 0);
+            printf("ERROR: wolfSSL_connect() failed, err = %d\n", error);
+            if (error != SSL_ERROR_WANT_READ) {
+                closesocket(sock);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 1 sec*/
+        }
+    } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ));
+
+    printf("wolfSSL_connect() ok... sending GET\n");
+    XSTRNCPY(tx_buf, TX_MSG, TX_MSG_SIZE);
+    if (wolfSSL_write(ssl, tx_buf, TX_MSG_SIZE) != TX_MSG_SIZE) {
+        error = wolfSSL_get_error(ssl, 0);
+        printf("ERROR: wolfSSL_write() failed, err = %d\n", error);
+        closesocket(sock);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    do {
+        error = 0; /* reset error */
+        ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1);
+        if (ret < 0) {
+            error = wolfSSL_get_error(ssl, 0);
+            if (error != SSL_ERROR_WANT_READ) {
+                printf("wolfSSL_read failed, error = %d\n", error);
+                closesocket(sock);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 1 second*/
+        } else if (ret > 0) {
+            rx_buf[ret] = 0;
+            printf("%s\n", rx_buf);
+        }
+    } while (error == SSL_ERROR_WANT_READ);
+    wolfSSL_shutdown(ssl);
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+    wolfSSL_Cleanup();
+    closesocket(sock);
+    return;
+}
+
+#endif /* NO_WOLFSSL_CLIENT */
+
+#if !defined(NO_WOLFSSL_SERVER)
+
+#define TLS_SERVER_PORT 11111
+#define TX_BUF_SIZE 64
+#define RX_BUF_SIZE 1024
+#define TCP_SERVER_CONN_Q_SIZE 1
+
+/* derived from wolfSSL/certs/server-ecc.der */
+
+static const unsigned char server_ecc_der_256[] = { 0x30, 0x82, 0x03, 0x10,
+        0x30, 0x82, 0x02, 0xB5, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
+        0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8F, 0x31,
+        0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
+        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57,
+        0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30,
+        0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74,
+        0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A,
+        0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30,
+        0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31,
+        0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
+        0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+        0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E,
+        0x17, 0x0D, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, 0x32, 0x30, 0x30, 0x37,
+        0x33, 0x38, 0x5A, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x35, 0x30, 0x38, 0x32,
+        0x30, 0x30, 0x37, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30,
+        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
+        0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73,
+        0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06,
+        0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C,
+        0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07,
+        0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, 0x0A, 0x06,
+        0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, 0x43, 0x31, 0x18, 0x30,
+        0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13,
+        0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A,
+        0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB,
+        0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C,
+        0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB,
+        0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3,
+        0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18,
+        0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80,
+        0x34, 0x89, 0xD8, 0xA3, 0x81, 0xF7, 0x30, 0x81, 0xF4, 0x30, 0x1D, 0x06,
+        0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF,
+        0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
+        0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xC4, 0x06, 0x03, 0x55, 0x1D, 0x23,
+        0x04, 0x81, 0xBC, 0x30, 0x81, 0xB9, 0x80, 0x14, 0x5D, 0x5D, 0x26, 0xEF,
+        0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23,
+        0xEF, 0xB2, 0x89, 0x30, 0xA1, 0x81, 0x95, 0xA4, 0x81, 0x92, 0x30, 0x81,
+        0x8F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
+        0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31,
+        0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65,
+        0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x0A, 0x0C, 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31,
+        0x0C, 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43,
+        0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
+        0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+        0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+        0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x82, 0x09, 0x00, 0xEF, 0x46, 0xC7, 0xA4, 0x9B, 0xBB, 0x60, 0xD3, 0x30,
+        0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
+        0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03,
+        0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF1, 0xD0, 0xA6,
+        0x3E, 0x83, 0x33, 0x24, 0xD1, 0x7A, 0x05, 0x5F, 0x1E, 0x0E, 0xBD, 0x7D,
+        0x6B, 0x33, 0xE9, 0xF2, 0x86, 0xF3, 0xF3, 0x3D, 0xA9, 0xEF, 0x6A, 0x87,
+        0x31, 0xB3, 0xB7, 0x7E, 0x50, 0x02, 0x21, 0x00, 0xF0, 0x60, 0xDD, 0xCE,
+        0xA2, 0xDB, 0x56, 0xEC, 0xD9, 0xF4, 0xE4, 0xE3, 0x25, 0xD4, 0xB0, 0xC9,
+        0x25, 0x7D, 0xCA, 0x7A, 0x5D, 0xBA, 0xC4, 0xB2, 0xF6, 0x7D, 0x04, 0xC7,
+        0xBD, 0x62, 0xC9, 0x20 };
+
+/* derived from wolfSSL/certs/ecc-key.der */
+
+static const unsigned char ecc_key_der_256[] = { 0x30, 0x77, 0x02, 0x01, 0x01,
+        0x04, 0x20, 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, 0xA1, 0x38,
+        0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04,
+        0xFA, 0x6C, 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C, 0xA0, 0x0A,
+        0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0xA1, 0x44,
+        0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6,
+        0x4A, 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE,
+        0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61,
+        0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92,
+        0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8,
+        0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, 0xD8 };
+
+
+void wolfssl_server_test(uintData_t statusPtr)
+{
+    int sock_listen;
+    int bindStatus;
+    int sock_req;
+    sockaddr_in socketAddr;
+    sockaddr_in server_addr;
+    int  socketAddrLen=sizeof(sockaddr);
+    char rx_buf[RX_BUF_SIZE];
+    char tx_buf[TX_BUF_SIZE];
+    unsigned  char attempt_conn;
+    clientConnectionHandleType TCPserverHandle;
+    void * sendBuffer;
+    DWORD bufferSizeInBytes;
+
+    WOLFSSL * ssl;
+    WOLFSSL_CTX * ctx;
+    int tx_buf_sz = 0, ret = 0, error = 0;
+
+    /* set up the mailbox transport */
+    /* connectionId2 is defined in the mailbox-transport.config*/
+    if (setupTransport(&TCPserverHandle, (char*)"connectionId2") != transportSuccess){
+        printf("TCP transport set up failed \n");
+        return;
+      }
+
+    /* SET UP NETWORK SOCKET */
+
+    printf("Opening network socket...\n");
+    sock_listen = socket(AF_INET, SOCK_STREAM, 0);
+    if (sock_listen == SOCKET_ERROR) {
+        printf("ERROR: socket, err = %d\n", errno);
+        return;
+    }
+
+    printf("Clearing memory for server_addr struct\n");
+    XMEMSET((char *) &server_addr, 0u, sizeof(server_addr));
+
+    printf("Setting up server_addr struct\n");
+    server_addr.sin_family = AF_INET;
+    server_addr.sin_addr = INADDR_ANY;
+    server_addr.sin_port = htons(TLS_SERVER_PORT);
+
+    bindStatus = bind(sock_listen, (sockaddr *) &server_addr, sizeof(server_addr));
+    if (bindStatus == SOCKET_ERROR) {
+       printf("ERROR: bind, err = %d\n", errno);
+       closesocket(sock_listen);
+       return;
+    }
+
+    /* wolfSSL INIT and CTX SETUP */
+
+    wolfSSL_Init();
+
+    /* chooses the highest possible TLS version */
+
+    ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
+
+    if (ctx == 0) {
+        printf("ERROR: wolfSSL_CTX_new failed\n");
+        closesocket(sock_listen);
+        return;
+    }
+    WOLFSSL_MSG("wolfSSL_CTX_new done");
+
+    ret = wolfSSL_CTX_use_certificate_buffer(ctx,
+                                             server_ecc_der_256,
+                                             sizeof(server_ecc_der_256),
+                                             SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_use_certificate_buffer() failed, \
+                err = %d\n", ret);
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
+                                            ecc_key_der_256,
+                                            sizeof(ecc_key_der_256),
+                                            SSL_FILETYPE_ASN1);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_CTX_use_PrivateKey_buffer() failed\n");
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    /* accept client socket connections */
+    printf("Listening for client connection\n");
+    printf("E.g, you can use ./examples/client/client.exe -h 192.168.219.100\n");
+    printf("    \n");
+
+    listen(sock_listen, TCP_SERVER_CONN_Q_SIZE);
+
+    sock_req = accept(sock_listen,
+                     (sockaddr *) &socketAddr,
+                     &socketAddrLen);
+
+    if (sock_req == -1) {
+        printf("ERROR: accept, err = %d\n", errno);
+        closesocket(sock_listen);
+        return;
+    }
+
+    printf("Got client connection! Starting TLS negotiation\n");
+
+    #ifdef DEBUG_WOLFSSL
+        wolfSSL_Debugging_ON();
+    #endif
+
+    /* set up wolfSSL session */
+    ssl = wolfSSL_new(ctx);
+    if (ssl == NULL) {
+        printf("ERROR: wolfSSL_new() failed\n");
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_new done");
+    ret = wolfSSL_set_fd(ssl, sock_req);
+    if (ret != SSL_SUCCESS) {
+        printf("ERROR: wolfSSL_set_fd() failed\n");
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+
+    WOLFSSL_MSG("wolfSSL_set_fd done");
+    do {
+        error = 0; /* reset error */
+        if (ret != SSL_SUCCESS) {
+            error = wolfSSL_get_error(ssl, 0);
+            printf("ERROR: wolfSSL_accept() failed, err = %d\n", error);
+            if (error != SSL_ERROR_WANT_READ) {
+                closesocket(sock_req);
+                closesocket(sock_listen);
+                wolfSSL_free(ssl);
+                wolfSSL_CTX_free(ctx);
+                return;
+            }
+            /* goToSleep() for 500 milli sec*/
+        }
+    } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ));
+
+    printf("wolfSSL_accept() ok...\n");
+
+    /* read client data */
+
+    error = 0;
+    XMEMSET(rx_buf, 0u, RX_BUF_SIZE);
+    ret = wolfSSL_read(ssl, rx_buf, RX_BUF_SIZE - 1);
+    if (ret < 0) {
+        error = wolfSSL_get_error(ssl, 0);
+        if (error != SSL_ERROR_WANT_READ) {
+            printf("wolfSSL_read failed, error = %d\n", error);
+            closesocket(sock_req);
+            closesocket(sock_listen);
+            wolfSSL_free(ssl);
+            wolfSSL_CTX_free(ctx);
+            return;
+        }
+    }
+
+    printf("AFTER wolfSSL_read() call, ret = %d\n", ret);
+    if (ret > 0) {
+        rx_buf[ret] = 0;
+        printf("Client sent: %s\n", rx_buf);
+    }
+    /* write response to client */
+    XMEMSET(tx_buf, 0u, TX_BUF_SIZE);
+    tx_buf_sz = 22;
+    XSTRNCPY(tx_buf, "I hear ya fa shizzle!\n", tx_buf_sz);
+    if (wolfSSL_write(ssl, tx_buf, tx_buf_sz) != tx_buf_sz) {
+        error = wolfSSL_get_error(ssl, 0);
+        printf("ERROR: wolfSSL_write() failed, err = %d\n", error);
+        closesocket(sock_req);
+        closesocket(sock_listen);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        return;
+    }
+    ret = wolfSSL_shutdown(ssl);
+    if (ret == SSL_SHUTDOWN_NOT_DONE)
+        wolfSSL_shutdown(ssl);
+
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+        wolfSSL_Cleanup();
+        closesocket(sock_req);
+        closesocket(sock_listen);
+    return;
+}
+
+#endif /* NO_WOLFSSL_SERVER */
+
+int  wolfsslRunTests (void)
+{
+    thread_handle_t TCPhandle;
+    threadStatus ts;
+    int ret;
+
+    #if !defined(NO_CRYPT_TEST)
+        wolfcrypt_test(NULL);
+    #endif
+    #if !defined(NO_CRYPT_BENCHMARK)
+        benchmark_test(NULL);
+    #endif
+    #if !defined(NO_WOLFSSL_CLIENT)
+        ts = createThread("TCPclient", "TCPThreadTemplate", wolfssl_client_test,
+                          0, &TCPhandle );
+        if (ts != threadSuccess) {
+            printf("Unable to create TCP client thread, %i ", (DWORD)ts);
+        }
+    #endif
+    #if !defined(NO_WOLFSSL_SERVER)
+        ts = createThread("TCPserver", "TCPThreadTemplate", wolfssl_server_test,
+                          0, &TCPhandle );
+        if (ts != threadSuccess) {
+            printf("Unable to create TCP server thread, %i ", (DWORD)ts);
+        }
+    #endif
+
+    return 0;
+}

IDE/ECLIPSE/DEOS/tls_wolfssl.h

@@ -0,0 +1,37 @@
+/* tls_wolfssl.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef  __TLS_WOLFSSL_H__
+#define  __TLS_WOLFSSL_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int wolfsslRunTests(void);
+void wolfssl_client_test(uintData_t);
+void wolfssl_server_test(uintData_t);
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* TLS_WOLFSSL_H */

IDE/ECLIPSE/DEOS/user_settings.h

@@ -0,0 +1,112 @@
+/* user_setting.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef DEOS_USER_SETTINGS_H_
+#define DEOS_USER_SETTINGS_H_
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#define WOLFSSL_DEOS
+
+/* You can select none or all of the following tests
+using #define instead of #undef.
+By default, all four tests run*/
+
+#undef NO_CRYPT_TEST
+#undef NO_CRYPT_BENCHMARK
+#undef NO_WOLFSSL_CLIENT
+#undef NO_WOLFSSL_SERVER
+
+/* adjust CURRENT_UNIX_TIMESTAMP to seconds since Jan 01 1970. (UTC)
+You can get the current time from https://www.unixtimestamp.com/
+*/
+#define CURRENT_UNIX_TIMESTAMP 1545864916
+
+#define NO_FILESYSTEM
+#define SIZEOF_LONG_LONG 8
+
+/* prevents from including multiple definition of main() */
+#define NO_MAIN_DRIVER
+#define NO_TESTSUITE_MAIN_DRIVER
+
+/* includes certificate test buffers via header files */
+#define USE_CERT_BUFFERS_2048
+
+/*use kB instead of mB for embedded benchmarking*/
+#define BENCH_EMBEDDED
+
+#define NO_WRITE_TEMP_FILES
+
+#define HAVE_AESGCM
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519
+#define ED25519_SMALL
+
+/* TLS 1.3 */
+#if 0
+    #define WOLFSSL_TLS13
+    #define WC_RSA_PSS
+    #define HAVE_HKDF
+    #define HAVE_FFDHE_2048
+    #define HAVE_AEAD
+#endif
+
+#if 0
+
+/* You can use your own custom random generator function with
+   no input parameters and a `CUSTOM_RAND_TYPE` return type*/
+
+    #ifndef CUSTOM_RAND_GENERATE
+         #define CUSTOM_RAND_TYPE     int
+         #define CUSTOM_RAND_GENERATE yourRandGenFunc
+    #endif
+
+#endif
+
+#if 1
+    #undef  XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+    /* prototypes for user heap override functions */
+
+    #include <stddef.h>  /* for size_t */
+
+    extern void *malloc_deos(size_t size);
+    extern void  free_deos(void *ptr);
+    extern void *realloc_deos(void *ptr, size_t size);
+
+    #define XMALLOC(n, h, t)     malloc_deos(n)
+    #define XFREE(p, h, t)       free_deos(p)
+    #define XREALLOC(p, n, h, t) realloc_deos(p, n)
+
+#endif
+
+#define printf printx
+
+#ifdef __cplusplus
+    }   /* extern "C" */
+#endif
+
+#endif

IDE/ECLIPSE/MICRIUM/client_wolfssl.c

@@ -1,6 +1,6 @@
 /* client_wolfssl.c
  *
- * Copyright (C) 2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/client_wolfssl.h

@@ -1,6 +1,6 @@
 /* client_wolfssl.h
  *
- * Copyright (C) 2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/server_wolfssl.c

@@ -1,6 +1,6 @@
 /* server_wolfssl.c
  *
- * Copyright (C) 2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/server_wolfssl.h

@@ -1,6 +1,6 @@
 /* server_wolfssl.h
  *
- * Copyright (C) 2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/user_settings.h

@@ -1,6 +1,6 @@
 /* user_setting.h
  *
- * Copyright (C) 2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c

@@ -1,6 +1,6 @@
 /* wolfsslRunTests.c
  *
- * Copyright (C) 2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ECLIPSE/SIFIVE/README.md

@@ -0,0 +1 @@
+This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.

IDE/ECLIPSE/SIFIVE/include.am

@@ -0,0 +1,6 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += \
+    IDE/ECLIPSE/SIFIVE/README.md

IDE/Espressif/ESP-IDF/README.md

@@ -1,28 +1,30 @@
 # ESP-IDF port
 ## Overview
  ESP-IDF development framework with wolfSSL by setting *WOLFSSL_ESPIDF* definition
- 
- Including the following examples:
-  simple tls_client/server
-  crypt test
-  crypt benchmark
+
+Including the following examples:
+
+* simple tls_client/server
+* crypt test
+* crypt benchmark
 
  The *user_settings.h* file enables some of the hardened settings.
 
 ## Requirements
- 1. ESP-IDF development framework
+ 1. ESP-IDF development framework  
     [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/]
+
     Note: This expects to use Linux version.
-     
+
 ## Setup
  1. Run *setup.sh* to deploy files into ESP-IDF tree
  2. Find Wolfssl files at /path/to/esp-idf/components/wolfssl/
  3. Find Example programs under /path/to/esp-idf/examples/protocols/wolfssl_xxx
- 4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
+ 4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h  
     Uncomment out #define WOLFSSL_ESPWROOM32 in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
 
 ## Configuration
- 1. The *user_settings.h* for each example can be found in /path/to/examples/protocols/wolfssl_xxx/main/include/user_settings.h
+ 1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h
 
 ## Build examples
  1. See README in each example folder

IDE/Espressif/ESP-IDF/README_32se.md

@@ -0,0 +1,58 @@
+# DEMO program with ATECC608A on ESP-WROOM-32SE
+## Overview
+ Running demo programs with ATECC608A on 32SE by setting *WOLFSSL_ESPWROOM32SE* definition
+
+Including the following examples:
+
+* simple tls_client/tls_server
+* crypt benchmark
+
+ The *user_settings.h* file enables some of the hardened settings. 
+ 
+## Requirements
+ 1. ESP-IDF development framework  
+    [https://docs.espressif.com/projects/esp-idf/en/latest/get-started/]
+
+ 2. Microchip CryptoAuthentication Library  
+    [https://github.com/MicrochipTech/cryptoauthlib]
+    
+## Setup
+ 1. wolfSSL under ESP-IDF. Please see [README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/README.md)
+ 2. CryptoAuthentication Library under ESP-IDF. Please see [README.md](https://github.com/miyazakh/cryptoauthlib_esp_idf/blob/master/README.md)
+ 
+ 3. Uncomment out #define WOLFSSL_ESPWROOM32SE in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
+ 
+    Note : Need to enable WOLFSSL_ESPIDF  
+    Note : crypt test will fail if enabled WOLFSSL_ESPWROOM32SE
+ 
+## Configuration
+ 1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h
+
+## Build examples
+ 1. See README in each example folder
+
+## Benchmark
+w/o atecc608a
+```
+ECC      256 key gen         4 ops took 1.092 sec, avg 273.000 ms, 3.663 ops/sec
+ECDHE    256 agree           4 ops took 1.091 sec, avg 272.750 ms, 3.666 ops/sec
+ECDSA    256 sign            4 ops took 1.102 sec, avg 275.500 ms, 3.630 ops/sec
+ECDSA    256 verify          2 ops took 1.091 sec, avg 545.500 ms, 1.833 ops/sec
+```
+w/ atecc608a
+```
+ECC      256 key gen        11 ops took 1.074 sec, avg 97.636 ms, 10.242 ops/sec
+ECDHE    256 agree           6 ops took 1.068 sec, avg 178.000 ms, 5.618 ops/sec
+ECDSA    256 sign            8 ops took 1.009 sec, avg 126.125 ms, 7.929 ops/sec
+ECDSA    256 verify         14 ops took 1.079 sec, avg 77.071 ms, 12.975 ops/sec
+```
+
+## Support
+ For question please email [support@wolfssl.com]
+
+ Note: This is tested with the following condition:
+ 
+- Model    : ESP32-WROOM-32SE  
+- ESP-IDF  : v3.3-beta1-39-g6cb37ecc5(commit hash : 6cb37ecc5)  
+- CryptAuthLib: commit hash : c6b176e
+- OS       : Ubuntu 18.04.1 LTS (Bionic Beaver)

IDE/Espressif/ESP-IDF/dummy_config_h

@@ -0,0 +1,24 @@
+/* config.h - dummy
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _CONFIG_H_
+#define _CONFIG_H_
+#endif

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md

@@ -2,12 +2,14 @@
 
 The Example contains of wolfSSL benchmark program.
 
-1. "make menuconfig" to configure the program.
- 1-1. Example Configuration ->
-     BENCH_ARG : argument that you want to use. Default is "-lng 0"
-                 The list of argument can be find in help.
+1. "make menuconfig" to configure the program.  
+    1-1. Example Configuration ->
+
+    BENCH_ARG : argument that you want to use. Default is "-lng 0"  
+    The list of argument can be find in help.
 
 When you want to run the benchmark program
+
 1. "make flash" to compile and load the firmware
 2. "make monitor" to see the message
 

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+#
+# wolfssl benchmark test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "benchmark.c" "helper.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+register_component()

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c

@@ -1,6 +1,6 @@
 /* helper.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -22,12 +22,80 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
 #include "sdkconfig.h"
+#include "esp_log.h"
 
-#define WOLFSSL_BENCH_ARGV              CONFIG_BENCH_ARGV
+#define WOLFSSL_BENCH_ARGV                 CONFIG_BENCH_ARGV
 
+/* proto-type */
+extern void wolf_benchmark_task();
+static const char* const TAG = "wolfbenchmark";
 char* __argv[22];
 
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you need to use a custom slot allocation, */
+/* enable the definition CUSTOM_SLOT_ALLOCAION.   */
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+    for(i = 0;i < ATECC_MAX_SLOT;i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i = 0;i < ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    return slot;
+}
+
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+}
+
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
+
 int construct_argv()
 {
     int cnt = 0;
@@ -78,3 +146,27 @@ int construct_argv()
 
     return (cnt);
 }
+
+/* entry point */
+void app_main(void)
+{
+    (void) TAG;
+#ifndef NO_CRYPT_BENCHMARK
+
+/* when using atecc608a on esp32-wroom-32se */
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    my_atmel_slotInit();
+    /* to register the callback, it needs to be initialized. */
+    if ((wolfCrypt_Init()) != 0) {
+       ESP_LOGE(TAG, "wolfCrypt_Init failed");
+       return;
+    }
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+    wolf_benchmark_task();
+#else
+#endif /* NO_CRYPT_BENCHMARK */
+}

IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults

@@ -1,4 +1,6 @@
 CONFIG_BENCH_ARGV="-lng 0"
-CONFIG_MAIN_TASK_STACK_SIZE=5000
+CONFIG_MAIN_TASK_STACK_SIZE=7000
 CONFIG_FREERTOS_HZ=1000
 CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=
+CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
+170 CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ=240

IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt

@@ -2,5 +2,10 @@
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.5)
 
+# (Not part of the boilerplate)
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# disable the following line if there isn't the directory
+set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(wolfssl_client)

IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile

@@ -6,6 +6,7 @@
 PROJECT_NAME := wolfssl_client
 
 CFLAGS += -DWOLFSSL_USER_SETTINGS
+# if there isn't the directory, please disable the line below.
+EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
 
 include $(IDF_PATH)/make/project.mk
-

IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md

@@ -1,19 +1,22 @@
-#wolfssl Example
+#wolfSSL Example
 
 The Example contains of wolfSSL tls client demo.
 
-1. "make menuconfig" to config the project
- 1-1. Example Configuration ->
-      WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
-      WIFI Password: WIFI password, and default is "mypassword"
-      Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
+1. "make menuconfig" to config the project  
+    1-1. Example Configuration ->
+
+          WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")  
+          WIFI Password: WIFI password, and default is "mypassword"  
+          Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
     
-    Note: the example program uses 11111 port. If you want to use different port
-         , you need to modifiy DEFAULT_PORT definition in the code.
+    Note: the example program uses 11111 port. If you want to use different port  
+        , you need to modify DEFAULT_PORT definition in the code.
 
 When you want to test the wolfSSL client
-1. "make falsh monitor" to load the firmware and see the context
-2. You can use <wolfssl>/examples/server/server program for test.
-   e.g. Launch ./examples/server/server -v 4 -b -i
+
+1. "make flash monitor" to load the firmware and see the context  
+2. You can use <wolfssl>/examples/server/server program for test.  
+
+         e.g. Launch ./examples/server/server -v 4 -b -i
 
 See the README.md file in the upper level 'examples' directory for more information about examples.

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+#
+# wolfssl client test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "client-tls.c" "wifi_connect.c")
+set(COMPONENT_ADD_INCLUDEDIRS "." "./include")
+
+register_component()

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c

@@ -1,8 +1,8 @@
 /* client-tls-callback.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 /* the usual suspects */
 #include <stdlib.h>
@@ -28,13 +28,11 @@
 #include "wifi_connect.h"
 
 /* socket includes */
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <unistd.h>
+#include "lwip/netdb.h"
+#include "lwip/sockets.h"
 
 /* wolfSSL */
-#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/certs_test.h>
 
@@ -42,25 +40,112 @@
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-const char *TAG = "tls_client";
+static const char* const TAG = "tls_client";
 
+#if defined(DEBUG_WOLFSSL)
+
+static void ShowCiphers(void)
+{
+    char ciphers[4096];
+
+    int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+
+    if (ret == WOLFSSL_SUCCESS)
+        printf("%s\n", ciphers);
+}
+
+#endif
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you want to use custom slot allocation */
+/* enable the definition CUSTOM_SLOT_ALLOCATION.*/
+
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
+                                                atmel_slot_dealloc_cb dealloc);
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+
+    for(i=0;i<ATECC_MAX_SLOT; i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 2;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i=0;i<ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    return slot;
+}
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+}
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
+
+/* client task */
 void tls_smp_client_task()
 {
     int ret;
     int sockfd;
+    int doPeerCheck;
+    int sendGet;
     struct sockaddr_in servAddr;
     char buff[256];
+    const char* ch = TLS_SMP_TARGET_HOST;
     size_t len;
+    struct hostent *hp;
+    struct ip4_addr *ip4_addr;
+    const char sndMsg[] = "GET /index.html HTTP/1.0\r\n\r\n";
 
     /* declare wolfSSL objects */
     WOLFSSL_CTX *ctx;
     WOLFSSL *ssl;
 
-   WOLFSSL_ENTER("tls_smp_client_task");
+    WOLFSSL_ENTER("tls_smp_client_task");
+
+    doPeerCheck = 0;
+    sendGet = 0;
 
 #ifdef DEBUG_WOLFSSL
-   WOLFSSL_MSG("Debug ON");
-   wolfSSL_Debugging_ON();
+    WOLFSSL_MSG("Debug ON");
+    wolfSSL_Debugging_ON();
+    ShowCiphers();
 #endif
     /* Initialize wolfSSL */
     wolfSSL_Init();
@@ -69,17 +154,48 @@ void tls_smp_client_task()
      * Sets the socket to be stream based (TCP),
      * 0 means choose the default protocol. */
     if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
-        printf("ERROR: failed to create the socket\n");
+        ESP_LOGE(TAG,"ERROR: failed to create the socket\n");
+    }
+
+    ESP_LOGI(TAG, "get target IP address");
+
+    hp = gethostbyname(TLS_SMP_TARGET_HOST);
+    if (!hp) {
+         ESP_LOGE(TAG, "Failed to get host name.");
+         ip4_addr = NULL;
+    } else {
+
+         ip4_addr = (struct ip4_addr *)hp->h_addr;
+         ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
     }
     /* Create and initialize WOLFSSL_CTX */
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) {
-        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL_CTX\n");
     }
     WOLFSSL_MSG("Loading...cert");
     /* Load client certificates into WOLFSSL_CTX */
     if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,
         sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load %d, please check the file.\n",ret);
+        ESP_LOGE(TAG,"ERROR: failed to load %d, please check the file.\n",ret);
+    }
+    /* not peer check */
+    if( doPeerCheck == 0 ){
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
+    } else {
+        WOLFSSL_MSG("Loading... our cert");
+        /* load our certificate */
+   	    if ((ret = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, client_cert_der_2048,
+            sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
+            ESP_LOGE(TAG,"ERROR: failed to load chain %d, please check the file.\n",ret);
+        }
+
+        if ((ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,
+            sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1))  != SSL_SUCCESS) {
+            wolfSSL_CTX_free(ctx); ctx = NULL;
+            ESP_LOGE(TAG,"ERROR: failed to load key %d, please check the file.\n", ret);
+        }
+
+        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, 0);
     }
 
     /* Initialize the server address struct with zeros */
@@ -89,62 +205,86 @@ void tls_smp_client_task()
     servAddr.sin_family = AF_INET;           /* using IPv4      */
     servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
 
-    /* Get the server IPv4 address from the command line call */
-    WOLFSSL_MSG("inet_pton");
-    if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST,
-             &servAddr.sin_addr)) != 1) {
-        printf("ERROR: invalid address ret=%d\n", ret);
+    if(*ch >= '1' && *ch <= '9') {
+        /* Get the server IPv4 address from the command line call */
+        WOLFSSL_MSG("inet_pton");
+        if ((ret = inet_pton(AF_INET, TLS_SMP_TARGET_HOST,
+                 &servAddr.sin_addr)) != 1) {
+            ESP_LOGE(TAG,"ERROR: invalid address ret=%d\n", ret);
+        }
+    } else {
+        servAddr.sin_addr.s_addr = ip4_addr->addr;
     }
 
     /* Connect to the server */
     sprintf(buff, "Connecting to server....%s(port:%d)", TLS_SMP_TARGET_HOST
                                                       , DEFAULT_PORT);
     WOLFSSL_MSG(buff);
+    printf("%s\n",buff);
     if ((ret = connect(sockfd, (struct sockaddr *)&servAddr,
                                     sizeof(servAddr))) == -1){
-        printf("ERROR: failed to connect ret=%d\n", ret);
+        ESP_LOGE(TAG,"ERROR: failed to connect ret=%d\n", ret);
     }
 
     WOLFSSL_MSG("Create a WOLFSSL object");
     /* Create a WOLFSSL object */
     if ((ssl = wolfSSL_new(ctx)) == NULL) {
-        printf("ERROR: failed to create WOLFSSL object\n");
+        ESP_LOGE(TAG,"ERROR: failed to create WOLFSSL object\n");
     }
 
+    /* when using atecc608a on esp32-wroom-32se */
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    atcatls_set_callbacks(ctx);
+    /* when using custom slot-allocation */
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    my_atmel_slotInit();
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+
     /* Attach wolfSSL to the socket */
     wolfSSL_set_fd(ssl, sockfd);
 
     WOLFSSL_MSG("Connect to wolfSSL on the server side");
     /* Connect to wolfSSL on the server side */
     if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
-        printf("ERROR: failed to connect to wolfSSL\n");
+        ESP_LOGE(TAG,"ERROR: failed to connect to wolfSSL\n");
     }
 
     /* Get a message for the server from stdin */
     WOLFSSL_MSG("Message for server: ");
     memset(buff, 0, sizeof(buff));
-    sprintf(buff, "message from client\n");
-    len = strnlen(buff, sizeof(buff));
+
+    if(sendGet){
+        printf("SSL connect ok, sending GET...\n");
+        len = XSTRLEN(sndMsg);
+        strncpy(buff, sndMsg, len);
+        buff[len] = '\0';
+    } else {
+        sprintf(buff, "message from esp32 tls client\n");
+        len = strnlen(buff, sizeof(buff));
+    }
     /* Send the message to the server */
     if (wolfSSL_write(ssl, buff, len) != len) {
-        printf("ERROR: failed to write\n");
+        ESP_LOGE(TAG,"ERROR: failed to write\n");
     }
 
     /* Read the server data into our buff array */
     memset(buff, 0, sizeof(buff));
     if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
-        printf("ERROR: failed to read\n");
+        ESP_LOGE(TAG,"ERROR: failed to read\n");
     }
 
     /* Print to stdout any data the server sends */
-    WOLFSSL_MSG("Server:");
-    WOLFSSL_MSG(buff);
+    printf("Server:");
+    printf("%s", buff);
     /* Cleanup and return */
     wolfSSL_free(ssl);     /* Free the wolfSSL object                  */
     wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object          */
     wolfSSL_Cleanup();     /* Cleanup the wolfSSL environment          */
     close(sockfd);         /* Close the connection to the server       */
-    
+
     vTaskDelete(NULL);
 
     return;                /* Return reporting a success               */

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,9 +21,14 @@
 #ifndef _TLS_WIFI_H_
 #define _TLS_WIFI_H_
 
+#include "esp_idf_version.h"
 #include "esp_log.h"
 #include "esp_wifi.h"
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#include "esp_event.h"
+#else
 #include "esp_event_loop.h"
+#endif
 
 #define DEFAULT_PORT                     11111
 

IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,6 +27,9 @@
 #include "lwip/netdb.h"
 #include "lwip/apps/sntp.h"
 #include "nvs_flash.h"
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#include "protocol_examples_common.h"
+#endif
 
 const static int CONNECTED_BIT = BIT0;
 static EventGroupHandle_t wifi_event_group;
@@ -48,12 +51,13 @@ static void set_time()
     time_t now;
     struct tm timeinfo;
     char strftime_buf[64];
-
-    utctime.tv_sec = 1542008020; /* dummy time: Mon Nov 12 07:33:40 2018 */
+    /* please update the time if seeing unknown failure. */
+    /* this could cause TLS communication failure due to time expiration */
+    utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;
-    
+
     settimeofday(&utctime, &tz);
 
     time(&now);
@@ -62,9 +66,11 @@ static void set_time()
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
 
+#if ESP_IDF_VERSION_MAJOR < 4
     /* wait until wifi connect */
     xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                                             false, true, portMAX_DELAY);
+#endif
     /* now we start client tasks. */
     tls_smp_client_init();
 }
@@ -120,6 +126,15 @@ void app_main(void)
     tcpip_adapter_init();
 
     /* */
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+    (void) wifi_event_handler;
+   ESP_ERROR_CHECK(esp_event_loop_create_default());
+   /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
+   * Read "Establishing Wi-Fi or Ethernet Connection" section in
+   * examples/protocols/README.md for more information about this function.
+   */
+    ESP_ERROR_CHECK(example_connect());
+#else
     wifi_event_group = xEventGroupCreate();
     ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL));
     wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
@@ -141,6 +156,7 @@ void app_main(void)
     ESP_LOGI(TAG, "wifi_init_sta finished.");
     ESP_LOGI(TAG, "connect to ap SSID:%s password:%s",
                                         TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS);
+#endif
     ESP_LOGI(TAG, "Set dummy time...");
     set_time();
 }

IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt

@@ -2,6 +2,10 @@
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.5)
 
+# (Not part of the boilerplate)
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+# disable the following line if there isn't the directory
+set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-project(tls_server)
+project(wolfssl_server)

IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile

@@ -7,5 +7,8 @@ PROJECT_NAME := tls_server
 
 CFLAGS += -DWOLFSSL_USER_SETTINGS
 
+# if there isn't the directory, please disable the line below.
+EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
+
 include $(IDF_PATH)/make/project.mk
 

IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md

@@ -3,17 +3,20 @@
 The Example contains a wolfSSL simple server.
 
 1. "make menuconfigure" to configure the project
-  1-1. Example Configuration ->
-       WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
-       WIFI Password : WIFI password, and default is "mypassword"
+
+    1-1. Example Configuration ->
+           WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")  
+           WIFI Password : WIFI password, and default is "mypassword"
 
 When you want to test the wolfSSL simple server demo
+
 1. "make flash" to compile the code and load the firmware
-2. "make monitor" to see the context. The assigned IP address can be found in output message. 
-3. Once the server connects to the wifi, it is waiting for client request.
-   ("Waiting for a connection..." message will be displayed.)
-4. You can use <wolfssl>/examples/client to test the server
-   e.g ./example/client/client -h xx.xx.xx
+2. "make monitor" to see the context. The assigned IP address can be found in output message.
+3. Once the server connects to the wifi, it is waiting for client request.  
+    ("Waiting for a connection..." message will be displayed.)
+   
+4. You can use <wolfssl>/examples/client to test the server  
+    e.g ./example/client/client -h xx.xx.xx
 
 See the README.md file in the upper level 'examples' directory for more information about examples.
 

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+#
+# wolfssl server test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "server-tls.c" "wifi_connect.c")
+set(COMPONENT_ADD_INCLUDEDIRS "." "./include")
+
+register_component()

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/user_settings.h

@@ -1,51 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
-
-/* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_FFDHE_2048
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
-
-#define SINGLE_THREADED /* or define RTOS  option */
-#define NO_FILESYSTEM
-
-#define HAVE_AESGCM
-#define WOLFSSL_SHA512
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
-/* #define NO_ASN_TIME */
-/* #define XTIME time */

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h

@@ -1,6 +1,6 @@
-/* wifi_connect.h 
+/* wifi_connect.h
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -21,9 +21,14 @@
 #ifndef _TLS_WIFI_H_
 #define _TLS_WIFI_H_
 
+#include "esp_idf_version.h"
 #include "esp_log.h"
 #include "esp_wifi.h"
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#include "esp_event.h"
+#else
 #include "esp_event_loop.h"
+#endif
 
 #define DEFAULT_PORT                     11111
 

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c

@@ -1,8 +1,8 @@
 /* server-tls-callback.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
  *
  * wolfSSL is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 /* the usual suspects */
 #include <stdlib.h>
@@ -31,7 +31,7 @@
 #include <unistd.h>
 
 /* wolfSSL */
-#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/certs_test.h>
 
@@ -42,7 +42,85 @@
     #include <wolfssl/wolfcrypt/mem_track.h>
 #endif
 
-const char *TAG = "tls_server";
+static const char* const TAG = "tls_server";
+
+#if defined(DEBUG_WOLFSSL)
+
+static void ShowCiphers(void)
+{
+    char ciphers[4096];
+
+    int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
+
+    if (ret == WOLFSSL_SUCCESS)
+        printf("%s\n", ciphers);
+}
+
+#endif
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+
+#include "wolfssl/wolfcrypt/port/atmel/atmel.h"
+
+/* when you want to use a custom slot allocation */
+/* enable the difinition CUSTOM_SLOT_ALLOCATION. */
+
+#if defined(CUSTOM_SLOT_ALLOCATION)
+
+static byte mSlotList[ATECC_MAX_SLOT];
+
+int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc, atmel_slot_dealloc_cb dealloc);
+
+/* initialize slot array */
+void my_atmel_slotInit()
+{
+    int i;
+
+    for(i=0;i<ATECC_MAX_SLOT; i++) {
+        mSlotList[i] = ATECC_INVALID_SLOT;
+    }
+}
+
+/* allocate slot depending on slotType */
+int my_atmel_alloc(int slotType)
+{
+    int i, slot = -1;
+
+    switch(slotType){
+        case ATMEL_SLOT_ENCKEY:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_DEVICE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE:
+            slot = 0;
+            break;
+        case ATMEL_SLOT_ECDHE_ENC:
+            slot = 4;
+            break;
+        case ATMEL_SLOT_ANY:
+            for(i=0;i<ATECC_MAX_SLOT;i++){
+                if(mSlotList[i] == ATECC_INVALID_SLOT){
+                    slot = i;
+                    break;
+                }
+            }
+    }
+
+    return slot;
+}
+
+/* free slot array       */
+void my_atmel_free(int slotId)
+{
+    if(slotId >= 0 && slotId < ATECC_MAX_SLOT){
+        mSlotList[slotId] = ATECC_INVALID_SLOT;
+    }
+}
+#endif /* CUSTOM_SLOT_ALLOCATION                                       */
+#endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */
 
 void tls_smp_server_task()
 {
@@ -55,6 +133,7 @@ void tls_smp_server_task()
     size_t             len;
     int                shutdown = 0;
     int                ret;
+    const char msg[] = "I hear you fa shizzle!";
 
     /* declare wolfSSL objects */
     WOLFSSL_CTX* ctx;
@@ -65,7 +144,9 @@ void tls_smp_server_task()
 #ifdef DEBUG_WOLFSSL
     WOLFSSL_MSG("Debug ON");
     wolfSSL_Debugging_ON();
+    ShowCiphers();
 #endif
+
     /* Initialize wolfSSL */
     WOLFSSL_MSG("Start wolfSSL_Init()");
     wolfSSL_Init();
@@ -75,29 +156,34 @@ void tls_smp_server_task()
      * 0 means choose the default protocol. */
     WOLFSSL_MSG( "start socket())");
     if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
-        printf("ERROR: failed to create the socket");
+        ESP_LOGE(TAG, "ERROR: failed to create the socket");
     }
 
     /* Create and initialize WOLFSSL_CTX */
     WOLFSSL_MSG("Create and initialize WOLFSSL_CTX");
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {
-        printf("ERROR: failed to create WOLFSSL_CTX");
+        ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL_CTX");
     }
     WOLFSSL_MSG("Loading certificate...");
     /* Load server certificates into WOLFSSL_CTX */
+
     if ((ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
                         sizeof_server_cert_der_2048,
                         WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load cert");
+        ESP_LOGE(TAG, "ERROR: failed to load cert");
     }
     WOLFSSL_MSG("Loading key info...");
     /* Load server key into WOLFSSL_CTX */
+
     if((ret=wolfSSL_CTX_use_PrivateKey_buffer(ctx,
                             server_key_der_2048, sizeof_server_key_der_2048,
                             WOLFSSL_FILETYPE_ASN1)) != SSL_SUCCESS) {
-        printf("ERROR: failed to load privatekey");
+        ESP_LOGE(TAG, "ERROR: failed to load privatekey");
     }
 
+    /* TO DO when using ECDSA, it loads the provisioned certificate and present it.*/
+    /* TO DO when using ECDSA, it uses the generated key instead of loading key    */
+
     /* Initialize the server address struct with zeros */
     memset(&servAddr, 0, sizeof(servAddr));
     /* Fill in the server address */
@@ -107,37 +193,48 @@ void tls_smp_server_task()
 
     /* Bind the server socket to our port */
     if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) {
-         printf("ERROR: failed to bind");
+         ESP_LOGE(TAG, "ERROR: failed to bind");
     }
 
     /* Listen for a new connection, allow 5 pending connections */
     if (listen(sockfd, 5) == -1) {
-         printf("ERROR: failed to listen");
+         ESP_LOGE(TAG, "ERROR: failed to listen");
     }
+
+#if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \
+                                  && defined(WOLFSSL_ATECC508A)
+    atcatls_set_callbacks(ctx);
+    /* when using a custom slot allocation */
+    #if defined(CUSTOM_SLOT_ALLOCATION)
+    my_atmel_slotInit();
+    atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
+    #endif
+#endif
+
     /* Continue to accept clients until shutdown is issued */
     while (!shutdown) {
          WOLFSSL_MSG("Waiting for a connection...");
         /* Accept client connections */
         if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size))
             == -1) {
-             printf("ERROR: failed to accept the connection");
+             ESP_LOGE(TAG, "ERROR: failed to accept the connection");
         }
         /* Create a WOLFSSL object */
         if ((ssl = wolfSSL_new(ctx)) == NULL) {
-             printf("ERROR: failed to create WOLFSSL object");
+             ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
         }
         /* Attach wolfSSL to the socket */
         wolfSSL_set_fd(ssl, connd);
         /* Establish TLS connection */
         ret = wolfSSL_accept(ssl);
         if (ret != SSL_SUCCESS) {
-            printf("wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret));
+            ESP_LOGE(TAG, "wolfSSL_accept error %d", wolfSSL_get_error(ssl, ret));
         }
         WOLFSSL_MSG("Client connected successfully");
         /* Read the client data into our buff array */
         memset(buff, 0, sizeof(buff));
         if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) {
-            printf("ERROR: failed to read");
+            ESP_LOGE(TAG, "ERROR: failed to read");
         }
         /* Print to stdout any data the client sends */
         WOLFSSL_MSG("Client sends:");
@@ -149,11 +246,11 @@ void tls_smp_server_task()
         }
         /* Write our reply into buff */
         memset(buff, 0, sizeof(buff));
-        memcpy(buff, "I hear ya fa shizzle!", sizeof(buff));
+        memcpy(buff, msg, sizeof(msg));
         len = strnlen(buff, sizeof(buff));
         /* Reply back to the client */
         if (wolfSSL_write(ssl, buff, len) != len) {
-            printf("ERROR: failed to write");
+            ESP_LOGE(TAG, "ERROR: failed to write");
         }
         /* Cleanup after this connection */
         wolfSSL_free(ssl);      /* Free the wolfSSL object              */

IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c

@@ -1,6 +1,6 @@
 /* wifi_connect.c 
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -27,6 +27,9 @@
 #include "lwip/netdb.h"
 #include "lwip/apps/sntp.h"
 #include "nvs_flash.h"
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#include "protocol_examples_common.h"
+#endif
 
 const static int CONNECTED_BIT = BIT0;
 static EventGroupHandle_t wifi_event_group;
@@ -45,8 +48,9 @@ static void set_time()
     time_t now;
     struct tm timeinfo;
     char strftime_buf[64];
-
-    utctime.tv_sec = 1542008020; /* dummy time: Mon Nov 12 07:33:40 2018 */
+    /* please update the time if seeing unknown failure. */
+    /* this could cause TLS communication failure due to time expiration */
+    utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */
     utctime.tv_usec = 0;
     tz.tz_minuteswest = 0;
     tz.tz_dsttime = 0;
@@ -59,9 +63,11 @@ static void set_time()
     strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo);
     ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf);
 
+#if ESP_IDF_VERSION_MAJOR < 4
     /* wait until wifi connect */
     xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                                             false, true, portMAX_DELAY);
+#endif
     /* now we start client tasks. */
     tls_smp_server_init();
 }
@@ -117,6 +123,15 @@ void app_main(void)
     tcpip_adapter_init();
 
     /* */
+#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+    (void) wifi_event_handler;
+   ESP_ERROR_CHECK(esp_event_loop_create_default());
+   /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
+   * Read "Establishing Wi-Fi or Ethernet Connection" section in
+   * examples/protocols/README.md for more information about this function.
+   */
+    ESP_ERROR_CHECK(example_connect());
+#else
     wifi_event_group = xEventGroupCreate();
     ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL));
     wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
@@ -138,6 +153,7 @@ void app_main(void)
     ESP_LOGI(TAG, "wifi_init_sta finished.");
     ESP_LOGI(TAG, "connect to ap SSID:%s password:%s",
                                         TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS);
-    ESP_LOGI(TAG, "Set Dummy time...");
+#endif
+    ESP_LOGI(TAG, "Set dummy time...");
     set_time();
 }

IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md

@@ -4,7 +4,7 @@ The Example contains of wolfSSL test program.
 
 When you want to run the benchmark program
 1. "make menuconfig" to configure the program,first
-1. "make flash" to compile and load the firemware
-2. "make monitor" to see the message
+2. "make flash" to compile and load the firmware
+3. "make monitor" to see the message
 
 See the README.md file in the upper level 'examples' directory for more information about examples.

IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+#
+# wolfssl crypt test
+#
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
+
+set(COMPONENT_SRCS "test.c")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+register_component()

IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/user_settings.h

@@ -1,51 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-
-#define BENCH_EMBEDDED
-#define USE_CERT_BUFFERS_2048
-
-/* TLS 1.3                                 */
-#define WOLFSSL_TLS13
-#define HAVE_TLS_EXTENSIONS
-#define WC_RSA_PSS
-#define HAVE_HKDF
-#define HAVE_FFDHE_2048
-#define HAVE_AEAD
-#define HAVE_SUPPORTED_CURVES
-
-#define SINGLE_THREADED /* or define RTOS  option */
-#define NO_FILESYSTEM
-
-#define HAVE_AESGCM
-#define WOLFSSL_SHA512
-#define HAVE_ECC
-#define HAVE_CURVE25519
-#define CURVE25519_SMALL
-#define HAVE_ED25519
-
-/* debug options */
-/* #define DEBUG_WOLFSSL */
-
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
-/* #define NO_ASN_TIME */
-/* #define XTIME time */

IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults

@@ -1,2 +1,2 @@
-CONFIG_MAIN_TASK_STACK_SIZE=5000
+CONFIG_MAIN_TASK_STACK_SIZE=9000
 CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=

IDE/Espressif/ESP-IDF/libs/CMakeLists.txt

@@ -1,79 +1,37 @@
+#
+# cmake for wolfssl
+# 
 cmake_minimum_required(VERSION 3.5)
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
 
 set(CMAKE_CURRENT_SOURCE_DIR ".")
 set(WOLFSSL_ROOT ${CMAKE_CURRENT_SOURCE_DIR})
 set(INCLUDE_PATH ${WOLFSSL_ROOT})
-set(COMPONENT_SRCS 
-    "src/keys.c"
-    "src/sniffer.c"
-    "src/tls.c"
-    "src/wolfio.c"
-    "src/crl.c"
-    "src/internal.c"
-    "src/ocsp.c"
-    "src/ssl.c"
-    "src/tls13.c"
-    "wolfcrypt/src/aes.c"
-    "wolfcrypt/src/arc4.c"
-    "wolfcrypt/src/asm.c"
-    "wolfcrypt/src/asn.c"
-    "wolfcrypt/src/blake2b.c"
-    "wolfcrypt/src/camellia.c"
-    "wolfcrypt/src/chacha.c"
-    "wolfcrypt/src/chacha20_poly1305.c"
-    "wolfcrypt/src/cmac.c"
-    "wolfcrypt/src/coding.c"
-    "wolfcrypt/src/compress.c"
-    "wolfcrypt/src/cpuid.c"
-    "wolfcrypt/src/cryptodev.c"
-    "wolfcrypt/src/curve25519.c"
-    "wolfcrypt/src/des3.c"
-    "wolfcrypt/src/dh.c"
-    "wolfcrypt/src/dsa.c"
-    "wolfcrypt/src/ecc.c"
-    "wolfcrypt/src/ecc_fp.c"
-    "wolfcrypt/src/ed25519.c"
-    "wolfcrypt/src/error.c"
-    "wolfcrypt/src/fe_low_mem.c"
-    "wolfcrypt/src/fe_operations.c"
-    "wolfcrypt/src/ge_low_mem.c"
-    "wolfcrypt/src/ge_operations.c"
-    "wolfcrypt/src/hash.c"
-    "wolfcrypt/src/hc128.c"
-    "wolfcrypt/src/hmac.c"
-    "wolfcrypt/src/idea.c"
-    "wolfcrypt/src/integer.c"
-    "wolfcrypt/src/logging.c"
-    "wolfcrypt/src/md2.c"
-    "wolfcrypt/src/md4.c"
-    "wolfcrypt/src/md5.c"
-    "wolfcrypt/src/memory.c"
-    "wolfcrypt/src/pkcs12.c"
-    "wolfcrypt/src/pkcs7.c"
-    "wolfcrypt/src/poly1305.c"
-    "wolfcrypt/src/pwdbased.c"
-    "wolfcrypt/src/rabbit.c"
-    "wolfcrypt/src/random.c"
-    "wolfcrypt/src/ripemd.c"
-    "wolfcrypt/src/rsa.c"
-    "wolfcrypt/src/sha.c"
-    "wolfcrypt/src/sha256.c"
-    "wolfcrypt/src/sha3.c"
-    "wolfcrypt/src/sha512.c"
-    "wolfcrypt/src/signature.c"
-    "wolfcrypt/src/sp_arm32.c"
-    "wolfcrypt/src/sp_arm64.c"
-    "wolfcrypt/src/sp_c32.c"
-    "wolfcrypt/src/sp_c64.c"
-    "wolfcrypt/src/sp_int.c"
-    "wolfcrypt/src/sp_x86_64.c"
-    "wolfcrypt/src/srp.c"
-    "wolfcrypt/src/tfm.c"
-    "wolfcrypt/src/wc_encrypt.c"
-    "wolfcrypt/src/wc_port.c"
-    "wolfcrypt/src/wolfevent.c"
-    "wolfcrypt/src/wolfmath.c"
-)
+
+set(COMPONENT_SRCDIRS "./src/"
+                      "./wolfcrypt/src/"
+                      "./wolfcrypt/src/port/Espressif/"
+                      "./wolfcrypt/src/port/atmel/"
+                      )
+
 set(COMPONENT_REQUIRES lwip)
-set(COMPONENT_ADD_INCLUDEDIRS ../freertos/include/freertos)
+
+set(COMPONENT_ADD_INCLUDEDIRS
+    "."
+    "./include"
+    "../freertos/include/freertos" 
+    "${WOLFSSL_ROOT}"
+    )
+
+if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
+    list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
+endif()
+
+set(COMPONENT_SRCEXCLUDE
+    "wolfcrypt/src/aes_asm.S"
+    "wolfcrypt/src/evp.c"
+    "wolfcrypt/src/misc.c"
+    "src/bio.c"
+    )
+
 register_component()

IDE/Espressif/ESP-IDF/libs/component.mk

@@ -2,10 +2,14 @@
 # Component Makefile
 #
 
-COMPONENT_ADD_INCLUDEDIRS := .
+COMPONENT_ADD_INCLUDEDIRS := . ./include
 COMPONENT_ADD_INCLUDEDIRS += ../freertos/include/freertos/
 
 COMPONENT_SRCDIRS := src wolfcrypt/src
+COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
+COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
+
+CFLAGS +=-DWOLFSSL_USER_SETTINGS
 
 COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
 COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o

IDE/Espressif/ESP-IDF/setup.sh

@@ -37,7 +37,10 @@ ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/
 
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/src
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src
 ${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/wolfssl
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/test
+${MKDCMD} ${WOLFSSLLIB_TRG_DIR}/include
 
 popd > /dev/null             # $WOLFSSL_ESPIDFDIR
 pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
@@ -45,12 +48,20 @@ pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
 # copying ... files in src/ into $WOLFSSLLIB_TRG_DIR/src
 ${CPDCMD} ./src/*.c ${WOLFSSLLIB_TRG_DIR}/src/
 
-${CPDCMD} -r ./wolfcrypt/src/ ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/
+
+${CPDCMD} -r ./wolfcrypt/src/*.{c,i} ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src/
+${CPDCMD} -r ./wolfcrypt/src/port  ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/src/port/
 ${CPDCMD} -r ./wolfcrypt/test ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/
 ${CPDCMD} -r ./wolfcrypt/benchmark ${WOLFSSLLIB_TRG_DIR}/wolfcrypt/
 
 ${CPDCMD} -r ./wolfssl/*.h ${WOLFSSLLIB_TRG_DIR}/wolfssl/
 ${CPDCMD} -r ./wolfssl/wolfcrypt ${WOLFSSLLIB_TRG_DIR}/wolfssl/
+# user_settings.h
+${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/user_settings.h ${WOLFSSLLIB_TRG_DIR}/include/
+${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/dummy_config_h ${WOLFSSLLIB_TRG_DIR}/include/config.h
+
+# unit test app
+${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/test/* ${WOLFSSLLIB_TRG_DIR}/test/
 
 popd > /dev/null # 
 
@@ -63,23 +74,19 @@ pushd ${BASEDIR} > /dev/null # WOLFSSL TOP DIR
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
-${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/include
 
 ${CPDCMD} -r ./wolfcrypt/benchmark/benchmark.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/
-${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_benchmark/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_benchmark/main/include/
 
 # Crypt Test program
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
-${MKDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/include
 
 ${CPDCMD} -r ./wolfcrypt/test/test.c ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/
 ${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/
-${CPDCMD} -r ${WOLFSSL_ESPIDFDIR}/examples/wolfssl_test/main/include/* ${WOLFSSLEXP_TRG_DIR}/wolfssl_test/main/include/
 
 # TLS Client program
 ${RMDCMD} ${WOLFSSLEXP_TRG_DIR}/wolfssl_client/

IDE/Espressif/ESP-IDF/test/CMakeLists.txt

@@ -0,0 +1,6 @@
+set(COMPONENT_SRCDIRS ".")
+set(COMPONENT_ADD_INCLUDEDIRS ".")
+
+set(COMPONENT_REQUIRES unity test_utils wolfssl)
+
+register_component()

IDE/Espressif/ESP-IDF/test/README.md

@@ -0,0 +1,11 @@
+# wolfSSL unit-test app
+
+The test contains of wolfSSL unit-test app on Unity.
+
+When you want to run the app  
+1. Copy *test.c* file at /path/to/esp-idf/components/wolfssl/wolfcrypt/test/ folder to the  wolfssl/test folder  
+2. Go to /esp-idf/tools/unit-test-app/ folder  
+3. "make menuconfig" to configure unit test app.  
+4. "make TEST_COMPONENTS=wolfssl" to build wolfssl unit test app.  
+
+See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app.

IDE/Espressif/ESP-IDF/test/component.mk

@@ -0,0 +1,10 @@
+#
+#Component Makefile
+#
+
+#CFLAGS := -v
+CFLAGS += -DNO_MAIN_DRIVER
+CFLAGS += -DWOLFSSL_USER_SETTINGS
+#CFLAGS += -DWOLFSSL_ESP32WROOM32_CRYPT_DEBUG
+
+COMPONENT_ADD_LDFLAGS = -Wl,--whole-archive -l$(COMPONENT_NAME) -Wl,--no-whole-archive

IDE/Espressif/ESP-IDF/user_settings.h

@@ -0,0 +1,82 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#define BENCH_EMBEDDED
+#define USE_CERT_BUFFERS_2048
+
+/* TLS 1.3                                 */
+#define WOLFSSL_TLS13
+#define HAVE_TLS_EXTENSIONS
+#define WC_RSA_PSS
+#define HAVE_HKDF
+#define HAVE_AEAD
+#define HAVE_SUPPORTED_CURVES
+
+/* when you want to use SINGLE THREAD */
+/* #define SINGLE_THREADED */
+#define NO_FILESYSTEM
+
+#define HAVE_AESGCM
+/* when you want to use SHA384 */
+/* #define WOLFSSL_SHA384 */
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519
+
+/* esp32-wroom-32se specific definition */
+#if defined(WOLFSSL_ESPWROOM32SE)
+    #define WOLFSSL_ATECC508A
+    #define HAVE_PK_CALLBACKS
+    /* when you want to use a custom slot allocation for ATECC608A */
+    /* unless your configuration is unusual, you can use default   */
+    /* implementation.                                             */
+    /* #define CUSTOM_SLOT_ALLOCATION                              */
+#endif
+
+/* rsa primitive specific definition */
+#if defined(WOLFSSL_ESPWROOM32) || defined(WOLFSSL_ESPWROOM32SE)
+    /* Define USE_FAST_MATH and SMALL_STACK                        */
+    #define ESP32_USE_RSA_PRIMITIVE
+    /* threshold for performance adjustment for hw primitive use   */
+    /* X bits of G^X mod P greater than                            */ 
+    #define EPS_RSA_EXPT_XBTIS           36
+    /* X and Y of X * Y mod P greater than                         */
+    #define ESP_RSA_MULM_BITS            2000
+#endif
+
+/* debug options */
+/* #define DEBUG_WOLFSSL */
+/* #define WOLFSSL_ESP32WROOM32_CRYPT_DEBUG */
+/* #define WOLFSSL_ATECC508A_DEBUG          */
+
+/* date/time                               */
+/* if it cannot adjust time in the device, */
+/* enable macro below                      */
+/* #define NO_ASN_TIME */
+/* #define XTIME time */
+
+/* when you want not to use HW acceleration */
+/* #define NO_ESP32WROOM32_CRYPT */
+/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH*/
+/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_AES */
+/* #define NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI */

IDE/GCC-ARM/Header/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *
@@ -66,14 +66,15 @@ extern "C" {
 #undef WOLFSSL_SP
 #if 0
     #define WOLFSSL_SP
-    #define WOLFSSL_SP_SMALL
+    #define WOLFSSL_SP_SMALL      /* use smaller version of code */
     #define WOLFSSL_HAVE_SP_RSA
     #define WOLFSSL_HAVE_SP_DH
     #define WOLFSSL_HAVE_SP_ECC
     #define WOLFSSL_SP_CACHE_RESISTANT
-    //#define WOLFSSL_SP_MATH
+    //#define WOLFSSL_SP_MATH     /* only SP math - eliminates fast math code */
 
     /* 64 or 32 bit version */
+    //#define WOLFSSL_SP_ASM      /* required if using the ASM versions */
     //#define WOLFSSL_SP_ARM32_ASM
     //#define WOLFSSL_SP_ARM64_ASM
 #endif

IDE/GCC-ARM/Makefile.common

@@ -110,7 +110,7 @@ SRC_C += ../../wolfcrypt/src/cmac.c
 SRC_C += ../../wolfcrypt/src/coding.c
 SRC_C += ../../wolfcrypt/src/compress.c
 SRC_C += ../../wolfcrypt/src/cpuid.c
-SRC_C += ../../wolfcrypt/src/cryptodev.c
+SRC_C += ../../wolfcrypt/src/cryptocb.c
 SRC_C += ../../wolfcrypt/src/curve25519.c
 SRC_C += ../../wolfcrypt/src/ed25519.c
 SRC_C += ../../wolfcrypt/src/error.c

IDE/GCC-ARM/README.md

@@ -120,6 +120,6 @@ These settings are located in `Header/user_settings.h`.
 * `USE_SLOW_SHA512`: Over twice as small, but 50% slower
 * `USE_CERT_BUFFERS_1024` or `USE_CERT_BUFFERS_2048`: Size of RSA certs / keys to test with. 
 * `BENCH_EMBEDDED`: Define this if using the wolfCrypt test/benchmark and using a low memory target.
-* `ECC_USER_CURVES`: Allows user to defines curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc....
+* `ECC_USER_CURVES`: Allows user to define curve sizes to enable. Default is 256-bit on. To enable others use `HAVE_ECC192`, `HAVE_ECC224`, etc....
 * `TFM_ARM`, `TFM_SSE2`, `TFM_AVR32`, `TFM_PPC32`, `TFM_MIPS`, `TFM_X86` or `TFM_X86_64`: These are assembly optimizations available with USE_FAST_MATH.
 * Single Precision Math for ARM: See `WOLFSSL_SP`. Optimized math for ARM performance of specific RSA, DH and ECC algorithms.

IDE/GCC-ARM/Source/armtarget.c

@@ -1,6 +1,6 @@
 /* armtarget.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/benchmark_main.c

@@ -1,6 +1,6 @@
 /* benchmark_main.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/test_main.c

@@ -1,6 +1,6 @@
 /* test_main.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/tls_client.c

@@ -1,6 +1,6 @@
 /* tls_client.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/GCC-ARM/Source/wolf_main.c

@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2018 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c

@@ -1,6 +1,6 @@
 /* benchmark-main.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/benchmark/current_time.c

@@ -1,6 +1,6 @@
 /* current-time.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/common/minimum-startup.c

@@ -1,6 +1,6 @@
 /* minimum-startup.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/test/test-main.c

@@ -1,6 +1,6 @@
 /* test-main.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/IAR-EWARM/Projects/user_settings.h

@@ -7,7 +7,7 @@
 #define USE_CERT_BUFFERS_2048
 #define WOLFSSL_USER_CURRTIME
 #define SIZEOF_LONG_LONG 8
-#define NO_WOLFSSL_DIR 
+#define NO_WOLFSSL_DIR
 #define WOLFSSL_NO_CURRDIR
 #define NO_WOLF_C99
 #define NO_MULTIBYTE_PRINT
@@ -31,4 +31,4 @@
 #define HAVE_ECC
 #define HAVE_CURVE25519
 #define CURVE25519_SMALL
-#define HAVE_ED25519
+#define HAVE_ED25519

IDE/IAR-EWARM/README

@@ -1,8 +1,8 @@
-CyaSSL IAR Project Files 
- 
-This directory contains project files for IAR EWARM IDE. These 
-projects have been set up to generic ARM Cortex-M MPUs. 
-In order to generate project for specific target MPU, take following steps. 
+CyaSSL IAR Project Files
+
+This directory contains project files for IAR EWARM IDE. These
+projects have been set up to generic ARM Cortex-M MPUs.
+In order to generate project for specific target MPU, take following steps.
 
 ** Note ** regarding Segger Embedded Operating System (embOS)
     The directory embOS contains projects specifically for embOS on IAR-EWARM.
@@ -10,20 +10,20 @@ In order to generate project for specific target MPU, take following steps.
     uses embOS
 
 
-Included Project Files 
------------------------ 
-1. Workspace: wolfssl.eww 
-   The workspace includes wolfSSL-Lib library and wolfCrypt-test, wolfCrypt-benchmark  
+Included Project Files
+-----------------------
+1. Workspace: wolfssl.eww
+   The workspace includes wolfSSL-Lib library and wolfCrypt-test, wolfCrypt-benchmark
    executable projects.
 
 2. wolfSSL-Lib Project: lib/wolfSSL-lib.ewp
-   generates full set library of wolfCrypt and wolfSSL functions.    
+   generates full set library of wolfCrypt and wolfSSL functions.
 
-3. Test suites Project: test/wolfCrypt-test.ewp 
-   generates test.out test suites executable 
+3. Test suites Project: test/wolfCrypt-test.ewp
+   generates test.out test suites executable
 
-4. Benchmark Project: benchmark/wolfCrypt-benchmark.ewp 
-   generates benchmark.out benchmark executable 
+4. Benchmark Project: benchmark/wolfCrypt-benchmark.ewp
+   generates benchmark.out benchmark executable
 
 Set Up Steps
 ------------
@@ -33,22 +33,22 @@ Set Up Steps
    You can build and download the to the simulator.
    Open Terminal I/O window, by "view"->"Terminal I/O", and start execution.
 
-1. Project option settings 
-   For each project,... 
-   General Options: Choose appropriate "Target" options 
+1. Project option settings
+   For each project,...
+   General Options: Choose appropriate "Target" options
 
-2. For executable projects,... 
+2. For executable projects,...
    Add "SystemInit" and "startup" for your MPU
-   Debugger: Choose your debug "Driver" 
+   Debugger: Choose your debug "Driver"
 
-3. For benchmark project,... 
+3. For benchmark project,...
    Choose option for current_time function.
    Or write own "current_time" benchmark timer with WOLFSSL_USER_CURRTIME option.
 
-4. Build and download 
-   Go to "Project->Make" and "Download and Debug" in Menu bar for EWARM build and download.  
+4. Build and download
+   Go to "Project->Make" and "Download and Debug" in Menu bar for EWARM build and download.
 
 
-Support 
-------- 
-Please send questions or comments to support@wolfssl.com 
+Support
+-------
+Please send questions or comments to support@wolfssl.com

IDE/KDS/.cproject

@@ -0,0 +1,204 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
+	<storageModule moduleId="org.eclipse.cdt.core.settings">
+		<cconfiguration id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755" moduleId="org.eclipse.cdt.core.settings" name="Debug">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe" cleanCommand="${cross_rm} -rf" description="" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755" name="Debug" parent="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug">
+					<folderInfo id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755." name="/" resourcePath="">
+						<toolChain id="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug.1219033186" name="Cross ARM GCC" superClass="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.debug">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.1889985691" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.none" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.1934974013" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.1488765487" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.2137237709" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.189250506" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.318329197" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.max" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.379381336" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1982231667" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.982386377" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture" value="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.arm" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.357134062" name="ARM family" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-m3" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.942886942" name="Instruction set" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.thumb" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.1985384014" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix" value="arm-none-eabi-" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.980821709" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c" value="gcc" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.741978820" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp" value="g++" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.644448038" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar" value="ar" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1568794824" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy" value="objcopy" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1663916396" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump" value="objdump" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.644079467" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size" value="size" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1653907508" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make" value="make" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.212411635" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm" value="rm" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.37217667" name="Create flash image" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.938806288" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize" value="true" valueType="boolean"/>
+							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.2020299399" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
+							<builder buildPath="${workspace_loc:/wolfssl-test}/Debug" id="ilg.gnuarmeclipse.managedbuild.cross.builder.1169013041" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" superClass="ilg.gnuarmeclipse.managedbuild.cross.builder"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1652818945" name="Cross ARM GNU Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.1995204633" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.588237282" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1618862980" name="Cross ARM C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.1348561577" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="false" valueType="includePath">
+									<listOptionValue builtIn="false" value="../../../../wolfssl"/>
+									<listOptionValue builtIn="false" value=".././config"/>
+								</option>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1370434476" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="false" valueType="definedSymbols">
+									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
+								</option>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1511494824" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.204098874" name="Cross ARM C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1188857255" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.706026125" name="Cross ARM C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections.960189587" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.other.1923669300" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.other" value="--specs=rdimon.specs -Wl,--start-group -lgcc -lc -lc -lm -lrdimon -Wl,--end-group" valueType="string"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.653534040" name="Cross ARM C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections.1864249736" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other.1426398559" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other" value="--specs=rdimon.specs -Wl,--start-group -lgcc -lc -lc -lm -lrdimon -Wl,--end-group" valueType="string"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input.907833184" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input">
+									<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
+									<additionalInput kind="additionalinput" paths="$(LIBS)"/>
+								</inputType>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1802905650" name="Cross ARM GNU Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.1296666581" name="Cross ARM GNU Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.913795604" name="Cross ARM GNU Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source.1264511626" name="Display source (--source|-S)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders.957974251" name="Display all headers (--all-headers|-x)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle.2098897888" name="Demangle names (--demangle|-C)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers.511113554" name="Display line numbers (--line-numbers|-l)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide.3492907" name="Wide lines (--wide|-w)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide" value="true" valueType="boolean"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.91497735" name="Cross ARM GNU Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format.898726007" name="Size format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+					<sourceEntries>
+						<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="src"/>
+					</sourceEntries>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+		<cconfiguration id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795" moduleId="org.eclipse.cdt.core.settings" name="Release">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.release,org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe" cleanCommand="${cross_rm} -rf" description="" id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795" name="Release" parent="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release">
+					<folderInfo id="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795." name="/" resourcePath="">
+						<toolChain id="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.release.813859650" name="Cross ARM GCC" superClass="ilg.gnuarmeclipse.managedbuild.cross.toolchain.elf.release">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.794819747" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level" value="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.size" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.1496674696" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.650429804" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1570447896" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.838509098" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.662400626" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1161227121" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.705055087" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.506368524" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture" value="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.arm" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.612731672" name="ARM family" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-m3" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.1833413616" name="Instruction set" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.thumb" valueType="enumerated"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.881134378" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix" value="arm-none-eabi-" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.2100237234" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c" value="gcc" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.1356336567" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp" value="g++" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.1525413618" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar" value="ar" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1604347618" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy" value="objcopy" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1779877498" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump" value="objdump" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.911087419" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size" value="size" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1710464795" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make" value="make" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.1501290946" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm" value="rm" valueType="string"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1999176868" name="Create flash image" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash" value="true" valueType="boolean"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1190543033" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize" value="true" valueType="boolean"/>
+							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.30283807" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
+							<builder buildPath="${workspace_loc:/wolfssl-test}/Release" id="ilg.gnuarmeclipse.managedbuild.cross.builder.394488448" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" superClass="ilg.gnuarmeclipse.managedbuild.cross.builder"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.441759325" name="Cross ARM GNU Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.594523961" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.250835699" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.377447475" name="Cross ARM C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1965124250" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1682275351" name="Cross ARM C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1092458319" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.1984331723" name="Cross ARM C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections.1569599516" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.other.933648471" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.other" value="--specs=rdimon.specs -Wl,--start-group -lgcc -lc -lc -lm -lrdimon -Wl,--end-group" valueType="string"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.1950861502" name="Cross ARM C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections.2133729789" name="Remove unused sections (-Xlinker --gc-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.gcsections" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other.1119517305" name="Other linker flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.other" value="--specs=rdimon.specs -Wl,--start-group -lgcc -lc -lc -lm -lrdimon -Wl,--end-group" valueType="string"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input.27793787" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.input">
+									<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
+									<additionalInput kind="additionalinput" paths="$(LIBS)"/>
+								</inputType>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.513801227" name="Cross ARM GNU Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.1231377091" name="Cross ARM GNU Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.89637169" name="Cross ARM GNU Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source.2090652470" name="Display source (--source|-S)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders.1819919258" name="Display all headers (--all-headers|-x)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.allheaders" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle.276097013" name="Demangle names (--demangle|-C)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.demangle" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers.1578115309" name="Display line numbers (--line-numbers|-l)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.linenumbers" value="true" valueType="boolean"/>
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide.786035502" name="Wide lines (--wide|-w)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.wide" value="true" valueType="boolean"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.397820407" name="Cross ARM GNU Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format.226153595" name="Size format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.printsize.format"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+					<sourceEntries>
+						<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="src"/>
+					</sourceEntries>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+	</storageModule>
+	<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+		<project id="wolfssl-test.ilg.gnuarmeclipse.managedbuild.cross.target.elf.1253579278" name="Executable" projectType="ilg.gnuarmeclipse.managedbuild.cross.target.elf"/>
+	</storageModule>
+	<storageModule moduleId="scannerConfiguration">
+		<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1613256277;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1613256277.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1198618439;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1181889101">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795;ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.377447475;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1965124250">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755.;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1618862980;ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1511494824">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1823534755.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.204098874;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1188857255">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795;ilg.gnuarmeclipse.managedbuild.cross.config.elf.release.658684795.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1682275351;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1092458319">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1613256277;ilg.gnuarmeclipse.managedbuild.cross.config.elf.debug.1613256277.;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1931048491;ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.input.1225137803">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
+	<storageModule moduleId="refreshScope"/>
+</cproject>

IDE/KDS/.project

@@ -0,0 +1,394 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>wolfssl-test</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.core.ccnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>src/test.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/test/test.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/aes.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/aes.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/arc4.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/arc4.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/asm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/asm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/asn.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/asn.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/blake2b.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/blake2b.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/blake2s.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/blake2s.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/camellia.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/camellia.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/chacha.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/chacha.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/chacha20_poly1305.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/chacha20_poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/cmac.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/cmac.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/coding.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/coding.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/compress.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/compress.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/cpuid.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/cpuid.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/cryptocb.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/cryptocb.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/curve25519.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/curve25519.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/des3.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/des3.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/dh.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/dh.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/dsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/dsa.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ecc.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ecc.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ecc_fp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ecc_fp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ed25519.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ed25519.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/error.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/error.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/fe_low_mem.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/fe_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/fe_operations.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/fe_operations.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ge_low_mem.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ge_low_mem.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ge_operations.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ge_operations.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/hash.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/hash.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/hc128.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/hc128.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/hmac.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/hmac.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/idea.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/idea.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/integer.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/integer.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/logging.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/logging.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/md2.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/md2.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/md4.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/md4.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/md5.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/md5.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/memory.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/memory.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/pkcs12.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/pkcs12.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/pkcs7.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/pkcs7.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/poly1305.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/poly1305.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/pwdbased.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/pwdbased.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/rabbit.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/rabbit.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/random.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/random.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/ripemd.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/ripemd.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/rsa.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/rsa.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sha.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sha.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sha256.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sha256.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sha3.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sha3.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sha512.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sha512.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/signature.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/signature.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_arm32.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_arm32.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_arm64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_arm64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_armthumb.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_armthumb.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_c32.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_c32.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_c64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_c64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_cortexm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_cortexm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_int.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_int.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/sp_x86_64.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/sp_x86_64.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/srp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/srp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/tfm.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/tfm.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wc_encrypt.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wc_encrypt.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wc_pkcs11.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wc_pkcs11.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wc_port.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wc_port.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wolfevent.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wolfevent.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfcrypt-src/wolfmath.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/wolfcrypt/src/wolfmath.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/crl.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/crl.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/internal.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/internal.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/keys.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/keys.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/ocsp.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/ocsp.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/ssl.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/ssl.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/tls.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/tls.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/tls13.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/tls13.c</locationURI>
+		</link>
+		<link>
+			<name>src/wolfssl-src/wolfio.c</name>
+			<type>1</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src/wolfio.c</locationURI>
+		</link>
+	</linkedResources>
+</projectDescription>

IDE/KDS/config/user_settings.h

@@ -0,0 +1,32 @@
+/* #define NO_MAIN_DRIVER */
+#define BENCH_EMBEDDED
+#define NO_WRITEV
+#define WOLFSSL_USER_IO
+#define NO_DEV_RANDOM
+#define USE_CERT_BUFFERS_2048
+#define WOLFSSL_USER_CURRTIME
+#define SIZEOF_LONG_LONG 8
+#define NO_WOLFSSL_DIR
+#define WOLFSSL_NO_CURRDIR
+#define NO_WOLF_C99
+#define NO_MULTIBYTE_PRINT
+
+#define WOLFSSL_USER_CURRTIME /* for benchmark */
+
+#define WOLFSSL_GENSEED_FORTEST /* Warning: define your own seed gen */
+
+#define TFM_TIMING_RESISTANT
+#define ECC_TIMING_RESISTANT
+#define WC_RSA_BLINDING
+
+#define SINGLE_THREADED  /* or define RTOS  option */
+/* #define WOLFSSL_CMSIS_RTOS */
+#define NO_FILESYSTEM
+
+#define NO_DH
+#define HAVE_AESGCM
+#define WOLFSSL_SHA512
+#define HAVE_ECC
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define HAVE_ED25519

IDE/KDS/include.am

@@ -0,0 +1,7 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/KDS/.cproject
+EXTRA_DIST+= IDE/KDS/.project
+EXTRA_DIST+= IDE/KDS/config/user_settings.h

IDE/LPCXPRESSO/README.md

@@ -2,15 +2,16 @@
 
 To use, install the NXP LPCXpresso IDE and import the projects in a new workspace.
 
-1. Run LPCXpresso and choose a workspace location.
-2. Right click in the project exporer window and choose Inport.
-3. Under General choose "Existing Projects into Workspace".
-4. Under "Select root directory" click browse and select the wolfSSL root.
-5. Check the "Search for nested projects" box.
-5. Make sure "wolfssl" and "wolfssl_example" are checked under "Projects:".
-6. Click finish.
-7. Download the board and chip LPCOpen package for your platform.
-8. Import the projects. For example "lpc_board_nxp_lpcxpresso_1837" and "lpc_chip_18xx" are the ones for the LPC18S37.
+1. Change names of `LPCExpresso.project` and `LPCExpresso.cproject` files to `.project` and `.cproject`
+2. Run LPCXpresso and choose a workspace location.
+3. Right click in the project explorer window and choose Import.
+4. Under General choose "Existing Projects into Workspace".
+5. Under "Select root directory" click browse and select the wolfSSL root.
+6. Check the "Search for nested projects" box.
+7. Make sure "wolfssl" and "wolfssl_example" are checked under "Projects:".
+8. Click finish.
+9. Download the board and chip LPCOpen package for your platform.
+10. Import the projects. For example "lpc_board_nxp_lpcxpresso_1837" and "lpc_chip_18xx" are the ones for the LPC18S37.
 
 To setup this example to work with different baords/chips you will need to locate the LPCOpen sources for LPCXpresso on the NXP website and import the board and chip projects. Then you will need to update the "wolfssl_example" project properties to reference these projects (C/C++ General -> Paths and Symbols -> References). See the [LPCOpen v2.xx LPCXpresso quickstart guide for all platforms](https://www.lpcware.com/content/project/lpcopen-platform-nxp-lpc-microcontrollers/lpcopen-v200-quickstart-guides/lpcopen-1) for additional information.
 

IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c

@@ -1,6 +1,6 @@
 /* lpc_18xx_port.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c

@@ -1,6 +1,6 @@
 /* lpc_18xx_startup.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/M68K/Makefile

@@ -0,0 +1,91 @@
+NAME    = wolfssl
+DEVICE  = -m5206e -gdwarf-2 -DMOD5441X -DMCF5441X
+OLEVEL  = -O2
+NBHEADERS = -I"$(NBROOT)/include" -I"$(NBROOT)/MOD5441X/include"
+
+# location to put wolfssl.a created
+OUTPUT  = $(NBROOT)/lib
+
+
+CSRCS := ../../wolfcrypt/src/rsa.c \
+        ../../wolfcrypt/src/asn.c \
+        ../../wolfcrypt/src/aes.c \
+        ../../wolfcrypt/src/sha.c \
+        ../../wolfcrypt/src/sha256.c \
+        ../../wolfcrypt/src/sha512.c \
+        ../../wolfcrypt/src/integer.c \
+        ../../wolfcrypt/src/tfm.c \
+        ../../wolfcrypt/src/random.c \
+        ../../wolfcrypt/src/logging.c \
+        ../../wolfcrypt/src/memory.c \
+        ../../wolfcrypt/src/coding.c \
+        ../../wolfcrypt/src/hash.c \
+        ../../wolfcrypt/src/hmac.c \
+        ../../wolfcrypt/src/md5.c \
+        ../../wolfcrypt/src/wc_port.c \
+        ../../wolfcrypt/src/wc_encrypt.c \
+        ../../wolfcrypt/src/wolfmath.c \
+        ../../wolfcrypt/src/sp_c32.c \
+        ../../wolfcrypt/src/sp_int.c \
+        ../../wolfcrypt/src/signature.c \
+        ../../wolfcrypt/src/error.c \
+        ../../src/wolfio.c \
+        ../../src/ssl.c
+
+INC = -I"./" -I"../../"
+EXTRACFLAGS  = -DWOLFSSL_USER_SETTINGS $(INC) $(DEVICE) $(OLEVEL)
+EXTRACFLAGS += -DNBMINGW -Wall -fno-rtti -fno-exceptions -falign-functions=4
+EXTRACFLAGS += $(NBHEADERS)
+EXTRACXXFLAGS = $(EXTRACFLAGS)
+
+#LDEXTRA =
+LIBOBJS = ./rsa.o \
+          ./asn.o \
+          ./aes.o \
+          ./sha.o \
+          ./sha256.o \
+          ./sha512.o \
+          ./integer.o \
+          ./tfm.o \
+          ./random.o \
+          ./logging.o \
+          ./memory.o \
+          ./coding.o \
+          ./hash.o \
+          ./hmac.o \
+          ./md5.o \
+          ./wc_port.o \
+          ./wc_encrypt.o \
+          ./wolfmath.o \
+          ./sp_c32.o \
+          ./sp_int.o \
+          ./signature.o \
+          ./wolfio.o \
+          ./ssl.o \
+          ./error.o
+
+#include $(NBROOT)/make/libmain.mak
+
+all: compile link rmo
+
+# compiling using g++ compiler to avoid mangled name complications if linking
+# against other NetBurner libraries
+compile:
+	m68k-elf-g++ $(EXTRACFLAGS) -c $(CSRCS)
+
+link:
+	m68k-elf-ar -cr $(OUTPUT)/$(NAME).a $(LIBOBJS)
+
+rmo:
+	rm -f *.o
+
+clean: rmo
+	rm -f $(OUTPUT)/$(NAME).a
+
+help:
+	@echo "all     : exectue compile, link, rmo"
+	@echo "compile : create .o files"
+	@echo "link    : create .a library from .o files"
+	@echo "rmo     : remove all .o files"
+	@echo "clean   : remove all .o files and .a library"
+

IDE/M68K/README.md

@@ -0,0 +1,46 @@
+This is makefile's for creating a wolfCrypt library using the m68k-elf-gcc
+toolchain and example benchmark/testwolfcrypt application linking to it. The
+examples and default builds where made to support a MCF5441X board.
+
+Macros to define for use:
+WOLFSSL_MCF5441X /* arch settings i.e. sizeof long and endianess */
+WOLFSSL_NETBURNER /* for use of NetBurner headers and RNG seed */
+
+
+To build the wolfssl.a library (settings for wolfCrypt only by default) run
+"make" from the directory wolfssl-root/IDE/M68K/.
+By default this outputs the wolfssl.a library to be at $(NBROOT)/lib. This can
+be adjusted by adjusting the variable OUTPUT in Makefile.
+
+If the macro WOLFSSL_MCF5441X is defined then
+wolfssl-root/wolfssl/wolfcrypt/settings.h sets the sizeof long and long long
+along with big endian macro.
+
+The configuration for the build is located in wolfssl-root/IDE/M68K/user_settings.h
+Along with the defualt build there is 2 others BUILD_B (smaller resource use),
+and BUILD_C (faster runtime with more resource use).
+
+RSA speeds of the builds
+
+default:
+RSA 2048 public 3.333 ops/sec
+RSA 2048 private 0.190 ops/sec
+
+BUILD_B
+RSA 2048 public 3.333 ops/sec
+RSA 2048 private 0.053 ops/sec
+
+BUILD_C
+RSA 2048 public 7.619 ops/sec
+RSA 2048 private 0.276 ops/sec
+
+###Building testwolfcryt/benchmark
+To build either testwolfcrypt or benchmark first build wolfssl.a, place it in
+$(NBROOT)/lib and then cd into the respective directory. Running "make" will
+then create a .s19 application that can be ran on the board.
+
+When running either testwolfcrypt or the benchmark app the first thing they do
+is loop on calling RandomValid until getting a successful return. This is done
+in order to wait for a source of entropy. It could take several moments until
+completed.
+

IDE/M68K/benchmark/Makefile

@@ -0,0 +1,11 @@
+NAME    = benchmark
+PLATFORM = MOD5441X
+CSRCS := ../../../wolfcrypt/benchmark/benchmark.c
+CXXSRCS := ./main.cpp
+XTRALIB += $(NBROOT)/lib/wolfssl.a
+
+INC = -I"./../../../" -I"./../"
+EXTRACFLAGS = $(INC) -DWOLFSSL_USER_SETTINGS -DUSE_CERT_BUFFERS_2048 -DBENCH_EMBEDDED  -DNO_MAIN_DRIVER
+EXTRACXXFLAGS = $(EXTRACFLAGS)
+
+include $(NBROOT)/make/main.mak

IDE/M68K/benchmark/main.cpp

@@ -0,0 +1,79 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <predef.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <startnet.h>
+#include <autoupdate.h>
+#include <dhcpclient.h>
+#include <random.h>
+#include <init.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+
+extern "C" {
+void UserMain(void * pd);
+}
+
+const char * AppName="benchmark";
+
+typedef struct func_args {
+    int argc;
+    char** argv;
+    int return_code;
+} func_args;
+
+void UserMain(void * pd) {
+    InitializeStack();
+    GetDHCPAddressIfNecessary();
+    OSChangePrio(MAIN_PRIO);
+    EnableAutoUpdate();
+
+
+    init();
+    iprintf("wolfcrypt benchmark Application started\n");
+    iprintf("waiting for sufficient entropy before starting...\n\r");
+    iprintf("looks like NetBurner is using uart/tcp to seed GetRandomX so ..."
+            " input enough uart characters.\n\r");
+    {
+        BYTE b;
+        do {
+            b = GetRandomByte();
+            iprintf(".");
+        } while (!RandomValid());
+        iprintf("\n\r");
+        (void)b;
+    }
+
+    /* run wolfCrypt benchmarks */
+    {
+        func_args args;
+        args.argc = 0;
+        args.argv = NULL;
+
+        benchmark_test(&args);
+    }
+    while (1) {
+        OSTimeDly(TICKS_PER_SECOND);
+    }
+}

IDE/M68K/include.am

@@ -0,0 +1,11 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/M68K/README.md
+EXTRA_DIST+= IDE/M68K/Makefile
+EXTRA_DIST+= IDE/M68K/user_settings.h
+EXTRA_DIST+= IDE/M68K/testwolfcrypt/main.cpp
+EXTRA_DIST+= IDE/M68K/testwolfcrypt/Makefile
+EXTRA_DIST+= IDE/M68K/benchmark/main.cpp
+EXTRA_DIST+= IDE/M68K/benchmark/Makefile

IDE/M68K/testwolfcrypt/Makefile

@@ -0,0 +1,12 @@
+NAME    = testwolfcyprt
+PLATFORM = MOD5441X
+CSRCS := ../../../wolfcrypt/test/test.c
+CXXSRCS := ./main.cpp
+XTRALIB += $(NBROOT)/lib/wolfssl.a
+
+INC = -I"./../../../" -I"./../"
+EXTRACFLAGS = $(INC) -DWOLFSSL_USER_SETTINGS -DUSE_CERT_BUFFERS_1024 -DNO_MAIN_DRIVER
+EXTRACXXFLAGS = $(EXTRACFLAGS)
+
+include $(NBROOT)/make/main.mak
+

IDE/M68K/testwolfcrypt/main.cpp

@@ -0,0 +1,82 @@
+/* main.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <predef.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <startnet.h>
+#include <autoupdate.h>
+#include <dhcpclient.h>
+#include <random.h>
+#include <init.h>
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfcrypt/test/test.h>
+
+extern "C" {
+void UserMain(void * pd);
+}
+
+const char * AppName="testwolfcrypt";
+
+typedef struct func_args {
+    int argc;
+    char** argv;
+    int return_code;
+} func_args;
+
+
+void UserMain(void * pd) {
+    InitializeStack();
+    GetDHCPAddressIfNecessary();
+    OSChangePrio(MAIN_PRIO);
+    EnableAutoUpdate();
+
+
+    init();
+    iprintf("wolfcrypt test Application started\n\r");
+
+    iprintf("waiting for sufficient entropy before starting...\n\r");
+    iprintf("looks like NetBurner is using uart/tcp to seed GetRandomX so ..."
+            " input enough uart characters.\n\r");
+    {
+        BYTE b;
+        do {
+            b = GetRandomByte();
+            iprintf(".");
+        } while (!RandomValid());
+        iprintf("\n\r");
+        (void)b;
+    }
+
+    /* run wolfCrypt tests */
+    {
+        func_args args;
+        args.argc = 0;
+        args.argv = NULL;
+
+        wolfcrypt_test(&args);
+    }
+    while (1) {
+        OSTimeDly(TICKS_PER_SECOND);
+    }
+}

IDE/M68K/user_settings.h

@@ -0,0 +1,87 @@
+
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+
+/* Default build with fast math */
+
+
+/* Slower build but uses less memory */
+//#define BUILD_B
+
+/* Performant build but uses more memory */
+//#define BUILD_C
+
+
+
+/* Used for getting random value for seeding RNG */
+#define WOLFSSL_NETBURNER
+#define WOLFSSL_MCF5441X
+
+/* environment settings */
+#define NO_WRITEV
+#define WOLFSSL_NO_SOCK
+#define NO_WOLFSSL_DIR
+
+/* with USE_FAST_MATH smallstack is used to fit in the default stack size */
+#define WOLFSSL_SMALL_STACK
+
+
+/* enable features off by default */
+#define WOLFSSL_SHA512
+// OPENSSL_EXTRA uses a lot more memory but is needed in order to enable
+// compatibility layer API
+#define OPENSSL_EXTRA
+
+// additional RSA padding schemes
+#define WC_RSA_NO_PADDING
+#define WC_RSA_PSS
+
+// uncomment and add wolfSSL_Debugging_ON() to app for debug messages
+//#define DEBUG_WOLFSSL
+
+
+/* disable features that are on by default */
+#define WOLFCRYPT_ONLY
+#define NO_FILESYSTEM
+#define SINGLE_THREADED
+
+#define NO_ASN_TIME
+#define NO_PWDBASED
+#define NO_HC128
+#define NO_RABBIT
+#define NO_RC4
+#define NO_DSA
+#define NO_DES3
+#define NO_DH
+#define NO_MD4
+
+
+#define USE_FAST_MATH
+#ifdef BUILD_B
+    #define RSA_LOW_MEM
+    #define USE_SLOW_SHA
+    #define USE_SLOW_SHA256
+    #define NO_ERROR_STRINGS
+    #define USE_FAST_MATH
+#endif
+
+#ifdef BUILD_C
+    #define WOLFSSL_HAVE_SP_RSA
+    #define SP_WORD_SIZE 32
+#endif
+
+/* hardening against side channel attacks */
+#if defined(USE_FAST_MATH)
+    #define TFM_TIMING_RESISTANT
+    #ifdef HAVE_ECC
+        #define ECC_TIMING_RESISTANT
+    #endif
+#endif /* USE_FAST_MATH */
+#ifndef NO_RSA
+    /* this slows down RSA operations but increases side channel resistance */
+    #define WC_RSA_BLINDING
+#endif
+
+#endif /* USER_SETTINGS_H */
+

IDE/MDK-ARM/LPC43xx/time-LCP43xx.c

@@ -1,6 +1,6 @@
 /* time.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c

@@ -1,6 +1,6 @@
 /* certs_test.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h

@@ -1,6 +1,6 @@
 /* config-BEREFOOT.h
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h

@@ -1,6 +1,6 @@
 /* config-FS.h
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h

@@ -1,6 +1,6 @@
 /* config-RTX-TCP-FS.h
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h

@@ -1,6 +1,6 @@
 /* config.h
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c

@@ -1,6 +1,6 @@
 /* main.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c

@@ -1,6 +1,6 @@
 /*shell.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c

@@ -1,6 +1,6 @@
 /* time-STM32F2.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c

@@ -1,6 +1,6 @@
 /* time-dummy.c.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c

@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.c
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h

@@ -1,6 +1,6 @@
 /* wolfssl_KEIL_RL.h
  *
- * Copyright (C) 2006-2017 wolfSSL Inc.
+ * Copyright (C) 2006-2019 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *