From 14dc5fe2e3a06eebdc0c2146d22d3886cc29ca42 Mon Sep 17 00:00:00 2001
From: Martin Akman <martin@akm.com.au>
Date: Fri, 31 Jan 2020 23:05:56 +1000
Subject: [PATCH 1/7] Fixes for 16bit processors

---
 wolfcrypt/src/asn.c       | 25 +++++++++++++++++--------
 wolfcrypt/src/integer.c   | 12 ++++++------
 wolfssl/ssl.h             |  6 +++---
 wolfssl/wolfcrypt/types.h |  4 ++--
 4 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index e9971d958..e96e693a3 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6122,6 +6122,14 @@ static WC_INLINE int GetTime(int* value, const byte* date, int* idx)
 int ExtractDate(const unsigned char* date, unsigned char format,
                                                   struct tm* certTime, int* idx)
 {
+    /* Extract the time from the struct tm - 16bit processors store as uint8_t */
+    int tm_year = certTime->tm_year;
+    int tm_mon  = certTime->tm_mon;
+    int tm_mday = certTime->tm_mday;
+    int tm_hour = certTime->tm_hour;
+    int tm_min  = certTime->tm_min;
+    int tm_sec  = certTime->tm_sec;
+
     XMEMSET(certTime, 0, sizeof(struct tm));
 
     if (format == ASN_UTC_TIME) {
@@ -6136,14 +6144,15 @@ int ExtractDate(const unsigned char* date, unsigned char format,
     }
 
     /* adjust tm_year, tm_mon */
-    if (GetTime(&certTime->tm_year, date, idx) != 0) return 0;
-    certTime->tm_year -= 1900;
-    if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0;
-    certTime->tm_mon  -= 1;
-    if (GetTime(&certTime->tm_mday, date, idx) != 0) return 0;
-    if (GetTime(&certTime->tm_hour, date, idx) != 0) return 0;
-    if (GetTime(&certTime->tm_min , date, idx) != 0) return 0;
-    if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0;
+    tm_year -= 1900;
+    tm_mon  -= 1;
+
+    if (GetTime(&tm_year, date, idx) != 0) return 0;
+    if (GetTime(&tm_mon , date, idx) != 0) return 0;
+    if (GetTime(&tm_mday, date, idx) != 0) return 0;
+    if (GetTime(&tm_hour, date, idx) != 0) return 0;
+    if (GetTime(&tm_min , date, idx) != 0) return 0;
+    if (GetTime(&tm_sec , date, idx) != 0) return 0;
 
     return 1;
 }
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 9e45ebdc2..1a19168c4 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -1994,7 +1994,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
         calls/ifs) */
 #ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
      if (((P->used * 2 + 1) < (int)MP_WARRAY) &&
-          P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+          P->used < (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
         redux = fast_mp_montgomery_reduce;
      } else
 #endif
@@ -2244,7 +2244,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
      calls/ifs) */
 #ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C
   if (((P->used * 2 + 1) < (int)MP_WARRAY) &&
-       P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+       P->used < (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
      redux = fast_mp_montgomery_reduce;
   } else
 #endif
@@ -2604,7 +2604,7 @@ int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
   digs = n->used * 2 + 1;
   if ((digs < (int)MP_WARRAY) &&
       n->used <
-      (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+      (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
     return fast_mp_montgomery_reduce (x, n, rho);
   }
 
@@ -3043,7 +3043,7 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
 #ifdef BN_FAST_S_MP_MUL_DIGS_C
     if ((digs < (int)MP_WARRAY) &&
         MIN(a->used, b->used) <=
-        (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+        (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
       res = fast_s_mp_mul_digs (a, b, c, digs);
     } else
 #endif
@@ -3506,7 +3506,7 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
   /* can we use the fast multiplier? */
   if ((digs < (int)MP_WARRAY) &&
       MIN (a->used, b->used) <
-          (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+          (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
     return fast_s_mp_mul_digs (a, b, c, digs);
   }
 
@@ -4014,7 +4014,7 @@ int s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 #ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
   if (((a->used + b->used + 1) < (int)MP_WARRAY)
       && MIN (a->used, b->used) <
-      (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+      (1L << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
     return fast_s_mp_mul_high_digs (a, b, c, digs);
   }
 #endif
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index ca1f6aa01..b8a44e4ea 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -2469,7 +2469,7 @@ struct DhKey;
 typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key,
         const unsigned char* priv, unsigned int privSz,
         const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz,
-        unsigned char* out, unsigned int* outlen,
+        unsigned char* out, word32* outlen,
         void* ctx);
 WOLFSSL_API void  wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree);
 WOLFSSL_API void  wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx);
@@ -2523,7 +2523,7 @@ WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl);
 #ifndef NO_RSA
 typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
        const unsigned char* in, unsigned int inSz,
-       unsigned char* out, unsigned int* outSz,
+       unsigned char* out, word32* outSz,
        const unsigned char* keyDer, unsigned int keySz,
        void* ctx);
 WOLFSSL_API void  wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
@@ -2568,7 +2568,7 @@ WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
 /* RSA Public Encrypt cb */
 typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
        const unsigned char* in, unsigned int inSz,
-       unsigned char* out, unsigned int* outSz,
+       unsigned char* out, word32* outSz,
        const unsigned char* keyDer, unsigned int keySz,
        void* ctx);
 WOLFSSL_API void  wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 08553b4b1..6d0cff426 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -323,9 +323,9 @@
         #else
         /* just use plain C stdlib stuff if desired */
         #include <stdlib.h>
-        #define XMALLOC(s, h, t)     malloc((s))
+        #define XMALLOC(s, h, t)     malloc((size_t)(s))
         #define XFREE(p, h, t)       {void* xp = (p); if((xp)) free((xp));}
-        #define XREALLOC(p, n, h, t) realloc((p), (n))
+        #define XREALLOC(p, n, h, t) realloc((p), (size_t)(n))
         #endif
     #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
             && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \

From 809472febc25a52e374c5b196fefdb735a3e89cd Mon Sep 17 00:00:00 2001
From: Martin Akman <martin@akm.com.au>
Date: Thu, 9 Jan 2020 16:01:52 +1000
Subject: [PATCH 2/7] Added VERY_SMALL_SESSION_CACHE

---
 src/ssl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index 149594eb0..45c0151ec 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -4992,6 +4992,9 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     #elif defined(SMALL_SESSION_CACHE)
         #define SESSIONS_PER_ROW 2
         #define SESSION_ROWS 3
+    #elif defined(VERY_SMALL_SESSION_CACHE)
+        #define SESSIONS_PER_ROW 2
+        #define SESSION_ROWS 1
     #else
         #define SESSIONS_PER_ROW 3
         #define SESSION_ROWS 11

From 6c1e0ff0493be5ef566de39d837c6eaa13e8f017 Mon Sep 17 00:00:00 2001
From: Martin Akman <martin@akm.com.au>
Date: Sat, 4 Jan 2020 10:23:03 +1000
Subject: [PATCH 3/7] ATECC: Option to disable I2C transport key

---
 wolfcrypt/src/port/atmel/atmel.c     | 4 ++++
 wolfssl/wolfcrypt/port/atmel/atmel.h | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c
index cfe0a93c7..65dd4dfa7 100644
--- a/wolfcrypt/src/port/atmel/atmel.c
+++ b/wolfcrypt/src/port/atmel/atmel.c
@@ -347,7 +347,11 @@ int atmel_ecc_create_pms(int slotId, const uint8_t* peerKey, uint8_t* pms)
     ATECC_GET_ENC_KEY(read_key, sizeof(read_key));
 
     /* send the encrypted version of the ECDH command */
+#if defined(ATECC_USE_TRANSPORT_KEY) && ATECC_USE_TRANSPORT_KEY
     ret = atcab_ecdh_enc(slotId, peerKey, pms, read_key, slotIdEnc);
+#else
+    ret = atcab_ecdh(slotId, peerKey, pms);
+#endif
     ret = atmel_ecc_translate_err(ret);
 
     /* free the ECDHE slot */
diff --git a/wolfssl/wolfcrypt/port/atmel/atmel.h b/wolfssl/wolfcrypt/port/atmel/atmel.h
index 70035130c..3d7b54d2d 100644
--- a/wolfssl/wolfcrypt/port/atmel/atmel.h
+++ b/wolfssl/wolfcrypt/port/atmel/atmel.h
@@ -60,6 +60,11 @@
 #define ATECC_SLOT_ENC_PARENT     (0x7)
 #endif
 
+/* Use a I2C transport key */
+#ifndef ATECC_USE_TRANSPORT_KEY
+#define ATECC_USE_TRANSPORT_KEY   1
+#endif
+
 /* ATECC_KEY_SIZE required for ecc.h */
 #include <wolfssl/wolfcrypt/ecc.h>
 

From 20c0beb9e548f384aecb628a336b1c5311df0fcb Mon Sep 17 00:00:00 2001
From: Martin Akman <martin@akm.com.au>
Date: Fri, 31 Jan 2020 23:06:15 +1000
Subject: [PATCH 4/7] 'WOLFSSL_USE_FLASHMEM' to store constant tables in flash
 memory

---
 wolfcrypt/src/aes.c          |  8 ++--
 wolfcrypt/src/des3.c         | 10 ++---
 wolfcrypt/src/integer.c      |  2 +-
 wolfcrypt/src/random.c       | 74 +++++++++++++++++++++++++++++++-----
 wolfcrypt/src/sha256.c       |  2 +-
 wolfssl/wolfcrypt/settings.h |  7 ++++
 6 files changed, 82 insertions(+), 21 deletions(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 946fae4fe..52467f09f 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -782,14 +782,14 @@
 
 #ifdef NEED_AES_TABLES
 
-static const word32 rcon[] = {
+static const FLASH_QUALIFIER word32 rcon[] = {
     0x01000000, 0x02000000, 0x04000000, 0x08000000,
     0x10000000, 0x20000000, 0x40000000, 0x80000000,
     0x1B000000, 0x36000000,
     /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 };
 
-static const word32 Te[4][256] = {
+static const FLASH_QUALIFIER word32 Te[4][256] = {
 {
     0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
     0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@@ -1057,7 +1057,7 @@ static const word32 Te[4][256] = {
 };
 
 #ifdef HAVE_AES_DECRYPT
-static const word32 Td[4][256] = {
+static const FLASH_QUALIFIER word32 Td[4][256] = {
 {
     0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
     0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
@@ -1328,7 +1328,7 @@ static const word32 Td[4][256] = {
 
 #if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \
 			|| defined(WOLFSSL_AES_DIRECT)
-static const byte Td4[256] =
+static const FLASH_QUALIFIER byte Td4[256] =
 {
     0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
     0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index f07498a5d..1d24e90f7 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -1144,7 +1144,7 @@
 #ifdef NEED_SOFT_DES
 
     /* permuted choice table (key) */
-    static const byte pc1[] = {
+    static const FLASH_QUALIFIER byte pc1[] = {
            57, 49, 41, 33, 25, 17,  9,
             1, 58, 50, 42, 34, 26, 18,
            10,  2, 59, 51, 43, 35, 27,
@@ -1157,12 +1157,12 @@
     };
 
     /* number left rotations of pc1 */
-    static const byte totrot[] = {
+    static const FLASH_QUALIFIER byte totrot[] = {
            1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28
     };
 
     /* permuted choice key (table) */
-    static const byte pc2[] = {
+    static const FLASH_QUALIFIER byte pc2[] = {
            14, 17, 11, 24,  1,  5,
             3, 28, 15,  6, 21, 10,
            23, 19, 12,  4, 26,  8,
@@ -1176,11 +1176,11 @@
     /* End of DES-defined tables */
 
     /* bit 0 is left-most in byte */
-    static const int bytebit[] = {
+    static const FLASH_QUALIFIER int bytebit[] = {
         0200,0100,040,020,010,04,02,01
     };
 
-    static const word32 Spbox[8][64] = {
+    static const FLASH_QUALIFIER word32 Spbox[8][64] = {
     {   0x01010400,0x00000000,0x00010000,0x01010404,
         0x01010004,0x00010404,0x00000004,0x00010000,
         0x00000400,0x01010400,0x01010404,0x00000400,
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 1a19168c4..a1a4fcd34 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -4543,7 +4543,7 @@ int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
 
 #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || !defined(NO_DSA) || !defined(NO_RSA)
 
-const mp_digit ltm_prime_tab[PRIME_SIZE] = {
+const FLASH_QUALIFIER mp_digit ltm_prime_tab[PRIME_SIZE] = {
   0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
   0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
   0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index a9dcac362..c20e43a9f 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1102,20 +1102,20 @@ exit_rng_ht:
 }
 
 
-const byte seedA[] = {
+const FLASH_QUALIFIER byte _seedA[] = {
     0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
     0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
     0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
     0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
 };
 
-const byte reseedSeedA[] = {
+const FLASH_QUALIFIER byte _reseedSeedA[] = {
     0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
     0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
     0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
 };
 
-const byte outputA[] = {
+const FLASH_QUALIFIER byte _outputA[] = {
     0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
     0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
     0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
@@ -1129,7 +1129,7 @@ const byte outputA[] = {
     0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
 };
 
-const byte seedB[] = {
+const FLASH_QUALIFIER byte _seedB[] = {
     0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
     0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
     0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, /* nonce next */
@@ -1137,7 +1137,7 @@ const byte seedB[] = {
     0xdb, 0xcb, 0xcc, 0x2e
 };
 
-const byte outputB[] = {
+const FLASH_QUALIFIER byte _outputB[] = {
     0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
     0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
     0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
@@ -1170,17 +1170,65 @@ static int wc_RNG_HealthTestLocal(int reseed)
 #endif
 
     if (reseed) {
-        ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA),
-                                reseedSeedA, sizeof(reseedSeedA),
+#ifdef WOLFSSL_USE_FLASHMEM
+        byte* seedA = (byte*)XMALLOC(sizeof(_seedA), NULL,
+                             DYNAMIC_TYPE_TMP_BUFFER);
+        byte* reseedSeedA = (byte*)XMALLOC(sizeof(_reseedSeedA), NULL,
+                             DYNAMIC_TYPE_TMP_BUFFER);
+        byte* outputA = (byte*)XMALLOC(sizeof(_outputA), NULL,
+                             DYNAMIC_TYPE_TMP_BUFFER);
+
+        if (!seedA || !reseedSeedA || !outputA) {
+            XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY_P(seedA, _seedA, sizeof(_seedA));
+            XMEMCPY_P(reseedSeedA, _reseedSeedA, sizeof(_reseedSeedA));
+            XMEMCPY_P(outputA, _outputA, sizeof(_outputA));
+#else
+        const byte* seedA = _seedA;
+        const byte* reseedSeedA = _reseedSeedA;
+        const byte* outputA = _outputA;
+#endif
+        ret = wc_RNG_HealthTest(1, seedA, sizeof(_seedA),
+                                reseedSeedA, sizeof(_reseedSeedA),
                                 check, RNG_HEALTH_TEST_CHECK_SIZE);
         if (ret == 0) {
             if (ConstantCompare(check, outputA,
                                 RNG_HEALTH_TEST_CHECK_SIZE) != 0)
                 ret = -1;
         }
+
+#ifdef WOLFSSL_USE_FLASHMEM
+            XFREE(seedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(reseedSeedA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(outputA, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+#endif
     }
     else {
-        ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB),
+#ifdef WOLFSSL_USE_FLASHMEM
+        byte* seedB = (byte*)XMALLOC(sizeof(_seedB), NULL,
+                             DYNAMIC_TYPE_TMP_BUFFER);
+        byte* outputB = (byte*)XMALLOC(sizeof(_outputB), NULL,
+                               DYNAMIC_TYPE_TMP_BUFFER);
+
+        if (!seedB || !outputB) {
+            XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            ret = MEMORY_E;
+        }
+        else {
+            XMEMCPY_P(seedB, _seedB, sizeof(_seedB));
+            XMEMCPY_P(outputB, _outputB, sizeof(_outputB));
+#else
+        const byte* seedB = _seedB;
+        const byte* outputB = _outputB;
+#endif
+        ret = wc_RNG_HealthTest(0, seedB, sizeof(_seedB),
                                 NULL, 0,
                                 check, RNG_HEALTH_TEST_CHECK_SIZE);
         if (ret == 0) {
@@ -1195,16 +1243,22 @@ static int wc_RNG_HealthTestLocal(int reseed)
          * byte 32, feed them into the health test separately. */
         if (ret == 0) {
             ret = wc_RNG_HealthTest_ex(0,
-                                    seedB + 32, sizeof(seedB) - 32,
+                                    seedB + 32, sizeof(_seedB) - 32,
                                     seedB, 32,
                                     NULL, 0,
                                     check, RNG_HEALTH_TEST_CHECK_SIZE,
                                     NULL, INVALID_DEVID);
             if (ret == 0) {
-                if (ConstantCompare(check, outputB, sizeof(outputB)) != 0)
+                if (ConstantCompare(check, outputB, sizeof(_outputB)) != 0)
                     ret = -1;
             }
         }
+
+#ifdef WOLFSSL_USE_FLASHMEM
+            XFREE(seedB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(outputB, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+#endif
     }
 
 #ifdef WOLFSSL_SMALL_STACK
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index de49e3283..f75136b07 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -642,7 +642,7 @@ static int InitSha256(wc_Sha256* sha256)
 
 #ifdef NEED_SOFT_SHA256
 
-    static const ALIGN32 word32 K[64] = {
+    static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
         0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
         0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
         0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 572b108b6..67cd9009a 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -882,6 +882,13 @@ extern void uITRON4_free(void *p) ;
     #define TFM_TIMING_RESISTANT
 #endif
 
+#ifdef WOLFSSL_USE_FLASHMEM
+    #define FLASH_QUALIFIER __flash
+    #define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size))
+#else
+    #define FLASH_QUALIFIER
+#endif
+
 #ifdef FREESCALE_MQX_5_0
     /* use normal Freescale MQX port, but with minor changes for 5.0 */
     #define FREESCALE_MQX

From 3bbd8be5c96a2048d71efaea5a48896427fd6589 Mon Sep 17 00:00:00 2001
From: Martin Akman <martin@akm.com.au>
Date: Tue, 25 Feb 2020 22:03:55 +1000
Subject: [PATCH 5/7] ATECC: Don't init transport key if not used

---
 wolfcrypt/src/port/atmel/atmel.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c
index 65dd4dfa7..419b65611 100644
--- a/wolfcrypt/src/port/atmel/atmel.c
+++ b/wolfcrypt/src/port/atmel/atmel.c
@@ -291,6 +291,7 @@ int atmel_get_enc_key_default(byte* enckey, word16 keysize)
 /**
  * \brief Write enc key before.
  */
+#if defined(ATECC_USE_TRANSPORT_KEY) && ATECC_USE_TRANSPORT_KEY
 static int atmel_init_enc_key(void)
 {
     int ret;
@@ -315,6 +316,7 @@ static int atmel_init_enc_key(void)
 
 	return ret;
 }
+#endif
 
 int atmel_get_rev_info(word32* revision)
 {
@@ -447,6 +449,7 @@ int atmel_init(void)
         device_init_default();
     #endif
 
+#if defined(ATECC_USE_TRANSPORT_KEY) && ATECC_USE_TRANSPORT_KEY
         /* Init the I2C pipe encryption key. */
         /* Value is generated/stored during pair for the ATECC508A and stored
             on micro flash */
@@ -455,6 +458,7 @@ int atmel_init(void)
 			WOLFSSL_MSG("Failed to initialize transport key");
             return WC_HW_E;
 		}
+#endif
 
         mAtcaInitDone = 1;
     }

From 568ce62b81a2d7c8370d265e834514735a427120 Mon Sep 17 00:00:00 2001
From: Martin Akman <martin@akm.com.au>
Date: Tue, 31 Mar 2020 18:25:59 +1000
Subject: [PATCH 6/7] Updates from code review

---
 wolfcrypt/src/asn.c          | 8 ++++++++
 wolfssl/wolfcrypt/settings.h | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index e96e693a3..bba9aed5b 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6154,6 +6154,14 @@ int ExtractDate(const unsigned char* date, unsigned char format,
     if (GetTime(&tm_min , date, idx) != 0) return 0;
     if (GetTime(&tm_sec , date, idx) != 0) return 0;
 
+    /* Re-populate certTime with computed values */
+    certTime->tm_year = tm_year;
+    certTime->tm_mon  = tm_mon;
+    certTime->tm_mday = tm_mday;
+    certTime->tm_hour = tm_hour;
+    certTime->tm_min  = tm_min;
+    certTime->tm_sec  = tm_sec;
+
     return 1;
 }
 
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 67cd9009a..27088cd00 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -882,8 +882,14 @@ extern void uITRON4_free(void *p) ;
     #define TFM_TIMING_RESISTANT
 #endif
 
+/* To support storing some of the large constant tables in flash memory rather than SRAM.
+   Useful for processors that have limited SRAM, such as the AVR family of microtrollers. */
 #ifdef WOLFSSL_USE_FLASHMEM
+    /* This is supported on the avr-gcc compiler, for more information see:
+         https://gcc.gnu.org/onlinedocs/gcc/Named-Address-Spaces.html */
     #define FLASH_QUALIFIER __flash
+
+    /* Copy data out of flash memory and into SRAM */
     #define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size))
 #else
     #define FLASH_QUALIFIER

From d02e52e07ba44b8f9fadfa705a711d33e0751408 Mon Sep 17 00:00:00 2001
From: Martin Akman <martin@akm.com.au>
Date: Wed, 22 Jul 2020 09:49:09 +1000
Subject: [PATCH 7/7] More updates from code review

---
 src/ssl.c              |  3 ---
 wolfcrypt/src/asn.c    | 32 +++++++++++++++++----------
 wolfcrypt/src/random.c | 50 +++++++++++++++++++++---------------------
 3 files changed, 46 insertions(+), 39 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 45c0151ec..149594eb0 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -4992,9 +4992,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     #elif defined(SMALL_SESSION_CACHE)
         #define SESSIONS_PER_ROW 2
         #define SESSION_ROWS 3
-    #elif defined(VERY_SMALL_SESSION_CACHE)
-        #define SESSIONS_PER_ROW 2
-        #define SESSION_ROWS 1
     #else
         #define SESSIONS_PER_ROW 3
         #define SESSION_ROWS 11
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index bba9aed5b..5b4fb9e59 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -6122,14 +6122,6 @@ static WC_INLINE int GetTime(int* value, const byte* date, int* idx)
 int ExtractDate(const unsigned char* date, unsigned char format,
                                                   struct tm* certTime, int* idx)
 {
-    /* Extract the time from the struct tm - 16bit processors store as uint8_t */
-    int tm_year = certTime->tm_year;
-    int tm_mon  = certTime->tm_mon;
-    int tm_mday = certTime->tm_mday;
-    int tm_hour = certTime->tm_hour;
-    int tm_min  = certTime->tm_min;
-    int tm_sec  = certTime->tm_sec;
-
     XMEMSET(certTime, 0, sizeof(struct tm));
 
     if (format == ASN_UTC_TIME) {
@@ -6143,9 +6135,16 @@ int ExtractDate(const unsigned char* date, unsigned char format,
         certTime->tm_year *= 100;
     }
 
-    /* adjust tm_year, tm_mon */
-    tm_year -= 1900;
-    tm_mon  -= 1;
+#ifdef AVR
+    /* Extract the time from the struct tm and adjust tm_year, tm_mon */
+    /* AVR libc stores these as uint8_t instead of int */
+    /* AVR time_t also offsets from midnight 1 Jan 2000 */
+    int tm_year = certTime->tm_year - 2000;
+    int tm_mon  = certTime->tm_mon - 1;
+    int tm_mday = certTime->tm_mday;
+    int tm_hour = certTime->tm_hour;
+    int tm_min  = certTime->tm_min;
+    int tm_sec  = certTime->tm_sec;
 
     if (GetTime(&tm_year, date, idx) != 0) return 0;
     if (GetTime(&tm_mon , date, idx) != 0) return 0;
@@ -6161,6 +6160,17 @@ int ExtractDate(const unsigned char* date, unsigned char format,
     certTime->tm_hour = tm_hour;
     certTime->tm_min  = tm_min;
     certTime->tm_sec  = tm_sec;
+#else
+    /* adjust tm_year, tm_mon */
+    if (GetTime(&certTime->tm_year, date, idx) != 0) return 0;
+    certTime->tm_year -= 1900;
+    if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0;
+    certTime->tm_mon  -= 1;
+    if (GetTime(&certTime->tm_mday, date, idx) != 0) return 0;
+    if (GetTime(&certTime->tm_hour, date, idx) != 0) return 0;
+    if (GetTime(&certTime->tm_min , date, idx) != 0) return 0;
+    if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0;
+#endif
 
     return 1;
 }
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index c20e43a9f..453d1315e 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1102,20 +1102,20 @@ exit_rng_ht:
 }
 
 
-const FLASH_QUALIFIER byte _seedA[] = {
+const FLASH_QUALIFIER byte seedA_data[] = {
     0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
     0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
     0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
     0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
 };
 
-const FLASH_QUALIFIER byte _reseedSeedA[] = {
+const FLASH_QUALIFIER byte reseedSeedA_data[] = {
     0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
     0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
     0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
 };
 
-const FLASH_QUALIFIER byte _outputA[] = {
+const FLASH_QUALIFIER byte outputA_data[] = {
     0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
     0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
     0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
@@ -1129,7 +1129,7 @@ const FLASH_QUALIFIER byte _outputA[] = {
     0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
 };
 
-const FLASH_QUALIFIER byte _seedB[] = {
+const FLASH_QUALIFIER byte seedB_data[] = {
     0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
     0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
     0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, /* nonce next */
@@ -1137,7 +1137,7 @@ const FLASH_QUALIFIER byte _seedB[] = {
     0xdb, 0xcb, 0xcc, 0x2e
 };
 
-const FLASH_QUALIFIER byte _outputB[] = {
+const FLASH_QUALIFIER byte outputB_data[] = {
     0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
     0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
     0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
@@ -1171,11 +1171,11 @@ static int wc_RNG_HealthTestLocal(int reseed)
 
     if (reseed) {
 #ifdef WOLFSSL_USE_FLASHMEM
-        byte* seedA = (byte*)XMALLOC(sizeof(_seedA), NULL,
+        byte* seedA = (byte*)XMALLOC(sizeof(seedA_data), NULL,
                              DYNAMIC_TYPE_TMP_BUFFER);
-        byte* reseedSeedA = (byte*)XMALLOC(sizeof(_reseedSeedA), NULL,
+        byte* reseedSeedA = (byte*)XMALLOC(sizeof(reseedSeedA_data), NULL,
                              DYNAMIC_TYPE_TMP_BUFFER);
-        byte* outputA = (byte*)XMALLOC(sizeof(_outputA), NULL,
+        byte* outputA = (byte*)XMALLOC(sizeof(outputA_data), NULL,
                              DYNAMIC_TYPE_TMP_BUFFER);
 
         if (!seedA || !reseedSeedA || !outputA) {
@@ -1185,16 +1185,16 @@ static int wc_RNG_HealthTestLocal(int reseed)
             ret = MEMORY_E;
         }
         else {
-            XMEMCPY_P(seedA, _seedA, sizeof(_seedA));
-            XMEMCPY_P(reseedSeedA, _reseedSeedA, sizeof(_reseedSeedA));
-            XMEMCPY_P(outputA, _outputA, sizeof(_outputA));
+            XMEMCPY_P(seedA, seedA_data, sizeof(seedA_data));
+            XMEMCPY_P(reseedSeedA, reseedSeedA_data, sizeof(reseedSeedA_data));
+            XMEMCPY_P(outputA, outputA_data, sizeof(outputA_data));
 #else
-        const byte* seedA = _seedA;
-        const byte* reseedSeedA = _reseedSeedA;
-        const byte* outputA = _outputA;
+        const byte* seedA = seedA_data;
+        const byte* reseedSeedA = reseedSeedA_data;
+        const byte* outputA = outputA_data;
 #endif
-        ret = wc_RNG_HealthTest(1, seedA, sizeof(_seedA),
-                                reseedSeedA, sizeof(_reseedSeedA),
+        ret = wc_RNG_HealthTest(1, seedA, sizeof(seedA_data),
+                                reseedSeedA, sizeof(reseedSeedA_data),
                                 check, RNG_HEALTH_TEST_CHECK_SIZE);
         if (ret == 0) {
             if (ConstantCompare(check, outputA,
@@ -1211,9 +1211,9 @@ static int wc_RNG_HealthTestLocal(int reseed)
     }
     else {
 #ifdef WOLFSSL_USE_FLASHMEM
-        byte* seedB = (byte*)XMALLOC(sizeof(_seedB), NULL,
+        byte* seedB = (byte*)XMALLOC(sizeof(seedB_data), NULL,
                              DYNAMIC_TYPE_TMP_BUFFER);
-        byte* outputB = (byte*)XMALLOC(sizeof(_outputB), NULL,
+        byte* outputB = (byte*)XMALLOC(sizeof(outputB_data), NULL,
                                DYNAMIC_TYPE_TMP_BUFFER);
 
         if (!seedB || !outputB) {
@@ -1222,13 +1222,13 @@ static int wc_RNG_HealthTestLocal(int reseed)
             ret = MEMORY_E;
         }
         else {
-            XMEMCPY_P(seedB, _seedB, sizeof(_seedB));
-            XMEMCPY_P(outputB, _outputB, sizeof(_outputB));
+            XMEMCPY_P(seedB, seedB_data, sizeof(seedB_data));
+            XMEMCPY_P(outputB, outputB_data, sizeof(outputB_data));
 #else
-        const byte* seedB = _seedB;
-        const byte* outputB = _outputB;
+        const byte* seedB = seedB_data;
+        const byte* outputB = outputB_data;
 #endif
-        ret = wc_RNG_HealthTest(0, seedB, sizeof(_seedB),
+        ret = wc_RNG_HealthTest(0, seedB, sizeof(seedB_data),
                                 NULL, 0,
                                 check, RNG_HEALTH_TEST_CHECK_SIZE);
         if (ret == 0) {
@@ -1243,13 +1243,13 @@ static int wc_RNG_HealthTestLocal(int reseed)
          * byte 32, feed them into the health test separately. */
         if (ret == 0) {
             ret = wc_RNG_HealthTest_ex(0,
-                                    seedB + 32, sizeof(_seedB) - 32,
+                                    seedB + 32, sizeof(seedB_data) - 32,
                                     seedB, 32,
                                     NULL, 0,
                                     check, RNG_HEALTH_TEST_CHECK_SIZE,
                                     NULL, INVALID_DEVID);
             if (ret == 0) {
-                if (ConstantCompare(check, outputB, sizeof(_outputB)) != 0)
+                if (ConstantCompare(check, outputB, sizeof(outputB_data)) != 0)
                     ret = -1;
             }
         }